Construction of the “Digital Base of the Financial Cloud Platform” of Postal Savings Bank in Asia

For a long time, cutting-edge technologies represented by cloud infrastructure, big data, blockchain, artificial intelligence, and the Internet of Things have been increasing in the strategic layout of financial institutions. On the other hand, the complex and ever-changing international situation has also put forward new requirements for the technological innovation process of national key infrastructure.

Challenges in Building the Digital Base of Postal Savings Bank’s Financial Cloud

The Postal Savings Bank of China's financial cloud construction project is a complex and important system project that involves multiple dimensions, including technical, management, and policy. During the construction process, it faces the following challenges.

1. The overall solution on the industry side is insufficient, the integration capability is lacking, and the construction standards are imperfect. As a complex and important system engineering, the construction of the Postal Savings Bank's financial cloud platform is not suitable for the product construction ideas of traditional basic software, especially when the factors of technological innovation are superimposed. Most traditional integrators also lack experience in the construction of technologically innovative financial clouds. At the same time, there is a lack of unified standards and methodologies in the construction process to provide end-to-end construction guidance and operation and maintenance standards after completion. Therefore, a separate responsible department is needed to focus on continuously optimizing the construction model, solidifying relevant standards, and providing process guarantees in terms of top-level design, product selection, system integration, adaptation verification, construction implementation, and operation and maintenance guarantees.

2. Multiple software and hardware route selection, deep adaptation and difference shielding. The financial industry has extremely high requirements for the functional completeness, processing performance, data consistency, security and stability of information technology. At present, Postal Savings Bank has multi-brand servers, network equipment and storage equipment at the hardware level, and basic software such as operating systems, middleware, and databases also have problems such as ecological compatibility and performance optimization requirements after their respective combinations. The superposition of technological innovation factors has brought huge challenges to fully supporting the digital transformation of Postal Savings Bank and deeply meeting the compliance requirements of technological innovation.

3. Meeting the challenge of supporting widespread business migration to the cloud with diverse infrastructure services. Financial Cloud is committed to fully supporting the business systems of Postal Savings Bank of China. Various systems have different SLA requirements for computing, storage, and network services. At the same time, the construction of technological innovation also faces multiple migration targets including OA, general applications, and important applications. It is generally difficult to migrate traditional information systems to the ARM technological innovation architecture. In addition, the bank's application systems are of many types, large in number, and have short windows. The pursuit of smoothness also brings challenges to the construction of financial cloud.

4. The construction and operation and maintenance of cloud platforms of data centers in the same industry are difficult. Management fragmentation refers to the fact that industry institutions have built multiple sets of heterogeneous cloud resource pools with different versions and CPU architectures in stages over the years according to usage scenarios. Each cloud resource pool has different management interfaces and management methods, which leads to the problem of rising management costs. At the same time, since the technical implementation of each type of cloud resource pool is different, it has brought about the problem of increased operation and maintenance complexity and difficulty in unifying and accumulating operation and maintenance experience, causing operation and maintenance difficulties.

5. Stable support in ultra-large-scale deployment. For Postal Savings Bank of China, the cloud platform base is an important technical means for the intensive construction of infrastructure. Its construction goal is to meet ultra-large-scale implementation scenarios, and the requirements are also applicable to the technology innovation cloud platform construction stage. Therefore, compared with traditional architecture platforms, financial cloud platforms face the challenge of continuous optimization of support capabilities after scale-up.

6. The cloud platform functions cannot be upgraded smoothly. Referring to the user experience of the infrastructure cloud platforms of most institutions in the financial industry after they were built, many peer institutions have the problem of backwardness in infrastructure cloud construction. This is mainly manifested in the fact that the functions and capabilities provided by most financial clouds are relatively solidified, the platform architecture is not advanced and rigid, and does not have the ability to evolve continuously.

7. Security and compliance of technology innovation cloud construction. The financial industry is a key industry for security supervision, and security compliance is an important indicator of business security. The construction of the financial cloud security system needs to meet the latest cybersecurity level protection 2.0 level 3 requirements and the requirements of the cybersecurity review method. Implementing and enforcing the country's financial regulatory requirements has become a top priority.

Postal Savings Bank Financial Cloud Construction Plan

In view of the above construction challenges and related needs, Postal Savings Bank of China, based on its actual situation, cooperated with EasyStack, Huawei Cloud and other manufacturers to gradually build a standardized, neutral, diversified, integrated, scalable and evolvable Postal Savings Bank of China financial cloud.

Standardization: Achieve standardized financial cloud construction, operation and maintenance, and security systems.

Postal Savings Bank of China's financial cloud-related work is based on relevant national and financial industry regulatory standards, and has formulated and continuously improved a standard system that conforms to its own characteristics and the direction of cloud construction and development, including more than 10 standard specifications such as overall standards, technical standards, service standards, security standards, and management standards, to guide the construction and operation and maintenance practices of the financial cloud platform. At the same time, it follows the regulatory authorities' security and technical requirements for the application of cloud computing technology in the financial field, effectively prevents cloud platform risks, promotes cloud platform security resource management and operation and maintenance management, and conducts regular assessments and continuous improvements to the cloud platform security architecture.

Neutralization: A way to have both neutrality and openness and diversity and adaptability.

