Halkbank uses VLAN-based Ethernet encryption to maintain network performance

Customer Situation

Halkbank, headquartered in Ankara, Turkey, is the country’s seventh largest bank and the fourth largest network with 586 branches nationwide. Because they process millions of financial transactions every week, Halkbank understood the cost savings offered by utilizing Metro Ethernet.

They decided to take advantage of the cost savings and increased bandwidth offered by Metro Ethernet by migrating from their leased line and ATM infrastructure. However, they were very concerned about the protection of their data and the innate vulnerabilities of a Metro Ethernet infrastructure.

Halkbank decided not to move forward with their migration unless a solution was found to mitigate these security vulnerabilities.

Solution Requirements

Halkbank recognized the need for a network-level data encryption solution. They needed a solution that worked native to a Layer 2 infrastructure and was capable of encryption based on VLAN ID. This ability would enable Halkbank to choose which data streams would be encrypted and which would be sent in the clear. The solution also needed to work with their custom hub & spoke topology, support point-to-mulitpoint applications and offer an automated encryption key manager for their multicast applications. Most importantly, the solution would not be allowed to impact their Quality of Service (QoS) applications, nor could it add more than a few microseconds of latency to their overall network performance.

Halkbank decided on a phased transition to Metro Ethernet and required an encryption solution capable of accommodating their rollout schedule, without adding complexity or time-consuming configurations. They started with four back-up lines to ensure the deployment would proceed as planned. Once those lines were up and fully functioning with the encryption, they would begin a staggered deployment to 22 other nodes.

In addition, Halkbank also required the solution to support point-to-multipoint encryption and have an automated encryption key manager for their multicast applications. Most importantly, the solution could not impact their Quality of Service (QoS) applications, nor could it add more than a few microseconds of latency to their overall network performance.

The Bidding Process

Halkbank held initial meetings with four vendors, two offering IPsec-based solutions, and two offering Ethernet encryption solutions. Due to the performance issues and additional complexities of an IPsec-based solution, Halkbank immediately eliminated two proposals.

At the request of Halkbank, the two vendors with Ethernet encryption solutions were brought in for further testing. Once the initial testing was complete a Request For Proposal (RFP) was released detailing the requirements. The first vendor proposed a strict point-to-point implementation at each node. Halkbank recognized the operational complexity involved in this type of deployment and knew this solution would be difficult to manage. It was evident this approach would not work with their secure multicast applications and did not fit with their overall large-scale deployment strategy.

Certes Networks proposed their policy and key management solution and low-latency encryption appliances to protect Halkbank’s sensitive data. This approach to policy and key management offered the flexibility to meet all of the customer requirements, including a simple deployment roadmap and the ability to encrypt multicast traffic without compromising network performance or applications.

Deployment

Halkbank was eager to implement the encryption solution and continue with their network transition. However, they were not willing to take any chances with their data by rushing through the installation and deployment process. On the first day, the first phase of the initial deployment was staged for testing. The Halkbank network team was impressed with the simple installation and easy deployment of the encryption solution.

Because of the success of the initial deployment, Halkbank decided to immediately move forward and encrypt a link from Istanbul to Ankara. Early in day two, Halkbank was sending and receiving encrypted traffic between the two sites. “We are impressed with the seamless deployment of the first link and we understand the value of the installation and operation simplicity of the solution for our future expansion of other network concentration sites,” said Suleyman Yildirim, the network manager for Halkbank.

The remaining encryption appliances were deployed into the remaining initial sites just as smoothly. Halkbank was able to centrally configure the appliances, generate security policies and encryption keys, and then deploy them into the network. Within a matter of days, Halkbank was sending and receiving encrypted network traffic from four sites, without performance degradation or adverse effect to their QoS.

“We will certainly work to deploy this encryption solution and to meet all of our requirements for ensuring our confidential information stays private and protected. There is no other vendor that can fulfill our requirements, both currently and for future expansion. They provided us with network encryption over Metro Ethernet links without adding complexity to our operations or compromising our performance.”

– Cenk Niksarli, Network and Infrastructure Director for Halkbank

National Bank Deployment Diagram
With Certes Networks, Halkbank is able to keep their existing Ethernet architecture and VLAN separation, while encrypting customer data throughout the network.

The Results

With the successful installation of the Certes Networks encryption solution, Halkbank is realizing the anticipated cost savings of Metro Ethernet while maintaining the highest level of data security available. This modern encryption infrastructure provides Halkbank with the lowest latency and highest performance encryption available and enables Halkbank to utilize existing multicast services while encrypting the data transmissions.

Halkbank is currently working on the next phase of the overall deployment of new Metro Ethernet sites.

Bring Your Own Trust – Get Started Today!

Resources

CASE STUDY: National Bank

Halkbank uses VLAN-based Ethernet encryption to maintain network performance.

case-study-certes-national-bank-thumbnail