Cross selling 5

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1

Juniper solutions for financial

market

Ha Huy Hao

Country manager, Vietnam

[email protected]

0903710317

2Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

Agenda

1. Financial Services Networks Requirements

2. Meeting the Needs with Juniper Solutions

3. Some Case Studies

4. Summary


What are the top IT solutions that Asian financial organizations want?

Gartner Dec 2005

Top 4 criteria


Some observations on the Financial industry Paradigm shift happening in Banks & finance houses

requiring new and additional investment• Tighter regulations for funds transfers, account set-up and banking

transactions

• Legislation, Regulation and Standards of banking processes (Basel II, SOX…)

• Digitization of paperwork within bank branches

• ATM (cash machine) networks proliferation & evolution

• Focus on dollars earned per customers via cross selling & multi-channel delivery

• Connect branches with efficient, cost effective yet secure connectivity

ALL the above requires new systems:To secure your systems

To assure your applications running more efficiently


Financial Services Network Architecture

Most financial services organizations adopt similar network architectures, implementing distinct network and security silos

Enterprise Internal Network• Where most employee computers reside

Secure Servers Area (SSA)• Where the most critical databases and servers reside

Access Network• Where remote employees, partners & customers access services

Internet Access Subnet• Where internal resources securely access the public Internet

Market Data Feeds• Where external news, info and trade info enters the org.


Financial Services Network Architecture

EnterpriseInternalNetwork

MarketData Feeds

AccessNetwork

InternetAccessSubnet

Secure Server Area

Customers & Partners

Exchanges & Sources

• Within each silo, there are typically independent security and routing functions as well as full redundancy

• Each silo is duplicated for each of the geographies in which the firm operates, or at each major data center

• enables the financial services enterprise to divide and conquer the massive challenges of securing data and maintaining high availability

ATM machines


Juniper Networks Product Portfolio

M-series T-series

Large Core Metro Aggr’n

E-series

BRAS & Circuit Aggregation

Small/Med Core Circuit Aggregation

Policy & Service Control

NMC-RXJUNOScope

Secure Access SSL VPN

Applications

Acceleration

Integrated Firewall / IPSec

VPN

Intrusion Prevention

J-Series Edge

Routers

Session Border

Gateway

VF-series


Agenda




4. Summary


To secure & assure financial networks really means:

1. Containment – prevent proliferation of attacks

2. Compartmentalization– prevent unauthorized access to systems

3. Continuity – ensure seamless operation even under attack or equipment failure

4. Recovery - enable rapid recovery from attack or malicious insider activity

5. Performance – network performance should not be reduced by security measures


Secure ServerArea

InternetAccess Subnet

EnterpriseInternal Network

Mortgage

BrokersEquity

Traders

= Malicious User

Human

Resource

s

Retail Banking

Enterprise Internal Network

Segmentation VLAN MPLS VPN VPLS


MarketData Feeds

AccessNetwork


Secure Server Area


Purpose-Built security appliance

Foundation for rock solid security solution • Purpose-built appliance with security specific processing

• Controlled by security specific, real-time operating system

• Includes a set of robust security applications

• Networking roots to facilitate integration

Advantages Eliminates OS hardening

Facilitates network integration

Ensures application interoperability

Simplifies management

Matches or exceeds performance requirements

RISCCPU

ASIC Interfaces

Security -Specific, Real -Time OS

•Dynamic Routing

• Virtualization

•High Availability

•Centralized Management

Integrated Security Applications

• VPN

•Denial of Service

• Firewall

•Traffic management

Purpose -Built Hardware Platform

Security specificProcessing RAM Interfaces

Security–Specific, Real-Time OSDynamic Routing Virtualization

High AvailabilityCentralized Management

Integrated Security Applications

Denial of Service

VPN FirewallTraffic management

Purpose -Built Hardware Platform

IDP


MPLS VPN AMPLS VPN BPhysical connection

Redundant MPLS Paths (LSPs) for Fast Re-route –

Improve Network Resiliency

Backbone Router

BranchRouter

MPLS VPN transparently segment network

infrastructure into virtual networks

Converged network with Classes-of-Service

supporting many different applications

MPLS VPN Securely “Compartmentalize” Network Infrastructure


J2300

J6300

J4300

Leveraging modular JUNOS andhigh performance standard processors

M7i

M10i

Leveraging modular JUNOS andpurpose built ASICs

Juniper’s Enterprise RoutersService Provider Equipment Quality for the Enterprise

Remote, branch, and regional officeHead office, backbone, data center

J-series RoutersJ-series RoutersM-series RoutersM-series Routers

Full support of advanced networking features including MPLS, IPv6, QoS, etc on J-series as well as M/T series.


