Evolving Database Schemas in Banking Microservices Without Downtime
David Shergilashvili
Enterprise Architect & Software Engineering Leader | Cloud-Native, AI/ML & DevOps Expert | Driving Blockchain & Emerging Tech Innovation | Future CTO
Banking never sleeps. Whether it's ATM withdrawals at midnight, international transfers, or mobile banking at dawn, customers expect constant availability. Yet banking systems must continuously evolve to meet new business requirements, regulatory changes, and security needs.
One of the most challenging aspects of this evolution is modifying database schemas in production systems. Traditional approaches require downtime – a luxury banking systems simply cannot afford. This article explores how financial institutions can successfully implement database schema changes with zero downtime using the expand/contract pattern in a microservices architecture.
The Banking Challenge: Continuous Service vs. Necessary Evolution
Financial institutions face a fundamental tension: their systems must remain operational around the clock while simultaneously evolving to meet new demands. In traditional environments, schema changes often meant scheduled maintenance windows – periods of planned downtime when changes could be safely implemented.
Modern banking has largely eliminated these windows. The growth of digital banking, global operations, and 24/7 customer expectations has made even brief periods of unavailability unacceptable. Meanwhile, microservices architectures have added complexity, with multiple services potentially interacting with the same database concurrently.
Understanding Zero-Downtime Schema Migrations
A zero-downtime migration allows you to update database schemas without interrupting service availability. Unlike traditional "big bang" migrations that require stopping the system, applying changes, and restarting, zero-downtime approaches maintain continuous operation throughout the process.
The key principle is backward compatibility – ensuring new schema changes don't break running application code, and new application code can handle the old schema until migration completes. This is especially critical in microservices environments where multiple service instances might be accessing the database simultaneously.
The Expand/Contract Pattern: A Strategic Approach
The expand/contract pattern (also known as parallel change) provides a methodical framework for implementing backward-incompatible changes safely. Martin Fowler describes this pattern as executing changes in three distinct phases:
This approach breaks potentially risky changes into controlled, reversible steps. At no point is the system in an incompatible state – both old and new schemas coexist until the transition is complete.
Core Principles for Banking Schema Changes
When implementing schema changes in banking systems, several principles are essential:
Preserve Backward Compatibility: Each change must allow both old and new application versions to function correctly. The schema must temporarily support both data models.
Avoid Premature Removal: Never drop existing structures in the same deployment that introduces new ones. Removing data structures too early will break code that depends on them.
Defer Constraint Enforcement: Don't immediately add constraints (like NOT NULL or foreign keys) that could reject existing data during the transition phase.
Implement Redundant Writes: During transition, write to both old and new schemas to keep data synchronized and enable rollback if needed.
Migrate Data Gradually: Move existing data from old to new structures incrementally in the background, without freezing operations.
Monitor and Verify: Continuously check that the application works correctly and data remains consistent between schemas.
Plan for Rollback: Design each step to be reversible if problems emerge, at least until the final transition.
Respect Service Boundaries: In microservices, maintain the principle that only the service owning a database should access it directly. Other services should use APIs or events.
Real-World Example: Normalizing Customer Addresses
Let's examine how a bank might apply these principles to a common scenario: evolving a customer address schema from a simple text field to a normalized structure.
Initial State
The Customer Profile microservice initially stores addresses as a single text field in the Customer table:
Customer Table:
id | name | address (text) | other fields...
Business requirements now demand more structured address data to:
The target state is a normalized schema with a separate Address table:
Address Table:
address_id | customer_id | street | city | postal_code | country | type
This transformation requires careful orchestration to maintain continuous service.
Step 1: Expand – Adding the New Schema
The first phase introduces the new schema elements without affecting existing functionality.
Database Change:
CREATE TABLE address (
address_id BIGINT PRIMARY KEY,
customer_id BIGINT,
street VARCHAR(255),
city VARCHAR(100),
postal_code VARCHAR(20),
country VARCHAR(100),
address_type VARCHAR(20) DEFAULT 'PRIMARY'
);
Notice the absence of constraints like NOT NULL or foreign keys – these will be added later to avoid complications during migration.
Application Change: At this stage, the application continues using only the old address column. The new table exists but remains unused and empty.
Using a tool like Flyway or Liquibase ensures this change is applied consistently across environments and tracked in version control. This is a non-disruptive change since it merely adds database objects without modifying existing ones.
Step 2: Dual Writes – Populating Both Schemas
Next, the application begins writing to both schemas simultaneously while still reading exclusively from the old one.
Application Change: When customers update their addresses, the service now writes to both locations:
// When a customer updates their address
customer.setAddress(formattedAddressText); // Update legacy column
customerRepository.save(customer);
// Also update new normalized structure
Address addressEntity = new Address();
addressEntity.setCustomerId(customer.getId());
addressEntity.setStreet(parsedAddress.getStreet());
addressEntity.setCity(parsedAddress.getCity());
// Set other fields...
addressRepository.save(addressEntity);
This dual-write approach ensures that from this point forward, any address changes are reflected in both schemas. It's often wise to implement this behind a feature flag, allowing gradual activation and quick disabling if issues arise.
The application continues reading exclusively from the old address column during this phase, ensuring consistent behavior for users.
Step 3: Data Migration – Handling Historical Records
With dual writes in place for new changes, we must address historical data. All existing customer addresses need to be copied to the new structure.
