Zeta is in the business of providing a full-stack, cloud-native, API-first neo-banking platform including a digital core and a payment engine for issuance of credit, debit, and prepaid products. These products enable legacy banks and new-age fintech institutions to launch modern retail and corporate fintech products.
Zeta currently provides its platform and products to BFSI issuers in India, Asia, and LATAM. Zeta’s products are used by banks such as RBL Bank, IDFC First Bank, and Kotak Mahindra Bank, 14000 corporates, and over 2 million users. Zeta is a SOC 2, ISO 27001, ISO 9001:2008, PCI DSS certified company.
How does Zeta continuously deliver at these high levels without compromising on security? Let us take a look at Zeta’s tech stack to find out.
A server application is designed to install, operate, and host applications and associated services for end-users.
Technology used: Kubernetes, GitOps, Apache Openwhisk, Apache Flink, and Camunda.
Following are the runtime applications in Zeta.
- Atlantis is a docker runtime container deployed using GitOps based end-to-end orchestration with the help of Kubernetes.
- Aster is an open-source serverless platform run on Apache Openwhisk that runs various short-lived jobs on-demand.
- Rhea is an application used to execute BPMN workflows that run on the Camunda platform.
- Perseus is an adaptation of Apache Flink to run complex event processing tasks. Apache Flink is a framework and processing engine used for computations at any scale.
We use Camunda to define workflows and automate decision-making.
Apache Flink provides a high-throughput, low-latency streaming engine and supports event-time processing and state management. It has allowed us to perform computations at any scale.
Technology used: Kubernetes, Kong, and Calico.
A cluster management tool is an essential service used to group the clusters and nodes. This is used to:
- Monitor nodes in the cluster.
- Configure services.
- Administer cluster services.
We prefer using open-source systems in our tech stack. That is why we use Kubernetes as our orchestration system to efficiently manage and deploy containers.
Ingress and API Gateways run using Kong. Kong supports high availability clusters and an extensive range of plugins to address various concerns like authentication, security, and monitoring.
We have also developed 2 in-house tools, Sprinkler and Hades. Sprinkler is our Egress gateway and Hades is our file input/output gateway.
We use the Calico plugin to manage the container network interface.
We are evaluating Istio to adopt it as our open service mesh. A service mesh controls how different parts of an application share data with each other.
Technology used: Apache Kafka, Apache Nifi, Apache Flink, KSQL, and Kafka.
A messaging system transfers data from one application to another. We use the following components to seamlessly transfer messages within Zeta’s various applications and clusters.
- Apache Kafka is used as a message broker. It allows us to handle high volumes of data and passes messages from one end to the other.
- Atropos is a message-based integration bus based on Kafka developed by Zeta.
- Apache Nifi is used to implement ETL Pipelines.
- Perseus, developed by Zeta, uses Apache Flink to process complex events.
- Sinope uses KSQL and Kafka connectors to bridge the message/event world and the batch/file world. KSQL and Kafka connectors enable rich data integration and streaming.
Technology used: Postgresql, Amazon S3, Amazon RedShift, ClickHouse, and Redis.
Postgresql is used to store transactional data and Amazon S3 is our data lake. We use Amazon RedShift and ClickHouse as our data warehouse and Redis, an open-source memory data structure, to store cache.
Application Performance Monitoring (APM) and Business Performance Monitoring (BPM) uses the ElasticSearch engine.
Technology used: Presto SQL, Sparta, and Apache Superset.
The data processing unit is an essential part of any server application. It converts data available in the system (machine-readable data) to a human-readable format.
We use the Presto SQL query engine to process big data and Sparta for stream processing. Stream processing allows us to convert data in motion directly to continuous streams.
The Power Centre stores various data models and allows us to modify data and enables the reuse of data. The Power Centre is an adaption of Apache Superset.
Technology used: Jenkins, ArgoCD, and Sonarqube.
Jenkins is used for Continuous Integration (CI) and ArgoCD for Continuous Deployment (CD).
Our servers use Sonarqube, an open-source platform, for static code analysis.
Technology used: Grafana, Kibana, Fluentd, and Hypertrace.
Observability is defined as the ability of the internal states of a system to be determined by its external outputs. External outputs can be anything such as alerts, visual representation, and infrastructure tracing.
We have developed Prometheus as our event monitoring system. Prometheus stores all metrics in the database.
We use Grafana for our dashboards and alerts and Kibana for log analysis. The purpose of both these applications is to visualize and navigate data. We also use Fluentd, an open-source data collector, for logs and metrics collection.
All applications should have a distributed tracing system. Hypertrace is our tracing system. It helps us debug applications and log information about their execution.
Technology used: HELK and Jackhammer.
Security monitoring is another essential unit to analyze data to detect any suspicious behavior or changes to the network.
HELK is an ELK (Elasticsearch, Logstash & Kibana) stack with advanced hunting analytic capabilities provided by the implementation of Spark and Graphframes technologies.
Kratos, an in-house adaption of Jackhammer, is our Security CI.
We are evaluating RockNSM, a premier sensor platform for Network Security Monitoring (NSM) hunting and incident response (IR) operations.
Hardware Security Module (HSM)
Technology used: Safenet, Gemalto and nCipher/ Entrust nShield Solo.
HSM manages digital keys, encryption and decryption, and provides strong authentication. We use the following HSMs:
- Safenet and Gemalto as Network HSM.
- nCipher/ Entrusy nShield Solo.
- Harpocrates, developed by Zeta, is our HSM as a service interface.
Technology used: Firebase Hosting, Websockets, HTTPS.
Languages used: Kotlin, Java, Objective C, Swift.
We develop mobile applications as native apps, React Native apps, and web apps.
Kotlin and Java are used to develop our Android applications and Objective C and Swift for our iOS applications.
Firebase Hosting helps with Analytics and Crash detection in the server. Websockets and HTTPS make it possible for two-way communication between the server and the user.
Technology used: Typescript, SCSS transpilers, Vue.js, Bulma, Buefy, Webpack, Rollup, Verdaccio, Lerna, and Sentry.
Typescript and SCSS transpilers convert program code from one language to another.
Verdaccio, an NPM registry, serves the purpose of a Private NPM repository. The repository is managed by Lerna, a workflow optimization tool. Sentry, an Application monitoring tool, is used to monitor errors.
Technology used: Trivy, Clair, CloudSploit, MobSF, ZAP
The challenge when building a product is how we balance ease of use with security. At Zeta, we use Trivy for CI docker scanning and Clair for CD docker scanning.
CloudSploit is our Cloud Security Posture Management. We use MobSF for mobile application security.
ZAP for web applications is all in CI/CD.
Best Tech Stack = Best Performance?
Building a system that can provide these functionalities and process over 1 million transactions per second is not easy. While Zeta uses the best tech stack, building a robust framework to continuously deliver at the highest levels without compromising on security would not have been possible without Zeta’s talented engineers.