Cross selling 5


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cross selling 5

  1. 1. Juniper solutions for financial market Ha Huy Hao Country manager, Vietnam [email_address] 0903710317
  2. 2. Agenda Financial Services Networks Requirements Meeting the Needs with Juniper Solutions Some Case Studies Summary
  3. 3. What are the top IT solutions that Asian financial organizations want? Gartner Dec 2005 Top 4 criteria
  4. 4. Some observations on the Financial industry Paradigm shift happening in Banks & finance houses requiring new and additional investment Tighter regulations for funds transfers, account set-up and banking transactions Legislation, Regulation and Standards of banking processes (Basel II, SOX…) Digitization of paperwork within bank branches ATM (cash machine) networks proliferation & evolution Focus on dollars earned per customers via cross selling & multi-channel delivery Connect branches with efficient, cost effective yet secure connectivity ALL the above requires new systems: To secure your systems To assure your applications running more efficiently
  5. 5. Financial Services Network Architecture Most financial services organizations adopt similar network architectures, implementing distinct network and security silos Enterprise Internal Network Where most employee computers reside Secure Servers Area (SSA) Where the most critical databases and servers reside Access Network Where remote employees, partners & customers access services Internet Access Subnet Where internal resources securely access the public Internet Market Data Feeds Where external news, info and trade info enters the org.
  6. 6. Financial Services Network Architecture Enterprise Internal Network Market Data Feeds Access Network Internet Access Subnet Secure Server Area Customers & Partners Exchanges & Sources Within each silo, there are typically independent security and routing functions as well as full redundancy Each silo is duplicated for each of the geographies in which the firm operates, or at each major data center enables the financial services enterprise to divide and conquer the massive challenges of securing data and maintaining high availability ATM machines
  7. 7. Juniper Networks Product Portfolio M-series T-series Large Core Metro Aggr’n E-series BRAS & Circuit Aggregation Small/Med Core Circuit Aggregation Policy & Service Control NMC-RX JUNOScope Secure Access SSL VPN Applications Acceleration Integrated Firewall / IPSec VPN Intrusion Prevention J-Series Edge Routers Session Border Gateway VF-series
  8. 8. Agenda Financial Services Networks Requirements Meeting the Needs with Juniper Solutions Some Case Studies Summary
  9. 9. To secure & assure financial networks really means: Containment – prevent proliferation of attacks Compartmentalization – prevent unauthorized access to systems Continuity – ensure seamless operation even under attack or equipment failure Recovery - enable rapid recovery from attack or malicious insider activity Performance – network performance should not be reduced by security measures
  10. 10. Secure Server Area Internet Access Subnet Enterprise Internal Network Mortgage Brokers Equity Traders = Malicious User Human Resources Retail Banking Enterprise Internal Network Segmentation VLAN MPLS VPN VPLS Enterprise Internal Network Market Data Feeds Access Network Internet Access Subnet Secure Server Area
  11. 11. Purpose-Built security appliance Foundation for rock solid security solution Purpose-built appliance with security specific processing Controlled by security specific, real-time operating system Includes a set of robust security applications Networking roots to facilitate integration Advantages Eliminates OS hardening Facilitates network integration Ensures application interoperability Simplifies management Matches or exceeds performance requirements RISC CPU ASIC Interfaces Security - Specific, Real - Time OS • Dynamic Routing • Virtualization • High Availability • Centralized Management Integrated Security Applications Purpose - Built Hardware Platform Security specific Processing RAM Interfaces Security–Specific, Real-Time OS Dynamic Routing Virtualization High Availability Centralized Management Integrated Security Applications Denial of Service VPN Firewall Traffic management Purpose - Built Hardware Platform IDP • VPN • Denial of Service • Firewall • Traffic management
  12. 12. MPLS VPN Securely “ Compartmentalize” Network Infrastructure MPLS VPN A MPLS VPN B Physical connection Redundant MPLS Paths (LSPs) for Fast Re-route – Improve Network Resiliency Backbone Router Branch Router MPLS VPN transparently segment network infrastructure into virtual networks Converged network with Classes-of-Service supporting many different applications
  13. 13. Juniper’s Enterprise Routers Service Provider Equipment Quality for the Enterprise J2300 J6300 J4300 Leveraging modular JUNOS and high performance standard processors M7i M10i Leveraging modular JUNOS and purpose built ASICs Remote, branch, and regional office Head office, backbone, data center J-series Routers M-series Routers Full support of advanced networking features including MPLS, IPv6, QoS, etc on J-series as well as M/T series.
