Yu'ebao Service Governance Practices and Methodology

As more companies adopt service‑oriented architectures, service governance becomes a critical concern; Yu'ebao, with over 5 hundred million users and assets surpassing one trillion yuan, continuously optimizes its IT architecture, and Li Xin, Mobile Platform Technology Director & Chief Architect, explains the approach.

The core governance body is a Service Governance Committee of about eight members—architects, team leaders, and operations staff—that meets bi‑weekly to review service‑metric dashboards covering performance, capacity, health, call‑graph quality, operational quality, and development efficiency, then decides on control measures and improvement plans.

Governance capabilities are not assigned to dedicated staff; instead, development teams own them, with architects designing solutions that are integrated into regular iteration cycles.

Financial‑industry specific challenges include strict security and compliance requirements, the need to balance heavy regulatory constraints with the lightweight, fast‑deployment goals of service‑oriented design, and limited trial‑and‑error due to rigorous approval processes.

Service metrics are collected from both online and offline dimensions: online logs (access, latency, exceptions, call relationships) and offline data from requirement, project, test, and source‑code management systems. A dedicated metrics dashboard provides a unified entry point for analysis and control actions.

Online metrics are gathered via service registry information, host and application logs, and APM trace data; offline metrics are extracted from requirement management, project management, test management, and source‑code/version repositories.

Process metrics from CI pipelines, agile collaboration, and DevOps workflows are also incorporated, enriching the overall governance data set.

All metrics are consolidated in a data warehouse; certain performance and exception indicators are transformed into operational events that trigger predefined control commands (e.g., auto‑scaling, rate limiting, circuit breaking) through a scheduling center.

The governance loop consists of three layers—measurement, control, and management—forming a closed‑loop system that ensures observability, enforceability, and continuous improvement.

Metric collection is primarily self‑developed, while control capabilities leverage Ant Financial Cloud services; self‑development allows fine‑grained customization not available in off‑the‑shelf products.

Service splitting and integration are handled through both dynamic call chains (inspired by Google’s Dapper) and static call chains built by scanning Java source code with an AST parser, producing a cross‑project call matrix that reveals dependencies, loops, depth, and redundancy.

Combining dynamic and static call graphs enables detection of circular calls, deep call hierarchies, excessive external dependencies, and helps identify redundant code for refactoring.

Guidelines for service decomposition include encapsulating common business or technical capabilities as independent services, limiting a service’s external dependencies to fewer than ten, and periodically reviewing service granularity, using automated code‑scan tools to assist.

Yu'ebao’s service hierarchy is organized into four layers: a PaaS layer (resource‑level capabilities), a basic business service layer (eight domains such as account, asset, transaction, payment), an application business service layer (direct/indirect sales and marketing services), and an aggregation layer that acts as a gateway exposing APIs to front‑end applications.

The current governance framework scores around 70 points; continuous iteration is needed to address scaling, capacity changes, and emerging technologies like containerization, which affect lifecycle management and control strategies.

Future plans include intelligent root‑cause analysis using call‑graph and CMDB data, long‑term capacity forecasting, and further automation of governance processes.

Li Xin advises teams to first build robust metric‑monitoring capabilities, start with small scripts and tools before scaling to full platforms, and remain imaginative—any effective technique, such as static call‑chain generation via code scanning, can enhance service governance.