Why Tech-Savvy Banks Are Gung Ho About 'Container' Software
The so-called cloud container, a tool that makes it easier to develop apps for different operating systems, has emerged as a disruptive technology in data center and cloud computing. Even banks, ever cautious about safety in the cloud, might embrace the technology.March 25
As bank executives continue to debate, hesitate and worry over the security issues related to using applications that connect to the cloud, their employees are using cloud-based apps by the hundreds often without banks' knowledge.December 15
Container software, a technology that only a year ago was still considered edgy and risky, is getting a warm reception from financial institutions, with good reason.
At a conference this week in New York devoted to containers, bankers and others raved about the technology. Goldman Sachs, Bank of America, the International Securities Exchange and others are increasingly using containers in-house and Goldman recently made a breakthrough by taking a few applications into production within containers in the public cloud.
Containers are the software equivalents of shipping containers, within which applications are run and managed and can be easily moved from one hardware server to another or to and from public and private clouds, regardless of the operating system of the underlying server (e.g. Windows or Linux) or cloud provider (such as Amazon, Google, or Microsoft).
A newer development that's making containers more viable is the advent of CoreOS, a lightweight Linux operating system that works with containers to provide services like automatic patching and server authentication, removing such chores from the IT department. (CoreOS Inc., the commercial venture behind the operating system, hosted the conference.)
To Goldman Sachs, containers are "how we get 8,000 app developers to be more productive," said J Ram, managing director at the investment bank. A 5% improvement in productivity from containers could have a big impact. Goldman has invested in Docker, the leading container software provider, and has been using the technology internally for years.
Two weeks ago, Goldman released a new version of its cloud infrastructure and it now has a few small applications running in production in Docker containers there.
Bankers like the simplicity containers can bring.
"When you think about the diversity of development operations, the burden of managing that is gigantic," said Ryan Thomas, head of architecture and technology strategy at Bank of America.
Shifting people from maintaining, supporting and managing applications to creating and delivering them brings efficiency.
At Bank of America, the pressure to adopt containers is coming from developers, of which it has 17,500. "Developers want to build. They want to bring value to applications. They don't want to be doing sourcing and procurement," Thomas said.
Bank of America has several labs and dozens of people dedicated to understanding containers. The bank is using the technology to develop and test applications; so far it doesn't use containers in production. "We're heavily invested in it," Thomas said. "We're starting to architect our applications in that direction." Eventually, containers will help Bank of America push some of its computing out to the public cloud, he said.
At the International Securities Exchange, too, the idea of lessening IT work was a draw.
"In early 2013, when we learned about Docker, we were kind of excited but at the same time we were a little bit 'meh,'" said Paul Morgan, systems architect at the options exchange, based in New York. "At that point, Docker would be just another layer on top of what we already managed, and we didn't want to add complexity, we wanted to get rid of the complexity."
But later that year, the exchange learned about CoreOS. "That was a turning point for us," Morgan said. The exchange started experimenting with the technology and this year set up a data center in Chicago that runs 100% on CoreOS.
Before using CoreOS, about 70% of the staff technologists' time was spent just managing operating system patches, Morgan estimated. "With CoreOS, we let the updates come through automatically. We free up our time to focus on revenue-generating projects, like our trading platform."
Rob Cornish, chief technology officer at exchange, said the technology enabled it to create two new markets, ISE Gemini (which was recently launched) and ISE Mercury, which will launch early next year. In that same time period, the exchange reduced IT spending 25%.
Performance tests were critical here — ISE handles two billion transactions a day and its market data feeds consume up to 150 million messages per second. And like any exchange, it has to be able to handle unexpected spikes in volume. The containers' performance using the CoreOS, Morgan said, is comparable to that of its Linux servers. The exchange can keep latency (the delay between input of data, such as a buy or sell order, and the desired outcome, such as a confirmation) under 200 microseconds. (That's 200 millionths of a second — not very long at all.)
Bankers' two biggest lingering concerns about containers are security and compliance. The primary reason Bank of America hasn't gone into production yet with its containers is security.
"As you move into a container world, especially when you're bridging containers, orchestrating across them, you're moving into a world that hasn't been vetted with regulatory and compliance and that's a challenge," Thomas said.
Asked about what types of technology companies Goldman would want to work with on its cloud and container strategy, Ram said, "Anyone who can provide security infrastructure around the cloud and the container ecosystem would be good."
These efforts to adapt to modern computing models are starting to help these banks handle their IT environments more nimbly. That should equip them to react quicker to changes in the world around them — if regulators don't try to stifle this work.
Penny Crosman is American Banker's editor at large. She welcomes feedback on her column at firstname.lastname@example.org.