Since 1994...

Case studies

The BCR Network Redesign project won ROCS Excellence Award in banking and finance category in 2010.

A universal bank dedicated to both retail and corporate customers, BCR, a member of Erste Group, is the leading banking organization in Romania, managing assets worth of more than EUR 16 billion. The bank is offering a full range of banking services having 667 retail branches and agencies (for individuals and micro corporations) located in most of the Romanian cities with a population of more than 10,000 inhabitants. The bank provides to both retail and corporate customers a complex offer of banking products and services, including Internet banking, phone banking and e-commerce services. BCR issues 25 types of debit and credit card, and is the owner of the largest national ATM and POS network – over 2,000 machines and over 17.000 electronic terminals operational at the merchants, for card payments. BCR is currently the most important financial Group in Romania, with operations both in Romania and abroad developed by its local branches, foreign banking subsidiaries and representative offices. BCR is also holding top positions on the financial market segments for leasing, asset management, housing bank, equity and pension funds supported by its domestic subsidiaries.

Premises

BCR needed to find a solution to optimize the communication between the HQ and bank's subsidiaries. More than the bank needed to align to the new technologies and also to improve network security.

Challenges

Among the most important challenges that Frontal Communications has been successfully passed in the BCR WAN redesign project, can be mentioned the following:

  • Upgrade existing network to meet anticipated needs
  • Support diverse security and risk management goals
  • Troubleshoot all the issues that appeared during the implementation
  • Plan and execute network migration without any downtime of the service
  • Execute the project quickly by supplementing internal staff resources.

Initial situation

  • 2 Headquarters
  • 750 remote locations
  • 2 providers in each location
  • Old IPSEC deployment with GRE tunnels
  • Hub and spoke design
  • 3 Service Providers
  • Business applications required to go trough SP1
  • Mix of static and dynamic routing

Desired network

  • Full mesh
  • Scalability, possibility to grow over 1000 remote location
  • Business application to go on the same SP1
  • Dynamic routing
  • Multicast
  • Future MPLS deployment CsC (carrier supporting carrier)
  • No SPOF

"We wanted to take advantage of industry wide network redesign CISCO best practices, and on the other hand we chose to work with Frontal Communication Cisco Services because of its extensive experience with many complex networks, datacenters, numerous mission-critical environments where resiliency and uptime are paramount, and because we felt confident that the project outcomes would meet our requirements. We recommend Frontal Communications to any prospective clients."

Calin Grigoras, Executive Director
IT Operation and Infrastructure Division


Solution

BCR needs to optimize its existing network in order to support new technologies, to optimize the traffic encryption, voice traffic, to increase the network reliability and to improve network security. The project proposal needs to meet BCR requirements, both technically and financial.

The redesign team knew that a proposed WAN configuration would need to address the latency concerns between HQ and bank subsidiaries by adding connectivity between them. This approach would also provide diverse and redundant WAN connectivity.

In order to realize the design of the new "to-be" network as well as the all-necessary documents needed to implement the new network design, Frontal Communication team made the assessment of existing network and "as-is" situation. This phase was performed together with Cisco Systems, engineering team from both from Cisco Advanced Services and Frontal Communication working close with BCR engineer team to better understand client needs and requirements.

In the second phase, the network redesign was implemented in all BCR units (on site, remote, according to final design of phase 1, proposed by Frontal Communication and agreed by BCR. In the end more than 200 locations with on-site operations and more than 400 locations with remote operations take advantages of the new WAN design.

GetVPN advantages towards traditional solutions

  • Scalable architecture for any-to-any connectivity and encryption
  • Native routing (no overlays)
  • Instant any-to-any connectivity
  • Advanced QoS
  • Efficient IP Multicast replication (Multimedia App., Telepresence)

Results

The BCR WAN redesign project was implemented in the December 2009 – June 2010 period and is the first national scale Network Redesign Project in Banking & Financial Industry.

As a result, the new WAN has delivered immediate benefits in the form of significant cost savings, scalability, improved security, faster circuits and more reliable connectivity between BCR HQ, and all subsidiaries in Romania.

