Getting started with Swift’s Alliance Connect Virtual on Google Cloud

The ability to deploy Swift’s Alliance Connect Virtual in Google Cloud allows financial institutions to leverage the scalability, flexibility, and cost-effectiveness of cloud infrastructure while maintaining the security and reliability standards required for financial transactions. By virtualizing the traditionally hardware-based Swift VPN connections, institutions can streamline their infrastructure, reduce operational overhead, and accelerate their digital transformation initiatives. Additionally, Google Cloud's robust security features and compliance certifications help keep sensitive financial data protected. 

“Cloud technology has been game-changing for the financial industry over the past decade and will be a key enabler of future transaction forms and flows. With the launch of Alliance Connect Virtual, Swift has taken a major step forward in supporting our customers' cloud journeys, offering seamless and secure access to Swift via the public cloud. Teaming up with Google Cloud, we’re proud to deliver flexible and resilient solutions that align with the fast-growing cloud-first mindset of our customers, driving innovation while maintaining the highest levels of security and reliability. The feedback we have received from our pilot customers on Google Cloud has been overwhelmingly positive, and we are looking forward to seeing the adoption of the new offer scale.” - Sophie Racquet, Head of Alliance Connect Product Management, Swift

Architecting Alliance Connect Virtual on Google Cloud

The following diagrams show reference architectures of the deployment of the Alliance Connect Virtual connectivity project on Google Cloud. Alliance Connect Virtual is set up in Google Cloud and it provides connectivity to Swift via virtualized Juniper vSRX VPN and via internet or pseudo-leased-line connections to the Swift Network through network providers, based on the customer-chosen connectivity offering (Gold, Silver or Bronze). A pseudo leased line consists of four VLAN attachments and each pair of VLAN attachments has its own Cloud Router and two Partner Interconnect connections. 

Alliance Connect Virtual is offered in three packages: Bronze, Silver and Gold. Depending on your Swift traffic’s criticality along with resiliency requirements, you can use the tier that best aligns with your needs. Find below the architecture for each package.

Alliance Connect Virtual Gold:

The Alliance Connect Virtual Gold connectivity package provides the strongest resiliency and service level of the three options. The connectivity to Swift is made through Partner Interconnect provisioning two connections of equal capacity, with an enterprise-grade connection to Google Cloud that has the higher throughput of the three packages. Traffic goes through a service provider with a dedicated connection. By bypassing the public internet, your traffic takes fewer hops, so there are fewer points of failure where your traffic might get dropped or disrupted. This option is designed for customers handling more than 40,000 messages per day.

Alliance Connect Virtual Silver:

The Alliance Connect Virtual Silver package provides connectivity through one dedicated pseudo leased connection through a network provider using Partner Interconnect, providing high bandwidth and throughput. In this setup an internet connection is added as backup. This option is designed for customers handling between 1,000 and 40,000 messages per day. 

Alliance Connect Virtual Bronze:

The Bronze Alliance Virtual Connect option provides low-cost internet connectivity. In this setup you can connect two VPN boxes in order to maintain a backup connection in case of failure. This option is designed for customers handling up to 1,000 messages per day. 

Find out more about the different Alliance Virtual Connect Packages here. 

This architecture includes the following components:

1. A set of VPC Networks for different vSRX network interfaces to segregate the traffic (Untrust VPC, Trust VPC, Interconnect VPC and Management VPC ). The traffic to Partner Interconnect or the internet goes through the Untrust VPC.

2. A set of VPC Subnets for different vSRX network interfaces to segregate the traffic (Untrust Subnets, Trust Subnets, Interconnect Subnets and Management Subnets) 

3. A set of Firewall rules to control egress/ingress traffic between the Swift Network and other VPCs

4. Configuration of the Routes for the VPCs created above 

5. Cloud Routers as per the architecture above that provide the routing for Cloud Interconnect. 

6. VLAN Attachments for Partner Cloud Interconnect connection, to establish a secure connection to the Swift network 

7. Cloud KMS to manage cryptographic keys

8. Compute Engine Virtual Machines where the vSRX appliance will be deployed for High Availability setup 

Swift application architectures

Swift offers various messaging interfaces tailored to different customer needs and levels of complexity. Below we showcase the architecture of how the different messaging applications listed below can be deployed on Google Cloud and connect via Alliance Virtual Connect. 

