Alliance Connect Bronze

Service Description
SRX VPN Boxes

This document describes the features and functions of Alliance Connect Bronze and the roles and responsibilities of the
parties that implement this product when implemented with SRX VPN boxes. This document is for customers that require
information about Alliance Connect Bronze.

01 August 2018
Alliance Connect Bronze Table of Contents
Service Description

Table of Contents

Preface............................................................................................................................................................... 3

1 Introduction..............................................................................................................................................4

2 Features and Functions.......................................................................................................................... 6

2.1 Connectivity to SWIFTNet....................................................................................................................... 6
2.2 Implementation and Set-up of the VPN Boxes........................................................................................ 7
2.3 How Alliance Connect Bronze Works...................................................................................................... 7

3 Service Availability................................................................................................................................ 10

4 Ordering................................................................................................................................................. 11
4.1 Ordering.................................................................................................................................................11
4.2 Subscription to Alliance Connect Bronze.............................................................................................. 11
4.3 Export Restrictions................................................................................................................................ 11
4.4 Import Restrictions................................................................................................................................ 12

5 Support...................................................................................................................................................13

6 Roles and Responsibilities...................................................................................................................14

6.1 Parties Involved in Delivering Alliance Connect Bronze........................................................................ 14
6.2 Customer's Roles and Responsibilities................................................................................................. 15
6.3 SWIFT's Roles and Responsibilities......................................................................................................17

7 Contractual Framework.........................................................................................................................19

8 SWIFT Training...................................................................................................................................... 20

Legal Notices................................................................................................................................................... 21

01 August 2018 2
Alliance Connect Bronze Preface
Service Description

Preface
About this document
This service description describes the features and functions of Alliance Connect Bronze, when
implemented with the new model of SRX VPN boxes, and the roles and responsibilities of the
parties that implement this product.
Note This service description, together with the SWIFT General Terms and Conditions, the
VPN Box Terms and Conditions, and other relevant Contractual Documentation, is an
integral part of the contractual arrangements between SWIFT and its customers for
the provision and the use of the Alliance Connect Bronze product.

Intended audience
This document is for customers that require information about the features and functions of the
Alliance Connect Bronze product and about the related roles and responsibilities.

First edition
This is the first edition of the document.

SWIFT-defined terms
In the context of SWIFT documentation, certain terms have a specific meaning. These terms are
called SWIFT-defined terms (for example, customer, user, or SWIFT services and products). The
definitions of SWIFT-defined terms appear in the SWIFT Glossary .

Related documentation
• Alliance Connect Bronze Implementation Guide - SRX VPN Boxes
• Alliance Connect Bronze Quick Installation Guide - Two SRX VPN Boxes
• Alliance Connect Bronze Quick Installation Guide - One SRX VPN Box
• VPN Interface Configuration for Alliance Connect Bronze Release Letter
• Alliance Connect Bronze VPN Box Resilience Testing Scenarios - SRX VPN Boxes - Dual VPN
Solution
• Alliance Connect Bronze Connectivity Test Tool User Guide
• VPN Box Terms and Conditions
• Network Access Control Guide
• Network Configuration Tables Guide
• Resilience Guide
• SWIFT General Terms and Conditions
• SWIFT Corporate Rules
• SWIFT Customer Testing Policy
• SWIFT By-laws
• SWIFT Personal Data Protection Policy

01 August 2018 3
Alliance Connect Bronze Introduction
Service Description

1 Introduction
Alliance Connect portfolio
SWIFT has developed three different Alliance Connect products. Each product addresses specific
needs in terms of infrastructure and connectivity requirements.

