Transcript Mm Document

Huawei Financial Agile Network
Solution Success Cases
A Better Way
An Agile Network Architecture to Provide All-round Financial Services
ABC (two-in-one network, simpler architecture)
Bank of China (production, office, and
Internet access businesses on one network)
Everbright Bank (297 million
transactions/day, zero security issues)
EastWest Bank (1-to-N firewall
virtualization, non-blocking data access)
CCB (user and department
based agile access control)
People's Bank of China
(admission control + tight
coupling of mobile devices)
Converged
Secure
Efficient
Agile
Converged Network: a Two-in-One Network to Support ABC's
Development in Next 5 Years
 The current IP network has been running for 7 years and needs
reconstruction before a new core business system can be deployed.
 Separate production and office networks require double O&M
workload, and network expansion results in reinvestment.
 Consolidate duplicate functional areas in the production and office
networks to reduce the 13 network areas to 6.
 Use a "multi-city-multi-center" architecture to provide non-stop
service.
 One network covers 3 data centers, 5 business centers, and over
20,000 banking outlets, ensuring business transactions and office
work of hundreds of thousand staff.
 Two networks converge into one, reducing O&M cost by 50% and

avoiding reinvestment.
400G routing platform, 64T switching capacity, and good scalability can
keep pace with the bank's development in the next 5 years.
Agile Network: Centralized Control, Dynamic Scheduling, Supporting
CCB's New Terminal Security Management System
 The bank has no unified admission control policies. Any terminals can

connect to the bank's internal network.
Different terminal security software programs cannot be installed and
maintained uniformly. A unified terminal security management system
is required to simplify O&M.
 Agile Controller: integrates network admission control, service access,

experience guarantee, and terminal security, and dynamically
schedules all network resources and security policies.
NGFW works with Agile Controller to control network access rights
based on departments and users.
 Ensure secure access of 400,000 terminals in 35 branches as well as


R&D centers and data centers.
Use natural language instead of complex command configuration to
simplify configuration, saving 50% of maintenance work load.
Combine desktop security with network admission control to reduce
internal information security risks to zero.
Efficient Network: Use Virtualization Technology to Build an Elastic
Data Center for EastWest Bank
 As Philippines' fastest growing bank, EastWest Bank wants to build a
new data center with high extensibility and good compatibility, which
can work with the old data center in redundancy mode.
 As the core business system is virtualized, the customer wants an
elastic architecture for the new data center.
 Apply different security policies to different domains and areas.
 Core switches in the service domain use CSS technology to set up
a cluster.
 Deploy CE6800 data center switches, S series switches, and
USG5500 series firewalls on the network.
 Upgrade the data center network to satisfy the customer's
requirements for high bandwidth and low latency.
 Use virtual firewalls to eliminate bottleneck in data transmission.
Secure Network: Anti-DDoS Solution to Safeguard Fast Growing
Online Transactions of China Everbright Bank
 297 million transactions a day: night market, online banking,
payment guarantee.
 The bank has the best network devices and application architecture,

but still suffers severe packet loss.
The HQ information system requires level-3 information security.
 Separate detection system from control system and deploy a

bypass traffic cleaning center, without changing network topology.
Deliver a protection system capable of defense against 100+ types
of DDoS attacks and L2-L7 attack detection.
 Safeguard 297 million online transactions a day, with zero security


issues caused by DDoS attacks.
Significantly increase online transaction speed while conserving
egress bandwidth.
Strengthen data center protection system, enabling the HQ
information system to pass Level-3 security assessment.
Openness, Cooperation, Innovation, Win-Win
A BETTER WAY