Search
Free Trial

Hongke's latest articles

HongKe

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

HongKe Solutions] Observability Budget Busting: How Redis + Grafana Saved Hong Kong Banks $1.4 Million in 2 Years?

When you spend more than $10,000 a year on Dynatrace, you'll be able to get more than $10,000 a year. US$800K The problem is no longer "functionality", but rather an imbalance in the "observable rate of return on investment". For Hong Kong banks, the real competitive pressure lies in: can you cut down the 2-year TCO on the premise of maintaining the monitoring effect above 70%? US$1.4MIn addition, the HKMA has been able to produce evidence that is justifiable under the "risk-based and technology-neutral" framework during the HKMA's review.

01. Introduction: Observability Costs Are Eating Your Security Budget

Dynatrace's official price list shows that Full-Stack Monitoring is around US$58 per month per 8 GiB host, which, combined with infrastructure monitoring, security modules and actual host counts, can easily add up to hundreds of thousands or even more than a million dollars per year in medium to large environments. level. For a Hong Kong bank running hundreds to thousands of VMs, Kubernetes nodes, containers, and multi-region environments, it's no exaggeration that the APM/observability bill has jumped to the "top 5 IT expenses".
At the same time, the HKMA has re-emphasized its "risk-based, technology-neutral" supervisory approach in its latest revision of TM-E-1: it does not prescribe which instrument to use, but rather requires banks to implement risk management controls that are commensurate with the risk and "fit for purpose" and to assess their effectiveness through ongoing inspections and off-site reviews. Rather, it requires banks to implement risk management controls that are commensurate with risk and "fit for purpose", and to assess their effectiveness through ongoing examinations and off-site reviews. In other words, in the eyes of the regulator, the focus is never on "did you use Dynatrace", but rather on "can you demonstrate that critical services are properly monitored and that exceptions are detected and addressed in a timely manner".
For CISOs, cost-sensitive CIOs and CFOs, this opens up a very real question: in the "Dynatrace alternatives Hong Kong" option, is there a way to use an open stack such as Redis + Grafana to make a new product in 2 years? Real-time monitoring cost comparison Overwhelming Advantage on - without Regulatory Challenge?

02. Three Core Values: How Redis + Grafana Cut Costs Without Sacrificing Risk Management

Value #1: Change from a "full stack black box" to a "key indicator white box" to capture the 80/20 first

Pain Points: Traditional Dynatrace-style stacked observability, where metrics, traces, and logs are all wrapped into a single authorization pricing model, may seem convenient, but it actually creates several problems:
  • You're forced to pay for an entire cluster with tons of non-critical services for the APM functionality of a few critical systems.
  • Once the Log/metrics retention is stretched and the number of subjects monitored expands, the annual bill will explode in a near-linear fashion.
  • Most teams end up using the 20-30% feature in depth, but pay 100% for the subscription.
Redis + Grafana response:
  • Redis Enterprise natively provides monitoring endpoints exposed in Prometheus format, covering a wide range of metrics at the cluster, node, database, slice, and proxy levels, which can be collected by Prometheus and visualized and alerted in Grafana.
  • Redis officials and the community also provide specialized observability templates and Grafana dashboards covering ops/sec, latency, memory usage, replication lag, Active-Active indicators, etc., so that you can have a white-box view of "where the bottlenecks are". visibility into "where the bottlenecks are".
  • You can change the strategy from "all platforms on APM" to "keep complete tracking only for the really critical applications, and metrics-first + event sampling for the rest of the system", and focus the paid functions on a few core services.
Real-world effectiveness (a CFO-friendly way of saying numbers):
  • A Hong Kong financial group, with 600+ services and over 100 nodes, changed the original 100% model of relying on Dynatrace to one in which the core payment/transaction system still retains APM, and the remaining 70% systems use Redis metrics + Prometheus + Grafana.
  • Evaluations of the effectiveness of event detection and capacity planning show that the new stack can achieve about 70% Visibility and problem localization (for non-core systems), but overall observability authorization costs are reduced. 75%(two-year rolling TCO comparison).

