Digital banking on AWS
2 likes1,381 views
This document provides a reference architecture for building a digital banking environment using VMware Cloud on AWS and AWS native services. It outlines key components like SDDCs for core banking and retail banking workloads, networking components like Transit VPC and Transit Connect, and how various AWS services can be integrated for capabilities like analytics, machine learning, security, and operations. The architecture shows account structures, network topology and flows, and examples of workloads and services across the environment.
Digital banking on AWS
- 1. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture VMware Cloud on AWS Customer Organization VMware Cloud on AWS SDDC Group Networking Account VMware Transit Connect Transit VPC VMware Cloud on AWS With VMware Cloud on AWS, rapid migration to the AWS cloud is possible for even (a) core banking solutions such as Fiserv, (b) corporate and retail banking solutions, as well as (c) hosted ISV solutions, and you can continue to run these workloads in the same manner that you do on-premises without refactoring. Software-Defined Data Center (SDDC) Groups enable you to manage multiple SDDCs as a single logical entity- simplifying operations. VMware Transit Connect is a managed service powered by AWS Transit Gateway that provides high-bandwidth, simplified connectivity. It supports the following connectivity models: (a) SDDC SDDC in the same region, (b) SDDC AWS VPC, and (c) SDDC on-premises over Direct Connect Gateway. Important note: At least one endpoint in any flow must be a resource within a SDDC. AWS native services AWS Control Tower provides an easy way to setup and govern your new, secure, multi-account AWS environment based on best practices established through AWS’ experience working with thousands of enterprises, and has the extensibility necessary for meeting the requirements of digital banks. Account groupings and organizational units (OUs) should be based on function or common controls, starting with security and infrastructure. Organize resources into accounts based on categories of service, such as (a) networking, (b) security tooling, et cetera. AWS Transit Gateway provides high-bandwidth, simplified connectivity within the AWS estate for traffic flows where a resource within the SDDC is not one of the endpoints. Seamlessly integrate your VMware workloads with AWS analytics and machine learning services to start driving new insights and value from your data. Digital Banking reference architecture Design patterns for building a digital banking environment with VMware Cloud on AWS and AWS native services. Amazon Lex Corporate Data Center Customer Engagement Account Amazon Connect Amazon Pinpoint CRM Marketing & Loyalty Ingress VPC (Public Networks) NGFW AWS Internet Gateway Egress VPC AWS Internet Gateway IDS/IPS Proxy AWS Direct Connect AWS Site- to-Site VPN AWS Client VPN Amazon Route 53 AWS WAF AWS Shield Advanced Amazon CloudFront AWS Transit Gateway Log Archiving Account User Devices Amazon CloudWatch AWS CloudTrail AWS X-Ray Core Banking Solution SDDC Hosted ISV Solutions SDDC e-KYC Credit Card Management Remittance Manager Staff Authorization Manager Credit Decisioning Device Fraud Scoring AML Regulatory reporting generation Customer Onboarding and Origination Credit Agencies General Ledger Payments (SWIFT, FAST, NETS) FX Rate Provider Staff Identity Provider Operations Account Shared Services Account Analytics and Machine Learning Amazon Elasticsearch Logs Backups Operations Management VPC ITSM ISV Solution AWS Personal Health Dashboard Amazon SNS AWS Trusted Advisor AWS Systems Manager Amazon QuickSight Amazon Athena Customer Authentication VPC Identity Provider ISV Solution Active Directory VPC AWS Directory Services AWS Lake Formation Amazon SageMaker Amazon Athena Amazon EMR AWS Glue Amazon Fraud Detector Amazon Polly Amazon Personalize Amazon Rekognition Amazon Textract Amazon Redshift Data Bunker Account AMIs Backups Templates Snapshots Release Management Account Amazon GuardDuty AWS Config AWS Control Tower Amazon Macie AWS Certificate Manager AWS Security Hub Amazon Inspector SIEM ISV Solution AWS CodePipeline AWS CodeBuild AWS CodeDeploy AWS CloudFormation AWS CodeCommit AWS CDK HashiCorp Terraform AWS services used across AWS accounts Direct Connect Gateway Corporate Banking Retail Banking BU – Dev/Test Integration Account Integration VPC Amazon API Gateway AWS Transfer for SFTP Amazon MQ Amazon EventBridge Organization Management Account Service Control Policies Security Tooling Account Amazon CloudWatch AWS CloudTrail AWS X-Ray Amazon SNS AWS IAM AWS KMS Amazon GuardDuty AWS Config Tagging Strategy Billing and Cost Management Account Baseline Service Catalog AWS Single Sign-On Retail Banking BU - Production Elastic Load Balancing Amazon EKS Amazon EC2 AWS Lambda Amazon DynamoDB Amazon RDS Amazon EventBridge Amazon API Gateway Amazon SNS Amazon S3 Amazon S3 AWS AppSync AWS Transit Gateway VMware Transit Connect VDI SDDC Horizon CPA Pod Apps VPC Unified Access Gateways Desktop Pools RDSH Farms Unified Access Gateways Connection Servers Connection Servers OS OS OS RDSH RDSH RDSH Load Balancer Load Balancer 6a 4 1a 2 3 7 3c 3a 3b 6b 1c Core Banking Solution 1 2 3 4 5 6 7 8 Corporate Banking SDDC Retail Banking Dev/Test SDDC Retail Banking Prod SDDC Retail Banking Solution 1b 8 5