The client is a significant player in the financial services industry, known for its extensive market presence and influence. With a robust operational framework spanning multiple continents, it is committed to providing top-tier banking services and innovative financial solutions. This underscores the necessity for modernising its legacy systems to maintain competitiveness and regulatory compliance in a highly dynamic market.
Key technologies
- AWS
Modernising legacy systems for a future-ready banking experience
iOCO modernised the home loans systems of a leading financial institution, enhancing customer experience, operational efficiency and future-proofing through microservices, API-first design and robust cloud native technologies and platforms.
Modernising 40-year-old legacy systems
Faced with the challenge of modernising a four-decades-old home loans legacy system built on Mainframe, Cobol and DB2 technologies, the client aimed to improve user experiences and future-proof its business. By leveraging a microservices architectural approach and a modern front-end framework, iOCO delivered a comprehensive modernisation without disrupting daily operations, ensuring seamless integration and enhanced functionality.
Solution architecture approach
iOCO's solution architecture was strategically divided into three layers: experience, digital business services and enterprise integration.
Experience layer:
API-first design adopting an API-first approach: iOCO prioritised APIs as primary products. This shift from backend support to creating APIs that offer standalone value ensured robustness, comprehensive documentation and user-centric design. This strategy facilitated seamless integration for internal developers and external partners, driving innovation and efficiency.
Digital business services layer:
Microservices with Spring Boot: iOCO utilised a microservices architectural approach, developing independent services that communicated through well-defined APIs. Built using Spring Boot, each microservice benefited from a convention-over-configuration model, extensive library ecosystem and simplified deployment. This modular approach enabled rapid development and scalability, ensuring resilience and agility.
Enterprise integration layer:
Abstraction of core banking services: At this layer, iOCO implemented a robust abstraction layer to interface with downstream and core banking services on the mainframe. This layer acted as a mediator between modern, agile applications and essential legacy systems, ensuring smooth operations and future scalability.
Security
Security was integral to the design, especially given the financial nature of the data processed. iOCO followed the zero trust principle, ensuring that the company never implicitly trusts any request and always verifies each request at every architectural layer. iOCO implemented robust security measures using OAuth with authorisation code and Proof Key for Code Exchange (PKCE). Claim-based authentication was achieved through JWTs, and each microservice utilised Spring Security to secure incoming requests. Role-based access control was enforced and needed to be dynamic, ensuring each endpoint's security and accessibility was configuration-driven.
Given the complexity of the client’s security requirements, such as different JWKS for various user profiles, iOCO extended the TokenAuthenticationManagerResolver to meet these needs. This involved checking the key ID claim in each token to determine the appropriate JWKS for decoding, demonstrating deep expertise in Spring Security.
Key technologies used
- Front-end: Angular for dynamic and responsive user interface.
- Back-end: Java Spring Boot for microservices development.
- Security: PingIdentity Authorisation server coupled with Spring Security for secure endpoints and advanced authentication and authorisation.
- Cloud infrastructure: AWS ECS for deploying containerised microservices, AWS X-Ray and CloudWatch for monitoring and tracing, RedisCache for efficient caching, and DynamoDB for scalable NoSQL database solutions.
Project highlights
- Seamless integration: Modernised a legacy system without disrupting daily operations.
- API-first design: Focused on creating robust, well-documented APIs that deliver standalone value.
- Microservices architecture: Utilised Spring Boot for efficient development and deployment of independent services.
- Robust security: Implemented advanced security measures, ensuring the protection of sensitive financial information and compliance with regulatory requirements.
- Cloud deployment: Leveraged AWS ECS, X-Ray, CloudWatch, RedisCache and DynamoDB for scalable and efficient cloud infrastructure.
Share