GTUG, April 17th, 2012 - Wolf-Henner Ruhnau
Application and Implementation Strategy
IT – Where are we?
Some Figures (approximate)
200 server systems
2.6 billion (technical) transactions / year
735 Tps peak
1.1 million invoices / year
280 thousand debtors
260 thousand terminals
210 thousand reports / year
Service Level Agreements
Services SLAs Garanteed
Transaction Processing Availability
IP-Access 99,9% p.a.
Datex-P 99,8% p.a.
ISDN / Analog 99,7% p.a.
Response time 99%<300ms
Capacity Min. 10% > max.
Max. down time 30 min
Clearing Settlement Completeness 100%
Cut-off time not reached 1 / quarter
OLV + Risk Index Availabilty 99,9% p.a.
Response time 99%<300ms
Capacity Min. 10% > max.
Reporting Completeness 100%
Cut-off time not reached 1 / quarter
Receipt Management Availability 99,7% p.a.
Restore Max 12h
Capacity Min. 10% > max
Customer Satisfaction
Measurement Customer Satisfaction
– Meeting communicated milestones (In-time delivery)
– Overall fulfillment of requirements
– #defects during acceptance
– active monitoring of SLAs during operations
– Incidents per customer and severity
Measurement of Software Quality
– Overall fulfillment of requirements
– #test cycles needed per test stage
– #defects per category and test-level
– #rejected acceptance candidates
What do we want to be?
agile
fast
efficient cheap
effective
trustworthy
solid
enabling
leading
.. all the buzz words
skilled
IT Vision
strategic partner for customers
Know-how for kernel processes
and –functions in-house IT
integrated multi-channel SOA
Business Services
• Acquiring Services
• Internet Services
• Internationalisation
• 2 party vendor
Tactical movements
2010
2011
2012
Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation
Business Departments: Processes, Project Management, Audits (BCM,
PSD, BAFIN, …), Organisation
Infrastructure
Applications
• Risk Index 1
• mobile Payment (mpass)
• Transaction Monitoring
• Internet Payment 1
• Fraud Detection
• porting JavaCaps
Applications to NSK
• Internet Payment 1.1
• Contactless Payments
• Risk Index 2
• OLV next generation
Business Processes
• Workflows
• Automation
• Optimisation
• Orchestration
2013
• Own Data Centres
• NSK Blade Systems
• Migration X.25 to IP
• Windows + SQL 2008
• +2 NSK CPUs
• New Hitachi SAN
• New CISCO Switches
• [+2 NSK CPUs]
2009
Security
Target Environment
BPM
inbox
request
application
data access layer / transaction security
internal portal
scores transactions invoices docs
external portal
Reporting
logging
Accounting / Clearing
User monitoring
Business Process
A
statistics Roles Permissions Groups alerts
Business Process
B
Business Process
N
…
OLTP
Transaction, Terminal, Revenue,
Configuration, Documents, Receipts
technical data Analytics
Customer, Contract, Condition, Order
financial data
What does it mean for
Applications?
Systems
Databases
Reporting
Master Data
Scorecards WEB-RDN Reports
HWD
Card B/L
Loyalty
Accounting
Riskindices
Revenue
Trans-actions
Config
OTM
Fraud
Payments
HWD
Enscribe NonStop SQL Microsoft SQL Oracle SQL
Document Management
Return Debit Notes
WEB-RDN Reports
WEB Service- Orders
BI/BO (SPSS)
Clearing
SAP
Fraud Detection
from IT-Operations: 7x24 Monitoring
Equipment and Network
– Nagios, Prognosis
Central Processes
– UC4
Extract, Transform
Save
File transfers (batch)
• Export/copy/transport/import occupies ~3 times the disc capacity than needed
• Timely synchronisation of systems and applications increasingly complex
• Window to update all applications is constantly shrinking
• New applications / projects will need additional transfers and further complicate the situation
Monitoring UC4-Server
- A single link between databases usually includes several files
- hundreds of file-transfers a day
- High bandwidth demand between locations / servers
- Up to four systems are needed:
* sending system
* receiving system
* central file transfer system
* central monitoring system
Extract, Transform
Load
File Transfer FTP-Server
! Hardwired by IT ® - business processes and logic !
DB File DB File
Receiver
Sender
Curing the issue..
• Establishment of re-usable services
• Leaves data where it is
• No copies – no synchronisation needed
• Data is accessed via documented APIs
• Works across all systems
• inherent up-to-date for all application
• Centralization into small number of databases
• Classification according to the business criticality
• Located on system that provides the required availability
Program
API Call
Data classification..
to define the location and processing environment of data
Availability Overall time to access and process vital (application) data
Data Integrity Potential of data corruption or loss of consistency during processing
Confidentiality Level of protection against fraudulent use
Reliability Overall measurement for the result of correct data processing
Restorability Maximum time allowed to restore processing data after failure
-> documented and part of SLAs with customers
Service candidates
• Bank Number (check, convert, map name)
• Account Number (validate, convert)
• Credit Card (black/white list)
• BAFIN (registration, deregistration)
• Schufa (query, registration, deregistration)
• 3D Secure
• Address (find, complete, correct, validate)
• Currency (query, convert)
• Risk Index (select, compute, configure)
• Document (invoice, sales slip, ..)
• Consumptions (aggregation, forwarding)
• Authorisation (user, role, permissions)
• Transaction (query, match, update)
• Revenue (query, match, update)
• …
API Call
Guidelines for applications
24h Operation -> no planning for batch time slots
Mission critical applications and data on NonStop Kernel
Real-time -> no post processing „jobs“ for data clean-up etc.
File-Transfers and Batch processing only if indispensable (e.g. for banking and customer interfaces)
Customer access and self-provisioning using WEB technology
GUI elements always with national language support (German, English, French, ..)
