Case Study: ICICI Centralizes Applications
ICICI centralizes applications for 'anywhere' banking

When anytime, anywhere banking came to our country, ICICI Bank had to move away from the branch-centric model and make its services available nationwide. The solution was to centralize its applications. by Minu Sirsalewala

ICICI Bank, India's second-largest bank with a network of about 540 branches and offices and over 1,000 ATMs offers banking products and financial services to corporate and retail customers through a variety of delivery channels. The legacy systems at ICICI group (now called ICICI Bank) were stand-alone systems, networked only for basic e-mail and none of the core applications were linked to the network. Around 1998 the company realized that to improve its operations and increase efficiency it needed to centralize its core banking applications.

The Company

ICICI Bank provides banking products and financial services to corporate and retail customers in areas of investment banking, life and non-life insurance, venture capital, asset management and information technology. The need - Being a financial company with countrywide operations, it felt the need to centralize its applications to reach all its partners and customers. It needed to connect various ICICI offices, banks, branches and over 1,000 ATMs to make its services available across the country. The solution - After a detailed study of the company activities and its needs, a network comprising of leased lines, VSATs, radio-links and ISDN was designed and deployed to centralize its core applications. The benefit - With the centralization of applications, customers and partners can now avail various services through any of the branches at any location in the country. The group has considerably cut costs on distributed backend operations by bringing them to the frontend with the centralization of core backend applications.

Click on image for larger view

Click on image for larger view

Click on image for larger view

Legacy systems
The traditional systems at ICICI Bank were very centric to the branch. For example a server at New Delhi was specific to the branch in that city; the ATMs were standalone catering only to the city branch. The banking transactions were thus limited to the respective branch offices as customer data was not available in other branches. This made banking a limited service and very branch specific. ICICI realized the importance of offering nationwide banking but this would be possible only by having a centralized data repository.

The shift
The basic network was set up for providing the e-mail facility, but none of the applications were linked to the network. The network comprised of a mix of servers running different applications at various branches of the bank. With growing business and rapidly increasing accounts, the company found it extremely difficult to administer and manage the system.

This also resulted in duplication of backend services and procedures, as the systems were not centralized for the core banking applications.

"There was a lot of additional cost being incurred due to the duplication of the backend procedures at the branch offices," said Manoj Kunkalienkar, Joint President ICICI Infotech Services Limited.

The centralization procedure started around late 1999. ICICI Infotech (a company promoted by ICICI) made the first network design for the group in 1999—it was a hub and spoke architecture.

Utmost care was taken to design a network with a strong backbone. According to Manoj, the key strength of a network is its back-bone. The group's various centers are connected by 2 Mbps or 4 Mbps leased lines.
Manoj said the design considerations not only included high bandwidth availability but also the fact that a single point of failure should not result in lines going down.

The group realized that it had to enter into the retail space, have local regional presence, and provide alternate channels to the customer. They needed a solution whereby they could offer services across the country.
"Centralizing the operations was not the solution, but centralization of data was. We had already centralized some of the operations but we still had some branch applications running independently which were not centralized and had ATMs which were stand-alones. Two major criteria considered before designing were not only the network, but also the infrastructure available in our country," said Manoj.

In the past, the infrastructure here was such that a company could not rely on leased lines completely. So ICICI needed backups on ISDN and VSATs, along with the 64 Kbps leased lines. "The leased lines were too expensive then, now the lines are better, more stable and offer good connectivity. The cost has also come down by around 15 percent."

Manoj opined that what was really important was to have a world class data center and centralize everything in one place, as that's where the network can be used at the maximum. To ensure 24x7 service access and connectivity to customers one needs to have reliable backups and a robust network in place. From a business perspective, the main reason to go in for a network was centralization of data, provide all channels of communication and at the same time provide anytime, anywhere banking. "The problem we faced with our legacy systems was that they were stand-alone systems and the data from one branch was not available with another branch."

These problems led us to the new design of the hub and spoke architecture.

The big solution
What ICICI was looking for was a robust network, which would enable it to offer services at the retail level throughout the country. The in-house ICICI Infotech was the obvious choice for consultation. The ICICI Infotech team designed the initial network topology in 1999. The team had put forward a series of designs, not radically different from each other.

Eventually, a design with a mix of VSATs, leased-lines, radio-links and ISDN was selected. A mixed design was selected because of the disparate locations of the group across the country. There were different technical problems in different locations and the next best available solution had to be included.

"The basic topology has withstood over the years. What we have today is still the basic architecture with just new additions in terms of just more bandwidth," said Manoj.

The advantage in a hub and spoke architecture is that multiple nodes (spokes) are connected with a hub location through a ring of single-mode fiber. Each hub-node connection can consist of single or multiple wavelengths (lambdas), each carrying a full Gigabit Ethernet channel. Protection from fiber cuts in the ring is achieved by connecting the hub and nodes through both directions of the optical ring. Service provider Gigabit Ethernet metro access rings are the main applications for this architecture. And another advantage is that nodes can be added to the network more easily.

Methodology
The most important aspect to setting up a network is to have a good relation between the technology consultant (network integrator), the vendor and the client.

