anytime, anywhere banking came to our country, ICICI
Bank had to move away from the branch-centric model
and make its services available nationwide. The solution
was to centralize its applications. by Minu Sirsalewala
Bank, India's second-largest bank with a network of
about 540 branches and offices and over 1,000 ATMs offers
banking products and financial services to corporate
and retail customers through a variety of delivery channels.
The legacy systems at ICICI group (now called ICICI
Bank) were stand-alone systems, networked only for basic
e-mail and none of the core applications were linked
to the network. Around 1998 the company realized that
to improve its operations and increase efficiency it
needed to centralize its core banking applications.
Bank provides banking products and financial services
to corporate and retail customers in areas of
investment banking, life and non-life insurance,
venture capital, asset management and information
The need - Being a financial company with
countrywide operations, it felt the need to
centralize its applications to reach all its
partners and customers. It needed to connect
various ICICI offices, banks, branches and over
1,000 ATMs to make its services available across
The solution - After a detailed study of
the company activities and its needs, a network
comprising of leased lines, VSATs, radio-links
and ISDN was designed and deployed to centralize
its core applications.
The benefit - With the centralization of
applications, customers and partners can now
avail various services through any of the branches
at any location in the country. The group has
considerably cut costs on distributed backend
operations by bringing them to the frontend
with the centralization of core backend applications.
on image for larger view
on image for larger view
on image for larger view
The traditional systems at ICICI Bank were very centric
to the branch. For example a server at New Delhi was
specific to the branch in that city; the ATMs were standalone
catering only to the city branch. The banking transactions
were thus limited to the respective branch offices as
customer data was not available in other branches. This
made banking a limited service and very branch specific.
ICICI realized the importance of offering nationwide
banking but this would be possible only by having a
centralized data repository.
The basic network was set up for providing the e-mail
facility, but none of the applications were linked to
the network. The network comprised of a mix of servers
running different applications at various branches of
the bank. With growing business and rapidly increasing
accounts, the company found it extremely difficult to
administer and manage the system.
This also resulted in duplication of backend services
and procedures, as the systems were not centralized
for the core banking applications.
"There was a lot of additional cost being incurred
due to the duplication of the backend procedures at
the branch offices," said Manoj Kunkalienkar, Joint
President ICICI Infotech Services Limited.
The centralization procedure started around late 1999.
ICICI Infotech (a company promoted by ICICI) made the
first network design for the group in 1999it was
a hub and spoke architecture.
Utmost care was taken to design a network with a strong
backbone. According to Manoj, the key strength of a
network is its back-bone. The group's various centers
are connected by 2 Mbps or 4 Mbps leased lines.
Manoj said the design considerations not only included
high bandwidth availability but also the fact that a
single point of failure should not result in lines going
group realized that it had to enter into the retail
space, have local regional presence, and provide alternate
channels to the customer. They needed a solution whereby
they could offer services across the country.
"Centralizing the operations was not the solution,
but centralization of data was. We had already centralized
some of the operations but we still had some branch
applications running independently which were not centralized
and had ATMs which were stand-alones. Two major criteria
considered before designing were not only the network,
but also the infrastructure available in our country,"
the past, the infrastructure here was such that a company
could not rely on leased lines completely. So ICICI
needed backups on ISDN and VSATs, along with the 64
Kbps leased lines. "The leased lines were too expensive
then, now the lines are better, more stable and offer
good connectivity. The cost has also come down by around
Manoj opined that what was really important was to have
a world class data center and centralize everything
in one place, as that's where the network can be used
at the maximum. To ensure 24x7 service access and connectivity
to customers one needs to have reliable backups and
a robust network in place. From a business perspective,
the main reason to go in for a network was centralization
of data, provide all channels of communication and at
the same time provide anytime, anywhere banking. "The
problem we faced with our legacy systems was that they
were stand-alone systems and the data from one branch
was not available with another branch."
These problems led us to the new design of the hub and
What ICICI was looking for was a robust network, which
would enable it to offer services at the retail level
throughout the country. The in-house ICICI Infotech
was the obvious choice for consultation. The ICICI Infotech
team designed the initial network topology in 1999.
The team had put forward a series of designs, not radically
different from each other.
Eventually, a design with a mix of VSATs, leased-lines,
radio-links and ISDN was selected. A mixed design was
selected because of the disparate locations of the group
across the country. There were different technical problems
in different locations and the next best available solution
had to be included.
"The basic topology has withstood over the years.
What we have today is still the basic architecture with
just new additions in terms of just more bandwidth,"
The advantage in a hub and spoke architecture is that
multiple nodes (spokes) are connected with a hub location
through a ring of single-mode fiber. Each hub-node connection
can consist of single or multiple wavelengths (lambdas),
each carrying a full Gigabit Ethernet channel. Protection
from fiber cuts in the ring is achieved by connecting
the hub and nodes through both directions of the optical
ring. Service provider Gigabit Ethernet metro access
rings are the main applications for this architecture.
And another advantage is that nodes can be added to
the network more easily.
The most important aspect to setting up a network is
to have a good relation between the technology consultant
(network integrator), the vendor and the client.
"The vendors in the market are more or less capable
of giving the same results, like the same amount of
redundancy or strength of the network," said Manoj.
