Sizing up your site for on-premise web application hosting is not a simple task. A high availability and secure application such as Internet Banking requires hardware, networking and security.

For example, a production system is needed with the number of servers and based on specific vendor requirements. The system should be optimized with redundancy in the form of inbound connectivity (T1 or other broadband).

A test system is also required to ensure software updates don’t affect production until you are ready. When determining a test system, consider whether you will do limited functionality testing or full load testing. The answer lies in risk mitigation vs. budget in terms of the hardware you buy.

Finally any high available system will need a secondary production (disaster recovery system), either located at the same site or preferably at a remote (disaster) site. It is considered a best practice to have this system mirror the production system in terms of hardware and connectivity so that it could take over if disaster strikes.

Beyond just redundant hardware and network connectivity, there are other best practices for maintaining highly available systems. These include:

• High-availability, high performance data storage
• Data and system backups
• Monitoring systems to detect failures in different components of the environment, ideally ones able to a) let you know of operational issues that could cause a problem before they do, and b) more readily identify the source of a problem should your site become unavailable
• Personnel on-site and/or on call to respond to alerts around the clock
• The ability to detect and respond to security attacks designed to gain unauthorized access to account and user data and/or deny service to your customers
• Rock solid IT processes in terms of patching, security, and production change management

Let’s review the above: two Internet connections, three systems (production, test, and DR) which could be nine total servers and the appropriate staff to manage fail-over and other operations required to keep the system highly available. If the disaster site is in a secondary location then you will be maintaining at least two facilities (ideally located physically far from each other), both of which must adhere to regulatory compliance controls, with a way of mirroring production data between the two sites, and regularly testing your ability to recover with your secondary system.

More and more Internet Banking is being considered a tier 1 service, something we can’t live without, and therefore high-availability is a requirement. If managing all of the above does not seem like the best option, then explore the option of using the S1 data center.

The S1 Self-Service Banking environments in the S1 Data Center are fully compliant with SOX, FFIEC, and SAS-70 Type II controls. Additionally, across other S1 customer bases and solutions, environments within the S1 Data Center undergo PCI and Safe Harbor certifications. Requirements from all of these controls and audits dictate a high standard of operational excellence for all S1 customers. The S1 Data Center will also provide you with the control you need (access and reporting), as it is your data and your customers.

In the end, your financial institution must make a decision: procure what is necessary to run a high availability system or host in a premier data center like S1.

< Back