  14. 14. Next Generation Router Design for Mission Critical Applications Control Forward Services? 1990’s Router Architecture Monolithic Design Router Architecture for NG Network Infrastructure Secure & Reliable Realize predictable QoS Support full MPLS features Service without performance compromise … enables high security, uptime, performance, services support Shared processing cycles Shared memory address space or all processes Performance & service trade-off Unpredictable QoS performance … jeopardizes security, uptime, performance, services
  15. 15. Juniper Routers Benefits high U ptime Modular design, processes each run on protected memory Clean interface between processes Minor problems do not lead to system crashes Next Gen CLI prevents operator error strong S ecurity Guaranteed resources per function Clean separation of functions Full router control while under attack reduced O perations cost One software train facilitates easy maintenance and s/w stability Structured quarterly release process Features shared across all platforms One Train! 6.4 7.0 7.1 predictable P erformance Predictable performance even under load Comprehensive QOS functions to classify, prioritize and schedule traffic % of Line Rate Complexity of Packet Processing Addition of new service features Juniper Traditional Router
  16. 16. Market Data Feeds Secure Server Area Enterprise Internal Network Access Network To Remote Backup Site Secure Server Area Enterprise Internal Network Market Data Feeds Access Network Internet Access Subnet Secure Server Area
  17. 17. Secure Server Area Requirement Houses firm’s most critical systems and data Challenging requirements: High Throughput & Support Large # Connections Since so many users are accessing the SSA at any point in time Low Latency & Predictable QoS Routers, firewalls, IPS, web servers, app servers may affect overall end-user performance experience High Availability Since so much critical info is centrally located in the SSA, just a few moments of downtime could result in significant loss Highly Security up to Application Layer Systems contained in SSA must be most secured and resilient to attack since so many operations rely on these systems
  18. 18. Integrated Security Gateway (ISG) 2000 ideal platform for securing SSA Predictable Performance Next-Generation Security ASIC (GigaScreen³) 2 Gbps Stateful Firewall - any packet size 1 Gbps 3DES & AES IPSec VPN - any packet size 1 Gbps+ IDP Integration Security applications – FW + Deep Inspection + VPN + IDP Scalability New flexible architecture designed to accommodate future performance, capacity and functionality needs Up to 28 ports, up to 500 VLANs Attack Protection Network attack protection, including DoS attacks Deep Inspection to protect against attacks in Internet-facing protocols Modular IDP blade Best-of Breed Security in a Single Platform
  19. 19. Juniper DX Application Front End Unique Benefits Accelerate user downloads up to 70% Increase Web/App server capacity up to 10X Decrease bandwidth usage up to 70% Accelerates Applications Siebel, SAP, Lotus, Oracle, etc. Custom web applications and Portals SLB replacement for legacy apps, mail, DNS, etc. Deployment Replace or complement existing SLB (customer does not have to throw it away) No server or application changes No changes to client or applications
  20. 20. Enterprise Internal Network Dual Homed Internet Connection Dedicated Links to Customers, Partners and Branches Connects with Customers, Partners and Branches Aggregation of WiFi Access Points within Premises Access Network Access Network ATM machines Enterprise Internal Network Market Data Feeds Access Network Internet Access Subnet Secure Server Area
  21. 21. Next generation ATM machines & networks ATM machines are proliferating in APAC Transformation of ATM machines and networks are happening Terminals: From Dump ATM terminals to multi-media Windows based ATM terminals Networks: From slow and expensive leased line/X.25/FR to mosre cost effective high speed broadband Protocols: From SNA to IP (VPN or managed IP) Applications: From just cash dispenser to value-added services (eg. VoIP/ videoconference with bank agent, digitization of cheque deposit…) Juniper solutions: 5GT @every ATM machine; NS FW/VPN appliance @ hub site for high performance FW/VPN aggregation Hub site Windows-based ATMs @ branches IP over IPsec VPN over BB IP
