Cloud Infrastructure Migration for Open Banking Platform (Eurobits/Tink/Visa)

The digital transformation in the European financial sector, driven by PSD2 regulation and the new Open Banking standard, forced traditional banking data companies to completely reinvent themselves. Migrating decades of legacy on-premise infrastructure to modern cloud architectures while simultaneously maintaining service to tier-one banks and financial institutions without any interruption represents one of the most complex technical and organizational challenges in the fintech sector.

For 2 years (2022-2024) I participated in the complete technological transformation of Eurobits Technologies, a pioneering Spanish company in banking data aggregation that was acquired by Tink (Swedish fintech leader in Open Banking) and subsequently by Visa. My role encompassed AWS cloud architecture design, management of migrations from on-premise infrastructure and from IBM Cloud to AWS, and continuous support of legacy infrastructure composed of hundreds of physical and virtual servers, all within an international environment with distributed teams across Spain, Sweden, Poland, United Kingdom, and United States.

Project Context and Corporate Evolution

The Paradigm Shift - From Traditional Model to Open Banking

Eurobits Technologies traditionally operated as a provider of banking account data and transactions for financial entities. With the arrival of the European Union’s PSD2 (Payment Services Directive 2) directive and the new Open Banking standard, the complete business model required radical transformation.

Open Banking represents a fundamental shift in how banking data is shared and used:

• Traditional model: Screen scraping and proprietary methods to extract data from banking portals.
• Open Banking: Standardized APIs that banks must provide by regulation, enabling secure and authorized access to account data.
• Benefits: Enhanced security, improved user experience, real-time access, and new financial services (account aggregation, instant payments, lending, wealth management).

Company evolution:

1. Eurobits Technologies (Spain): Pioneer company in banking data aggregation with proprietary technology and established relationships with Spanish and European banks.
2. Acquisition by Tink (Sweden, 2019): Tink, Nordic leader in Open Banking, acquires Eurobits to expand into Spanish and Southern European markets, combining Eurobits’ technical expertise with Tink’s product vision.
3. Acquisition by Visa (2021): Visa acquires Tink to integrate Open Banking capabilities into its global payments infrastructure, positioning Open Banking as a strategic component in the future of digital payments.

Technical Transformation Challenges

The migration faced multiple simultaneous challenges:

Infrastructure challenges:

• Hundreds of physical and virtual servers with years of manual configuration.
• On-premise infrastructure with scalability limitations and high operational costs.
• Complex dependencies between legacy systems developed over decades.
• Two-stage migration requirement: on-premise → IBM Cloud → AWS (for historical reasons).

Business challenges:

• High-profile clients (banks, financial institutions) with strict SLAs.
• Zero tolerance for service interruptions or loss.
• Compliance with financial regulations (PSD2, GDPR, banking security requirements).
• Synchronization with product roadmap during integration with Tink and subsequently Visa.

Organizational challenges:

• Distributed teams across 5 countries with different time zones.
• Cultural integration between Eurobits (Spain), Tink (Sweden), and subsequently Visa (global).
• Coordination with multiple stakeholders: technical teams, product, legal, compliance.
• Management of relationships with multiple cloud and infrastructure providers (AWS, IBM Cloud, Hetzner).

Legacy Architecture and Infrastructure Scope

Existing On-Premise Infrastructure

The infrastructure I managed during the migration process included:

Servers and virtualization:

• Hundreds of physical servers in owned datacenters.
• VMware ESX 6 and 7 clusters with dozens of virtual machines.
• Mix of operating systems: CentOS, Debian, legacy Linux versions, Windows Server.
• Manual configuration accumulated over years without infrastructure as code.

Network and communications services:

• Cisco and Brocade/Broadcom firewalls (subsequently migrated to IBM Cloud VRA - Vyatta 5600).
• Citrix NetScaler (VPX) load balancers.
• VPN infrastructure with OpenVPN for remote access and site-to-site connections.
• DNS services with Bind for internal and external zone management.
• Active Directory for identity management and centralized authentication.

