“Macquarie becomes the first Australian bank of size, and one of just a handful globally, to migrate and run our core banking platform on the public cloud. This will unlock far greater speed and processing power to back our Digital Bank offering.” Richard Heeley, Chief Information Officer, Macquarie Banking and Financial Services Group
Macquarie is a global financial services group headquartered in Australia and a top 10 Australian company. Macquarie’s Banking and Financial Services (BFS) division is a technology-driven retail bank serving more than 1.7 million customers with a leading digital offering. BFS was the first Australian bank to offer lending and retail deposits on one core banking system.
Macquarie moves SAP core banking to AWS cloud
BFS uses SAP for its real time deposits and loans platform. It was implemented at Macquarie in 2015 on on-premise infrastructure and has served as a key foundation of Macquarie’s digital bank offering ever since. SAP Banking is the account master system for Macquarie’s home loan, transaction and savings accounts. BFS has experienced positive growth in its core segments in recent years, with BFS deposits up 21% in FY22, and its home loan portfolio rising 34% over the same period.
In May 2020, a core team of just 10 members commenced what would be an 18-month journey to migrate the SAP Banking platform to AWS. The team worked the bulk of the project remotely due to the pandemic, with members spread across four countries and time zones.
SAP Banking AWS Architecture
The migration of SAP to AWS provided the opportunity to rearchitect and leverage cloud to increase platform performance and resilience.
Key cloud architecture changes were:
- SAP application migration to cloud with the underlying infrastructure hosting environment and architecture optimised. Allowed for improved ownership of the stack and less reliance on external teams.
- Improved performance and resilience by utilising AWS capabilities – higher specification EC2 instances and additional Availability Zones.
- Upgrade and replacement of software and infrastructure components nearing end of life or end-of-support milestones.
- Improved operational backups, shared storage and resilience by using AWS managed services (Amazon S3 and Amazon EFS)
- Out-of-band backups made to a separate location.
Delivering the transformation with minimal disruption
SAP Banking platform overview:
- Six environments across Production and Non-Production
- On-premise infrastructure: 200+ hosts across 2x data centres
- Highly available, with Recovery Time Objective of 10mins and Recovery Point Objective of 0mins
BFS's goal was to migrate the SAP Banking platform to AWS with critical outcomes across two distinct phases:
- Migration event goals:
- 3.5 hour outage window – the criticality of the SAP Banking platform to real time systems for customers and internal staff meant it was vital the impact of the required migration outage was as minimal as possible.
- No impact to critical end-of-day reporting and data extracts – a significant number of downstream systems and time-critical batch processes rely on the daily feeds from SAP, so any impacts to these processes had to be minimised
- Clean shutdown/start-up transition – given the real-time nature of integrations with the SAP Banking platform, the migration activities needed to ensure data integrity was maintained during the shutdown and start-up transitions
- Maintaining a known state – during the migration, or in the event of issues/rollback, the data integrity of the platform had to be maintained as a priority.
- Cloud Operations goals:
- Operational readiness – once the platform was online post-migration it needed to be ready to handle business volumes from minute one.
- Furthermore, the teams supporting the SAP Banking stack needed to be able to support the platform across the breadth of BAU operational, change and incident management activities.
- Platform stability – the SAP Banking platform regularly would go hundreds of days without unplanned outages, so moving to public cloud the platform needed to reach or exceed these previous milestones.
Additionally, for the duration of the migration project, the test environments and the deployment pipeline to Production had to remain operational to allow continued delivery of customer features and business capabilities by the DevOps delivery teams.
Technology Replacement and Capacity Right Sizing
Macquarie’s SAP Banking platform was residing on hardware that was nearing end-of-life and support. Due to business growth, the platform was also beginning to near capacity limits of the existing hardware. Moving to AWS allowed a significant step-up to newer hardware, but also provided granular control to allow BFS to select the most optimal combination of compute, storage and network design for each component of the stack.
BFS tracks critical high-level metrics when monitoring the performance of the banking platform, including End-of-Day batch processing and API performance. Immediately following the migration to AWS, the following improvements were observed:
- End-of-Day batch processing window improved by ~20%.
- API performance – real-time integrations via APIs saw improvements of up to 20% (API dependant).
Secure, Automated Platform Governance
The infrastructure of the banking platform is defined using infrastructure-as-code, ensuring Macquarie has immutable systems that are rebuilt at least once every quarter. This rebuild also ensures operating system and database security patching is up-to-date. Rebuilding from code regularly also ensures any manual intervention and configuration drift that has been introduced are removed. Macquarie’s Cloud Governance Framework includes an ongoing assurance score-carding process to ensure risk and compliance is managed across all systems, at all times.
Infrastructure Flexibility & Elasticity
The flexibility and ease with which infrastructure can be modified and reprovisioned on AWS through BFS’s use of infrastructure-as-code has allowed the team to continue to experiment and tune multiple areas of the stack. Since operating on AWS, BFS has improved end-of-day processing by a further 20%.
BFS has continued to refine individual components of the infrastructure (e.g. increasing storage capacity, changing volume type, provisioning additional application servers) via what is now a regular cadence of infrastructure changes not previously possible with on-premise hardware.
