Professional Documents
Culture Documents
Huawei FusionCloud Desktop Solution Overview Presentation (For Financial)
Huawei FusionCloud Desktop Solution Overview Presentation (For Financial)
Approver/ID
1
Filing and Renew Record
Product
Huawei FusionCloud Desktop Solution for the Financial Industry
Name
Version 5.3 (V100R005C30)
Based on the Huawei FusionCloud Desktop Solution 5.3 Promotional Theme Slides, this document
describes the concept and advantages of desktop cloud and its application to the financial industry.
Content
Highlights of the Huawei FusionCloud Desktop Solution for the financial industry and new features in version
5.3 are also described.
Purpose Used for preliminary communication with VIP customers who are interested in desktop cloud.
1. These slides are used for preliminary communication with customers and can be revised based on
Usage customers' concern.
2. These slides are not recommended for specific solution design or technical communication.
2
Contents
1 As-Is and Transformation Trend of Desktops
4 Success Stories
3
Driving Force for Information Security Construction in the Financial
Industry
Use of mobile devices in financial Internet finance is developing
services brings new risks. quickly but vulnerable to network
attacks.
Mobile office is becoming a new trend in the Opening and interconnection of networks of
banking industry. The traditional PC-based office financial institutions are the trends.
automation system cannot meet the requirements
Online banking: sees a transaction amount of
for high efficiency, fast pace, and mobile office.
CNY820 trillion and a growth rate of 7.0%.
Intermediate business: includes public housing
fund, E-port, tax/social insurance collection, call
charge collection, and utilities fees collection.
Driving force
Business across regions and branches No audit for office access of all
makes management difficult. users
Typical Financial
Institution
Country/Region Number of Outlets The financial industry has an outsourcing scale
China's 'Big Four' state- ranking second after the manufacturing industry.
owned commercial banks in 100+ cities 64055 branches Many services of various financial enterprises of
China
China's 'Big Four' state- 850+ branches and
all sizes have been outsourced.
32 countries and
owned commercial banks representative offices
outside China
regions
outside China
Various roles, such as internal
Bank of America, HSBC, employees, IT outsourcing staff,
150 countries and
Citibank, and Wells Fargo
regions
27000 outlets partners, and suppliers, need to access
(TOP4)
the intranet.
4
Traditional Desktops with Poor Security and Difficult O&M Cannot
Meet Requirements of the Financial Industry
Information security Service assurance Resource optimization
Data is stored on the local terminal. The logistics involved in delivering PCs to Standard hardware configurations fail
Different types of ports are difficult to all employees are time consuming. to meet customized requirements.
manage. Operation and maintenance in the case of Hardware configuration does not
User behavior is difficult to manage. PC hardware faults are also time consuming. support flexible upgrades.
Data loss can occur, and information Standardized management of desktops Idle hardware resources cannot be
security may be compromised if becomes difficult because of diverse used by other programs or users,
computers are lost. hardware and software. which has a low resource usage.
Data stored in hard disks is vulnerable and
can be lost in the event of crashes or thefts,
affecting service operations.
Security protection, system management, and device O&M are resource-intensive and cause long-
term business interruptions.
Page 5 HUAWEI TECHNOLOGIES CO., LTD.
Advantages of Virtual Desktops
Centralized management
Application
Centralized management
system Desktop
Information security
Quick provisioning
Virtual OS OS
desktops
and control
No data is
stored on
terminals. Administrator
TCs
Branch 1 Branch 2 Branch 3… Branch N
desktop
anywhere
Remote office on
a business trip Home office
Enterprise headquarters
6
Office Cloud TCO Analysis of a Securities Firm
CAPEX and OPEX per Desktop PC VDI Calculating Method
CAPEX Initial purchase cost Hardware and software 5000 7000 Purchase price
Initial purchase cost (CAPEX) 5000 7000
Average power consumption x Running time per year x Unit price. The power
Electricity fee System and terminal electricity fees 548 118
consumption of each VDI desktop is included in the calculation of PUE.
TCO per desktop (excluding indirect cost) TCO per desktop (including indirect cost)
Note: TCO is calculated on a cumulative basis, that is, TCO of the second year = CAPEX+ OPEX
x 2. TCOs of other years are calculated accordingly.
7
Estimated O&M Costs of a Bank
VDI
Item Unit PC PC Cost VDI
Cost
Monitor W/set 25 25
OPEX Electricity fee DC W/set 0 25
and space 975 402
rental fee Desktop host W/set 100 10
OPEX
• Maintenance and System
• Information security Set/person 200 2,000
warranty cost maintenance cost
personnel cost
• Data backup and Management cost Set/person 400 0
restoration cost Data security
Data backup and 221 0
cost Hour/set/year 0 0
Note: Note: system restoration
Non-desktop cloud solutions Management and System breakdown
involve only client power personnel cost includes Hour/set/year 6 1
time
consumption and system O&M cost and
maintenance costs, and backup and restoration Software
Breakdown Hour/set/year 4 1
desktop cloud solutions need cost in normal cases, and installation 337 48
(indirect cost)
to calculate server power related costs upon faults. System migration Hour/set/time 4 0
consumption, cooling power
consumption, and equipment System migration
Times/year 1 0
room rental fees. frequency
Total /year 2049 575
The virtual desktop system greatly reduces the O&M costs of enterprise terminals, and CNY1474 (2049-575) OPEX is
reduced per desktop each year.
8
Contents
1 As-Is and Transformation Trend of Desktops
4 Success Stories
9
Desktop Cloud Scenarios in the Financial Industry
e-banking
Production Development Telephone O&M
Secure office Common OA experience
operation and testing banking center management
center
10
Scenario 1: Financial Information Security
Data resources of various financial services
Pain Points:
• A large number of service information users Service data Financial data Customer data System
and managers are involved, data prone to parameter
leakage.
• User behaviors are difficult to audit.
• Production, office, and Internet areas need VM VM VM
to be isolated.
Huawei desktop cloud
Huawei Solution:
• Uses the desktop cloud to centrally Server Network Storage Security
manage data and user behaviors.
• Enables users to log in to different virtual
desktops or applications by using a same
terminal for unified virtualization
management and security isolation
between production, office, and Internet
Service Customer Reviewer O&M Outsourcing
areas. personnel manager personnel employee
11
Security Solutions for the Financial Industry
O&M personnel
User B
Terminal security Access and network security Platform and data security Management security
Comprehensive security measures ensure that data is stored on the cloud, behaviors can be traced, and operations can be audited.
12
Internet Access Security Solution
13
Monitoring and Auditing O&M Staff's Operations
Service system A
O&M administrator Forbid Forbid
Other entries
Desktop cloud
management and
Bastion host data servers
User A
Service system B
Service system C
Development, testing,
Partner and O&M
Dynamic token
Desktop cloud auditing system
15
Scenario 2: Financial Production and OA Environment
Pain Points:
The production network and office OA system Service system
network are isolated and involve a large
number of desktop PCs, making
Desktop cloud Customer service
maintenance difficult. Desktop cloud center
Too many branch offices complicate management software
desktop maintenance.
Mobile OA brings security risks. WAN
Cloud
Branch office
Desktop security
protocol
Huawei Solution:
Uses the QoS service to provide
desktop cloud resources of different
levels.
Process- Collaborative Mobile OA Mobile marketing
Uses virtual desktops to enable quick centric bank OA
access and unified management.
Production OA network Mobile OA
operation
16
Dual-Port Single-System Zone-based Access Solution
FusionSphere
FusionSphere
(CT6000)
Desktop cloud in the top secret zone
Advantage: Single-system TCs have low costs. VDI can be simultaneously accessed in different zones.
Cloud desktops can be switched on the task bar of the operating system on a TC.
Disadvantage: You need to select a desktop cloud gateway address when accessing the desktop cloud.
17
Distributed Hardware Architecture — Local Access of Branch Offices
Technical highlights
Reduced network reconstruction costs
Only 2 Mbit/s management network bandwidth is required
Service system for the communication between branches and the central
site. In case of remote access, high bandwidth is required.
Excellent experience
Local resources (including servers, storage devices,
network devices, virtual platforms, and desktop
Desktop cloud
Desktop cloud branch site
management devices) are created for branch offices to
central site Local enable local access and provide optimal service
resources experience. The disconnection between branch offices
and the central site does not affect local access.
Unified maintenance management
WAN VDIs of branches and the headquarters are centrally
FusionCloud Service site managed and maintained, ensuring standards compliance
Local of desktops.
resources
HQ
A maximum of 255 branches are supported.
18
Mobile Officing
The mobile officing solution based on application
virtualization has the following features:
Enterprises do not need develop new clients
for mobile terminals. This greatly shortens the
mobile officing application rollout time and
saves investments in mobile officing
deployment.
HDP over SSL All the applications and data of enterprise
service systems are saved in the cloud, and
Web Exchange
only images are delivered to the mobile
terminals. No data is stored in the mobile
Security terminals so that data security is ensured.
gateway Application upgrade and maintenance are
CRM ERP
Application performed at the cloud in a unified manner so
publishing server that the operation and maintenance workload
is light.
Mobile terminals are authenticated when
accessing the FusionAccess system, and
transmission is encrypted, thereby efficiently
ensuring security of enterprise information
transmission.
19
Public Terminal: Ease of Use and Simple Maintenance
20
Scenario 3: e-banking Customer Experience Center
Pain Points:
Slow desktop provisioning
Incomplete customer information deletion
Poor user experience Desktop cloud
Quick provisioning, superior experience,
and permanent deletion
Huawei Solution:
Full memory desktops ensure rapid
desktop provisioning and optimal user
experience.
User data is cleared after user VMs are Mobile banking Television banking VTM
reclaimed.
21
Full Memory Desktop Solution Provides Optimal User Experience
Computing resources
Principles
Memory data deduplication compression and memory
Memory resources
overcommitment technologies are used to store all system disk
VM VM VM data of desktop VMs in memory so that read and write operations
on desktop VM disks are replaced by memory operations. This
Delta disk
provides better user experience than local PCs.
Delta disk Delta disk
Linked clone VMs do not support personalized data storage on
Base disk (compressed
and deduplicated) the system disk. Full memory desktops are applicable to
Hypervisor stateless desktop scenarios such as electronic classrooms,
school computer rooms, and electronic reading rooms.
Customer Benefits
NAS or SAN
Full memory desktops provide high read/write performance and
fast VM start and restart as well as linked clone desktops.
System administrators can deploy, update, and restore VM
User disk
User disk
User A
1. Rent
1. Rent 123@
User A @#@!
123@ 2. Use
2. Use @#@!
3. Refund
3. Refund
Implement bit 0000
23
Scenario 4: Development and Testing
Pain Points:
The desktop cloud is required to provide a
Development Test Acceptance Production
unified interface for development, testing, environment environment
environment environment
and O&M.
The development of different systems has An integrated development, testing, and production environment
various desktop resource requirements.
Frequent mobility of a large number of Development Testing Production
outsourcing employees results in rapidly The automatic deployment platform flexibly defines the
changing desktop requirements. deployment process.
24
Experience Assurance: Leading Virtualization Software Platform
Member of Gartner Magic Quadrant No.1 in the SPECvirt test Support for core
CHALLENGERS LEADERS
Virtualization
Software
Score Ranking enterprise services
VMware FusionSphere
5.1
1616 1 • High performance
Red Hat 7 (KVM) 1614 2 - CPU usage lower than 5%
Microsoft
Oracle ESXi 5.1 472 3
- Support for services such as
ABILITY TO EXECUTE
http:
Parallel //www.spec.org/virt_sc2013/results/spec database, Email, ERP, and CRM
Citrix virt_sc2013_perf.html
HUAWEI • High reliability
Red Hat Doubled expansion capability
Number of nodes in a cluster - Second-level fault detection and
recovery
NICHE PLAYERS VISIONARIES
COMPLETENESS OF VISION As of July 2014 - Proactive event detection
128
Source: Gartner (July 2014) - Uninterrupted upgrade with active
64
32 and standby management nodes
The first x86 virtualization vendor
included in the Gartner Magic vSphere vSphere FusionSphere
5.1 6.0 5.1 - Hierarchical DR plan
Quadrant over the past three years
The best virtualization performance facilitates desktop virtualization density improvement, scale
delivery, and excellent user experience.
25
Resource Allocation Based on Desktop Pressure in
Development and Testing Scenarios
Desktop session
Priority & Reservation: Resources for
management
to ensure high-performance
high-performance computing desktops
need to be of the highest priority and High-performance
computing.
Common desktop and
computing desktop
reserved accordingly to ensure the highest application Allocates different resources
image quality.
based on the desktop pressure
Virtualization
VIP resource pool Common resource pool
Bandwidth optimization management
layer
in development and testing
Absolute value and percentage control scenarios.
of the bandwidth of virtual desktop
Improves resource utilization.
resource layer
protocol channels that correspond to
Hardware
different service types Safeguards key services.
Virtual desktop protocol channel priority Improves development and
setting
testing experience.
26
Scenario 5: Telephone Banking Center
Telephone
Pain Points: banking center
Most tasks are simple and less
personalized, requiring rapid allocation
to save resources.
Voice quality requirements are high.
Video service requirements are Desktop cloud
increasing with more and more VTMs High performance, restoration after
and online registration applications. restart, and maintenance-free
28
Task-based Desktops in Telephone Banking Centers
Storage Security
+
X
1. When a user logs in to the WI, the TC 2. If the information matches the 3. The user logs in
sends the username, domain name, binding information saved in to the VM.
and MAC address to the desktop cloud ITA, AD authentication is
system to check whether the TC is implemented, and login is
bound to the user. continued.
Users who have been bound to TCs can log in to WI only from the bound TCs.
31
In-cloud and Off-cloud Secure Data Transmission System
Management and Control of Data Transmission to
DC External
In cloud Compilation and Data transmission from the cloud to off-cloud machines
Desktop construction needs to be approved and scanned for security.
cloud Data transmission from off-cloud machines to the cloud
Controlled and
automatic transmission does not need to be approved or scanned for security.
Data transmission system Files that do not meet the security policies can be
Image gateway system Secure data transmission system intercepted, to prevent information leakage.
Flexible Security Policies
Different security policies can be configured for
information assets of different confidentiality levels.
Off cloud The security policies include: file type blacklists and white
lists, warning and interception policies, and whether
supervisor approval is required.
Alarm and Log Auditing, Traceability
Test PC File transmission information and approval operations are
Laptop PAD Device Laptop
commissioning PC all recorded in logs.
Conference Office area External network Alarms are sent immediately when events not in
R&D area
room
compliance with the security policies occur.
Files uploaded against regulations are backed up,
Picture Key information Secure data
stream asset transmission facilitating examination and backtracking.
32
Contents
1 As-Is and Transformation Trend of Desktops
4 Success Stories
33
Cloud Management: Streamlined Management, Efficient O&M
1500 sets
Centralized management
Desktop cloud
Efficient management
terminals
Conventional IT Desktop cloud
Average terminals managed Administrator
Dynamical adjustment
Flexible upgrades
VM VM
App App
OS OS
34
All-round Efficient Service Delivery from Design Survey to O&M
Management
How to conduct a survey to forecast and resolve compatibility problems before desktop virtualization? How to ensure
reasonable planning and design? How to resolve user connection problems? How to migrate data? How to prevent startup
storms? How to assess performance and test user experience? How to simplify routine maintenance?
