Reference Architecture for Shared Services Hosting_SunilBabu_V2.0
-
Upload
sunil-babu -
Category
Documents
-
view
284 -
download
0
Transcript of Reference Architecture for Shared Services Hosting_SunilBabu_V2.0
Reference Architecture for Shared Services Hosting for Payments Bank & Small Finance BankAuthor: Sunil Babu
Date: 15-Feb-2016Version: 1.0
Key Requirements
Business Requirements:• Shared services hosting for Payment Banks & Small
Banks on a Shared Model & Shared Infra• Fit for Purpose systems / Architecture• Security compliant to mandates• Lowest TCO
Technology Requirements:• Scalable Architecture to handle rapid & quantified growth• Architecture should logically partition bank data in an
optimal way• Dynamic Infra Provisioning• Lean Architecture• High Performance and throughput at database and data
access layer• Better User experience via low latency access response• Effective Load distribution for optimum resource utilization
and better ROI• Data security at rest and in transit• Secure access to the environment for delivery team• Ability to easily manage and replicate multiple environments
based on blueprint architecture.
High Level Architecture
Payments Bank & SFB - Shared Services
Infrastructure (DC, DR, Near-DR)
Networking (WAN, MPLS, SDN…)
Physical (Servers, SAN, Workstations..)
Virtualization (ESX, Hyper-V, Xen..)
Operating SystemCompute Storage Network
PlatformDatabase Middleware ESB, MQ…
Core Application / TX Processing Services
User Interface Services
Sec
uri
ty
Man
age
men
t
Integration Services (API)
Dev
Op
s (B
uild
, Tes
t, R
elea
se)
Service M
gm
tP
erf. Mg
mt
En
terprise M
gm
t
BankUsers
Service Provid
er Team
• Bank Team (Operations, Management, Business)
• Partners• Merchants• Customers
(Retail / Corporate)
• Development
• Operations• Infra• Security• Network• Applicatio
ns• Platform• SOC, NOC,
TOC
Channels & Other Ancillary Apps
Design Principles & Assumptions
• Core Application (e.g. CBS), TX processing Application (e.g. Cards), Functional Applications (e.g. AML) to be deployed as separate instances
• Customer related Data to be stored in separate database• There can be one instance of Non-Functional Apps such as APM, UIM, SOC etc.’• Leverage on Multi-tenant database function to reduce DB license costs• Leverage on running non-core functions such as Reporting, Backup from Near-DR & DR site to reduce load on DC• Shared Applications such as APM, Infra Management, Asset Management should enable treating a bank as a logical
entity thus enabling monitoring/management/reporting for it separately• Dynamic Infra Provisioning can achieved by leveraging Platform-as-a-Service (PaaS) technologies such as
Infrastructure-as-a-Service (IaaS), Database-as-a-Service (DBaaS) & Middleware-as-a-Service (MWaaS)• When implementing PaaS, need to get assurance on version change and its impact on hosted applications.
Customer Relationship
IT Governance and
Compliance
Corporate Administration
Products and Transactions
ATM POSMobile/
Tablets
Internet (Ret/Corp)
Branch KIOSKSPhone
Banking
CRMCRM
Analytics
Marketing and
CampaignsCRM Social
CRM Sales & Service
Procurement HRMS GLFixed Assets
Budgeting Projects Expense Management
Compliance BASELAML/KY
CALM/FT
PRegulatory
RBI/ADFRisk
ManagementGovernance Audit
Fraud Management
Channels
Application Architecture
CASAMicrofina
nceTerm
DepositsPersonal Finance
Wealth Managem
entKYC
Gov Business
Corporate Banking
Payments Remittance Bills BC
Cash management
Forex Treasury
DCMSAsset
Management
AML
CardsLoyalty
Programs
INBMobile
Banking
Contact Centre
Switch
ePG
Data Architecture
Encryption
Secure DB Instance for each Bank
Data Masking
Privileged
Access
Control
Replication for RTO, RPO & Offloading of Non-Core
Functions
PR Near-DR / DR
Clustering for HA(Active-Active or Active-Passive)
