Background

With the widespread adoption of mobile financial services, banking mobile apps have become the primary channel for customer transactions. However, due to the highly sensitive nature of the financial industry, the network architecture must meet demanding requirements such as high security, low latency, and high availability. Traditional architectures often fall short in handling massive concurrent access, defending against network attacks, and ensuring secure data transmission.
This solution is based on the bank's existing three-tier network structure—Web zone, DMZ middleware zone, and storage zone—and incorporates a Zero Trust security model, SD-WAN, and intelligent traffic scheduling technologies to build a high-performance, secure, and scalable infrastructure for mobile banking apps. It ensures secure, stable, and efficient customer transactions.

Solution Overview

The design follows a layered protection, intelligent scheduling, and active-active disaster recovery architecture to optimize the bank's mobile app network:

  • Front-End Access Layer (Web Zone): DDoS Protection: Combines cloud scrubbing and on-premises defense to mitigate large-scale traffic attacks. API Gateway: Centralized API management for authentication, rate limiting, and circuit breaking.
  • Middleware Zone (DMZ / Business Logic Layer): Microservices Architecture: Decouples business modules for independent deployment and elastic scaling. Smart Load Balancing and Routing: Dynamically selects optimal paths to ensure cross-regional access quality. Web Application Firewall (WAF): Protects against SQL injection, XSS, and other OWASP Top 10 threats.
  • Backend Storage Layer (Data Layer): Read/Write Database Separation: Master handles writes; replicas handle reads, improving performance. Distributed Caching (Redis Cluster): Reduces DB load and improves response speed. Encrypted Data Storage: Uses SM4 (Chinese national encryption algorithm) to secure sensitive data.
  • >

img

Key Advantages

  • High Security: Multi-layer protection (DDoS + WAF + IDS/IPS) defends against over 99% of network attacks. Zero Trust model prevents internal privilege escalation and data leakage.
  • High Availability: Active-active data center deployment eliminates single points of failure. Smart traffic scheduling ensures service continuity by automatically switching to optimal routes.
  • Elastic Scalability: Containerization + Kubernetes enables second-level scaling to handle traffic surges. Modular design allows rapid rollout of new services without rearchitecting the entire system.

Customer Challenges

  • High Risk of Network Attacks: Banking apps are prime targets for cybercriminals; traditional firewalls struggle with modern threats.
  • Strict Data Security Compliance: The financial industry faces the regulatory requirements under the Data Security Law and the Personal Information Protection Law
  • High Operational Complexity: Managing multi-region and multi-device environments is challenging and time-consuming when troubleshooting.

Customer Benefits

  • Improved User Experience: Faster access speeds reduce transaction timeouts and failures. Supports tens of millions of concurrent users with no lag during peak hours.
  • Enhanced Security: Higher attack interception rates and significantly reduced data breach risks. Complies with MLPS Level 3, PCI DSS, and other financial security standards.
  • Reduced O&M Costs: AIOps minimizes manual intervention and shortens incident recovery time by 80%. Elastic architecture saves over 30% in server resource costs.
  • Business Innovation Enablement: Enables rapid deployment of new features to capture market opportunities. Open APIs facilitate ecosystem partnerships with third-party payment and open banking services.