Bees And Monkeys: 5 Cloud Lessons NAB Learned From AWS

Bees And Monkeys: 5 Cloud Lessons NAB Learned From AWS

National Australia Bank (NAB) has used Amazon Web Services (AWS) to provide more reliable development and hosting processes for its online services. Here are the key lessons it learned as it moved key banking systems into the cloud.

David Broeren, head of digital and online channel services at NAB, gave a presentation on the bank’s cloud systems at the AWS Summit event in Sydney today. These are the key lessons that emerged in that discussion — lessons that are useful even if you’re not working in a big four bank.

You can’t jump onto the cloud straight away. NAB began a major internal transformation project in 2009, but didn’t look at actually using cloud services until some fundamental tool and platform decisions had been made.

“AWS is quite a new thing for NAB, but we’ve been trying to transform for some time,” Broeren said. Key internal tool decisions included introducing an internal GitHub for code tracking and Artifactory for repository management. “There’s been a focus for some time on getting the enterprise toolset right.”

Rollout is fast but not the key metric Broeren described how speedily NAB rolled out its initial AWS instance. “In 59 minutes we went from an account with AWS to two data centres fully ready. Within two minutes from that we had 40 servers out there running and ready.” Those systems include two load-balanced EC2 instances and an S3 instance hosting the relevant server images.

While that was impressively speedy, the more important measure for Broeren was performance and resilience. That led to another key decision: deliberate stress testing for the system.

Why you need monkeys and bees “This is where the resilience bit came in Broeren said. “From the outset we put in two key controls. The first was ‘bees with machine guns’: a brute force load onto the site to test out its resilience.”

The second key control was the Chaos Monkey tool, originally developed by Netflix, which deliberately takes out functioning servers to test whether the site could recover from system failures. “To get full effect, you have to run it in production,” Broeren said. “The great thing about that is it continually tests the design.”

“Chaos Monkey takes something that would be a high-severity incident — the loss of a server — so it’s just an information event. It actually delivers resilience to our teams.”

Use the same system design everywhere. “The environments for development, performance, test and production all look the same, so they’re all production code,” Broeren said. That means any problems with changes are very quickly identified.

Have plans for future deployments NAB’s next cloud activities will be in disaster recovery and performance optimisation. “I’d love to be able to do continuous disaster recovery,” Broeren said. Optimisation is also a major goal: “I can’t wait to get the Janitor Monkey in.”


  • The best extension ever written for Chrome has had fun with this article. It’s sole purpose is: “Replaces the text ‘the cloud’ with ‘my butt’, as well as ‘cloud’ with ‘butt’ in certain contexts.”

    But that’s an aside. The NAB are storing customer financial data on Amazon AWS? One considers that this is a large mistake for such a large company. The security implications of storing people’s financial details on Amazon servers alone should be ringing alarm bells.

    One should consider a company of their calibre and expertise could easily buy the bare metal and install their own hypervisor to reap even greater benefits than putting all their customers at such risk.

    • There are Australian companies putting tax information into the cloud for individuals who are their customers and working with the ATO and governance bodiessome ary step of the way to make sure everything is above board.

      People in financial services have treated the cloud as a scary monster for far too long without actually talking to regulators and lawmakers about it, and some are finally taking action.

      Note: not, and never have been, a NAB employee.

    • NAB isn’t putting customer data in AWS, only static web content and public documents are allowed in the cloud.

      Customer data security is of primary importance to all the Australian Banks and to APRA.

    • I suspect you dont understand how AWS Virtual Private Clouds work. The way Ive seen this setup is that all traffic from the cloud comes through a physical corporate site, behind existing firewalls. Its just a logical extension of a physical datacenter with the benefits of scale and reduced cost.

      Obviously you can also use AWS to expose public web servers too, but that would be in a completely different VPC, and communication between the two would have to be specifically setup and secured.

      There are laws regarding data sovereignty for companies like NAB, which is why AWS is a popular choice because it has data centers in Sydney.

      Disclaimer: I am an IT Security Engineer who works for an Australian enterprise that uses AWS and I have recieved training from Amazon. These views are my own.

  • Personally know and incompetent IT Senior Manager and a Solution Architect in there. Though I don’t know if they had any influence over the decision, but I always remind myself to stay away from NAB because of them.

Log in to comment on this story!