  22. 22. IPSec VPN and SSL VPN – Juniper provides marketing leading solutions for both Remote Office Branch Office Fixed telecommuters Business Partners HQ Mobile Users Managed, Trusted Remote Network Security IP to IP control Control Requirement Network Access Access Requirement IPSec VPN VPN Type Fixed Type of Connection Remote, Branch Office Telecommuter Application Type UnManaged, UnTrusted Remote Network Security User to Application control Control Requirement Per Application Access Access Requirement SSL VPN VPN Type Mobile or Fixed Type of Connection Mobile User Partner Extranet Application Type
  23. 23. Extranet Deployment – connecting your partners (eg. Broker firm, agencies….) Traditional Extranet SSL VPN-Based Extranet Extensive Deployment Requirements: Duplication & Migration of Servers into DMZ Harden OS/Server Farms & Ongoing Patch Maintenance Maintenance of public facing infrastructure AAA limitation to only those integrated resources Custom API development for non-Web content Fast and Secure Deployment: Keep all Servers where they are Secure Gateway is harden, intermediates all request Multiple Hostnames & Customizable UI Rich AAA control of network resources Dynamic Authentication Policies Expressive Role Definition & Mapping Rules Web Single Sign-On & Password Mgmt Integration Support Web, File and Client/Server content applications
  24. 24. Secure Server Area Market Data Feeds Dedicated Links Markets and Feeds Tunnels to News Feeds Intrusion Detection Market Data Feeds ESP Enterprise Internal Network Market Data Feeds Access Network Internet Access Subnet Secure Server Area
  25. 25. Market Data Feeds Requirement Unique to financial services industry the need for Market Data Feeds network Need to security aggregate streaming data feeds which carry latency sensitive real-time market data for a multitude of sources Streaming, real-time ticker data streams, business-wire news, other perishable data Require low latency and linear throughput; large portion of data could arrive in small packets May employ anti-spoofing and DDoS prevention via M/J series and NS FW/VPN IDP in detection mode may be needed to detect protocol anomalies
  26. 26. Agenda Who is Juniper Networks? Financial Services Networks Requirements Meeting the Needs with Juniper Solutions Some Case Studies Summary
  27. 27. Security (Firewall + IDP) deployment in stock exchange Challenges Solution Benefits the SET launched a new corporate bond exchange service in 03, has plans to introduce a new derivatives market in 05. The growth is driving the need to protect its network from ever-increasing hackers, viruses and other potential threats. Juniper Networks’ ASIC based, deep inspection firewalls and IDP systems to protect its server array and other mission-critical assets – defending against hacking threats, while continuously monitoring the network for viruses and other anomalies. • Fully-Integrated end-to-end protection • High-strength, synergistic protection measures • High reliability and performance • Extensive functionality • Best value for money Since 1975, the Stock Exchange of Thaland (Set) has been the investment center of Thailand’s captial markets. It handles an avg daily turnover of $490M, and provides a comprehensive range of products, services & trading infrasture to
  28. 28. Global Firewall/VPN Deployment Problem Solution Results Lack of security on its new global IP data network infrastructure and IP-based messaging platform NetScreen-5200 (12) NetScreen-5XP and 5GT (12,000) deployed in remote sites NSM to secure its new global IP data network and IP-based messaging platform, SWIFTNet Deployment has been running successfully at 100% capacity since June 2003 Reliable security and flexible networking functionality Uniform GUI across the product line, simplicity deployment for SWIFT and its’ members saving operational cost for both parties SWIFT has deployed 12,000+ Juniper NetScreen appliances . In the coming years, SWIFT is planning to deploy more – which is expected to represent one of the world’s largest VPN deployments. SWIFT Customer Reference :
