1. Reference Architecture for
Shared Services Hosting
for Payments Bank &
Small Finance Bank
Author: Sunil Babu
Date: 15-Feb-2016
Version: 1.0

2. Key Requirements
Business Requirements:
• Shared services hosting for Payment Banks & Small
Banks on a Shared Model & Shared Infra
• Fit for Purpose systems / Architecture
• Security compliant to mandates
• Lowest TCO
Technology Requirements:
• Scalable Architecture to handle rapid & quantified growth
• Architecture should logically partition bank data in an
optimal way
• Dynamic Infra Provisioning
• Lean Architecture
• High Performance and throughput at database and data
access layer
• Better User experience via low latency access response
• Effective Load distribution for optimum resource utilization
and better ROI
• Data security at rest and in transit
• Secure access to the environment for delivery team
• Ability to easily manage and replicate multiple environments
based on blueprint architecture.

3. High Level Architecture
Payments Bank & SFB - Shared Services
Infrastructure (DC, DR, Near-DR)
Networking (WAN, MPLS, SDN…)
Physical (Servers, SAN,Workstations..)
Virtualization (ESX, Hyper-V, Xen..)
Operating System
Compute Storage Network
Platform
Database Middleware ESB, MQ…
Core Application /TX
Processing Services
User Interface Services
Security
Management
Integration Services (API)
DevOps(Build,Test,Release)
ServiceMgmtPerf.MgmtEnterpriseMgmt
Bank
Users
Service
Provid
er
Team
• BankTeam
(Operation
s,
Managem
ent,
Business)
• Partners
• Merchants
• Customers
(Retail /
Corporate)
• Developm
ent
• Operations
• Infra
• Security
• Network
• Applicatio
ns
• Platform
• SOC, NOC,
TOC
Channels & Other
AncillaryApps

4. Design Principles & Assumptions
• Core Application (e.g. CBS),TX processingApplication (e.g. Cards), Functional Applications (e.g.AML) to be deployed
as separate instances
• Customer related Data to be stored in separate database
• There can be one instance of Non-Functional Apps such as APM, UIM, SOC etc.’
• Leverage on Multi-tenant database function to reduce DB license costs
• Leverage on running non-core functions such as Reporting, Backup from Near-DR & DR site to reduce load on DC
• Shared Applications such as APM, Infra Management, Asset Management should enable treating a bank as a logical
entity thus enabling monitoring/management/reporting for it separately
• Dynamic Infra Provisioning can achieved by leveraging Platform-as-a-Service (PaaS) technologies such as
Infrastructure-as-a-Service (IaaS), Database-as-a-Service (DBaaS) & Middleware-as-a-Service (MWaaS)
• When implementing PaaS, need to get assurance on version change and its impact on hosted applications.

5. Customer
Relationship
IT Governance
and
Compliance
Corporate
Administration
Products and
Transactions
ATM POS
Mobile/
Tablets
Internet
(Ret/Corp)
Branch KIOSKS
Phone
Banking
CRM
CRM
Analytics
Marketing
and
Campaigns
CRM Social
CRM Sales &
Service
Procurement HRMS GL
Fixed
Assets
Budgeting Projects Expense Management
Compliance BASEL
AML/KY
C
ALM/FT
P
Regulatory
RBI/ADF
Risk
Management
Governance Audit
Fraud
Management
Channels
Application Architecture
CASA
Microfina
nce
Term
Deposits
Personal
Finance
Wealth
Managem
ent
KYC
Gov
Business
Corporate
Banking
Payments Remittance Bills BC
Cash
management
Forex Treasury
DCMS
Asset
Manageme
nt
AML
Cards
Loyalty
Programs
INB
Mobile
Banking
Contact
Centre
Switch
ePG

6. Data Architecture
Encryption
Secure DB Instance for each Bank
Data Masking
Privileged
Access
Control
Replication for RTO, RPO &
Offloading of Non-Core
Functions
PR Near-DR / DR
Clustering for HA
(Active-Active or Active-Passive)
Compression
for Backup &
Archival
Columnar
Compression
Activity
Auditing Multitenant Container Database for Payments Bank / SFB Instance
Common DB Instance for all Banks
Multitenant Container Database
Information Architecture Information
Lifecycle
Management
Aggregations & SummariesUnstructured Data
Master & Reference Data, CIF
Operational DataStructured Data

