AWS re:Invent 2021 - Building a serverless banking as a service platform on AWS

AWS re:Invent 2021 - Building a serverless banking as a service platform on AWS

AWS re:Invent 2021 - Building a serverless banking as a service platform on AWS

Solarisbank, Europe’s leading Banking-as-a-Service platform, enables other companies to offer their own financial services. Via APIs, partners integrate Solarisbank’s modular banking services directly into their own product offering. By migrating all of its core banking systems, digital products, and databases to AWS, it became the first bank in Germany to full migrate to the cloud. Join Dennis Winter, VP TechOps, as he shares how their all-in on AWS approach allows them to speed up the delivery process and drive more innovation, while simultaneously allowing the company to follow their internal approval processes to ensure compliance, security, and integrity across the overall architecture.

Learn more about re:Invent 2021 at https://bit.ly/3IvOLtK

Subscribe:
More AWS videos http://bit.ly/2O3zS75
More AWS events videos http://bit.ly/316g9t4

ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.

AWS is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster.

#AWS #AmazonWebServices #CloudComputing


Content

3.04 -> That's how things start.
4.14 -> Hello, again, my name is Dennis.
6.72 -> I am Vice President Technical Operations at Solarisbank,
11.84 -> a leading banking-as-a-service provider in Europe.
15.76 -> And in the next roughly 40 minutes, 45 minutes,
19.47 -> I want to tell you a little bit about how we started out
23.097 -> and how we eventually ended up in the cloud.
28.17 -> So first of all, before I dive into our story,
33.8 -> I want to tell you a little bit, a couple of facts
35.78 -> about me, so that you know who's actually
37.39 -> telling you this story.
39.41 -> So I'm 42 years old, I have two kids, 15 and seven,
44.2 -> and I consider myself as an engineer by trade.
47.39 -> So I basically grew up in my grandfather's workshop.
50.22 -> He was an electrician and for those of you who know that
53.11 -> in the late '80s, early '90s, computer came without a GUI.
58.419 -> That was also my first interaction with source code.
61.55 -> So there was a program that was called "Gorillas,"
64.58 -> it was a game, and I just,
66.41 -> being nine, 10 years old, just fiddled around
69.68 -> with the source code, because you had
71.14 -> to execute it explicitly pressing a five.
74.39 -> And this is basically what I tried out.
76.167 -> And I won't tell you that I didn't know anything
77.86 -> about backups back then and had actually to wait
81.61 -> for the next computer that my grandfather would buy
85.74 -> that Gorillas.pass would actually work again.
90.5 -> So at Solarisbank, I joined in 2016
94.6 -> and I'm in my fourth role in the meantime.
97.94 -> So looking at the development steps that we had
101.94 -> at the company, I hope that some of the things
104.38 -> that I'm telling you today will maybe help the one
107.3 -> or the other person who are
109.47 -> in similar challenges that we have been.
111.86 -> And for this, let's have a short,
115.44 -> let's have a short look at the agenda.
118.13 -> So I broke it a little bit apart in three pieces.
121.7 -> The first part of my talk will be how we started out,
125.48 -> how we bootstrapped the company,
128.75 -> the immediate challenges that we saw back then
134.182 -> be it because we were a fast growing company
137.3 -> or also because we were just exposed to the regulations
141.1 -> from the German regulators as a fully licensed bank.
147.15 -> Afterwards, I will tell you a little bit
149.55 -> about how AWS helped us in resolving some of these problems.
154.77 -> And in the last part, I will tell you a little bit
157.16 -> about where we stand today
159.49 -> and what our plans are for the future.
164.95 -> In order to bring you up to speed for the stuff
168.57 -> that I'm telling you, I want to tell you a little bit
170.21 -> also about what Solarisbank is actually doing.
173.66 -> So as at Solarisbank, we consider ourselves
177.47 -> as a technology company with a banking license,
181.81 -> which means we are not the regular bank.
185.14 -> Like, you cannot just come to Solaris
186.89 -> and open your individual account, come into our offices.
189.82 -> You need to do this with our partners.
192.73 -> I will tell you a little bit more about this in detail
194.88 -> in the next slides.
196.34 -> So we have a business-to-business model,
198.913 -> a B2B2 access, we call it.
200.92 -> So Solarisbank is providing technology
205.04 -> that can be embedded from other companies
207.84 -> into their respective products.
209.61 -> So they enrich their products with financial services.
215.54 -> In the meantime, there are 650 employees.
219.05 -> We are actually more than 700, I looked it up.
220.92 -> So when I created this presentation,
223.47 -> that's a couple of weeks back, we are growing rapidly.
226.29 -> We have more than 60 nationalities at the company.
229.09 -> It's a very diverse company.
231.85 -> And just this summer, we closed our D round,
235.99 -> or our last funding round, which send us directly
239.66 -> into the Unicorn club.
243.34 -> And we acquired one of our competitors which gave us
246.9 -> also access out of continental Europe into the UK.
