Ant Group's Financial-Grade Unitized Architecture: Design, Capabilities, and Real-World Banking Cases

In recent years, cloud‑native concepts such as microservices, containers, serverless, and service mesh have rapidly spread, yet financial institutions face strict performance and security requirements that make practical adoption challenging; this talk by Ant Group senior architect Yin Boxue shares insights and practices for financial‑grade IT architecture.

The industry commonly uses three distributed patterns—single‑active, active‑active, and cold‑standby—each offering varying levels of disaster‑recovery and gray‑release granularity, but database replication often limits true zero‑RPO cross‑region recovery.

Ant’s evolution progressed from single‑active to same‑city active‑active and finally to a two‑city three‑center model, culminating in a unitized architecture that shards business logic into logical units, each deployed across three locations with five‑center redundancy.

The unitized design consists of RZone (sharded, writable zones), GZone (global, non‑sharded services) and CZone (city‑level read‑only replicas of GZone). Each RZone stores five replicas per shard, using Paxos for strong consistency, while CZone reduces latency for city‑level RZone accesses.

Key capabilities include same‑city and cross‑region disaster recovery with RPO = 0 and RTO < 1 minute, elasticity by renting additional IDC zones for traffic spikes and releasing them after events, and fine‑grained gray‑release by splitting traffic into A/B groups and switching at shard granularity.

Core modules support these capabilities: traffic routing embeds user‑UID and zone information in cookies to direct requests; service routing handles both intra‑city and inter‑city service calls via local and remote registries; high reliability is achieved with Ant’s OceanBase distributed relational database, deploying five replicas per shard with three strong‑consistency copies.

Practical deployments illustrate flexibility: a city commercial bank uses a large GZone with same‑city active‑active and three‑center DB replication (no cross‑region DR); a regional bank adopts same‑city unitized shards achieving DR, gray‑release, and elasticity; Ant’s Netbank implements multi‑region active‑active unitized architecture with full DR, gray‑release, and elastic scaling.

The presentation concludes that Ant’s unitized architecture offers adaptable deployment options—from big GZone to same‑city or multi‑region unitized setups—meeting the stringent demands of financial services.