How Hengfeng Bank Pioneered OpenStack Cloud Migration in China’s Banking Sector

Hengfeng Bank, one of twelve national joint‑stock commercial banks, announced the completion of six migration batches involving more than 150 application systems to its financial cloud data center, achieving full cloud upgrade for online and mobile banking services.

The bank’s financial cloud platform is the first among large Chinese banks to run major production systems on an open‑source OpenStack cloud and the first to fully deploy software‑defined networking (SDN) and a multi‑tenant industry cloud. The migration project began in March 2016, validated repeatedly, and ultimately moved all systems to the cloud data center.

On July 15, the China Banking Regulatory Commission released draft guidelines urging banking institutions to steadily adopt cloud computing, aiming for all internet‑facing information systems to migrate to cloud platforms by the end of the 13th Five‑Year Plan, with at least 60% overall migration, positioning cloud as a key innovation area.

Zhang Xiaodan, general manager of the bank’s technology department, explained that OpenStack is essentially an open‑source IaaS platform; its success depends not only on functionality and stability but on delivering on‑demand, self‑service, agile, decoupled, and cost‑effective IT infrastructure management.

According to Pan Wenjie, director of the platform and automation center, traditional financial enterprises design highly redundant architectures, incurring high maintenance costs, while internet companies adopt simple infrastructure with high availability at the application layer. Hengfeng’s cloud migration combined these approaches, ensuring high availability through VM HA, live migration, and Ceph triple‑replication.

Tiandan’s BPC performance management product played a crucial role during the migration, helping meticulously map each data object and metric to guarantee comprehensive business monitoring throughout the cloud transition.

In the multi‑tenant cloud, Hengfeng employs a flexible TAPaaS solution to provide on‑demand traffic mirroring under user authorization, directing traffic via GRE or VxLAN to BPC servers, which differentiate tenant flows and apply customized monitoring thresholds.

TAPaaS and BPC incorporate tenant isolation and privacy protection features. In January, the platform passed the upcoming Ministry of Public Security cloud security assessment, becoming the first bank to obtain such certification.

Because virtual machines are dynamically created, destroyed, and migrated, traffic collection must adapt to VM changes. Tiandan’s BPC northbound API integrates with Hengfeng’s cloud controller to build Software‑Defined Performance Management (SDPM), enabling automated, multi‑tenant performance monitoring through API‑driven creation, deletion, and configuration of services.

Under the SDPM paradigm, the team implemented OpenStack and OVS traffic automation so that when applications or VMs migrate or scale, traffic is reconfigured automatically, achieving zero impact on business flow or monitoring.

Currently, all applications run smoothly on the new financial cloud platform, with markedly improved deployment, scaling, and provisioning capabilities, shortening response times and laying a solid foundation for future fintech innovation. The architecture also serves as a model for other banks and financial institutions to accelerate IT transformation and promote inclusive finance.