Temenos On Aws [PDF]

Zitiervorschau

Temenos T24 Transact The core banking solution from Temenos uses AWS managed services to provide security and elasticity with low maintenance overhead.

AWS Cloud

1 Amazon Elastic Container Registry AWS WAF

AWS Shield

AWS Secrets Manager

Amazon CloudWatch

2

2

3 Elastic Load Balancing

Amazon API Gateway

Amazon ECS Application Containers 3

Amazon MQ

Amazon ECS Application Containers

Relational Database

4

4

1 Amazon Kinesis

5

5

6

6 Amazon Route53

AWS Lambda

Amazon DynamoDB

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS Lambda

AWS Reference Architecture

Access to T24 is controlled and monitored through the Amazon API Gateway. AWS Security services such as AWS Web Application Firewall (AWS WAF) and AWS Shield provide security at the perimeter. OLTP transactions are handled in scalable, containerized application processes running in Amazon ECS. For a relational database, you can use Amazon Relational Database Service (Amazon RDS) for Oracle or you can use NuoDB (which runs in containers). Events from selected topics of Kinesis Streams are ingested into Amazon DynamoDB tables using AWS Lambda. Read-only requests are served from query optimized Amazon DynamoDB tables through AWS Lambda.

Temenos T24 Transact VPC & Networking Architecture AWS Cloud

1

AWS WAF

AWS Shield AWS Certificate Manager

AWS Secrets Manager

Amazon Elastic Amazon CloudWatch Container Registry

VPC 1

Amazon API Gateway

VPC

Branch Users

2

3 Endpoint

Endpoint

Endpoint

Endpoint

Network Load Balancer

4 TCIB

Application Load Balancer

3

AWS Fargate

AWS Fargate Users

Amazon S3

TCMB

Amazon RDS

T24

Amazon MQ APIs

UXPB

T24

Browser

T24

Endpoint

T24 Endpoint 2 AWS Lambda

Amazon DynamoDB

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS Lambda

Amazon Kinesis

AWS Reference Architecture

4

Access to the VPC is available only through AWS PrivateLink (see the Availability Zones Architecture diagram on the next page). Amazon API Gateway private endpoints can be used for secure on-premises access through a VPN or AWS Direct Connect. AWS services are accessed from the VPC through endpoints, which removes the need for internet access. You can run your containers in an AWS service managed by Amazon Elastic Container Service (Amazon ECS). In this diagram, the containers run on AWS Fargate. You could also run your containers on Amazon Elastic Compute Cloud (Amazon EC2), or a combination of both AWS Fargate and Amazon EC2.

Temenos T24 Transact Availability Zones Architecture VPC

Availability Zone A

1

Private Subnet AWS Fargate

AWS Fargate

4

5 TCIB

UXPB

APIs

Auto Scaling Group

TCMB

Browser

Amazon MQ Active

2

T24

T24

Amazon RDS Primary

AWS Service Endpoints

T24

3 AWS PrivateLink

Network Load Balancer

2

APIs

TCMB

UXPB

Browser

Amazon MQ Standby

T24

T24

T24

Amazon RDS Standby

AWS Service Endpoints

Private Subnet Availability Zone B 1

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS Reference Architecture

Amazon MQ active-standby provides high availability. You can also use a network of brokers for fast reconnection.

3

Amazon RDS Multiple Availability Zones enhance database availability.

4

All container services use auto-scaling.

5

T24 can control the scaling of its own services based on predicted demand.

Application Load Balancer

TCIB

This architecture diagram shows two Availability Zones, but the architecture can be extended to three Availability Zones.