Modernising legacy systems for a future-ready banking experience

Modernising 40-year-old legacy systems

Faced with the challenge of modernising a four-decade-old home loans legacy system built on Mainframe, Cobol, and DB2 technologies, the client aimed to improve user experiences and future-proof their business. By leveraging a Microservices architectural approach and a modern frontend framework, iOCO delivered a comprehensive modernisation without disrupting daily operations, ensuring seamless integration and enhanced functionality.

Solution architecture approach

Our solution architecture was strategically divided into three layers: experience, digital business services, and enterprise integration.

Experience layer:

API-First Design Adopting an API-first approach, we prioritised APIs as primary products. This shift from backend support to creating APIs that offer standalone value ensured robustness, comprehensive documentation, and user-centric design. This strategy facilitated seamless integration for internal developers and external partners, driving innovation and efficiency.

Digital Business Services layer:

Microservices with Spring Boot, we utilised a microservices architectural approach, developing independent services that communicated through well-defined APIs. Built using Spring Boot, each microservice benefited from a convention-over-configuration model, extensive library ecosystem, and simplified deployment. This modular approach enabled rapid development and scalability, ensuring resilience and agility.

Enterprise Integration layer:

Abstraction of Core Banking Services At this layer, we implemented a robust abstraction layer to interface with downstream and core banking services on the mainframe. This layer acted as a mediator between modern, agile applications and essential legacy systems, ensuring smooth operations and future scalability.

Security

Security was integral to the design, especially given the financial nature of the data processed. We followed the Zero Trust Principle, ensuring that we never implicitly trust any request, and always verify each request at every architectural layer. We implemented robust security measures using OAuth with authorisation code and Proof Key for Code Exchange (PKCE). Claim-based authentication was achieved through JWTs, and each microservice utilised Spring Security to secure incoming requests. Role-based access control was enforced and needed to be dynamic, ensuring each endpoint's security and accessibility was configuration-driven.

Given the complexity of the client’s security requirements, such as different JWKS for various user profiles, we extended the TokenAuthenticationManagerResolver to meet these needs. This involved checking the Key ID claim in each token to determine the appropriate JWKS for decoding, demonstrating deep expertise in Spring Security.

Key Technologies Used

- Frontend: Angular for dynamic and responsive user interface.
- Backend: Java Spring Boot for microservices development.
- Security: PingIdentity Authorisation server coupled with Spring Security for secure endpoints and advanced authentication and authorisation.
- Cloud Infrastructure: AWS ECS for deploying containerised microservices, AWS X-Ray and CloudWatch for monitoring and tracing, RedisCache for efficient caching, and DynamoDB for scalable NoSQL database solutions.

Project Highlights

- Seamless Integration: Modernised a legacy system without disrupting daily operations.
- API-First Design: Focused on creating robust, well-documented APIs that deliver standalone value.
- Microservices Architecture: Utilised Spring Boot for efficient development and deployment of independent services.
- Robust Security: Implemented advanced security measures, ensuring the protection of sensitive financial information and compliance with regulatory requirements.
- Cloud Deployment: Leveraged AWS ECS, X-Ray, CloudWatch, RedisCache, and DynamoDB for scalable and efficient cloud infrastructure.