Tag: WAN

14 Jun 2017
Stay Ahead of the Curve! Windows 10 Updates Your Institution Needs to Know

Stay Ahead of the Curve! Windows 10 Updates Your Institution Needs to Know

Stay Ahead of the Curve! Windows 10 Updates Your Institution Needs to Know

Many financial institutions have just recently converted to Windows® 10, the latest operating system from Microsoft™ that was released July 29, 2015. Unlike previous versions of Windows, Windows 10 receives ongoing updates from Microsoft through a staggered update process that involves build numbers (Branch Releases) and regular build update (Branch Release) intervals to sustain the security of its signature product. These updates increase the build number and should be treated as a new operating system install, meaning that, as the build numbers increase, Microsoft will stop supporting older build numbers of Windows 10. To put this in context, the initial Windows 10 Release Build Number was 1507 and Microsoft is now releasing build 1703.

Knowing key dates in a product’s lifecycle helps organizations make informed decisions about when to upgrade or make other changes to software. Microsoft ended support in May 2017 for build number 1507, which means it no longer provides automatic fixes, updates, or online technical assistance for this version. Without Microsoft support, financial institutions will no longer receive important security updates that can help protect PCs from harmful viruses, spyware, and other malicious software that can steal information and infect networks. Because of this, we recommend systems be upgraded before they reach their end of life whenever possible.

To better understand the Microsoft upgrade schedule, here is a chart from Juriba that outlines the Windows 10 Branching Release Updates and End of Life Support Timeline:

Windows 10 Timeline

Technical Issues with New Releases


While a steady stream of build releases are great for resolving major issues and do provide a continuous flow of new features, the problem is that they pose a huge burden for in-house system administrators and IT professionals. These individuals are left deploying an often-insurmountable series of new builds and updates to machines both locally and remotely. While the updates are designed to increase security and address bugs in the system, they can be quite large and cumbersome to install. These large downloads have resulted in hung downloads, hung installations, download delays, and more. Microsoft addressed this issue by releasing the Universal Update Platform (UUP), designed to reduce download size for build updates. Recently, however, the ability to capture the UUP download files and convert them into an ISO was not working correctly. There is also the risk of data loss as some applications have proven to have compatibility challenges. Certain updates have also proven to kick machines off the domain and network servers and cancel out anti-virus and malware programs.

Staggered Update Plan

To help alleviate these issues and make the update process more seamless, we recommend implementing a staggered update plan. This approach helps reduce risk and minimize negative effects on productivity by not affecting an entire department or service. For example, implement the update on one or two teller machines, leaving a few untouched as to not affect the entire teller operation. This approach also gives you time to make improvements as needed and test for security issues while enabling the financial institution to operate its teller department.

Enlisting a Trusted Advisor

It is best for financial institutions to keep up with the latest technology, especially when it comes to keeping systems protected from malware and viruses that could lead to the equivalent of a virtual, modern day heist. As a trusted advisor exclusively serving financial institutions, Safe Systems is available to help along every step of the way. We have worked with more than 600 financial institutions and monitor more than 20,000 devices, and we understand the many considerations that go into providing secure, reliable IT. Safe Systems’ experts work directly with your team to better understand and tailor a solution specific to your needs. Please reach out to Safe Systems if you need assistance with your Windows 10 upgrade.




Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



Take the guesswork out of WAN communications by attending our webinar on Thursday, June 15th

Webinar:
Designing Your Credit Union’s WAN for
Network Availability and Business Continuity

Thursday, June 15th, 2–3 pm EST

Register Now

07 Jun 2017
5 Questions Credit Unions Need to Answer about WAN

5 Questions Credit Unions Need to Answer about WAN

5 Questions Credit Unions Need to Answer about WAN

From offering your members the service options they are looking for, to keeping up with regulatory demands, to ensuring day-to-day operations in a reliable and efficient manner, today’s credit union is asked to understand more about technology than ever before.

One area of technology that presents its own significant set of challenges is telecommunications. The telecom industry can be difficult to master for several reasons: First, despite the fact that it’s comprised of newer technology, it remains an “old school” industry with legacy players like AT&T and Verizon leveraging old fashioned, relationship selling vs. arming consumers with information and allowing them to select the best product for them.

