Networking and Computer Hardware for Banks

Networking and Computer Hardware for Banks

[ From chapter-6 of the book "Information Technology in Banking" written by Abul Kashem Md. Shirin and Nusrat Tamanna Prianka and published by Institute of Bankers, Bangladesh (IBB) ]

1.         Concept of LAN and WAN

1.1.      Local Area Network

A Local Area Network (LAN) is a Computer Network covering a small physical area, like a home, office, or small groups of buildings, such as a school, or an airport. LAN connects more than one computer and is useful for sharing resources like files, printers, games or other applications. A computer connected to a LAN is able to access data and share program in another computer in the same LAN. Users can also use the LAN to communicate with each other, by sending e-mail or engaging in chat sessions.

A LAN Card is installed on each of the computers. The LAN Card has a port where one end of a cable is connected. Another end of the cable is connected to a Hub or Network Switch. Similarly all the computers are connected to the Hub or Network Switch to build the LAN. The run length of individual Ethernet cables is limited to roughly 100 meters.

                       

The following characteristics differentiate one LAN from another:

Topology: The geometric arrangement of devices on the network. For example, devices can be arranged in a ring or in a straight line.

Protocol: The rules and encoding specifications for sending data. The protocols also determine whether the network uses a peer-to-peer or client/server architecture.

Media: Devices can be connected by twisted-pair wire, coaxial cables or fiber optic cables. Some networks do without connecting media altogether, communicating instead via radio waves.

LANs are capable of transmitting data at very fast rates, much faster than data can be transmitted over a telephone line; but the distances are limited, and there is also a limit on the number of computers that can be attached to a single LAN.

The defining characteristics of LANs, in contrast to Wide Area Network (WAN), include their usually higher data-transfer rates, smaller geographic area, and lack of a need for leased telecommunication lines.

1.2.      Wide Area Network

Wide Area Network (WAN) is a computer network that spans a relatively large geographical area. Typically, a WAN connects two or more local area networks (LAN).

Computers connected to a wide-area network are often connected through public networks, such as the telephone system (X.25 and DDN). They can also be connected through leased lines (Radio, Fiber Optic etc.) or satellites (VSAT). All the computers in a LAN are connected to a network switch. The network switch has a connection to a router which is the gateway for the LAN. All the routers of different LANs participating in the WAN are then connected together using telephone system, leased lines or satellites. Network protocols like TCP/IP, X.25, ATM, Frame Relay are used to deliver transport and addressing functions – that is, for locating a computer in the WAN and determining route for transferring data/information and/or communication.

For a Bank, each branch has a LAN. All the Computers in the branch are connected to one or more network switch. The network switch is connected to a router. If a bank has 100 branches, it has 100 routers installed in individual branches. Now all the routers are connected together to form a WAN. All the routers are connected using telephone system, leased lines or satellites. They are collectively known as communication media.

The largest WAN in existence is the Internet.

Using WAN users and computers in one location can communicate with users and computers in other locations. Many WANs are built for one particular organization and are private. Others, built by Internet Service Providers, provide connections from an organization's LAN to the Internet.

1.3.      Transmission Media

Transmission or communication media is the physical media used for connection of computers on LAN and WAN.

1.3.1.   Transmission Media for LAN:

For LAN, there are many different types of transmission media, the most popular being twisted-pair wire (normal electrical wire), coaxial cable (the type of cable used for cable television), fiber optic cable (cables made out of glass) and wireless media (Wi-Fi).

A Wi-Fi enabled device such as a computer, mobile phone, MP3 player can connect to the internet when within range of a wireless network that is connected to the Internet. The coverage of the wireless network called Wi-Fi hotspots, can comprise an area as small as a few rooms, a hotel, an university or an airport. Wi-Fi hotspots can provide public access to internet either to every one free-of-charge, or to subscribers to various commercial services.