35
End-to-End Architecture Ensures System Reliability
FusionAccess FusionAccess
Encrypted data stream transmission
HA
Client Server Desktop management
Client Agent Agent
LB/AG App App FusionSphere FusionSphere
OS OS HA Cloud platform
VM VM
management
Users OS OS
VM VM
User resources Management
nodes
User Connection Reliability Management Node Reliability
Desktop management Cloud platform management
Client network Server
reliability reliability
Automatic reconnection Automatic port switchover upon Key nodes of the desktop Management node redundancy
upon network desktop agent port conflicts with architecture do not depend on the Automatic VM fault recovery
intermittent other software Windows OS, and HDC does not Automatic monitoring for memory, CPU,
disconnection Desktop agent software preventing depend on the domain control. and network status of management
Automatic network itself from being deleted or killed Service status is detected and nodes
status detection Progress file protection services are automatically isolated Management data backup
Automatic VM restart upon blue and restored upon faults.
screen faults
36
VDI DR Technology Ensures Desktop Cloud HA
Running
Access network Access network
Standby
VLB/
HDC HDC
VLB/
Features:
AG AG
Stopped
AD domain data
Before DR is implemented, VDI
WI AD
synchronization
AD WI
VMs in the DR site are in the
Desktop data
running state. The AD domain
ITA DB synchronization
DB ITA controller synchronizes desktop
Before DR data periodically.
Production DC DR DC
Access network
After DR is completed, VDI VMs in
Access network
the DR site no longer synchronize
After DR
data from the active site. When the
VLB/
AG
HDC HDC
VLB/
AG
user terminal detects a fault in the
AD domain data
synchronization
production site during the login, the
WI AD AD WI terminal automatically switches to
Desktop data
synchronization
the WI in the DR site for login.
ITA DB DB ITA
37
Huawei Desktop Cloud Eliminates Bottlenecks in Virtual
Desktop Development
Decision-maker
Secure, Reliable, Flexible
Standard reference architecture and integrated hardware and software delivery allow
flexible deployment.
E2E security protection covers access, platform, network, management, and data.
Comprehensive reliability protection from terminal connections to platform services.
4 Success Stories
39
Bank of China Builds an Efficient R&D Platform with Huawei
Desktop Cloud
Challenges
A large number of outsourcing personnel work in the software R&D center of BOC.
Traditional desktops are weak in port, network, and hard disk security protection,
which may result in disclosure of confidential information to outsourcing personnel.
PC resources must be flexibly allocated and reclaimed to meet different resource
requirements at different times.
A large number of employees work in geographically dispersed locations, so the PC
maintenance workload is heavy.
Huawei Solution
Huawei software and hardware products are deployed. FusionAccess is used to
consolidate and manage blade servers and IPSAN.
Outsourcing personnel log in to VMs from PC soft clients (SCs) to do R&D work. All
data is stored in the data center, preventing data from being stolen.
When an R&D task finishes, VMs of outsourcing personnel are reclaimed and used for
other services.
40
Cloud-based BOC R&D Platform — Application Scenarios
and Requirements Application Scenarios and
Requirements
As-Is
Information security Personnel transfer In R&D office environments, each user is assigned a VM. Users use TCs to
A large number of The software R&D center access their virtual desktops. All the USB ports are disabled so USB flash drives
outsourcing personnel hires different numbers of cannot be used. Information is not stored on TCs, preventing confidential
work in the software R&D outsourcing personnel at Application information from being disclosed or stolen. VM specifications can be adjusted
center of BOC. This risks different times. A large Scenario according to the OA software workload. All VMs are isolated from one another,
disclosing key design, number of outsourcing and each desktop has its own system disk. Users can have personalized
source code, and personnel are required for desktops and use a variety of peripherals. All these contribute to high service
development documents the development and security and superior user experience as if traditional PCs were being used.
and process documents to testing of online systems.
the outsourcing personnel. The human resources must
Scale 500 users, 100% concurrency
be promptly released after
the task is complete. System requirements Windows 7
4 vCPUs, 4 GB memory, 60 GB system disk, 60 GB
VM specifications data disk (10% computing resources and 20%
storage resources reserved)
PC update Maintenance efficiency
The software A large number of MS Office, Outlook, Project, VISIO, Internet Explorer,
development tool, employees work in Acrobat Reader, video players, enterprise
Software
database management geographically dispersed Software requirements communication software, common input methods, MSI
R&D
tool, and testing tool are locations, so the PC reader, Kingsoft PowerWord, and Visual Studio/My
used in the R&D scenario, maintenance workload is Eclipse/MENTOR/ALTUIM/VC/MATLAB.
which puts high heavy. This reduces the
requirements on the work efficiency of the Peripherals commonly used in the financial industry,
system. software R&D center. Peripheral such as USB port/serial port/parallel port printers,
requirements USB keyboard and mouse, cameras, card readers,
and card writers
The desktop cloud can effectively meet information security, flexible
resource management, and simplified O&M requirements and improve Identity authentication Domain account + Domain password
the work efficiency of the BOC software R&D center.
41
Cloud-based BOC R&D Platform — Security Design and Proven
Peripheral Compatibility
Security design
Full peripheral compatibility Terminal security
USB key AD domain password
authentication authentication
Peripheral Vendor Model TCs bound to VMs
USB read/write disabled
Magnetic card Nantian Donghua Serial-to-USB adapter be implemented in Environment loading network isolation
Firewall ACL
NI955 VID 0403 PID 6001 Huawei HDP runs Virtualization and desktop
management pool
hardening
11EF
Standby storage
Camera Logitech/BlueLover Mainstream models supported Active storage
Challenges
As markets are developing, Industrial Bank establishes more and more branch offices
around the world. A branch office usually has a few employees. To reduce maintenance
costs, branch offices need to be centrally managed.
In the existing outsourcing development environment, data is dispersedly stored in
computers, which makes centralized management and control difficult.
Huawei Solution
Huawei provides the FusionCloud Desktop Solution for branch offices. With this solution,
the system is simplified and can be deployed in distributed mode, thereby improving
system flexibility.
Only management data is exchanged between branch offices and the headquarters.
User services are locally provided by branch offices by default without the need of
connecting to the headquarters, so that services are not affected by network latency.
Industrial Bank was founded in August 1988. It is one of the first joint- Customer Benefits
stock commercial banks approved by the State Council of the
Flexible, unified management and maintenance: The administrator at the headquarters
releases, manages, and maintains security policies, applications, and software patches.
People's Republic of China and the People's Bank of China. The The administrator at the headquarters can also assign operation rights to administrators in
headquarters of Industrial Bank is located in Fuzhou. The Industrial branch offices to implement rights- and domain-based management.
High security: Branch offices and the management center are connected by the SVPN.
Bank was listed in the Shanghai Stock Exchange on February 5,
Each branch office is isolated from one another. The networking costs are low and the
2007 with a registered capital of CNY19.052 billion. data security is high.
43
Industrial Bank Branch Office — Application Scenarios and
Peripheral Requirements
Test
Peripheral Model Port Type
Result
Counter service system–card Serial port COM1: B
Nantian 8902 card reader Pass
reader Universal card reader
Counter service system–bill printer OKI MICROLINE 6100F Parallel port Pass
The desktop cloud of Industrial Bank mainly applies to R&D scenarios in Shanghai, Fuzhou, and Chengdu, including
common OA, development, testing, and outsourcing scenarios. Unified O&M must be implemented for the desktop
cloud in the three cities, and services can be independently provisioned in the three cities.
44
Industrial Bank Branch Office — Unified Management, User
Experience, and Security
Advantages of the branch office solution:
Management
Flexible, unified management and maintenance: The administrator
stream at the headquarters implements unified O&M, simplifying terminal
HDP
Enterprise
stream OA
mailbox
management and reducing maintenance workload for branches. The
administrator at the headquarters releases, manages, and maintains
Desktop cloud security policies, applications, and software patches. The
computing center +
Virtualization
Management center
administrator at the headquarters can also assign operation rights to
Desktop cloud management
management FusionManager deployed in Shanghai administrators in branch offices to implement rights- and domain-
FusionAccess
based management.