Another reason is the pace with which the industry changes. From mergers and acquisitions, to technology advances and proliferation, one has to be plugged into the telecom industry on a full-time basis to really understand all of the available options. The result is that all of this churn and lack of visibility makes it difficult to design a telecommunications plan to serve and grow with your credit union’s technology needs. But where to start? Below are five questions to help guide you when building out your telecom plan:

  1. What Are Your Credit Union’s Technological Needs Beyond Simple Bandwidth?
  2. While bandwidth is the obvious factor that has always been considered, there’s more to think about than how fast your data moves when working to provide the best experience possible. Making sure you are built to withstand carrier outages, physical connection issues, and remote user connectivity (in addition to any unique needs that may be required by your service offerings) are all key considerations for your credit union to undertake.

  3. What Are The Current Offerings in Your Area?
  4. The pace with which technology is advancing and infrastructure is being installed requires you to evaluate all vendors in your immediate area to ensure you are making the best decision for your institution. It is wise to give the smaller telecom carriers consideration too as they can often offer a more competitive rate for the very same infrastructure that the larger providers are trying to sell you. Culturally, another reason to consider these smaller providers is the very same reason that a consumer should consider your credit union versus a mega-institution. This doesn’t imply you should move forward without doing your research into all providers, large and small, but don’t write any off immediately as you may risk giving up real value.

  5. How Can Your Institution Reduce Risk?
  6. As you develop your telecom plan, make sure that you are incorporating multiple technology platforms and providers into it. By varying your technologies and leveraging multiple providers, you effectively guard against outages of carriers and infrastructure. You may even wish to consider having the various connectivity points run to different ends of your locations to further guard against instances of digging crews taking your connectivity down all at once. Additionally, be sure to evaluate connectivity to each location from a business continuity standpoint, and be sure to consider broadband options in this process as they can provide some of the greatest value on the market today.

  7. What Technologies Should Be Insourced vs. Outsourced?
  8. Bandwidth can be expensive, especially if you are in a rural location without the benefit of multiple competitors for your business. Depending on your needs and your options, it may make more sense to employ internal technologies such as WAN acceleration instead of paying the price to add more bandwidth, a recurring cost that you will assume monthly. Other items to consider include use of a firewall and dual factor authentication to allow ease of access for remote users within a secure environment.

  9. Should Your Credit Union Monitor and Manage Equipment Internally Or Outsource?
  10. Both your communication equipment (i.e., routers and managed switches) and your security equipment (i.e., firewall) should be monitored 24/7 and managed in order to receive updates and ensure configuration changes are made properly. Additionally, you should consider whether this is a task that is best handled by internal personnel or outsourced to a managed service provider with established processes.

If you are looking to design a telecommunications plan for your credit union, Safe Systems has seasoned WAN and telecom engineers that will guide you throughout the process of choosing WAN carriers and the proper equipment to best fit your institution’s unique needs. There are a lot of choices, and we can ensure you get the right solution for your current and future technology requirements.

22 Nov 2016

What Drives WAN Carrier Choice for Banks? Location, Location, Location!

Community banks utilize their WAN’s to transmit data to and from their branches and carry out daily functions in many areas. If you are a bank IT or operations manager, there is no more single important factor to WAN carrier choice than your bank’s physical addresses. Where your banks are located will dictate which carriers can serve your bank’s WAN needs.

When carriers have to go outside the footprint of their own network, they have to pay other carriers to get the circuit to the off-net sites (where they don’t own the underlying circuit). Using an underlying carrier to get to an off-net site is commonly referred to as Type II access. In scenarios where a carrier has to use Type II access, not only does the chosen carrier make a profit margin on the circuit, but the underlying carrier makes their profit margins as well – driving up costs for the institution.

Most banks have multiple physical locations, so the trick is to select a carrier once you understand all the available carrier options within your bank’s geography. Here are a few options to consider when choosing your bank’s network carrier:

Incumbent Local Exchange Carriers (ILECs)

ILECs are a definite consideration when choosing the best carrier for your bank. ILECs have the most extensive and established networks and own the vast majority of the outside physical plant (i.e., copper, fiber, etc.) within their territories.

The ILECs are essentially the remnants of RBOCs (Regional Bell Operating Companies), and enjoy a large portion of market share within their respective territories. Examples of ILECs include AT&T, Verizon, and CenturyLink.

ILEC Territory Example: Florida

See below for a map of the ILEC territories in the state of Florida:

Florida Map

Image from Geo Results

The various ILECs in Florida have territories that are not contiguous and are separated at times by great distances. These territories are also in a constant state of flux due to merger and acquisition. For example, Frontier recently purchased assets from Verizon in the Tampa and surrounding area.)

Tip: ILECs compete well when the vast majority of your bank’s locations fall within their respective territories.

CLECs Should Be Considered As Well

Banks should also consider carriers other than ILECs that essentially offer the same services (MPLS, Internet access, etc.). Competitive Local Exchange Carriers (CLECs) compete with ILECs and often have better re-seller arrangements. CLECs are typically not as expensive when they have to use Type II access for your banks that fall outside their territories. Birch, Airespring, and Level 3 would all be examples of a CLEC.

Tip: There are many scenarios when a bank’s geography does not fit nicely with an ILEC’s footprint. There are definitely scenarios where CLECs are a better consideration for your bank’s network.



blueharbor bank Case Study



Read how blueharbor bank deployed their new WAN

blueharbor bank needed to improve their internet bandwidth and phone line capacity while minimizing network downtime to better connect all its branches.



View Case Study


Tip of the Iceberg – Even More Choices

Community Banks should also consider cable companies like Charter and Comcast. In some scenarios, they can provide an extremely cost-effective solution. There are also power company network providers and even small independent carriers.

Engineering Best Practice

Understanding carrier options that are presented by your bank’s physical locations is essential in maintaining a cost-effective solution. Carrier territories are in a constant state of flux, and banks need to fully understand their options to make a sound decision. Let Safe Systems help you with all the research, because when multiple carriers compete to be your bank’s network provider, you win.

Don’t Go It Alone!

IT budgets are shrinking, and IT staff is focused on other priority projects. Safe Systems has seasoned WAN and telecom engineers that will guide you throughout the process of choosing WAN carriers that best suit your bank’s unique needs. There are many choices and we can ensure you get the right solution for your bank’s unique technology needs. Explore WAN Communications services now.



7 Reasons Why Small Community Banks Should Outsource IT Network Management



7 Reasons Why Small Community Banks Should Outsource IT Network Management

This is a free white paper that addresses key issues smaller financial institutions face when managing their networks and the benefits of outsourcing these tasks to a provider who offers IT network management solutions exclusively tailored for community banks.


7 Reasons Why Small Community Banks Should Outsource IT Network Management

13 Apr 2016

Today’s Bank WAN: How to Cost-Effectively and Efficiently Connect Branches

Today’s bank IT network and operations managers are increasingly focused on their WAN communication infrastructure. Banks with multiple branches continue to struggle with efficient and cost effective methods for electronically moving and sharing data between each location. With this function becoming a necessary tool in performing day-to-day operations, bankers are focused on improving their understanding of network options and how to enhance network performance to ensure a positive experience.

Banking applications are becoming more robust and data hungry, resulting in the need for increased speed and reliability when transferring data through the WAN. Many banks today are in an either/or scenario when evaluating options to improve their WAN performance. They are forced into implementing a private circuit (T-1) architecture that offers reliability at a high cost. This makes T-1 infrastructure an ideal option for the primary connection but an expensive and often impractical solution for redundancy.


 
Register for WAN Webinar

 

The alternative is to utilize broadband Internet solutions which offers faster data communication speeds at a lower cost, but can also suffer from frequent outages, lack of visibility, oversubscription and non-existent or weak SLAs. Additionally, passing data over an insecure medium such as the Internet requires an overlaying secure communication element such as a VPN that must be setup and maintained by internal staff. These challenges have been enough for most financial institutions to avoid using broadband for their primary connectivity option.

Banks require a solution that provides the flexibility to securely connect users and branches via a reliable, cost-effective method. Implementing a virtual overlay, or WAN fabric in data centers and branch offices, unifies the network by deploying a hybrid WAN using multiple types of network connectivity, including MPLS, cable, DSL and LTE. This WAN optimization solution aggregates constantly changing information about the traffic on the Internet and then uses this information to route traffic and data over the optimal secure path. This provides your bank with a means to monitor and control network connectivity while ensuring consistent performance in a cost-effective manner.

