Bank of Ceylon (BOC) is one of the largest banks in Sri Lanka that has over 600+ branches, 600+ ATMs, 5000+ Employees Island wide. Since the organization grew over almost 70 years, there were wide range of technologies, conventions as well as devices. With the demanding need of banking applications and online transactions, BOC wanted a reliable, fast and robust infrastructure, which will quickly adapt in to network conditions automatically and minimize outages.


Improve Application and service availability, reduce manual network optimization workload and invest on an infrastructure that will scalable during next decade.  The biggest challenge was to make sure everything from to legacy ATM switch to latest VM clusters, load balancers and numerous components work in harmony through a common platform for the decade or so on, given that these technologies will update frequently. Finally, being a prominent bank in country, BOC could not afford significant downtimes for this network upgrade nor total replacement of current networking infrastructure. Therefore, the new solution must utilize current resources as much as possible and should have a smooth migration path.


After analyzing the touch points by the customer organization, Cisco Application Centric Infrastructure (ACI) was selected for the solution. After deploying, Cisco ACI is to provide the robust infrastructure BOC wanted while automating most of network operations and combining multiple technological domains. Cisco ACI is to provide insight visibility to identify network related issues proactively and minimize manual intervention of a DR scenario. With this industry leading Software defined networking (SDN) solution both Primary site and DR site resources can be managed as a single infrastructure environment.  Most of the existing technologies supported ACI platform, and remaining few legacy devices could get onboard with minimal tweaking. Combined with other components such as Firewalls (Cisco FirePower / Fortinet), load balancers (F5) and existing network gear, and own built in tools Cisco ACI was able to deliver a revolutionary infrastructure solution that was tailor made to BOC to deliver its applications / services towards customers as well as employees, despite of daily network related issues.

  1. Application-centric, software defined networking (Cisco ACI)
  2. Next Generation Firewall Solution (Cisco FirePower / Fortinet)
  3. Service Availability and Optimizing (F5)


With a smooth and rather quick transition phase, BOC was able to get the full benefits of Cisco ACI eco system with both latest and legacy components though out the network. With always-updated APIC controller nodes, Cisco ACI enables granular segmentation, fault isolation and control over the entire network and minimized service interruption caused by link outages or site down scenarios. Once infrastructure policies are defined and in place, changing physical location of a Server with multiple VMs in it is nothing but a plug and play job. The enhanced visibility over network also allows BOC administrator to take informed decisions rather than following trial and error method. Following table identifies few of the improved aspects.

BOC Task Before After
Server Connectivity Configuration on each Router or Switch Configuration through centralized management console (Cisco APIC)
Application of Security policies Applied in Firewall, or switch / router level manually Use APIC to configure everything in one place. Can reuse defined policies.
Capacity Measuring A long and Manual Process Simplified and a quick process
New service provisioning in a VM server Both Network Admin and VM administrator have to work together. Service Provisioning can be done in a single interface (APIC)
UAT and RND environment Creating a UAT / RND environment consumes dedicated hardware / physical access and lot of manual processes. Can provision and discard UAT / RND environments faster and safer under one interface (APIC console)
Security Security policies in firewall have to be applied at firewall level and involve manual tasks. APIC can push configurations to external Firewalls as necessary without manual involvement
Application and Service Availability Service Migration between Primary and DR is a manual process. Considerable time between service migrations. Automatic and intelligent service migration between sites, with no manual intervention.