The BBVA innovation team shared their user story at the OpenStack Summit in Paris, demonstrating how OpenStack can be used by a leading financial institution
Jose-Maria Sanjose, the Global Head in Innovation in Technology for the Digital Bank division of BBVA, started his talk with a question: why does no one bank have a billion customers? His answer: because they can’t. The current infrastructure doesn’t support that scale.
BBVA is a large global bank operating in 31 countries. Like other large banks, they handle large amounts of client money each year — BBVA has €638 billion in assets — and operate a large workforce of nearly 109,000 employees.
BBVA’s Challenges
They needed more agility, speed and scalability to keep up with customers. Their infrastructure and their IT departments were siloed.
In order to differentiate themselves as a financial institution, BBVA had to evolve. According to Sanjose, “Applications are the main way we give value to our customers.” To be able to build better software applications, they need to protect their developers and give them a common infrastructure upon which to build those applications.
Of course, cloud in the financial industry is a relatively new, and in some ways mistrusted, concept. Because of tight security regulations and heavy oversight, many financial institutions take a “wait and see” approach to using open source deployments.
But Sanjose, saw an opportunity. An open source private cloud could give the organization the edge they needed to stay at the forefront of the industry, while complying with strict security regulations.
When analyzing which open source infrastructure to choose, they kept the following goals in mind:
- Should provide a private a cloud infrastructure for BBVA’s internal networks similar to Amazon or Google.
- Should promote cultural change within the bank; shift the entire organization’s view on technology
- Automate everything — application deployment, security, network, etc.
- Should be able to deploy an application in a multi-cloud way
Why OpenStack?
Ultimately, BBVA chose OpenStack. Why? For the community and the large corporate backing. For the maturity and the ability to innovate in parallel. For the interoperability and for the flexibility to develop different solutions with the same underlying technology.
With help from RedHat, BBVA installed an automated, multi-tenant cloud service on OpenStack Icehouse that provides:
- Efficient, granular security: via a global policy framework from Nuage Networks
- Agility: via utilization of KVM as a virtualization hypervisor
- Speed: provisioning and delivery of service in near real time via the RedHat OpenStack distribution
They deployed the OpenStack cloud using a combination of Foreman and Puppet.
SDN Integration:
The OpenStack cloud at BBVA also includes SDN integration for a few reasons. For one, the security team needed to enforce security at all deployment stages automatically. The programmability of network functions would also allow them to automate deployments. Finally, integrating SDN gave BBVA growth capabilities between data centers.
The integration of Neutron based on an external SDN overlay solution improved the networking and security functionalities of the cloud.
They used Nuage for the following reasons:
- Domain templates
- User roles
- Automation
- Consumable via REST API
- OpenStack integration via Neutron plugin
- dVRS (distributed Routing and Switching)
- Hypervisor agnostic solution
- Automation/faster way to deploy
Lessons Learned
First, internal processes had to be adapted to consume the OpenStack services. BBVA had to organize their developments and teach their team to consume infrastructure in a completely different way.
Secondly, they realized it was difficult to deploy with department silos. BBVA is a complicated organization. In order to make the deployment successful, they needed to begin adopting a “one-team,” multidisciplinary approach.
While the use of OpenStack is limited at BBVA now, a full OpenStack infrastructure will be deployed soon, with a real banking operation.
Going forward, their goal is to update the software once a year (they are running on Icehouse now), which is very different from other financial infrastructures where the same version could be running for years. They also plan to add Docker and Ceph integration.
To see the full presentation, watch it here: