Paycraft is a payments company providing contactless open loop
products with capabilities of processing online and offline
transactions. They cover a plethora of use cases regarding
transaction processing time within milli-seconds. This
simplify ticketing, validation and management for program
operators. Paycraft was formed in 2013 with the team having
multiple years and more of experience in the payment sector.
The company is the preferred payment solution to banks, global
consulting companies, transit operators, payment processors,
card and device manufacturers and many others.
Paycraft had a requirement for a green-field deployment on the
Azure platform that would meet the Payment Card Industry Data
Security Standard (PCI DSS) 3.2 compliance which is an
information security standard.
These were the high level challenges faced by Paycraft team:
The application load should be managed on both the web
servers as well as application servers.
Provisioning of a Disaster Recovery (DR) site, located at
different cesismic zone from primary DC location, was one of
the important factors to meet the PCI DSS compliance.
Provision of end to end SSL encryption including the
Synchronization between primary and secondary databases
present in the DC and DR regions.
Implementation of strong access control measures for
accessing the Virtual Machines as well as Azure Portal.
User activity monitoring required on the Azure Portal.
Requirement of application level monitoring to check
Based on the detailed discussion with Paycraft, IntellyZen
proposed the following solution to help migrate their
application on the Cloud:
Azure Load Balancers are placed with web servers behind
public load balancer and application servers behind
application load balancer.
Mongo and PostgreSQL Database on Azure VM is setup with
replication enabled between the primary and secondary
DR provisioning is established with network peering enabled
between primary region and secondary region with cross
region database synchronization and SSL encryption.
As per the PCI standards Network Segmentation with MFA is
emplemented on the Bastion servers that have access to the
web, app and database servers with ssh banners.
Network Time Protocol (NTP) used to sync the times across
all the servers.
Trend Micto Deep Security service with Master, Agent and
Relay Agent architecture is deployed that provides an
additional layer of security on all the servers.
VPN is configured between their on-premise network to Azure
networks with Azure Virtual Network Gateway service used.
All the server CPU, Memory and Disk utilizations and logs
are monitored along with user activity with Azure Monitor,
Azure Log Analytics and service Activity Control.
The developer friendly environment of the Azure platform
helped the infrastructure setup and application deployment
in a very efficient manner.
The PCI DSS compliance was cleared in short time with all
the required artifacts evaluation and submission by both the
infra and development team.
Setup of DR environment with network peering, server time
synchronization, database scynchronization, monitoring and
security tightening was achieved very quickly.
By implementing Trend Micro Deep Security software,
monitoring the application and servers for Anti-Malware, IDS
/ IPS, File Integrety Monitoring, Log Monitoring as well as
Firewall was very effective.
Server time synchronization wasn’t a burden of the
Infrastructure monitoring for the Paycraft infra team has
become very easy with all the required monitoring threshold
enabled on both Azure and Trend Micro Deep Security level.