When Dubai Bank converted to Islamic banking three years back, it had huge implications for the bank’s IT organisation, which was mandated with the task of implementing Shari’a compliant core systems with the capability and flexibility to launch new products and services.
“The way we do business changed, and the IT systems had to map to meet the new business requirements. When we migrated, we had to completely revamp our technology and network architecture to meet the requirements of an Islamic financing system. Within a period of three years, we have also grown from just four branches to 25 locations in the Emirates, making it absolutely imperative to design a scalable network,” says Naimish Shah, Head of IT Operations and Services.
The bank’s network structure was flat, based on hub and spoke topology, connected through leased lines. This meant point-to-point branch connectivity with high recurring communications costs and little room for scale. “We had many business challenges related to network looping and application performance. We had around 19 business initiatives including ATM switching, and covered card systems, and more applications were being added to the mix, taxing the system. We had to ensure current issues were addressed, and strengthen the network foundation to cater to all new applications,” says Shah.
Dubai Bank embarked on a network re-engineering initiative, based on best practices, with the goal of providing a secure network with high application performance for users. As part of the redesign process, the bank moved to Multi Protocol Label Switching (MPLS), which offers any-to-any connectivity with built in security and Quality of Service (QoS) features. “Having MPLS also facilitated disaster recovery for us, which was not optimal in the earlier architecture. Now, we do Disaster Recovery drills twice a year on a live working day. Another advantage was the significant reduction in communications costs in the range of 40%,” says Shah.
The bank’s network today supports around 600 users, and runs mission critical applications such as core banking, ATM switching and the ERP system. The data centre houses around 300 servers, out of which 200 are production servers. While many organizations in the region adopt security as an after-thought, at Dubai Bank it is built right into the network fabric and is, in fact, one of Dubai Bank’s competitive advantages. “We have security at all layers including campus, core and WAN. We use encryption over WAN using DMVPN, without losing the advantage of any-to-any MPLS topology,” says Shah.
The bank has a layered approach to Internet security using web application firewalls and stateful firewalls. To enhance external perimeter security, a slew of security mechanisms are in place including IPS and log correlation engines. Firewall switching and segregated zones with appropriate access lists are in place to bolster internal perimeter. On the LAN side, the bank has implemented network access control to cover internal threats and to mitigate risks.
What is probably unique about Dubai Bank’s network infrastructure design is that it is overlaid on top of the application architecture. “Often, network design is driven by technology and features. These things
are important but as a means to an end. At Dubai Bank, we have taken into account the application architecture, usage patterns and volumes while designing the network. “Our technology is at minimum on par with the largest and the best financial institutions in the market, and is used throughout Dubai Bank to provide top quality products and services to our loyal client base.” sums up Shah.