Storage and databases:

• MySQL and PostgreSQL clusters for transactional databases.
• Elasticsearch for logging and banking transaction search.
• Shared storage on SAN (Storage Area Network).

Security and PKI infrastructure:

• HashiCorp Vault: Secure storage of banking certificates and credentials.
• HashiCorp Consul: Service discovery and distributed configuration management.
• Complete PKI infrastructure for user certificates and banking communications.
• Management of banking credentials and authentication tokens.

Existing Cloud Services Before Migration

IBM Cloud (initial historical migration):

• For historical reasons, part of the infrastructure had already initiated migration to IBM Cloud.
• Virtual Router Appliance (VRA) based on Vyatta 5600 OS for routing and firewall.
• Linux virtual instances running critical services.
• Configuration of private networks and VLANs for segregation.

Auxiliary infrastructure on Hetzner:

• Dedicated servers for development and testing environments.
• Backup and disaster recovery instances.
• Cost reduction for non-production environments.

My Role - Cloud Architecture, Migration, and Legacy Support

AWS Cloud Architecture Design

I led the design of the new AWS architecture that would receive the migrated infrastructure:

Implemented design principles:

• Multi-region for high availability: Critical services deployed across multiple AWS regions.
• Environment segregation: Strict separation between development, staging, and production.
• Infrastructure as code: Use of IaC tools to guarantee reproducibility.
• Layered security: Isolated VPCs, restrictive security groups, IAM roles with minimal privileges.
• Observability by design: Centralized logging, metrics, transaction traceability.

Architected AWS services:

Designed network architecture:

Multi-Stage Migration Management

I coordinated and executed complex migrations in multiple phases:

On-premise → IBM Cloud migration (initial phase):

The initial migration from on-premise to IBM Cloud was already underway when I joined the project. I managed:

• Completion of pending server migrations from on-premise to IBM Cloud.
• Configuration of Virtual Router Appliance (VRA) based on Vyatta 5600.
• Establishment of VPN connectivity between on-premise datacenter and IBM Cloud.
• Progressive service migration maintaining connectivity with legacy systems.

IBM Cloud → AWS migration (strategic phase):

For strategic corporate reasons (integration with Tink and subsequently Visa), the executive decision was to migrate all infrastructure to AWS:

1. Assessment and planning:

   • Exhaustive inventory of IBM Cloud services and dependencies.
   • Mapping of IBM Cloud services to AWS equivalents.
   • Definition of migration order minimizing impact.
   • Establishment of success criteria and rollback plans.

2. Parallel infrastructure in AWS:

   • Deployment of complete AWS architecture before migrating services.
   • Configuration of connectivity between IBM Cloud and AWS for progressive migration.
   • Implementation of data synchronization between environments.

3. Progressive service migration:

   • Service-by-service migration with functional validation.
   • Parallel operation period to validate behavior.
   • Gradual traffic switchover using DNS and load balancing.
   • Verification of SLA compliance during transition.

4. IBM Cloud decommissioning:

   • Confirmation of successful migration of all critical services.
   • Retention period of IBM Cloud infrastructure as contingency.
   • Progressive deactivation and closure of IBM Cloud resources.

Auxiliary migrations on Hetzner:

• Management of complementary infrastructure on Hetzner for development and disaster recovery.
• Configuration of VPN connections between AWS and Hetzner.
• Cost optimization using Hetzner for non-production workloads.

Continuous Legacy Infrastructure Support

Throughout the migration process (extending 2 years), I maintained legacy infrastructure operational:

Daily operation of on-premise systems:

• VMware ESX 6 and 7 administration: Virtualization cluster management, VM provisioning, resource management (CPU, RAM, storage).
• Network services maintenance: Cisco and Brocade firewalls, Citrix NetScaler load balancers, switches, routers.
• Active Directory management: Users, groups, security policies, application integration.
• DNS services with Bind: Internal and external DNS zone management, resolution for legacy and cloud services.

Database and storage management:

• MySQL and PostgreSQL: Backups, query optimization, replication, performance troubleshooting.
• Elasticsearch: Index management, search optimization, node maintenance.
• Storage: SAN management, capacity expansion, I/O troubleshooting.