ControlForward

Services?

1990’s Router Architecture

Monolithic Design

Router Architecture for NG Network Infrastructure

Secure & Reliable Realize predictable QoS Support full MPLS features Service without

performance compromise

… enables high security, uptime, performance, services support

Next Generation Router Design for Mission Critical Applications

Shared processing cycles Shared memory address

space or all processes Performance & service trade-

off Unpredictable QoS

performance

… jeopardizes security, uptime, performance, services

ControlEngine

ForwardingEngine

ServicesEngine

Prot

ocol

s

Inte

rfac

e M

gmt

Chas

sis

Mgm

t

SN

MP

Ser

vice

s


Prot

ocol

s

Inte

rfac

e M

gmt

Chas

sis

Mgm

t

SNM

P

Serv

ices

high Uptime Modular design,

processes each run on protected memory

Clean interface between processes

Minor problems do not lead to system crashes

Next Gen CLI prevents operator error

strong Security Guaranteed resources

per function

Clean separation of functions

Full router control while under attack

ControlEngine

ForwardingEngine

ServicesEngine

reduced Operations cost One software train

facilitates easy maintenance and s/w stability

Structured quarterly release process

Features shared across all platforms

One Train!One

Train!

6.46.4 7.07.0 7.17.1

predictable Performance Predictable

performance even under load

Comprehensive QOS functions to classify, prioritize and schedule traffic

% o

f Li

ne R

ate

Complexity of Packet Processing

Addition of Addition of new service new service featuresfeatures

JuniperJuniper

Traditional Traditional RouterRouter

Juniper Routers Benefits


MarketData Feeds

Secure Server Area


AccessNetwork

To RemoteBackup Site

Secure Server Area


MarketData Feeds

AccessNetwork


Secure Server Area


Secure Server Area Requirement

Houses firm’s most critical systems and data

Challenging requirements:• High Throughput & Support Large # Connections

– Since so many users are accessing the SSA at any point in time

• Low Latency & Predictable QoS

– Routers, firewalls, IPS, web servers, app servers may affect overall end-user performance experience

• High Availability

– Since so much critical info is centrally located in the SSA, just a few moments of downtime could result in significant loss

• Highly Security up to Application Layer

– Systems contained in SSA must be most secured and resilient to attack since so many operations rely on these systems


Integrated Security Gateway (ISG) 2000ideal platform for securing SSA

Predictable Performance Next-Generation Security ASIC (GigaScreen³)

• 2 Gbps Stateful Firewall - any packet size• 1 Gbps 3DES & AES IPSec VPN - any packet size• 1 Gbps+ IDP

Integration• Security applications – FW + Deep Inspection + VPN + IDP

Scalability• New flexible architecture designed to accommodate future

performance, capacity and functionality needs• Up to 28 ports, up to 500 VLANs

Attack Protection• Network attack protection, including DoS attacks • Deep Inspection to protect against attacks in Internet-facing

protocols• Modular IDP blade

Best-of Breed Security in a Single PlatformBest-of Breed Security in a Single Platform


Juniper DX Application Front End

Unique Benefits• Accelerate user downloads up to 70%• Increase Web/App server capacity up

to 10X• Decrease bandwidth usage up to 70%

Accelerates Applications• Siebel, SAP, Lotus, Oracle, etc.• Custom web applications and Portals• SLB replacement for legacy apps,

mail, DNS, etc.

