Shulou(Shulou.com)06/01 Report--

This article collates the speech from the "TF Chinese Community Establishment and the first full meeting". Click to download the slide document. Https://tungstenfabric.org.cn/assets/uploads/files/financial-case-ztcloud.pdf

Zhang Peng, general assistant of Shenzhen Securities Tong Financial Cloud Research and Development Center

Good morning, everyone! I am Zhang Peng from Shenzhen Zhengtong. I am honored to have the opportunity to share with you the application of open source cloud in the financial industry.

First of all, let's introduce the situation of Shenzhen Zhengyun. Our company is Shenzhen Securities Communications Co., Ltd., founded in 1993, mainly provides market, trading and clearing communication services for Shenzhen's securities market, as well as comprehensive IT services for China's financial and securities institutions.

Since 2013, with the rise of the wave of cloud computing, we have begun to build an industry cloud, mainly to provide cloud services for China's financial and securities industry. Our four basic principles are openness, neutrality, professionalism and compliance.

Opening up mainly means that we embrace the technical route of open source and create an open ecology; neutrality means that the company has the credibility of the industry and maintains the neutrality of the business as an independent third party; specialization means that we focus on this industry with more than 20 years of financial and securities IT service experience. Compliance means that we comply with the regulations of regulators such as the Securities and Futures Commission, while using professional services to help our cloud customers do business compliance.

We are mainly based on the open source technology system, using the familiar OpenStack, computing virtualization KVM, and then distributed storage using Ceph,SDN also uses TungstenFabric. Now we are doing the research and development of container cloud services based on K8S. The above BSS business support system, as well as CMP's multi-cloud management, OpenAPI, and data call interface, are all self-developed based on the framework of Java.

After more than six years of development, we have gradually built a stable and secure infrastructure platform based on the open source technology system. At the same time, we have combined Hang Seng, Golden Certificate and other ISV to provide related products and services to our cloud tenants, mainly including IT basic resource outsourcing, disaster preparedness development and testing, market cloud, etc.

The community includes many customers. Let me give you three examples of application scenarios.

The first example is the core regulatory body, such as the China Securities Fund Industry Association. If you sign up for the securities qualification test, the test system you visit is located on the Shenzhen Stock Exchange Cloud.

The second example is the brokerage. Now people use their mobile phones to browse the stock market and look at the curve of the stock market. Many brokerages put the market system on our Shenzhen Securities Cloud, because Shenzhen Securities Cloud has data center nodes all over the country. It is convenient for their users to access nearby.

The third example is some public and private funds, mainly public and private offerings raised in recent years. In order to shorten the period of applying for a license, they will choose cloud services and use our company's professional cloud services to obtain licenses quickly.

What are the characteristics of Shenzhen Securities Cloud as an industry cloud compared with public clouds such as Tencent Cloud and Aliyun? I would also like to talk about three aspects.

The first point is that cloud tenants can not only have traditional cloud hosts, cloud disks, cloud networks, etc., but also apply for physical machines and professional storage within their own VPC. Because in the financial and securities IT industry, many core systems are still running on Oracle, to IOE still needs a process.

Second, Shenzhen Securities Cloud has the advantage of professional network structure. after cloud tenants join our Shenzhen Securities Cloud, they can quickly access the industry network and connect to core institutions, such as Shenzhen Stock Exchange, Shanghai Stock Exchange and Stock Exchange.

Third, we will work with security vendors such as Shenxin, Green Alliance and 360 to build a security resource pool with them, so that cloud tenants can continue to use the cloud security products they are familiar with, but this product exists in the form of virtual machines.

In the last year or two, we have also launched a private cloud solution, which mainly provides customers with a dedicated cabinet to achieve natural physical isolation, and then customize their hardware solutions and network solutions based on their needs.

Then the private cloud also gives you two scenarios. By 2020, the central bank will lift the restriction on the futures shareholding ratio of foreign-funded securities funds. Now some foreign-funded funds are contacting us. They are very interested in the private cloud model because it can be customized. They can use familiar security equipment, network equipment, and their own architecture.

And then there is disaster preparedness. In 2019, the CSRC issued the measures for the Administration of Information Technology of China's Financial and Securities operating institutions, which made clear requirements for the disaster preparedness capacity of operating institutions. Now brokerages and fund companies are also interested in private cloud solutions, because they can do disaster preparedness in the same city or in different places based on private clouds.

After six years of development, we have gradually formed an industry cloud computing center with national layout and nearby services. There are not only our own data centers, but also leased ones, such as the computer rooms of the operators in Langfang, Chongqing and Suzhou, and now there are thousands of servers.

Among them, the largest TF network SDN node is located in the southern information technology center of China's securities and futures industry, using TF's SDN network scheme.

Let's ask the GM Eugene Huang of Mirantis China to introduce the specific technical architecture.

Huang Zi-U, General Manager of Mirantis China

Thank you, Mr. Zhang. I am Huang Zi U from Mirantis. I have been working in Silicon Valley in the United States for about 20 years. It gives me great pleasure to share with you the cooperation between Mirantis and Shenzhen Zhengtong.