Security and certificate management:

• HashiCorp Vault: PKI infrastructure management for banking and user certificates.
• Banking certificates: Renewal and deployment of certificates for banking communications.
• OpenVPN: VPN access management for employees and partners.

Monitoring and troubleshooting:

• Zabbix: Alert configuration, service monitoring, metric analysis.
• Elasticsearch/Kibana: Log analysis, error troubleshooting, anomaly detection.
• Logstash: Log pipeline configuration, event parsing.

Automation and DevOps

Infrastructure as Code

I implemented modern IaC practices for the new AWS infrastructure:

Tools used:

• Ansible: Server configuration automation, application deployment, orchestration of complex tasks.
• GitLab CI/CD: Automated pipelines for deployments, infrastructure testing, configuration validation.
• Bash scripting: Custom scripts for migrations, automated backups, maintenance tasks.

Benefits achieved:

• Reduction of human errors in server configuration.
• Complete reproducibility of environments (dev, staging, prod).
• Implicit documentation in code of all configuration.
• Speed of provisioning new environments.

Containerization and Orchestration

I participated in service modernization through containers:

Kubernetes:

• Design of Kubernetes cluster architecture on AWS EKS.
• Migration of monolithic applications to containerized microservices.
• Configuration of namespaces for environment segregation.
• Implementation of Ingress controllers and service meshes.

Docker Swarm:

• Management of existing Docker Swarm clusters during transition.
• Use of Portainer for visual container management.
• Progressive migration from Docker Swarm to Kubernetes.

International Environment and Multi-Team Coordination

Global Organizational Structure

I worked in a truly international environment with distributed teams:

Geography and teams:

• Spain (Madrid): Legacy engineering team, infrastructure operations, system administrators.
• Sweden (Stockholm): Tink product team, software architecture, strategic decisions.
• Poland (Warsaw): Banking integration development, testing, QA.
• United Kingdom (London): Banking customer relations, compliance, legal.
• United States: Visa teams after acquisition, integration with global Visa infrastructure.

Other countries with specific participation:

• Italy, Germany, France, Portugal (local bank integration teams).

Collaboration and Communication

Coordination challenges:

• Time zones from GMT to EST (8 hours difference).
• Cultural differences in work styles and communication.
• Languages: Communication in English as lingua franca, with native teams in Spanish, Swedish, Polish, etc.

Tools and practices:

• Daily standups: Daily synchronization adapted to time zones.
• Incident management: 24/7 on-call with international rotation.
• Documentation: Exhaustive documentation in English for knowledge sharing.
• Slack/Teams: Asynchronous communication for coordination between time zones.

Stakeholder and Vendor Management

I managed relationships with multiple stakeholders:

Internal stakeholders:

• Engineering teams from Eurobits, Tink, and subsequently Visa.
• Product managers defining roadmap and priorities.
• Legal and compliance teams ensuring regulatory compliance.
• Executives making strategic decisions about cloud architecture.

External vendors:

• AWS: Enterprise support, AWS solution architects, TAMs (Technical Account Managers).
• IBM Cloud: Outbound migration coordination, support during transition.
• Hetzner: Auxiliary infrastructure management.
• Telecommunications providers: Connectivity between datacenters and clouds.
• Software vendors: Cisco, Citrix, HashiCorp, VMware, etc.

Critical Technical Challenges and Solutions

Zero Downtime During Migrations

The biggest challenge: Migrating complete infrastructure without interrupting service to banks.

Implemented strategies:

• Blue-green deployments: Parallel infrastructure in AWS before switchover.
• DNS failover: Gradual traffic shift through short TTLs in DNS.
• Database replication: Real-time synchronization between legacy and AWS environments.
• Rollback plans: Detailed rollback plans for each migrated service.
• Minimal maintenance windows: Migrations executed during low-traffic windows.

Regulatory Compliance During Transition

Maintaining compliance with financial regulations during infrastructure changes:

Requirements met:

• PSD2: Strong Customer Authentication (SCA), transaction data protection.
• GDPR: Personal data protection, right to be forgotten, portability.
• Banking audits: Complete architecture and security documentation for banking client audits.
• Certifications: Maintenance of security certifications during transition.