253.13 -> As one special thing that we are really proud about is that
256.75 -> we are operating out of five different countries
259.18 -> in Europe in the meantime.
260.08 -> So we used to be a German company,
262.55 -> in the meantime, we are an international company.
268.56 -> Now a little bit more about the actual idea
272.65 -> behind Solarisbank.
274.17 -> The word contextual banking has been floating around
276.95 -> at the company for two, three years now.
280.2 -> And what it means is that we truly believe that
283.77 -> from like, it's already happening and in the future
286.46 -> it will accelerate, that companies will integrate
290.96 -> granular financial services into parts
294.34 -> of their individual service offerings.
296.9 -> Which means back then, a couple of years back,
299.59 -> when you wanted to buy a used car online, you had to also,
303.05 -> additionally, in parallel, apply for a loan
305.85 -> if you didn't have the cash in your bank account.
309.17 -> What we enabled companies to do is to integrate the decision
314.17 -> from a bank, whether you are getting this loan or not,
316.75 -> into the checkout process.
318.5 -> So the whole identification of a person
321.07 -> and the whole decision, the scoring of a person,
324 -> happens in the background in a manner
326.45 -> as it wasn't possible a couple of years back.
329.57 -> And in the meantime, we have 50 products,
333.47 -> 50 different products, depending on how you combine
336.64 -> our APIs, that can be integrated through RESTful APIs,
341.79 -> into the solutions that other companies create.
346.67 -> So if you look into the overall trend that we are seeing
350.29 -> already for a couple of years now,
352.39 -> Apple has been doing different things.
354.65 -> In the meantime, you get an Applecart
356.63 -> and you can, with Apple page,
359.14 -> just buy at the point of sale.
361.48 -> Same for Google, they are actually,
363.08 -> like, they used to be a search engine
365.07 -> and they do many other things.
367.41 -> And why do they do this?
369.2 -> Because people actually expect nowadays
372.2 -> that things like this are possible.
374.09 -> It's a diversification of the product portfolio,
376.67 -> but it's also, you're allowing people to conveniently live
380.34 -> their lives in a manner as they want to.
386.603 -> Solarisbank's role in this is, if you look
389.16 -> at the sandwich, we are offering these five,
392.89 -> six product groups as a white label solution
398.57 -> in the background without interacting directly
401.59 -> with the end-customer.
403.12 -> All this came up because a couple of years back
406.13 -> our parent company, the company that founded
410.52 -> the Solarisbank wanted to build FinTech companies
415.15 -> just had this experience that this was impossible
417.47 -> with existing banks and we wanted to be different.
424.18 -> Okay, so telling you now a little bit
427.18 -> about the early days and the challenges that we had,
430.46 -> and how we overcame them.
433.72 -> So when I joined Solaris, we were 25, 30 people
437.93 -> and everyone had to be a superstar, a rockstar.
441.21 -> And how do you do this?
442.44 -> You motivate people.
444.04 -> And that was one of the core enablers for the success
446.99 -> of Solarisbank, that the founders, the early founders
450.42 -> really gave everyone the impression that
452.91 -> you are exactly at the point where you're supposed to be
456.53 -> to really help us be successful.
458.27 -> No one else would be able to do this.
460.47 -> We were all N-preneurs, not only the founders,
463.84 -> and that motivated everyone immensely.
468.13 -> Back then, it was still unclear
470.24 -> what our actual product would be.
472.04 -> It was just clear that, okay, we were granted
475.3 -> the banking license, with the banking license,
478.86 -> we applied for it.
481.34 -> But how, in particular, the products will look like
484.29 -> that we built first was something that we had
486.91 -> to test out in lead manner with the market.
489.67 -> So building up some foundation and at the same time,
494.91 -> checking just the market need was one
496.95 -> of the first things that we did.
498.45 -> And the market need was just immense.
502.28 -> Like, we saw that a lot of companies were out there
504.47 -> that were craving for another company
506.95 -> that would enable them to provide financial services.
513.61 -> Of course, we built POCs and we built monoliths.
517.81 -> And some of these monoliths also ended up
520.22 -> to be version 1, 2, 3 that we're running in production.
524.87 -> We all know this, usually you just want
526.49 -> to try something out and then build it in a better manner.
529.91 -> Also, in our case, we had to somehow live
533.06 -> a very lean approach in there and see
535.54 -> that we stabilized things as we go.
539.22 -> We already tried to ensure that,
541.48 -> from an architectural perspective,
543.12 -> and you need to imagine that,
545.41 -> the tech team grew basically by 100% each month.
551.41 -> We onboarded an immense amount of people
554.54 -> and onboarding not only means giving them access
557.55 -> to systems or to source code, and to repositories,
563.52 -> you need to tell them what to do.
565.68 -> And that was, of course, because it was the early days,
568.55 -> very challenging; we didn't do that well.