  29. 29. Next generation of Automated Teller Machine (ATM) network deployment Major Bank in Taiwan Requirements Results Lower cost of managing the bank’s ATMs Improved its transaction capacity at its 120 branch ATMs Assured mission critical networks by using HA Changing their leased-line network to Broadband to lower cost ATM network has to be totally separated from the branch office network Solution 2x NS500 in HQ dedicated to handle ATM IPSec VPN 120x 5GT distributed to 120 ATM sites for IPSec VPN connection … 150 branch ATMs Active/Passive HA IP over IPsec VPN over BB Central Hub site IP
  30. 30. Firewall/VPN Deployment in Australia Challenge Solution Results Maintaining 18 software-based firewalls is expensive Protect digital assets while providing services to customers connected via the internet NetScreen-5200 (4) Reduced total cost of ownership Increased network performance Reduced equipment footprint Reduced complexity in reducing 18 machines to 4 makes for much easier and flexible ongoing administration and scalability "By consolidating our security infrastructure with Juniper Networks NetScreen products, we enjoyed immediate savings in maintenance costs and equipment footprint," Michael McCutcheon Senior manager Infrastructure and Architecture Planning St. George Bank St. George Bank Press Release:
  31. 31. SSL VPN Remote Access Deployment - a global bank with HQ in Europe Challenge Solution Results “ Juniper IVE makes it easy to grant secure access to employees around the world in a way that makes fiscal sense, while building upon our existing infrastructure and adding another layer of protection for our clients’ financial information .” Director of Remote/Mobile Computing This bank needed a way to keep their employees connected WW Solutions must require no network changes Secure Access series Stringent security penetration tests were done to ensure appliance has strong security A cost-effective, highly scalable remote access solutions Keep employees connected at all times, from all locations, which is crucial in banking industry
  32. 32. SSL VPN Extranet Deployment Challenge Solution Results “ With Juniper, we have a cost-effective, scalable partner extranet solution to give third parties access to important information and applications at all times from any location.” – David LaBianca Vice President, Information Security & Privacy Securely share information with partners to increase operational efficiency Secure Access series Bank partners can easily log on to the partner extranet from anywhere they have an Internet Connection Receive Access to only the files, applications, and information that it deems appropriate so that confidential info cannot be infiltrated “ We see value in extending the IVE deployment to internal users for numerous other applications”
  33. 33. Router/MPLS Deployment OMHEX – L argest Securities market in Northern Europe Hosts, operates and maintains 1,000s of servers responsible for 38,000 trading hours Major operation centers in London, New York, Sydney, and Stockholm MPLS Stockholm Helsinki London Full mesh tunnels for 9 data centers and 6 hub sites in 9 countries Requirements Solution Deploy M-series routers, migrate backbone network to IP/MPLS MPLS Fast Reroute – multicast applications no longer affected by link errors Maps multicast trading info to CCC tunnels and provide QoS JUNOS operating system and rich reliability features provides high network availability Highly reliable network backbone Migrate from ATM to IP/MPLS Predictable QoS performance Support high performance and reliable multicast applications ” Sydney
  34. 34. Agenda Who is Juniper Networks? Financial Services Networks Requirements Meeting the Needs with Juniper Solutions Some Case Studies Summary
  35. 35. Summary The financial vertical is going thru a lot of changes: to comply with new regulations to provide more services per customers to increase revenue To drive more app. efficiency “ Status Quo” solutions are not enough to satisfy the need of FSI today Juniper’s value propositions match well with what the finance customers want Secure & Assure Your finance networks