1.3.2.   Transmission Media for WAN:

For WAN, the transmission media can be land telephone system (X.25, DDN, ISDN), mobile phone system (Zoom, Edge), leased land lines (Fiber Optic), Microwave (Radio) or satellites (VSAT).

a)         Land Lines:

Land telephone systems use direct copper cabling between two routers. These are slow (less bandwidth up to 2 MB) and not available throughout the country. Fiber Optic has very high bandwidth (service providers can provide up to 10 GB depending on interface card), but only available in large cities.

b)         Microwave:

Microwave or Radio link use microwave of public frequencies (2.4, 5.7 & 5.8 Ghz) as well as licensed frequencies (3.2 & 5.2 Ghz). Two points are connected using high towers and antenna. The two antennas connecting two LAN must be at eye-to-eye, i.e., there should not be any obstacle like building or hill in between two antennas. The distance between the two antennas should not be more than 30 km. The bandwidth can be a maximum of 10 MB depending on interface card (i.e., if the speed of the interface card is 10 MB).

Mobile phone system uses wireless technology for data connectivity. These systems provide low bandwidth (speed) and may be used for connecting Automated Teller Machines (ATM) with the bank’s data center.

c)         Satellites:

Satellites (VSAT – Very Small Aperture Terminal) can cover a long distance. In case of use of VSAT, there is no requirement for eye-to-eye placement for VSAT antenna. However the VSAT provides small bandwidth (up to 1 MB) which may not be sufficient for running banking applications.

1.4.      LAN/WAN for Bank

For setting up a LAN/WAN, we need Hub/Network Switch and Router. However for a bank, which deals with money and as such where security is the main concern, additional security devices like Firewall are required at Data Center, DRS and each of the branches. The firewall is installed in between Switch and Router. The Firewall guarantee that the instructions entering into the Data Center are from designated branch.

1.4.1.   Firewall:

A firewall is a part of computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device which is configured to permit or deny computer applications based upon a set of rules and other criteria. Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet.

1.4.2.   DMZ:

Special security attention needs to be given during providing internet connection in the Data Center. The servers related to internet access should be placed in the De-militarized Zone (DMZ). 

In computer security, a DMZ or demilitarized zone is a physical or logical sub-network that contains and exposes an organization's external services to a larger un-trusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's LAN; an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

2.         Hardware & infrastructure used for Bank automation

For Bank automation a huge quantity of hardware and software are required. The Servers, Personal Computers, UPS, various software, networking equipments and other accessories require a big investment. For automation of a bank of 50 branches, the required budget should be around Tk.200 - 500 million. This budget includes only setup of data center, DRS, installation of facilities for bringing all the branches in online operation with a core banking solution and does not include installation of any delivery channel.

2.1.      Advanced Hardware Terminology

Before we go into detailed discussion on the various computerization approached, here some definitions on terminology related to hardware are presented.

2.1.1.   Various Computer Servers

a)         Branch Server:

In a LAN of a branch, all the users’ (bank officer’s) computers are connected. There may have one or more servers for different purposes connected to the LAN. One such server may be used for accessing Core Banking System of the bank installed centrally at Data Center and called branch server.

Earlier versions of Core Banking Software were designed to work in 4 steps – at user terminal, branch server, application server, and database server. Branch server was used to perform some activities offline and to validate some functionality locally from the branch server which in turn reduces the bandwidth requirement in WAN connectivity. Offline capability ensures that during break down of the WAN connectivity, the branch users can make offline transactions only for their own (home branch) customers. Such offline transactions are validated from and recorded to the database of the branch server. After the connection is established, all the transactions are sent to the central database server for update. Branch server records signature and photograph of the customers of the home branch and during transaction from the home branch, these are displayed at the user’s terminal from the branch server for verification. This reduces the bandwidth requirement.