571.04 -> So why we tried to create architectures,
574.44 -> software architectures that already had some breaking lines
577.52 -> in there where we could say later on, we will break out,
580.03 -> for example, an authentication out of an existing service,
584.54 -> that part of the code had already changed
586.85 -> when we were just about to like,
588.8 -> somehow get it out because other people
591.08 -> had already implemented changes in there.
593.54 -> So catching up with the real world was a challenge.
597.86 -> What we did back then is that we said, we need to do,
601.26 -> we need to create a platform where we will be able
604.69 -> to horizontally scale our coding
609.79 -> or our software development, our product development.
612.79 -> And the notion in 2016 in Germany was
616.75 -> if you go to a hyperscaler from the United States,
619.07 -> the chances that you will get into trouble
621.33 -> with the regulators are pretty high.
624.18 -> So also there, let's come up with an approach
627.81 -> that gives us all possibilities later on, but start on-prem.
632.36 -> So we built an on-prem system,
633.96 -> an on-prem system completely based on Linux
637.81 -> on a lot of HashiCorp tools.
639.28 -> Thanks guys, I saw them yesterday somewhere here.
642.99 -> So they helped us a lot or their services helped us a lot
646.49 -> and everything was dockerized.
648.14 -> It was clear that we needed to come up with some kind
651.04 -> of a standardization, a concept that would give us
654.73 -> the possibility to, at some point in time,
657.02 -> exchange the sub-jacent system and do something
660.42 -> more efficient, better.
661.98 -> But for the time being back then, the solution was
664.73 -> on-prem Linux, and a lot of HashiCorp tools.
669.82 -> This is the system that we came up with eventually,
674.29 -> because we had to ensure integrity.
677.38 -> That is the most important part,
679.93 -> or one of the most important parts
681.53 -> when you're in a regulated environment.
684.42 -> The question from auditors, from regulators,
686.94 -> from officials, will always be how do you ensure
690.2 -> that you know what gets rolled out in production?
693.81 -> So this is the concept.
695.67 -> We called it Platform-enforce principles
698.23 -> that we follow until today.
700.9 -> Because what we made was a system that would
703.26 -> allow us to fully control the changes
707.81 -> that are introduced into the system.
709.42 -> If you look at the very left, there is the circle
711.75 -> with the Dev, that's the developer or our developers.
714.67 -> And the only interaction points that they had
716.7 -> with the overall system was GitHub Enterprise.
721.6 -> Concourse, for those of you
722.97 -> who don't know it, it's a CI/CD tool.
724.85 -> It's easy to configure it or it's actually supposed
727.98 -> to be configured through text files.
731.65 -> So also there, we have the possibility
734.405 -> to apply some principles, to enforce
737.5 -> four-eye principle, for example.
739.41 -> And that was a core enabler for us to show that
742.52 -> we are not only controlling the source code itself,
745.5 -> but also the environment.
748.672 -> I look into this, there is a similar picture
750.67 -> a little bit later, where we dive a little bit deeper
752.54 -> in what happens there.
755.04 -> So how we called this was compliance in code.
757.46 -> So compliance is usually something that is perceived
759.96 -> as it's important that you do it, but it's additional work.
764.47 -> And if you're a software engineer, if you're a product guy,
768.144 -> you just want to get your next feature out.
770.25 -> And compliance is something that, ideally,
773.21 -> it comes automatically.
774.61 -> But the sad truth is, it doesn't really happen.
778.73 -> So what we tried to establish is a mindset
783.3 -> of this is a chance for us.
785.88 -> Compliance is not something that should be considered
788.19 -> as a burden, but it is something that tells you
792.33 -> how to do things right.
793.67 -> Because I think most of you also have the experience
796.18 -> in software companies, the one thing that was
799.97 -> usually not in the best shape was the documentation.
803.92 -> And then that became a problem at some point,
807.36 -> and basically, compliance is not only documentation,
810.93 -> but it defines that you need to make sure
813.13 -> that your documentation is up to date.
814.46 -> And in the end you will also benefit from it.
817.31 -> So question is framing, what is compliance
821.02 -> and what is security?
822.56 -> And if you take it as an opportunity to really think
825.87 -> about things and make things cool and better,
829.46 -> and efficient, it's actually a creative process.
833.62 -> It's a creative requirement for people to do it.
838.95 -> And that's also what I tell people who are
842.01 -> in interviews with Solarisbank and who ask me,
844.407 -> "Wait a second, so you have a banking license?
846.667 -> "Am I actually, like, can I work the way
848.557 -> "how I used to work before?"
850.67 -> It's like, yeah, of course.
851.92 -> I mean, we do things in a certain manner,
853.9 -> in a defined manner, but we also need
856.38 -> to be more creative than others in order to ensure this,
860.23 -> that we can have this culture of, you know, allowing people
863.85 -> to fix problems in production, for example,
867.18 -> and not having this one team that is certified
870.55 -> to jump in if things go wrong.
872.68 -> That's not scaling.
