Shulou(Shulou.com)06/02 Report--

Editor's note: From cloud computing to edge computing, Jiuzhou Cloud always believes in "open source·enabling change." Over the past seven years, Jiuzhou Cloud has continuously broken through and surpassed, creating one wonderful enabling story after another with open source technology. In October 2019, Jiuzhou Cloud "Enabling Story" series was officially launched. We will use classic customer case stories to show you different Jiuzhou Cloud products and different Jiuzhou Cloud services. ***

Once upon a time, stocks were a means for people to get rich and get rich overnight. At that time, people used counterfeit boxes to hold physical stocks. A large number of shareholders needed to use sacks to hold physical stocks to the exchange for transfer procedures...

Once upon a time, people who handled transactions needed to queue up at the window. From a distance, they looked like "long queues." The scene was very spectacular. At that time, the trading work required a lot of manpower to complete...

Once upon a time, China's securities industry was in a bear market. At that time, telephone entrustment and online trading replaced the traditional trading mode. IT engineers of securities firms "kept running" to major cities to investigate the transactions and system operation of business halls of their brokerage companies, and expanded the corresponding IT systems one round after another...

Now, for Huajin Securities, those days are gone forever.

Huajin Securities Co., Ltd.(hereinafter referred to as "Huajin Securities") was formerly Shanghai Jiulian Securities Brokerage Co., Ltd. established in September 2000, and then experienced a series of matters such as introduction of war investment, capital increase and share expansion, share restructuring, etc., and officially renamed Huajin Securities in December 2016. As a comprehensive securities company with full license, Huajin Securities 'business scope covers securities underwriting and sponsorship, securities asset management, securities brokerage, securities self-operation, alternative investment and many other fields.

At present, Huajin Securities business mainly relies on stock options, Shanghai-Hong Kong Stock Connect, futures, private placement, bond investment, new third board, investment bank and other sectors, focusing on "three engines + two supports," namely: With fixed income, asset management and investment banking as the leading business, brokerage (including margin trading) and research and sales as the core supporting business, based on the financial commanding height of Shanghai, relying on the location and policy advantages of Zhuhai Hengqin, we want to walk out a diversified and international road through innovation and the development direction of Internet finance. However, the innovation road of securities enterprises is not easy to walk.

"Anxiety" brought by "Internet +""Breaking the situation" with private cloud "

Around 2016, the concept of "Internet +" triggered a national carnival. The so-called "Internet +" means "Internet + various traditional industries," but this is not a simple addition, but the use of information and communication technology and Internet platform to deeply integrate the Internet with traditional industries and create a new development ecology. As the leader of the financial industry, securities are naturally pushed to the tuyere of "Internet +." Many companies have moved some businesses online, such as online account opening and online financial shopping malls. Huajin Securities also continuously uses the latest technology to upgrade products and businesses under the wave of "Internet +," thus improving user experience.

However,"Internet +" is like the positive and negative sides of a coin, bringing good experience to users, but also putting forward new requirements for the technical architecture of the industry: challenges such as faster and faster product iteration and unpredictable peak trading volume require securities enterprises to use IT technology to improve their informatization level as soon as possible. At this time, cloud computing is undoubtedly the best choice.

Why is cloud computing optimal? Some data show that around 2016, cloud computing gradually accelerated to the traditional industry represented by the financial industry ***, and the number of enterprises applying private cloud IaaS in the securities field increased year by year. Accelerating system launch, reducing costs and improving operation and maintenance efficiency are the main driving forces for them to build private cloud.

In the face of such a situation, Huajin Securities, in combination with its own business characteristics, decided to carry out internal private cloud construction under the idea of adopting new technologies to accelerate business development in a small scope in Shanghai. With the rapid development of cloud computing, the three-dimensional financial service platform needs a strong back-end support platform, especially for Huajin Securities, which is rapidly developing in the field of financial investment data services.

The road to private cloud construction is difficult

At that time, Huajin Securities carefully tested and compared the existing cloud platform services at home and abroad, involving many aspects such as economy, autonomy and controllability, future development trend, etc. After comparison, it finally chose to adopt OpenStack technology route to build private cloud. Huajin Securities hopes to build a securities private cloud with industry characteristics through a gradual cloud strategy and an open technical architecture, so as to provide a complete and efficient financial IT service capability for the Group.