Compression for Backup &
Archival
Columnar Compression
Activity
Auditing Multitenant Container Database for Payments Bank / SFB InstanceCommon DB Instance for all Banks
Multitenant Container Database
Information Architecture Info
rmatio
n
Life
cycle
M
an
ag
em
en
t
Aggregations & Summaries Unstructured Data
Master & Reference Data, CIF
Operational Data Structured Data
External Ecosystem Service Provider DC – Bank “A” Application Instance
API GatewayChannel / Wallet
App Services
CBS
Payment Gateway
2FA
Mobile Wallet App
TCP/IP
ISO8583API Gateway
• Central Policy Enforcement on outgoing/ incoming traffic
• Threat Protection• Non-Repudiation• API Monitoring/ Mgmt.• API Analytics• ESB-Like Web Service Mediation• Branded API Portal for Merchants & Developers
DMZ Corporate Network
API based Integration Architecture
Risk Authentication
Merchants/Partners
Technology Operations Centre for all hosted banks - Architecture
Service ProviderCommand Centre
DC & DR
Network (MPLS/Leased
Line/WAN/LAN)
Applications
Servers
Workstations
Operating Systems
Transactions
Monitor
Manage
Administer
Proactive Monitoring
(HW, SW, NW)
SLA Management
Config/Patch Management
App/Backup Job
Management
RCA/ Rectify/ Restore
Server/Client Automation
Asset Lifecycle Management
Incident/Problem/Change
Management
Service Management
Automation
Transaction Management
(Online + Mobile)
Database & Middleware Monitoring
TOC Solution Building Blocks
KPI(s)• Business SLA
• Response Time
• RTO/RPO
• Throughput
• MTTR
• Time to Market/ Time to
Value
• TCO / RTO
Measured Against
Technology Operations Centre - Integration
DC & DR
Applications
Servers
Workstations
Operating Systems
Transactions
Infra Mgmt
Network Mgmt
Automation
Application
Perf. Mgmt
Mobile
Application
Analytics
Service Desk
Alarms
Config MgmtEvent Mgmt
AvailabilityPerformance
“Metrics”Agent +
Agentless(SNMP)
“Metrics” Agentless(SNMP)
Workload Scheduling& Management
Dashboard - Workload Monitoring
& SLA Management
Dashboard/Reports/Alarms – Historical Reporting
Topology/Alarms – RCA Reporting
Defects
IncidentChange MgmtConfig Mgmt
KPI(s)/Trends/SLA Reporting
Mobile/Web Customer Experience & Business TX. Monitoring from
Mobile to backend
“Metrics”Agent +
Web Traffic
“Metrics”From Customer Mobile Device
Events/Violations
Workload(EOD, BOD, MIS..)
Security Architecture
Payments Bank & SFB - Shared Services
Infrastructure (DC, DR, Near-DR)
Networking (WAN, MPLS, SDN…)
Physical (Servers, SAN, Workstations..)
Virtualization (ESX, Hyper-V, Xen..)
Operating SystemCompute Storage Network
PlatformDatabase Middleware ESB, MQ…
Core Application / TX Processing Services
User Interface Services Integration Services (API)
Channels & Other Ancillary Apps
WAFDDOS API Management
IDS/IPS
PIM/PAM
2 Factor Authentication
Fraud Risk Management
IPsec APT
Security Operations Centre
Event Source
Points of Presence SOC Core SOC Output
Databases
Mainframe
Network
CollectorsSOC Analysis server
SOC DB server
SOC App server
Compliance Dashboard
Operational Dashboard
Logs, Events, Feeds
API
Management
2 Factor
Authentication
WAF
DDOS
IDS/IPS
IPsec
PIM/PAM
Fraud Risk
Management
APT
Deployment Architecture for a Bank
Bank “X” on Shared Services Hosting Model
Infrastructure (DC, DR, Near-DR)
Networking (WAN, MPLS, SDN…)
Physical (Servers, SAN, Workstations..)
Virtualization (ESX, Hyper-V, Xen..)
Operating SystemCompute Storage Network
PlatformDatabase Middleware ESB, MQ…
Core Application / TX Processing Services
User Interface Services
Man
age
men
t
Integration Services (API)
Dev
Op
s (B
uild
, Tes
t, R
elea
se)
Service Mgm
tPerf. M
gmt
Enterp
rise Mgm
t
Channels & Other Ancillary Apps
Sec
uri
tyAPI
Management
2 Factor
Authentication
WAF
DDOS
IDS/IPS
IPsec
PIM/PAM
Fraud Risk
Management
APT
Created Specific for Bank “X”
Shared Services