Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Reference Architecture for Shared Services Hosting_SunilBabu_V2.0

808 views

Published on

  • Be the first to comment

Reference Architecture for Shared Services Hosting_SunilBabu_V2.0

  1. 1. Reference Architecture for Shared Services Hosting for Payments Bank & Small Finance Bank Author: Sunil Babu Date: 15-Feb-2016 Version: 1.0
  2. 2. Key Requirements Business Requirements: • Shared services hosting for Payment Banks & Small Banks on a Shared Model & Shared Infra • Fit for Purpose systems / Architecture • Security compliant to mandates • Lowest TCO Technology Requirements: • Scalable Architecture to handle rapid & quantified growth • Architecture should logically partition bank data in an optimal way • Dynamic Infra Provisioning • Lean Architecture • High Performance and throughput at database and data access layer • Better User experience via low latency access response • Effective Load distribution for optimum resource utilization and better ROI • Data security at rest and in transit • Secure access to the environment for delivery team • Ability to easily manage and replicate multiple environments based on blueprint architecture.
  3. 3. High Level Architecture Payments Bank & SFB - Shared Services Infrastructure (DC, DR, Near-DR) Networking (WAN, MPLS, SDN…) Physical (Servers, SAN,Workstations..) Virtualization (ESX, Hyper-V, Xen..) Operating System Compute Storage Network Platform Database Middleware ESB, MQ… Core Application /TX Processing Services User Interface Services Security Management Integration Services (API) DevOps(Build,Test,Release) ServiceMgmtPerf.MgmtEnterpriseMgmt Bank Users Service Provid er Team • BankTeam (Operation s, Managem ent, Business) • Partners • Merchants • Customers (Retail / Corporate) • Developm ent • Operations • Infra • Security • Network • Applicatio ns • Platform • SOC, NOC, TOC Channels & Other AncillaryApps
  4. 4. Design Principles & Assumptions • Core Application (e.g. CBS),TX processingApplication (e.g. Cards), Functional Applications (e.g.AML) to be deployed as separate instances • Customer related Data to be stored in separate database • There can be one instance of Non-Functional Apps such as APM, UIM, SOC etc.’ • Leverage on Multi-tenant database function to reduce DB license costs • Leverage on running non-core functions such as Reporting, Backup from Near-DR & DR site to reduce load on DC • Shared Applications such as APM, Infra Management, Asset Management should enable treating a bank as a logical entity thus enabling monitoring/management/reporting for it separately • Dynamic Infra Provisioning can achieved by leveraging Platform-as-a-Service (PaaS) technologies such as Infrastructure-as-a-Service (IaaS), Database-as-a-Service (DBaaS) & Middleware-as-a-Service (MWaaS) • When implementing PaaS, need to get assurance on version change and its impact on hosted applications.
  5. 5. Customer Relationship IT Governance and Compliance Corporate Administration Products and Transactions ATM POS Mobile/ Tablets Internet (Ret/Corp) Branch KIOSKS Phone Banking CRM CRM Analytics Marketing and Campaigns CRM Social CRM Sales & Service Procurement HRMS GL Fixed Assets Budgeting Projects Expense Management Compliance BASEL AML/KY C ALM/FT P Regulatory RBI/ADF Risk Management Governance Audit Fraud Management Channels Application Architecture CASA Microfina nce Term Deposits Personal Finance Wealth Managem ent KYC Gov Business Corporate Banking Payments Remittance Bills BC Cash management Forex Treasury DCMS Asset Manageme nt AML Cards Loyalty Programs INB Mobile Banking Contact Centre Switch ePG
  6. 6. Data Architecture Encryption Secure DB Instance for each Bank Data Masking Privileged Access Control Replication for RTO, RPO & Offloading of Non-Core Functions PR Near-DR / DR Clustering for HA (Active-Active or Active-Passive) Compression for Backup & Archival Columnar Compression Activity Auditing Multitenant Container Database for Payments Bank / SFB Instance Common DB Instance for all Banks Multitenant Container Database Information Architecture Information Lifecycle Management Aggregations & SummariesUnstructured Data Master & Reference Data, CIF Operational DataStructured Data
  7. 7. External Ecosystem Service Provider DC – Bank “A” Application Instance API Gateway Channel / Wallet App Services CBS Payment Gateway 2FA Mobile Wallet App TCP/IP ISO8583 API Gateway • Central Policy Enforcement on outgoing/ incoming traffic • Threat Protection • Non-Repudiation • API Monitoring/ Mgmt. • API Analytics • ESB-Like Web Service Mediation • Branded API Portal for Merchants & Developers DMZ Corporate Network API based Integration Architecture Risk Authentication Merchants/Partners
  8. 8. Technology Operations Centre for all hosted banks - Architecture Service Provider Command Centre DC & DR Network (MPLS/Leased Line/WAN/LAN) Applications Servers Workstations Operating Systems Transactions Monitor Manage Administer Proactive Monitoring (HW, SW, NW) SLA Management Config/Patch Management App/Backup Job Management RCA/ Rectify/ Restore Server/Client Automation Asset Lifecycle Management Incident/Proble m/Change Management Service Management Automation Transaction Management (Online + Mobile) Database & Middleware Monitoring TOC Solution Building Blocks KPI(s) • Business SLA • Response Time • RTO/RPO • Throughput • MTTR • Time to Market/ Time to Value • TCO / RTO Measured Against
  9. 9. Technology Operations Centre - Integration DC & DR Applications Servers Workstations Operating Systems Transactions Infra Mgmt Network Mgmt Automation Application Perf. Mgmt Mobile Application Analytics Service Desk Alarms Config Mgmt Event Mgmt Availability Performance “Metrics” Agent + Agentless (SNMP) “Metrics” Agentless (SNMP) Workload Scheduling & Management Dashboard - Workload Monitoring & SLA Management Dashboard/Reports/Alar ms – Historical Reporting Topology/Alarms – RCA Reporting Defects Incident Change Mgmt Config Mgmt KPI(s)/Trends/SLA Reporting Mobile/Web Customer Experience & Business TX. Monitoring from Mobile to backend “Metrics” Agent + Web Traffic “Metrics” From Customer Mobile Device Events/Violations Workload (EOD, BOD, MIS..)
  10. 10. Security Architecture Payments Bank & SFB - Shared Services Infrastructure (DC, DR, Near-DR) Networking (WAN, MPLS, SDN…) Physical (Servers, SAN, Workstations..) Virtualization (ESX, Hyper-V, Xen..) Operating System Compute Storage Network Platform Database Middleware ESB, MQ… Core Application / TX Processing Services User Interface Services Integration Services (API) Channels & Other Ancillary Apps WAFDDOS API Management IDS/IPS PIM/PAM 2 Factor Authentication Fraud Risk Management IPsec APT
  11. 11. Security Operations Centre Event Source Points of Presence SOC Core SOC Output Databases Mainframe Network Collectors SOC Analysis server SOC DB server SOC App server Compliance Dashboard Operational Dashboard Logs, Events, Feeds API Management 2 Factor Authentication WAF DDOS IDS/IPS IPsec PIM/PAM Fraud Risk Management APT
  12. 12. Deployment Architecture for a Bank Bank “X” on Shared Services Hosting Model Infrastructure (DC, DR, Near-DR) Networking (WAN, MPLS, SDN…) Physical (Servers, SAN,Workstations..) Virtualization (ESX, Hyper-V, Xen..) Operating System Compute Storage Network Platform Database Middleware ESB, MQ… Core Application /TX Processing Services User Interface Services Management Integration Services (API) DevOps(Build,Test,Release) ServiceMgmtPerf.MgmtEnterpriseMgmt Channels & Other AncillaryApps Security API Management 2 Factor Authentication WAF DDOS IDS/IPS IPsec PIM/PAM Fraud Risk Management APT Created Specific for Bank “X” Shared Services

×