The signature and photograph are also recorded in the central database server at the Data Center. If a customer makes transaction from another branch, these are displayed at the user’s computer from the data center.

b)         Application Server:

When a bank officer (user) makes a posting at his computer terminal, it is partially validated at branch server and then the data and instructions pass through WAN to the Application Server at Data Center. An Application Server is a server which contains main part of the program written for the specific purposes. In the 3-tier architecture of programming technique, normally user’s computer terminal, application server and database server are involved. A part of the program is installed at the user’s computer terminal, user has to run this program by clicking an icon or menu. This program automatically gets connected to the Application Server. Application server interacts with the user providing various menu, sub-menu, prompt, window etc. and collect data and instructions. Finally for execution of the instructions, the data is handed over to the databases server.

c)         Database Server:

Database server stores customer data. It also validates some business rules and consistencies before customer data is modified. Database server gets instruction from the Application Server for modifying customer data. It validates some business rules like the account has sufficient balance to withdraw, the cheque leaf is unpaid etc. If the validation is passed, the database server updates the account position and stores the transaction history.

2.1.2.   RAID

RAID stands for Redundant Array of Independent (or inexpensive) Disks. It is a technology used for hard drives of Computer Servers to provide data reliability and increase input/output performance. When multiple physical disks are set up to use RAID technology, they are said to be in a RAID array. This array distributes data across multiple disks, but the array is seen by the computer user and operating system as one single disk.

There are number of different RAID levels:

Level 0 -- Striped Disk Array without Fault Tolerance: Provides data striping (spreading out blocks of each file across multiple disk drives) but no redundancy. This improves performance but does not deliver fault tolerance. If one drive fails then all data in the array is lost.

Level 1 -- Mirroring and Duplexing: Provides disk mirroring. Mirroring is a technique in which data is written to two duplicate disks simultaneously. This way if one of the disk drives fails, the system can instantly switch to the other disk without any loss of data or service.

Level 2 -- Error-Correcting Coding: Not a typical implementation and rarely used, Level 2 stripes data at the bit level rather than the block level.

Level 3 -- Bit-Interleaved Parity: Provides byte-level striping with a dedicated parity disk. Level 3, which cannot service simultaneous multiple requests, also is rarely used.

Level 4 -- Dedicated Parity Drive: A commonly used implementation of RAID, Level 4 provides block-level striping (like Level 0) with a parity disk. If a data disk fails, the parity data is used to create a replacement disk. A disadvantage to Level 4 is that the parity disk can create write bottlenecks.

Level 5 -- Block Interleaved Distributed Parity: Provides data striping at the byte level and also stripe error correction information. This results in excellent performance and good fault tolerance. Level 5 is one of the most popular implementations of RAID.

Level 6 -- Independent Data Disks with Double Parity: Provides block-level striping with parity data distributed across all disks.

Level 0+1 -- A Mirror of Stripes: Not one of the original RAID levels, two RAID 0 stripes are created, and a RAID 1 mirror is created over them. Used for both replicating and sharing data among disks.

2.1.3.   External Storage Device

In a bank, the volume of data is huge which the internal hard disks of a computer server can’t accommodate. It requires 10-100 numbers of hard disk to store the customer information and record everyday transactions. In an external storage device, all these hard disks are placed. The device also contains processor, RAM, software etc. to manage the hard disks – normally to allocate the space for different applications running on different servers. As such the external storage system also uses for storage consolidation. Such storage system has capability to replicate data from Data Center to DRS.

2.1.4.   SAN Switch:

The storage device is connected to servers through SAN Switch. SAN stands for Storage Area Network, and is a specialized, high-speed network attaching servers and storage devices.

