The story of our collaboration with a leading financial institution, using our proprietary technology and innovative expertise to deliver a responsive, secure infrastructure designed with agility in mind.
Migrations reduced from 24 to four hours
17 ACI fabrics deployed across six global data centers
The Company
Our client is a global Tier 1 bank with over 80,000 employees across 40 countries.
As one of the UK’s oldest banks and a major provider of financial services across the world, this institution offers everything from retail banking, credit cards, and corporate and investment banking to wealth management. Today, they move, lend, invest and protect money for 48 million customers and clients worldwide
The Goals
With the ambition of achieving an agile infrastructure, the bank needed to be more responsive to change than ever. As part of this, they had three goals:
-
To significantly increase their security posture
-
To remove technical debt associated with their legacy network
-
To align with financial services compliance requirements.
To meet these goals, the bank wanted to move to Cisco ACI’s software-defined core networking technology. By adopting this solution, they knew they could achieve a more agile, programmable platform, as well as a lower total cost of ownership due to the smaller data center footprint.
The Challenges
The bank’s overall challenge was a lack of capability and capacity to deliver the service mapping and migration planning required, and to ultimately execute the migration change.
Firstly, they were running two major programs simultaneously: network segmentation and network transformation. However, cohesion was lacking – these projects were being run as two separate entities and were being delivered by largely separate teams. The number of live services and the stringent change control added extra complexity to navigate.
As well as a unified approach to network transformation, the bank also needed support with technology implementation. For several reasons, the most complicated part of the challenge was the migration from the old to the new network:
-
Understanding a service map within an organization of this size and scale is incredibly complicated – for every connection you need to migrate, you’re making a change to a major financial service.
-
Due to the sensitivity and criticality of the services potentially affected by the migration program, many levels of approval are required. This drives a greater need for the service mapping information to be correct and up to date to better inform and speed up the change approval process.
-
As with most institutions of this size, asset databases are rarely as accurate as they can or should be. This makes understanding the logical and physical mapping extremely difficult – if you do not have a complete understanding of the environment, every change can pose a potential risk.
The Solution
Our team of 35 experts brought thought and delivery leadership in Cisco Application Centric Infrastructure (ACI), program and change management, technical design and delivery, and specialist data analytics skills to the table.
We also partnered with Cisco to provide a vendor assurance layer to ensure the functionality of the products involved.
We started by deploying a smaller Tiger team upfront to crunch the data and prepare a high-level plan. We categorized devices by complexity, and then defined an overall team size and a timeline for project completion.
The key piece in this project was the discovery stage. In a market where our competitors are conducting manual discoveries, our automated approach set us apart from the crowd. Because manual discoveries usually offer a snapshot of the environment carried out upfront in order to allow for planning, re-validation (which often includes the same level of effort) of the environment to be migrated needs to occur prior to the change execution. This is due to the risk of unknown changes being completed post manual discovery.
Reliance on a single source of data (such as the discovery) also invites risk. Our methodology allowed us to analyze multiple sources of data quickly and correlate the important information.
This data correlation identified false positives and orphaned services, ensuring we were working with the most accurate data at all times. And, because we consolidated information from multiple customer data sources into a single source of truth, there was no need to multi-audit the data centers. With our automated discovery, our audit could remain live for the duration of the program.
Most importantly, we used our proprietary tooling to create an enriched golden source of service mapping data that could be leveraged in a smart, automated way for up-to-the-minute change control on thousands of migration events. Not only did this significantly accelerate the migration plan, but it also reduced the risk associated with change and allowed us to create an entirely accurate CMDB and service map for the new target environment.
The Results
Overall, our automated approach meant we were able to speed up the migration process by 6X. Initial migrations took 24 hours, and we were able to steadily bring this time down, with the quickest migration time reduced to 4 hours. This allowed for multiple migrations to take place in a given change window period over a change weekend – reducing the overall cost of the program while accelerating the removal of technical debt and improving technology adoption.
-
The joint multi-year program succeeded in migrating 72,000 ports on 17 ACI fabrics across 3 regions, 4 time zones, 6 data centers, multiple organizations and dozens of teams – and, by the end of the project, successful migrations were being conducted every single week.
-
Our approach allowed us to better collate information sources and marry it to our always-on audit data, which enabled us to better understand the distribution of corporate services and applications on the devices under change (a blind spot for the organization). This allowed us to better manage the change control process by identifying and communicating to the affected services that there would be an outage which, in turn, allowed them to proactively manage the communications and connectivity failover – minimizing (and, in many instances, removing) downtime connectivity.
-
This information was then used to enrich the internal operations team’s knowledge, as well as update the Configuration Management Databases.