Implementation of common functions as SOA-Services
must fit into 3-tier architecture
must use one logical SQL DB (no structured files)
must re-use existing databases and SOA-Services
Example mpass
Methods and Tools
Process Model
tailored ISO 15288 / ISO 12207 System / Software life cycle processes
tailored ISO 21500 (draft) Project and Portfolio Management processes
Beside documentation, quite some work left
Development Life Cycle Tools
-> most information is electronic; paper is used for customers / partners
Project Management
MS Project, MS Office files, participate
Requirements Engineering
HP Quality Center (ALM, RM)
Release Management
Dimensions PVCS CS
Change Management
Participate (for transition to Operations) Dimensions PVCS CS
Architecture and Design
No explicit modelling tool (partially UML)
Development
for Windows and NSK Guardian and OSS
Languages: C, C#, VB, C++, Java
MS Developers Studio, Eclipse
NSK: cross Compiler, Linker and Debugger
Windows: native Compiler, Linker and Debugger
Open Source: Eclipse with Plug-ins
Verification and Validation
HP Quality Center (Test Cases, Defects)
OLTP: Test automation with PDIAG and AS-Simulation
GUIs: QTP, SoapUI, JMeter *new: HP Fortify 360 *new HP Webinspect
Configuration Management
Dimensions PVCS CS
Way To Secure Software
It is possible to create good Software without Continues Integration, but
.. with frequent builds you will find failures earlier.
in a multi-developer environment the team communication will be increased
the current status of the project will be reported
Unit-Tests and SCA can be directly integrated in build procedure
you are able to deliver software almost any time
Why Continues Integration?
!
Why Static Code Analysis?
"Since most security for Web applications can be implemented by a system administrator, application developers need not pay attention to the details of securing the application…“
BEA WebLogicServer Security Documentation
?
Why Static Code Analysis?
But… Infrastructure attacks are been faced with all the following obstacles and elements
Adversaries have lot fewer obstacles when attacking code
Why Static Code Analysis?
Top 10 Web Application Security Risks for 2010:
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
www.owasp.org
Increasing number of vulnerabilities..
Software contains a lot more lines of code, for example – Windows NT 3.1 5 Mill. LOC
– Windows Server 2003 50 Mill. LOC
More developers working on one application, therefore the overall system knowledge is been lost by individuals
Time Is Money … … No Time To Think!
Why is a Static Code Analysis needed
Secure web applications are only possible when a secure software development lifecycle is used.
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Developing
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Check-in new code
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Scheduled Check-out and build
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Handover for Secure Scanning
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Scan Results upload
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Auditor Reviews Result
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Auditor Submits Security
Issues to Bug Tracker
Build & Scan Flow
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Developer picks up defect and writes fixes / patch
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
And so on …
CI & SCA & PEN Test Integration
Ingenico World
Data Centres
Scope
NAR
NER
Spain
Turkey France
Group IT Germany
LAR
Italy
Australia
Findings
5+ Transaction platforms
>900 peripheral Servers
>1.000 Network & Communication
lines
>48 Data Center
15 IT Organisation Units
Processes
heterogenous
Communication
heterogenous
Collaboration
dispersed
Needs
harmonized
Infrastructure
common
Architecture Management
standardized
Organization & Processes
Findings and Needs
Processing platforms
Five independent processing systems
.. plans to acquire more
Different scope and processing capabilities
Several redundant functionalities
Isolated data islands
High TCO
•Scattered computing environments
•Dispersed know-how
•All sorts of tools
•Selective disaster recovery
•High maintenance effort
•No deployment infrastructure
Unequal Environments
Access Systems Application Servers
TRX-Monitors
Databases
Operating Systems
Architecture? - Terminology
Enterprise Architecture
Software Architecture
Hardware Architecture - Infrastructure
Server Op.Sys. Storage Backup DBMS Tools
AXIS
Poseidon Opal Korvac
IS Iberia SAP
Network
CRM
Exchange
Reporting
MDM
Workflow
DWH
DMS
TRX-Systems Peripheral Systems
Goals Bus. Proc.
Bus. Infos Roles
Org Structures
Org. Behaviours
their • externally visible properties • relationships between them
Business entities/components
Transfer2
Vision
Processing solution(s) provided by a managed software architecture for Payment Services and VAS Transactions
For international customer base,
Transactional and real-time,
High Available, Scalable and Secure
Re-usable components of high quality,
absolute data integrity,
online measurable KPI‘s
Business
Processes
Software
Solutions
Infrastructures
User interfaces
Functions Data Security
Integration
Enterprise Architecture
Software Architecture
Hardware Architecture
Environmental Trends Business Strategy
Current-State Architecture
Future-State Architecture
Org
aniz
e A
rch
ite
ctu
re E
ffo
rt
Develop Requirements
Develop Principles
Develop Models
Architecting
Governing and Managing Closing the
Gap
Application Architecture is derived from business strategy, enterprise setup and technology drivers:
Managed through an Architecture Board
Provides detailed solution requirements
Provides governance for transition process
Strategy
Architecture Board
incorporates major platforms / solutions
selects architecture and design patterns
Regions & Subsidiaries
Core
Delivery
80% On
release
• 20% off release
• Configuration
• Administration
• Local adoptions
• re-usable SW Components
from ?/100% to 80/20% central delivery over time
step-by-step, evolutionary
model
General guideline and
policies
Implementation decisions
best of technology
and available components
Detailed components requirements
re-useable components
Ingenico Processes
49
Thank you for your attention
easycash GmbH
Wolf-Henner Ruhnau
Am Gierath 20
40885 Ratingen
Tel.: 02102/973-338
Q & A