Value 2: Turning Redis into a "real-time health metrics bus" so that alerting and automation are no longer tied to a single cloud platform

Pain Points: When your observability is completely dependent on a single SaaS platform, it's not just a matter of licensing costs:
  • Alarm logic and SLO metrics determination is locked to a specific tool language and UI, and cross-team collaboration requires manual screenshots and data movement.
  • Under multi-cloud/hybrid cloud architectures, different monitoring agents and network paths cause delays and blind spots, making it difficult to standardize the true "platform health".
  • Once the tool is licensed or adjusted, your alerting rules and dashboards will have to be reorganized as well.
Redis + Grafana response:
  • Using Redis as a "real-time status bus", key SLIs (e.g., API failure rate, latency fraction, error code distribution, number of merged connections) are aggregated and written to Redis, and then pulled, visualized, and alerted centrally by Prometheus/Grafana.
  • Redis Enterprise provides a metrics endpoint for observability cases that can be scraped by Prometheus, allowing you to display both Redis itself and application-level metrics in Grafana for an end-to-end view.
  • For multi-cloud/multi-data center deployments, you can combine the Active-Active capability of Redis to synchronize metrics or health status of each location to a unified observation plane, avoiding the situation where "something goes wrong in one area, but the master control still thinks everything is fine".
The effectiveness of the campaign:
  • In a multi-cloud (AWS + on-prem) environment, a regional financial group migrated the alerting logic, which was originally bound to a specific APM provider, to Redis Centralized Aggregation + Grafana presentation, allowing the SRE team to continuously evolve the alerting policy without relying on a particular SaaS tool UI.
  • In terms of "system health" and "time to detection of anomalies," two of HKMA's key metrics, the effectiveness of the tool is not compromised by a change in tool branding - it is even easier to interpret because the data is more centralized.

Value #3: HKMA checks for results, not brands - so let's talk about "saving $1.4 million in 2 years"! Pain Point:

Pain Points: Many banks subconsciously feel that it is safer to "use big name tools" when facing regulatory or internal audits, but in fact, they have ignored the principles that HKMA has been reiterating for a long time: risk-based and technology-neutral. The result:
  • Tool selection has become a "list war" rather than a "control effect war," resulting in increasing observability costs year after year, but limited improvement in problem detection and MTTR.
  • CFOs look at money and CISOs look at risk. Everyone knows that they have to save money, but no one dares to do anything.
The angle of the HKMA is actually very clear:
  • TM-E-1 explicitly states that the regulatory objective is to promote a safe and healthy e-banking environment while maintaining "technological neutrality" and allowing banks the flexibility to choose the technological solution that is appropriate for their risk profile and services.
  • The document repeatedly refers to "risk management controls that are fit for purpose," "timely detection of unauthorized transactions," and "secure network and system design," rather than any particular brand or tool name.
How Redis + Grafana can be answered during a HKMA check:
  • Demonstrate continuous monitoring and capacity management with SLO/SLA reports that show trends in availability, latency and error rates for critical services.
  • Alerts and event reviews show "how it was discovered, how soon it was dealt with, and how to prevent it from happening again", and this data is available in its entirety in a Redis + Prometheus + Grafana stack.
  • In the Real-time monitoring cost comparison, specific TCO figures and performance reports show that you are optimizing your costs in a risk-acceptable manner, in line with the spirit of risk-based regulation.

Conclusion: Do you want "expensive but reassuring" or "effective and affordable"?

When Dynatrace bills exceed US$800K per year and you can't articulate in board and regulatory conversations "what risk reductions you get for that money", you are in fact in a "cost of observability crisis". On the other hand, the HKMA has already stated in TM-E-1 that its regulatory position is risk-based and technology-neutral, so as long as your surveillance and event management controls are "fit for purpose," you don't need to be tied down to any particular brand.
Go to the Redis Product Page

Other Articles

close menu icon

Contact Hongke to help you solve your problems.

Let's have a chat