In one of my client projects, one of Southeast Asia’s leading unicorn wanted to launch a financial services application in Indonesia. They needed an ISO 27001 compliant infrastructure with an RTO & RPO of 4 hrs and 15 mins respectively. The Objective was to build a fault tolerant infrastructure inline with the ISO guidelines.
What is ISO/IEC 27001 compliance?
“ISO/IEC 27001 is an international standard to manage information security. ” One of the key requirement to build an ISO/IEC 27001 compliant infrastructure was to prove the RTO/RPO benchmarks set by us.
What is RTO and RPO ?
Both measured in units of time:
RTO(Recovery Time Objective) - How fast can you recover.
RPO(Recovery Point Objective) - How much can you recover.
One good thing is that there is no set number for RTO/RPO, orgs need to set it themselves based on their SLA & BCP committed to their respective customers. In this project the organisation had an RTO of 4 hrs and RPO of 5 mins for the above mentioned app mentioned.
This meant we had to prove that in an event of an disaster or a downtime, the app must be back within 4 hrs and the data must be restored up until 5 mins from the time recorded as the occurrence of the disaster.
RTO/RPO is an annual KPI, meaning that you can only afford that much downtime mentioned in your RTO. Like in this case the app was given only 4 hrs of downtime in a year. This met an SLA of 99.95%. The higher the SLA, the shorter the RTO/RPO.
Why an on-prem bare-metal DC/DRC?
Indonesia’s financial services regulator(OJK) requires all PII data to localised within the country.
And as per ISO 27001 the application should prove it’s self defined RTO/RPO, which in this case was 4 hrs/15 mins inline with an SLA of 99.95%.
In absence on any OJK certified cloud provider at that time, the entire setup had to be on a traditional DR/DRC infrastructure where the DCs were physically located at least 40 kms away from each other.
Proposed ISO/IEC 27001 Compliant Infrastructure:
To comply with the required RTO/RPO I chose two datacenters located 40 km away from each other with dual connectivity links to serve as DC(Data Center) and DRC(Disaster Recovery Center).
The designed infrastructure was built on dedicated baremetal servers with hypervisor installed on the top for virtualisation. The network topology included segregated Vlans, client to site vpns and site to site vpn tunnels.
Modular Infrastructure As Code:
For provisioning on-premise virtualised network, system and storage platforms:
Vlans with dhcp & dns on VMware NSX
Vsphere virtual machines & k8s containers
SANs for local disk storage.
The compute was performed on a fully automated self-managed k8s cluster with horizontal autoscaling, certificate management, and private dns on virtual machines.
A virtualised Application Load balancer(ALB) was also setup with NSX, for securely exposing the public facing services built on the k8s cluster services as well as load balancing the application endpoints across DC/DRC.
Achieving RTO/RPO for ISO/IEC 27001:
To achieve the required RTO/RPO numbers we had the application deployed on both DC and DRC using a Active/Passive deployment model.
The data was replicated live across both data centers where the DRC served as standby mirror for the primary DC.
With that setup, a DR Drill was performed by using dns and traffic switching and the required testing was proven. All the activities from switching the dns, to shifting the traffic from the DC to DRC and back was completely automated using Iac.
The Final Result:
On-premise automated environments on demand with Infrastructure As Code.
Fault tolerant Infrastructure and Platform inline with RTO/RPO guidelines.
Secure and Seamless connectivity across intranet and internet.
The system is protected, both logically and physically, against unauthorised access.
Automated , modular and highly available environment on demand.
Centralised Role based access controlled authentication and authorisation for all systems and services.
Scheduled assessment of disaster recovery and rollback process.
If you like this article, I am sure you will find the 10-Factor Infrastructure even more useful. It compiles all these tried and tested methodologies, design patterns & best practices into a complete framework for building secure, scalable and resilient modern infrastructure.
Don’t let your best-selling product suffer due to an unscalable, vulnerable & inconsistent infrastructure.
Thanks & Regards
Kamalika Majumder
Comments