In addition, latency has dropped significantly. What it means is that voice and video applications are possible now, where they were significantly limited before this redesign.

Extinderea retelei de comunicatii a unei institutii din Sectorul Public

Urmare a aderarii la Uniunea Europeana, Romania a intrat intr-o noua perioada ce implica pregatirea si adoptarea masurilor necesare ce converg catre modernizarea sistemelor si alinierea la cerintele Uniunii Europe.

Proiectul a fost dezvoltat pentru unul din clientii importanti din sectorul public ce are in vedere, in principal, cresterea gradului de siguranta si protectie pentru cetateni, sporirea eficientei institutionale in administratia publica centrala si locala

Clientul isi propune sa finalizeze procesul de modernizare a infrastracturii si sa asigure un sistem suplu si eficient, adaptat la cerintele Uniunii Europene si la nevoile cetateanului.

Reprezentantii clientului si-au propus ca modificarile operate in anii anteriori, la nivelul structurii organizatorice, sa continue, precizand ca procesul de modernizare si eficientizare va fi extins de la nivel central la nivel regional si local.

Premize

Reteaua de Comunicatii Integrate Voce-Date a clientului conecteaza toate structurile, asigurand infrastructura de comunicatii pentru cooperarea acestora. Scopul proiectului este de a realiza un sistem integrat de comunicatii ce presupune furnizarea de echipamente de comunicatii, instalarea in locatii, programarea si configurarea astfel incat acestea sa functioneze atat la nivel local (sediu), la nivel judetean, cat si la nivel national.

Provocari

Sistemul de comunicatii trebuie creat astfel incat sa fie interoperabil pana la nivel de servicii cu reteaua de comunicatii integrate vocedate a clientului si totodata sa prezerve securitatea datelor transportate prin adaptarea configuratiilor echipamentelor la configuratiile existente in retea.

S-a solicitat ca durata medie de viata (intr-un regim de exploatare permanent) a echipamentelor de comunicatii voce - date sa fie de minimum 10 ani, iar acestea sa corespunda cerintelor de interoperabilitate ale echipamentelor deja existente in reteaua clientului.

Mai mult decat atat, toate produsele livrate trebuie sa fie de ultima generatie tehnologica, fabricate cu cel mult 6 luni inainte de livrare si sa fie scalabile in sensul in care clientul sa aiba posibilitatea in mod independent la extinderi si upgrade-uri ulterioare in vederea utilizarii unor servicii noi.

Situatia initiala

Reteaua de comunicatii integrate voce-date a clientului avea o arhitectura ierarhizata, bazata pe un core si noduri POP in fiecare resedinta de judet, la care sunt conectati beneficiarii finali. Pentru conectare intrajudeteana se utilizeaza circuite de FO propri, linii FNA, circuite VPN prin operatori privati.

Conectarea intre nodul judetean si core se face prin legaturi ATM. Fiecare locatie dispune de o conectare ethernet cu nodul central din core. Ambele tipuri de conexiuni au acelasi provider. Exista in derulare un proiect care va asigura o conexiune suplimentara de backup pentru toate locatiile clientului, printr-un operator privat (circuite VPN).

Solutia Frontal Communication

Solutia de design a nodurilor de retea indeplineste cerintele initiale din punct de vedere al disponibilitatii serviciilor de retea si al securitatii acesteia. Transportul de date peste cei doi operatori este criptat folosind solutii VPN IPSEC ce au fost implementate pe echipamentele de tip Cisco router. Datorita particularitatilor celor doi operatori, ca solutie de VPN s-a utilizat DMVPN.

In noua arhitectura exista doua tipuri de noduri de retea: tipul A, pentru municipii si orase, respectiv tipul B, pentru comune. Nodurile de tip A pot avea in componenta si centrale telefonice digitale.

Toate nodurile sunt prevazute cu telefoane IP, LAN de date (intranet) si LAN (separat) cu iesire la Internet.

Pentru asigurarea redundantei comunicatiilor, legatura la reteaua de comunicatii integrate voce-date a clientului se realieaza prin doi provideri: un provider ce asigura conexiune layer 2, cu VLAN-uri separate pentru voce, date, Internet pe care il vom denumi provider L2VPN si un operator comercial (conexiune layer 3, VPN MPLS) pe care il vom denumi L3VPN.