"What really matters is the relation between the
three. If there is harmony amongst the three, then better
results will be achieved."
The client plays the most important role as he has very
low time to market, and delivery is required at the
"A series of products are available in the market.
As the time to market is so short, we (ICICI Infotech)
select the products available in the market and integrate
them. This takes care of 98 percent of the solution
requirement and then we build the other two to three
percent around it and deliver the perfect solution to
the client," explained Manoj.
As we said before, the network follows a hub and spoke
architecturea mix of VSATs, leased lines, ISDN
and radio links. It has around 800 leased lines, about
600 VSATs, approximately 800 ISDN lines and multiple
34 Mbps lines.
network supports the ICICI group offices, banks, branches,
and over 1000 ATMs. There is a primary site from where
spokes go out to the regional branches and the other
offices. The secondary site has the disaster recovery
There are around eight hub locations, which have 3,
4 or 8 Mbps lines as per the requirements for connecting
to the branch and regional offices.
High-end Cisco routers and switches have been deployed
for connectivity. The network is monitored using HP
OpenView and CiscoWorks. Over 30 portals are operating
using a highly secure state-of-the-art security architecture,
which consist of firewalls, intrusion detection systems,
virus protection and various other tools.
The main production site is at Mahalaxmi, Mumbai (the
primary site), and has been built to international standards.
disaster recovery site (the secondary site) is located
at ICICI towers in Bandra-Kurla complex, Mumbai and
is used for replication of data. A distance of 25-30
kms separates the two centers and they are linked with
two 34 Mbps leased lines. To ensure reliability and
24x7 availability, the leased lines pass through separate
the data moves on to the leased lines, it passes through
two CNT storage directors that convert this data into
WAN-related traffic before it is sent on the leased
line to the other data center. The high-speed leased
lines make it possible to synchronize data in real-time
between the two centers.
Hardware at both these sites varies from low-end NT
servers to the high-end SUN E 10K along with 12 terabytes
of data storage at each end connected through a SAN.
The group's facilities management team manages over
9,500 desktops, 500 servers and works around the clock.
CA Unicenter is used for managing the helpdesk, desktops
and servers, asset management, software delivery and
Unix is the preferred OS for most of the hardware while
most of the databases use Oracle with a few on Sybase
and MS SQL. Over 200 databases are supported with 24x7
processing. The state-of-the-art technology architecture
adopted by ICICI Bank needed robust security, and this
was designed by qualified experts from its Systems Security
Cell. This security design includes preparation, implementation
and maintenance of the Systems Security policies and
procedures across all systems, ensuring general user
awareness about these policies and enforcing the policies
through systems audits. The security cell has developed
several tools, which are the first of its kind to address
several vulnerabilities on Unix, NT and MS-Exchange.
The system security is audited by KPMG.
Once the network was up, ICICI Infotech faced the
challenge of ensuring smooth operation and minimum downtime.
Manoj agrees glitches cannot be avoided and while one
has to try and prevent these, one also has to think
about the growth of the network, in line with business
"No walk is very smooth. Glitches are, and will
always be there," said Manoj. "What was of
prime importance was to keep pace with the business
and its expansions. Technical problems are not difficult
to handlethere is always a solution to them but
other problems like the existing infrastructure of the
country, the individual business needs are very taxing."
According to Manoj, the real challenge came while designing
and deploying the network, as the team had to view business
processes at a very micro level. They had to identify
the exact areas where the business needed to be expanded,
and then find the best suitable option to connect to
The ICICI VSAT network is large, with almost a thousand
nodes. Keeping it going turned out to be an even bigger
challenge for the group. The entire network is monitored
from one center. Any error in the network at any point
is rectified in a short span of time and the system
is up and running with minimum downtime.
Another challenge was to keep pace with business growth.
"The only technological challenges we face are
in terms of the quality of the lines, as they are not
same all the time. Typically, the router and switch
software is written assuming a certain quality of the
line. As a result, if the quality of the line is not
stable and fluctuates, the systems do not function efficiently.
Ensuring the required line quality is a major challenge.
An obvious solution to this is to interact and talk
with the vendors and get it customized for an Indian
client's requirements," explained Manoj.
Manoj reiterates that it's important for the vendor
and the client to have a good rapport so that they do
not just provide the client with boxes but change the
operating system (and other relevant software) as and
The basic topology has not changed. "Initially
we had started with connecting seven locations. Today
all the centers and offices are connected making virtual
banking a reality," said a proud Manoj.
With the centralization of data all applications are
controlled, modified and administered from one location.
The network has enabled the bank to shift from traditional
banking to virtual banking thus offering modern banking
services to its customers. All backend applications
run from a centrally located data center. This eliminates
duplication of processes like backend operations, training
of staff, administration cost, and other system related
costs at branch levels. Clients can avail of anytime-anywhere
banking on the Net and make use of their ATM cards at
any of the ATM centers across the country. Considerable
amount of cost has been saved as the backend operations
of regional offices have been eliminated. The data for
all the customers is centralized and processed from
the centrally located data center. Information for any
ICICI client will be available at any of the ICICI branches.
Sirsalewala can be reached at email@example.com