Cross selling 5
-
Upload
sen-nathan -
Category
Documents
-
view
318 -
download
2
description
Transcript of Cross selling 5
Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1
Juniper solutions for financial
market
Ha Huy Hao
Country manager, Vietnam
0903710317
2Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Agenda
1. Financial Services Networks Requirements
2. Meeting the Needs with Juniper Solutions
3. Some Case Studies
4. Summary
3Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
What are the top IT solutions that Asian financial organizations want?
Gartner Dec 2005
Top 4 criteria
4Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Some observations on the Financial industry Paradigm shift happening in Banks & finance houses
requiring new and additional investment• Tighter regulations for funds transfers, account set-up and banking
transactions
• Legislation, Regulation and Standards of banking processes (Basel II, SOX…)
• Digitization of paperwork within bank branches
• ATM (cash machine) networks proliferation & evolution
• Focus on dollars earned per customers via cross selling & multi-channel delivery
• Connect branches with efficient, cost effective yet secure connectivity
ALL the above requires new systems:To secure your systems
To assure your applications running more efficiently
5Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Financial Services Network Architecture
Most financial services organizations adopt similar network architectures, implementing distinct network and security silos
Enterprise Internal Network• Where most employee computers reside
Secure Servers Area (SSA)• Where the most critical databases and servers reside
Access Network• Where remote employees, partners & customers access services
Internet Access Subnet• Where internal resources securely access the public Internet
Market Data Feeds• Where external news, info and trade info enters the org.
6Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Financial Services Network Architecture
EnterpriseInternalNetwork
MarketData Feeds
AccessNetwork
InternetAccessSubnet
Secure Server Area
Customers & Partners
Exchanges & Sources
• Within each silo, there are typically independent security and routing functions as well as full redundancy
• Each silo is duplicated for each of the geographies in which the firm operates, or at each major data center
• enables the financial services enterprise to divide and conquer the massive challenges of securing data and maintaining high availability
ATM machines
7Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Juniper Networks Product Portfolio
M-series T-series
Large Core Metro Aggr’n
E-series
BRAS & Circuit Aggregation
Small/Med Core Circuit Aggregation
Policy & Service Control
NMC-RXJUNOScope
Secure Access SSL VPN
Applications
Acceleration
Integrated Firewall / IPSec
VPN
Intrusion Prevention
J-Series Edge
Routers
Session Border
Gateway
VF-series
8Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Agenda
1. Financial Services Networks Requirements
2. Meeting the Needs with Juniper Solutions
3. Some Case Studies
4. Summary
9Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
To secure & assure financial networks really means:
1. Containment – prevent proliferation of attacks
2. Compartmentalization– prevent unauthorized access to systems
3. Continuity – ensure seamless operation even under attack or equipment failure
4. Recovery - enable rapid recovery from attack or malicious insider activity
5. Performance – network performance should not be reduced by security measures
10Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Secure ServerArea
InternetAccess Subnet
EnterpriseInternal Network
Mortgage
BrokersEquity
Traders
= Malicious User
Human
Resource
s
Retail Banking
Enterprise Internal Network
Segmentation VLAN MPLS VPN VPLS
EnterpriseInternalNetwork
MarketData Feeds
AccessNetwork
InternetAccessSubnet
Secure Server Area
11Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Purpose-Built security appliance
Foundation for rock solid security solution • Purpose-built appliance with security specific processing
• Controlled by security specific, real-time operating system
• Includes a set of robust security applications
• Networking roots to facilitate integration
Advantages Eliminates OS hardening
Facilitates network integration
Ensures application interoperability
Simplifies management
Matches or exceeds performance requirements
RISCCPU
ASIC Interfaces
Security -Specific, Real -Time OS
•Dynamic Routing
• Virtualization
•High Availability
•Centralized Management
Integrated Security Applications
• VPN
•Denial of Service
• Firewall
•Traffic management
Purpose -Built Hardware Platform
Security specificProcessing RAM Interfaces
Security–Specific, Real-Time OSDynamic Routing Virtualization
High AvailabilityCentralized Management
Integrated Security Applications
Denial of Service
VPN FirewallTraffic management
Purpose -Built Hardware Platform
IDP
12Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
MPLS VPN AMPLS VPN BPhysical connection
Redundant MPLS Paths (LSPs) for Fast Re-route –
Improve Network Resiliency
Backbone Router
BranchRouter
MPLS VPN transparently segment network
infrastructure into virtual networks
Converged network with Classes-of-Service
supporting many different applications
MPLS VPN Securely “Compartmentalize” Network Infrastructure
13Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
J2300
J6300
J4300
Leveraging modular JUNOS andhigh performance standard processors
M7i
M10i
Leveraging modular JUNOS andpurpose built ASICs
Juniper’s Enterprise RoutersService Provider Equipment Quality for the Enterprise
Remote, branch, and regional officeHead office, backbone, data center
J-series RoutersJ-series RoutersM-series RoutersM-series Routers
Full support of advanced networking features including MPLS, IPv6, QoS, etc on J-series as well as M/T series.
14Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
ControlForward
Services?
1990’s Router Architecture
Monolithic Design
Router Architecture for NG Network Infrastructure
Secure & Reliable Realize predictable QoS Support full MPLS features Service without
performance compromise
… enables high security, uptime, performance, services support
Next Generation Router Design for Mission Critical Applications
Shared processing cycles Shared memory address
space or all processes Performance & service trade-
off Unpredictable QoS
performance
… jeopardizes security, uptime, performance, services
ControlEngine
ForwardingEngine
ServicesEngine
Prot
ocol
s
Inte
rfac
e M
gmt
Chas
sis
Mgm
t
SN
MP
Ser
vice
s
15Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Prot
ocol
s
Inte
rfac
e M
gmt
Chas
sis
Mgm
t
SNM
P
Serv
ices
high Uptime Modular design,
processes each run on protected memory
Clean interface between processes
Minor problems do not lead to system crashes
Next Gen CLI prevents operator error
strong Security Guaranteed resources
per function
Clean separation of functions
Full router control while under attack
ControlEngine
ForwardingEngine
ServicesEngine
reduced Operations cost One software train
facilitates easy maintenance and s/w stability
Structured quarterly release process
Features shared across all platforms
One Train!One
Train!
6.46.4 7.07.0 7.17.1
predictable Performance Predictable
performance even under load
Comprehensive QOS functions to classify, prioritize and schedule traffic
% o
f Li
ne R
ate
Complexity of Packet Processing
Addition of Addition of new service new service featuresfeatures
JuniperJuniper
Traditional Traditional RouterRouter
Juniper Routers Benefits
16Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
MarketData Feeds
Secure Server Area
EnterpriseInternalNetwork
AccessNetwork
To RemoteBackup Site
Secure Server Area
EnterpriseInternalNetwork
MarketData Feeds
AccessNetwork
InternetAccessSubnet
Secure Server Area
17Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Secure Server Area Requirement
Houses firm’s most critical systems and data
Challenging requirements:• High Throughput & Support Large # Connections
– Since so many users are accessing the SSA at any point in time
• Low Latency & Predictable QoS
– Routers, firewalls, IPS, web servers, app servers may affect overall end-user performance experience
• High Availability
– Since so much critical info is centrally located in the SSA, just a few moments of downtime could result in significant loss
• Highly Security up to Application Layer
– Systems contained in SSA must be most secured and resilient to attack since so many operations rely on these systems
18Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Integrated Security Gateway (ISG) 2000ideal platform for securing SSA
Predictable Performance Next-Generation Security ASIC (GigaScreen³)
• 2 Gbps Stateful Firewall - any packet size• 1 Gbps 3DES & AES IPSec VPN - any packet size• 1 Gbps+ IDP
Integration• Security applications – FW + Deep Inspection + VPN + IDP
Scalability• New flexible architecture designed to accommodate future
performance, capacity and functionality needs• Up to 28 ports, up to 500 VLANs
Attack Protection• Network attack protection, including DoS attacks • Deep Inspection to protect against attacks in Internet-facing
protocols• Modular IDP blade
Best-of Breed Security in a Single PlatformBest-of Breed Security in a Single Platform
19Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Juniper DX Application Front End
Unique Benefits• Accelerate user downloads up to 70%• Increase Web/App server capacity up
to 10X• Decrease bandwidth usage up to 70%
Accelerates Applications• Siebel, SAP, Lotus, Oracle, etc.• Custom web applications and Portals• SLB replacement for legacy apps,
mail, DNS, etc.