Solutia tehnica propusa este DMVPN (Dynamic Multipoint VPN) la nivel de judet, avand hub-ul in nodul retelei centrale. S-a creat o arhitectura DMVPN pentru L3VPN, respectiv cate o arhitectura DMVPN pentru fiecare VLAN la nivel de judet (date, voce) furnizat de providerul L2VPN.

Avantajele solutiei

  • face abstractie de faptul ca cei doi provideri ofera tipuri de conexiuni diferite;
  • folosirea tunelelor IPSEC (IP Secure) da posibilitatea ca incarcarea router-elor din noduri sa fie relativ mica (nu vor exista multi neighbors);
  • DMVPN da posibilitatea ca atat informatia de routare (retelele), cat si informatia utila sa fie criptate;
  • permite utilizarea unui protocol standard de comunicatii, ceea ce va degreva router-ul de activitati suplimentare;
  • implementarea QoS va duce la un comportament controlabil al fluxului de informatii prin retea.

Produse si servicii


Produse

  • Firewall 1
  • CISCO2811-HSEC/K9
  • CAB-ACE
  • S28NRAISK9-12424T
  • PWR-2811-AC-IP
  • HWIC-4ESW-POE
  • Firewall 2
  • ASA5510-AIP10SP-K9
  • SF-ASA-8.0-K8
  • SF-ASA-AIP-6.2-K9
  • ASA-VPN-CLNT-K9
  • ASA5500-CF-256MB
  • Router
  • CISCO2811-HSEC/K9
  • Switch 1
  • WS-C2960-24TT-L
  • Switch 2
  • WS-C2960-24PC-L
  • Platforma de management de politici de securitate
  • CSMPR50-3.2-K9
  • CSMPR-LIC-100

Servicii

  • VOCE
  • Design solutie tehnica
  • Site survey in 83 municipii si orase
  • Instalare, punere in functiune si configurare echipamente
  • Customizare
  • Optimizarea performantelor retelei
  • Elaborarea si implementarea configurarilor corespunzatoare
  • Optimizarea securitatii
  • Transfer de cunostinte
  • DATE
  • Design solutie tehnica
  • Site survey
  • Configurare echipamente de comunicatii
  • Instalare si punere in functiune a echipamentelor
  • Instalare si punere in functiune a platformelor de management
  • Optimizarea performantelor (incl. elaborarea si implementarea configuratiilor corespunzatoare)
  • Optimizarea securitatii
  • Servicii de corelare si integrare a platformelor de management judetene cu cele centrale
  • Transfer de cunostinte

Frontal Communication uses synergies between collaboration and data center practices to provide better customer service.

The client is a top universal bank on the Romanian market. The Bank provides a complete range of high quality products and services for private individuals, small and medium-sized enterprises (SMEs) and large companies, via multiple distribution channels: banking outlets (over 500 throughout the country), ATM and EPOS networks, phonebanking, mobile-banking and internet banking.

The client services almost 2 million retail customers, out of which approximately 100,000 SMEs. The bank has various specialized units such as the "retail agency" that services individuals and SMEs.

On the corporate side, the bank services more than 6,500 corporate customers, i.e. companies with an annual turnover exceeding EUR 5 million, public entities and financial institutions. The corporate customers are also serviced through dedicated regional centers established in major cities, this way the customers receiving consultancy services and tailor-made products from their dedicated banking specialists throughout the entire country.

Challenge

Frontal Communication is one of Romania's leading providers of ICT solutions and systems integration services. From its headquarters in Bucharest, the company has steadily built an impressive list of clients from the enterprise, financial services, government, education, and service provider sectors.

As expected, Frontal has noticed some major changes in the marketplace. "The economic downturn had a huge effect" says Mr. Sebastian Banica, Executive Director of Frontal Communication. "PC sales pretty much halved, while telecommunications spend fell by around 40 percent. Enforced budget cuts mean that our customers are looking for smarter investments. But, there's more competition than ever before. On the flip side, we are seeing opportunities, for example, as the roles of service providers and a systems integrators begin to merge."