1. Alliance Cloud
2. Alliance Access
3. Alliance Messaging Hub

Along with the messaging interface, the High Availability (HA) tool is deployed in the application project. This tool is used to enhance the resilience and uptime of the connection to the Swift network through Alliance Connect Virtual (the connectivity packs deployed in the VPN project). The HA VM application achieve this by: 

• Monitoring and managing routing tables: This helps ensure that if one connection path to the Swift network or one availability zone becomes unavailable, the traffic can be seamlessly rerouted through the alternative path, minimizing disruption.
• Maintaining redundant vSRX machines: Typically, the HA VMs oversee the two Compute Engine VMs that host the Juniper vSRX VPN, with one vSRX acting as the primary connection point and the other on standby. If the primary vSRX fails, the other vSRX automatically takes over the connection, helping to ensure continuity of service.

1. Alliance Cloud on Google Cloud:

Alliance Cloud is a fully managed, financial cloud-based messaging interface that connects customers to Swift’s services with the benefits of cloud deployments, such as reduced infrastructure management. Alliance Cloud offers a reduced total cost of ownership given that it is managed and hosted by Swift. Find more information on their website. 

Alliance Cloud offers the following connectivity options to integrate messaging flows of the customers' back-office applications with Alliance Cloud

• Alliance Cloud offers a direct API called the Swift Messaging API (more information is available on the Swift messaging API | Swift Developer Portal), allowing customer back-office systems to integrate with Alliance Cloud using RESTful APIs. This can be achieved by choosing from Swift’s API footprint options; zero footprint, Swift SDK or Swift Microgateway (more information can be found on the Swift developer portal)

• Alliance Cloud offers a software footprint through the Swift Integration Layer. This offers both file and RESTful API connectivity between the Swift Integration Layer and the customer back-office applications.

2. Alliance Access on Google Cloud: 

Alliance Access is a Swift messaging interface that enables a secure connection to Swift by banks and financial institutions. Find more information on the Swift website. Alliance Access components can be deployed and managed within your Google Cloud environment. The following components will make up the Alliance Access solution:

• Alliance Access Server: This is the core of the solution, a software application installed on the institution's infrastructure. It acts as the interface between the institution's internal systems and the Swift network.

• Alliance Web Platform: A web-based interface that allows users to monitor message flows, manage configurations, and perform various operational tasks related to Swift messaging.

• Alliance Gateway: A component that provides additional security and routing capabilities, by concentrating your flows from different interfaces through to Swift.

• SwiftNet Link (SNL): Enables Alliance Gateway to perform application-to-application communication over SwiftNet services. Connectivity can be established via the different connectivity packs of Alliance Virtual Connect on Google Cloud.

Below, we present a few Reference Architectures on how a deployment of Alliance Access, using Alliance Virtual Connect in Google Cloud to establish connectivity to Swift network could look like:

Alliance Access itself does not require an independent Oracle database instance for its core functionality as it comes with its own embedded Oracle database Standard Edition instance. For the Alliance Access deployment on Google Cloud the reference architecture above uses the embedded OracleDB which is the deployment method supported for Alliance Access on Google Cloud. 

Alliance Gateway and Alliance Web Platform come with an embedded Oracle database Standard Edition. These products mainly use it for storing configuration and logs, and do not store business data.

3. Alliance Messaging Hub

Alliance Messaging Hub (AMH) is a modular, financial messaging solution offered by Swift. AMH provides extensive throughput and sophisticated data management, delivering routing between different messaging services. Find more information on their website. The following components will make up the Alliance Messaging Hub (AMH) solution:

• AMH Physical Nodes (servers): This is the core of the solution. An AMH Physical Node is a software application that acts as the interface between the institution's internal systems and the Swift network. One or more such servers can be deployed.

