swiftnet 7.0 sibos 2010 amsterdam pieter herrebout, senior product manager, swift isabelle noblesse,...
TRANSCRIPT
SWIFTNet 7.0Sibos 2010 Amsterdam
Pieter Herrebout, Senior Product Manager, SWIFT
Isabelle Noblesse, Product Manager, SWIFT
Thursday 28 October
Agenda
2
• SWIFTNet 7.0 overview
• New features
• Potential impacts
• Vendor status
• More information
Messaging products
• Interoperability• Automation• Security• Reliability• Value added
services
Reports, documentsbulked low value messages
FileAct
App-to-app and human-to-application interaction
InterActBrowse
Single important message
FINInterAct S&F
3
SWIFTNet 7.0 schedule
Dec-07Dec-06 March-09 2010Date available:
R6.0 R6.1R6.3 R 6.0.40R 6.1.40
R7.0
- SWIFTNet 7.0 Release Overview- Alliance 7.0 Release Overview
SWIFTNet 7.0 available on production network
SWIFTNet 7.0 General Distribution
End of support 6.x
4
Upgrade windowUpgrade window
SWIFTNet 7.0 Overview - Messaging and Security
Messaging New features
5
Distribution of data
SWIFTNet 7.0Business features
Message & file copy
RMA
RMA for InterAct/FileAct
RMA for InterAct/FileAct
Full messageFull message
Full fileFull file
Easier solutions
Default subscriptionDefault subscription
Default configDefault config
MessagesMessages
FilesFiles
6
SWIFTNet 7.0 Operational features
Enhancedstore & forward
Easier operations
Delivery optionsDelivery options
Session historySession history
Default routingDefault routing
Routing managementRouting management
Clearer errorsClearer errors
SWIFTNetOnline
OperationsManager
New Browse GUINew Browse GUI
More functionsMore functions
New reportsNew reports
Traffic flows
Line segregation InterAct/FileAct
Line segregation InterAct/FileAct
7
SWIFTNet 7.0 Security enhancements
Full serviceaccesscontrol
Saving time
Also for non-RBAC servicesAlso for non-
RBAC servicesGroup role delegationGroup role delegation
Enhancedadministration
Delete userDelete user
Online SNL recoveryOnline SNL recovery
Enhancedsecuritycontrol
Scope for shared security officers
Scope for shared security officers
Segregate live vs testSegregate live vs test
Human password expiryHuman password expiry
8
4eyes authorisation4eyes authorisation
• Already exists for FileAct Header Copy• Now also for full message and full file copy
• Works similar to FIN:– T-copy: for information purpose– Y-copy: to obtain authorisation for delivery
• Service administrator decides on copy mode and options• Optional: sender can select copy destination
Message and file copy
Sender sends
message/file
Receiver getsmessage/file
Message or file copy
Sender sends
message/file
Message or file copy
Receiver getsmessage/file when released for delivery
9
• Send once to SWIFT with distribution list• SWIFT delivers to each recipient
• Potential business use: market data distribution, directory distribution, etc
Message and file distribution
Before After
10
• Principles are similar to FIN:• Customers exchange authorisations• Messaging interfaces must check traffic sent and received
against authorisation DB
• Applies to many-to-many environments• Examples: generic FileAct, SCORE, Funds, ...• MIs and MA-CUGs decide whether it is applicable for their service
• Phased migration• During transition: ability to manually populate RMA database• There will be a mix of authorised and non-authorised traffic• Final adoption with mandatory use
RMA for InterAct and FileAct
11
Store-and-forward enhancements
• Traffic can be delivered to multiple systems• Equivalent of "FIN shared delivery subsets"• Unavailability of a system causes traffic to be
distributed over remaining ones automatically
• Session History Report• Provides overview of past sessions
with session details
• Enhanced subset selection• InterAct only, FileAct only, or both• Normal only, Urgent only, or both
• Automatic traffic routing to default queue• If no routing rule is found, traffic will be delivered in the default queue
• Easier reconciliation of notifications• Notifications now contain header of original message
12
Traffic Segregation
• Available for all customers with an Alliance Connect Gold connection.
• Before SWIFNet 7.0• Customer configures his firewalls (between the SNL and the
VPN boxes) to use port address translation with an offset value for specific destination port (ranges).
• Send non-Browse traffic – InterAct (incl. FIN) + FileAct – over 2nd line.
• For ALL or a SUBSET of SNL hosts.
• With SWIFTNet 7.0• No firewall configuration required anymore.
• Port offsetting is done by the SNL.
• Segregation can also be done for the same SNL between InterAct (incl. FIN) and FileAct traffic.
13
SWIFTNet Online Operations Manager
SWIFTNet 7.0 Overview - Messaging and Security 14
Security and routing management through new Browse service
SWIFTNet Online Operations Manager
15
Same functionality is now available through a Browse service
• operated by SWIFT• accessed with URL
like any Browse service
Users treesimilar to WebStation
Several user details can be opened at the same time
New field:Certificate expiry date
New: Search for any tree entry, tree expands automatically
New: On-line recovery of SNL certificates
Direct access to Roles screen for user
New: Ability to delete obsolete user
16
Certificate detailssimilar to WebStation
17
Users treesimilar to WebStation
Several user details can be opened at the same time
New: Search for any tree entry, tree expands automatically
Direct access to Certificates screen for this user
New: allows to list assigned roles only
New: - copy all roles from one user to other users- (un)grant roles to group of users at once
Role detailssimilar to WebStation
Reports showing:- all certificates (New!)- all roles (all services)
New report:Audit log of all changes performed
18
19
Free format field for each certificate
Avoid inadvertent changes by giving read-only access (viewer roles)
20
All matches entries are highlighted in the tree
Indicates number of entries found
Advanced searchparameters
21
Outcome of last automatic run
Define automated reports delivered through e-mail or FileAct
E-mail addresses must be registered before use (separate menu option)
Select from previous saved criteria
Allows to receive regularly a list of certificates that will expire soon :– define an automated certificate report with as criteria the expiry timeframe
22
Save report parameters for later use
Select saved report parameters from a list
PowerPoint Toolkit – 23 October 2008 – Confidentiality: restricted 23
SWIFTNet 7.0 & potential impact
Potential impact
24
R7.0 interfaces
Mandatory interface qualification
Upgrade by End March 2012
R7.0 software upgrade
Application Service Profile
Used by R7 interfaces
Service cb.rtgsNon-repudiation: YUses RMA: YSigning: Crypto...Service: cb.rtgs!pNon-repducation: YUses RMA: Y...
Service name
Business features(eg RMA usage)
Technical features(Signing, ...)
PowerPoint Toolkit – 23 October 2008 – Confidentiality: restricted 25
Vendor status
Vendor status
• Backwards compatibility testing• Performed by SWIFT and interface vendors• Successfully performed during May/June 2010• Results are published on swift.com
• Messaging interface testing• Vendors (or customers) can develop their R7.0 interface and test on the
developer's testbed• SWIFT organises support for specific test scenarios (eg S&F Recovery)• Vendors may perform testing with pilot users
• Messaging interface qualification program• Mandatory for messaging interfaces as of R7.0• Applies to vendors as well as customers who build their own interface• SWIFT runs qualification program as of Sep 2010• Includes customer reference test• Qualified interfaces are published on swift.com
26
PowerPoint Toolkit – 23 October 2008 – Confidentiality: restricted 27
More information
Training
28
Consultancy
29
Questions & answers
?
Thank you