The IT Service Provider
Finanz InformatikWho we are. What we do.
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
Content
.Overview of the company Finanz Informatik and Requirements
.Architecture
.Use case
.Questions
23.09.2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 2
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
The company serves a large part of the German retail banking
market
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 3
Finanz Informatik – Company
Revenue (in mill. €) 1,624
with saving banks 976
with state banks 338
Employees (full-time equivalents) 4,825
Customers
Savings banks 414
State banks + DekaBank 8
State home loan banks 9
Accumulated balance sheet of supported
savings banks (in bill. €) (2014)
764
December 30st, 2015
1) Sources: DSGV, statista (12/31/2014)
Savings Banks Financial Group Credit Unions Private Banks, other
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
Significant scale can be achieved through bundling volume IT
services
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 4
Supported financial institutions
Branches of supported savings banks 14,676
Bank-specific employees of supported
savings banks
189,362
Processing volumes
Supported accounts (in mill.) 123
End devices
ATMs 24,693
Statement printers 14,155
Other self-service terminals 14,790
Booked entries per annum (in bill.) 11,6
December 31st, 2014
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
Finanz Informatik is competitively positioned with its
comprehensive portfolio
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 5
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
What was our initial situation
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 6
.Requirements
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
Our Requirements for one solution
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 7
High availability, efficiency
and safety
Cross-Platform correlation
Multi-Tenancy
Realtime reporting and
alerting
Mainframe UNIX Windows Network
Logfile analysis
Separated by platform
Mainframe UNIX Windows Network
splunk>
Logfile analysis
Cross-platform
Different Enterprise solutions
The Requirements The SolutionThe Problem
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
2014 / 1.Q.
The todays result of our logvolume growth
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 8
PoC Implementation run & ongoing development
Todays data
1.7 TB/d Logvolume
4,500 Searches
450 Apps
2013 / 4.Q. 2014 / 2.Q. 2014 / 3.Q. 2014 / 4.Q. 2015/ 1.Q. 2015 / 2.Q.
Am
ou
nt
Time
500 GB/d
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
How we implemented the Requirements
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 9
.Architecture
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
FI-Architecture-Pyramid for splunk>
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 10
Presentation
Data
Security and Forwarding
Sources
6 SearchHead Pools for
• Customer-Product and
• internal investigations.
38 Indexer divided in 3 Clusters
which are holding the data.
48 Forwarders - Door-Keepers
for the Security-Environment.
Linux, AIX, Solaris ,Windows,
Mainframe, Network, Databases
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
Transport-Layer – Syslogs and Heavy-Forwarders as
entry points for the different sources
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 11
Datacenter 1 Datacenter 2
Syslog-ng
and
Heavy-Forwarder
Intermediate – Forwarder
(trusted Network)
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
6 x decentralize Intermediate Forwarder
12 x
Decentral event-data transportation to the
datacenters
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 12
6 x decentralize Intermediate Forwarder
Centralized Intermediate Forwarder
12 x
Centralized Intermediate Forwarder
Dual-Datacenter A
Decentral Dual-DatacenterDecentral Dual-Datacenter
Dual-Datacenter B
secured
trusted
Volume:
600 GB
Volume:
500 GB
Volume:
400 GB
Volume:
200 GB
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
The Main-Core: Data delivering, replication and
searching within a dual datacenter design
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 13
Infrastructure-Data38 Indexer (physical)
• each 24 Cores and 128 GB
48 Forwarder
12 Search Heads (physical)
30 TB NAS
120 TB SAN
Searching
Replication and
distributed
data storing
Data delivering
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
Presentation and Administration: Operating with well
known apps …
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 14
… and self developed Apps!
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
FI-Operation-Monitoring-App for adminstration and
monitoring of the infrastructure
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 15
BucketsAssets
Performance
Storage
Status
Operating
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
A short story about one of our main use cases
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 16
.Use case
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
Control checks the contact with customer data and
follows on all platforms a uniform expiry
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Systemprotocols Central saving Longterm saving
noncriticalCheck by
head of
department
Check by
Securitiy
Information
ManagementWith suspicion of a security incident the standard process "Critical
Security Incident" will be started with participation of workers’s council
Control
Systems Databases Network Application
1
2
scheduled searches (automatic inspection)3
4 5 6
7
1 - creating logfiles
2 - central saving logfile
3/4 - scheduled searches on Logfiles
5/6/7 - control
Page 17
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
In the Finanz Informatik the demands of control
are fulfilled with the application splunk>
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 18
logon• unsuccessful logons
• successful logons on non-buiseness times, etc.
Access to and change of configuration• (un-)successful access to objects under control,etc.
Change of access authorization• creating and deleting/deactivating accounts, etc.
• blocking accounts
• right escalation
Services of control are offered to saving banks and to Finanz Informatik departments
• 90 savings banks (End of 2015) daily get the results of savedsearches as automatically created reports (pdf)
• each report inherits the results of (at the moment) 25 saved searches
• Head of departments (Finanz Informatik) also get daily reports and an alarm in one hour (in case of a security incident)
• depending on the requirement the amount of savedsearches is between 15 up to 30 savedsearches
• each report is equivalent to on app(UI)
when – who – what – where – from where
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
~190,000
technical accounts
~8,000
natural accounts
names
business units
…
Events
• security
• applications
• platforms
• …
services
hostnames
applications
configurations
...
Different sources and mechanismen are used
to create ~200 dashboards/reports
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 19
report/
dashboardcorrelation
technical
userlogs
data
organisationcmdb
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
Complex IT-architectureHigh amount of searches will be scheduled daily in a short time period
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 20
~200 Apps (UI)
Platforms• mainframe (zOS),
• unix (solaris, AIX, linux),
• Windows (2003, 2012)
Databases• DB/2, Oracle, MSSQL, IMS
Network• switches, routers, firewalls
Application• OSPLus (core banking)
• transaction management
• identity access management
• and many, many more …
System Control
~300 Technical Apps
• TA, CFG, LK, SA
Administrator
Business
Intelligence
1
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.
about 2,500 searches …about 2,000 searches …
Complex IT-architectureVery great amount of searches will be scheduled daily in a short time period
September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 21
Saving Banks
customer reports
Finanz Informatik
internal reports
daily
01:00 am to 03:00 am
Actually Finanz Informatik schedules about 4,500 searches a day
Great challenge for splunk> and infrastructure at Finanz Informatik (economic view)
daily
03:00 am to 06:00 am
2
In 2016 more then
10,000 searches
will be expected
© Finanz Informatik 2015Alle Rechte vorbehalten. Jegliche Weitergabe
und Verwendung erfordert die Zustimmung der FI.September 2015
The IT Service Provider Finanz Informatik – splunk.conf2015
Page 22
.Questions?
Thank you for
your kind attention.
Back up