Thursday, December 5, 2024

What’s driving the pace of change in financial institutions’ IT infrastructure? The rapid evolution of digital technologies and increasing regulatory demands are propelling the need for effective patch administration and emergency Incident Support Service Utilities (eISSU) to ensure seamless operations.

The threat of ransomware has never been more pronounced than it is today? Financial institutions process a higher volume of digital transactions today than at any point in human history. The potential wealth that can be unlocked through disrupting massive financial markets is crucial to consider.

In recent years, ransomware and malware have been a primary focus of regulatory attention, with updates to both the FFIEC and PCI DSS 4.0 now incorporating specific guidance on ransomware prevention and mitigation strategies?

According to experts, 2024 is poised to be another record-breaking year in terms of the alarming rate of growth in reported safety vulnerabilities, with no signs of slowing down along the exponential curve of this concerning trend. The estimated number of publicly disclosed cybersecurity vulnerabilities (CVEs) this year has more than doubled since seven years ago, itself a doubling from seven years prior.

As the threat landscape expands, financial institutions are increasingly expected to meet higher standards for addressing security weaknesses. On top of that, there’s an urgent need to address the larger software framework and patch essential vulnerabilities exposed to the public. Banks find themselves stuck between a seemingly intractable force and an unyielding obstacle, grappling with the consequences of their own inflexibility.

In recent years, the in-service software program options within the NX-OS product family have undergone a significant upgrade. Previous limitations in the Nexus product line’s patching capabilities for stateful switchover and In-Service Software Upgrade (ISSU) of twin supervisors have long been a challenge, as traditional approaches required careful network design to successfully execute ISSU. Tuning a community to rapidly converge around critical nodes can inadvertently lead to false positive detections during ISSU, ultimately prompting the need for management planes to restart. Convergence to a stable solution and ISSU (Input-to-State Stability Under Uncertainty) were once considered distinct properties, exclusive to individual supervisor-based control strategies.

Recent advancements in expertise have enabled the development of a containerized “redundant supervisor” that allows for seamless failover of management aircraft within less than a second.

Recently, I had the opportunity to review the latest alternatives. Particularly, a lab for a fortune 50 buyer that needed to discover scale parameters beforehand extraordinary, together with a Vxlan cloth with 1300 Vteps (1100 lively in forwarding aircraft), 90K mac, 90k IPv4, > 200 VRF, > 2000 vlans, > 128k IPv4 LPM routes, all lively within the knowledge aircraft of the gadget, in a community with optimized routing timers with stay overlay L3 visitors in a full mesh between 50 hosts throughout a multisite surroundings. The primary objective of the laboratory experiment was to identify aberrant data patterns to determine how measurement units operate effectively and which alternatives are viable during that phase. After conducting thorough testing, we have confirmed that the eISSU performs exceptionally well with this specific sizing configuration when accommodating a high volume of enthusiastic users.

To explore scalability and evaluate possibilities, our team conducted an ISSU experiment within the existing scope. As marketed,  the improve labored flawlessly, each time (we did it a number of instances), throughout MAJOR releases (10.4 -> 10.5). One distinct observation we made was the behavior of our SSH sessions, which are intentionally designed not to fail over (also known as SSH session hijacking or one-to-one session persistence), meaning they do not automatically switch connections.

No drops are recorded for either the Spirent full-mesh flows or ICMP packets. The process was completed in approximately eight minutes, encompassing crucial steps such as creating a secondary support system, achieving synchronization, conducting preparatory work, and ensuring operational stability – all of which concluded rapidly following the failover.

Following rigorous below-scale and cargo testing, the enhanced ISSU function performed flawlessly, exhibiting swift sub-second management aircraft and administration aircraft switchover, with zero instances of packet loss or management aircraft drops during a comprehensive software update.

These innovative solutions are exactly what the financial sector needs today to thrive efficiently.

To further explore the possibilities of applying what you’ve learned in your daily life, feel free to reach out to your account representative for guidance and support.

Share:

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles