ECOMMERCE HIGH SECURITY

SA Group is a Business-to-Business Software as a Service (SaaS) provider that serves the entertainment industry, with clients in Asia, North and South America, and Europe.

Challenges

Upgrade All Equipment and Technology With Zero Downtime

In late 2006 SA Group needed to upgrade their equipment and implement new load-balancing technologies, all with essentially zero downtime. Because their product facilitates the actual purchase of their subscribers’ products – sometimes with orders equaling $10,000 per minute – SA Group’s uptime requirements are unrelenting.

One of SpotLink’s® first challenges was to develop SA Group’s high-level design into a detailed operational plan. SA Group had devised an impressive architectural plan, but most pieces were based on theoretical capabilities that did not match production requirements.

 

Solution

In 2008, SpotLink® started SA Group’s conversion to the new infrastructure. It was crucial to figure out a system that was both high performance and highly, highly reliable because there was no room for glitches or unforeseen outages.

To test changes before they were put into operation, SpotLink® built a lab replicating the SA Group e-commerce infrastructure. Before any changes were made to production, SpotLink® would test them in the lab environment so the impact could be monitored and reviewed. If there was any unexpected behavior, the implementation documentation would be altered and the test would be run again until everything operated as planned.

SpotLink® migrated and improved the monitoring of all the components using Cacti and Nagios, so that the critical people would be notified in the case any essential component went offline or outside of operational parameters, and based the web services load balancing on LVS, a component of the Red Hat Enterprise Linux HA package. Now, SA Group’s infrastructure is based on a load balanced server farm of Red Hat Enterprise Linux servers running web services and a set of Red Hat servers running clustered Oracle servers. On the backend, a fiber channel EMC storage system provides the storage needs.

Expand Client’s Business into New Market

Another challenge came in 2011 when SA Group needed to obtain PCI DSS 2.0 certification to expand its business to new markets. PCI DSS is a certification for highly secure e-commerce infrastructures that accept and process credit card transactions.

The PCI DSS constraints required rethinking of the network structure. Even though the existing system had never been compromised in the history of SA Group’s existence, PCI had a different way of approaching security and didn’t allow some of the structures that were in place.

 

Solution

To satisfy the new security requirements, SpotLink® designed a new structure that met the PCI DSS guidelines, as well as improved the fault tolerance of the systems. SpotLink® implemented redundant Cisco ASA firewalls, redundant Cisco load balancers, and redundant Cisco switches, all configured to meet the security requirements of PCI DSS.

To fulfill the two-factor sign-in requirements of PCI, SpotLink® implemented a RSA SecureID system that required rotating tokens for sign on. SpotLink® also used auditing to check and log any privileged operations, employed OSSEC to monitor any unauthorized file changes or other OS level security violations, and applied a myriad of other smaller security changes to satisfy PCI DSS.

As scheduled, SA Group received their PCI DSS 2.0 certification in the summer of 2011.

results

Throughout all these changes and improvements, SpotLink® has helped SA Group keep nearly continuous uptime. Since SpotLink® has been managing the e-commerce infrastructure at SA Group, they have only had about five hours of downtime, all of it scheduled. This is a total uptime of nearly six-sigma, allowing SA Group and their client to keep revenues high.