Let's consider how this works in practice, using the example of “Alliance” Corporate Bank, which managed to make a breakthrough in development, expanding its presence in new segments and improving the quality of interaction with existing clients.
In the partner project Liga.Tech from Accord Group, Oleksandr Drahin, the Head of Information Technology Department at “Alliance” Bank, talks about the journey undertaken and the problems which were solved after updating the Bank's IT infrastructure. In addition, Victor Rudenko, the Accord Group Information Systems Architect, also comments on each stage of the work done on the way to upgrade the Bank's IT infrastructure.
We build priorities in improving manufacturability
I was invited to take the position of CIO of “Alliance” Bank at a time when the IT infrastructure no longer met the needs of the business. Everyone involved in the process understood that a comprehensive technological restructuring is required.
At the same time, my task as a manager was to ensure not only the functional component of the IT infrastructure after modernization, but also to carry out changes with a minimum burden on the business, both in the organizational and economic sense.
Before starting, we agreed to formulate priorities. I built a project map according to past experience and the need to solve three key tasks:
- ensure the continuity of business processes and services;
- ensure information security;
- create a technological base for launching modern digital services.
Based on the results of the audit, the key element of the modernization project was the transition to a software-configured network (SD-WAN).
SD-WAN are software-defined distributed networks. Their task is intelligent traffic management, often with a single control point for the entire infrastructure.
Victor Rudenko, the Information Systems Architect of Accord Group: “In the case of Alliance Bank, we encountered a set of classic problems inherent in the “patchwork” approach to integration: information systems are assembled from solutions from different manufacturers, which in itself leads to partial incompatibility, and incorrect settings complicate the situation even more. Thus, the task of ensuring continuity based on the results of an IT audit has acquired the scale of a comprehensive modernization, which concerns all levels of the IT infrastructure.”
We improve the whole system by solving specific problems
Speaking the same language with business means formulating the problem in terms that are valuable to management. That is why all the rhetoric on IT infrastructure modernization was built around the solution of tasks that are very understandable to a non-technical specialist.
I found it easier to convey the importance of a particular project through the prism of dealing with four key risks:
- Loss of access to services by clients and internal clients.
- Data Center unavailable.
- Significant increase in the risk of cyberattacks.
- Uneven use of innovations.
In terms of IT architecture, the bank and I went all the way from the bottom up in the modernization process. We streamlined:
- the structured cabling system;
- network equipment (wired and wireless) in the main branch and throughout the Bank's network;
- information security system;
- server systems;
- virtualization system (including piloting of VDI systems – virtualization of workers' workplaces);
- backup system;
- implemented basic Microsoft services.
At the same time, it was the modernization of the network infrastructure and the implementation of SD-WAN that largely contributed to the development of clear mechanisms for dealing with the four problems that Oleksandr mentioned.
In particular, the limitation of the current architecture was visible in the network infrastructure even at the audit stage. The network core, built on Fortigate 300E equipment, clashed with equipment from another manufacturer deployed in branches, which complicated network administration and significantly hindered development paths.
We were looking for options to solve the problem in the best way, namely, to build up the network infrastructure, based on what had already been deployed in the bank. Yes, we suggested upgrading the branches with FortiNet equipment (routers, switches and access points). Thanks to this, it became possible to fully use the functionality of the FortiManager management system and the FortiAnalyzer network event analytics system, which the bank had already used to a limited extent.
Problem No. 1: loss of access to services by clients and employees
Reason: an emergency situation in one of the intervals of the provider's communication channels.
Solution: the Bank uses redundant communication channels for branches and offices. If a failure occurs on one of the channels, redundancy allows you to switch the operation of services in a semi-automatic mode through the backup channel.
The use of SD-WAN allowed us to use the primary and secondary link simultaneously, providing a better environment for critical application traffic, as well as automating switching in emergencies.
What's more, in the past, when we used older hardware, administrators had to manually resume services back up in the event of an emergency. This means that the interruption in the work of the end user could reach half an hour. Now this update happens automatically (unless it is an accident at the backbone level). The system gets back up and running almost instantly, while the IT professional has the opportunity to discuss with the provider the reasons for the failure.
Problem No. 2: temporary unavailability of the Data Center (DC)
Reason: the source of the problem can be both physical problems in the Data Center itself, for example, due to interruptions in the operation of the power supply or air conditioning system, or failure of communication channels.
Solution: a backup Data Center is a Bank's traditional solution to the problem of Data Center availability. The Alliance Bank, despite the fact that financial institutions often prefer to create their own Data Centers, decided to use the Data Center in a managed service format. Thus, we, as a small bank that cannot afford investment volumes comparable to the creation of a highly reliable backup Data Center for ourselves, have optimized costs and solved the problem of fault tolerance thanks to the capacities of a professional service provider. Reliable power supply, fire extinguishing system, air conditioning, etc. are integral components of the service, allowing controlling the risk of Data Center unavailability.
