← Implementation Job Ladder

Banno Online Implementation Guide

Banno Online Overview

Deploying Banno Online for an FI requires coordination across multiple teams; implementations, techops, Online(web-server). This document is intended to provide the steps necessary for each team that participates in the process.

Onboarding

Requirements

The domain the FI is using cannot be the zone apex or root domain, they must provide a sub-domain. For example their banno-online site cannot be domain.com, but must instead be xyz.domain.com. This applies even if they want to use a domain different than their main domain. Furthermore, they cannot have an MX record associated to the sub-domain. If they don’t want to add JHA to their main domain’s MX record then they’ll need to setup a separate subdomain for mail that isn’t tied to the same subdomain they’re using for banno-online.

DNS

  • Do we host their DNS? This should be established before contacting the customer and confirmed on the kick-off call.

To find out from terminal run dig +noall +answer domain.com NS with their domain name; do not use sub.domain.com. If the results include one of the following it’s very likely we host their DNS. Treat * as a wildcard match for any number.

ns-*.awsdns-*.net
ns-*.awsdns-*.org
ns-*.awsdns-*.co.uk
ns-*.awsdns-*.com
*.profitstars.com
*.profitstars.bank
*.bancinternetgroup.com
*.goldleaf.com (pretty sure I've seen this once)
*.jackhenry.com
*.jackhenry.bank

Implementations

Tracks the site deploy process through the Wrike project management platform. When needing to move from onboarding to implementation an issue should be created for the nodejs team in the Banno/web-server and Banno/Operations repositories on github.

Grip Assets

The FI must be added to the grip-assets repository:

  • A properties.json file must be created with the FI configuration.
  • Design assets need to copied from the gitlab repo to the FI’s folder in grip-assets.

Banno/web-server

Create a “New FI” issue for Banno/web-server with the coordinator’s name, FI name, Institution ID, and domains. Domains could be plural if it is rolled out to staging and UAT in addition to the production domain.

An engineer will assign themselves to the issue and feed the info into Jenkins. Jenkins creates a PR and runs the sanity tests. When it’s merged the open issue will be closed out. Changes are generally deployed to production within 48 hours.

The server-config.json lists every FI that has been setup.

Banno/Operations

Create a new issue for Banno/Operations with the Cert order information including the FI contact info and production subdomain. The staging and uat domains are not required. Attach the labels banno-online and Comodo Cert and add it to the Operations work project.

Issue Title: [FI name] OLB Deploy
Issue Contents

Related to Banno/web-server#[issue number](the one generated when creating the issue above^)
ex. Banno/web-server#277

Launch Date: [20xx-xx-xx]

## Cert Info
Company Name: [FNB of Frostbite Falls]
Company Division: [IT]
First Name: [Bob]
Last Name: [Smith]
Title: [IT Manager]
Address: [1234 Main St.] 
Contact Email: [bsmith@fnbff.com]
City: [Frostbite Falls]
State: [MN]
Zip code: [12345]
Phone: [555-123-4567]

## Subdomain
[my.fnbff.com]

## DNS
Does Banno host their DNS? Y/N
If YES, techops will also create a CNAME DNS record in addition to the DCV DNS record.

TechOps

An engineer will assign themselves to the issue and begin the certificate order process with Comodo. They will check the issue to see if we host their DNS and if so create the CNAME DNS record for the FI’s sub-domain. They’re expected to ping the Cert Vendor (Comodo) and the FI every few days to make sure the cert order is moving along. CC implementations@banno.com for all communications to the FI or Comodo. TechOps has an expanded process they use to track the cert order process. Once the certificate order is complete the files will be copied to environments/production/vault/banno-online-certs/. A PR will be created and after the change is merged then the key pair will be written to vault.

  • Cert Order
  • DNS TXT record for Domain Control Validation DCV) required for the Certificate Order process
  • Cert Install
  • DNS CNAME record
    - Top Level Domains(TLD) not including .bank should use sub.domain.com CNAME online.banno-production.com. the TLD .bank should use sub.domain.bank CNAME banno-online.jackhenry.bank - Click on RE-SIGN in DNSSEC

Exceptions

  • If the EV certs has not been issued prior to 7 BUSINESS days out from launch a backup standard SSL cert should be ordered. The EV cert order will continue to process and the standard SSL cert will be a temporary measure to get the site working. This will ensure we’re able to test ahead of the site’s GO LIVE date.

Testing

DNS

Part of this process involves either the FI or our TechOps (if we host DNS) creating DNS record for the subdomain being used. Use the dig command to validate if that step is completed; dig +noall +answer [onlinebanking.domain.com] CNAME. The record should point to either online.banno-production.com or if a .bank domain then to banno-online.jackhenry.bank

$ dig +noall +answer go.commerceonebank.com CNAME
go.commerceonebank.com.	3598	IN	CNAME	online.banno-production.com.