About Us

Citrus Consulting Services is the Consulting and the Transformation Services arm of Redington Gulf.

Sunday – Thursday: 9:00AM–6:00PM (Sales), Sunday – Saturday: 24×7 / 365 (Support) E.O#3, Ground Floor, Building 01 Dubai Internet City, P.O Box 501 761 Dubai, UAE (+971) 04 516 1500
(+966) 11 462 5323
info@citrusconsulting.com
Image Alt

First Ever Core Banking Infrastructure on AWS for African Export – Import Bank

Customer Introduction

Having a vision to be the Trade Finance Bank for Africa and missioned to stimulate a consistent expansion, diversification and development of African trade, while operating as a first class, profit oriented, socially responsible financial institution and a center of excellence in African trade matters, Afreximbank is a UN affiliated Pan-African Multilateral Financial institution headquartered in Egypt. The bank works towards promotion of intra and extra African trade. The Bank is one of the largest Financial Institutions in the African Region and the single largest B2B bank in Africa.

Citrus Consulting Services Disrupts the Use of Legacy System by Implementing First Ever Core Banking Infrastructure on AWS in the Region.

Challenge Overview

Afreximbank encountered the following challenges which inclined them to evaluate and leverage public cloud platforms

  • Afreximbank had a primary requirement of a decentralized system thereby making their IT infrastructure highly available, secure, reliable, scalable and cost effective.
  • Afreximbank was inclined to transition from a CAPEX to an OPEX model in terms of expenditure. This helped allay their concerns for a large upfront acquisition because of various constraints
  • Afreximbank also had a requirement of a pliable platform which can facilitate operating system, programming language, web application platform, database, and other services needed for hosting a custom banking application in no time.
  • Afreximbank also had a critical requirement of hosting applications in multiple availability zones in order to ensure load balancing and business continuity.
  • A requisite of a robust and reliable disaster recovery setup in case of any unprecedented circumstances due to the encounters previously faced

Solution Overview

Afreximbank’s infrastructure is running on AWS Cloud while leveraging multiple services of AWS like Elastic Compute Cloud to house the various VMs designated for different operations and applications of Afreximbank and provide secure and resizable compute capacity in the cloud.

Each EC2 instance is attached with the Elastic Block Storage Volume which is a highperformance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. This duo of EC2 instances and EBS Volumes resides safely in the AWS Virtual Private Cloud which provisions a logically isolated section of the AWS Cloud where the resources were launched in a virtual network defined. There were primarily 2 subnets created, a public and a private subnet which in turn included different subnets for various applications and grouped VMs.

Afreximbank also used various other services of AWS like CloudTrail which is a service that enables governance, compliance, operational auditing, and risk auditing along with a service for monitoring and observability named Amazon CloudWatch. Amazon Relational Database Service (Amazon RDS) was used to set up, operate, and scale a relational database in the cloud hence providing cost-efficient and resizable capacity while automating timeconsuming administration tasks such as hardware provisioning, database setup, patching and backups. Along with RDS, Amazon Simple Storage Service (Amazon S3) was used which is an object storage service offering industry-leading scalability, data availability, security, and performance for the static contents of the application.

An Elastic Load Balancer was used to distribute incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions handling varying load of your application traffic across multiple Availability Zones. Amazon Elastic Container Service (Amazon ECS) which is a fully managed container orchestration service was used to run the most sensitive and mission critical applications because of its security, reliability, and scalability. Along with the above services, Amazon ElastiCache was implemented thereby allowing Afreximbank to seamlessly set up, run, and scale popular open-Source compatible in-memory data stores in the AWS cloud.

AWS Elastic Beanstalk was also used for the infrastructure architecture of Afreximbank for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. Along with the above-mentioned services, AWS CloudFormation was used to model and provision AWS and third-party application resources in the AWS cloud environment. AWS Lambda was used to run the application or backend service code without provisioning or managing servers as an optimization strategy for managing costs and paying for only the consumed compute time.

Apart from the above functional services, AWS Identity and Access Management (IAM) was used for the security purposed which enables Afreximbank to manage access to AWS services and resources securely. Using IAM, they can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources along with AWS Virtual Private Network (AWS VPN) to establish a secure and private encrypted tunnel from Afreximbank’s network or device to the AWS global network.

The resolution to the mentioned challenges was rendered via meticulous infrastructure designing phase with continuous communication with the concerned point of contact. Such customized infrastructure designs were created using numerous services of AWS which were compliant with both internal and external standards.

This was followed by the deployment phase post the concerned approvals. The deployment of High-Performance Computing Systems were distributed across multiple Availability zones, to ensure zero downtime and fault tolerance in real time. One such classic example of such a secure and fault tolerance system was the high-end connectivity establishment using AWS Direct Connect, whilst ensuring administration to the Core banking solution.

Benefits Delivered to Customer

  • Considerable slack in the overall cost of operations for Afreximbank.
  • Complete and successful Alpha. Beta and User Acceptance Testing of the entire infrastructure on AWS in order to check the functionality of the entire system as a whole.
  • Ensuring 100% business continuity of the applications and operations of Afreximbank, ensured through quaterly DR drills.
  • Successful implementation and testing of failover and failback in the Disaster Recovery scenario.
  • Meticulous analysis and rigorously performed stress testing for the application and infrastructure.
  • Perform security vulnerability assessment of the application and infrastructure to analyze any penetration points.
  • Lowest TCO for the infrastructure implementation and application setup was achieved.
  • Embedded Inline threat and data loss prevention into core banking application
  • Automated and Manual Endpoint Detection and Response to protect the critical infrastructure was implemented.
  • Achieved 100% successful alpha, beta, user acceptance and stress test scenarios and subsequent cases
  • Achieved 0% penetration points for the application and infrastructure.
  • Ensuring 100% business continuity for Afreximbank through 24/7 Managed Support Services by Citrus Consulting Services.