This new approach to wide area networking, which moves beyond WAN optimization, provides banks with a complete map of the network and applies dynamic path selection and intelligence to help IT network managers see, control and optimize their network connectivity.

A WAN overlay solution combines unique communications technology with:

  • Dynamic Intelligent Path Selection
  • WAN Acceleration
  • Data Reduction
  • Path Conditioning
  • Traffic Shaping
  • Global Visibility

Safe Systems new WANworks solution gives financial institutions the flexibility to securely connect their users to bank applications via the most cost-effective source of connectivity and cost-effectively and securely connect all branches. For more information about this solution, visit our WAN Communication page.

Register for WAN Webinar

 

06 Apr 2016

Will Google Fiber Impact your Small Community Bank?

A well-known disrupter out of Mountain View, California has been hard at work trying to shake up the world of Internet access. Let me state right off the bat that I am no spokesman for Google or their Google Fiber service. You could argue that the service is merely a self-serving ploy by the search giant to give more people access to Google’s own vast Internet properties. In fact, industry watchers have widely speculated that this was the unspoken intent in creating Google Fiber in the first place. Despite their intent, it would be difficult to deny that Google or Alphabet (Google’s newly formed holding company) has gotten serious about improving the state of Internet access in this country. You may be asking yourself what one company could possibly do to move an entire industry. It’s all about the speed. Google is laying the groundwork (literally) for affordable gigabit Internet access, a speed which is 100 times faster than your average US internet connection. This is not a cheap endeavor, so starting back in 2011 Google began a slow rollout to a pair of test cities. In the past 5 years their scope has expanded to include 22 cities either installed or announced, ranging from California to Florida.

While this expansion has been impressive, the real payoff is neither the physical infrastructure that Google has built up, nor is it in the brand goodwill accumulated from offering affordable or free Internet access to those in need. The biggest impact of Google’s offering is the ripple effect of Google Fiber on the incumbent providers in these communities. These cities already have what most would consider decent options for Internet connectivity; albeit, many times a single provider has a near monopoly in the market. These existing providers are the complacent monstrosities that you are likely getting your Internet access from today – Comcast, Charter, Time Warner, and AT&T. Google is a brand new player in these markets, and their very presence is shaking things up.

Traditional ISP’s have made significant investments building up their infrastructure, and have become firmly entrenched. It comes as no surprise that they have fought this new competitor every step of the way by incorporating such tactics as misleading advertising campaigns, lawsuits, and lobbying for favorable legislation. In the end, these providers have been forced to adapt or lose their customers. They have been given little choice but to innovate and offer an entirely new levels of service at more competitive prices. One could argue these more modern, more affordable services would not be available today but for this interruption in the market.

Now, I am not claiming that traditional providers would never have innovated without an outsider agitating change. Google’s presence has, however, greatly accelerated the pace of change. While it would take Google decades to bury the fiber, wade through the city ordinances, and strike the necessary agreements to provide gigabit access to the all of the communities that require access, existing industry giants already have much of the infrastructure in place. At the very least, they have the appropriate resources and political connections to rapidly install this infrastructure.

While ISP’s are not classified as public utilities, they certainly model one. These mega corporations tout their infrastructure and imply that they are the only game in town. As that façade has begun to crumble, they have been increasing speeds of existing customers without increasing the price, seemingly in an effort to appease their existing customer base and stop them from looking around at new providers. This suggests that the pieces to increase capacity were already in place, but the resources were only tapped upon the introduction of disruptive competition.

I’ve told this tale not to sing the praises of Google or cut down major Internet providers, but to demonstrate just one of the influences on the telecom and broadband industry as a whole. While it is easy to think of your Internet provider as a slow-moving behemoth, they are still a technology company…and a lot can change in 3 years.

So how does this all apply to you and your business? Industry undercurrents are constantly changing the circuit options available to your institution. It is all too easy to research and enter an agreement with a service provider, then put that binder on a shelf. In many cases, though, a little bit of investigation past the status quo can improve your performance speeds, lower your cost, or possibly both. To this end, I urge you to learn about your available options every 18 months if you are on a 3 year agreement.

When doing your research, it is important to make sure you are asking the right questions. For example, Comcast may offer a cheaper per-month price on their gigabit service than AT&T, but do they have a data cap and what is the cost once you exceed it? What does your termination notice window look like and what are the auto-renew terms if you miss that window?

