About Client
Qualco is a leading provider of scalable software and technology solutions that streamline the credit lifecycle. With over 25 years of experience, Qualco leverages AI-driven and data-powered tools to modernize customer experiences and optimize operations across the Credit Value Chain. Its trusted software is used by clients in over 30 countries, including top banks and financial services organizations, ensuring compliance and efficiency in a fast-evolving digital landscape.
Client Challenge
Qualco’s end customer, a prominent bank in the Middle East, faced significant challenges in implementing mutual TLS (mTLS) authentication to establish secure, two-way encrypted communication between clients and application servers. The complexity was compounded by:
- A multi-region infrastructure spanning 10 countries across the Middle East, Asia-Pacific, Europe, and the United States.
- Initial use of Network Load Balancers (NLBs) in each region to manage mTLS traffic, which led to increased operational complexity and high recurring costs.
- Difficulty managing SSL/TLS certificates, which were handled through third-party providers.
- A need to ensure disaster recovery (DR) readiness and automate patching and backup processes without disrupting services.
Solution
Blazeclan implemented a robust and cost-effective AWS-based solution to address all the client’s key challenges while ensuring compliance, security, and scalability.
Key Components of the Solution:
- mTLS with ALB in Passthrough Mode: Configured AWS Application Load Balancer (ALB) with mTLS authentication in passthrough mode to establish two-way encryption and authentication, replacing NLBs used regionally.
- High Availability Architecture: Deployed ALB and application servers in multi-zone architecture, ensuring high availability and resilience.
- Cost Optimization:
- Consolidated traffic management via a single ALB across all 10 regions, removing the need for multiple NLBs.
- Adopted AWS Compute Savings Plans based on resource utilization.
- Switched from third-party SSL certificates to AWS Certificate Manager (ACM), which is free.
- Automated Certificate Management: Used AWS ACM with DNS validation to automate certificate issuance and renewal, improving efficiency and reducing manual intervention.
- Network and Application Security
- Used AWS Network Firewall to filter and secure network traffic.
- Implemented AWS Web Application Firewall (WAF) to protect applications from common vulnerabilities like SQL injection and XSS attacks.
Architecture Diagram (It will be recreated based on below diagram)
Outcome/Result
The implementation delivered measurable business and technical benefits:
- Improved Security & Compliance: Secure two-way encrypted communication and mutual authentication aligned with strict regulatory standards Achieved via mTLS and secure infrastructure.
- Enhanced Security Posture: Mutual TLS and AWS WAF/Firewall improved application and network security.
- Cost Optimization:
- Decommissioning NLBs across 10 regions led to annual savings of approximately $2,160.
- Switching to AWS ACM eliminated third-party certificate costs, saving an additional $1,600 annually.
Impact Highlights
- ~$3,760 Yearly Cost Savings from NLB and SSL certificate cost reductions
- 10 Regions consolidated into a single scalable ALB setup
- 100% Automated SSL certificate management with AWS ACM
Tech Stack:
- AWS ALB (Application Load Balancer) – Passthrough mTLS
- AWS EC2
- AWS Network Firewall
- AWS WAF
- AWS ACM
- AWS IAM
- AWS CloudWatch