ECOMMERCE HIGH SECURITY
SA Group is a Business-to-Business Software as a Service (SaaS) provider that serves the entertainment industry, with clients in Asia, North and South America, and Europe.
Challenges
Upgrade All Equipment and Technology With Zero Downtime
SA Group needed to upgrade their equipment and implement advanced load-balancing technologies, all with essentially zero downtime. Because their product facilitates the actual purchase of their subscribers’ products – sometimes with orders equaling $10,000 per minute – SA Group’s uptime requirements are unrelenting.
One of SpotLink’s® first challenges was to develop SA Group’s high-level design into a detailed operational plan. SA Group had devised an impressive architectural plan, but most pieces were based on theoretical capabilities that did not match production requirements.
Solution
After authoring the operational plan, SpotLink® started SA Group’s conversion to the new infrastructure. It was crucial to figure out a system that was both high performance and highly reliable because there was no room for glitches or unforeseen outages.
To test changes before they were put into operation, SpotLink® built a lab replicating the SA Group e-commerce infrastructure. Before any changes were made to production, SpotLink® would test them in the lab environment so the impact could be monitored and reviewed. If there was any unexpected behavior, the implementation documentation would be altered and the test would be run again until everything operated as planned.
SpotLink® migrated and improved the monitoring of all the components, so that the critical people would be notified in the case any essential component went offline or outside of operational parameters, and based advanced, high-performance load balancing. Now, SA Group’s infrastructure is based on a load balanced server farm of Red Hat Enterprise Linux servers running web services and a set of Red Hat servers running clustered Oracle servers. On the backend, a fiber channel EMC storage system provides the storage needs.
Expand Client’s Business into New Market
Another challenge came a few years later when SA Group needed to obtain PCI DSS level 1 certification to expand its business to new markets. PCI DSS level 1 is a certification for highly secure e-commerce infrastructures that accept and process 7-figures of credit card transactions per year.
The PCI DSS constraints required rethinking of the network structure. PCI had a different way of approaching security and didn’t allow some of the structures that were in place.
Solution
To satisfy the new security requirements, SpotLink® designed a new structure that met the PCI DSS guidelines, as well as improved the fault tolerance of the systems. SpotLink® implemented redundant Cisco firewalls, redundant Cisco load balancers, and redundant Cisco switches, all configured to meet the security requirements of PCI DSS.
To fulfill the two-factor sign-in requirements of PCI, SpotLink® implemented a SecureID system that required rotating tokens for sign on. SpotLink® also used auditing to check and log any privileged operations, employing leaning hardened monitoring systems to monitor any unauthorized file changes or other OS level security violations, and applied a myriad of other smaller security changes to satisfy PCI DSS.
As scheduled, SA Group received their PCI DSS level 1 certification, and was able to expand its operations as planned.
results
Throughout all these changes and improvements, SpotLink® has helped SA Group keep nearly continuous uptime. In the years that SpotLink® has been managing the e-commerce infrastructure at SA Group, they have only had about five hours of downtime, all of it scheduled. This is a total uptime of six-sigma, allowing SA Group and their client to keep revenues high.