Innovation from automated provisioning
Before engaging HashiCorp, Deutsche Bank entered a multi-year partnership with Google to accelerate the bank’s transition to Google Cloud. Embracing cloud infrastructure was not simply a technology decision, but the beginning of a new ethos for an innovative organization in a legacy industry. The bank planned to harness the cloud to redefine how it developed and offered its financial services for their customers.
With this new approach, leveraging the right technology, Deutsche Bank has adopted a disruptive mentality, as well as an architecture-less cloud, driven by the desire to accelerate developer velocity and break down silos along the way.
To harness the power of the cloud, Deutsche Bank’s cloud engineering team needed to operationalize, scale, and federate consumption of cloud resources. It would do so through automated provisioning, positioning internal infrastructure platform teams as enablers and evangelizers to value realization of cloud consumption.
Accelerating cloud adoption in one fell swoop
Keith Kemsley, Deutsche Bank’s head of cloud services delivery, recognized the gravity of their cloud journey. “It was an enormous challenge, accelerating cloud adoption,” Kemsley and the newly formed platform team, which included head of cloud product, Jeremy Crawford; and Thomas Chalmers, cloud engineer, began deliberating the merits of open-source and proprietary approaches.
Three years prior to this, a pioneering team explored Azure cloud using GitLab and the open source version of HashiCorp Terraform. The attempt was Deutsche Bank’s “cloud v1” initiative: building applications on the cloud without scalable principles. The team wanted to get Deutsche Bank to “cloud v2”: using the cloud as a platform to deliver shared services to autonomous teams.”
“We knew that to succeed we’d need some sort of policy as code,” says Crawford. “We needed a paradigm shift that allowed full autonomy.”
This paradigm shift would see Deutsche Bank move away from the incumbent operating model for traditional infrastructure services, and adopt a new target operating model, the Cloud Operating Model. Eliminating a piecemeal approach, service-by-service enablement process. Leaving no room for bottlenecks to emerge, inherent with traditional infrastructure services. The change would allow autonomy, while maintaining guardrails and control for robust data privacy and security. The platform team weren’t so much solving a problem as they were answering a question:
“How do we create and build our platform around Google’s Cloud Platform?”
Standardize on infrastructure deployment to allow for scale
Create an environment to foster innovation at speed, while upholding and exceeding even, security and compliance that is reflective of the highly regulated financial industry
Adopt the path of least disruption when migrating workloads to the cloud, embedding security in the process
Accelerate the velocity of application delivery by empowering developers to autonomously provision cloud resources, enabled with the right guardrails in place
Demonstrate org-wide visibility in assured cloud governance using infrastructure as code with audit logging
Pre-built ‘landing zones’ safely guide developers
To guide its new approach, Deutsche Bank’s platform team outlined core principles to simplify processes for engineering teams with an “everything as code” approach, automation, governance, and federation.
With these principles, the team crystallized a concept for the “cloud v2” paradigm. Very shortly thereafter, “a mass of application teams and developers were waiting at the gate to onboard” The platform team had to quickly orchestrate a way through the gate and into GCP, in a way that ensured developers could safely use cloud resources autonomously.
The solution was landing zones — Google Cloud resources that internal application teams could provision safely. The feature set of HashiCorp Terraform Enterprise and Sentinel enabled the envisioned landing zone approach.
“We just couldn't see a path forward with open-source tooling that would get us to where we needed to go, with our aggressive timelines,” says Crawford.
With HashiCorp Sentinel, the aptly named policy-as-code framework, the cloud platform team quickly created a library of Terraform infrastructure modules backed by standardized policies governing the way in which application teams would use those modules. This security-first approach helped get the platform team out of the way. Once through the gate, developers had the authority to deploy infrastructure as they saw fit, without reengineering each project from scratch. Because Deutsche Bank jumped straight to Terraform Enterprise, it didn’t have to migrate open-source functionality to Google Cloud Terraform Enterprise made it easy to federate out that solution.
Within six months, the team created its first infrastructure landing zone. Three months later, it opened the doors for application teams to onboard.
Partnership and standard workflows forge success
“One thing that’s been a differentiator has been the engagement and partnership between HashiCorp and Deutsche Bank, built over the course of the project,” says Kemsley. “The relationship we established allowed us to move fast, to help pilot products and work with key HashiCorp resources including the management team and founders to develop a strategy”.
This seat at the table enabled a mutually beneficial relationship, wherein Deutsche Bank could share ideas, concerns and issues and see that feedback reflected in HashiCorp’s release cycles.
HashiCorp also held regular solution sessions, where it trained more than 1,500 engineers in the use of Terraform Enterprise. As Crawford pointed out, “HashiCorp was able to answer questions specific to the Google Cloud rollout. The team also understood day-to-day problems not necessarily related to Terraform Enterprise implementation.”
As a result of the relationship and trust between the two companies, more than 3,000 Deutsche Bank developers have direct access to the bank’s cloud platform, where they’ve deployed more than 200 applications.
“As one of the principle cloud platform engineers, [of the Deutsche Bank Google Cloud platform],” Chalmers noted, “You are able to write the Terraform IaC to create cloud resources, as well as contribute to the policy and standards, that are published to our trusted private module registry”
“That’s a paradigm shift.”
And though the primary focus has been on cloud v2, Deutsche Bank is a hybrid organization. Because of the success using Terraform Enterprise to speed cloud adoption, the bank intends to review more HashiCorp products to solve additional common problems that exist, especially given the increased focus on Hybrid.
Reduced time to market of capabilities to service banking customers
Enabled application teams to autonomously create new capabilities and offerings for internal customers
Moved away from a legacy operating model tied to traditional financial services industry approaches to create more developer autonomy and cloud focus
Set up self-service infrastructure for application teams
Broke down resource silos between engineering teams
Deutsche Bank adopted HashiCorp Terraform Enterprise to spur innovation, using pre-built, standardized cloud landing zones. Using Terraform Enterprise enabled faster cloud adoption and accelerated delivery for Deutsche Bank application teams, improving the services the bank offers to external banking customers.
Keith Kemsley Head of Cloud Services Delivery Deutsche Bank
For over 25 years, Kemsley has worked across the financial, retail, and government sectors, leading global IT infrastructure teams (on- and off-shore) and developing strategy. Prior to his IT career, he spent 12 years in the armed forces.
Jeremy Crawford Head of Cloud Product Deutsche Bank
For the last 8 years, Crawford has focused on building cloud and container platforms up from nothing. He has done so in all cases as a senior engineer/agile product owner at inception, progressing to a broader product management role, once established. The current Google Cloud Landing Zone Platform is the most ambitious to date.
Thomas Chalmers Assistant Vice President Cloud Engineering Deutsche Bank
Thomas is a full-stack software infrastructure engineer. He is currently engineering and supporting solutions to consume Terraform and Google Cloud at an enterprise scale.
- Google Cloud
- Version control::
- Terraform Enterprise
- Configuration management:
- Terraform Enterprise
- Security management:
- Terraform Enterprise with Sentinel
Take the next step
Learn how we can help you scale cloud success across your enterprise.