The introduction of SD-WAN technology allows you to increase the efficiency of managing a geographically distributed corporate data network, simplify work through an affiliate network, and even provide additional services to customers.
In the period of digital transformation, when information technologies from a component supporting a business are gradually turning into a tool for making a profit, the load on the IT infrastructure and, accordingly, the requirements for it increase significantly. The customer of the implementation of IT solutions (development of business applications and services) is increasingly becoming the company’s internal business units. Therefore, all IT-related processes must be controllable, scalable, manageable, and prepared for rapid change.
The leaders of the digital transformation are companies in the financial sector. They follow the needs of their customers, who are actively migrating to the digital environment, for example, are increasingly using mobile applications to make payments. In addition, the IT infrastructure of modern financial institutions must comply with the requirements of market regulators (in particular, personal data legislation or the PCI DSS standard) and reliably protect users from external and internal cyber threats. All of the above factors greatly affect the complexity of the ICT infrastructure.
Effective management of a geographically distributed corporate data network (DSP) allows us to provide the SD-WAN (Software-Defined Wide Area Network) technology that is actively developing today.
BACKGROUND OF TRANSITION TO SD-WAN
In business, speed is very important, including the quick launch of new products and services on the market. For example, so that regional offices can quickly solve problems, IT systems are “geographically redistributed” into such units where there are remotely working employees, as well as personnel with seasonal work schedules.
In the context of reorganization and takeover, banks cannot afford long downtimes due to the fact that new sites must integrate their IT systems and applications into the existing IT landscape. The time when the company had a few months and time windows allotted in advance to complete the KSPD switching, unfortunately, has irrevocably gone. Current realities of KSPD is a set of platforms connected using technologies that differ both in type (Ethernet, MPLS, LTE) and in logic (dedicated channels, Internet). At the same time, communication channels must provide access to at least two data centers to maintain the resiliency of the ICT infrastructure and quickly recover from failures. Do not forget about the purely technical requirements for the network associated with providing the necessary bandwidth, delays, packet loss,
The SD-WAN technology is based on a “smart” controller, which automatically redistributes traffic. In addition, the device allows you to centrally change the settings of network equipment in the branches, monitor the network status, download and quality of the channels in online mode, and eliminate any problems. This ensures transparency in the functioning of the data network and reduces the burden on IT professionals serving the network.
The SD-WAN solution involves the automatic formation of a private network and the transfer of information on all types of available communication channels without loss of speed and quality of application work. For example, before, only an expensive dedicated channel was used to transmit voice or video without failures. Now thanks to the SD-WAN technology, you can use the Internet channel as the main one, and the LTE channel as the backup one. As a result, customers can save on paying bills from telecom operators and solve the issue of reserving VPN channels in a simple and cheap way.
Modern software-defined SD-WAN networks can optimize the cost of leased communication channels and achieve savings of up to 40%. Solutions of this class provide comprehensive security and transparency of the network due to the centralized management of ICT infrastructure.
TASKS TO SIMPLIFY USING SD-WAN
ATM Operation Reducing the cost of servicing ATMs.
Due to the large number of ATMs, the bank’s IT service, as a rule, either does not audit their settings at all, or allocates one or two specialists who perform the only task – compliance control (checking compliance with internal standards and legislative and regulatory requirements). When using SD-WAN, this task is solved automatically, since a single configuration of settings is replicated to all ATMs. It also eliminates the influence of the human factor (for example, errors in prescribing settings).
Changing network settings as a result of changing ATM software.With the classical approach in a network that has, say, more than 2 thousand ATMs, three specialists who have access to them only during off-hours hours for these devices will be able to change network settings within one year. When using SD-WAN, due to the ability to duplicate settings, this process takes up to two months (coverage – 40 ATMs per day).
Minimizing risks in theft of ATMs. SD-WAN technology allows you to quickly “disconnect” an ATM from a trusted network in case of physical theft.
Improving the safety of ATMs. Thanks to software-defined networks, the speed of applying security policies when detecting “holes” in ATM software is increased. Moreover, the development of a new configuration takes days, and its distribution to the entire fleet of equipment – in a matter of weeks.
Improving the availability of the basic service (issuing / receiving money). Currently, ATMs are connected, as a rule, using one or two SIM-cards. In the halls of shopping centers, ATMs connected to different operators at the same time are often the only ones operating and they get all the revenue. SD-WAN technology allows the use of a “bundle” of LTE modems of several operators, thereby increasing the efficiency of ATMs.