874.61 -> So just to give you an example, and I'm circling back now
879.35 -> a little bit to the image that I showed you earlier,
881.92 -> these are some of the topics that our auditors
884.67 -> are checking us on.
887.68 -> So, and that's the list, and I'm not lying,
891.35 -> that came up when I was sitting at my kitchen table
893.6 -> in like, maybe 20 minutes and I could go on.
898.12 -> And just to give you an example of how most of these things
903.02 -> can be already covered by just one or two witty ideas
907.39 -> on how to do things, I want to talk
909.64 -> about the change process, the way how we introduce changes
912.81 -> into production in a completely compliant manner.
918.52 -> Back here, the engineer got a face in the meantime,
921.94 -> and let me just show you a bit how the systems
925.26 -> are operating when changes are introduced.
928.9 -> The engineer or end engineer is interacting
931.81 -> with GitHub Enterprise.
932.79 -> We have Terraform.
935.13 -> We use Terraform to configure GitHub Enterprise
938.76 -> in a standardized manner.
940.17 -> We protect the main branches.
942.33 -> Nothing gets into the main branches
943.94 -> without a proper pull request
945.8 -> and an approved pull request before it gets merged.
949.18 -> That's the work for the engineers.
951.56 -> Additionally, they create releases.
954.08 -> They are the ones who decide this specific merge
957.35 -> into the main branch is supposed to be released now
961.43 -> into production and into our sandbox environment.
964.9 -> That's their responsibilities so far.
967.31 -> If changes happen, our CI/CD tool, Concourse,
970.49 -> is doing things and these things are
973.02 -> not only building and testing,
974.63 -> that's the obvious part of what CICD tools are doing.
977.81 -> The cool thing is, if you look up CircleCI online,
981.45 -> it says something like your automate everything tool
985.01 -> or something, and it it's really like that.
987.4 -> You can use Concourse to execute scripts
991.99 -> or to define scripts that you execute in different manners.
995.87 -> So what we do during our rollout process is that
999.54 -> not only we are testing assets,
1001.07 -> not only we are tagging assets,
1002.65 -> everything is dockerized.
1003.74 -> Remember?
1004.78 -> We are not only tagging assets that are matching
1007.72 -> the Gitshot of a specific change,
1011.62 -> we are also creating tickets in Jira,
1014.41 -> and we are using these tickets
1015.74 -> for additional triggers within this process.
1020.39 -> The actual requirement in Germany from the regulators
1024.38 -> for banking-related functionality is
1027.75 -> you need to ensure that you have a technical review
1030.66 -> and a functional review.
1033.26 -> Which makes sense because usually you have someone
1035.68 -> who understands the domain, someone who understands
1037.9 -> the financial systems, the transaction networks, and so on.
1042.07 -> That's the functional review.
1043.95 -> And you have a tech person who understands the code
1047.86 -> that is supposed to be introduced.
1050.08 -> Now in traditional banks, this leads to release trains
1054.86 -> or bigger releases because you have to go
1056.68 -> through this effort to get these approvals in
1059.61 -> and people to understand what's actually happening.
1062.35 -> We are rolling out more than 300 times per week
1066.714 -> and we'd really want to keep it like that.
1068.83 -> We want to allow the product development teams
1072.55 -> to really be quick and fast in releasing new versions,
1075.95 -> to fix things, but also to, of course,
1079.01 -> deploy new functionalities that the market is waiting for.
1082.56 -> And how this process in detail works is
1086.54 -> the PR is approved and merged from all these merged changes
1092.25 -> into the main branch.
1094.29 -> The engineers can create releases.
1097.42 -> If such a release tag is created in GitHub Enterprise,
1100.56 -> it automatically creates a Jira ticket
1102.9 -> on a Jira project where only the product owners
1106.53 -> have write access to.
1108.82 -> They got a new ticket.
1109.95 -> This ticket contains the information on the release.
1113.86 -> This ticket is in a waiting state.
1116.96 -> And they can just drag and drop this ticket
1119.87 -> to approved or rejected.
1122.88 -> If they put it to approved, changing the ticket
1125.31 -> also triggers again, our CI/CD tool, which automatically
1130.1 -> rolls out exactly this specific version
1132.33 -> of the Docker container
1133.98 -> into the respective AWS account into production.
1140.88 -> And by doing this, we can prove the full
1144.31 -> or we have the full audit trail.
1145.69 -> We can fully prove who had, at what point in time,
1149.77 -> a look at the change and we have directly the names
1153.46 -> connected to the respective approval.
1155.96 -> That's something that's proved as bulletproof
1159.43 -> when we were talking with the auditors and regulators.
1162.68 -> Explain it to them, we were able to show them also, like,
1166.23 -> data, like, based on data, that all the changes were
1169.24 -> really went through these steps.
1170.98 -> And that's something that we will refine it even
1173.1 -> in the future, but at the moment, we can just concentrate
1176.83 -> on other things because this is solid.
