For the financial services industry, maintaining always-available access, control and security of the distributed network is of the utmost importance. For IT, just monitoring the myriad distributed devices and systems spanning branch offices located across states or countries can be overwhelming if not impossible to do successfully, especially when factoring in the business impact of an IT outage, security breach, or service-level failure. Regardless of geographic location or time of day, operational IT staffs are expected to ensure branch office networks are always available and performing well.
In response, some financial services IT departments with high availability requirements and limited staff at distributed locations are turning toward a new remote management approach. This next-generation approach can act intelligently as an IT administrator’s eyes, ears, and hands—performing routine maintenance and problem resolution to ensure the network and system devices consistently stay up and running.
Financial institutions can now address remote management challenges by invoking an on-site appliance-based architecture that integrates three related remote management functions: access, control and enforcement.
Working together, these functions displace on-site visits with secure remote management (SRM) and can be trusted and relied upon to execute monitoring, maintenance, and remediation any time of the day.
Secure remote management, compared with traditional network and systems management tools that rely on the network and remain labor-intensive, automates routine IT management tasks and ensures constant security in a faster, more consistent manner and at a lower cost. Secure remote management overcomes the risk of traditional network management protocols by utilizing the strongest security, encryption and authentication standards available today. By practicing this type of management approach, IT departments can dramatically reduce the risk associated with network vulnerability. Concerns that the network can be hacked from the outside or tampered with by employees or third party contractors are assuaged.
Nearly as important as security for the banking industry are the issues of automation and control of routine maintenance, configuration and recovery tasks. According to Nemertes Research, IT staff at large enterprises spend between 30 and 50 percent of their time troubleshooting and fixing network problems at remote locations. For a financial institution with hundreds or thousands of widely distributed bank branches, sending IT staff to fix problems can stretch limited resources to the breaking point. Throw in delays in reaching these branch locations and more production time is lost, a costly situation. With secure remote management automating routine IT management tasks, banks can reduce their remote IT support costs by an impressive 25 to 50 percent.
Because SRM appliances are deployed at remote locations, they can locally manage a wide variety of networking gear, including switches and routers, intelligent racks, and power and environmental control systems. To ensure the SRM appliances can communicate during a network outage, a secure and reliable alternative communication path is designed into the architecture. Through this direct connection to the console (serial) ports of the remote devices, the appliance can query the connected devices every few seconds, storing the data locally. Since the data is stored locally and doesn’t need to be transmitted on a regular basis, there isn’t a cost penalty for sampling frequently. Detailed event logs are available on an as-needed basis to help with problem resolution.
For an SRM appliance that polls console ports at a remote location, the amount of data to indicate a problem can usually be gathered in 30 seconds or less. Once the data has been gathered, a policy engine inside the appliance determines if a parameter is in or out of specification, and either resolves the incident based on pre-approved guidelines, or communicates the problem back to the network management center.
Once a problem signature is recognized the SRM appliance can take steps to automatically resolve the incident and restore the service. In addition to restoring network connectivity, the logged and stored management data enable IT and service providers to determine the root cause of the reboot so it can be avoided in the future or established as a routine device issue that the SRM appliance is authorized to address automatically.
Unexpected downtime is always a possibility during software upgrades of network hardware. In some cases, the devices fail to boot after a new software load, thereby requiring a reliable and secure way to backtrack. In these cases, the SRM appliance needs to be able to restore the last-known-good-configuration automatically. The local control logs can then be examined once the network has been restored to understand what caused the network aberration.
Management actions and associated logging data exchanged between the NOC and the remote sites should be safeguarded. Designing a remote management platform with a robust AAA (authentication, authorization, and audit) security model, combined with the physical properties of a specific purpose appliance, ensures the protection of the systems and network devices and the network itself. This way, all actions are logged and stored locally, giving visibility to all management actions to these devices.
As financial institutions continue to expand to meet customer demand, the need for local automation and control becomes critical. By automating routine maintenance tasks, always enforcing security and policy management, and lowering IT support costs by eliminating the need for on-site technician visits to fix problems, financial service institutions are able to improve business processes and free resources allowing IT to focus more on strategic initiatives.
Barry Cox is the CTO at Uplogix. (c) 2008 Bank Technology News and SourceMedia, Inc. All Rights Reserved. http://www.banktechnews.com http://www.sourcemedia.com