Alliance Connect Bronze

SWIFT has developed Alliance Connect Bronze for low-volume customers that exchange up to
1,000 messages per day.
Alliance Connect Bronze is designed as a low-cost but fully secure method to connect to SWIFT.
Although Alliance Connect Bronze is an internet-based product (and therefore SWIFT cannot
guarantee its availability), low-volume customers will find this product suitable for their needs.
Alliance Connect Bronze uses the Internet and SRX VPN boxes, to access SWIFTNet. By using
the Internet, SWIFT increases the connectivity choices and significantly reduces the network
connectivity cost of connecting to SWIFTNet.
Many customers already have an internet connection for their business purposes. This new
connectivity option enables customers to leverage these connections to establish a secure channel
to the SWIFT multi-vendor secure IP network.
Alliance Connect Bronze uses the proven security mechanism that the cluster of SRX VPN boxes
provides to create this secure channel over the Internet. The customer can choose an Internet
Service Provider (ISP) of its choice to provide the internet connection(s).
There are two set-ups for Alliance Connect Bronze:
• Alliance Connect Bronze with two active SRX VPN boxes and two ISP connections.
This set-up has built-in resilience in case of failure of one of the SRX VPN boxes, due to the
active/standby cluster of VPN boxes.
Note The existing SSG5 set-up of two VPN boxes and one internet connection is not
supported with SRX VPN boxes and does not work.
• Alliance Connect Bronze with one active SRX VPN box and one ISP connection.
Note When using this type of set-up, it is highly recommended to have a Disaster
Recovery site ready to take over the traffic in case of VPN failure or Internet
connection failure. Alternatively, if the problem is due to a faulty VPN, it can be
replaced by the mandatory spare VPN box that should always be available.

Benefits of Alliance Connect Bronze

Alliance Connect Bronze offers the following advantages:
• Reduced connectivity cost
By making use of the Internet, SWIFT helps customers reduce network connectivity costs.
• Permanent connection
This network connectivity is designed to be available 24 hours a day, 7 days a week, which
provides customers with a permanent connection to counterparties, service providers, and
peers.
• Global availability
Internet connectivity is available everywhere, which means that this product is accessible
worldwide.
• Ease of use

01 August 2018 4
Alliance Connect Bronze Introduction
Service Description

Customers can re-use an existing internet connection or order a new one with a preferred local
ISP. SWIFT provides the necessary elements to establish a secure connection to multi- vendor
secure IP network.
• Security
The same trusted security mechanisms are in place as for any other connectivity method for
connecting to the multi-vendor secure IP network, including SWIFT-managed VPN boxes.
The built-in IPsec encryption ensures the complete confidentiality of exchanged data.
• Resilience
Alliance Connect Bronze with two active SRX VPN boxes and two ISP connections configuration
protects against failure of the ISP router, the ISP connection, and the SRX VPN box through
automatic failover to the secondary SRX VPN box or the secondary ISP connection, depending
on the failure type, that is, VPN or ISP connection failure.
• Support
SWIFT offers world-class customer support services, which are available 24 hours a day, 7 days
a week, worldwide.

Features overview
Alliance Connect Bronze has the following key features:
• Internet-based connectivity
Alliance Connect Bronze enables customers to establish a secure channel to SWIFTNet, both
for the primary and secondary (with two active VPN solution) connections. These can be
provided by the Internet Service Provider (ISP) of the customer's choice.
• Cluster of two VPN boxes in an active/standby mode providing built-in resilience
The Alliance Connect Bronze with two active SRX VPN boxes set-up has built-in resilience in
case of failure of one of the VPN boxes, due to the active/standby cluster of VPN boxes. The
VPN boxes appear as one to the hosts. If the primary VPN box fails, then the standby VPN box
automatically initiates a failover. After restoration of the primary VPN box, the failed over traffic
flow is restored automatically to the primary VPN box.
• Proven IPsec security mechanism
Alliance Connect Bronze uses the proven security mechanism that the SRX VPN box cluster
provides to create a secure channel over the Internet. This channel uses the IPsec technology,
which preserves the security of the data that users exchange on a public infrastructure such as
the Internet.
• Single or dual internet topology
For Alliance Connect Bronze with two active SRX VPN boxes, primary and secondary ISP
connections are needed thus improving resiliency.
For Alliance Connect Bronze with one active SRX VPN box, it is highly recommended to have a
Disaster Recovery site ready to take over the traffic in case of VPN failure or Internet connection
failure. Alternatively, if faulty VPN, it can be replaced by the mandatory spare VPN box.
• Simple set-up and installation of the VPN box cluster
The implementation and set up is straightforward: the customer can install the VPN box(es) and
set up the secure connection thanks to the Alliance Connect Bronze Quick Installation Guide -
SRX VPN Boxes that is provided with the VPN boxes.

