It's been six years since Cabletron Systems left the network switching/router business to the Ciscos of the world. Another dot.com-era telecom equipment maker, Bay Networks, became part of the Nortel family during the Clinton Administration.
The equipment these long-gone companies sold years ago probably belongs in a museum, but some of it is still chugging along in today's banking networks. Support is scarce, if non-existent, as IT managers struggle to track and update the crucial configurations that govern use, capabilities and security. And that's only if the administrators know what they have. Many are vexed by mystery legacy equipment inherited from a merger or after a departing network expert takes the configuration knowledge with him.
Increasingly complex security and compliance needs-as well as business trends, such as VoIP adoption-are making this an untenable arrangement for banks, and driving interest in automated configuration solutions to handle the hundreds, perhaps thousands, of network devices.
"To say networks in the banking industry have gone through radical transformation is not saying enough," says Glen Tindal, CTO of network device management firm Intelliden. "There are myriad security weaknesses, while at the same time a desire for going online with everything. It's been a tremendous growth on the infrastructure demands of banks."
Earlier this year, network device management firm Voyence released a survey it commissioned from attendees at the Pink Elephant IT Service Management Conference that showed 90 percent of IT managers admitted they couldn't document compliance across their entire network. Nearly all (98 percent) were not sure if network devices were configured securely, and 93 percent said they couldn't prove it to a CIO who might be on the hook for SOX compliance standards. Four in five administrators still track network configurations on manual spreadsheets.
"[Clients] literally do not know the network devices they currently have," says Darren Orzechowski, Voyence marketing vp.
No such network crises drove NovaStar Financial, a Kansas City-based wholesale mortgage banker, into a network configuration investment. But CIO Lynn Ryan was still concerned about maintaining a consistent upgrade path to avoid these types of snafus.
NovaStar has a fast-growing network that now covers four regional centers as well as headquarters operations. Ryan needed to establish both configuration management and auditable management monitoring in the bank's network for more than 200 network devices, plus to weed out the human error involved in manual changes. "It became very labor intensive for someone going in and working on multiple, small database-structure repositories," Ryan says. "The time it takes to push out to 200 devices, even if its five minutes per device, becomes somewhat of a burden in cost, and you're also at risk of introducing errors."
With automatic configuration and tracking, Ryan says, the system provides backup for disaster recovery purposes and easier swap-out of new hardware by mapping incompatibility with existing services and devices.
According to research from technology management research firm Enterprise Management Associates (EMA) in Boulder, CO, 60 percent of network failures are due to misconfigured devices. "It's pretty easy to make the case...that you need to be able to have accurate real-time inventory," says Jeffrey Cotroupe, an EMA consultant. "It's bad if a link goes down to an ATM somewhere out in the country, but it's really bad if it's a link to the Federal Reserve."
Intelliden's Tindal points out the complexity inherent in device management. A Cisco router governed by 5,000 lines of code is not even considered an extremely large configuration. "Understand what needs to be configured on a device, then understand the syntax, and then define policies that have to be consistent across a large array of devices-say, 20,000," says Tindal. "That makes a large challenge."
According to reports from Gartner, interest in the network configuration space has expanded in recent years due to the growing popularity of multi-tiered application architectures and the "vast increase in change frequency" of new releases, patches, etc. That's drawn banks to companies like Intelliden and Voyence, according to Cotroupe, with Gartner pointing to firms like Opsware and Alterpoint making cross-industry inroads. The estimated $1 billion space has, according to Dell'Oro Research, an estimated annual growth rate of 16 percent.
Like NovaStar, fast growth was also a factor for Voyence client Allianz Life, a U.S. subsidiary of German financial services and insurance giant Allianz AG, according to Matt Nowak, capability manager for network and media services of Allianz Life.
Compliance is "80 percent" of his network device management needs, and is aided by the use of managed template device configurations from Voyence. A specific router or switch will be updated based on like configuration mapped to similar devices in mirroring setups. The automation sequences of changes also impact the templates by providing legroom for exceptions-such as when video-on-demand or live presentations security settings have to be mapped for switches and routers.
Even for test plans for quarterly management reviews, "I have to have that documented," Nowak says. Setting up templates to match testing documentation means "my audit now goes from taking 1.5 to 2 hours plus the prep time for it, down to literally running a report."
