About This Architecture

Bulbank Mobile implements a hybrid on-premises and AWS architecture for a banking application, with CheckPoint and Cisco firewalls securing the on-prem datacenter while an AWS VPC handles cloud workloads. Traffic flows from the Bulbank Mobile App through the CheckPoint Perimeter Firewall (82.84.80.121) into a DMZ proxy, then to the BBMBackEnd Server running Apache Tomcat, which connects to FlexCube Core Banking and BBMDB for persistence. The AWS side mirrors this pattern with an Internet Gateway routing through an ALB to Auto Scaling EC2 instances (t3.medium) backed by RDS PostgreSQL Primary and Read Replica databases, S3 static assets, and CloudWatch monitoring. This architecture demonstrates defense-in-depth with perimeter security, application-layer firewalls, and network segmentation across both on-prem and cloud environments. Fork this diagram on Diagrams.so to customize firewall rules, adjust EC2 instance types, or model multi-region failover scenarios for your banking platform.

People also ask

How do you design a secure hybrid architecture connecting on-premises banking systems to AWS with firewall segmentation and high availability?

Bulbank Mobile uses CheckPoint and Cisco firewalls to segment on-prem traffic through a DMZ proxy to the BBMBackEnd Server, while mirroring the pattern in AWS with an ALB routing to Auto Scaling EC2 instances backed by RDS PostgreSQL Primary and Read Replica. This defense-in-depth approach isolates each trust zone and enables independent scaling of cloud and on-prem components.