Deployment• Replace or complement existing SLB
(customer does not have to throw it away)
• No server or application changes• No changes to client or applications
20Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
EnterpriseInternal Network
Dual Homed Internet Connection
Dedicated Links to Customers, Partners and Branches
Connects with Customers, Partners and Branches
Aggregation of WiFi Access Points within Premises
Access Network
Access Network
EnterpriseInternalNetwork
MarketData Feeds
AccessNetwork
InternetAccessSubnet
Secure Server Area
ATM machines
21Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Next generation ATM machines & networks ATM machines are proliferating in APAC
Transformation of ATM machines and networks are happening
• Terminals: From Dump ATM terminals to multi-media Windows based ATM terminals
• Networks: From slow and expensive leased line/X.25/FR to mosre cost effective high speed broadband
• Protocols: From SNA to IP (VPN or managed IP)
• Applications: From just cash dispenser to value-added services (eg. VoIP/ videoconference with bank agent, digitization of cheque deposit…)
Juniper solutions: 5GT @every ATM machine; NS FW/VPN appliance @ hub site for high performance FW/VPN aggregation
IP
Hub site
Windows-based ATMs @ branches
IP over IPsec VPN over BB
22Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
IPSec VPN and SSL VPN – Juniper provides marketing leading solutions for both
Remote OfficeBranch Office
Fixed telecommuters
Business
PartnersHQ
MobileUsers
Department Servers DMZ-1
Finance
HR
Sales
Managed, TrustedRemote Network Security
IP to IP controlControl Requirement
Network AccessAccess Requirement
IPSec VPNVPN Type
FixedType of Connection
Remote, Branch Office
TelecommuterApplication Type
UnManaged, UnTrustedRemote Network Security
User to Application controlControl Requirement
Per Application Access Access Requirement
SSL VPNVPN Type
Mobile or FixedType of Connection
Mobile User
Partner ExtranetApplication Type
23Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Extranet Deployment – connecting your partners (eg. Broker firm, agencies….)
Traditional Extranet SSL VPN-Based Extranet
Extensive Deployment Requirements: Duplication & Migration of Servers into DMZ Harden OS/Server Farms & Ongoing Patch Maintenance Maintenance of public facing infrastructure AAA limitation to only those integrated resources Custom API development for non-Web content
Fast and Secure Deployment: Keep all Servers where they are Secure Gateway is harden, intermediates all request Multiple Hostnames & Customizable UI Rich AAA control of network resources
Dynamic Authentication Policies Expressive Role Definition & Mapping Rules Web Single Sign-On & Password Mgmt
Integration Support Web, File and Client/Server content
applications
24Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Secure ServerArea
Market Data Feeds
Dedicated Links Markets and Feeds
Tunnels to News Feeds
Intrusion Detection
ESP
Market Data Feeds
EnterpriseInternalNetwork
MarketData Feeds
AccessNetwork
InternetAccessSubnet
Secure Server Area
25Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Market Data Feeds Requirement
Unique to financial services industry the need for Market Data Feeds network
Need to security aggregate streaming data feeds which carry latency sensitive real-time market data for a multitude of sources• Streaming, real-time ticker data streams, business-wire news, other
perishable data
• Require low latency and linear throughput; large portion of data could arrive in small packets
• May employ anti-spoofing and DDoS prevention via M/J series and NS FW/VPN
• IDP in detection mode may be needed to detect protocol anomalies
26Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Agenda
1. Who is Juniper Networks?
2. Financial Services Networks Requirements
3. Meeting the Needs with Juniper Solutions
4. Some Case Studies
5. Summary
27Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Security (Firewall + IDP) deployment in stock exchange
Challenges
Solution
Benefits
the SET launched a new corporate bond exchange service in 03, has plans to introduce a new derivatives market in 05. The growth is driving the need to protect its network from ever-increasing hackers, viruses and other potential threats.
Juniper Networks’ ASIC based, deep inspection firewalls and IDP systems to protect its server array and other mission-critical assets – defending against hacking threats, while continuously monitoring the network for viruses and other anomalies.
• Fully-Integrated end-to-end protection• High-strength, synergistic protection
measures• High reliability and performance• Extensive functionality• Best value for money
Since 1975, the Stock Exchange of Thaland (Set) has been the investment center of Thailand’s captial markets. It handles an avg daily turnover of $490M, and provides a comprehensive range of products, services & trading infrasture to
28Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Global Firewall/VPN DeploymentProblem
Solution
Results
Lack of security on its new global IP data network infrastructure and IP-based messaging platform
NetScreen-5200 (12) NetScreen-5XP and 5GT (12,000) deployed in
remote sites NSM to secure its new global IP data network
and IP-based messaging platform, SWIFTNet
Deployment has been running successfully at 100% capacity since June 2003
Reliable security and flexible networking functionality
Uniform GUI across the product line, simplicity deployment for SWIFT and its’ members saving operational cost for both parties
SWIFT has deployed 12,000+ Juniper NetScreen appliances . In the coming years, SWIFT is planning to deploy more – which is expected to represent one of the world’s largest VPN deployments.