1181.31 -> So now AWS Quite had an impact on Solarisbank
1188.769 -> and on the way, how we do things.
1191.95 -> Back in 2019, we were 12 products engineering teams.
1198.56 -> We are more than 20 in the meantime.
1201.57 -> And back then, we had one platform team.
1203.95 -> You remember, we were still operating on-prem
1207.9 -> in distributed system based on HashiCorp?
1213.96 -> And the problem that we had back then was that
1217.53 -> the platform team was basically responsible
1220.06 -> to provide everything that had to do with the persistence.
1223.53 -> You cannot just allow people to create databases
1226.17 -> in a manner where the databases need
1228.1 -> to be set up themselves as well, to be highly available.
1232.11 -> Also, just in terms of giving access to the crown jewels
1235.43 -> of everything that we have is something that
1237.25 -> we couldn't really allow teams to do themselves.
1242.774 -> That would have been not compliant.
1244.92 -> So we had outgrown our concept spectrum.
1248.63 -> 12 teams were just too many for the platform team
1252.18 -> to really be like a service provider for,
1254.64 -> so we had to somehow come up with a new solution.
1259.89 -> So status quo, what was there?
1263.67 -> We were dockerized back then.
1266.4 -> That was good so far.
1268.44 -> We had a lot of standards established and templates.
1272.12 -> So all the teams used base images
1275.4 -> that already came with certain functionality to,
1278.09 -> for example, register in console mode.
1281.1 -> And so that helped us speed things up but it was,
1285.53 -> at that point in time, not enough anymore.
1289.1 -> All the services were stateless.
1290.65 -> That was something that we also pushed the teams to do,
1293.06 -> just to be aware of.
1294.88 -> Having stateful services, it's just something
1296.66 -> that keeps you from really doing the good things
1299.07 -> at a later point in time.
1300.72 -> We had databases that followed a standard,
1304.17 -> so MariaDB, mySQL, that's something that is just known,
1306.9 -> and it was clear that whatever we would be using
1309.12 -> as a new solution, we would be good
1311.95 -> with MariaDB and wouldn't have to change
1314.32 -> also the services, themselves.
1317.34 -> And we have just a traditional in-service communication,
1320.35 -> RESTful APIs, usually synchronous,
1323.94 -> some of them asynchronous.
1326.52 -> And we knew we had to go to the cloud.
1329.25 -> We looked at the cloud already,
1330.51 -> like, drooling over the possibilities
1334.55 -> that we would have as soon as we get rid
1336.29 -> of our on-prem solution.
1338 -> So something had to happen.
1341.65 -> The choice was pretty clear because we already had invested
1346.1 -> some time to make, let's say a small comparison
1350.38 -> between the providers that were out there.
1353.28 -> And AWS was clearly our favorite
1356.29 -> because of its reliability.
1357.61 -> Its been there, AWS has been there for a very long time,
1360.41 -> in the meantime, and it has a good reputation
1363.7 -> on the European market and the German market.
1366.52 -> The quality, of course, of the products,
1368.41 -> because it has been there already for a while,
1371.28 -> if you just think about the possibilities that you have
1373.51 -> with RDS, if you know how painful it is
1376.21 -> to set up a CMOS synchronous mySQL setup,
1381.44 -> that's just something that you don't really wanna have.
1385.98 -> It's obvious the geographical possibilities is,
1389.58 -> of course, given with AWS.
1392.56 -> And a very important point for us was talent,
1396.35 -> which means if you're looking at the market
1398.83 -> for new engineers, the amount of people
1401.76 -> that already had encountered AWS at some point in time,
1406.22 -> it's just really high.
1407.47 -> And people really like working with AWS.
1409.54 -> So it was a clear choice.
1413.76 -> The migration.
1416.24 -> In 2019, we got a new CTO who came from Capital One.
1421.67 -> And he already knew, Capital One being like,
1424.81 -> one of the biggest AWS partners or clients,
1431.16 -> he brought in a push for us to really also invest this time
1435.77 -> and this effort to go into AWS because there was just
1439.36 -> so many things and so many requirements
1442.28 -> that came in just from regular business,
1444.31 -> that it was always hard to negotiate, basically,
1446.95 -> that now we need to start doing the big work.
1451.06 -> So it was clear that we had to do a plan,
1455.29 -> that we had to come up with some idea on how we can
1458.35 -> centrally track the migration of the whole company,
1460.93 -> back then, 300 services, including databases
1465.52 -> that had to be migrated over to AWS
1468.45 -> and a pretty packed agenda for all the teams.
1475.41 -> So what we came up with was, and I just want
1478 -> to point out maybe one thing out of here,
1483.01 -> as I mentioned, it was like a longer process
1485.44 -> to really come up with it.
1487.7 -> We just decided that there was a strategy, for example,
1489.97 -> going hybrid because lift and shift in a business
1494.95 -> that is very fast, it has a very high pace,
1498.04 -> it's just something that you cannot really afford.