01 August 2018 5
Alliance Connect Bronze Features and Functions
Service Description

2 Features and Functions

2.1 Connectivity to SWIFTNet

Alliance Connect Bronze is a network connectivity product that uses the Internet to access
SWIFTNet. Alliance Connect Bronze enables customers to establish a secure channel to the
SWIFT multi-vendor secure IP network.
Customers can choose to connect through a single or dual VPN solution with one or two
connections respectively, as shown in the following graphics:

Internet connection
Depending on the configuration (one or two active SRX VPN boxes), customers need one or two
broadband internet connections and routers, or modem(s) provided by their preferred Internet
Service Provider (ISP) that the customer has selected. Customers can use an existing internet
connection for this purpose.
The implementation and the set-up of the VPN boxes is straightforward. Customers can find more
information about the installation of the VPN boxes and the set-up of the secure connection in the
Alliance Connect Bronze Implementation Guide - SRX VPN Boxes.
Note The internet connection must not be restricted to sending or receiving SWIFT traffic. It
can be shared with other internet services.

01 August 2018 6
Alliance Connect Bronze Features and Functions
Service Description

2.2 Implementation and Set-up of the VPN Boxes

Depending on the configuration (one or two active SRX VPN boxes), customers need one or two
broadband internet connections and routers, or modem(s) provided by the Internet Service
Provider (ISP) that the customer has selected. Customers can use an existing internet connection
for this purpose.
The implementation and the set-up of the VPN boxes is straightforward. Customers can find more
information about the installation of the VPN boxes and the set-up of the secure connection in the
Alliance Connect Bronze Implementation Guide - SRX VPN Boxes.

2.3 How Alliance Connect Bronze Works

IPsec technology
Alliance Connect Bronze uses the proven security mechanism that the cluster of VPN boxes
provides to create a secure channel over the Internet. This channel uses Internet Protocol Security
(IPsec) technology, which preserves the security of the data that users exchange on a public
infrastructure such as the Internet. The IPsec session occurs between the VPN boxes at the
customer's premises and VPN concentrators that are located in SWIFT backbone access points.
IPsec is an end-to-end security solution that operates at the internet layer of the Internet Protocol
Suite, which is comparable to layer 3 in the Open Systems Interconnection (OSI) model. IPsec is a
suite of protocols that have the following roles:
• secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet
of a data stream
• establish mutual authentication between agents at the beginning of the session and the
negotiation of cryptographic keys for use during the session

Failover mechanism of the VPN box cluster for two active SRX VPN boxes
The SRX VPN boxes are co-located and interconnected by three dedicated cables. The VPN boxes
appear as one to the host. If the primary VPN box, router, or connection fails, then the standby VPN
box automatically initiates a failover to activate the secondary connection. After restoration of the
primary VPN box, the failed over traffic flow is restored automatically to the primary VPN box.
The active/standby cluster of VPN boxes offers built-in resilience for the standard Alliance Connect
Bronze set-up in case of failure of one of the VPN boxes or internet connection. An Alliance
Connect Bronze with two active VPN boxes is a configuration of two VPN boxes in active/standby
mode, in which each VPN box is connected to an internet connection. By default only one internet
connection is active at any time in case of no load sharing. The VPN boxes are co-located and
interconnected by three dedicated cables. The VPN boxes appear as one to the host.
If the primary VPN box fails, then the secondary VPN box automatically initiates a takeover so
traffic flows over this VPN box, existing connections continue to be used as this VPN connects to
both connections. After restoration of the primary VPN box, the failed over traffic flow is restored
automatically to the primary VPN box.

01 August 2018 7
Alliance Connect Bronze Features and Functions
Service Description

On the other hand, if the primary connection fails, then the cluster uses the secondary connection
to transmit the traffic. After restoration of the primary connection, the failed over traffic flow is
restored automatically to the primary connection.

Alliance Connect Bronze SRX topology with two active VPN boxes

Failover mechanism of the VPN box in case of one active SRX VPN box

Important It is highly recommended to have a Disaster Recovery site ready to take over the
traffic in case of VPN failure or Internet connection failure. Alternatively, if the VPN is
faulty, it can be replaced by the mandatory spare VPN box.
This configuration does not protect against a failure of the internet connection, in
which case all connectivity is lost.

