Networking and Computer Hardware for Banks
[ From chapter-6 of the book "Information Technology in Banking" written by Abul Kashem Md. Shirin and Nusrat Tamanna Prianka and published by Institute of Bankers, Bangladesh (IBB) ]
1. Concept
of LAN and WAN
1.1. Local
Area Network
A
Local Area Network (LAN) is a Computer Network covering a
small physical area, like a home, office, or small groups of buildings, such as
a school, or an airport. LAN connects more than one computer and is useful for
sharing resources like files, printers, games or other applications. A computer
connected to a LAN is able to access data and share program in another computer
in the same LAN. Users can also use the LAN to communicate with each other, by
sending e-mail or engaging in chat sessions.
A
LAN Card is installed on each of the computers. The LAN Card has a port where
one end of a cable is connected. Another end of the cable is connected to a Hub
or Network Switch. Similarly all the computers are connected to the Hub or Network
Switch to build the LAN. The run length of individual Ethernet cables is
limited to roughly 100 meters.
The
following characteristics differentiate one LAN from another:
Topology: The
geometric arrangement of devices on the network. For example, devices can be
arranged in a ring or in a straight line.
Protocol: The rules and encoding specifications for sending
data. The protocols also determine whether the network uses a peer-to-peer or
client/server architecture.
Media: Devices can be connected by twisted-pair wire, coaxial
cables or fiber optic cables. Some networks do without connecting media
altogether, communicating instead via radio waves.
LANs
are capable of transmitting data at very fast rates, much faster than data can
be transmitted over a telephone line; but the distances are limited, and there
is also a limit on the number of computers that can be attached to a single
LAN.
The
defining characteristics of LANs, in contrast to Wide Area Network (WAN),
include their usually higher data-transfer rates, smaller geographic area, and
lack of a need for leased telecommunication lines.
1.2. Wide
Area Network
Wide
Area Network (WAN) is a computer network that spans a relatively large
geographical area. Typically, a WAN connects two or more local area networks
(LAN).
Computers
connected to a wide-area network are often connected through public networks,
such as the telephone system (X.25 and DDN). They can also be connected through
leased lines (Radio, Fiber Optic etc.) or satellites (VSAT). All the computers
in a LAN are connected to a network
switch. The network switch has a connection to a router which is the gateway for the LAN. All the routers of
different LANs participating in the WAN are then connected together using telephone
system, leased lines or satellites. Network protocols like TCP/IP, X.25, ATM,
Frame Relay are used to deliver transport and addressing functions – that is,
for locating a computer in the WAN and determining route for transferring
data/information and/or communication.
For
a Bank, each branch has a LAN. All the Computers in the branch are connected to
one or more network switch. The network switch is connected to a router. If a
bank has 100 branches, it has 100 routers installed in individual branches. Now
all the routers are connected together to form a WAN. All the routers are
connected using telephone system, leased lines or satellites. They are
collectively known as communication media.
The
largest WAN in existence is the Internet.
Using
WAN users and computers in one location can communicate with users and
computers in other locations. Many WANs are built for one particular
organization and are private. Others, built by Internet Service Providers,
provide connections from an organization's LAN to the Internet.
1.3. Transmission
Media
Transmission
or communication media is the physical media used for connection of computers
on LAN and WAN.
1.3.1. Transmission
Media for LAN:
For
LAN, there are many different types of transmission media, the most popular
being twisted-pair wire (normal electrical wire), coaxial cable (the type of
cable used for cable television), fiber optic cable (cables made out of glass)
and wireless media (Wi-Fi).
A
Wi-Fi enabled device such as a computer, mobile phone, MP3 player can connect
to the internet when within range of a wireless network that is connected to
the Internet. The coverage of the wireless network called Wi-Fi hotspots, can
comprise an area as small as a few rooms, a hotel, an university or an airport.
Wi-Fi hotspots can provide public access to internet either to every one free-of-charge,
or to subscribers to various commercial services.
