Datanet Systems

RAIFFEISEN BANK - SDN CISCO ACI PROJECT

OVERVIEW

In 2018, Raiffeisen Bank Romania decided to modernize its data center, as a central element of the organization’s digitalization and development strategy. Together with Datanet Systems, the bank has implemented a Software Defined Networking solution to reduce operational effort and manual interventions on equipment. In this process, Raiffeisen Bank Romania opted for Cisco ACI and the Nexus 9300 family of switches.

ABOUT RAIFFEISEN BANK

 

With over 20 years of activity in our country, Raiffeisen Bank Romania is one of the banks of systemic importance for the domestic banking economy, according to the National Bank of Romania classification for the current year. Raiffeisen Bank has intensified the simplification and digital transformation process in recent years. The bank has invested in new technologies to lay the foundation for a secure and flexible IT infrastructure, and is working on improving the work model. Today, the bank offers customers a suite of digital lending solutions, online payments and payments by phone, that respond to customers’ needs to access banking anywhere, anytime. Raiffeisen Bank has over 650,000 digital customers using the Raiffeisen Smart Mobile and Raiffeisen Online applications.

Raiffeisen Bank offers universal banking services for 2 million clients – individuals, 92,000 SMEs and 5,700 large and medium-sized companies. The bank has nearly 5,000 employees, over 400 agencies across the country, approximately 900 ATMs, 250 multifunctional machines (MFMs) and a network of 20,000 ATMs.

TEHNOLOGICAL CONTEXT

 

In order to operate efficiently and safely the complex infrastructure owned at national level and to keep up with the digital transformation process of banking services, Raiffeisen Bank Romania decided last year to relocate the IT infrastructure to a new Data Center with multiple improvements compared to the present one. The relocation project also involved the modernization of the networking segment.

“In the old data center, we use Cisco switches from Nexus family, which are at the end of their operating cycle. Therefore, a change was needed, especially since we wanted to take advantage of a number of new features that simplify our operational tasks and allow us to integrate with third-party technologies, such as WMware vCenter or Red Hat OpenShift”, declares Emilian Dăneţ, Team Leader IT Communication Services, Raiffeisen Bank Romania.

Technological upgrades in the area of networking equipment, however, were also necessary in order to facilitate the transition to a new network architecture, such as Software Defined Networking (SDN). SDN ensures an efficiency increase for operating geographically distributed infrastructures – respectively of a network with hundreds of branches -, as well for levels of security and availability.

Raiffeisen Bank Romania opted for Cisco Application Centric Infrastructure (ACI) because it is a mature SDN solution that allows extension of the visibility over the IT infrastructure and quick identification of elements necessary for an optimal functioning of the applications.

CHOOSING THE IMPLEMENTATION PARTNER

 

In order to achieve this networking project, Raiffeisen Bank Romania has chosen Datanet Systems as implementation partner. The two companies have a collaborated for more than 16 years, and Datanet Systems is the main Cisco partner in Romania, having several infrastructure project implementations in the main data centers in the country. In addition, Datanet is the first company in Romania to invest in the creation and development of a Cisco ACI laboratory, which allows companies to perform simulations, tests and validations of SDN architectures in scenarios that reproduce real life specifications and configurations.

„We have a business relationship with Datanet Systems dating back to 2003 and we have carried out several projects together, both in the area of Cisco solutions, as well as on other security and networking technologies. We know well the team and also the skills of Datanet specialists and we are confident that we can rely on them in any situation; and trust is a very important element in a business decision“, explains Emilian Dăneţ, Team Leader IT Communication Services, Raiffeisen Bank Romania

PROJECT DEVELOPMENT

 

The modernization project involved several stages of development. Raiffeisen Bank Romania’s IT team has carefully prepared each step, to minimize the risks of affecting the bank’s activity and to facilitate a smooth transition to the new infrastructure. The implementation of the SDN architecture lasted 4 months, ending in March 2019. In parallel, Datanet specialists also provided the knowledge transfer and training necessary for the bank’s IT team to efficiently operate the new network architecture.

In order to carry out the actual migration to the new Data Center, the bank’s IT Department initially commutated the activity to the Disaster Recovery center owned by Raiffeisen Bank Romania. Subsequently, the complete migration to the new production site was performed in one weekend, with Datanet Systems specialists working permanently with the beneficiary’s team. The process was conducted according to the plan, without any incidents. The entire relocation process was completed in April 2019, following the bank’s methodology and rules.

„The entire project was carried out without any incidents and after transitioning to production, there were no support tickets issued. This shows that Datanet Systems team has done its job well and we have learned how to operate properly“, declared Emilian Dăneţ, Team Leader IT Communication Services, Raiffeisen Bank Romania.

DESCRIPTION OF THE SDN SOLUTION IMPLEMENTED

 

The Cisco ACI SDN solution uses spine-leaf architecture and this type of architecture has multiple benefits. This architecture implies that all the leaves are connected to all the existing spines. There is no direct connectivity between the leaves or between the spines. The access path is always “leaf-spine-leaf”.

The first advantage relates to latency, any destination is just a step away, thus eliminating the disadvantage of classical architecture, where there is a cascade between the switches and the response time is not predictable. Also, to have very small delays, the cut-through method is used in ASICs.