Operation of payment terminals.
Broadcasting of advertising and informational content. When using terminals as a means of displaying the advertising content of partners, it is necessary to provide a channel with a bandwidth significantly wider than for transactions in ATMs. The same “bundle” of LTE modems can help with this.
Minimizing the cost of equipment in the terminal and its maintenance, reducing the cost of communication channels.The cost of equipment is reduced through the use of standard devices on the x86 platform instead of specialized routers. Cost optimization for communication channels can be achieved using the “bundle” of any available wired and wireless channels. The use of plug-and-play devices and the implementation of settings through the replication of policies helps to reduce maintenance costs.
Replacement of obsolete equipment.
Modernization of KSPD. Network equipment lasts an average of five to seven years, and then is gradually replaced. SD-WAN solutions from any manufacturer can be integrated into the existing territorial divisions’ KSPD, built on standard VPN technologies or dedicated channels.
When upgrading the ICT infrastructure, the implementation of SD-WAN should be considered in at least two cases:
- the equipment was commissioned in 2012 or earlier, but due to the devaluation of the ruble in 2014, there was no replacement. As a result, the equipment becomes obsolete and the deadline for its removal from service by the manufacturer is approaching;
- used standard routers (for example, Cisco 28xx and 29xx series) are already out of production or from technical support.
Mergers, Acquisitions and Reorganizations
The combination of IT
systems of different banks is not uncommon today. The first step from
which unification begins is to ensure network connectivity.
Speeding up the integration of heterogeneous networks. SD-WAN is the best tool for combining several geo-distributed networks formed after mergers into a single unified network.
Automation of the process of migration to new or additional network elements (firewalls or traffic optimizers).The classical approach has two drawbacks: migration is done manually, and it takes months, or even years, and the absence of IT specialists with the necessary qualifications in remote offices. When using SD-WAN, the migration process is automated, fast (due to the deployment of devices on the basis of plug-and-play and zero touch provisioning, ZTP), managed (through configuration through templates) and segmented by trust levels already out of the box. At the same time, any office employee can connect the “box” (SD-WAN equipment) to the Internet.
Enhancing Failover Resiliency
The SD-WAN solution easily provides fault-tolerance of KSPD on various communication lines. Moreover, the technology allows you to build any number of dynamic (created in the presence of traffic) tunnels between any two points. SD-WAN will be built regardless of the types of physical communication channels used (dedicated MPLS, Internet or LTE), and engineers will not need to redistribute traffic between the channels.
Work through an affiliate network
Fast and secure connection of new points of presence in an affiliate network.To ensure a presence in the region as soon as possible, you can easily, and, most importantly, quickly connect new sites using the ZTP approach, which allows you to establish a connection to a corporate network without involving IT specialists and business trips. High speed is also achieved due to the independence of the types of communication channels. At the same time, isolation by trusted network segments makes it possible to divide the KSPD into parts and dictate to them the rules of interaction with each other in the logic presented by the business (affiliate network, additional offices, operational offices, operating cash desks).
Centralization and automation of network management.Unlike classic technologies, the SD-WAN solution is not managed at the end sites. The logic of work is determined on the central controllers and replicated on the equipment of the final sites. SD-WAN automatically selects the most profitable route, which will consist of several physical channels that provide applications with the level of communication they need.
Mobile service center.
Maintenance of the bank’s mobile office in the framework of various events. In such cases, 100% availability of services is required anywhere in the region, regardless of the presence of telecom operators. One of the tasks that SD-WAN solves is the provision of fault-tolerant and redundant communications for vehicles based on the “bundle” of LTE modems from various operators.
Wi-Fi for customers at points of sale
Organization of high-quality free Wi-Fi in branches, additional and operational offices. This goal can be set to obtain information about customers for the tasks of targeting and profiling. Moreover, it is usually necessary to achieve it within the existing budget for communication channels, equipment and with minimal involvement of IT personnel.
Here you can give an example of the company GAP, which although it does not belong to the financial sector, but the tasks it has solved are also relevant for its representatives. Thanks to the SD-WAN technology, the company was able to switch from MPLS to the use of several Internet channels, thereby increasing the bandwidth by 26 times. Part of this band was used to distribute Wi-Fi to customers.