A Better Way Huawei Financial Agile Network Solution Success Cases
An Agile Network Architecture to Provide All-round Financial Services CCB (user and department based agile access control) People's Bank of China (admission control + tight coupling of mobile devices) Bank of China (production, office, and Internet access businesses on one network) Agile Converged ABC (two-in-one network, simpler architecture) Secure Everbright Bank (297 million transactions/day, zero security issues) EastWest Bank (1-to-N firewall virtualization, non-blocking data access) Efficient
Converged Network: a Two-in-One Network to Support ABC's Development in Next 5 Years The current IP network has been running for 7 years and needs reconstruction before a new core business system can be deployed. Separate production and office networks require double O&M workload, and network expansion results in reinvestment. One network covers 3 data centers, 5 business centers, and over 20,000 banking outlets, ensuring business transactions and office work of hundreds of thousand staff. Two networks converge into one, reducing O&M cost by 50% and avoiding reinvestment. 400G routing platform, 64T switching capacity, and good scalability can keep pace with the bank's development in the next 5 years. Consolidate duplicate functional areas in the production and office networks to reduce the 13 network areas to 6. Use a " multi-city-multi-center " architecture to provide non-stop service.
Agile Network: Centralized Control, Dynamic Scheduling, Supporting CCB's New Terminal Security Management System The bank has no unified admission control policies. Any terminals can connect to the bank's internal network. Different terminal security software programs cannot be installed and maintained uniformly. A unified terminal security management system is required to simplify O&M. Ensure secure access of 400,000 terminals in 35 branches as well as R&D centers and data centers. Use natural language instead of complex command configuration to simplify configuration, saving 50% of maintenance work load. Combine desktop security with network admission control to reduce internal information security risks to zero. Agile Controller: integrates network admission control, service access, experience guarantee, and terminal security, and dynamically schedules all network resources and security policies. NGFW works with Agile Controller to control network access rights based on departments and users.
Efficient Network: Use Virtualization Technology to Build an Elastic Data Center for EastWest Bank As Philippines' fastest growing bank, EastWest Bank wants to build a new data center with high extensibility and good compatibility, which can work with the old data center in redundancy mode. As the core business system is virtualized, the customer wants an elastic architecture for the new data center. Upgrade the data center network to satisfy the customer's requirements for high bandwidth and low latency. Use virtual firewalls to eliminate bottleneck in data transmission. Apply different security policies to different domains and areas. Core switches in the service domain use CSS technology to set up a cluster. Deploy CE6800 data center switches, S series switches, and USG5500 series firewalls on the network.
Secure Network: Anti-DDoS Solution to Safeguard Fast Growing Online Transactions of China Everbright Bank 297 million transactions a day: night market, online banking, payment guarantee. The bank has the best network devices and application architecture, but still suffers severe packet loss. The HQ information system requires level-3 information security. Safeguard 297 million online transactions a day, with zero security issues caused by DDoS attacks. Significantly increase online transaction speed while conserving egress bandwidth. Strengthen data center protection system, enabling the HQ information system to pass Level-3 security assessment. Separate detection system from control system and deploy a bypass traffic cleaning center, without changing network topology. Deliver a protection system capable of defense against 100+ types of DDoS attacks and L2-L7 attack detection.
A BETTER WAY Openness, Cooperation, Innovation, Win-Win