BFS’ internal cloud deployment pipeline also simplifies the deployment of environments. Infrastructure development environments are rebuilt on daily. The continuous delivery pipeline triggers a suite of automated tests to validate hundreds of aspects of the platform, from network connectivity and infrastructure components, to running processes and connectivity between the SAP and database applications. This has enabled the team to increase the cadence of changes on the platform.
Improved Observability, Monitoring and Alerting
The increased observability of the platform and access to infrastructure metrics on AWS has given the BFS team even greater confidence in the the platform and allows the team to react before issues are encountered.
AWS’ flexibility to make granular decisions on all infrastructure components of the stack based on cost/benefit, has allowed BFS to reduce operational costs while significantly uplifting performance (e.g. shutting down non-Production environments after-hours, and scaling up specific systems when required to support Production-like non-functional testing).
Macquarie’s approach to Public Cloud
Macquarie has developed a cloud governance framework that implements a standardised deployment framework, CICD/infrastructure-as-code, automated security/compliance, and continuous assurance score carding.
Having worked with AWS for several years, BFS approached the migration of the SAP Banking platform as an opportunity to re-architect and modernise the infrastructure supporting the platform.
Three key principles drove the architecture on cloud:
- Infrastructure-as-code: Each SAP system across each environment is built from a common code base. This is based on the system and environment, and corresponding infrastructure with defined attributes – compute, disk, and network connectivity. Changes to infrastructure are managed as source code, which allows multiple engineers to work in parallel, peer review processes to be established and automated testing to validate results.
- Cattle over pets: Because of the continuous delivery pipeline and infrastructure-as-code, the infrastructure can be deployed as immutable. This allows the team to treat the infrastructure as disposable, and drives the behaviour that any changes required must be deployed through the pipeline, starting with the non-Production environments.
- Governance: The target architecture of the platform needed to maintain vendor-supportable design through all layers of the stack (SAP application, database, operating system). Additionally, given the significance of the SAP Banking platform, important additional risk, compliance and security controls were put in place for the architecture of the platform.
Approach to Delivery
Macquarie established a multi-disciplinary team of 10 dedicated to the migration to cloud. Aligned to BFS’ Enterprise Agile delivery model, the team worked iteratively throughout the 18 months to build out the infrastructure required to support the SAP Banking platform. This team was segregated from BAU support and development of the platform. As the cloud infrastructure gained maturity, the BAU support and development team were shifted to support test environments to gain confidence in operating on cloud prior to the production cutover on cloud.
The SAP Banking platform is made up of several SAP systems, so a decision was made early to focus on a non-business critical system first. This technical system would be migrated to cloud first and allow the team to establish the MVP architecture, then establish the cloud provisioning and operating model that would support the remaining business critical systems. This also allowed the team to understand operational changes and processes required to support the platform in Macquarie’s broader environment (e.g. cross-application integration, architecture/security stage gates, on-going risk and compliance management). The migration of the first non-business critical system took place around 12 months after establishment of the team.
Approach to Migration Cutover
Migration occurred during the early hours of a Sunday morning to minimise any impacts on customers and staff. The migration of the four business-critical systems was split in two parts, with the time-critical systems occurring immediately after end-of-day processing. The focus of the first stage of the migration was to get the time-critical systems online as quickly as possible to allow integrated systems to be reconnected. The second two systems did not become critical until Sunday’s end-of-day processing window.
SAP Banking Platform Migration Window
Migration took place early Sunday morning, across two phases, with an outage of only 3.5 hours.
How did AWS Help?
BFS established an early and regular operational cadence with the AWS Solution Architects. This allowed the BFS team to leverage AWS for guidance and validation of key architectural decisions as the project progressed.
Macquarie was also given early insights from the SAP Lens for the AWS Well-Architected Framework. The Framework provided SAP-specific guidance across the five Framework pillars — operational excellence, security, reliability, performance efficiency, and cost optimisation.
Closer to go-live, the AWS Infrastructure Event Management enterprise support team worked closely with the BFS team to execute the migration event smoothly for customers.
Unlocking greater performance and future growth
In the short term, the focus of the team will be across the following areas:
- Performance – as infrastructure changes are made, the existing system bottlenecks move to other areas within the application/database and infrastructure. There will be an ongoing effort to continue to optimise performance across all areas of the stack
- Automation – increase out the automated infrastructure rebuilds, test suite coverage, and automated health checks and dashboards
- Increased rate of change – the flexibility of the infrastructure will allow the team to support an increased cadence for teams delivering customer facing features and components on the SAP platform.
- Cost optimisation – continue to optimise infrastructure to reduce costs (e.g. scaling down infrastructure when not required, horizontal/vertical scaling in Production to more closely match demand)
Longer term, the flexibility of infrastructure will enable BFS to investigate the next generation of SAP Banking software to continue to support innovative customer experiences and continued business growth.
For a detailed overview of the migration to AWS, see the Macquarie Engineering Blog: https://medium.com/macquarie-engineering-blog/sap-core-banking-migration-to-aws-at-macquarie-c53e364fe7d9