icg customer case share public reference asiapay limited · add waf to prevent the unwanted...
Post on 05-Jul-2020
3 Views
Preview:
TRANSCRIPT
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Customer Case Share – Public
reference – AsiaPay Limited
PREPARED BY ICG
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
Challenges• Ad-hoc event planning• Spiky traffic and enhance security• Business continuity
Case Study: AsiaPay Limited
Secured Web Application Solution with Stress Test
About the clientA leading electronic payment service, solution and technology house in Asia. AsiaPay Official website: http://www.asiapay.com.hk/
Business NeedsThe client wants to provide the Web/App hosting solution to their own customer with lower hosting and maintenance costs, and allow better performance and service quality.
Challenges1. Need to ensure con-current 500 users can access the customer
website with no impact. 2. Capable to handle spiky traffic, reduce the time-to-market and
enhance security on Application Layer.
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution
1. Suggest to add Cloudfront for reducing the loading time
2. Stress Test for Infrastructure bottomneck estimation
3. Add WAF to prevent OED web server from being flooded by unwanted requests or overburden system resources that make system unavailable to users/customers
4. Configure WAF to maintain the web data integrity against web disruptions, unauthorized alterations and DDOS
5. Subscript ICG Managed Service for Cost Allocation, Cost Optimization, Security Configuration and Activity Monitoring
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
AWS Infrastructure design
AWS services and technology applied: EC2, Auto Scaling, ELB, VPC, S3, EBS, RDS, CloudFront, AWS WAF, Route 53, Cloudwatch, IAM,
KMS, CloudTrail, AWS Configuration
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
AWS Content Delivery Network
• Deliver website content cached by Cloudfront
• Deliver website content by nearest Cloudfront
edge node
• Reduced backend server workload
• Enforce HTTPS connections for your viewer
ICG Solution – 1. Suggest to add Cloudfront
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution – 2. Stress Test for
Infrastructure bottomneck estimation
• After added the Cloudfront, perform stress test that Involved 500 users tried to complete the payment at
the same time
• Stress Test details as below:
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
• Stress Test result shows the improvement of throughput after Cloudfront applied:
• The result indicated that it could proceed approximately 20% (~90 req/s vs ~125 req/s) more throughtput with Cloudfront
• Cloudfront shared static content loading
ICG Solution – 2. Stress Test for
Infrastructure bottomneck estimation (con’t)
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution – 2. Stress Test for
Infrastructure bottomneck estimation (con’t)
• Stress Test result shows the improvement of response time after Cloudfront applied:
• The result indicated that the response time of website improved from ~1.12s to ~0.35s, which is approximately 69% less.
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution – 2. Stress Test for Infrastructure
bottomneck estimation (con’t)
Stress Test Report
• Bottleneck Estimation
• Infrastructure Capacity
Review
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution – 3. Add WAF to prevent the
unwanted requests
CloudFront + WAF Elastic Load Balancer
Asiapay backend API – EC2
• According to AWS, AWS WAF is a web application firewall that helps protect web applications from
common web exploits that could affect application availability, compromise security or consume excessive
resources.
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution – 4. Configure WAF to prevent
web disruption and DDOS attack
• The following table describes AWS WAF rules that ICG setup
Rule Remark
Manual Block Rule This rule is manually add IP address to the block list
Auto Block Rule This rule is block the IP address for 240 minutes more than 400 requests per minute from that IP
Auto Count Rule This rule is count the request number from the IP address
White List Rule Manually add IP address to the whitelist such that AWS WAF will allow it to pass-through
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution – 5. ICG Managed Service
Cost Allocation
▪ Granular Cost Reporting – Fine-grained and cross-
account visibility into spend and flexible ability to deliver
timely and accurate reporting
▪ Custom Charges – Complete customization of cost
including usage, rates, and amortization to allow
organizations to report accurate costs
▪ Budget Alerts – Sophisticated forecasts and alerts to track
budgets, measure burn downs, and detect deviations in
costs
▪ Purchasing Strategies – Recommendations for optimizing
commitments and prepay based on dynamic usage patterns
to lower costs
▪ Eliminating waste – Detect and fix resources that are
orphaned, unused, or mis-provisioned
▪ Right-sizing – Intelligent evaluations of resource types and
sizes to ensure appropriate allocation
Cost Optimization
• Cost & Expense Management
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution – 5. ICG Managed Service (con’t)
Secure Configuration
▪ Best Practice Checks – Customizable best practice
checks to ensure your complete environment is configured
securely
▪ Access Management – Review permissions and ACLs
across complex clouds. Detect violations of policies.
▪ Network and Perimeter Analysis – Identifies publicly
accessible and unsecured resources. Map software-defined
infrastructure.
▪ Monitoring of Control Plane – Simplified alerting and
management of the infrastructure management plane logs
▪ Monitoring of OS Logs – Designed to handle monitoring
of operating system logs for ephemeral, auto-scaling
environments
▪ Monitoring of Network Flows – Scalable traffic analysis of
micro-segmented networks
Activity Monitoring
• Security & Compliance
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
ICG Solution – 5. ICG Managed Service (con’t)
• The details about ICG full security assessment scanning
COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED
Thank You.
SUCCESS MEANS CHOOSING THE RIGHT PARTNER
top related