NT proves its worth in a high-security, high-availability environment

In the fast-paced world of securities trading, where you're turning over more than half a million dollars every second, your computing environment has to be up to the task. At Cedel Bank, a global securities clearing, settlement, and custody institution, the need for a robust and stable operating system that will grow with the bank led the IS staff to Windows NT. "In an environment where high availability, security, and flexibility are mandatory, the question was never whether we should migrate to NT, but rather when and how we could best achieve the migration," said Ian Cohen, senior manager of group information services.

For several years, Cedel Bank had been actively migrating its core IS technologies from principally mainframe-based batch systems to a client/server and realtime environment. The migration was progressing well, but the client-side operating system (Windows 3.1) and network operating system (Novell NetWare) could not support increasing demands on the bank. Windows 3.1 suffered from significant memory and security constraints, and Novell was unable to provide a manageable and viable future for servers.

In 1996, Cedel Bank completed an ambitious program to migrate its entire internal network and desktop environment to NT and BackOffice. Cedel Bank adopted the latest versions of all major Microsoft products within a very short time. Both internal staff and Microsoft have hailed the migration project as a major success.

A subsidiary of Cedel International, Cedel Bank serves as a global clearing organization to minimize risk in the settlement of cross-boarder securities trading. The bank has an annualized settlement turnover rate of more than $13 trillion, holds more than $1 trillion of customers' securities in safekeeping, and processes trades of up to $100 billion every business day. Cedel Bank has offices in Luxembourg, London, New York, Hong Kong, Tokyo, and Dubai. Cedel Bank also operates Liberty, an order routing service (InterTrade) for North America, Europe, and Asia.

NT on the Fast Track
In late 1995, Cedel Bank decided to switch fully to NT, and in January 1996, the bank implemented a short-term strategy to address the following five major business requirements:

  • Access from anywhere--access to any data and application (subject to security), from any company PC, at any time, from anywhere (24*7 availability)
  • Security of information and services--secure access to all data and resources (thorough virus and intruder prevention and detection)
  • Rapid deployment of technology--a robust framework to enable the bank to quickly build and deploy new applications
  • Productivity and efficiency--improved systems management, better customer responsiveness and support, and less manual intervention
  • Cost-effective services--using the most cost-effective approach to solve problems and deal with challenges (note that cost effective does not mean least expensive)

Cedel Bank created a detailed design of its future IS environment in March 1996 and began implementing its solution in October 1996, a little more than eight months from initial planning to global implementation. Although Cedel Bank's NT environment is relatively modest (about 800 users worldwide), it is very complex. "With the bank's nine offices in Luxembourg and five offices in other countries, the design of the environment needed to be right, especially when we were considering business requirements, NT domains, SMS \[Systems Management Server\] servers, and Exchange sites," Cohen said.

Facing demands from its users to provide significant new features and improvements for its customers, Cedel Bank scheduled an aggressive eight-month project to migrate to NT. During those eight-months, the bank

  • replaced Windows 3.1 with NT 3.51 (and later NT 4.0) on all PCs
  • replaced the existing servers with the newest Compaq symmetric multiprocessing (SMP) range
  • replaced Novell NetWare 3.11 and 3.12 with NT Server 4.0
  • migrated its network protocol from IPX/SPX to TCP/IP and its WAN protocol from X25 to frame relay
  • centralized its critical data and applications on hundreds of gigabytes of realtime mirrored disk arrays
  • created a warm standby facility in a backup data center
  • migrated from Microsoft Mail to Microsoft Exchange
  • implemented direct TCP/IP and failover with Microsoft Systems Network Architecture (SNA) Server for mainframe services
  • migrated from static to fully dynamic TCP/IP addressing using Dynamic Host Configuration Protocol (DHCP) and Windows Internet Name Service (WINS)
  • implemented Microsoft SMS for electronic software distribution, auditing, and management
  • implemented an intranet using Microsoft Internet Information Server (IIS) and Internet Explorer (IE) 3.0
  • migrated from Microsoft Office 4.2 to Office 95
  • implemented a new security model, including access from any PC via roaming hardware profiles
  • implemented a complete NT printing environment

During the project's first three months (March, April, May), Cedel Bank focused on infrastructure design. Specifically, the IS staff looked at domain design, Exchange site design, SMS site design, SNA server configuration, DHCP/WINS design, LAN/WAN traffic analysis and projections, disk array and server evaluation and selection, a minimum desktop PC specification, application inventory, and so forth. The intent was to ensure that the infrastructure the bank was designing was clear from the start.

During June and July, Cedel Bank performed several tasks in parallel. The IS staff upgraded the desktop hardware, installed and commissioned all infrastructure hardware, tested the underlying NT server and back office infrastructure, and created SMS packages. The IS staff also created unattended installation scripts that let it install NT 4.0, NTFS, Exchange client, SMS client, Office 95, IE 3.0, and a corporate screen saver with only two manual operations at each PC. At the same time, the bank began to implement desktop design changes (e.g., shortcuts and directory structures) and migrate old systems to new systems (e.g., MS Mail to Exchange).