Private cloud platforms need to carry multiple tasks: providing a complete set of IT infrastructure and basic IT resource management systems for IT operation and maintenance departments, providing cloud platform standard interfaces for IT developers and third-party solution vendors, and providing application data services for internal business personnel and external customers. The entire cloud platform should conform to the future construction standards of cloud computing from the architecture, providing standard external interfaces and scalable capabilities. For Huajin Securities, it is difficult to build such a private cloud platform:

First of all, in terms of deployment and expansion of cloud platform, Huajin Securities will build cloud platform for Internet financial business, and how to provide software services and infrastructure services required for Internet financial business development for financial industry through this platform;

Secondly, in terms of customized development services, how to shorten the system development cycle, realize rapid iteration of products, and meet market needs and user experience to the greatest extent;

Thirdly, in the aspect of billing and metering, how to carry out on-demand billing and metering according to the usage of customers, and realize elastic resource supply on demand;

Finally, in terms of high-standard O & M support services (SLA:99.99%), how to ensure that each compute node and control node reaches 99.99% availability during the transaction period.

In addition to the above difficulties, Huajin Securities also lacks professional technicians to deal with the problems existing in the daily operation and maintenance management of cloud platform.

Build a robust private cloud platform based on Jiuzhou Cloud Solution

In order to solve the above problems, Huajin Securities found Jiuzhou Cloud. According to the construction cost, open architecture and problems faced by Huajin Securities Cloud Platform, Jiuzhou Cloud provides a set of efficient solutions: from physical layer, virtualization layer, management layer, business layer, operation and maintenance monitoring layer and user level, it is managed on the basis of OpenStack core components, and helps Huajin Securities gradually build private cloud platform through phased construction.

The first phase uses mature OpenStack modules to manage compute virtualization and storage virtualization in a unified way, and monitors the entire private cloud business system in combination with open source monitoring tools. The whole cloud platform integrates the original computing, storage and network management through OpenStack management platform from resources, providing standard IaaS API services for Huajin Securities 'business. Through Kyushu Cloud's Animbus service portal, administrators can provide self-service to enterprise IT managers through a unified portal. The stability of the platform was taken into account at the initial stage of the construction of the entire private cloud platform. The cloud control part adopts a multi-node and high-availability approach. The overall solution follows the following design principles:

Computing resource pool: Standardize and fully integrate resource pool architecture to reduce O & M costs, improve resource pool operation assurance efficiency, realize computing resource elasticity through resource pool design, and shorten service deployment time to improve business competitiveness. From the perspective of security, reliability, adaptability, scalability, practicality, advancement, efficiency, standardization and ease of management, the computing resource pool is planned through industry-leading methodology and understanding of the application business of the financial industry, and with reference to the best practice experience of the financial industry.

Storage resource pool: According to the characteristics of financial business, the design of storage resource pool needs to be based on data security, performance and scalability, and follow the principles of architecture flexibility, easy management, uniformity and convenience of resource allocation, data protection, storage hierarchy and diversity. The design of storage resource pool needs to manage traditional commercial storage (e.g. SAN, NAS), and at the same time, it needs to expand software-defined and distributed storage as a business in terms of scalability, so as to realize unified design and unified management of multiple storage.

Network resource pool: Adopt the design idea of "layering first, then partitioning". According to the isolation requirements of different service function areas, the whole network system is divided into external access layer, network switching layer, core network layer and storage area layer according to the overall service flow direction. At the same time, in order to better support the operation and management of the cloud platform, the network is divided into three network planes: service, service and management. Seven regions are formed by combining layers and planes. Network logic isolation is realized between each service region, which is conducive to system expansion and future operation and maintenance management. At the same time, it also lays a foundation for service expansion. The network communication requirements of new services can be met only by adding equipment in corresponding functional regions.

In addition, securities companies have a large number of business systems that need to communicate with hardware USB-KEY. In this solution, the original USB-KEY business system needs to be gradually migrated to the entire private cloud platform. Considering the unified management of USB-KEY in the future, the USB-KEY required by the application platform is accessed on the control node of the private cloud platform, and the virtual machine mounted to the private cloud platform through the IP network provides KEY-based security authentication. Considering the continuity of USB-KEY service, two control nodes have the ability to access USB-KEY at the same time, and if necessary, USB-KEY can be switched to backup node.

In terms of cloud platform operation and maintenance, through Zabbix+ELK, a reasonable assessment of the monitoring status of the entire platform is made from multiple dimensions such as physical equipment, basic OpenStack services, and storage services, and Grafana provides a unified monitoring display platform for operation and maintenance personnel.

