Home > Blogs > VMware vFabric Blog


A Tale of Modernization: Stopping Bank Robbers as a Service (20 Billion Times to Date)

Pirates. Pick pockets. Bank Robbers.

What do these have to do with applications modernization?

Well, bank robbers have turned digital, and this article is about modernizing one of the most successful systems used to stop them.

Stealing credit card numbers, emptying online bank accounts and stealing identities is now big business for thieves and consequently a big area for software companies and banks to collaborate and stop them. Cybercrime and malware have become such an issue that, according to Gartner, the web fraud detection market (where RSA competes) grew 35% in 2010 and 25% in 2011.

RSA is in the business of stopping banks and their customers from being robbed (among other things). Their technology has protected people, businesses, and financial institutions from online fraud for almost 20 years. Their Adaptive Authentication solution is deployed at over 8000 companies, used by over 200 million people, and has protected over 20 billion transactions to date. To jump on the “everything as a service” bandwagon, Adaptive Authentication is literally embarking on a project to “Stop Bank Robbers as a Service.”

We had the opportunity to catch up with the RSA engineering team that is developing this next-generation service using a wide range of VMware capabilities, including VMware vCloud Suite and vFabric. We learned that VMware virtualization infrastructure management, application performance management, automated provisioning, and application servers are already providing benefits along with improved runtimes, and got a peek into how they plan to do the financial side of IT business management using VMware tools.

The remainder of this article provides background and summarizes the conversation.

About the Product and the Challenges 

Do you use online banking? Well, when you log in, there is a good chance you are using RSA technology.

Bank of America, ING, and approximately 70% of American banks do according to this article.  Through the Adaptive Authentication offering, RSA provides customers with a comprehensive authentication and fraud detection platform.  Offered as an on-premise or hosted service, Adaptive Authentication is designed to measure the risk associated with a user’s login and post-login activities through an assessment of device & behavior profiling, and a check against known fraudulent information from a cross-company & industry database.  The system then challenges only the riskiest scenarios for additional identity assurance through challenge questions or out-of-band authentication.  Tools such as back-end policy management, case management, anaylsis, and reporting are available for bank employees to improve performance and effectiveness of the system.

To modernize this application, RSA wanted to achieve several goals to improve operations:

  • Improve how management predicts capacity
  • Improve monitoring to ensure customer SLAs weren’t at risk
  • Improve high availability capabilities, achieve greater scalability and resiliency in times of need, and provide better portability.
  • Automate over 400 types of batch-process oriented maintenance tasks
  • Optimize virtual infrastructure for against performance and costs
  • Automate updates to both SaaS and on-premise deployments
  • Reduce cost of the java application container but maintain support

Where is RSA already seeing benefit from Re-Architecting with vCloud Suite and vFabric?

The Adaptive Authentication modernization project has been in a development phase for about 6 months with the final product being due to market sometime next year.  According to an Architect on the project, Yedidya (Didi) Dotan, they are already seeing a number of improvements in how they develop, deploy, operate, and optimize this cloud-based product. Here are several examples:

1. Using vFabric Application Performance Manager (APM)
Monitoring is an important part of keeping their SLAs. With Application Performance Manager, they get a virtualization-ready, enterprise monitoring solution that is already integrated with the other things they need – a cloud infrastructure management suite, an application provisioning solution, and a runtime platform.

Interestingly, they are also using APM to monitor business outcomes. They use a combination of Hyperic and AppInsight (two components of APM) to monitor KPIs. They expect a certain level of fraud to regularly occur, and if it dips below that level or increases past it, they have a signal to investigate how fraud algorithms are performing and can instigate changes that adapt the behavior of the overall system.

They also use the last component of APM, vFabric’s Spring Insight tools, to understand exactly what the code is doing. Their team is able to automatically see which code (through abstraction or otherwise) generates problematic SQL transactions.  This helps lower development costs and operations costs because they can catch things before they are live and more quickly troubleshoot problems before they impact SLAs.

2. Using vFabric Application Director
For RSA, a single customer deployment might include 270 virtual machines or more, and these can be hosted on-premise in their customer’s own private cloud, or in a multi-tenant hosted environment they run.  RSA has begun the journey to fully automate deployments and updates for all key environments using Application Director to standardize deployments.  Application Director helps speed deployments and reducing risk of errors, by eliminating many manual steps and ensuring installation always happens as prescribed. Given there are no limits to the number of servers Application Director can provision, this automation will help RSA scale and manage a massive number of VMs. Application Director is also built to be able to deploy application blueprints onto external sites, this process makes it easier as well to “package” the software for deployments onto customer’s private clouds, simplifying distribution.

3. Using vFabric tc Server and Spring
Previously, RSA had standardized on WebLogic as their java container. Since their application modernization involved moving to Spring to improve development times, they also used this as an opportunity to move to a lower-cost, commercially supported application server, the vFabric tc Server. For RSA, they were impressed with how easy this effort was. A single developer was able to migrate the entire code base to tc Server in just 3 weeks. Since the move, the development team has been able to use all aspects of the Spring Framework including the security module. Together, these changes are expected to reduce development and deployment costs significantly.

4. Using vCenter Operations and vCenter Orchestrator
With vCenter Operations (vC Ops), RSA has been able to better detect and prevent issues at the OS and storage level. As well, they have a clear view into operations and are able to improve capacity planning to better align deployed infrastructure with performance, and keep costs inline with needs. With vCenter Orchestrator, they are able to automate a sizable number of operational tasks across all customers and between many systems.  These tasks include processes like back-ups, file transfers, fraud data updates, and OLAP reporting.  In total, there are about 400 tasks performed for each customer on a regular, sometimes daily basis, with individual tasks sometimes needing to be repeated across every deployed server. By automating these tasks, they are done more efficiently, reliably and are preventing errors in operations.

Thank you to the RSA team for sharing these insights.

>>For more information on the products discussed here, check out these resources:

Screen shot 2012-07-03 at 3.42.00 PM About the Author: Stacey Schneider has over 15 years of working with technology, with a focus on working with sales and marketing automation as well as internationalization. Schneider has held roles in services, engineering, products and was the former head of marketing and community for Hyperic before it was acquired by SpringSource and VMware. She is now working as a product marketing manager across the vFabric products at VMware, including supporting Hyperic. Prior to Hyperic, Schneider held various positions at CRM software pioneer Siebel Systems, including Group Director of Technology Product Marketing, a role for which her contributions awarded her a patent. Schneider received her BS in Economics with a focus in International Business from the Pennsylvania State University.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>