Communications have become an important interdependency in modern banking, so it is imperative to develop a strategy to build and manage your financial institution’s WAN infrastructure. If you find that you would benefit from some assistance in sorting through these challenges, then it may be time to bring in an impartial expert. Safe Systems can help you address your current needs at a competitive price, while keeping an eye out for where your future needs may intersect with the ever-evolving telecommunications industry.

Register for WAN Webinar

30 Mar 2016

Bank WAN Circuit Access Options: Ethernet is the New T1

As more and more applications move from your premises to the cloud, bank IT and operations managers are placing greater focus on their WAN communication infrastructure. This is a shift from traditional views of the data communication network as a largely inconsequential but necessary utility, in the much same vein as your water or light bill. With this portion of the network increasingly becoming the lynchpin to performing day-to-day operations bankers are focusing on improving their understanding of this network segment and the many options the market provides.

Better understanding the basics of Datacom technology empowers you to make better choices for your financial institution and potentially see gains in performance, price, or both. To kick off this education, we would like to start with the most common question that bankers ask about data communications: “Help me understand what today’s telecom technology is and where the trends are going.” To answer this request, we will briefly describe how the industry has evolved over the past few years, and we will touch on the different types of circuits available for banks and credit unions.

T1’s = Tried and True (but a Little Dated)

T1s dominated the bank WAN market for nearly a decade before newer options starting become more prevalent over the past few years. Often, T1’s were the only available option in more rural areas, so institutions in these areas made due with slower speeds or higher costs for their WAN links. Despite their widespread use, T1’s provided only modest speeds, but carriers could bond multiple T1 circuits to achieve up to 10 Mbps. T1’s were an established technology, but soon became outdated with the emergence of cable modem and Ethernet fiber access, which often offered 10x the speed at a greatly reduced cost.

What Drove WAN Access Technology? Need for Speed

Banking applications became more robust, feature-rich, and data hungry, driving ever-increasing WAN speed requirements. Additionally, new cloud-based applications depend upon fast and reliable data exchange. User experience for these applications is highly contingent upon WAN speed and quality. Fast, reliable networks act as the underlying infrastructure required to deliver a satisfying user experience for today’s highly online and mobile banking consumers. In these cases the communications infrastructure is foundational, not unlike the steel girders underpinning a skyscraper. Choosing the appropriate technology for your WAN has become more important than ever, and T1’s are likely no longer the only game in town. Next, we will look at two more modern WAN technology solutions that might be available to your bank.

Today’s High Speed Options for Banks
Cable Modem vs. Ethernet Fiber

[/vc_column_text][/vc_column][/vc_row]

Cable Modems (Coax)

Cable modem solutions currently dominate the small business market where businesses have a relatively small number of concurrent network users. Cable modems are a mass-consumed product, but can be a good fit for some bank WAN needs.

Use Cases:

  • Ideal for backup Internet connectivity (business continuity)
  • Good fit for locations with no fiber access or locations where fiber build-out costs are prohibitive
  • Often used for 5 users or less (micro-businesses, which is where cable modems dominate the market)

Pros

  • Cable Modems are the “Why Not?” product – they offer the most bang for your buck for download speed – 50 Mbps download for less than $200 per month? Why not?
  • Least expensive technology used for delivering high broadband speeds — up to 150 Mbps Down/20 Mbps Up
  • Asymmetrical by nature – a lot more download speed than upload speed
  • Designed for mass consumption, focused on downloading data

Cons

  • Do not present Service Level Availability (SLAs) - Frequent outages are typical
  • Require an overlaying secure communication element, such as a VPN
  • When outages occur, cable modem companies are notorious for their lack of customer service
  • Not reliable enough transport for many emerging bank applications – which demand speed + high SLA levels
  • Cable modem networks are copper-based, and have all the problems associated with degradation of this physical medium over time
  • Cable modem networks are shared and oversubscribed by nature and often will not consistently, if ever, produce the download/upload speeds advertised
  • Cable companies don’t compete against each other – Their footprints don’t overlap – cable company choice is dictated by where your bank is located and the provider in the area

Ethernet Fiber

Ethernet fiber is the new T1 for banks. Most banks consider it as the preferred option to satisfy their need for fast, reliable transport.

