Bancoomeva: more agile services, forceful projects

Success story

Cliente:

Date published:

  • March 2023

Components:

  • Amazon API Gateway
  • Amazon Certificate Manager
  • Amazon CloudWatch
  • Amazon Cognito
  • Amazon DocumentDB
  • Amazon EC2
  • Amazon Elastic Container Registry
  • Amazon Elastic Kubernetes Service
  • Amazon Internet gateway
  • Amazon Key Management Service
  • Amazon Lambda
  • Amazon Load Balancers
  • Amazon NAT gateways
  • Amazon RDS Aurora MySQL
  • Amazon RDS SQL Server
  • Amazon Route 53
  • Amazon S3
  • Amazon Secrets Manager
  • Amazon Transit gateways
  • Amazon Virtual private network
  • Amazon WAF
  • Amazon CloudTrail
  • Amazon Config
  • Amazon OpenSearch Service

Description:

Bancoomeva is a Colombian financial institution, member of the Grupo Empresarial Cooperativo Coomeva.

Challenges

As part of the digitization process to boost its digital services, Bancoomeva was looking for a cloud solutions provider. And, in that sense, improve the experience of its end users by relying on the availability, reliability, scalability, agility and innovation that they can achieve in the cloud.

To start this process, your needs were identified and prioritized according to your services. On the one hand, new services that were not yet implemented on-premise; and, on the other, those whose accumulation of technical debt made them candidates to migrate from on-premise to the cloud.

At that time, 100% of its services were exposed even privately via an Enterprise Service Bus (ESB) based on legacy SOAP technology.

Approximately 20% of all its services were affected at the performance level and later also at the availability level. This is due to the characteristics of the ESB that used a queuing and cache system to keep the flow of information more or less consistent.

In addition to requiring improvement in innovation cycle times, they also needed to improve the performance, security, and availability of their employed SOAP-based APIs, migrating 20% of their affected APIs to cloud-native consumption and exposure services. Similarly, they required implementing at least 10% new APIs based on modern exposure and consumption technologies.

Solution

To address these challenges, Itera assigned dedicated specialists to the organization to generate the following architecture solutions:

A Proof of Concept (PoC) plan was launched to determine the best and most convenient technologies for exposing and consuming services already migrated as microservices.

Best architectural practices based on the AWS Well Architected Framework (Well Architected Framework) were applied.

As a result of testing, AWS EKS and Serverless Lambda container services were defined at the compute layer level for microservices. And for the access layer, the API AWS API Gateway management service was used, integrating NLB-type ELB balancing resources.

At the security level, several layers were implemented such as: GuardDuty services for real-time analysis of suspicious behavior, WAF to protect public consumption of services at layer 7, and Cognito to ensure access to them by providing authentication and authorization through JWT.

In the data layer, data persistence services based on SQL engines were used with Aurora service and SQL Server on RDS and NoSQL using AWS DocumentDB.

Based on best architectural practices, Internet access controls were implemented for the private zones of the workload through the NAT Gateway service.

Administration accesses were protected by means of an IPSec secure channel based on AWS native site-to-site VPN that kept access to the workload in the bank’s private network.

The Cloudwatch and Logs services were configured to perform centralized observability of their resources. As well as the implementation of complementary services for auditing and monitoring the configuration of resources such as CloudTrail and Config. Similarly, Production and QA environments were generated in AWS accounts.

Benefits

  • 20% of its APIs and microservices were successfully migrated to the cloud and are executed with almost zero unavailability, which leveraged the bank’s digital strategy.
  • Their workloads are elastic and charge-on-demand, allowing them to maintain great control between usage and costs.
  • 50% increase in agility in their development and deployment processes, a boost that allows them to deliver their new products faster.
  • Improve time to market and organizational culture from the IT area to take advantage of innovation capabilities, bringing projects to reality in a short time and with immediate results.
  • Focus on the generation and attention to business processes and projects, delegating to Itera the administration of its infrastructure in the AWS cloud.
  • Improving security layers on the consumption of public and private resources.
  • Based on this experience, it is planned to migrate and refactor 80% of its services currently executed on-premise, with the aim of having cloud-native solutions from AWS and being able to generate automated processes in accordance with best practices.

Let’s make it happen!

Just like Bancoomeva, your organization can improve its services, making them more agile and reliable in the cloud. By choosing AWS solutions with our cloud-centric approach, the economic and technological benefits are reflected by consolidating your business projects faster.

Contact Us

Request a free consultation. Send us a message and one of our representatives will contact you shortly.


    "Cloud Services":