Paving the Way for Automation with Cisco ACI

In a world of fast transactions and uncertainty, a company’s IT infrastructure can be the difference between success and failure. That is especially true in the financial market, where split-second decisions are made based on data and transmitted across the world.

SIX Group, named for Swiss Infrastructure and Exchange, provides a foundation for the financial operations of Switzerland. We handle transactions related to securities and payments, as well as information processes, and in 2020, our revenues reached almost CHF 1.5 billion. SIX Group has several offices throughout the world to accommodate our nearly 3,500 employees.  

We began in the 1930s as Ticker AG, and 30 years later were the first to use television to simultaneously display up to 90 stocks. Over the years, the company merged with several other exchanges and organizations as our influence and focus expanded. Currently owned by about 120 financial institutions participating in the Swiss market, our goals include enhancing the efficiency, quality, and innovative capacity of the participating groups. 

I provide this short history to make two things clear: 1) The ever-changing needs of the market and the evolving realities of our customers demand that we constantly improve and extend our IT landscape and build up our digital infrastructure. 2) We accomplish this against the backdrop of consistent acquisition, including mergers and new partnerships.

End-of-Life Status Forces a Change

When I joined SIX, the organization was in the middle of another change. Although I was hired as the Head of Network and Network Security Operations, after about four months we went through a reorganization. My role changed to Head of Connectivity, and I now lead a department full of network/network security operations and engineering staff. One team focuses on routers, switching, load balancing, local networks, and maintaining the tools for network monitoring. The second team is centered around firewalls, proxies, VPN, and firewall-related tools.

To constantly improve our services, we had to face a hard reality in 2018: Much of our network equipment was rapidly approaching the end of its expected life cycle. Making matters worse, our networking design was old. Every organization has a shopping list of items to eventually purchase. We knew we had a problem when even our potential purchases were out of date.

We couldn’t continue with our old approach of deploying more dynamic fabric architecture (DFA) networks. In addition, we also had data centers in the United States and Singapore that were in direct need of an upgrade. Fortunately, our situation presented us with an opportunity. It was time to completely renovate our networks with new technologies that could make dreams like automation possible.

The Dilemma of a New Build

As with most IT experts facing a major overhaul, we considered building something internally. It was tempting because no one knows our organization as well as we do, and therefore we thought we could create a great solution. But it didn’t take long for our fantasy to clash with reality.

Beat Stump, Senior Network Engineer at SIX, likes to point out that building a future-proof solution would have been very complex. We have a variety of special circumstances that complicate our environment, such as operating multiple zones, using multicast, and manual provisioning across our data centers. Provisioning everything manually is a lot of work, and it’s not the appropriate way to scale. “We don’t want to provision a network 80 times,” Beat said. “We want to do it once.” Even if we had the time to accomplish such a build, it would defeat the purpose of the upgrade. We needed something that could scale efficiently and lend itself to more hands-off automation.

We considered a number of options, several of which were based on standard VXLAN. There were two problems with this system. First, we would have to configure the switches by hand, which is the opposite of automation. Second, most of the options didn't include the ability for segmentation.

Segmentation is critical for us. Because our work involves the financial markets, we have to follow a number of regulations. Even more importantly, these rules can change with each country and product. Other directives force the separating of networks, essentially isolating key services for enhanced security. Segmentation would allow us to create a different set of rules for each network segment without a long and complicated network migration project.

We’ve enjoyed a long relationship with Cisco, and at the end of the day, the only solution that provided us with the functionality we desired was Cisco ACI. An added bonus was knowing that their support would extend beyond the sale. They were committed to helping us realize our overarching goals for the network.

A Partner with Benefits

We knew the upgrade and migration process would be a huge undertaking, and we already had a number of other responsibilities and projects running concurrently. So we turned to Cisco CX—the team who helps customers reach value faster—for the design and engineering work. They provided training to our operations team and network engineers. Since SIX operates an extensive lab environment, Cisco CX staff joined our engineers on site and all testing and verification has been performed in our own lab. This continuously operated lab reflects our production environment and will be maintained for future testing, verification and troubleshooting.
 