"The vendors in the market are more or less capable of giving the same results, like the same amount of redundancy or strength of the network," said Manoj. "What really matters is the relation between the three. If there is harmony amongst the three, then better results will be achieved."

The client plays the most important role as he has very low time to market, and delivery is required at the earliest.
"A series of products are available in the market. As the time to market is so short, we (ICICI Infotech) select the products available in the market and integrate them. This takes care of 98 percent of the solution requirement and then we build the other two to three percent around it and deliver the perfect solution to the client," explained Manoj.

The Network
As we said before, the network follows a hub and spoke architecture—a mix of VSATs, leased lines, ISDN and radio links. It has around 800 leased lines, about 600 VSATs, approximately 800 ISDN lines and multiple 34 Mbps lines.

The network supports the ICICI group offices, banks, branches, and over 1000 ATMs. There is a primary site from where spokes go out to the regional branches and the other offices. The secondary site has the disaster recovery system.

There are around eight hub locations, which have 3, 4 or 8 Mbps lines as per the requirements for connecting to the branch and regional offices.

High-end Cisco routers and switches have been deployed for connectivity. The network is monitored using HP OpenView and CiscoWorks. Over 30 portals are operating using a highly secure state-of-the-art security architecture, which consist of firewalls, intrusion detection systems, virus protection and various other tools.

The main production site is at Mahalaxmi, Mumbai (the primary site), and has been built to international standards.

The disaster recovery site (the secondary site) is located at ICICI towers in Bandra-Kurla complex, Mumbai and is used for replication of data. A distance of 25-30 kms separates the two centers and they are linked with two 34 Mbps leased lines. To ensure reliability and 24x7 availability, the leased lines pass through separate exchanges.

Before the data moves on to the leased lines, it passes through two CNT storage directors that convert this data into WAN-related traffic before it is sent on the leased line to the other data center. The high-speed leased lines make it possible to synchronize data in real-time between the two centers.

Hardware at both these sites varies from low-end NT servers to the high-end SUN E 10K along with 12 terabytes of data storage at each end connected through a SAN. The group's facilities management team manages over 9,500 desktops, 500 servers and works around the clock. CA Unicenter is used for managing the helpdesk, desktops and servers, asset management, software delivery and remote control.

Unix is the preferred OS for most of the hardware while most of the databases use Oracle with a few on Sybase and MS SQL. Over 200 databases are supported with 24x7 processing. The state-of-the-art technology architecture adopted by ICICI Bank needed robust security, and this was designed by qualified experts from its Systems Security Cell. This security design includes preparation, implementation and maintenance of the Systems Security policies and procedures across all systems, ensuring general user awareness about these policies and enforcing the policies through systems audits. The security cell has developed several tools, which are the first of its kind to address several vulnerabilities on Unix, NT and MS-Exchange. The system security is audited by KPMG.

Challenges
Once the network was up, ICICI Infotech faced the challenge of ensuring smooth operation and minimum downtime. Manoj agrees glitches cannot be avoided and while one has to try and prevent these, one also has to think about the growth of the network, in line with business expansion.

"No walk is very smooth. Glitches are, and will always be there," said Manoj. "What was of prime importance was to keep pace with the business and its expansions. Technical problems are not difficult to handle—there is always a solution to them but other problems like the existing infrastructure of the country, the individual business needs are very taxing."

According to Manoj, the real challenge came while designing and deploying the network, as the team had to view business processes at a very micro level. They had to identify the exact areas where the business needed to be expanded, and then find the best suitable option to connect to those locations.

The ICICI VSAT network is large, with almost a thousand nodes. Keeping it going turned out to be an even bigger challenge for the group. The entire network is monitored from one center. Any error in the network at any point is rectified in a short span of time and the system is up and running with minimum downtime.

Another challenge was to keep pace with business growth. "The only technological challenges we face are in terms of the quality of the lines, as they are not same all the time. Typically, the router and switch software is written assuming a certain quality of the line. As a result, if the quality of the line is not stable and fluctuates, the systems do not function efficiently. Ensuring the required line quality is a major challenge. An obvious solution to this is to interact and talk with the vendors and get it customized for an Indian client's requirements," explained Manoj.

Manoj reiterates that it's important for the vendor and the client to have a good rapport so that they do not just provide the client with boxes but change the operating system (and other relevant software) as and when needed.

The basic topology has not changed. "Initially we had started with connecting seven locations. Today all the centers and offices are connected making virtual banking a reality," said a proud Manoj.

Benefits
With the centralization of data all applications are controlled, modified and administered from one location. The network has enabled the bank to shift from traditional banking to virtual banking thus offering modern banking services to its customers. All backend applications run from a centrally located data center. This eliminates duplication of processes like backend operations, training of staff, administration cost, and other system related costs at branch levels. Clients can avail of anytime-anywhere banking on the Net and make use of their ATM cards at any of the ATM centers across the country. Considerable amount of cost has been saved as the backend operations of regional offices have been eliminated. The data for all the customers is centralized and processed from the centrally located data center. Information for any ICICI client will be available at any of the ICICI branches.

Minu Sirsalewala can be reached at minus@networkmagazineindia.com