• Alliance Gateway: An optional component that provides additional security and routing capabilities, by concentrating your flows from different interfaces to Swift.

• SNL: Enables Alliance Gateway to perform application-to-application communication over SwiftNet services. It can be established via the different connectivity packs of Alliance Virtual Connect on Google Cloud.

• An Oracle Database shared by AMH Physical Nodes: Unlike Alliance Access, AMH does not come with the option of an embedded Oracle database. AMH Customers need to provide the database. To host their Oracle database on Google Cloud, customers can use Bare Metal Solution, which provides a secure environment in which they can run specialized workloads, such as Oracle databases on high-performance, bare-metal servers. On the other hand, the Google Cloud and Oracle partnership opens up many possibilities for customers to host their Oracle database on the cloud , such as  using Oracle Database@Google Cloud or hosting Oracle on Compute Engine. Oracle Database@Google Cloud allows customers to host database services in a Google Cloud datacenter running on Oracle Cloud Infrastructure (OCI) hardware.

Oracle Database@Google Cloud

Oracle Database on Google Compute Engine

Bare Metal Solution

OCI and Google Cross-Cloud Interconnect

Why deploy Swift connectivity on Google Cloud

Deploying the Swift connectivity stack on Google Cloud offers a compelling solution for financial institutions due to the platform's inherent advantages:

1. Google Cloud's robust infrastructure, designed to meet specific workload and industry needs, ensures high availability and reliability for mission-critical financial operations.

2. This infrastructure is optimized for AI, allowing institutions to leverage advanced analytics and automation for enhanced efficiency and security.

3. Additionally, Google Cloud's commitment to sustainability aligns with the growing emphasis on responsible business practices, helping organizations minimize their environmental footprint while benefiting from advanced technology. 

4. Furthermore, Google Cloud's collaborative tools, powered by AI, streamline communication and workflow processes, empowering teams to work more efficiently and effectively. 

The reference architectures above enable a secure and reliable connection to Swift by leveraging Google Cloud Infrastructure and network components. The following Google Cloud components play a crucial role in establishing a secure connection to Swift: 

1. Partner Interconnect: Google Cloud Partner Interconnect offers a way to connect Swift’s on-premises network and Alliance Connect Virtual VPC network through a supported service provider. This type of connection provides secure and reliable data transfer, bypassing the public internet. This solution is also scalable, allowing you to increase capacity as your needs change. 

2. Bare Metal Rack HSM: A key component of the Swift architecture is Swift HSM. It is a dedicated hardware device that safeguards Swift's Public Key Infrastructure (PKI) credentials, ensuring secure signing of live traffic and authentication of production services. In order to leverage the benefits of the cloud for the hosting of Swift HSM, customers can leverage Bare Metal Rack HSM. Bare Metal Rack HSM provides dedicated racks and switches for hosting HSMs, ensuring isolation and a high degree of control over the environment. This aligns well with the security requirements of Swift HSM, which demands robust protection of sensitive key material. The Bare Metal Rack HSM solution is hosted in colocation facilities with active peering fabrics, ensuring low-latency connections to Google Cloud workloads. Google's standards for these facilities and redundant infrastructure contribute to a highly available service. It is also hosted in facilities compliant with PCI-DSS, PCI-3DS, and SOC 1, 2, and 3 standards.

3. Oracle Database: The deployment of Alliance Messaging Hub will require Swift customers to deploy an Oracle Database. Google provides customers with several options to deploy oracle databases through the partnership of Google and Oracle which makes it easy for customers to migrate, modernize, and manage their Oracle-based applications in the cloud. You can find here the different ways to deploy Oracle on Google Cloud offering flexibility for your deployments.

To learn more about the exciting collaboration between Google Cloud and Swift, contact your Google Cloud sales representative, partner manager, or your Swift account manager.