Use Cases:

  • Ideal for primary WAN connectivity (MPLS and Dedicated Internet Access)

Pros:

  • Will offer much higher SLA levels (great for emerging bank applications)
  • New physical fiber plant – not as many problems with new physical media
  • Private and dedicated - not oversubscribed
  • Speeds of up to 10 Gbps
  • Offer great flexibility and scalability – more bandwidth is a phone call away and only requires configuration changes
  • Fiber companies compete against each other – presenting multiple carrier options and competitive pricing

Cons:

  • More expensive than cable modems – you get what you pay for
  • Typical installation intervals are 90 days or more
  • Bank geographic location can limit options – fiber isn’t everywhere

Engineering Best Practice / Conclusion

Consider Ethernet fiber as the preferred access technology for your bank’s WAN. The fast, reliable transport offered by Ethernet fiber will provide the infrastructure necessary for a quality user experience for the emerging applications that will drive business-critical bank applications in the future. Fiber’s limiting factors may be cost and/or availability. While the cost per Mb may be cheaper than T1’s in some cases, this technology is not available at the lower connectivity speeds; therefore, upgrading to Ethernet Fiber may constitute an increase in the overall communications budget. Additionally, the geographic availability of fiber is rather unpredictable, although providers are installing fiber infrastructure at a torrid pace. T1’s and cable modems remain viable options if fiber isn’t a fit for or even available to your institution. As with any technology, to maximize your investment in your communication infrastructure, you need to have a plan of where your communication needs are going.

Don’t Go It Alone!

IT budgets are shrinking, and IT staff is focused on other priority projects. The right IT service provider for your institution should employ seasoned WAN and telecom engineers that will guide you throughout the process of designing a WAN strategy that meets your specific requirements. There are many choices for your communications infrastructure – partnering with a trusted technology service provider can ensure you get the right solution for your bank’s unique technology needs.




Register for WAN Webinar



03 Feb 2016

Three Different Approaches to Managing Your Bank’s WAN

WAN (Wide Area Network) optimization is an important part of enterprise network strategy for financial institutions. Community banks and credit unions utilize their WAN’s to transmit data to and from their branches and carry out daily functions regardless of location. The WAN is often comprised of public networks, such as the telephone system, leased lines, or satellites. Effectively managing your bank’s WAN consists of monitoring both the on-premise communication equipment (routers, layer 3 switches, firewalls, etc) and the circuits that carry the communication; however, this monitoring can be costly and complex. Let’s discuss some different options that today’s community financial institutions have to manage their WAN.

Option #1: WAN Management via the Carrier

Banks often use telecom carriers to provide network management for their WANs. Most telecom carriers offer an option that includes a router for termination of MPLS circuits, Internet access circuits, etc.

Banks use this option because it is the most economical approach to managing their WAN; however, expect minimal support. Carriers typically design simplified support tools to fight fires by focusing on managing the up/down status of the circuits. This reactionary type model offers minimum maintenance. The telecom carriers wait until they are notified of an issue, most frequently by the end user who, themselves, are only aware when they begin experiencing poor performance or downtime.

In most cases these tools simply aren’t sophisticated enough to allow for deep inspection of traffic patterns or usage. Even for administrators with enough expertise to keep WAN administration an internal function, these tools should be supplemented to allow for more proactive monitoring. Layering 3rd party software or services on top of the basic telecom-provided greatly enhances this approach to monitoring.

Pros: Least expensive option
Cons: Minimal support, supplemental 3rd party tools needed

Tip: Carrier-provided WAN management will focus primarily on WAN circuit status – they position themselves in this manner to limit their involvement concerning the overall functionality of your WAN. NOC’s (Network Operations Centers) are not profit centers within the carriers – most telecom NOC’s run “lean and mean.”

Option #2: WAN Management via Core Providers

Core providers also provide a network management option for your bank’s WAN. Most banks that use this strategy like the convenience of using a single provider for both core processing and WAN connectivity. All connections are seamlessly connected back to the core provider, and, depending on the vendor and purchased options, these connections may be more closely monitored by the core provider’s NOC. This option provides a single point of contact as well as a single bill for your bank’s solution.