Since its establishment in 2012, Mirantis has been contributing to the open source community, joined OpenStack in 2013, worked closely with Juniper in 2014, and chose their Contrail solution, which is now Tungsten Fabric.

Mirantis's customers are mainly operators, including AT&T in the United States, as well as operators in India and Australia, as well as working with Apple computer, Volkswagen and other companies to provide services in some scenarios.

Why choose open source cloud architecture? Because it is autonomous and controllable and has a rich ecology. The upper layer has BigData, DBaaS, Containers, PaaS, CMP and so on. In the middle is what we provided, at that time it was just OpenStack and bare metal, now it also supports Kubernetes. There are also many different partners at the lower level, and you can choose different infrastructure at will.

At that time, the cloud built with Shenzhentong was based on Fuel products for deployment and operation and maintenance, and toolchain; including some LMA also included HighAvailability; network that chose Open Contrail (TungstenFabric). Storage was distributed using Ceph, and also docked with commercial versions of SAN;Wordload, including Murano and Sahara.

Then why choose Contrail? At that time, our network experts did some research on all the SDN in the market and used those conditions to select the model. After various aspects of evaluation, we think that Contrail is a SDN with the best stability and availability at that time. It supports high availability, can be scaled out, and is rich in features. Service Chaining and NetworkPolicy are also scenarios that some of our major customers need. Open source, and it is a software solution, and there is no vendor lock. Especially for operators, this is a great pain point, but also to meet the application scenarios of deep proof at that time.

The design of our Underlay network architecture. There are IP-CLOS architecture, OSPF as the routing protocol of Underlay network, ECMP to achieve overload balance of available links, and so on.

In terms of storage, we use Cinder backend, which means multiple storage, which is divided into different resource pools. Pool with SAS is implemented in Ceph, and most of them are solved. There are some high-performance ones, so we chose SSD's pool. We also docked a SAN Storage pool to solve some business scenarios.

Next, ask Yang Yu to introduce the specific application scenarios.

Yang Yu, representative of Chinese community technicians in Tungsten Fabric

To introduce myself, I am the technical representative of the TF community, doing the promotion and operation of the community, including the preparation of our Chinese community.

Just now I mentioned the regulatory requirements of the securities cloud industry. The SFC hopes that the IT infrastructure of securities firms will be prepared for disasters. Then we propose a disaster recovery cloud service from the perspective of Shenzhen Zhengtong, so at the network level, we need a SDN solution to support multi-cloud interconnection. Shenzhen Stock Exchange disaster Preparedness Cloud currently has a main cluster in the southern data center of the securities fund industry in Fenggang, Dongguan, and Beijing has also deployed a disaster preparedness cluster to form a disaster preparedness cloud solution, which is also connected to multiple clouds through Contrail.

How exactly did it come true? It is mainly based on an underlying technology of Contrail, which is known as MPLS. First of all, we can see that the customer has a network that can span two data centers. Then he only needs to route his tenant's network, the corresponding RT of VRF, and the RT of VRF of another data center to do the corresponding routing interaction, then he can realize the interaction of L2 or L3 of layer 2 or layer 3, and realize the connection of the whole tenant network. It is also naturally compatible with the MPLS backbone network of operators, which is the advantage of Contrail and is also a typical application scenario.

Another large application scenario is the interconnection of physical machines VLAN and VXLAN. Boss Zhang also mentioned just now that there are a large number of Oracle applications in the financial industry, and the requirements for disk IO performance are relatively high. Now most Oracle servers are running on physical machines. Our tenants are in the cloud, how to achieve unified tenant experience management and unified isolation between a virtual network of the cloud and a physical network of tenants? As a matter of fact, there is a corresponding scheme in TungstenFabric. In the past, we used the scheme of OVSDB, but now we have the scheme of Epigments * VXLAN.

In the original OVSDB scheme, through a switch that supports OVSDB, the VLAN of the physical machine can be converted into VXLAN on the switch, and there is a bridge of L2, which realizes the communication between a virtual machine of the cloud tenant network and a layer 2 communication of the physical machine, which also ensures that the whole physical machine is isolated from the network, and the virtual machine of the network is a fully connected scene. Now this scenario also has a large number of applications in Shenzhen Zhengtong, about a hundred physical machine database nodes through TF and virtual machines to provide such a scenario service.

The last point is flexible network access. Compared with other public cloud platforms, Shenzhen Stock Exchange's network actually has more requirements, and it needs to interconnect with Shenzhen Stock Exchange, Shanghai Stock Exchange, Stock Exchange networking and financial data exchange platforms. At the same time, as a tenant of the financial cloud, he also has the need for interconnection between the cloud and his own private cloud, including direct connect access, or layer 3 access. Even tenants need to provide corresponding Internet services through the Internet. TF provides a good and flexible access choice through MPLS technology.

At the same time, we can see that we will connect with the Shenzhen Stock Exchange and the Shanghai Stock Exchange. in fact, there will be a special scenario in the financial industry, that is, the scenario of supporting high-frequency Level 2 market data through multicast. In fact, when we were doing technology selection at that time, we also saw that TF supported the transmission of multicast in the SDN virtual network.

Thank you!

Follow Wechat: TF Chinese Community

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.