Deployment• Replace or complement existing SLB

(customer does not have to throw it away)

• No server or application changes• No changes to client or applications


EnterpriseInternal Network

Dual Homed Internet Connection

Dedicated Links to Customers, Partners and Branches

Connects with Customers, Partners and Branches

Aggregation of WiFi Access Points within Premises

Access Network

Access Network


MarketData Feeds

AccessNetwork


Secure Server Area

ATM machines


Next generation ATM machines & networks ATM machines are proliferating in APAC

Transformation of ATM machines and networks are happening

• Terminals: From Dump ATM terminals to multi-media Windows based ATM terminals

• Networks: From slow and expensive leased line/X.25/FR to mosre cost effective high speed broadband

• Protocols: From SNA to IP (VPN or managed IP)

• Applications: From just cash dispenser to value-added services (eg. VoIP/ videoconference with bank agent, digitization of cheque deposit…)

Juniper solutions: 5GT @every ATM machine; NS FW/VPN appliance @ hub site for high performance FW/VPN aggregation

IP

Hub site

Windows-based ATMs @ branches

IP over IPsec VPN over BB


IPSec VPN and SSL VPN – Juniper provides marketing leading solutions for both

Remote OfficeBranch Office

Fixed telecommuters

Business

PartnersHQ

MobileUsers

Department Servers DMZ-1

Finance

HR

Sales

Managed, TrustedRemote Network Security

IP to IP controlControl Requirement

Network AccessAccess Requirement

IPSec VPNVPN Type

FixedType of Connection

Remote, Branch Office

TelecommuterApplication Type

UnManaged, UnTrustedRemote Network Security

User to Application controlControl Requirement

Per Application Access Access Requirement

SSL VPNVPN Type

Mobile or FixedType of Connection

Mobile User

Partner ExtranetApplication Type


Extranet Deployment – connecting your partners (eg. Broker firm, agencies….)

Traditional Extranet SSL VPN-Based Extranet

Extensive Deployment Requirements: Duplication & Migration of Servers into DMZ Harden OS/Server Farms & Ongoing Patch Maintenance Maintenance of public facing infrastructure AAA limitation to only those integrated resources Custom API development for non-Web content

Fast and Secure Deployment: Keep all Servers where they are Secure Gateway is harden, intermediates all request Multiple Hostnames & Customizable UI Rich AAA control of network resources

Dynamic Authentication Policies Expressive Role Definition & Mapping Rules Web Single Sign-On & Password Mgmt

Integration Support Web, File and Client/Server content

applications


Secure ServerArea

Market Data Feeds

Dedicated Links Markets and Feeds

Tunnels to News Feeds

Intrusion Detection

ESP

Market Data Feeds


MarketData Feeds

AccessNetwork


Secure Server Area


Market Data Feeds Requirement

Unique to financial services industry the need for Market Data Feeds network

Need to security aggregate streaming data feeds which carry latency sensitive real-time market data for a multitude of sources• Streaming, real-time ticker data streams, business-wire news, other

perishable data

• Require low latency and linear throughput; large portion of data could arrive in small packets

• May employ anti-spoofing and DDoS prevention via M/J series and NS FW/VPN

• IDP in detection mode may be needed to detect protocol anomalies


Agenda

1. Who is Juniper Networks?




5. Summary


Security (Firewall + IDP) deployment in stock exchange

Challenges

Solution

Benefits

the SET launched a new corporate bond exchange service in 03, has plans to introduce a new derivatives market in 05. The growth is driving the need to protect its network from ever-increasing hackers, viruses and other potential threats.

Juniper Networks’ ASIC based, deep inspection firewalls and IDP systems to protect its server array and other mission-critical assets – defending against hacking threats, while continuously monitoring the network for viruses and other anomalies.

• Fully-Integrated end-to-end protection• High-strength, synergistic protection

measures• High reliability and performance• Extensive functionality• Best value for money

Since 1975, the Stock Exchange of Thaland (Set) has been the investment center of Thailand’s captial markets. It handles an avg daily turnover of $490M, and provides a comprehensive range of products, services & trading infrasture to


Global Firewall/VPN DeploymentProblem

Solution

Results

Lack of security on its new global IP data network infrastructure and IP-based messaging platform

NetScreen-5200 (12) NetScreen-5XP and 5GT (12,000) deployed in

remote sites NSM to secure its new global IP data network

and IP-based messaging platform, SWIFTNet

Deployment has been running successfully at 100% capacity since June 2003

Reliable security and flexible networking functionality

Uniform GUI across the product line, simplicity deployment for SWIFT and its’ members saving operational cost for both parties

SWIFT has deployed 12,000+ Juniper NetScreen appliances . In the coming years, SWIFT is planning to deploy more – which is expected to represent one of the world’s largest VPN deployments.