SWIFT
Customer Reference : http://www.juniper.net/company/presscenter/pr/2004/nspr_200404056_546.html
29Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Next generation of Automated Teller Machine (ATM) network deployment
Major Bank in TaiwanMajor Bank in Taiwan
Requirements
Results Lower cost of managing the bank’s ATMs Improved its transaction capacity at its 120
branch ATMs Assured mission critical networks by using
HA
Changing their leased-line network to Broadband to lower cost
ATM network has to be totally separated from the branch office network
Solution 2x NS500 in HQ dedicated to handle
ATM IPSec VPN 120x 5GT distributed to 120 ATM sites
for IPSec VPN connection
… 150 branch ATMs
Active/Passive HA
IPIP over IPsec VPN over BB
Central Hub site
30Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Firewall/VPN Deployment in Australia
Challenge
Solution
Results
Maintaining 18 software-based firewalls is expensive
Protect digital assets while providing services to customers connected via the internet
NetScreen-5200 (4)
Reduced total cost of ownership Increased network performance Reduced equipment footprint Reduced complexity in reducing 18 machines
to 4 makes for much easier and flexible ongoing administration and scalability
"By consolidating our security infrastructure with Juniper
Networks NetScreen products, we enjoyed immediate
savings in maintenance costs and equipment footprint,"
Michael McCutcheonSenior manager
Infrastructure and Architecture PlanningSt. George Bank
St. George Bank
Press Release: http://www.juniper.net/company/presscenter/pr/2004/pr-040722.html
31Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
SSL VPN Remote Access Deployment- a global bank with HQ in Europe
Challenge
Solution
Results
“Juniper IVE makes it easy to grant secure access to
employees around the world in a way that makes fiscal
sense, while building upon our existing infrastructure and
adding another layer of protection for our clients’
financial information.”
Director of Remote/Mobile Computing
This bank needed a way to keep their employees connected WW
Solutions must require no network changes
Secure Access series Stringent security penetration tests were
done to ensure appliance has strong security
A cost-effective, highly scalable remote access solutions
Keep employees connected at all times, from all locations, which is crucial in banking industry
32Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
SSL VPN Extranet Deployment
Challenge
Solution
Results
“With Juniper, we havea cost-effective, scalable
partnerextranet solution to give thirdparties access to important information and applications
at alltimes from any location.”
– David LaBiancaVice President,
Information Security & Privacy
Securely share information with partners to increase operational efficiency
Secure Access series
Bank partners can easily log on to the partner extranet from anywhere they have an Internet Connection
Receive Access to only the files, applications, and information that it deems appropriate so that confidential info cannot be infiltrated
“We see value in extending the IVE deployment to internal users for numerous other applications”
33Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Router/MPLS Deployment
OMHEX – Largest Securities market in Northern Europe
Hosts, operates and maintains 1,000s of servers responsible for 38,000 trading hours
Major operation centers in London, New York, Sydney, and Stockholm
MPLS
Stockholm Helsinki
LondonFull mesh tunnels for 9 data centers and
6 hub sites in 9 countries
Requirements
Solution Deploy M-series routers, migrate
backbone network to IP/MPLS MPLS Fast Reroute – multicast
applications no longer affected by link errors
Maps multicast trading info to CCC tunnels and provide QoS
JUNOS operating system and rich reliability features provides high network availability
Highly reliable network backbone Migrate from ATM to IP/MPLS Predictable QoS performance Support high performance and reliable
multicast applications”
Sydney
34Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Agenda
1. Who is Juniper Networks?
2. Financial Services Networks Requirements
3. Meeting the Needs with Juniper Solutions
4. Some Case Studies
5. Summary
35Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
Summary
• The financial vertical is going thru a lot of changes:
• to comply with new regulations• to provide more services per
customers to increase revenue• To drive more app. efficiency
• “Status Quo” solutions are not enough to satisfy the need of FSI today
• Juniper’s value propositions match well with what the finance customers want
Secure & Assure Your finance networks