This migration should run in the background without disrupting operations. For a large banking database with millions of customers, this requires careful planning:
Migration Strategy: Rather than one massive operation, process records in manageable batches:
-- Process in batches of 500-1000 records
INSERT INTO address (customer_id, street, city, postal_code, country)
SELECT id,
-- Functions to parse address components from text
extractStreet(address),
extractCity(address),
extractPostal(address),
extractCountry(address)
FROM customer
WHERE id BETWEEN ? AND ?
AND address IS NOT NULL;
Alternatively, create an application-level migration service that processes records incrementally, with sophisticated error handling and parsing logic.
Consistency Considerations: Since the system remains live during migration, addresses might change while the migration is in progress. The dual-write mechanism from Step 2 ensures any recent updates are reflected in both schemas. For historical records, you might track which customers have been migrated and skip those that have been updated since dual-writes began.
Regular verification queries should confirm data consistency between schemas. By the end of this phase, every customer address should exist in both the original column and the new table.
Step 4: Switching Reads – New Schema Becomes Primary
Once both schemas contain synchronized data, the application can begin reading from the new structure.
Application Change: Deploy a version that retrieves addresses from the Address table instead of the Customer.address column:
// Previously: return customer.getAddress();
Address address = addressRepository.findByCustomerId(customerId);
return formatAddressFromComponents(
address.getStreet(),
address.getCity(),
address.getPostalCode(),
address.getCountry()
);
Crucially, the application should continue writing to both schemas during this phase. This redundancy maintains the ability to roll back to reading from the old schema if necessary.
Monitor this transition carefully – if any issues arise with the new schema or query performance, you can quickly revert to using the old structure since it's still being kept current.
Step 5: Contraction – Removing the Legacy Schema
After running successfully on the new schema for a sufficient period (potentially weeks), the final phase removes the legacy elements.
First, stop the dual writes:
// Remove writes to old column
// customer.setAddress(formattedAddressText);
// Only write to new schema now
addressRepository.save(addressEntity);
After confirming everything functions correctly with single writes, you can eventually drop the old column:
ALTER TABLE customer DROP COLUMN address;
Now is also the appropriate time to add constraints that were deferred earlier:
ALTER TABLE address ALTER COLUMN street SET NOT NULL;
ALTER TABLE address ADD CONSTRAINT fk_customer_address
FOREIGN KEY (customer_id) REFERENCES customer(id);
The migration is complete – the schema now fully implements the new design without any service interruption.
Microservices Considerations
In a microservices architecture, changes must consider both internal database schemas and external interfaces.
API Evolution
If the Customer Profile service exposes customer data through APIs, these interfaces need similar careful evolution:
For example, an API might initially return:
{
"customerId": 12345,
"name": "John Smith",
"address": "123 Main St, Springfield, IL 62701"
}
During transition, it would return both formats:
{
"customerId": 12345,
"name": "John Smith",
"address": "123 Main St, Springfield, IL 62701",
"addressComponents": {
"street": "123 Main St",
"city": "Springfield",
"state": "IL",
"postalCode": "62701"
}
}
Eventually, it would only provide the new structure.
Event Schema Evolution
Many banking microservices communicate through events (e.g., using Kafka). When changing event schemas:
Common Pitfalls and Mitigations
Despite careful planning, several challenges may emerge during schema migrations:
Data Divergence
During dual-write phases, data in old and new schemas might become inconsistent if one update succeeds while the other fails.
Mitigation: Use transactions where possible to ensure atomic updates. Implement regular reconciliation checks to detect and resolve inconsistencies.
Deployment Timing
With rolling deployments, some service instances may be on the old version while others use the new version, creating race conditions.
Mitigation: Ensure all versions support both schemas during transition. Carefully sequence deployments to maintain compatibility at each stage.
Performance Impact
New schema structures may perform differently, especially for complex queries.
Mitigation: Add appropriate indexes before switching reads. Test query performance thoroughly in staging environments with production-like data volumes.
Migration Duration
For large datasets, migrations may take longer than expected, extending the period of dual maintenance.
Mitigation: Design the system to operate indefinitely in the expanded state if necessary. Process data in batches and monitor progress carefully.
Inadequate Rollback Testing
Teams often test the forward path thoroughly but neglect to verify rollback procedures.
Mitigation: Practice rollbacks in testing environments. Ensure monitoring can quickly detect issues that might necessitate reverting changes.
Best Practices for Banking Environments
Financial institutions should adopt these proven practices for schema migrations:
Use Database Migration Tools: Employ tools like Flyway or Liquibase to manage schema versions in source control and apply changes consistently across environments.
Feature Flagging: Implement toggles to control when new functionality activates, decoupling deployment from feature activation.
Comprehensive Testing: Test migrations with production-scale data volumes in staging environments before production deployment.
Monitor Data Consistency: Implement automated checks to verify that data remains consistent between old and new schemas throughout the migration.
Document Changes Thoroughly: Maintain clear documentation of schema changes for audit purposes and future maintenance.
Plan for Regulatory Compliance: Ensure all changes maintain required audit trails and data integrity for regulatory reporting.
Conduct Post-Migration Verification: After completion, verify that all functionality works correctly and all data was properly migrated.
Conclusion
Zero-downtime schema migrations in banking environments require careful planning, incremental execution, and constant verification. The expand/contract pattern provides a structured approach that maintains continuous service while allowing necessary evolution.