SWIFT

Customer Reference : http://www.juniper.net/company/presscenter/pr/2004/nspr_200404056_546.html


Next generation of Automated Teller Machine (ATM) network deployment

Major Bank in TaiwanMajor Bank in Taiwan

Requirements

Results Lower cost of managing the bank’s ATMs Improved its transaction capacity at its 120

branch ATMs Assured mission critical networks by using

HA

Changing their leased-line network to Broadband to lower cost

ATM network has to be totally separated from the branch office network

Solution 2x NS500 in HQ dedicated to handle

ATM IPSec VPN 120x 5GT distributed to 120 ATM sites

for IPSec VPN connection

… 150 branch ATMs

Active/Passive HA

IPIP over IPsec VPN over BB

Central Hub site


Firewall/VPN Deployment in Australia

Challenge

Solution

Results

Maintaining 18 software-based firewalls is expensive

Protect digital assets while providing services to customers connected via the internet

NetScreen-5200 (4)

Reduced total cost of ownership Increased network performance Reduced equipment footprint Reduced complexity in reducing 18 machines

to 4 makes for much easier and flexible ongoing administration and scalability

"By consolidating our security infrastructure with Juniper

Networks NetScreen products, we enjoyed immediate

savings in maintenance costs and equipment footprint,"

Michael McCutcheonSenior manager

Infrastructure and Architecture PlanningSt. George Bank

St. George Bank

Press Release: http://www.juniper.net/company/presscenter/pr/2004/pr-040722.html


SSL VPN Remote Access Deployment- a global bank with HQ in Europe

Challenge

Solution

Results

“Juniper IVE makes it easy to grant secure access to

employees around the world in a way that makes fiscal

sense, while building upon our existing infrastructure and

adding another layer of protection for our clients’

financial information.”

Director of Remote/Mobile Computing

This bank needed a way to keep their employees connected WW

Solutions must require no network changes

Secure Access series Stringent security penetration tests were

done to ensure appliance has strong security

A cost-effective, highly scalable remote access solutions

Keep employees connected at all times, from all locations, which is crucial in banking industry


SSL VPN Extranet Deployment

Challenge

Solution

Results

“With Juniper, we havea cost-effective, scalable

partnerextranet solution to give thirdparties access to important information and applications

at alltimes from any location.”

– David LaBiancaVice President,

Information Security & Privacy

Securely share information with partners to increase operational efficiency

Secure Access series

Bank partners can easily log on to the partner extranet from anywhere they have an Internet Connection

Receive Access to only the files, applications, and information that it deems appropriate so that confidential info cannot be infiltrated

“We see value in extending the IVE deployment to internal users for numerous other applications”


Router/MPLS Deployment

OMHEX – Largest Securities market in Northern Europe

Hosts, operates and maintains 1,000s of servers responsible for 38,000 trading hours

Major operation centers in London, New York, Sydney, and Stockholm

MPLS

Stockholm Helsinki

LondonFull mesh tunnels for 9 data centers and

6 hub sites in 9 countries

Requirements

Solution Deploy M-series routers, migrate

backbone network to IP/MPLS MPLS Fast Reroute – multicast

applications no longer affected by link errors

Maps multicast trading info to CCC tunnels and provide QoS

JUNOS operating system and rich reliability features provides high network availability

Highly reliable network backbone Migrate from ATM to IP/MPLS Predictable QoS performance Support high performance and reliable

multicast applications”

Sydney


Agenda

1. Who is Juniper Networks?




5. Summary


Summary

• The financial vertical is going thru a lot of changes:

• to comply with new regulations• to provide more services per

customers to increase revenue• To drive more app. efficiency

• “Status Quo” solutions are not enough to satisfy the need of FSI today

• Juniper’s value propositions match well with what the finance customers want

Secure & Assure Your finance networks

Documents

Cross selling 5