Find out how we helped Bancoomeva generate new architecture solutions and increase its security. Based on best practices to boost the quality of your services with cloud technology.
The challenge:
As part of the digitalization process to boost its digital services, Bancoomeva was looking for a cloud solutions provider. And, in that sense, improve the experience of their end users by relying on the availability, reliability, scalability, agility and innovation that they can achieve in the cloud.
To start this process, their needs were identified and prioritized according to their services. On the one hand, new services that were not yet implemented on-premise; and, on the other, those whose accumulation of technical debt made them candidates to migrate from on-premise to the cloud.
At that time, 100% of its services were exposed even privately through an Enterprise Service Bus (ESB) based on legacy SOAP technology.
Approximately 20% of its total services were affected at the performance level and later also at the availability level. This is due to the characteristics of the ESB that used a system of queues and cache to keep the flow of information more or less consistent.
In addition to requiring improved innovation cycle times, they also needed to improve the performance, security, and availability of SOAP-based APIs employed, migrating 20% of their affected APIs to cloud-native exposure and consumption services. Similarly, they required implementing at least 10% of new APIs based on modern exposure and consumption technologies.
What did we do?:
To address these challenges, Itera assigned dedicated specialists to the organization to generate the following architecture solutions:
A Proofs of Concept (PoC) plan was put in place to determine the best and most convenient technologies for the exposure and consumption of services already migrated as microservices.
Architectural best practices based on the AWS Well Architected Framework were applied.
As a result of the tests, AWS EKS and Serverless Lambda container services were defined at the compute layer level for the microservices. And for the access layer, the AWS API Gateway API management service was used, integrating NLB-type ELB balancing resources.
At the security level, several layers were implemented such as: GuardDuty services for real-time analysis of suspicious behavior, WAF to protect the public consumption of services at layer 7 and Cognito to ensure access to them by providing authentication and authorization through JWT.
At the data layer, SQL engine-based data persistence services were used with the Aurora service and SQL Server on RDS and NoSQL using AWS DocumentDB.
Based on architectural best practices, Internet access controls were implemented for the workload’s private zones using the NAT Gateway service.
Management accesses were secured using a secure IPSec channel based on AWS’s native site-to-site VPN to maintain workload access on the bank’s private network.
Cloudwatch and Logs services were configured to centrally observe your resources. As well as the implementation of complementary services for auditing and monitoring the configuration of resources such as CloudTrail and Config. Similarly, Production and QA environments were generated in AWS accounts.
The results:
See you in the Cloud!
Just like Bancoomeva, your organization can improve its services, making them more agile and reliable in the cloud. By choosing AWS solutions with our cloud-centric approach, the economic and technological benefits are reflected by consolidating your business projects faster.
Bancoomeva is a Colombian financial institution, member of the Coomeva Cooperative Business Group.
Solution Components:
More Stories
Related posts
Ready to take full control of your cloud investment?