NT 4.0 was still in beta at this point in the migration, and Cedel Bank decided to initially stick with NT 3.51 because the release date for NT 4.0 was still unclear. The bank began testing the alpha build of the Cedel Bank workstation to ensure that the infrastructure and fundamental elements were in place and working. At this point, the bank also began to implement user training modules on various components (NT overview, Exchange, Office 95, NT development, etc.) of the new environment.

In August, Cedel Bank began beta testing the new environment, using more than 60 users and fixing problems to prepare for the next beta release. The beta testing focused on the products the users would receive and how the users would receive the products.

A month after the beta testing began, Cedel Bank made a critical decision to replace its existing NT 3.51 systems with NT 4.0. The bank allowed for a one-month delay so it could rework the environment and deploy NT 4.0. IS staff members believed that NT 4.0's features had value and realized that they could avoid a second full-force migration to NT 4.0 later if they switched now.

In October, the bank performed the second phase of beta testing to fix minor bugs in the system and prepare for a live migration of the remaining systems. The live migration in Luxembourg took five weekends to migrate about 150 users per weekend. In November, after successfully migrating the local systems, the bank began migrating systems in other countries. For the final step, the IS staff performed a year-end freeze and stopped making additional changes (other than urgent fixes or customer requests) to systems in the new environment.

"By adopting an aggressive but achievable schedule and working as a team, we were able to go from a blank page in March to successful migration in October," Cohen said. "Considering the complexity of the migration, which involved approximately 800 users, 26 servers, and full implementation of BackOffice, Office 95, realtime disk mirroring, and a warm standby facility, the relatively short period in which we migrated to NT shows that we did many things right."

Lessons Learned
Cohen is pleased with the way the bank handled the migration to NT, but he admits that some things went wrong. "We had our share of problems, such as getting MS Mail and Exchange to coexist during the transition and getting desktop shortcuts to follow users when they used another PC in the system," he said. "If we had to perform the migration all over again, we would do some things differently, such as improving the way we approached user training. Our guiding principles throughout the project were to adapt, improvise, and overcome." For Cohen's thoughts on where the project succeeded and where it fell short, see the sidebar, "An Interview with Ian Cohen," page 120.

Cohen realizes that undertaking a large-scale migration can't purely be an exercise in technology. "To be successful, you need to navigate various planning, testing, technical, and logistical challenges," he said. "You need to approach the migration much like a military exercise and know what you want to achieve."

Cohen said that companies need to have a good grasp of their existing environment, including hardware and especially software. Cedel Bank identified where it had installed applications and hardware products, who was using these components, how critical the components were to the enterprise, what language the applications were written in, and whether the components were compatible with the new systems the bank was installing. During the migration, Cedel Bank used a commercial product to audit its existing systems, but found that the software audited only major products and none of the applications the bank had developed internally. To help fill the missing holes, the IS staff had the beta users verify the results of the audit locally in their groups.

Cohen pointed out that you need to inform users that your efforts will focus on those products and applications that you know exist, that your company requires, and that are legal. "Circulate the inventory, and make sure that your users have the opportunity to inform you of products and applications that you might be unaware of," Cohen said.

Cedel Bank also had to resist the temptation to manually install products and services, especially for workstation users. "Although this approach can seem like the most expedient way out, you otherwise run the risk of ending up with many different configurations and flavors of installation, which can present real problems for future support and maintenance," Cohen said. He suggested that companies use available tools such as CIXSTART and installation script generators to make installations as automated, consistent, and repeatable as possible.

Cohen also suggested that companies perform some dry runs. Specifically, you'll want to know how fast you can install one PC and whether you can install several machines at a time. You'll also want to know of any staffing, network saturation, server responsiveness, and capacity bottlenecks before you take the new environment online. "Keep in mind the best and worst case scenarios, including any backout or contingency actions, and plan accordingly," Cohen said. "Cedel Bank is evidence that you can deploy NT and BackOffice in a reasonable time and at a reasonable cost if you take a practical and realistic approach to the project."

Cedel Bank let the new environment stabilize for the first few months of 1997 before performing a full disaster test to simulate how the bank would recover the system in the face of a major catastrophe such as a fire. The bank is still exploring ways to make the most of NT, IIS, IE, server-side scripting, and ActiveX and Java applications, and looking to the next wave of BackOffice products.

SOLUTION SUMMARY
Operating in a highly available, highly secure environment requires just as versatile an operating system as possible. When Cedel Bank began to outgrow its existing client/ server network, it created a detailed plan to redesign its IS environment around Windows NT and the Microsoft BackOffice suite. The bank selected NT because the operating system provided a robust, secure, and flexible environment that could grow to meet the bank's existing and future needs. The bank's design addressed short-term business needs such as 24*7 availability, security of information and services, deployment of technology, productivity and efficiency, and cost-effective services.

The bank went from the initial planning stages to implementation of the new NT environment within eight months. In that time, the bank tackled such tasks as placing NT 4.0 on all PCs and servers, creating a warm standby facility, migrating from MS Mail to Exchange, implementing dynamic TCP/IP, migrating from Microsoft Office 4.2 to Office 95, implementing an intranet, and implementing a new security model with roaming hardware profiles. Both Microsoft and internal staff have hailed the project as a success.