Merrill Lynch embraces IP [and lots of CSCO equipment]
nwfusion.com
By Jim Duffy
Network World, 08/17/98
New York - Investment giant Merrill Lynch is
morphing its global trading network to an all-IP
environment that will let the company offer new
Web services, consolidate equipment and
reduce maintenance costs.
The financial services firm is merging separate
SNA, IPX, Banyan VINES and other
networks into a single IP infrastructure with
common directory services, naming
conventions, security policies and remote
access routines.
By doing this, Merrill Lynch hopes to reduce
long-term operational costs and to provide
customers with quick access to timely market
information, such as Web trading and research
data.
"We're trying to promote consistency and have
Merrill Lynch embrace the utility concept
model" of information access and exchange, in
which the network is as easy to use as other
utilities, such as phone, water and electric, says
Nicholas DeVito, vice president of network
strategy and planning at Merrill Lynch.
"We want to align ourselves with standard
Internet protocols and technologies. We
anticipate leveraging the Internet going forward
for electronic commerce, for Internet-based
trading, for a number of possible business
reasons," DeVito says.
Merrill Lynch says the network overhaul should
be completed by the year 2000. The project's
cost and projected savings have not been
determined, DeVito says. But company officials
are confident the return on investment will be
worth the move.
Savings will come from replacing IBM
front-end processors with less costly Cisco
Systems routers, and from consolidating three
separate networks and their associated
operational and maintenance costs, into one
network. Also, a common directory will
facilitate dynamic addressing, which will ease
administration.
Merrill Lynch also expects improved
application performance from its IP network
because applications will no longer incur the
processing overhead of binding to different
protocols to access information. And the
common directory will help automate access
and authentication routines through standard
policies.
Another factor that prompted Merrill Lynch to
go the all-IP route is the popularity, ubiquity
and ongoing development of IP-based
products.
"I don't think we have much faith in IPX going
forward, or Banyan, or any other networking
protocol," DeVito says. "As long as IP is the
transport, we'll be positioned to compete very
effectively in the marketplace."
Network specifics
Merrill Lynch's network serves 55,000
employees in 700 branches of the company's
four business units: Private Client, International
Private Client, Asset Management, and
Corporate and Institutional Client Group.
The network is comprised of 1,800 to 2,000
Cisco Systems routers, 45% of which are
Cisco 7X00-class high-end devices. The rest
are Cisco 4X00 and 2500 series routers.
Backbone links are E-1 and DS-3, while
access links are 56K bit/sec and T-1 frame
relay.
The router network is constructed in a four-tier
hierarchy. The first tier is an E-1 inter-regional
backbone that connects five global nets in a
fully redundant mesh. Those regions are North
America, Asia, Australia, Europe and Japan.
The second tier is made up of the regional
backbones. They support DS-3 or E-1
networks that use the Open Shortest Path First
(OSPF) protocol to partition each regional
domain, or autonomous system, into smaller
domains. An autonomous system is a collection
of networks under a common administration
sharing common routing capabilities.
The third and fourth tiers are OSPF areas that
represent regional and remote site networks.
They access the regional backbone over 56K
bit/sec and T-1 frame relay links.
There are about 5,000 Ethernet and Fast
Ethernet LAN segments in the Merrill Lynch
network, anchored by Cisco Catalyst 5000 and
5500 Layer 2 switches. Merrill Lynch plans to
give all desktops switched 100M bit/sec
connections and is keeping tabs on Gigabit
Ethernet technology for possible backbone
deployment.
Merrill Lynch's effort will involve replacing up
to 100 IBM SNA front-end processors with
Cisco routers equipped with Cisco's channel
interface processors. The Cisco routers will
perform all TCP/IP processing, including
encapsulating SNA data in IP packets and
transmitting them over an IP backbone using
Data Link Switching, DeVito says.
Merrill Lynch is keeping SNA intact in data
centers to maintain the integrity of missioncritical
SNA applications, such as CICS and IMS, but
will write new applications to TCP/IP Sockets
APIs, DeVito says. SNA client workstations
will be outfitted with TCP/IP software and
access mainframe data using tn3270 and Web
browser-based 3270 terminal emulation.
"The client's got an IP stack on the PC and he's
part of the enterprise, as opposed to the
self-contained SNA network," DeVito says.
For quality of service (QoS), Merrill Lynch will
initially employ Cisco's weighted fair queuing
(WFQ)algorithm to establish priority and
allocate bandwidth among users and
applications. WFQ classifies traffic into
conversations and applies priority - or weights -
to traffic to determine how much bandwidth
each conversation is allowed relative to other
conversations.
But Merrill Lynch still needs to formulate a
long-term QoS strategy, DeVito admits.
NetWare and VINES packages, meanwhile,
handle less mission-critical tasks, such as file
and print services. The Banyan conversion to IP
is 99% complete, and the NetWare transition is
currently under way, says Alok Kapoor, vice
president of enterprise architecture at Merrill
Lynch.
Merrill Lynch may opt for NetWare-to-IP
gateways rather than a wholesale change, due
to cost and complexity considerations, Kapoor
says.
One of those considerations is directories. The
different networks and applications in the
Merrill Lynch network mean separate and
distinct directories are also present.
Merrill Lynch's Windows NT domains have an
exclusive directory, 15% to 20% of its
employees use Novell Directory Service, and
there are some home-grown directories for
customized applications, Kapoor says.
And then there's Merrill Lynch's IP Domain
Name System (DNS).
"We have a pretty messed-up DNS
environment right now," Kapoor says. Merrill
Lynch users are currently logged by their
hard-coded IP addresses, which limits mobility
and flexibility. If a user moved to another
workstation that had a different IP address, it
would be hard to ensure that the user had
access to the resources he or she needs.
"We're a largely static IP environment, and that
makes manageability a nightmare when you
consider the moves, adds and changes that
occur," Kapoor says. "It takes an immense
effort today to move a node from point A to
point B and have all of your applications
continue to function."
A common directory
Merrill Lynch is looking to consolidate these
separate directories into a single, global
repository to better align users with the
resources and applications they need, and to
provide single sign-on access. The directory
would log users by name instead of IP address.
This would enable Merrill Lynch to implement
Dynamic Host Configuration Protocol (DHCP)
addressing, in which users lease an IP address
from a pool of addresses and give it back when
they're done, Kapoor says. DHCP is intended
to enhance mobility in an IP network.
A common directory would facilitate an
intelligent network that uses policies to grant
access to network and application resources to
specific users or groups of users. Merrill Lynch
is encouraging Cisco to work more closely with
Microsoft on aligning Cisco equipment and
CiscoAssure policy software with Microsoft's
Active Directory and applications such as
Exchange, Kapoor says.
Cisco and Microsoft are already working
together on the Directory Enabled Network
initiative, which is attempting to standardize
directory schemas and access routines for
policy-based networking.
For remote access, Merrill Lynch is looking at
implementing a virtual private network using a
common tunneling protocol for encryption,
Kapoor says. Currently, Merrill Lynch is using
the Point-to-Point Tunneling Protocol in
Windows 95 and NT, but would like to
implement a more scalable system some time in
2000, he says.
Contact Senior
Editor Jim Duffy
|