Expect to pay a premium for convenience. Core providers do not own the underlying infrastructure used to deliver the WAN circuits. Core providers typically use a single large national partner (e.g., AT&T, Verizon, etc.) to offer WAN connectivity services. Those underlying carriers have a profit margin to make, and that is stacked on top of the margin that core providers will take. Taken together, these factors make bundling through your core provider the most expensive way to manage your bank’s WAN.

Beyond the extra cost there is often another area that can prove to be problematic for your financial institution if you allow your core to provide your WAN. Core providers can be very limited in the flexibility of the WAN technology that they provide. Most bankers are familiar with the rigid standards required by core providers when you are running out of their service bureau. In much the same way, core providers tend to be very limiting on routing configurations. These restrictions are perhaps most visible to an average FI when they move to implement a BCP/DR strategy. Most cores will not allow the protocols required to have Internet and network server connectivity automatically re-routed in the event of an outage.

Pros: Single bill, single point of contact
Cons: Most expensive option, limited carrier choice, limited flexibility

Tip: Convenience offered by WAN management from core providers comes at a steep cost.

Option #3: WAN Management via a Managed Services Provider (MSP)

Many banks opt to use 3rd party MSP’s to manage their WAN connections. Many telecom carriers offer unmanaged circuits (i.e., they offer a circuit-only option that does not include a managed router). Under this approach, unmanaged loops are terminated on equipment that is bank-owned or provided by an MSP. The MSP manages the overall solution to varying degrees, based on the vendor and product.

Unlike the core providers, MSP’s typically have multiple arrangements with national carriers and will often offer more options for WAN connectivity. This flexibility typically translates into lower cost to the bank than their core provider can offer.

Another benefit offered by this approach is that you assign the proper roles and responsibilities to the appropriate parties. Carriers specialize in ensuring the simple up/down status of circuits and this management model allows them to focus on this one important responsibility. Similarly, MSP’s are responsible for the overall health and management of the WAN solution.

Pros: Best support, competitive pricing, multiple carrier options
Cons: Multiple bills, multiple contacts

Tip: MSP’s typically offer a wider variety of management tools and better reporting on WAN usage.

Engineering Best Practice/Conclusion

There are many choices when it comes to managing your bank’s network. While only management can decide which option is the best fit for your financial institution’s needs, a specialized MSP offers the most comprehensive set of services at a competitive price. While not the cheapest option available, a MSP may be the most cost-effective option by ensuring that your WAN properly fits your business needs. Such specialized 3rd party vendors can also offer the expertise necessary to help your bank explore more advanced networking, such as ensuring high availability and implementing disaster recovery fail-over scenarios for both core processor and Internet connectivity.

Don’t Go IT Alone!

It seems like IT budgets shrink every year, and IT staff members must often focus on other priority projects. The right vendor to help you seize control over your WAN should offer an experienced staff that can guide you through the process of designing a WAN infrastructure. Don’t accept a one-size-fits-all solution, and seek out a vendor that will listen to your concerns in order to help implement a management strategy that meets your requirements. WAN connectivity presents a significant recurring business expense, and a solid WAN management partner can help you get the most out of this investment.



Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions



17 Nov 2015

Is Your Multi Location Financial Institution Ready for a WAN Outage?

WAN Outage

Have you planned for a backhoe at a construction site six blocks over cutting your (only) Internet connection? How about a car accident that knocks down the utility pole outside your main office, and severs the connection to your core provider? Have you looked to make sure there are no water pipes in the ceiling above your communications closet? If you aren’t fully prepared for communications outages, then you are not alone. While you cannot account for every contingency that might befall your bank or credit union, it certainly pays to prepare. During your next WAN infrastructure review, consider the following concepts to help build better resiliency for your WAN communications.

Have a Primary and Failover Site for Your WAN Connectivity

You should never put all your eggs in one basket, and having a single hub through which all devices must connect creates a single point of failure. In addition to your main office or operations center, consider upgrading a branch location to act as a backup communications hub for failover purposes. Both your primary and backup locations should be set up with connectivity for the Internet, WAN (MPLS/ T1/ Metro-E/Etc.) and the Core, at a minimum.
 
