Infrastructure Security

Modified on Thu, 4 Jan, 2018 at 3:20 AM

Deployment

Pellustro AWS implementation provides logically separated Development and Production processing domains to allow finer-grained access of AWS IAM users to those environments, through the use of a management (Bastion) environment, which has restricted direct access to Development and Productions Virtual Private Clouds  (VPCs). 



Pellustro architecture leverages following AWS services for deploying its application on Cloud:

  • Basic AWS Identity and Access Management (IAM) configuration with custom IAM policies, with associated groups, roles, and instance profiles.
    • Separate Users for Pellustro Infra, Pellustro Developers
  • Standard, external-facing Amazon Virtual Private Cloud (Amazon VPC) Multi-AZ architecture with separate subnets for different application tiers and private (backend) subnets for application and database
  • Amazon Simple Storage Service (Amazon S3) buckets for encrypted web content, logging, and backup data
  • Standard Amazon VPC security groups for Amazon Elastic Compute Cloud (Amazon EC2) instances and load balancers used in the sample application stack
  • Three-tier web application using Auto Scaling and Elastic Load Balancing
  • A secured bastion login host to facilitate command-line Secure Shell (SSH) access to Amazon EC2 instances for troubleshooting and systems administration activities
  • Logging, monitoring, and alerts using AWS CloudTrail, Amazon CloudWatch, and AWS Config rules


Pellustro is deployed as multi-tenant instance supporting multiple clients through license separation. For clients who prefer a separate environment, a private instance of Pellustro is setup with its own web, app and database.  Each instance is managed through separate management VPC instance and provides primary and secondary / failover servers per instance.




Server Instance Security


Each Pellustro instance has following controls setup.

  • Webserver is setup in a DMZ subnet with reverse proxy for ???
  • All default ports are closed and only specific ports are opened to let request through
  • All servers are Linux with automatic OS level patching
  • All servers are setup with Anti-virus
  • Each disk volume is encrypted
  • There is active vulnerability scanner by Qualys setup for each production and sandbox environment.

Failover

Pellustro modules are replicated across the data centers operated by AWS and in multiple geo-locations to protect against single point of failure using an active/passive configuration

  • Pellustro has configured load balancers in Primary & Secondary record type using Failover routing policy.
  • It accepts incoming traffic from clients and routes requests to its registered EC2 instances in one or more Availability Zones.
  • The load balancer monitors the health of Pellustro registered instances and ensures that it routes traffic only to healthy instances.
  • When the load balancer detects an unhealthy instance, it stops routing traffic to that instance, and then resumes routing traffic to that instance when it detects that the instance is healthy again. 
  • In the event of a disaster, the service is able to failover to the secondary site to take over within seconds.


The following table summarizes the current failover strategy by region

Regional Instance
Primary
Failover
United States
US East (Ohio),US East (N. Virginia)
US West (California)
Europe (for specific Client)
Dublin, Ireland (Zone 1) , Frankfurt
Dublin, Ireland (Zone 2)


AWS as Infrastructure Provider

Pellustro platform is hosted and operated from multiple data centers operated by Amazon Web Services (AWS), depending on type of instance selected by customer. AWS data centers are audited annually in accordance with the AICPA’s Service Organization Control (SOC) framework.


The AWS data centers are highly-secure third party facilities and no Pellustro personnel have access to these facilities.


Some of the standards and certifications that AWS holds are:

SOC3

AWS publishes a Service Organization Controls 3 (SOC 3) report. The SOC 3 report is a publicly-available summary of the AWS SOC 2 report and provides the AICPA SysTrust Security Seal.

The AWS SOC 3 report includes AWS data centers in US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US) (Oregon), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), and South America (Sao Paulo) that support in-scope services. 


ISO 27001

AWS is ISO 27001 certified under the International Organization for Standardization (ISO) 27001 standard. ISO 27001 is a widely-adopted global security standard that outlines the requirements for information security management systems. It provides a systematic approach to managing company and customer information that’s based on periodic risk assessments. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information.

The AWS ISO 27001 certification includes AWS data centers in US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US) (Oregon), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), and South America (Sao Paulo) that support in-scope services.


Complete list of AWS certification can be found here.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article