Several members of our key staff, including our lead engineers, Beat Stump and Markus Benz, didn’t have much hands-on experience with Cisco ACI. Rather than taking a year for them to get up to speed, Cisco Network Consulting Engineers (NCE) handled some low-level design details so that our staff could focus on testing and architecture principles. Ultimately, this turned out to be a good decision for the implementation. Cisco NCEs know their own product and have experience with similar installations. They solved common problems off the top of their heads that may have taken us days to figure out. “The engagement with Cisco clearly shortened our engineering cycle a lot,” Markus said.
 

There were a couple of distinct ways Cisco made this project easier. First, they shared a huge wealth of knowledge to help us breeze through potential issues. Usually, product upgrades are fairly similar to the previous products. They may have new features, but the operating system and functionality are the same. This time everything was new, so sharing information and experience was a critical time-saver. Through this process, we developed our own expertise in ACI.

Second, once we had a basic understanding of the new technologies, Cisco helped us with the design phase. After all, even the best IT solution can be worthless if it is designed and implemented poorly. They helped us to match our organizational requirements with the capabilities of ACI. That included helping us avoid long-term pitfalls and shaping our system for scalability and flexibility.

We began this project in earnest in December 2018 and began developing a plan for Cisco's support a month later. By fall 2019, we were well into the process of testing the system. That kind of speed would not have been possible without Cisco's dedicated support. It would have taken us much longer had we been left to our own devices.

Ongoing Cisco Support 

Perhaps the best thing to come out of this experience was discovering the value of working closely with Cisco staff. Beside the ACI engagement, we signed a multi-year contract for Cisco Business Critical Services (BCS), which involves having a Cisco engineer on site once a week to work directly with SIX. That engineer is involved in our ongoing activities and quickly became familiar with the intricacies of our operations. Whenever we have a question, we can contact someone who intimately understands the context and background of whatever issue is causing trouble. Instead of spending an hour getting an external support person up to speed, we can just skip right to the problem.

We also appreciate Cisco's proactive approaches to asset and life cycle maintenance and management. The company has a team that helps us with asset management. We now get notified when specific platforms are reaching end of life status. These notices come months in advance, so we can take our time to research and get the decisions right. Again, because Cisco has intimate knowledge of our operations, they can help us find the right licensing models and equipment to suit our current and future needs. 

Cisco also proactively helps us to solve problems. It’s hard learning something new, and when internal frustrations began to rise during the migration, for example, Cisco responded swiftly with a troubleshooting session. That reassured our teams that we would get to the finish line together.

Through this process, it wasn't just our technology that changed. We also had to change our ways of working. Cisco ACI opened our eyes to software-defined networking. As a result, we began hiring more developers and teaching existing networking staff the basics of coding. This project has helped us start to maximize our human resources as well as those of our infrastructure.

Considering the Future of SIX

Today, we are well on our way toward increased automation. Markus Benz sums up our approach best: “Our intention was never to get rid of people or lower the amount of work, but rather to cope with the additional work that is in front of us.” There is more work required on the network level and there are two ways to get it done: automate or add more people in the future. To have the same number of people on our team and cope with all the additional work, we need automation to reduce manual and repetitive tasks. That way our staff can spend more time consulting with the business units and developing better processes for buying, building, and integrating companies.

We’ve also noticed that we spend less time and effort fixing human errors. Our time to market numbers are decreasing, and we can get a data center up and running a lot faster than we could in the past. These benefits allow us to remain competitive and offer our clients the same services they enjoy with cloud-based technology.

I won't say the transition from traditional networking was always fun, but it was necessary. Thanks to Cisco ACI, we have helped to future proof our business and are ready for the world of tomorrow.