1500.59 -> You cannot just pause, move everything over,
1503.35 -> see that it's working.
1505.65 -> It was clear we need to go into a hybrid mode.
1509.12 -> And we created a translation metrics
1510.78 -> and I won't go through all of it,
1512.3 -> but the translation metrics, and I will show you this
1514.2 -> on the next slide, was one of the core enablers.
1518.04 -> We thought we need to tell the teams
1520.19 -> how the solution will look like as soon as we are moving
1523.07 -> out of on-prem because they were used to think
1526.15 -> in a certain concept, in a certain manner.
1529.46 -> And the first thing that usually humans react
1532.42 -> or the way how humans react if you tell them we just,
1535.35 -> like, everything different from tomorrow on,
1537.46 -> they get anxious.
1538.7 -> So making sure that they really understand what's happening,
1542.14 -> making sure that they get like, a tangible idea
1544.57 -> of how it will look like as soon as we are
1546.11 -> in AWS was one of the core deliverables
1550.27 -> during these sessions.
1552.27 -> And if we look into the translation matrix,
1554.6 -> this is roughly how it looked like.
1555.99 -> It was not hard to do, it was just,
1558.15 -> it had this one decision in there where people were asking
1560.73 -> for Kubernetes back then, where we said,
1563.137 -> "Nope, our container orchestration will be ECS."
1566.38 -> Because it will be just easy for us to, instead of deploying
1569.56 -> to an existing system that digests target containers,
1573.81 -> you're just going directly also to ECS
1575.68 -> because it does the same.
1577.46 -> So some of these decisions were, of course, taken
1580.74 -> before we came up with the matrix.
1582.55 -> But in general, that was a very important asset
1586.25 -> for us to prepare the migration and also to steer
1590.03 -> the migration throughout the following months.
1595 -> It was mayhem and I mentioned it earlier,
1596.93 -> the stress was quite high because we are a startup.
1601.49 -> And that means that besides the actual migration
1605.68 -> that we wanted to finish within one year,
1609.37 -> we also got the deal with Samsung.
1612.75 -> And Samsung decided that they would
1614.66 -> completely base Samsung Pay on our systems,
1617.5 -> which was a huge deal for us.
1619.69 -> And we could just say no, just because we had
1621.45 -> the AWS migration also planned.
1624.7 -> The next thing was that, roughly the same time,
1628.12 -> we also got to deal with a company called Vivid Money,
1632.6 -> which is a spinoff of Tinkoff, a Russian bank.
1635.63 -> Also very ambitious and also big deal,
1638.09 -> very important partner for us, also nowadays.
1640.88 -> And besides all that, we had outgrown
1643.76 -> our core banking system, which was a core banking system
1647.14 -> based on SOAP, based on Windows setups,
1650.82 -> and it was slower than what we would actually need,
1653.99 -> in particular, looking at Samsung and Vivid.
1656.95 -> So we were actually running four huge projects
1660.3 -> at the same time and I can tell you, and Corona is,
1664.65 -> by the way, the name of our own core banking system.
1668.2 -> No one would know that couple of months, years later,
1671.57 -> we would end up in a situation
1672.77 -> where it means different things to people,
1674.45 -> but we just stick to it.
1676.5 -> But during this time, 2020, it was stressful
1681.44 -> but what I showed you earlier, having this central plan was
1688.04 -> definitely something that helped us ensure
1690.47 -> that we would be successful in moving over.
1693.6 -> So the core ingredients for the success were,
1695.85 -> as I mentioned earlier, the standardization.
1698.29 -> We established, internally, the whole cultural work
1700.59 -> in AWS Guild, so that people would have the possibility
1704.16 -> to play around with, you know, the tooling that is there
1706.86 -> in AWS, that they could exchange knowledge.
1710.76 -> I personally was talking, I think,
1712.87 -> every second week about AWS in 2020.
1716.45 -> People, like, when they saw me, they knew someone will
1719.02 -> like, he will now start talking about the progress
1721.19 -> in AWS and how important it is,
1723.06 -> but it was also important for the whole company
1725.72 -> to really understand that what we are
1727.13 -> doing here is important, even for parts of the company
1730.04 -> that might not interact with tech too often,
1733.92 -> but making sure that everyone understands that
1736.83 -> this is a huge step forward.
1739.49 -> And this is something where we need to support,
1741.38 -> where the whole company needs to support
1743.08 -> also tech and product to really make this,
1746.88 -> that was a core deliverable for this.
1751.74 -> We brought in external consultancy because if you think that
1754.7 -> you are the one who knows just everything best,
1756.39 -> that rarely works.
1758.66 -> So we got consultants in who helped us really understand
1761.28 -> whether the concepts that we came up with, for example,
1764.29 -> for the AWS accounts, the whole setup.
1767.69 -> Also we needed to have like, the standardization,
1770 -> of course, in place, also for AWS and in the future,
1773.47 -> someone who would make a cross-check
1775.49 -> and give us hints in how to improve things.
