Delivering Modern Infrastructure compliant with Financial Services Authority of Indonesia
The Objective
Client:
Leading Financial Services in Indonesia
One of Southeast Asia’s leading on-demand platform and a pioneer of the multi-service ecosystem model, wanted to launch with a Financial service application in Indonesia.
They needed a OJK(Indonesia's Financial Services Regulator) and ISO 27001 compliant infrastructure with an uptime SLA of 99.95% and RTO/RPO of 4 hrs/1 hr.
Our goal was to build a fault tolerant infrastructure inline with the ISO and OJK guidelines.
The Challenges
Timeline:
Dec 2019 - March 2020
OJK compliance requires all financial services application to host their data within Indonesia. As per ISO 27001 the application should prove its self defined RTO/RPO of 4hrs/1 hr and SLA of 99.95%.
In absence on any OJK certified cloud provider at that time, the entire setup had to be a on traditional DR/DRC infrastructure.
Lack of IaC tools for bare metal virtualisation platforms needed for infrastructure automation which was necessary to achieve the SLA and RTO/RPO benchmarks.
Dynamic on demand disk allocation was impossible since it was all on hardware storage area networks.
To setup a fully automated containerisation platform on a baremetal hypervisor.
Strict timeline of 4 months.
Real time data replication between two separate data centres.
Limited operations support for on-premise systems.
The Initiatives
Techstack:
Terraform, Ansible, Kubespray, Openvpn, Vsphere, Vmware NSX, Gitlab CI
Hardware planning and procurement inline with growth projection.
Dedicated Physical servers for hypervisor.
Designed network topology with segregated Vlans, client to site vpns and site to site vpn tunnels.
Infrastructure As Code for on-premise virtualised network , system and storage platforms as below
Vlans, dhcp, dns, load balancer
VMs, containers
SANs, virtual disk
Fully automated self managed kubernetes cluster with horizontal autoscaling, certificate management, and private dns on virtual machines.
Virtual Https Load balancer for kubernetes cluster services.
The Outcomes
Result
On premise cloud for financial services
Fault tolerant Infrastructure and Platform inline with RTO/RPO guidelines
Secure and Seamless connectivity across intranet and internet.
The system is protected, both logically and physically, against unauthorised access.
Automated , modular and highly available environment on demand.
Centralised Role based access controlled authentication and authorisation for all systems and services.
Scheduled assessment of disaster recovery and rollback process