1.3.2. Transmission
Media for WAN:
For
WAN, the transmission media can be land telephone system (X.25, DDN, ISDN),
mobile phone system (Zoom, Edge), leased land lines (Fiber Optic), Microwave
(Radio) or satellites (VSAT).
a) Land
Lines:
Land
telephone systems use direct copper cabling between two routers. These are slow
(less bandwidth up to 2 MB) and not available throughout the country. Fiber
Optic has very high bandwidth (service providers can provide up to 10 GB
depending on interface card), but only available in large cities.
b) Microwave:
Microwave
or Radio link use microwave of public frequencies (2.4, 5.7 & 5.8 Ghz) as
well as licensed frequencies (3.2 & 5.2 Ghz). Two points are connected
using high towers and antenna. The two antennas connecting two LAN must be at
eye-to-eye, i.e., there should not be any obstacle like building or hill in
between two antennas. The distance between the two antennas should not be more
than 30 km. The bandwidth can be a maximum of 10 MB depending on interface card
(i.e., if the speed of the interface card is 10 MB).
Mobile
phone system uses wireless technology for data connectivity. These systems
provide low bandwidth (speed) and may be used for connecting Automated Teller
Machines (ATM) with the bank’s data center.
c) Satellites:
Satellites
(VSAT – Very Small Aperture Terminal) can cover a long distance. In case of use
of VSAT, there is no requirement for eye-to-eye placement for VSAT antenna.
However the VSAT provides small bandwidth (up to 1 MB) which may not be
sufficient for running banking applications.
1.4. LAN/WAN
for Bank
For
setting up a LAN/WAN, we need Hub/Network Switch and Router. However for a bank,
which deals with money and as such where security is the main concern,
additional security devices like Firewall
are required at Data Center, DRS and each of the branches. The firewall is
installed in between Switch and Router. The Firewall guarantee that the
instructions entering into the Data Center are from designated branch.
1.4.1. Firewall:
 |
A
firewall is a part of computer
system or network that is designed to block unauthorized access while
permitting authorized communications. It is a device which is configured to
permit or deny computer applications based upon a set of rules and other
criteria. Firewalls can be implemented in either hardware or software, or a
combination of both. Firewalls are frequently used to prevent unauthorized
Internet users from accessing private networks connected to the Internet.
1.4.2. DMZ:
Special
security attention needs to be given during providing internet connection in
the Data Center. The servers related to internet access should be placed in the
De-militarized Zone (DMZ).
In
computer security, a DMZ or demilitarized zone is a physical or
logical sub-network that contains and exposes an organization's external
services to a larger un-trusted network, usually the Internet. The purpose of a
DMZ is to add an additional layer of security to an organization's LAN; an
external attacker only has access to equipment in the DMZ, rather than any
other part of the network.
2. Hardware
& infrastructure used for Bank automation
For
Bank automation a huge quantity of hardware and software are required. The
Servers, Personal Computers, UPS, various software, networking equipments and
other accessories require a big investment. For automation of a bank of 50
branches, the required budget should be around Tk.200 - 500 million. This
budget includes only setup of data center, DRS, installation of facilities for
bringing all the branches in online operation with a core banking solution and
does not include installation of any delivery channel.
2.1. Advanced
Hardware Terminology
Before
we go into detailed discussion on the various computerization approached, here
some definitions on terminology related to hardware are presented.
2.1.1. Various
Computer Servers
a) Branch
Server:
In
a LAN of a branch, all the users’ (bank officer’s) computers are connected.
There may have one or more servers for different purposes connected to the LAN.
One such server may be used for accessing Core Banking System of the bank
installed centrally at Data Center and called branch server.
Earlier
versions of Core Banking Software were designed to work in 4 steps – at user
terminal, branch server, application server, and database server. Branch server
was used to perform some activities offline and to validate some functionality
locally from the branch server which in turn reduces the bandwidth requirement
in WAN connectivity. Offline capability ensures that during break down of the
WAN connectivity, the branch users can make offline transactions only for their
own (home branch) customers. Such offline transactions are validated from and
recorded to the database of the branch server. After the connection is
established, all the transactions are sent to the central database server for
update. Branch server records signature and photograph of the customers of the home
branch and during transaction from the home branch, these are displayed at the
user’s terminal from the branch server for verification. This reduces the
bandwidth requirement.