01 August 2018 8
Alliance Connect Bronze Features and Functions
Service Description

An Alliance Connect Bronze based on a single SRX VPN box set-up is a configuration of one
internet access.

Alliance Connect Bronze SRX topology with one active VPN box

01 August 2018 9
Alliance Connect Bronze Service Availability
Service Description

3 Service Availability
Operational status
SWIFT displays the operational status of SWIFT's systems and messaging services on the SWIFT
Operational Status.
In case of problems, it is the customer's responsibility to first consult any notifications about the
operational status of SWIFT's systems and messaging services. To do so, the customer must
subscribe to operational status notifications.

Customer unplanned unavailability

If the customer must unplug or switch off a VPN box or other network device which affects the
connection to the services (for example, for maintenance, failover testing, or upgrade purposes),
then the customer must inform SWIFT at least one week in advance (see Knowledge Base tip
1798719).

SWIFT unplanned unavailability

Important Alliance Connect Bronze is an internet-based product. SWIFT has no control over the
capacity or the availability of the internet connection. SWIFT is not responsible for and
cannot guarantee the bandwidth nor the service availability of the internet connection.

If SWIFT becomes aware of a problem with SWIFT's systems and messaging services, then it
initiates the relevant recovery or fallback operation, falling under SWIFT's responsibility that is
necessary to restore the service.

01 August 2018 10
Alliance Connect Bronze Ordering
Service Description

4 Ordering

4.1 Ordering
Order SWIFT services and products
To use SWIFT services and products, a customer must subscribe to, or order, the relevant services
and products.

Related information
For information about SWIFT's online ordering facility and how to order, see www.swift.com >
Ordering & Support > Ordering.

4.2 Subscription to Alliance Connect Bronze

The subscription to Alliance Connect Bronze includes the following elements:
• In case of Alliance Connect Bronze with two active VPN boxes:
- two VPN boxes that are actively connected/configured in a cluster with associated cables
(optionally, the customer can order an additional VPN box to be a spare VPN box)
- the provisioning of the subscriber's profile in the SWIFT backbone
• In case of Alliance Connect Bronze with one active VPN box
- two VPN boxes, one is configured/connected as the active VPN box with associated cables
and one that is stored as spare VPN box (mandatory)
- the provisioning of the subscriber's profile in the SWIFT backbone

4.3 Export Restrictions

Description
The provision of hardware or software in relation to Alliance Connect Bronze may be subject to
export restrictions and other sanction programmes.
Without prejudice to the generality of the foregoing, and at the date of this Service Description, the
VPN boxes and associated software and technology are restricted items under US law and may
therefore not be sent to Cuba, North Korea, Iran, Sudan, or Syria.

VPN box relocation

When considering the relocation of the VPN boxes, customers should ensure that they comply with
applicable export and re-export restrictions and other sanction programmes.
Note Export and re-export restrictions and other sanction programmes may change from
time to time. If you have any questions about the export classification of the VPN
boxes, then contact your local Customer Support Centre.

01 August 2018 11
Alliance Connect Bronze Ordering
Service Description

4.4 Import Restrictions

Due to certain import regulations, SWIFT may not be able to supply or make the VPN boxes
available to customers directly (for example, in Russia or Ukraine). Customers in those countries
are then fully responsible for acquiring the VPN boxes through the third-party agent or distributor
designated by SWIFT.

01 August 2018 12
Alliance Connect Bronze Support
Service Description

5 Support
Support for SWIFT customers
By default, SWIFT Support is the single point of contact to report all problems and queries that
relate to SWIFT services and products. Support is available to all SWIFT customers.
Individuals within a customer organisation must register on swift.com to use the Support service.
For more information about the different services that SWIFT offers as part of the support
packages and the procedure to order support, see Comparison of support packages on swift.com.

