How One of The Netherlands’ Largest Banks Came to CI/CD
Wiebe de Roos, a continuous integration/continuous deployment (CI/CD) consultant and engineer for ABN Amro, one of The Netherlands largest banks with over 22,000 employees, joined the company when the bank was beginning its shift to CI/CD through its DevOps/DevSecOps initiative. The reasons management decided its developer teams needed to make the shift included late deliveries and less-than-stellar innovation on the application front. “The teams were not really mature,” said Roos who runs a consulting firm called Business IT Nerds that aligns business and IT related projects from a CI/CD and DevSecOps perspective.
Today, Roos says ABN Amro’s CI/CD processes underpinned by its DevOps and DevSecOps. The result: “Automation and compliance are now rolled out as part of the CI/CD processes to cope with the market changes,” Roos said. “And now we see a big acceleration, because of course of containers, which are now also being adopted.”
In this edition of The New Stack Makers podcast recorded during the KubeCon + CloudNativeCon conference held in Barcelona at the end of May, Roos was joined by ABN Amro’s secure coding and AI team lead Dominik de Smit. They spoke with the host, Alex Williams, founder and editor and chief of The New Stack, about ABN Amro’s CI/CD, DevOps and DevSecOps journey. They also discussed the tools the development teams use, such as those Twistlock provides for containers and cloud native security, and how they have also played an essential role in meeting the real-world development, operational and security challenges they face.
One of the major goals, of course, was to channel CI/CD to boost speed in deployment delivery to undergo cultural changes so all DevOps teams got up to speed for software development. “There were a lot of legacy applications that needed to be adjusted — and it’s much easier to do that in a simple fashion and with small applications and teams and quick iterations, Roos said.
In the way of tools, Jenkins played a major role in streamlining the development process among 350 to 400 teams, working with Jenkins, Roos said. Roos described how, when he joined the company, there were only a couple of Jenkins servers in use. “And as more teams became mature with CI/CD and their pipelines and their Jenkins jobs, we needed to add more servers every month. Everything was based on VMs and it took a very long time to add more servers,” Roos said. “Servers we’re overloaded lots of teams were deploying on one server. And a whole bunch of configuration conflicts arise because we have so many different teams which specific needs.”
ABN Amro’s production pipeline server overloads are now a thing of the past. “And I can say I’m very proud of this: Jenkins on-prem is a [thing of] the past,” Roos said.
DevOps and DevSecOps culture served as the key component in the teams’ achieving the necessary maturity and standardization goals. “Because of this Jenkins transformation, we could suddenly also offer standard pipelines,” Smit said “And what I mean by that is we have a team creating these pipelines, where we can actually really easily implement, for example, security checks in them. So then, we can deliver a pipeline to the team and the team doesn’t have to configure it by themselves.”
If each team had used different orchestrators or pipelines, “it would be really hard for us to manage it,” Smit said. “And so, this was one of the great drivers behind our DevSecOps maturity. At some point, you have to start with standardization, because otherwise, it will be really difficult.”
In this Edition:
1:17: What is ABN Amro
4:53: Jenkins use.
9:05: Maturity model.
14:10: Determining which tools have the best fit.
18:57: ABN’s maturity model for DevSecOps.
25:08: How ABN Amro uses Twistlock for container security.