Manualshelf

Specifications

ManualsBrandsCraden ManualsComputer equipmentDP7
31323334353637383940
Bankway Network Standards Guide - Distributed Terminal Server in Every Branch
This constitutes a trade secret of Fidelity National Information Services, Inc. 03/08 Research & Development
Page 28 of 63
The number of snapshots to be kept on line is a decision to be made by the Bank. Additional
snapshots can be backed up to media such as CD\DVD and restored as required.
As a starting point assume:
The last 10 days
The last 5 weeks
The last 13 months
The last 8 quarters
The last 7 years
Following this pattern yields about 33 snapshots as the value T.
Data transmitted from host to SQL server - The File Transfer Protocol (FTP) is initiated from
within the host batch update job stream for the task of moving the captured data files to the
various Enterprise Servers designated to receive a specific bank’s data. The user/password for
the FTP sessions (by server) is maintained by a business task within Bankway. The user id and
password are stored within A2i control files. (The user id can be displayed by the business task,
but the password is always obscured during maintenance activities). The FTP session will move
a bank’s data from the host to a special folder on a designated server. The FTP user id’s
privileges should be restricted and confined to the single folder. The TCP/IP network
connections between the host and the Enterprise Servers should be secured from sniffing
outside of the data center. There are a variety of ways to accomplish this with hardware, for
example by providing NICs (network interface cards) on the host and on the Enterprise Servers
exclusively for these purposes. Other techniques using switches or virtual LANs can also be
employed.
Databases built by A2i on the SQL Server - The underpinnings of A2i are Microsoft SQL
Server and SQL Reporting Services. As A2i is distributed and installed in accordance with FIS
procedures, the SnapShot databases are accessible to only three users: the system
administrator who sets up the SQL Server (for administrative purposes such as backups, etc.);
the FIS Collection Administrator application (which creates the SnapShot databases); and finally,
the Reporting Services web application (via shared data sources to the SQL Server). The
Collection Administrator and SQL Reporting Services will require a least privileged account
(mirrored local accounts or network account) to access the SQL Server. This limits access to the
SQL Server snapshot databases to a single account. As long as the Enterprise Server is located
in a secure facility, the security administrator for the SQL Server password is non-blank, and
access to the Enterprise Server via Windows Logon is limited to the System Administrator, the
security of the SQL database meets the industry gold standard. Additional optional security
measures would put a firewall in front of the Enterprise Server and configure the SQL Server
port to accept incoming traffic from only the IIS Server and the Bankway host system. In
addition, the IIS Server running SQL Reporting Services must be configured to only allow
authorized Windows users in order to prevent unauthorized users’ access to the SQL database
via reporting services (to be determined by the System Administrator). The IIS Server could also
be located behind a firewall, further protecting against outside access (the firewall blocks http
ports) helping prevent someone hacking into the IIS Server and thereby gaining access to the
SQL Server.