Related information
For more information about Support services, see the service description related to the applicable
support package:
Support documentation

01 August 2018 13
Alliance Connect Bronze Roles and Responsibilities
Service Description

6 Roles and Responsibilities

6.1 Parties Involved in Delivering Alliance Connect

Bronze
The following parties play a role in delivering Alliance Connect Bronze:
• the customer
• SWIFT, which provides and manages the overall product implementation
• The Internet Service Provider (ISP), which provides one or two broadband internet connections

Product area Responsible party

SWIFT backbone SWIFT

SWIFT backbone access points and IPsec tunnel SWIFT

termination

VPN box supply SWIFT

VPN box installation Customer

This includes the following responsibilities:

• interconnect the VPN boxes (in case of two active

VPNs)
• connect the VPN box(es) to the Internet router(s)
• connect the VPN box(es) to the customer's LAN

01 August 2018 14
Alliance Connect Bronze Roles and Responsibilities
Service Description

Product area Responsible party

Internal cabling (for example, the customer LAN Customer

connection)

Installation of the physical environment (such as Customer

racks, power cabling)

Customer VPN box management SWIFT

Customer support and problem management SWIFT

Internet access (which includes the router or modem) Customer

6.2 Customer's Roles and Responsibilities

General
The customer's roles and responsibilities with regard to Alliance Connect Bronze are set out in this
document, the SWIFT General Terms and Conditions, and the VPN Box Terms and Conditions.

Provisioning of Alliance Connect Bronze

The customer has the responsibility to perform the following tasks:
• order and ensure the activation of one or two broadband internet connections with the ISP of its
choice.
A broadband internet connection is a permanent, high-speed internet connection. Dial-up/
PSTN/ISDN connections are not considered broadband connections in the scope of this Service
Description.
• order Alliance Connect Bronze from SWIFT.
manage any administrative, customs-clearing process that relates to the importation of the VPN
boxes
• install the VPN box(es) (including the cabling)
- interconnect VPN boxes in the case of the configuration with two active VPN boxes
- interconnect the two VPN boxes in case of two active SRX VPN boxes
- connect the VPN box(es) to the internet router(s)
- connect the VPN box(es) to the customer's LAN
• configure the internet connection if needed
• configure devices such as firewalls to allow a VPN connection to SWIFT
• in case of two active VPN boxes, check that VPN boxes A and B are operational after the
download of the SWIFT configuration.

01 August 2018 15
Alliance Connect Bronze Roles and Responsibilities
Service Description

The LEDs display the following status:

• in case of one active VPN box, check that VPN box A is operational after the download of the
SWIFT configuration. The LED status should look like:

Customers can find more information about the provisioning in the Alliance Connect Bronze
Implementation Guide - SRX VPN Boxes.

Repair and maintenance of the service

The customer must use only the version of the VPN boxes that is currently supported by SWIFT.
Consequently, the customer must subscribe to the applicable support and maintenance services. In
the event that the VPN boxes need to be upgraded, the customer must in particular follow any
guidelines and other directions given by SWIFT to ensure that the VPN boxes are duly and timely
upgraded.
Note The process of problem resolution does not always require SWIFT to contact the
customer. SWIFT may, however, require the customer's assistance to perform basic
checks on the VPN box (for example, a reset, cable checks, or LED display
verifications).

Good care of the VPN boxes

The customer must take good care of the VPN boxes that are in its possession. The customer must
follow any requirements, instructions, and other terms and conditions stipulated by or for SWIFT or
the manufacturer. Unless explicitly instructed otherwise by SWIFT (for example, for testing
purposes), the customer must not modify, alter, or tamper with the VPN boxes.
The customer must not unplug or switch off the VPN boxes or routers or tamper with the
connections or cables between these items.
If the customer must unplug or switch off a VPN box (for example, for maintenance purposes), then
the customer must inform SWIFT at least one week in advance (see Knowledge Base tip 1798719).
Unless explicitly instructed otherwise by SWIFT (for example, for testing purposes), the customer
must not modify, alter, or tamper with the VPN boxes or the router provided by the Network Partner.
The customer must store the spare VPN box in a safe place, preferably close to the live set-up, and
ensure that the spare VPN box is easily reachable in case of replacement.

SWIFTNet Link - VPN box connection

The connection between the SWIFTNet Link and the VPN boxes is the sole responsibility of the
customer.

