Financial institutions face a slew of daunting IT challenges. Availability is paramount because minutes of downtime can cost millions. Security is an ever-present concern and regulatory agencies demand proof of compliance.

On top of this, many financial institutions are undergoing mergers and acquisitions requiring network integration and consolidation. Finally, cost-cutting to ensure survival is a necessity while remaining responsive to customers who require 24x7 access to financial services data and applications.

Essential to addressing these pressures are core network services – IP address assignment and management (DHCP and IPAM), and domain name resolution (DNS), among others. If core network services don’t work, the network and applications that financial institutions and their customers rely on don’t work.


Shortcomings in conventional CNS solutions (i.e., general-purpose servers, operating systems, and freeware) can unexpectedly disrupt critical trading and banking applications. Specific concerns with conventional solutions in a financial services environment include:

• Unreliable with limited DR
• Performance and capacity limitations
• Requires many cycles and experts to maintain, upgrade and patch
• Vulnerable to attacks
• No audit logs to investigate network breeches
• PCI compliance challenges
• No central management

With conventional solutions, servers have to be managed independently and frequent updates/ patching can consume IT cycles. It is difficult to implement high-availability solutions and achieve failover. In a disaster scenario, there is little to no ability to easily recover because there is no central point of management for administrators to map around failed servers and re-partition the network. Performance and capacity limitations can produce latency that can negatively affect financial transactions – a highly sensitive function that can halt transactions if all necessary DNS lookups are not performed properly.

On the security front, legacy systems are open to attack, which can compromise system availability and integrity. There is also little means for IP address audit logs/lease history to investigate network breeches. Further, PCI audit requirements include a check for DNS servers and proof that they are up to date and immune to security vulnerabilities – very difficult to achieve with standard DNS servers and software.

These inadequacies are not easily overcome using band-aids applied to existing systems, such as overlay management and data back-up systems.

Business Impacts of the “status quo” for Core Network Services

Financial institutions that use conventional approaches to deliver CNS are subject to:

• Downtime of network and key applications for trading and daily operations
• Business continuity/DR risks
• Cumbersome administrative cycles and high operating costs
• Attacks and breeches
• Compromised reputation due to canceled trades or users unable to access accounts

Ramifications like these merit deployment of a CNS infrastructure that is reliable, manageable and offers unique security advantages for financial environments.


To provide nonstop services, free experts to work on other critical projects, improve security and achieve regulatory compliance, financial IT organizations need to consider a next-generation approach to delivering and managing CNS infrastructure.

• Appliances deliver high availability services and secure infrastructure
• Grid technology ensures continuous uptime, centralized management and DR
• Monitoring/reporting/mitigating capabilities for dealing with DDoS attacks
• Built-in IPAM simplifies tasks, enables delegation and reduces errors

Infoblox appliances enable “one-button” upgrades to accommodate new features and easy installation of the latest BIND releases. Additionally, the custom Infoblox NIOS™ operating software is hardened and, therefore, secure from vulnerabilities, accommodating PCI compliance requirements.

In addition to high availability (HA) between appliances, Infoblox’s Grid technology, which links appliances into a unified, distributed system that is resilient to network and equipment failures and provides central management, enables “one-click” recovery from catastrophic failures of major data centers or WAN links. Administrators can configure “master candidates” that can be designated as the seat of administration at any time with a single command. This is used by some financial institutions who routinely “fail over” to backup sites to maintain a constant state of readiness.

In the event of a malicious attack, leveraging rich data, such as DHCP lease history, available through the Infoblox approach, financial IT representatives can easily identify which port had a rogue appliance on it and stop the incident.

Finally, with built-in IP address management (IPAM) for simplifying and automating repetitive daily tasks that can add costs and configuration error risks to your network, Infoblox delivers the real-time visibility and control you need for your network while reducing expenses and increasing availability.

Infoblox Benefits

• Continuous uptime (better SLAs) and “touch of a button” DR
• Allow experts to work on other critical projects
• Reduce administrative overhead and costs
• Increase security
• Increase visibility into and control of who is on the network, when and where
• Achieve PCI compliance for CNS systems

To learn more about Infoblox solutions or to evaluate Infoblox products in your environment, please contact us at info@infoblox.com or call +1.408.625.4200.