The Russian division of one of the major international banks operating in the corporate segment. The organization operates under conditions of increased information security requirements and strives to abandon obsolete and sanction-sensitive equipment.
The bank's network infrastructure was based on aging equipment from foreign manufacturers, some of which were subject to sanctions. This created risks of failure, limited scaling, and did not correspond to the internal security strategy.The issue of replacing imported cryptographic protection solutions with certified domestic products also arose.
Key Challenges
- Increasing the reliability and capacity of the network infrastructure as part of the partial implementation of the import substitution strategy.
- Transition to Russian cryptographic protection tools and configuration, implementation and integration of solutions into the customer’s infrastructure.
- Design of a new network architecture.
- Project support with a visit to the client's offices.
Implemented our solution
The project started with pilot testing, during which the team tested equipment from several vendors: Huawei, Cisco, Eltex, “Security Code”. Based on the test results, Russian solutions were selected that met the requirements for reliability, performance and security.
The ICL Services team designed and configured a new network architecture with migration to the OSPF protocol (instead of the previously used EIGRP), which ensured greater flexibility and fault tolerance.
The project included the deployment of new infrastructure in four customer offices in Moscow, including two data centers. All work was carried out with on-site visits by specialists.
An important element was the implementation of “Security Code” crypto gateways certified by FSTEC. Despite the partial preservation of the previous equipment, which was not replaced by the customer's decision, it was possible to achieve stable integration and establish infrastructure management using two parallel consoles.
Products and technologies
- Crypto gateways “Security Code” for organizing secure communication channels in offices and data centers
- Eltex routers (replacement of obsolete foreign equipment), OSPF protoco
Results
- Increased network fault tolerance and reduced risks of failures.
- Ensured compliance of part of the information security infrastructure with FSTEC requirements.
- Increased network throughput.
- Prepared a base for future migration to a new data center.
- More than 40% of domestic equipment of the total volume has been installed.
- The customer plans to further scale the project. After successfully connecting the fourth node (data center), the plans include transferring all services to the new data center and further updating the remaining infrastructure components.