Taking into account the security, reliability, and regulatory compliance requirements of the financial industry, and the current situation of the coexistence of multiple technology routes, Postal Savings Financial Cloud has chosen an adaptation and deployment model of "inclusiveness" and "combination", shielding the underlying differences, meeting the compatibility of multiple routes of resources, and supporting the integration of Feiteng and Kunpeng with "one cloud and multiple cores" within the cloud platform. Through the financial cloud platform, a unified resource orchestration and management layer is built on top of the heterogeneous resource pool, and abstract design is performed on heterogeneous resources to achieve unified management of cross-regional and heterogeneous resources, and realize functions such as analysis, orchestration, scheduling, and automated deployment of different types.

Diversification: Provide complete support for Postal Savings Bank’s mass production business system with diversified services.

As an important cornerstone of digital transformation, the cloud platform must have integrated infrastructure resources such as cloud hosts, bare metal, and containers, and be able to provide a variety of storage services such as block storage, object storage, and file storage, and be compatible with centralized storage and distributed storage forms. In the process of practice, we have solidified a variety of template specifications based on the resource and performance requirements of different business systems, taking into account the improvement of utilization while providing stable support.

At the PaaS level, Postal Savings Bank of China has gradually provided software infrastructure services such as Redis and PostgreSQL based on cloud-native architecture, and has deeply adapted hundreds of open source or commercial software. While deepening governance, it has accelerated the launch of business systems, solidified service acquisition processes and related operations, and achieved the stable implementation of the full-stack financial cloud integrating IaaS+PaaS.

Integration: Financial cloud with unified computing resources, unified SDN services, and unified management.

Considering the ultimate demand of widespread migration of application systems to the cloud, the cloud platform needs to be able to provide converged computing instances (cloud hosts, bare metal hosts, containers) on the basis of neutrality to support different business loads. Cloud hosts, containers, and bare metals are managed through a digital native operating system and incorporated into one platform to provide unified management of cloud native semantics. At the same time, a large-scale software-defined network solution is adopted to achieve unified and automated deployment of 4-7 layers of networks for all resources to increase speed and efficiency. On top of the resource pool, a cloud management platform is used to achieve unified management of traditional cloud resource pools and technology innovation cloud resource pools. The technology innovation cloud resource pool takes into account the ecological requirements of Feiteng and Kunpeng's multiple routes, aligns service capabilities, and reduces the difficulty of operation and maintenance.

Scale: Ultra-large-scale technological innovation and financial cloud construction practice.

The construction of the Postal Savings Bank's financial cloud platform focuses on solving the problem of large-scale deployment, and jointly builds a large-scale financial cloud platform in Fengtai, Langfang, Hefei, and Shijiazhuang. In terms of business scale, since the first electronic channel business on the cloud in 2014, Postal Savings Bank has migrated hundreds of key applications such as core business systems such as credit platforms, Internet online loan systems, and mobile banking to the cloud platform, and the application scale and transaction volume are at the leading level among peers. As of September 2022, 201 systems such as mobile banking, online banking, and mobile business development have been deployed on private cloud platforms, and the daily transaction volume of the cloud platform has reached 589 million, accounting for 93% of the total transaction volume. The application of cloud technology continues to maintain the leading level among peers. In terms of construction scale, there are more than 16,000 physical nodes, more than 80,000 virtual machines, and more than 3 million VCPU computing resources. It has become one of the largest financial production clouds based on technological innovation routes in China.

The technology innovation cloud resource pool will be put into production by the end of 2021, and relevant applications will be gradually migrated to the resource pool to support the smooth operation of the technical transformation business applications of Postal Savings Bank. The current technology innovation cloud resource pool covers heterogeneous ARM resource pool routes, which can support ultra-large scales of more than 2,000+ servers in a single cluster. At the same time, it can also meet flexible deployment scale requirements according to different cloud resource pool control level deployments, covering daily management, business analysis, Internet financial application businesses, such as the new generation of mobile banking, channel management platform and dozens of other production business systems, with strong compatibility and upgradeability.

Evolvable: The cloud platform has the ability to be upgraded and evolved.

In order to solve the problems of fragmented construction and management and rigid service capabilities that are widely seen in the industry, the Postal Savings Bank cloud platform is based on advanced architecture design and engineering practices, and has the ability to evolve and upgrade through a digital native engine. At the same time, the core features of separation of cloud platform and cloud services, full-stack, full-plane, full-scenario orchestration, full-stack cloud architecture supporting industry scenarios, and cloud open platform activating cloud ecology provide the Postal Savings Bank with stable and reliable IaaS cloud capabilities and flexibly scalable PaaS cloud capabilities, becoming fertile ground for business innovation of the Postal Savings Bank.

The construction of the Postal Savings Bank's technology innovation cloud resource pool is an important part of the bank's in-house technology innovation pilot system engineering. It includes the technical transformation of the full-stack software and hardware systems and the commissioning of application systems. It supports different technology innovation business systems in the form of multiple resource pools. It is currently the leading data center-level technology innovation pilot project in the banking industry. It is not only conducive to the Postal Savings Bank's deepening of information construction in the field of science and technology, but the related solutions and experience also have high replicability and demonstration effect in the industry, which helps to promote the comprehensive promotion of the industry's technology innovation pilot work.