Under the guidance of the above design principles, the overall high availability architecture design of Huajin Securities IaaS infrastructure support cloud platform is shown in the following figure:

As shown in the above figure, the bottom layer of Huajin Securities Cloud Platform is based on the deployment of x86 servers and network switching equipment with computing and storage convergence. Through virtualization technology integration, the construction of computing resource pool, storage resource pool and network resource pool is realized based on hyper-convergence architecture. Hyperconvergence technology aggregates local storage resources of x86 servers into a unified storage resource pool, and realizes highly reliable cloud computing resource pool construction through high availability technologies such as network path redundancy, network plane design, storage multi-copy, small IO aggregation, and automatic Load Balancer. The upper layer realizes user management, O & M and operation management, development management, security management, log management, and billing management through cloud resource management platform construction. Cloud hosts or containers provided by IAAS cloud platform to support the deployment and operation of relevant modules of upper business system.

Cloud platform computing resources: Resource pooling is realized through virtualization management software, which is mainly used to provide CPU, memory and other computing resources to carry business applications. Based on the dual power supply and RAID card mechanism of hardware server itself, the high availability of equipment is realized.

Cloud Platform Storage Resources: IaaS cloud architecture realizes the convergence of storage and computing resources, that is, each x86 server is both a computing node and a storage node. Through distributed storage engines, the local hard disks of each node machine with different access rates are merged into a global storage resource pool for storing cloud host images and business data. The storage resource pool constructed by the distributed storage engine has a distributed architecture, and realizes distributed cluster HA, distributed stateless head, distributed intelligent Cache (hot and cold data separation) and multi-copy access mechanism of data through software definition.

Cloud Platform Network Resources: 10 Gigabit and Gigabit NIC for each IaaS management server and compute server and external 10 Gigabit and Gigabit Ethernet switches provide a highly redundant network architecture for the cloud platform.

Cloud platform management: It is used to uniformly schedule and manage the resource pool of the cloud platform, and is deployed on the cluster composed of management node servers in HA mode. Cloud management provides unified management of resources on all nodes in the resource pool and provides web interfaces to administrators and users for Load Balancer and high availability access to the portal.

Improve economic efficiency and business efficiency in all aspects

After the IaaS cloud platform was launched, the R & D test system, some trading systems and office systems of Huajin Securities gradually migrated to the platform. Due to the initial choice of cloud platform solutions provided by Jiuzhou Cloud, in the past 3 years, IaaS cloud platform has brought huge economic benefits to Huajin Securities, and at the same time, the company's business efficiency has also been comprehensively improved:

Resource utilization rate has been greatly improved. Taking traditional development and testing environments as an example, server CPU utilization is usually less than 10%(industry average), while CPU utilization can be increased to more than 60% by means of cloud platform virtualization and resource sharing, and space and energy efficiency are also improved.

Application deployment efficiency has been effectively improved. In traditional development and testing, a large amount of work is spent on infrastructure supply, while automatic supply is realized through cloud platform automation, which reduces the original supply time of several weeks to several minutes, greatly improves the online time of application deployment, reduces workload and shortens the listing cycle of new business, thus making Huajin Securities 'business take the lead in competition.

Liberation of manpower, enhance the unit of artificial productivity. As the cloud platform adopts an automated approach, machines replace manual work, thus improving some work efficiency. In addition, applying for resources through self-service is equivalent to "crowdsourcing" many infrastructure work to end users, which not only reduces intermediate links, but also greatly liberates the productivity of operation and maintenance personnel, liberates them from heavy repetitive labor and puts them into work with higher added value, and the resources are reasonably allocated.

IT management level has been greatly improved. Cloud platform manages resources through unified self-service portal, and all management methods are solidified through process means, so that management concepts can be implemented and resource waste caused by "grey areas" existing in traditional IT management can be reduced. In addition, human knowledge and skills are reused in automated scripts, reducing human resource costs for businesses. Since the cloud platform comes with configuration management, alarms, reports and dashboards, it provides ready-made tools for IT operations and management to assist decision-making.

Increased IT compliance reduces the probability of risk occurrence. Since the cloud platform adopts automation, process and other auxiliary means to reduce manual operations, the potential risks caused by manual errors are reduced. With standardized process guarantee, the possibility of artificial violation is reduced, and the probability of risk occurrence is reduced again, thus reducing the hidden cost of risk borne by enterprises.

Nowadays, cloud computing has become the promoter in the transformation of "technology-led business" of securities institutions, and the case of Huajin Securities on cloud provides effective reference for other securities institutions on cloud. Over the past three years, Jiuzhou Cloud has witnessed its step-by-step journey into the cloud while providing services for Huajin Securities. In the future, Jiuzhou Cloud will continuously carry out technological innovation, and at the same time, it will output the rich experience and ability accumulated in the past to more industry customers, maximize its own value and empower more industries.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.