7. External Ecosystem Service Provider DC – Bank “A” Application Instance
API Gateway
Channel / Wallet
App Services
CBS
Payment Gateway
2FA
Mobile Wallet App
TCP/IP
ISO8583
API Gateway
• Central Policy Enforcement on outgoing/
incoming traffic
• Threat Protection
• Non-Repudiation
• API Monitoring/ Mgmt.
• API Analytics
• ESB-Like Web Service Mediation
• Branded API Portal for Merchants & Developers
DMZ Corporate
Network
API based Integration Architecture
Risk Authentication
Merchants/Partners

8. Technology Operations Centre for all hosted banks - Architecture
Service Provider
Command Centre
DC & DR
Network
(MPLS/Leased
Line/WAN/LAN)
Applications
Servers
Workstations
Operating Systems
Transactions
Monitor
Manage
Administer
Proactive
Monitoring
(HW, SW, NW)
SLA
Management
Config/Patch
Management
App/Backup
Job
Management
RCA/ Rectify/
Restore
Server/Client
Automation
Asset Lifecycle
Management
Incident/Proble
m/Change
Management
Service
Management
Automation
Transaction
Management
(Online +
Mobile)
Database &
Middleware
Monitoring
TOC Solution Building Blocks
KPI(s)
• Business SLA
• Response Time
• RTO/RPO
• Throughput
• MTTR
• Time to Market/ Time to
Value
• TCO / RTO
Measured
Against

9. Technology Operations Centre - Integration
DC & DR
Applications
Servers
Workstations
Operating Systems
Transactions
Infra
Mgmt
Network
Mgmt
Automation
Application
Perf. Mgmt
Mobile
Application
Analytics
Service Desk
Alarms
Config Mgmt
Event Mgmt
Availability
Performance
“Metrics”
Agent +
Agentless
(SNMP)
“Metrics”
Agentless
(SNMP)
Workload Scheduling
& Management
Dashboard - Workload
Monitoring
& SLA Management
Dashboard/Reports/Alar
ms – Historical Reporting
Topology/Alarms – RCA
Reporting
Defects
Incident
Change Mgmt
Config Mgmt
KPI(s)/Trends/SLA
Reporting
Mobile/Web Customer Experience
& Business TX. Monitoring from
Mobile to backend
“Metrics”
Agent +
Web Traffic
“Metrics”
From Customer
Mobile Device
Events/Violations
Workload
(EOD, BOD, MIS..)

10. Security Architecture
Payments Bank & SFB - Shared Services
Infrastructure (DC, DR, Near-DR)
Networking (WAN, MPLS, SDN…)
Physical (Servers, SAN, Workstations..)
Virtualization (ESX, Hyper-V, Xen..)
Operating System
Compute Storage Network
Platform
Database Middleware ESB, MQ…
Core Application / TX
Processing Services
User Interface Services Integration Services (API)
Channels & Other
Ancillary Apps
WAFDDOS API
Management
IDS/IPS
PIM/PAM
2 Factor
Authentication
Fraud Risk
Management
IPsec APT

11. Security Operations Centre
Event Source
Points of Presence SOC Core SOC Output
Databases
Mainframe
Network
Collectors
SOC Analysis server
SOC DB server
SOC App server
Compliance Dashboard
Operational Dashboard
Logs,
Events,
Feeds
API
Management
2 Factor
Authentication
WAF
DDOS
IDS/IPS
IPsec
PIM/PAM
Fraud Risk
Management
APT

12. Deployment Architecture for a Bank
Bank “X” on Shared Services Hosting Model
Infrastructure (DC, DR, Near-DR)
Networking (WAN, MPLS, SDN…)
Physical (Servers, SAN,Workstations..)
Virtualization (ESX, Hyper-V, Xen..)
Operating System
Compute Storage Network
Platform
Database Middleware ESB, MQ…
Core Application /TX
Processing Services
User Interface Services
Management
Integration Services (API)
DevOps(Build,Test,Release)
ServiceMgmtPerf.MgmtEnterpriseMgmt
Channels & Other
AncillaryApps
Security
API
Management
2 Factor
Authentication
WAF
DDOS
IDS/IPS
IPsec
PIM/PAM
Fraud Risk
Management
APT
Created Specific
for Bank “X”
Shared Services