The
signature and photograph are also recorded in the central database server at
the Data Center. If a customer makes transaction from another branch, these are
displayed at the user’s computer from the data center.
b) Application
Server:
When
a bank officer (user) makes a posting at his computer terminal, it is partially
validated at branch server and then the data and instructions pass through WAN
to the Application Server at Data Center. An Application Server is a server
which contains main part of the program written for the specific purposes. In
the 3-tier architecture of
programming technique, normally user’s computer terminal, application server
and database server are involved. A part of the program is installed at the
user’s computer terminal, user has to run this program by clicking an icon or
menu. This program automatically gets connected to the Application Server.
Application server interacts with the user providing various menu, sub-menu,
prompt, window etc. and collect data and instructions. Finally for execution of
the instructions, the data is handed over to the databases server.
c) Database
Server:
Database
server stores customer data. It also validates some business rules and
consistencies before customer data is modified. Database server gets
instruction from the Application Server for modifying customer data. It
validates some business rules like the account has sufficient balance to
withdraw, the cheque leaf is unpaid etc. If the validation is passed, the
database server updates the account position and stores the transaction
history.
2.1.2. RAID
RAID stands for Redundant Array of Independent (or
inexpensive) Disks. It is a technology used for hard drives of Computer Servers
to provide data reliability and increase input/output performance. When multiple physical disks are set up to use RAID
technology, they are said to be in a RAID array. This array distributes
data across multiple disks, but the array is seen by the computer user and
operating system as one single disk.
There
are number of different RAID levels:
Level 0 -- Striped Disk Array without Fault Tolerance: Provides data striping (spreading out blocks
of each file across multiple disk drives) but no redundancy. This improves
performance but does not deliver fault tolerance. If one drive fails then all
data in the array is lost.
Level 1 -- Mirroring and Duplexing: Provides disk mirroring. Mirroring is a technique in which data is
written to two duplicate disks simultaneously. This way if one of the disk
drives fails, the system can instantly switch to the other disk without any
loss of data or service.
Level 2 -- Error-Correcting Coding: Not a typical implementation and rarely used, Level 2 stripes data at
the bit level rather than the block level.
Level 3 -- Bit-Interleaved Parity: Provides byte-level striping with a dedicated parity disk. Level 3,
which cannot service simultaneous multiple requests, also is rarely used.
Level 4 -- Dedicated Parity Drive: A commonly used implementation of RAID, Level 4 provides block-level
striping (like Level 0) with a parity disk. If a data disk fails, the parity
data is used to create a replacement disk. A disadvantage to Level 4 is that
the parity disk can create write bottlenecks.
Level 5 -- Block Interleaved Distributed Parity: Provides data striping at the byte level and also
stripe error correction information. This results in excellent performance and
good fault tolerance. Level 5 is one of the most popular implementations of
RAID.
Level 6 -- Independent Data Disks with Double Parity: Provides block-level striping with parity data
distributed across all disks.
Level 0+1 -- A Mirror of Stripes: Not one of the original RAID levels, two RAID 0 stripes are created,
and a RAID 1 mirror is created over them. Used for both replicating and sharing
data among disks.
2.1.3. External
Storage Device
In
a bank, the volume of data is huge which the internal hard disks of a computer
server can’t accommodate. It requires 10-100 numbers of hard disk to store the
customer information and record everyday transactions. In an external storage device,
all these hard disks are placed. The device also contains processor, RAM,
software etc. to manage the hard disks – normally to allocate the space for
different applications running on different servers. As such the external
storage system also uses for storage consolidation. Such storage system has
capability to replicate data from Data Center to DRS.
2.1.4. SAN
Switch:
The
storage device is connected to servers through SAN Switch. SAN stands for Storage Area Network, and is a
specialized, high-speed network attaching servers and storage devices.
2.1.5. Clustering
Clustering
is grouping of linked computers, working together closely so that in many
respects they form a single computer. Based on the purpose of making a cluster
between two computers, the clustering can be of the following types:
a) High-availability (HA)
clusters
High-availability clusters (also known as Failover Clusters) are implemented
primarily for the purpose of improving the availability of services. They
operate by having redundant nodes (servers), which are used to provide service
when the first node fails. The most common size for an HA cluster is two node,
which is the minimum requirement to provide redundancy. HA cluster implementations
attempt to use redundancy of cluster components to eliminate single point of
failure. This is also called active-passive
cluster.
b) Load-balancing clusters
In a Load-balancing clusters, two computers are linked together to share computational
workload at 50% load and function as a single virtual computer. Requests
initiated from the user are managed by, and distributed among all the computers
by a network load balancer. This results in balanced computational work load
among different machines, improving the performance of the cluster system in
one side, and providing redundancy on the other side. If one node fails the
other node run at 100% load. This is also called as active-active cluster.