2.1.5.   Clustering

Clustering is grouping of linked computers, working together closely so that in many respects they form a single computer. Based on the purpose of making a cluster between two computers, the clustering can be of the following types:

a)         High-availability (HA) clusters

High-availability clusters (also known as Failover Clusters) are implemented primarily for the purpose of improving the availability of services. They operate by having redundant nodes (servers), which are used to provide service when the first node fails. The most common size for an HA cluster is two node, which is the minimum requirement to provide redundancy. HA cluster implementations attempt to use redundancy of cluster components to eliminate single point of failure. This is also called active-passive cluster.

b)         Load-balancing clusters

In a Load-balancing clusters, two computers are linked together to share computational workload at 50% load and function as a single virtual computer. Requests initiated from the user are managed by, and distributed among all the computers by a network load balancer. This results in balanced computational work load among different machines, improving the performance of the cluster system in one side, and providing redundancy on the other side. If one node fails the other node run at 100% load. This is also called as active-active cluster.

2.1.6.   Replication

Replication is a set of technologies for copying and distributing data and database objects from one database to another and then synchronizing between databases to maintain consistency. Using replication, data can be copied to a remote location normally from Data Center to DRS using a high speed link. Replication can be asynchronous (async) or synchronous (sync).

a)         Async Replication:

In an async replication, data is transferred from DC to DRS after a set time interval say 5 minutes. This type of replication can be made using fiber optic connectivity.

b)         Sync Replication:

In a sync replication, data is transferred instantly from DC to DRS meaning as and when a transaction is recorded in DC, it will be recorded simultaneously at DRS also. For sync replication, a dark fiber is required.

c)         Dark Fiber:

A dark fiber is a dedicated direct fiber optic link between two points. These are not shared, and routers are not connected at two ends of the fiber cable (as such TCP/IP protocol is not used for communication).

                       

2.2.      Data Center (DC)

A data center is a facility used to house computer systems and associated components, such as telecommunications and storage systems. It generally includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and security devices.

There are 4 types of data center. The simplest is a Tier 1 data center, which is basically a server room, following basic guidelines for the installation of computer systems. The most stringent level is a Tier 4 data center, which is designed to host mission critical computer systems, with fully redundant subsystems and compartmentalized security zones controlled by biometric access controls methods. Each of the 4 levels of DC are narrated below:

Tier Level	Requirements
1	·         Single non-redundant distribution path serving the IT equipments ·         Non-redundant capacity components ·         Basic site infrastructure guaranteeing 99.671% availability
2	·         Fulfils all Tier 1 requirements ·         Redundant site infrastructure capacity components guaranteeing 99.741% availability
3	·         Fulfils all Tier 1 & Tier 2 requirements ·         Multiple independent distribution paths serving the IT equipments ·         All IT equipments must be dual-powered and fully compatible with the topology of a site's architecture ·         Concurrently maintainable site infrastructure guaranteeing 99.982% availability
4	·         Fulfils all Tier 1, Tier 2 and Tier 3 requirements ·         All cooling equipment is independently dual-powered, including chillers and Heating, Ventilating and Air Conditioning (HVAC) systems ·         Fault tolerant site infrastructure with electrical power storage and distribution facilities guaranteeing 99.995% availability

A data center can occupy one room of a building, one or more floors, or an entire building. Most of the equipment is often in the form of servers mounted in rack cabinets, which are usually placed in single rows forming corridors between them. This allows people access to the front and rear of each cabinet. Air Conditioning is used to control the temperature and humidity in the data center. The recommended temperature ranges from 16–24 °C (61–75 °F) and humidity range from 40–55% with a maximum dew point of 15°C as optimal for data center conditions.

2.3.      Disaster Recovery Site (DRS)

Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster Recover Site is a place similar to Data Center in term of infrastructure, hardware and software installed, and data stored. The DRS should have capability to become primary site automatically in case the Data Center is in disaster.

The distance between the Data Center and DRS needs trade-off between the following two issues:

i)    If long distance is chosen, there may be problem related to manageability of the DRS, availability of dark fiber and availability of required latency. Also the sync replication may not be possible.

ii)   If short distance (at least 20 km) is chosen, the disaster like earthquake, hurricane may destroy both the site.