Solution

Fortunately, decisions taken by the company several years ago have significantly improved its chances of winning in a tough market. Since becoming a Cisco® Gold Partner in 2008, Frontal has focused on building its technology competencies and expertise around three Cisco architectures: borderless network, collaboration and data center, including UCS (unified computing system).

"Our strategy is to be the most competent Cisco partner, with the broadest skills set, by focusing on key architectures," says Graf. "As well as providing differentiation, we believe this sends out a strong message about our commitment to our customers. It also helps us to attract and retain the best people."

Frontal entered the cloud computing market in partnership with Omnilogic when it recently launched OmniVCloud, the country's first cloud computing offering. Moving forward, the intention is to develop a portfolio of solutions that will appeal to a wide variety of customer business models. Aligned to Cisco Data Center 3.0 architecture, Frontal also helps to construct and run data center operations, for example, by more closely integrating and better utilizing technologies from Cisco, EMC, and VMWare.

"We spotted a great synergy between our borderless network, collaboration and data center practices. Using our DC expertise and experience in delivering managed unified collaboration, we will be extremely well positioned to help customers on their journey to future, cloud-based collaboration services, like unified communications as a service (UCaaS)."

Erik Graf, President of Frontal Communication


"You need to offer a true end-to-end service, whether that is helping customers to build their own facilities, or to get the best from cloudbased applications," says Banica.

Unified communication and collaboration is also an important part of Frontal's strategy for growth. Since deciding to move from a previous relationship with another voice vendor to Cisco, the company has never looked back. "As a company we believe in using the technology we sell. So, to kick-start the partnership, we migrated our own voice infrastructure over to Cisco UC", says Banica.

Thanks to the Cisco Unified Workspace for Partners program, Frontal was able to implement the full range of collaboration applications in a very cost-effective way. Using the UC tools has also unlocked new business benefits. For example, productivity and sales conversion rates increased at the same time, as account managers began to build knowledge and confidence.

However, the real secret of Frontal's success is following two proven business principles: giving your customers greater choice and supporting their various business models.

Incorporating a lifecycle approach, based on Cisco's PPDIOO (Prepare, Plan, Design, Implement, Operate and Optimise) model, into its sales and delivery strategy has helped to grow Frontal's traditional integrator business. "We now offer a wide range of value-added services to support customer projects, from site surveys and net readiness audits, through to preparing the business case and low-level designs, and delivering operational support", says Banica.

Working with Romtelecom, the partner has also developed a fully managed Unified Communications service.

Benefits

The new solution provides a powerful three-way win:

  • For the service provider, it helps to manage customer churn and protect valuable call revenue.
  • For the Cisco partner, it helps to drive new conversations and sales opportunities.
  • For the customer, it consolidates contracts (with multiple fixed and mobile operators) and reduces costs per user (by centralising management and reducing. call charges).

Results

The Cisco UC managed service is proving to be a big hit. Frontal and Romtelecom have already completed three successful deployments with clients from the government and financial services sector. One of those customers, Raiffeisen Bank, is the subject of a separate Cisco best practice case study.

"Raiffeisen Bank is a great example", says Banica. "Before, we would have tried, and probably failed, to persuade the customer to swap out their technology. But, by offering more integration and adding services, they could instantly see the benefits of the business case."

Importantly, the five-year deal will allow the bank to accelerate the modernization of its branch network. The new solution will serve 540 branches and support IP telephony for 3500 users, 3200 mobile users, and 2000 wireless electronic point-of sale terminals. Other benefits include a lower total cost of ownership. Instead of paying several hundreds of thousands of Euros to different providers, the customer will receive one single invoice for 68 percent of the previous monthly total. That's a total saving of several million Euros over the life of the contract.

The move will also provide other cost reductions, for example, by eliminating the need to send engineers to customer sites to maintain aging private branch exchange (PBX) systems.

Banica is left in no doubt: "We won because we were able to put a better deal on the table", he says. "The customer is also happy because they have a project that will pay for itself in just under a year. That's what we mean when we talk about adding value."