With most of the banks and financial institutions today being digitized, the ever increasing need of having a healthy network to run business operations seamlessly stands to be the core need. Needless to say, security is another prime aspect, though required has to be transparent adding less overhead on the operations.
In this article, I will be talking about few compelling features and use-cases from NNMi and ISPIs in monitoring network infrastructure to help Banks and financial institutions thrive.
NNMi: Is my data secure and adhering to regulatory standards?
SNMP communication and web-server communication is at the core of NNMi's functionality. SNMPv3 communication is the most preferred standard for banks and financial institutions for the reasons of secure communication. With the introduction of FIPS 140-2 (Federal Information Processing Standards) cryptographic modules in premium edition of NNMi version 10.20, the secure communication of SNMPv3 has been given a fillip adhering to regulatory standards for both static data present on NNMi system and for data in transit. Any data on system or in transit will now be adhering to international standards of encryption if you wish to.FIPS 140-2 compliant cryptography modulesNNMi : Is my monitoring tool as agile as new infrastructure is onboarded
Financial organizations have become more agile today in adding additional computing power as business demands increase, thanks to virtualization. However, discovery, monitoring and visualization of such hypervisor-based networking infrastructure remains a challenge and a big bane. NNMi provides detailed insight into such hypervisor-based networking for VMware by discovering the underlying virtual infrastructure, their relationships and alerting on virtual infrastructure failures. Intuitive cutting-edge visualizations in the form of Wheel and Loom provides the required insight to infrastructure faults and hence the different banking services affected.
Figure : Wheel layout of Hypervisor-based networking
Figure : Loom Diagram of Hypervisor-based networking
NPS: Will my performance monitoring product meet Auditing standards
With support for high data retention capacity of up to 800 days, NPS helps financial organizations meet many of the regulatory & auditing standards mandating to store at least 2 years of preceding data.
NPS : Is my performance monitoring tool capable of handling voluminous data
One of the widely heard challenges was the performance of NPS when the scale increases or as time progresses. With the new feature of multiple DB servers supported from version 10.20 onwards in Distributed deployment adds muscle to address processing voluminous data and rendering needs of reports with proper performance tunings in place.
Figure : Distributed Deployment of NPS with two DB servers and shared storage
QA ispi : Have you ever visited bank branch and heard "Network down" during business hours?
In today's digitized era, people rarely go to Bank/financial organization but user-experience from such minuscule visits determine the efficiency of digitization of banks and brand reputation. Monitoring health and performance of WAN networks connecting branches to Data-centers have a big impact on business sustenance. Having an insight into degradation of health of WAN network before it impacts business operations is possible by measuring certain metrics that provides service level assurances.
QA ISPI provides the right set of tools to discover & monitor such Service Level Assurance metrics by setting up probes that alerts operators of any degradation in health(packet loss, RTT ,jitter) even before the network actually goes down.
Figure : Probes used to monitor important WAN links b/w Central DC to branches
Nevertheless probes configured to monitor SLA's and alerting on service impacts at each touch point of banking operations like ATM's is another value-add provided by QA ISPI
MPLS ispi : Ever wondered why service is down though your local network is UP?
Typical Bank topologyBig nationalized and multinational financial organizations today are building their own MPLS network for the reasons of flexibility and security with provision to deploy MPLS L3vpn services for each of their different business operations like banking, insurance, stocks, shareholding, etc. In most of these scenarios the topology deployed is more of a remote branch capable of reaching only central branch or a central Datacenter laid out as a Hub-n-Spoke topology.A typical Bank having Hub & Spoke topology would like this
The drawback though of such topology is that when Hub goes down, the entire business is down though the last mile connectivity to all the branches remain fully functional. MPLS ISPI provides this insight of a service gone down by OOB instrumentation of identifying the Hub in a given MPLS L3 VPN network and alerting such faults affecting the entire business service rather than just pinpointing on the site down .
Figure : MPLS Map showing Hub or Head office down
Figure : Incident showing L3VPN is completely down
Multicast ispi : Ever wondered how all relevant terminals in security trading reflect same data instantly
A typical business of banking or financial organizations is that of instant updates on stock tickers & securities from central branches to terminals in remote branches in sync with share market changes. This has to be real-time or near real-time to enable quick decisions. Such instant updates behind the curtains happens through multicast. It is here that Multicast ISPI can help in discovering and monitoring such multicast flows proactively providing an insight into any performance issues that may derail a remote branch getting instant updates and alerting on any fault that has rendered remote terminals reflecting out-of-date static data though network connectivity is UP.
Figure : Multicast tree map showing a degradation in rate of multicast flow b/w hops
Traffic ispi : Is somebody snooping your network or creating denial of service
Cybersecurity is of utmost importance to financial organizations and are targets for variety of DOS & security attacks both internal as well as external. It hence becomes vital to keep tab on the different types of network traffic that is on wire at any given point of time. With more improved features from Traffic ISPI supporting bi-directional protocol flow and at an aggressive scale support of 20million flows/minute, no rouge traffic goes unnoticed. Traffic ISPI provides details to the depth of source and destination of a rouge conversation along with port information to which the rouge traffic is being transmitted to. As a precursor, alerts in the form of threshold breaches provide insight into the particular type of traffic hogging bandwidth than expected.
Figure : Dashboard of different types of traffic in network
Figure : Dashboard of top conversations with source and destination
IPT : Worried about paradigm shift of traditional telephone services to VOIP
Tapping on normal PSTN phone resources and theft of information is something Banks and financial institutions are vary of day-in and day-out. Needless to say the CAPEX and OPEX on telephone services is another factor that these financial organizations are significantly considering transitioning to VOIP. However the challenge encountered as with any enterprise is capacity planning and voice quality .With the range of different vendor support provided by IPT ISPI spanning Cisco, Avaya and Microsoft lync, organizations get the best of breed industry standard reports like P.01 Grade of Summary reports to analyze the capacity . A measure of call quality using industry standard metrics like jitter, delay and most importantly MOS across calls within branches and also across branches through CDR(call detail records) & Gateway reports provides insight to the right resources needed .
Figure : P.01 GoS reports for capacity planning
Figure : Cisco CDR (call detail record) reports with MOS
Venkatesh is a CCNA/CCNP certified professional with 16+ years of experience as a n/w operator, administrator, designer , QA engineer and currently in the role of technical consultant assisting medium to large enterprises & Service providers in adopting NMC suite of products.He is also responsible for getting the feedback/comments from customers back to R&D influencing the release of appealing products.
Venkatesh has a B.E degree in Electronics & Communication from University of Mysore and C-PGDBA from Symbiosis Pune, India.