Be mindful of the following considerations regarding your secondary/failover site:

  1. You should have a fully functional firewall protecting any Internet connections at your communications failover site. Similarly, if you choose to leverage VPN technology and inexpensive Internet connectivity to provide a secondary connection for your WAN (branch) communications, then make sure that you have the appropriate firewalls or other devices in place at all locations to facilitate this plan.
  2. Don’t forget about specialty communications equipment. If you have a separate appliance for Fedline access or a router for VPN connectivity back to your ATM provider, then be sure to duplicate these devices at your secondary location.
  3. If you implement two different connections which use the same media or physical wire (e.g., phone and WAN data), then you have concentrated your risk. It only takes one line to be severed for both your connections to go down.

 

Automatic vs. Manually Assisted Failover

Now that we have discussed the kinds of solutions you want to have in place and where you want them, let’s discuss the technology behind maximizing these tools. It’s essential to understand that there are two types of failover: automatic failover and manually assisted failover. While the natural initial reaction is to opt for automatic failover, this may be cost-prohibitive, or may not be possible with your mix of technologies and vendors. Choosing the right option for your financial institution requires a full understanding of the differences between these two options. Let’s look at a few scenarios:
 

Automatic Failover

As the title implies, an automatic failover involves routing devices automatically adjusting routing and data flows based on conditions detected on the network. For example, picture a financial institution that has four branches with redundant connectivity at the main office and a designated Disaster Recovery (DR) site. If Internet connectivity were to go down at the main office, then the routing devices at the remaining branches would detect the outage and automatically start sending traffic destined for the Internet to the DR site. This allows the other branches to continue working, sometimes nearly seamlessly, and minimizes the outage to only the main office.

When the problems are resolved at the main office, then the branches will detect that their preferred path is once again available, and will reroute to send Internet traffic through the main office. This option is ideal, because no action is necessary by the networking team to change routes at all the branches. This minimizes the downtime during failover/ failback events.

While this option is usually the fastest way to adapt to network outages, it requires significant setup, testing and administration time. Additionally, all devices involved must be capable of using the same protocols to detect and adjust to changes in the environment.
 

Manually Assisted Failover

As mentioned above, automatic failover may not be feasible in all situations, and there are other scenarios where administrators may want to retain some manual control. One common reason to opt for manual failover is when an institution hosts its own DR equipment. If you have built a hot DR site with equipment and connectivity mirroring your production environment, the last thing you want to do is automatically fail all operations to DR equipment based on a temporary glitch in one of your telco circuits. While this may sound harmless enough, it creates a situation where you are working with live data on two different systems and likely ending up with a messy data merge, lost files and end-user frustration.

When adding data and server resources into the mix, administrators might prefer to tightly control when to “flip the switch” to cut over to DR resources and adjust communication routes. This option may be more desirable for savvy administrators overseeing complex networks, but the additional control often comes at the expense of failover/failback speed.
 

A Backup is Not a True Backup until it is Tested

Having a plan in place is a nice first step to build your redundancy and communications resilience, but the smallest of overlooked details can quickly derail your efforts. You wouldn’t trust your critical data backups without periodically testing restore capabilities, so why wouldn’t you test your communications backups?

Test your communications failover plans (at least) once a year to verify your WAN resiliency works as intended. Be sure to thoroughly document not only what went right with your test, but also what went wrong or what adjustments were necessary. This documentation allows you to learn from mistakes and address any gaps in your plans. Auditors and examiners will also want to review this testing documentation, so you should aim for incremental improvements from year to year and test to test.

Financial institutions may overlook another important backup need by neglecting to back up the configurations for routers and smart switches. Routing configurations can balloon in complexity over time as automatic failover is added and routing is optimized, and you do not want to lose all of the hard work that went into building those configurations due to failed hardware. Be sure to back up the router or switch configurations after configuration changes to ensure the fastest recovery from failed equipment. If you are uncomfortable managing these backups on your own, there are services available to monitor networking equipment that also automatically copy down device configurations on a regular schedule.

Finding and configuring the right mix of technologies to keep your financial institution running can be a daunting task. If you would like some help figuring out how to navigate the different circuit and failover options available, then consider enlisting the help of technology experts. The right technology partner should be familiar with the unique needs of financial institutions to help you stay technically afloat without running afoul of regulatory requirements.



Free White Paper



Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.



Dispelling 5 IT Outsourcing Myths within Financial Institutions