Core Banking Modernization with Zero Downtime

Envadel was brought in to design and execute a phased migration from the monolithic COBOL core to a domain-driven microservices architecture running on Kubernetes. The engagement followed the Dedicated Team model: a self-managing squad of 6 engineers operating under Envadel's governance framework, integrated with the client's existing Jira and Confluence environment.

The approach was strangler fig pattern — progressively replacing legacy modules with new microservices behind an API gateway, using Kafka event streaming to maintain data consistency between old and new systems during the transition period. Each module (accounts, payments, lending, compliance) was migrated independently with canary deployments and automated rollback capabilities.

The 14-month roadmap was divided into three phases: Foundation (months 1-4) covering infrastructure, CI/CD, and the first two microservices; Core Migration (months 5-10) for the critical banking modules; and Optimization (months 11-14) for performance tuning, PSD2 API certification, and knowledge transfer to the client's expanded internal team.

The new architecture was built on Java 17 with Spring Boot 3, following domain-driven design (DDD) principles. Each bounded context (Accounts, Payments, Lending, Compliance, Customer) was implemented as an independent microservice with its own PostgreSQL database, enforcing the database-per-service pattern to eliminate cross-service data coupling.

Apache Kafka served as the event backbone, implementing event sourcing for all state changes in the Accounts and Payments domains. This enabled real-time data synchronization between the legacy COBOL system and new microservices during the transition period, and provided a complete audit trail required for PCI-DSS compliance. Kafka Connect managed CDC (Change Data Capture) from the legacy DB2 database.

Infrastructure was fully codified with Terraform on AWS. The Kubernetes cluster ran on EKS with Helm charts for standardized deployments. The CI/CD pipeline (GitHub Actions) included SAST scanning (SonarQube), container vulnerability scanning (Trivy), automated contract tests (Pact), and canary deployment orchestration. Every microservice deployment was staged: 5% canary → 25% → 50% → 100%, with automated rollback triggered by error rate thresholds.

An API gateway (Kong) handled routing, rate limiting, and authentication (OAuth 2.0 / OpenID Connect) for both internal services and the PSD2-mandated open banking APIs. Observability was built on Prometheus, Grafana, and distributed tracing via Jaeger, with PagerDuty integration for on-call alerting.

The team operated in 2-week sprints with a well-defined ceremony cadence: sprint planning on Mondays, daily standups at 09:30 CET, mid-sprint review on Wednesdays, sprint review and retrospective on alternate Fridays. The client's Product Owner participated in all planning and review sessions, ensuring alignment with business priorities.

Reporting followed a structured cadence: weekly status reports delivered every Friday covering velocity, blockers, risk assessment, and upcoming milestones. Monthly executive summaries were presented to the CTO and VP Engineering, including burn-down charts, quality metrics (defect escape rate, test coverage), and a RAG-status roadmap view. Quarterly Business Reviews (QBRs) with C-level stakeholders covered strategic alignment, ROI tracking, and team continuity planning.

Formal change management was enforced for any scope modification. Change requests required impact assessment (effort, risk, dependencies), approval from both Envadel's delivery manager and the client's Product Owner, and documented scope adjustments. This process prevented scope creep while allowing legitimate pivots — 4 change requests were processed over 14 months, all within the governance framework.