Local access to VM resources: Only management data is
Cloud-based
Testing R&D Shanghai R&D center exchanged between the headquarters and branch offices. Services for
users are provided by branch offices, and users do not need to
Infrastructure virtualization
FusionCompute connect to the headquarters to obtain resources remotely. Therefore,
Management impact of network latency on services is reduced. Obtaining VM
message Management
message resources locally is especially important for branch offices that use
networks of poor quality. VM templates and images for branch offices
Remote module
Remote module can be made and stored locally. These local templates and images
can be used to create VMs, saving network bandwidth and improving
efficiency.
High security: Branch offices and the management center are
Fuzhou R&D Chengdu R&D connected by the SVPN. Each branch office is isolated from one
center center
another. The networking costs are low and the data security is high.
45
Industrial Bank Branch Office Architecture
Fuzhou desktop cloud
Shanghai desktop cloud computing center
computing center + Saving bandwidth without network reconstruction
Mawei desktop
management center
Service system cloud R&D center, Only 2 Mbit/s management network bandwidth is
Shanghai Zhangjiang Fuzhou required for the communication between branches and
desktop cloud R&D center Local the central site.
resources
FusionManager Excellent experience
FusionSphere Local resources (including servers, storage devices,
WAN FusionSphere
FusionAccess network devices, virtual platforms, and desktop
FusionAccess management devices) are created for branch offices.
Local user access ensures optimal service experience.
The disconnection between branch offices and the
Chengdu desktop central site does not affect local access.
cloud R&D center
Local Unified maintenance management
resources
VDI desktops in local R&D centers and the
headquarters are centrally managed.
…… Desktops comply with industry standards.
FusionSphere
Branch offices can be expanded to up 255. FusionAccess
Chengdu desktop cloud
computing center
46
Industrial Bank Branch Office Architecture
Headquarters
With the complex network environment of
Industrial Bank, Huawei SACG access control
Branch Branch core router
Office service area solution is adopted for the sake of feasibility
and maintainability. The deployment plan is
as follows:
Production network: Core switches are
Production OA SACG TSM Server
Production SACG connected to SACGs in bypass mode in
server area
branch banks to direct upstream traffic of
sub-branch and branch banks to SACGs.
Branch OA area TSM servers are deployed in the branch
Branch core switch OA network
TSM Server aggregation production server area.
switch OA network: Branch and sub-branch OA
terminals use different server paths to
access servers; therefore, SACGs are
Sub-branch Sub-branch core router
connected to core and aggregation
switches in bypass mode to process
upstream traffic.
Production area OA area
Note:
All SACGs are deployed in active/standby
mode to ensure high reliability.
47
Chongqing Rural Commercial Bank Builds Secure and Efficient
Development Environment with Huawei Desktop Cloud
Challenges
In the existing outsourcing development environment, data is dispersedly stored in
computers, which makes centralized management and control difficult.
A dedicated IT engineer is required for every 100 PCs, causing high maintenance costs.
The PC-based office system requires long deployment cycle and provides low resource
utilization.
Huawei Solution
The development environment is deployed in the data center. R&D engineers log in to
VMs from secure TCs to develop the system. Peripherals can be connected to VMs, but
data cannot be taken out.
Computing resources are centrally provided by the data center. The IT administrator only
needs to maintain and manage data center devices, which reduces device maintenance
costs for the bank.
Employees can access their VMs anywhere in the office area, which improves work
efficiency.
Chongqing Rural Commercial Bank is the third provincial rural
commercial bank in China and the first provincial rural commercial Customer Benefits
bank in the Midwest. It is also the first China rural commercial bank With powerful security control policies, Chongqing Rural Commercial Bank can effectively
listed in Hong Kong. In terms of total assets, Chongqing Rural manage and control data and code used by third-party software companies during service
development.
Commercial Bank is the third largest Rural Commercial Bank in China The maintenance efficiency is improved by about ten times, greatly reducing the
and ranks 21 among other banks. management costs.
TCO is reduced by about 30%. Users can enjoy the same desktop experience as PCs.
