Reserve Bank of Australia is making strong progress on a major IT and network infrastructure overhaul, as it works to make infrastructure service delivery simpler, standardised and more automated.
In this week’s episode of the iTnews Podcast, chief information officer Stephen Smith describes the wide-ranging technology agenda and infrastructure currently being pursued by Australia’s central bank.
The upgrades are a mix of business-as-usual (BAU) and transformational, but the goals are much the same.
“The bank sits at the centre of the Australian economy,” Smith said.
“We support key systems in payment settlement, in government banking, in note issue and in financial markets, and it's really important for us to make sure that those systems are absolutely reliable and secure.”
Practically, for Smith and his team of around 550 technology staff, making infrastructure services more reliable and secure translates into a series of upgrades and enhancements, from cloud adoption and containerisation to infrastructure-as-code, and from networks to segmentation.
All of these work streams are running in parallel, Smith said, a strategy that means that, throughout 2022, RBA has been delivering a steady stream of improvements to its systems and ways of working.
Its automation efforts are multi-pronged.
These include a focus on patch automation as part of works associated with meeting the federal Essential Eight security guidelines; on tooling that can reduce maintenance workloads “for some of our key infrastructure teams”; and, more recently, on infrastructure-as-code and the use of standard infrastructure patterns to automate provisioning effort.
There are similarly a lot of work streams aimed at driving standardisation and simplification outcomes for infrastructure services, with a network upgrade forming the major piece.
“We have quite a complex network environment, and we're seeing that there's an opportunity to adopt contemporary approaches to network and security management that will really allow us to reduce the number of networks that we're maintaining, and the complexity that we have to manage,” Smith said.
“We've got a very highly motivated, highly engaged set of staff. Still, we find that staff find it very difficult to avoid making errors at times because of the complexity of the environments that we give them to work in.
“So on simplification we've started with our campus network design. We designed the new network architecture and rolled it out in January.
“Where we previously would have built six separate networks for different functions, we now have a single network.”
The physical network is now segmented virtually for all of the different areas of the RBA that rely on it.
“We're starting work now on moving on to our wide area network design, and that will encompass all our offshore offices as well,” Smith said, adding the WAN will be software-defined.
“Then, we're moving onto our core network design, which is probably the most complex, and also the one where we're probably going to get the most benefit in terms of security and stability.”
Cloud migration
RBA pushed its first infrastructure-as-a-service workload up into Microsoft Azure in May this year, and more candidates have been identified for cloud migration.
“With the adoption of cloud, a big driver is getting access to cloud-native resiliency and redundancy that adds to our stability and security. It's also a drive for value for money and effectiveness,” Smith said.
“We want to adopt platforms and cloud solutions, where they allow us to deliver much better functionality faster, cheaper, and with lower risk.”
Workloads and applications that are conducive to cloud hosting are likely to be containerised first, and that work is already underway.
Smith said the RBA’s “core banking system”, for example, was conducive to containerisation, and that the process has begun.
“That's a system that is proving to be very amenable to containerisation, and that opens up opportunities for us to look at either migrating it into a public cloud, a public secure cloud, or into hybrid cloud, both using on and off-premises cloud infrastructure,” he said.
Other applications are to be treated on a case-by-case basis.
Those that would require substantial refactoring to containerise or migrate will be parked for the moment and revisited at a time when they need upgrading.
At that point, the RBA could decide to refactor the existing application, or potentially move off it entirely, with preference given to an already cloud-based alternative.
“We have a reasonably highly configured service management solution. We're in the process of migrating off that onto ServiceNow, for example,” Smith said.
Smith added that the RBA’s stance is to be “cloud agnostic”. So far it has workloads running in AWS and Azure, and makes use of a number of software-as-a-service applications, such as M365 and Workday.
Unsurprisingly, security weighs heavily on decisions on where to host workloads.
“We would look to adopt cloud services where we can improve availability and security, where we can improve cost effectiveness, and where it can give us advantages around scalability,” Smith said.
“We take a very pragmatic and fact-based approach to how we select our clouds, and in terms of SaaS services, it's really the same approach.”
On cloud hosting specifically, RBA is keen to avoid a situation of lock-in: “How do we ensure that we've got flexibility and we retain some commercial optionality as we adopt cloud?” Smith said.
Innovation lab
Smith said RBA’s internal innovation lab, which was established in 2018 and has a bank-wide remit, had assisted with some of the early experimentation around workload containerisation.
“We used the innovation lab to actually pilot and trial containerisation of aspects of an application. That gave us a lot of insight that helped us understand the costs, risks and benefits of that kind of transition,” Smith said.
Smith said the direction of innovation at RBA is influenced by an internal structure called “the huddle”, which brings together “innovation champions” drawn from across internal departments and units.
“The huddle meets regularly to identify and prioritise experiments that we can run in the lab,” he said.
Subscribe to The iTnews Podcast at Apple Podcasts, Google Podcasts, Spotify, Amazon Podcasts or wherever else good podcasts are found. New episodes will be released every Monday.