Established in the year 1996, Astro is a Malaysian and ASEAN content and consumer company leading in the Digital, TV, Radio, and Commerce space. The company’s television business includes Pay-TV and NJOI. It serves more than 23 million individuals in 5.7 million homes in Malaysia, which are diversified using various platforms like smartphones, tablets, Pay-Tv and more.
The Need for Scalable Infrastructure and Reducing Cost of PCI-DSS Compliance
Until 2017, the Astro team was using an on-premise payment gateway having various constraints like scalability, security, limited payment methods, etc. Precisely, below were a few major challenges faced by the business:
-
The constant risk of fraudulent attacks due to an application built on a legacy technology stack.
-
Frequent downtime affecting business outcomes.
-
With the increased demands and onboarding of new partners, the Astro team realized the need of having a scalable infrastructure which was lacking in the on-premise system.
-
The on-premise system was lacking good user-experience impacting the growth of the business.
-
The PCI-DSS compliance scope was huge in the on-premise system, thus, adding the operational cost.
To overcome the above challenges and citing the future growth in the payment’s domain, Astro decided to move to a scalable and secure solution. Also, one of the primary requirements was to reduce the PCI-DSS compliance cost.
Blazeclan’s Cloud-native Solution to Meet Astro’s Requirements
The Astro team was looking for a solution which could meet the aforesaid challenges within a year. Therefore, the Astro-Blazeclan team collaborated to deliver a scalable and secured cloud-native solution in less than a year reducing the overall cost and improving the company’s ROI.
A few highlights from the new solutions provided are:
-
Agile Practices: This was a pioneer project to adopt best engineering practices like branching strategy, implementation of code quality gates, code reviews, code coverage, etc. It is also one of the only projects in Astro with higher agile maturity index and which has implemented the modern pod structure of the scrum. This ensured that the teams both onshore and offshore can seamlessly work contributing to more productivity. As a result, the average print velocity of the team has increased from 50 story points to about 70 story points per sprint.
-
Automation: On the on-premise system after and before every deployment, testing was done manually, hence, this resulted in additional time and human efforts. On the other hand, the on-cloud system automated 80% of its features ensuring zero human efforts and time. The automation scripts are part of the CI/CD pipeline. Additionally, all the success and failure alerts are made available in the slack channel for quick action.
-
Loosely-coupled Cloud Solution: The new on-cloud system, unlike the old on premise system, is loosely-coupled, hence, implementation of features like merchant tokenization, card tokenization, etc. were made easy and quick. Also, APG has used services like S3 and Glacier to back up older data and purging non-relevant ones, to make the database more reliable and performant.
Moreover, the SFTPS3 was implemented in the new infrastructure to remove connectivity and availability issues reducing the manual interventions.
-
Cost-effective Infrastructure: To save the cost in non-working hours, Astro Payment Gateway has optimized servers in such a way that they automatically shut down and turned-on in working and non-working hours respectively. This is one of the best advantages that AWS offers as it makes it cost-effective when the infrastructure is not in use.
As Lambda was not based on the event trigger mechanism earlier, the team implemented the SQS-based triggers because of which it was called only in case of an event, thus, resulting in drastic cost-reductions.
-
Operational Excellence: With a view to reviewing every aspect of the application for quantitative project management, the operational reports are shared on a weekly basis to all the stakeholders. In this process for weekly reporting, we focus on Server Health Monitoring, Infrastructure
Metrics, API Monitoring, Business Metrics & Defect Management System (Ticketing System). This initiative has facilitated the review to be done on a broader scale and to proactively take certain necessary measures for optimizing the overall cost of the system without compromising the performance. In the case of APG, there are several suggestions made which helped in reducing the cost considerably. A few of them are:
-
Deletion of unused EC2 AMI’s
-
Configure lifecycle policy on S3 buckets
-
Modify instance type of Elasticsearch
-
EC2 instance type migration
-
RDS DB type migration
-
Reservation of Elasticache, EC2, RDS, and ElasticSearch resources
Benefits to Astro
-
Security: The payment gateway solution provided to Astro is highly secured and compliant with PCI-DSS. It is one of the few projects to qualify Astro’s CCOE program.
The solution allowed all the communication to happen over the API and there was no direct network access between the infra components. Hence, with a microservices architecture, the new solution reduced the PCI-DSS scope enabling communication through a well-defined interface using lightweight APIs. As a part of AWS architectural design, the team divided PCI-DSS resources in one VPCs and the remaining in the other VPCs, thus, reducing the overall scope of PCI-DSS and operational cost. The solution also ensured that all the credit card information is masked, and TLS encrypted when the information was in transit.
Furthermore, to improve fraud detection, a third-party service called Sift Science was integrated to strengthen the ability of fraud detection and take timely actions to protect highly customer data.
-
Savings: The cloud-based infrastructure brought massive savings as it allowed servers to shut down in the non-working hours and the payments were made only for the actual usage, because of which, the Astro team saved nearly $2460 annually.
-
High Scalability: In the new solution provided, the customer was able to adjust its infrastructure to any alterations as per user demand. The new infrastructure brought auto-scaling as a major feature with no downtime. Additionally, the scalability allowed the business to onboard over 15 partners to date.
-
Speed: The Astro-Blazeclan team commenced an Agile-DevOps solution that resulted in better user experience. With the help of this cloud-transformation, the users could now complete their transactions in a much simpler yet quicker manner.
Tech Stack
Amazon EC2 |
Amazon S3 |
Amazon Elasticache |
AWS Redis |
Amazon SQS |
Amazon SNS |
Glacier |
Amazon Elasticsearch |
Elastic Load Balancing |
AWS Lambda |
Amazon SES |
Amazon RDS |
Amazon API Gateway |
Amazon CloudWatch |
Amazon VPC |
AWS Athena |
AWS IAM |