48
Orient Securities Builds Lightweight Outlets with Huawei
Desktop Cloud
Challenges
As one of the top five securities traders in Shanghai, services of Orient Securities
develop quickly. However, the deployment efficiency of traditional PCs is too low to
meet service development requirements.
Important information, such as customer information and transaction data, must be
protected against disclosure.
Management personnel are busy with O&M.
Huawei Solution
The Huawei FusionCloud Desktop Solution is delivered in an end-to-end manner,
facilitating quick service development.
Various O&M tools, the unique self-service platform, and desktop manager improve
O&M efficiency.
All-round security design prevents data leakage.
Clients with minimum power consumption of 5 W provide green office.
"Deployment of the Huawei desktop cloud accelerates
the construction of new outlets and improves
management efficiency for Orient Securities. In Customer Benefits
addition, Huawei desktop cloud prevents leakage of Remote centralized management and control improve O&M efficiency by ten times.
important customer information, which is very Desktops and data are centrally processed and stored in the background other than
important to us. With the increasing services, we will on terminals, which prevents data leakage.
retain such new OA desktop mode. " Annual power consumption is reduced by 60%, conserving energy and protecting
the environment.
Shu Hong COO from Orient Securities
49
SZSE Enhances Financial Information Security with Huawei
Desktop Cloud
A 60% reduction in information security events: The result of transitioning to data stored in
data centers instead of on PCs and implementing behavior audits and operations tracing.
Desktops deployed in minutes, making O&M ten times more efficient.
Elastic IT resource allocation increases resource utilization by 20% to 30%.
50
China UnionPay Builds 2,000 Desktops with Huawei Desktop Cloud
Challenges
Terminal maintenance is complex and the workload is large.
Desktops are configured with fixed-line phones, which makes configuration
adjustment difficult.
Internal information involves high security risks.
Microsoft virtual desktops in use have poor performance, reliability, and experience,
China UnionPay plans to build 2,000 desktops in this phase. Each desktop includes and cannot meet service requirements.
four CPUs, 4 GB memory, and 500 GB storage. The memory of 50% virtual desktops
can be upgraded to 8 GB when they are configured with 64-bit OSs. These desktops
provide the same experience as PCs. Huawei Solution
Resource utilization (%) Service server preparation period (day)
Huawei FusionCloud Desktop Solution is adopted.
Inceases 10 times Declines 97% Resources are pooled, and centralized management is implemented to ensure
60 100
90 unified monitoring, alarming, and flexible configuration.
50
80 Tier-1 departments are physically isolated from other departments. The management
40 70
30
60 network and storage network are isolated from each other to ensure security.
Traditional
50 Traditional
20
Cloud computing-
40 Cloud computing-
High scalability, smooth capacity expansion, and flexible configuration provide the
based NC
10
30 based NC
same experience as PCs.
20
0 10 Solutions are provided for Shanghai headquarters, and Beijing and Guizhou
Cloud computing- 0
Traditional
based NC
Traditional Cloud computing-based NC
branches to enable unified management.
Power consumption in 24 hours (W) Maintenance efficiency (set/person)
Reduces 71% Increases 9 times
90000000 1200
Customer Benefits
80000000
1000
70000000
60000000 800 Around 20% initial investment, 75% equipment room space, and 67.5% energy are
50000000 Traditional
40000000
Traditional
Cloud computing-
600 saved.
Cloud computing-
30000000 400
20000000
based NC based NC Maintenance costs are reduced by 30%.
200
10000000
0 0
Service rollout duration is shortened by 80%.
Cloud computing- Cloud computing-
Traditional Traditional
based NC based NC
51
Desktop Cloud Solution for China UnionPay Branches
Excellent experience
FusionCloud WAN
Guizhou branch Local resources (including servers, storage devices, network
devices, virtual platforms, and desktop management devices) are
Local
created for branch offices to enable local access and provide
resources
optimal service experience. The disconnection between branch
offices and the central site does not affect local access.
52
China Merchants Bank Desktop Cloud Solution
— R&D, OA, and Customer Service Center Optimal experience — users