1778.55 -> And we introduced the buddy program,
1780.76 -> which meant for all the product teams
1783.78 -> that were supposed to move their own services over to AWS,
1787.7 -> because you cannot do 300 services through like,
1790.49 -> 5, 3, 4 or five people who would just
1793.15 -> like, take over this responsibility,
1795.39 -> you need to build up this knowledge within the teams
1798.52 -> and at the same time enable them really to do it themselves.
1801.35 -> And if they have questions, ask their buddy.
1804.56 -> So the four or five people who would usually do this,
1806.53 -> maybe in other companies were, for us, the AWS buddies,
1810.47 -> who would just be the bearers of more knowledge
1813.9 -> and who would sit together with the product teams
1816.42 -> and help them do the changes in case that they needed help.
1822 -> What it also allowed us to do is
1824.39 -> the definition of resiliency tiers.
1825.89 -> And that's something that really helps us tremendously now
1828.89 -> to boost the whole BCM topic within the company.
1832.67 -> Because if you're growing rapidly, compliance and so on
1836.12 -> also comes with requirements regarding risk,
1840.52 -> the concept or having different standards
1843.73 -> for different criticalities
1845.16 -> for different important systems has been something
1851.4 -> that allowed us to come up with a completely new idea
1855.36 -> on how we would deal in case of disaster.
1857.63 -> That's something that we, of course, I mean,
1859.32 -> this takes quite a while, that's something
1861.18 -> where we are still in the middle of, but this level
1865.01 -> of depth is something that just
1867.26 -> only the cloud allows you to do.
1871.08 -> So this, in the end, gave us the possibility
1874.64 -> to really move over to AWS with all our product services
1879.12 -> within the scope of, it's actually 11,
1880.68 -> it was 11 months, but 12 sounds better.
1884.42 -> It was 100 engineers who really built up this knowledge
1887.07 -> besides their usual tasks that they had.
1891.49 -> And the question was after we've been there,
1895.07 -> how do we bind this?
1896.45 -> How do we make sure that now as we got the migration,
1899.9 -> this is only the beginning, this is,
1902.45 -> what happens now is we enable the teams
1904.53 -> to do stuff themselves.
1906.23 -> So AWS helped us, or the two systems in AWS
1912.32 -> help us to be quick to scale our business quicker
1917.09 -> than before, because we removed the dependencies,
1919.81 -> the central dependencies to bottlenecks
1921.41 -> within the organization.
1922.78 -> But at the same time, you also need to steel this
1925.72 -> and give a certain direction to your teams.
1928.92 -> So the clear impact that we saw there was that,
1933.78 -> as I mentioned, the central bottleneck went away
1936.28 -> and that the teams themselves were also able now
1938.67 -> in the meantime, to challenge basically the status quo.
1945.15 -> Because before that, it was just clear there are
1947.53 -> certain things that you can do, there were just
1950.5 -> not other technologies there.
1953.27 -> With AWS, we have way more possibilities
1957.03 -> to implement systems and technologies, and by this,
1961.01 -> also to improve the quality
1962.65 -> and the reliability of our products.
1966.61 -> The operational changes, of course, are obvious.
1969.56 -> Before we moved to AWS, we had to create a ticket
1972.26 -> to get a new VM.
1975.61 -> That's gone, so the whole efficiencies
1978.11 -> in terms of what you do on a daily basis,
1980.5 -> just increased massively.
1981.76 -> And you can tell if you're just following
1984.33 -> our Slack channels, that the conversations
1987.12 -> that are happening in between the teams are less,
1989.147 -> "Hey, dude, I'm still waiting
1990.587 -> "for this change to happen.
1991.547 -> "Can you please do that?"
1992.94 -> But it's more a ping pong where they are
1994.63 -> challenging each other and that's really a huge benefit
1998.26 -> that we see in terms of how the culture changed
2001.42 -> by just going horizontally with multiple accounts in AWS.
2008.48 -> And just to make sure that you don't have to keep track
2013.61 -> like, active track on things,
2015.93 -> AWS also provides you with a certain set of functionalities
2019.34 -> that we also, that we are still refining, of course.
2022.32 -> That's also like, not a target that
2024.21 -> you just put for yourself and then you arrive there.
2027.41 -> It's an ongoing process.
2028.73 -> You're adapting the standards and the requirements
2031.71 -> for yourself on a constant basis.
2035.47 -> So in particular, the service control policies help you
2039.29 -> to really define how the systems will look like.
2042.47 -> The service control policies basically allow you
2045.56 -> to give blueprint of the applications that are open
2049.52 -> for your organization to use in AWS.
2052.8 -> And that's something that we enforced quite early.
2055.99 -> Tagging, just to ensure the visibility, is something that
2058.78 -> we also enforce in the meantime,
2060.27 -> to make sure that we just have the possibility
2062.39 -> to have an idea of what's happening in there
2064.3 -> and where the costs are going.
