ABOUT BCR
Member of Erste Group, Banca Comercială Română (BCR) is one of the most prominent financial groups in Romania, offering a comprehensive range of financial services, including banking, leasing, and private pensions. The company operates nationwide through a network of 19 business centers and 323 retail units, strategically located in most cities across the country with over 10,000 inhabitants. BCR holds the leading position as the number one bank in Romania in terms of banking transactions, supported by a highly complex IT infrastructure, spread across multiple locations and interconnected through a high-performance data network.
BCR places significant emphasis on innovation and actively adopts state-of-the-art technologies to enhance efficiency, competitiveness, and compliance with financial and banking regulations.
THE ARCHITECTURE AND STAGES OF THE PROJECT
The implemented Cisco ACI architecture at BCR consists of independent sets of Cisco APIC controllers placed in each city and orchestrated as a unified entity by the Cisco Nexus Dashboard Orchestrator application. The Cisco Nexus Dashboard Orchestrator provides features such as policy management, disaster recovery, high availability, service provisioning, and monitoring.
One of the advantages of the Cisco ACI Multisite solution applied by the bank is that an issue arising in one site does not propagate to other sites. Although there are extended L2 services between the data centers, the underlay strictly operates as L3. Additionally, there are default mechanisms that prevent uncontrolled L2 traffic between data centers.
The adopted solution ensures enhanced redundancy between BCR’s data centers in Bucharest and Vienna, with each city having two data centers, all interconnected through Cisco ACI. This was technically achieved by combining Multipod and Multisite technologies, eliminating any single point of failure.
The first stage of the current project involved developing an ACI system to facilitate the migration of virtual machines and applications between BCR’s locations in Romania and Austria without requiring IP address changes for migrated entities. Leveraging the ACI Multisite feature, a Layer 2 network was created, allowing servers to be migrated between the two locations with minimal operational effort, as all network modifications were performed centrally through the Cisco Application Policy Infrastructure Controller (APIC).
The second significant stage of the project focused on using the Cisco ACI system for traffic micro-segmentation within the data network and granular segregation of different environments based on security levels, all without requiring reconfiguration of the bank’s servers. Additionally, certain categories of traffic were directed to a firewall with strict inspection rules. To prevent the spread of infections through lateral movements, the ACI Endpoint Security Group segmentation functionality was applied.
“The project carried out with Datanet Systems in BCR’s data centers was highly complex and required skilled human resources to identify optimal technical solutions. The implementation of Cisco ACI for geo-resilience between Bucharest and Vienna went smoothly and led to putting the solution into operation faster than initially planned. The micro-segmentation project was more challenging due to the technology’s novelty and the emergence of new requirements, but we overcame all obstacles and are approaching the final stages. In the future, we intend to apply micro-segmentation between the two locations in Vienna and Bucharest to further improve the flexibility of the bank’s IT infrastructure,” stated Cristian Costina.
BENEFITS OBTAINED BY BCR
By transitioning to SDN with Cisco ACI and Datanet services, BCR achieved the following results:
- Enhanced application resilience in data centers: BCR has achieved a higher level of application resilience within its data centers. Automatic failover between data centers is now possible in case of any disruptions, such as downtime or performance degradation.
-
Simplified and automated resource allocation: The operations for resource allocation within these data centers have been simplified and automated. BCR now manages all workloads from a single console, streamlining the management process.
-
Reduced operational effort for application relocation: BCR’s IT team can now easily move applications between data centers located at considerable distances through simple configuration, which was previously not feasible. The effort required for migrating servers and applications between data centers has been reduced by approximately 8 to 10 times.
-
Faster identification of causes of issues and reduced diagnostic processes: The implementation has enabled BCR’s IT team to swiftly identify the root causes of potential issues, significantly easing the diagnostic process and expediting issue resolution.
-
Centralized application of security policies and superior network control: BCR now has centralized control over its data network, allowing the establishment of rules for groups and segments, as well as advanced inspection of specific traffic categories. This ensures a higher level of security and compliance.
POTENȚIALE DEZVOLTĂRI ULTERIOARE
The project was entirely carried out by Datanet Systems, a Cisco Gold Partner, with a team comprising certified Cisco experts in networking and cybersecurity technologies, as well as IT project management specialists.
“We have undertaken multiple projects together with Datanet Systems, and the collaboration has always been impeccable. Despite challenges, the project proceeded as expected, thanks to the experienced and certified technical team covering all required technology areas,” stated Cristian Costina, Head of the Infrastructure and Data Center Management Department, IT Operations Division, BCR.
With Cisco ACI, BCR took a step towards “intent-based networking,” a management approach that allows much faster translation of business requirements into network configurations. Furthermore, the bank established a foundation for future development, providing the same level of connectivity and workload mobility in both on-premises and cloud/multi-cloud scenarios.
Cisco ACI has become one of the many technological pillars through which BCR digitizes and puts its vision into practice, offering modern and innovative banking services to millions of individuals and businesses.