AFTAs 2020: Best Infrastructure Initiative—Bank of America

Bank of America’s three-year project to refresh its global Wide Area Network (WAN) backbone is impressive for many reasons: its increased bandwidth and reduced cost and technology footprint, its use of a modular architecture to create segmented traffic flows, and intelligent automation tools to complete the project faster. 

But it’s the sheer scale of the project that is most impressive, covering all domestic and international communications between front and back offices across 200 large branch offices that house the bank’s eight lines of business—Retail, Preferred and Small Business, Merrill Lynch, Bank of America Private Bank, Business Banking, Global Commercial Banking, Global Corporate & Investment Banking, and Global Markets.

Designed during 2017 and 2018, deployment and migrations began in late 2018, with international site migrations completed in mid-2019, and the final remaining traffic migrated off the legacy network in January 2020. The WAN is based on 100 gigabit-per-second private Ethernet lines, and uses the latest carrier-grade, programmable routers and automation software that enable traffic segmentation and end-to-end encryption.

The result is a 10-fold increase in bandwidth with no increase in running costs as a result of buying at scale and lower cost of carrier circuits, and a 30% reduction in the firm’s hardware footprint. “The refresh better simplifies, secures, and modernizes the backbone to meet capacity and bandwidth demands for its applications, allowing room to further grow as business needs evolve,” says Tony Kerrison, CTO at the bank.

And while the project—which involved more than 400 employees and contractors, who underwent a total of 2,000 hours of training to operate and support the WAN—is the largest technology deployment in the bank’s history, the technologies employed use built-in intelligence to identify issues and to speed up the deployment itself.

“The use of automation for configuration and change management both simplifies the efforts of our operations staff and improves repeatability,” Kerrison says. “The entire environment was built through automation with a combination of Ansible playbooks, Python scripting, and a network services orchestration platform. Likewise, all ongoing changes are performed through the automation platform. A great example is the fact that we can now do automated MACSec key rotation on all of the links globally. This has reduced time to completion by several months and removed any potential human error while still providing the ability for human oversight and the ability for near-instantaneous rollback to known good states.”