icg customer case share public reference asiapay limited · add waf to prevent the unwanted...

COPYRIGHT © 2017 ICG ALL RIGHTS RESERVED

ICG Customer Case Share – Public

reference – AsiaPay Limited

PREPARED BY ICG


Challenges• Ad-hoc event planning• Spiky traffic and enhance security• Business continuity

Case Study: AsiaPay Limited

Secured Web Application Solution with Stress Test

About the clientA leading electronic payment service, solution and technology house in Asia. AsiaPay Official website: http://www.asiapay.com.hk/

Business NeedsThe client wants to provide the Web/App hosting solution to their own customer with lower hosting and maintenance costs, and allow better performance and service quality.

Challenges1. Need to ensure con-current 500 users can access the customer

website with no impact. 2. Capable to handle spiky traffic, reduce the time-to-market and

enhance security on Application Layer.


ICG Solution

1. Suggest to add Cloudfront for reducing the loading time

2. Stress Test for Infrastructure bottomneck estimation

3. Add WAF to prevent OED web server from being flooded by unwanted requests or overburden system resources that make system unavailable to users/customers

4. Configure WAF to maintain the web data integrity against web disruptions, unauthorized alterations and DDOS

5. Subscript ICG Managed Service for Cost Allocation, Cost Optimization, Security Configuration and Activity Monitoring


AWS Infrastructure design

AWS services and technology applied: EC2, Auto Scaling, ELB, VPC, S3, EBS, RDS, CloudFront, AWS WAF, Route 53, Cloudwatch, IAM,

KMS, CloudTrail, AWS Configuration


AWS Content Delivery Network

• Deliver website content cached by Cloudfront

• Deliver website content by nearest Cloudfront

edge node

• Reduced backend server workload

• Enforce HTTPS connections for your viewer

ICG Solution – 1. Suggest to add Cloudfront


ICG Solution – 2. Stress Test for

Infrastructure bottomneck estimation

• After added the Cloudfront, perform stress test that Involved 500 users tried to complete the payment at

the same time

• Stress Test details as below:


• Stress Test result shows the improvement of throughput after Cloudfront applied:

• The result indicated that it could proceed approximately 20% (~90 req/s vs ~125 req/s) more throughtput with Cloudfront

• Cloudfront shared static content loading


Infrastructure bottomneck estimation (con’t)



Infrastructure bottomneck estimation (con’t)

• Stress Test result shows the improvement of response time after Cloudfront applied:

• The result indicated that the response time of website improved from ~1.12s to ~0.35s, which is approximately 69% less.


ICG Solution – 2. Stress Test for Infrastructure

bottomneck estimation (con’t)

Stress Test Report

• Bottleneck Estimation

• Infrastructure Capacity

Review


ICG Solution – 3. Add WAF to prevent the

unwanted requests

CloudFront + WAF Elastic Load Balancer

Asiapay backend API – EC2

• According to AWS, AWS WAF is a web application firewall that helps protect web applications from

common web exploits that could affect application availability, compromise security or consume excessive

resources.


ICG Solution – 4. Configure WAF to prevent

web disruption and DDOS attack

• The following table describes AWS WAF rules that ICG setup

Rule Remark

Manual Block Rule This rule is manually add IP address to the block list

Auto Block Rule This rule is block the IP address for 240 minutes more than 400 requests per minute from that IP

Auto Count Rule This rule is count the request number from the IP address

White List Rule Manually add IP address to the whitelist such that AWS WAF will allow it to pass-through


ICG Solution – 5. ICG Managed Service

Cost Allocation

▪ Granular Cost Reporting – Fine-grained and cross-

account visibility into spend and flexible ability to deliver

timely and accurate reporting

▪ Custom Charges – Complete customization of cost

including usage, rates, and amortization to allow

organizations to report accurate costs

▪ Budget Alerts – Sophisticated forecasts and alerts to track

budgets, measure burn downs, and detect deviations in

costs

▪ Purchasing Strategies – Recommendations for optimizing

commitments and prepay based on dynamic usage patterns

to lower costs

▪ Eliminating waste – Detect and fix resources that are

orphaned, unused, or mis-provisioned

▪ Right-sizing – Intelligent evaluations of resource types and

sizes to ensure appropriate allocation

Cost Optimization

• Cost & Expense Management


ICG Solution – 5. ICG Managed Service (con’t)

Secure Configuration

▪ Best Practice Checks – Customizable best practice

checks to ensure your complete environment is configured

securely

▪ Access Management – Review permissions and ACLs

across complex clouds. Detect violations of policies.

▪ Network and Perimeter Analysis – Identifies publicly

accessible and unsecured resources. Map software-defined

infrastructure.

▪ Monitoring of Control Plane – Simplified alerting and

management of the infrastructure management plane logs

▪ Monitoring of OS Logs – Designed to handle monitoring

of operating system logs for ephemeral, auto-scaling

environments

▪ Monitoring of Network Flows – Scalable traffic analysis of

micro-segmented networks

Activity Monitoring

• Security & Compliance


ICG Solution – 5. ICG Managed Service (con’t)

• The details about ICG full security assessment scanning


Thank You.

SUCCESS MEANS CHOOSING THE RIGHT PARTNER

icg customer case share public reference asiapay limited · add waf to prevent the unwanted...

Documents