2068.04 -> And there is a lot of stuff that you can just predefine
2071.21 -> to define the outer shell of everything
2074.71 -> that is used within the cloud.
2079.04 -> Of course, alerting just as a very specific thing,
2083.22 -> everything that you do, we have our,
2085.84 -> we have two security teams and these two security teams
2088.61 -> get notified in case that things are not going as we wanted.
2092.23 -> So manual changes, there are some changes that need
2096.19 -> to happen manually.
2099.16 -> They get alerted in this case.
2101.77 -> Most of the changes, 95% are executed
2105.57 -> by Terragrunt and Terraform where we also have
2107.78 -> this centralized approach where we say for our principal,
2112.14 -> if you want to change something for your individual account,
2114.84 -> introduce it here, have it reviewed and approved
2117.48 -> by someone else, and ship it.
2121.88 -> And this gives you the possibility for the whole monitoring,
2125.64 -> having the eye in the sky for your costs, for your usage.
2131.88 -> Basically, the efficiency of your systems
2133.78 -> also helps you then to first identify
2137.91 -> where your costs are going, but in particular, as well,
2141.33 -> how can you improve your products.
2142.87 -> How efficient can you be?
2144.27 -> And where are the things that
2145.44 -> you can tweak and hence, improve?
2151.82 -> And if I now look into where we are now
2154.35 -> and what we want to do in the future,
2158.33 -> actually, like, one or two sentences to this,
2161.91 -> there are so many things that we still need to do with that.
2164.96 -> We want to dive in because this is just the beginning.
2168.51 -> We just arrived fully in AWS.
2172 -> We know that there are a lot of things
2173.61 -> that we can do to improve, be it Auto Scaling
2178.08 -> because auto scaling is not just this one button
2180.47 -> that you flip and then it magically works in a manner
2183.1 -> as you, as you expect it to do, you need to make
2186.89 -> conscious decisions what the criteria are
2190.9 -> for auto scaling and this takes time.
2193.26 -> And for this, we need to make sure that the teams have
2196.14 -> the time to really do this.
2198.14 -> And we want to mature it in tooling.
2200.01 -> So initially, we started out with an APM solution, X-Ray,
2207.02 -> that would help us to see what is happening
2209.12 -> within the systems, looking into how this solution
2212.44 -> will look like then in the future.
2214.18 -> That's something where we need to really spend time on,
2216.91 -> overall increasing quality, increasing the adoption
2220.23 -> of the functionalities that are out there.
2222.49 -> We clearly said we want to use the cloud
2224.68 -> to really leverage the benefits of the cloud
2227.59 -> and not to build up just some new data center in AWS
2231.68 -> that wouldn't really make sense.
2234.7 -> And with that, I thank you for giving me
2239.13 -> 40 minutes of your time.
2240.37 -> And if you have questions, I'm happy to answer them.
2245.18 -> Thank you.
2248.298 -> One quick question is, oh.
2251.09 -> One quick question is in the release cycle, right?
2254.41 -> So there is always a concern about the risk.
2257.39 -> So what do you do for like, analyzing the risk
2260.61 -> and the blast radius of the change?
2267.079 -> So your question is what we do?
2273.46 -> Ah, okay.
2277.85 -> So the question is what do we do
2280.55 -> to reduce the blast radius of a single release?
2286.67 -> If you're releasing more often,
2288.45 -> you're introducing smaller changes.
2291.41 -> That's like, this one truth that led at some point
2294.77 -> in time to the agile work methodologies.
2299.46 -> That's what we do, we try to keep the releases very small
2303.09 -> and at the same time, it's a service-oriented architecture
2306.77 -> in general, which means we have different dependencies
2310.38 -> between the services, of course,
2312.44 -> but if one of these services goes down,
2314.66 -> it is usually only limited.
2320.411 -> The incident is only limited for this specific product
2322.89 -> or this specific service, or the services
2324.87 -> that are directly depending on it.
2326.99 -> So with the set up, the overall set up,
2330.18 -> where we have multiple accounts for individual teams,
2334.13 -> we are reducing the blast radius also for, in case of like,
2337.51 -> a security incident or something like that,
2340.38 -> to really only the domain of a respective team
2344.32 -> or of a respective product.
2350.27 -> What was the tool for the cost analysis?
2354.15 -> That was Grafana.
2356.93 -> Anything else?
2359.38 -> Yeah.
2361.52 -> Is everything a single instance
2363.29 -> or multi-tenant set up?
2364.55 -> Or do you have like, per-client separate production running?
2369.54 -> We have a platform which means we have
2372.49 -> one, big infrastructure that is used
2375.41 -> for multiple of our partners.
2377.07 -> We don't deploy individual technologies for our partners.
2382.37 -> Okay?
2384.98 -> All right, thank you.

Source: https://www.youtube.com/watch?v=65JUKWXPQXQ