Another major advantage relates to the scalability of the fabric. If more ports are needed, one more leaf is added. If more bandwidth is needed between the leaves, add a spine. This improves the entire fabric, not just a certain segment of the network.

Automation is another important factor. By using the ACI solution, a policy can be very easily implemented throughout the network. As an example, let’s say we have to enable Cisco Discovery Protocol (CDP) on all ports in a classic network. An engineer should manage dozens of switches and perform hundreds of orders in a fairly long time.

In the ACI universe, a few clicks are sufficient and the configuration will be pushed from the controller to the automatically selected leaves. Also, centralization is another major advantage, this allows consistency and synchronization of a set of policies throughout the network. It allows the centralization of factory errors at a single point, where engineers can quickly and easily establish the root cause of a problem.

MAIN TECHNICAL CHARACTERISTICS

 

The ACI solution has three main components:

a)APIC controller cluster – based on Cisco UCS C-series servers.

b) Spine – can be Nexus 9500 or 9300.

c) Leaf – Nexus 9300.

The solution also allows integration with third-party solutions like Vmware vCenter, offering the ability to directly create Cisco ACI port groups in vCenter. Thus, the network part is pushed to the virtual machine, not just to the hypervisor, reducing configuration time.

The ACI solution also supports the interconnection of an APIC cluster with other APIC clusters from other data centers (DR, etc.). This is done with the help of a “multi-site” controller, thus avoiding the disadvantages of dividing a single cluster between data centers.

MAIN BENEFITS

 

The new network architecture used by the bank ensures a reduction of workload required to install and configure the virtual machines, both on-premises and in Cloud environments, thus facilitating the development of hybrid approaches and an alignment with current technological trends. With this solution, the bank’s IT department automatically detects configuration errors and can make configuration templates that facilitate rapid multiplication of services and reuse of infrastructure resources. At the same time, the solution helps to simplify the process of defining and centralizing the policies through which applications and infrastructure elements communicate with each other and access the resources, as well as the specific security rules.

Cisco ACI has allowed integration with VMware vCenter and the Red Hat OpenShift container platform, as well as with various public cloud services. Also, the Nexus 9300 switches, installed and configured by Datanet specialists, allowed an increase in connectivity capabilities, ensuring flexibility and long-term scalability of the bank’s IT infrastructure.

The project has generated both strategic and operational gains:

  • Reduction of operating time by 30%, by simplifying the activity, automating tasks and using a single console, which integrates all information. Moreover, the operation no longer requires niche certifications for the IT department and can be carried out by almost any team member;
  • Elimination of human error risk, because the new system does not accept incorrect configuration commands, which is a very important element in the banking industry;
  • Considerable reduction of diagnosing and problem solving time, the system ensuring permanent monitoring of the entire infrastructure, by centralizing data from several sources;
  • Simplification of the network segmentation processes, necessary for separating and securing the infrastructures used in the bank’s branches throughout the country;
  • Reuse and capitalization of existing hardware in the bank’s infrastructure. The ACI architecture is compatible with Cisco B22 Fabric Extenders blades, also used in the previous configuration to ensure integration with third-party servers;
  • Creation of a solid foundation for further developments.

FURTHER DEVELOPMENTS

 

The technological upgrade achieved on the networking area with the help of Datanet Systems specialists represents a first step in a larger modernization project of Raiffeisen Bank Romania

„We have plans to expand the use of Cisco technology in the Disaster Recovery center, to modernize the entire IT infrastructure of the bank. The project with Datanet Systems helps us in this regard, because it is much easier to replicate an implementation or technology that has already proven its benefits,“ said Emilian Dăneţ, Team Leader IT Communication Services, Raiffeisen Bank Romania.

“By implementing the Nexus equipment and the Cisco ACI solution, we have greatly simplified the operation and monitoring activity. On the one hand, the time allocated for operations is at least 30% shorter, and on the other hand, these operations can be performed by most members of the IT Department, regardless of their specialization. This is an important gain, given that I previously had only two colleagues qualified to handle such a task. Now, with the help of the new SDN architecture, we benefit from greater freedom in terms of human resources, being able to hire people with a broader range of technical skills..“

Emilian Dăneţ, Team Leader IT Communication Services, Raiffeisen Bank Romania

“In the project for Raiffeisen Bank, all the benefits of Cisco ACI technology were immediately available. Along with these, an important advantage of the implementation approach was integrating the new solution with the existing servers, through Cisco FEX equipment. Thus, FEXs are directly connected in leaves and are controlled by Cisco ACI. One challenge, during the implementation, was to quickly migrate existing servers to the new solution in the new data center. With the help of ACI policies, which once created can be reused for other servers / services, we managed to replicate the configuration for a large number of servers in a very short time and without human errors. Finally, after preparing the configuration, we started the servers and started to take over critical services from the client's infrastructure without problems.”

Alexandru Gheorghiță, Datacenter Team Leader, Datanet Systems

KEY BENEFITS

REDUCTION OF OPERATING TIME
ELIMINATION OF HUMAN ERROR RISK
REDUCTION OF DIAGNOSING AND PROBLEM SOLVING TIME
SIMPLIFICATION OF THE NETWORK SEGMENTATION PROCESSES
CAPITALIZATION OF EXISTING HARDWARE
CREATION OF A SOLID FOUNDATION FOR FURTHER DEVELOPMENTS