Victor Rudenko, the Information Systems Architect of Accord Group: “The distributed core of the “Alliance” Bank network consists of three nodes, each of which is tied to a particular Data Center. Thanks to SD-WAN technology, traffic distribution across the core occurs automatically with minimal intervention from system administrators. So, a failure in one node will occur without interruption in the operation of services, and the failure of two Data Centers will lead to a stop of only a part of non-critical services.”
Problem No. 3: significant increase in the risk of cyberattacks
Reason: digitalization and the development of a cybercriminal economy against the backdrop of the erosion of the network perimeter due to the consequences of the pandemic and the transition to remote work.
Solution: It is clear that just like any other financial institution, we are obliged to comply with the requirements of the regulator to protect client data. In general, cybersecurity is already referred to as a hygienic factor in the existence of a bank. In our case, we have introduced a whole range of solutions, from antiviruses to a monitoring system, and we are constantly working with the user to improve digital literacy.
Viktor Rudenko, the Information Systems Architect of Accord Group: “The uniqueness of the Fortinet SD-WAN deployed by us lies in the fact that it provides integrated SD-WAN network capabilities and a security system within a single device. So Fortigate UTM has a firewall functionality that is typical today, intrusion prevention systems (IPS), VPN gateway, web traffic filtering system (URL filtering, streaming anti-virus system for web traffic), and mail traffic filtering system (spam message filtering and anti-virus system for mail traffic). In addition, all FortiNet solutions offer a very user-friendly administration interface, and the mutual integration of FortiNet devices allows you to analyze traffic not only within the network perimeter, but also within the network, which reduces the risk of attacks from the inside.”
Problem No. 4: Uneven implementation of new IT services against the backdrop of limited resources of IT specialist
Reason: so historically, in the process of the gradual formation of the bank's regional network, the branch IT infrastructure was built from different IT solutions. As a result, updating or upgrading a network of non-matched devices required significant time and effort. And since the Bank's IT staff is small, they have to solve many tasks at the same time.
Solution: First of all, we unified the standard of the bank's network equipment, which significantly increased the agility of the IT Department. We were able to quickly open small branches up to six people, quickly set up equipment and provide quality service. We also took care of the maximum automation of network infrastructure management. And the “icing on the cake” was the creation of the Service Desk system, which formalized and automated the process of servicing internal users in terms of managing applications.
Viktor Rudenko, the Information Systems Architect of Accord Group: “When choosing a solution to modernize the network infrastructure, one of the key requirements was maximum automation due to the desire to free system administrators from performing routine tasks. The SD-WAN solution from FortiNet not only fully satisfied this need of the bank, but SD-WAN as a software-defined environment allows using all available network resources and automatically respond to changes in both topology (such as a failure of one of the channels or deterioration in its performance) and traffic parameters (changes in the “pattern” of network traffic , increase in traffic of one or more services, etc.).”
Let's analyze this with an example. Suppose the department has two main communication channels: optics via operators and a backup 4G channel.
During normal operation, service traffic is distributed between the main channels in accordance with the policies governing all bank services in the context of:
- service criticality;
- minimum and recommended resources;
- necessary network parameters (for example, such as traffic transmission delay).
When the traffic of one service grows, the traffic of others is redistributed in such a way as to equalize the channels load and ensure the proper level of service.
When one of the main channels fails, in addition to the administrator's message, the traffic transfer policies are automatically reconfigured – all traffic is determined in one main channel, and the traffic of non-critical programs is compressed as much as possible or disabled altogether (for example, IP telephony).
When two operator channels fall, the traffic of all services is blocked, except for those vital for the bank, and the traffic is sent to the backup 4G channel.
And all this without the participation of a network administrator!
Thus, it is possible to achieve the effect when critical situations go unnoticed by users if administrators quickly resolve the failure at the level of the telecom operator.
The modernization of the Bank's IT infrastructure took two years. When implementing the Fortigate system and SD-WAN technology, we acted in stages. First, within two months, they tested a new ideology in one branch, developed equipment and settings standards, and then scaled the proven practices to the entire bank network.
In terms of IT Department activity, we managed to:
- improve the quality of service for internal customers;
- minimize the influence of the human factor on processes;
- increase the productivity of IT specialists by reducing the share of routine tasks, including network monitoring, in the total volume of tasks and automating problem response.
In general, the resilience to failure and the availability of bank services have increased, which positively affected the indicators of interaction with clients.
And most importantly, the basis for further digitalization of processes was created. Thanks to the modernization of the IT infrastructure, the bank was able to enter new markets and launch new services. For example, we are currently working on a large remote customer service project.
Every business that seeks to launch new products needs a developed IT infrastructure. Therefore, our recommendation to everyone is to develop a framework and then move on to full-fledged digitalization. We ourselves have gone this way, and it has shown its effectiveness.