Large-Scale PKI Infrastructure Management

The PKI infrastructure was critical for secure communications with banks:

Managed components:

• HashiCorp Vault: Internal Certificate Authority (CA), automated certificate issuance.
• Banking certificates: Renewal and distribution of certificates provided by banks.
• User certificates: PKI for user authentication in applications.
• Secret rotation: Automation of password, token, and certificate rotation.

Main challenge:

• Migrate Vault from on-premise/IBM Cloud to AWS without losing state or interrupting certificate issuance.
• Solution: Vault data replication, migration with high availability maintained at all times.

Project Results and Impact

Successful Technical Transformation

Completed migration:

• Successful migration of hundreds of servers from on-premise and IBM Cloud to AWS.
• Zero critical incidents during migrations affecting banking customers.
• Complete decommissioning of legacy on-premise infrastructure.
• Orderly closure of IBM Cloud resources after AWS migration validation.

Modernized infrastructure:

• Multi-region AWS architecture with high availability.
• Application containerization with Kubernetes.
• Infrastructure as code eliminating manual configuration.
• Deployment automation reducing deployment time from hours to minutes.

Operational Improvements

Operational efficiency:

• 70% reduction in new environment provisioning time (from weeks to days).
• Elimination of physical datacenter and on-premise hardware costs.
• Automatic scalability responding to demand without manual intervention.

Improved observability:

• Centralized logging of all services in Elasticsearch.
• Real-time metrics with dashboards in Kibana.
• Proactive alerting detecting issues before user impact.

Business Enablement

Growth capacity:

• Architecture prepared for international expansion of Tink/Visa.
• Elastic infrastructure supporting banking customer growth without architectural changes.
• Reduced time-to-market for new markets and local regulations.

Business integration:

• Facilitation of Eurobits-Tink-Visa technical integration.
• Platform unification preparing for Visa acquisition.
• Solid technical foundation for future mergers and acquisitions.

Technologies and Tools

Lessons Learned

Large-Scale Cloud Migrations

Critical success factors:

• Exhaustive planning: Detailed documentation of dependencies and migration order.
• Parallel infrastructure: Deploy destination completely before migrating.
• Rollback plans: Contingency plans for each service are non-negotiable.
• Rigorous testing: Functional and performance validation before switchover.
• Constant communication: Transparency with stakeholders about progress and risks.

Working in International Environments

Key learnings:

• English documentation: Essential for knowledge sharing between international teams.
• Overlapping hours: Establish common time windows between time zones for synchronization.
• Cultural respect: Adaptation to different work and communication styles.
• Asynchronous tools: Slack, tickets, documentation wiki enable effective work without concurrent schedules.

Managing Legacy Infrastructure During Modernization

Delicate balance:

• Don’t neglect legacy: Old infrastructure requires continuous attention until complete decommissioning.
• Double operational load: Managing legacy and new infrastructure simultaneously doubles complexity.
• Temptation to migrate quickly: Urgency to complete migration should not compromise stability.
• Knowledge transfer: Documenting legacy infrastructure is critical when original experts are no longer present.

Conclusion

This infrastructure transformation project for an Open Banking platform represented one of the most complex and rewarding technical challenges in my career. Managing the complete migration of hundreds of servers from legacy on-premise infrastructure to modern cloud architectures in AWS, all while maintaining service to critical banking clients without interruptions, required a unique combination of deep technical expertise, strategic planning capabilities, and international coordination skills.

The successful transformation of Eurobits Technologies during its evolution from specialized Spanish company, through its acquisition by Tink, to its final integration into Visa, demonstrates how modern cloud infrastructure enables the business agility necessary in today’s fintech sector. The project established a solid technical foundation that allowed the company to rapidly adapt to the new Open Banking paradigm and position itself as a technology leader in the European banking data market.

The 2-year engagement (2022-2024) delivered modern, automated, and scalable AWS infrastructure, supporting constantly evolving business requirements during three significant corporate changes, with zero critical incidents affecting banking customers throughout the entire transformation process.

---