2.1.6. Replication
Replication
is a set of technologies for copying and distributing data and database objects
from one database to another and then synchronizing between databases to
maintain consistency. Using replication, data can be copied to a remote
location normally from Data Center to DRS using a high speed link. Replication
can be asynchronous (async) or synchronous (sync).
a) Async
Replication:
In
an async replication, data is transferred from DC to DRS after a set time
interval say 5 minutes. This type of replication can be made using fiber optic
connectivity.
b) Sync
Replication:
In a sync replication, data is transferred instantly
from DC to DRS meaning as and when a transaction is recorded in DC, it will be
recorded simultaneously at DRS also. For sync replication, a dark fiber is
required.
c) Dark
Fiber:
A
dark fiber is a dedicated direct fiber optic link between two points. These are
not shared, and routers are not connected at two ends of the fiber cable (as
such TCP/IP protocol is not used for communication).
2.2. Data
Center (DC)
A
data center is a facility used to house computer systems and associated
components, such as telecommunications and storage systems. It generally
includes redundant or backup power supplies, redundant data communications
connections, environmental controls (e.g., air conditioning, fire suppression)
and security devices.
There
are 4 types of data center. The simplest is a Tier 1 data center, which is
basically a server room, following basic guidelines for the installation of
computer systems. The most stringent level is a Tier 4 data center, which is
designed to host mission critical computer systems, with fully redundant
subsystems and compartmentalized security zones controlled by biometric access
controls methods. Each of the 4 levels of DC are narrated below:
Tier Level
|
Requirements
|
1
|
·
Single
non-redundant distribution path serving the IT equipments
·
Non-redundant
capacity components
·
Basic site
infrastructure guaranteeing 99.671% availability
|
2
|
·
Fulfils all
Tier 1 requirements
·
Redundant site
infrastructure capacity components guaranteeing 99.741% availability
|
3
|
·
Fulfils all
Tier 1 & Tier 2 requirements
·
Multiple independent
distribution paths serving the IT equipments
·
All IT
equipments must be dual-powered and fully compatible with the topology of a
site's architecture
·
Concurrently
maintainable site infrastructure guaranteeing 99.982% availability
|
4
|
·
Fulfils all Tier
1, Tier 2 and Tier 3 requirements
·
All cooling
equipment is independently dual-powered, including chillers and Heating,
Ventilating and Air Conditioning (HVAC) systems
·
Fault tolerant
site infrastructure with electrical power storage and distribution facilities
guaranteeing 99.995% availability
|
A
data center can occupy one room of a building, one or more floors, or an entire
building. Most of the equipment is often in the form of servers mounted in rack
cabinets, which are usually placed in single rows forming corridors between
them. This allows people access to the front and rear of each cabinet. Air
Conditioning is used to control the temperature and humidity in the data
center. The recommended temperature ranges from 16–24 °C (61–75 °F) and
humidity range from 40–55% with a maximum dew point of 15°C as optimal for data
center conditions.
2.3. Disaster
Recovery Site (DRS)
Disaster recovery is the
process, policies and procedures related to preparing for recovery or
continuation of technology infrastructure critical to an organization after a
natural or human-induced disaster. Disaster
Recover Site is a place similar to Data Center in term of infrastructure,
hardware and software installed, and data stored. The DRS should have
capability to become primary site automatically in case the Data Center is in
disaster.
The
distance between the Data Center and DRS needs trade-off between the following
two issues:
i) If
long distance is chosen, there may be problem related to manageability of the
DRS, availability of dark fiber and availability of required latency. Also the
sync replication may not be possible.
ii) If
short distance (at least 20 km) is chosen, the disaster like earthquake,
hurricane may destroy both the site.
coool
উত্তরমুছুন