01 August 2018 16
Alliance Connect Bronze Roles and Responsibilities
Service Description

The customer has the responsibility to perform the following tasks:

• ensure that the connection is secure
• protect the connection against the following potential threats:
- any unauthorised use of the SWIFT services and products
- any breach, or attempted breach, of security which may affect the integrity or reliability of the
SWIFT services and products
SWIFT has documented specific configuration requirements to assist the customer to secure the
connection between the SWIFTNet Link and VPN boxes.
If the connection between the SWIFTNet Link and the VPN boxes is not under the customer's direct
control (co-located configuration), then the configuration requirements are mandatory. In this case,
the customer must make a choice for one of the two defined configurations.
Customers can find more information about these configuration requirements in the Network
Access Control Guide.

Customer testing
Customers must not conduct any performance or vulnerability tests on or through SWIFT services
and products unless expressly permitted in the SWIFT Customer Testing Policy. If customers
believe they have identified a potential performance or vulnerability threat, they must immediately
inform SWIFT thereof and treat all related information, data or materials as SWIFT confidential
information.

Internet Service Provider

With regard to the Internet Service Provider (ISP), the customer must perform the following tasks:
• request the ISP to deliver the broadband internet connection to the customer premises
• report to the ISP any problem that relates to the internet connection and that prevents the
customer from connecting to SWIFT services. The customer must request the ISP to restore the
connection.
The Alliance Connect Bronze fees do not cover the delivery of the broadband internet connection. It
is for the customer to agree with the Internet Service Provider directly about any fee due for that
internet connection.

6.3 SWIFT's Roles and Responsibilities

SWIFT General Terms and Conditions
SWIFT's roles and responsibilities with regard to Alliance Connect Bronze are set out in this
document, in the SWIFT General Terms and Conditions, and in the VPN Box Terms and
Conditions.

Features and functions

SWIFT reserves the right to enhance or modify the features and functions of the Alliance Connect
Bronze product with reasonable advance notice.

Description
SWIFT is responsible for providing and managing the overall Alliance Connect Bronze
implementation except for the broadband internet connections.

01 August 2018 17
Alliance Connect Bronze Roles and Responsibilities
Service Description

SWIFT must perform the following tasks:

• activate the customer's set-up in the SWIFT backbone
• subject to applicable import or export restrictions, provide the customer with the VPN boxes
• manage, support, and maintain the VPN boxes

01 August 2018 18
Alliance Connect Bronze Contractual Framework
Service Description

7 Contractual Framework
SWIFT General Terms and Conditions
Together with this service description, the SWIFT General Terms and Conditions and the VPN Box
Terms and Conditions govern the provision and the use of Alliance Connect Bronze.
For the latest available version of the SWIFT General Terms and Conditions and the VPN Box
Terms and Conditions, see www.swift.com > About Us > Legal > Terms & Conditions.

01 August 2018 19
Alliance Connect Bronze SWIFT Training
Service Description

8 SWIFT Training
SWIFT provides training about standards, products, and services to suit different needs. From
tailored training to self-paced e-learning modules on SWIFTSmart, a range of training options are
available for all SWIFT end users.

SWIFTSmart
SWIFTSmart is an interactive, cloud-based training service that offers a large variety of courses for
different levels of knowledge. The courses contain exercises and quizzes and are available in
multiple languages. The SWIFTSmart catalogue provides a list of courses that are organised into
these learning tracks:
• General knowledge
• Work with messages
• Deploy and manage SWIFT software solutions
• Security and audit
• Compliance and shared services
SWIFTSmart is accessible from the desktop or from a mobile device. No installation is required.
It is available to all connected SWIFT end users and registered SWIFT partners with a swift.com
account. For more information, see How to become a swift.com user.

Tailored training
A full range of tailored programmes are available to meet specific training needs. For more
information, visit the Training web page.

01 August 2018 20
Alliance Connect Bronze Legal Notices
Service Description

Legal Notices
Copyright
SWIFT © 2018. All rights reserved.

Restricted Distribution
Do not distribute this publication outside your organisation unless your subscription or order
expressly grants you that right, in which case ensure you comply with any other applicable
conditions.

Disclaimer
The information in this publication may change from time to time. You must always refer to the
latest available version.

Translations
The English version of SWIFT documentation is the only official and binding version.

Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT:
the SWIFT logo, SWIFT, SWIFTNet, Sibos, 3SKey, Innotribe, the Standards Forum logo,
MyStandards, and SWIFT Institute. Other product, service, or company names in this publication
are trade names, trademarks, or registered trademarks of their respective owners.

01 August 2018 21