GTUG, April 17th, 2012 - Wolf-Henner Ruhnau

Application and Implementation Strategy

IT – Where are we?

Some Figures (approximate)

200 server systems

2.6 billion (technical) transactions / year

735 Tps peak

1.1 million invoices / year

280 thousand debtors

260 thousand terminals

210 thousand reports / year

Service Level Agreements

Services SLAs Garanteed

Transaction Processing Availability

IP-Access 99,9% p.a.

Datex-P 99,8% p.a.

ISDN / Analog 99,7% p.a.

Response time 99%<300ms

Capacity Min. 10% > max.

Max. down time 30 min

Clearing Settlement Completeness 100%

Cut-off time not reached 1 / quarter

OLV + Risk Index Availabilty 99,9% p.a.

Response time 99%<300ms

Capacity Min. 10% > max.

Reporting Completeness 100%

Cut-off time not reached 1 / quarter

Receipt Management Availability 99,7% p.a.

Restore Max 12h

Capacity Min. 10% > max

Customer Satisfaction

Measurement Customer Satisfaction

– Meeting communicated milestones (In-time delivery)

– Overall fulfillment of requirements

– #defects during acceptance

– active monitoring of SLAs during operations

– Incidents per customer and severity

Measurement of Software Quality

– Overall fulfillment of requirements

– #test cycles needed per test stage

– #defects per category and test-level

– #rejected acceptance candidates

What do we want to be?

agile

fast

efficient cheap

effective

trustworthy

solid

enabling

leading

.. all the buzz words

skilled

IT Vision

strategic partner for customers

Know-how for kernel processes

and –functions in-house IT

integrated multi-channel SOA

Business Services

• Acquiring Services

• Internet Services

• Internationalisation

• 2 party vendor

Tactical movements

2010

2011

2012

Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation

Business Departments: Processes, Project Management, Audits (BCM,

PSD, BAFIN, …), Organisation

Infrastructure

Applications

• Risk Index 1

• mobile Payment (mpass)

• Transaction Monitoring

• Internet Payment 1

• Fraud Detection

• porting JavaCaps

Applications to NSK

• Internet Payment 1.1

• Contactless Payments

• Risk Index 2

• OLV next generation

Business Processes

• Workflows

• Automation

• Optimisation

• Orchestration

2013

• Own Data Centres

• NSK Blade Systems

• Migration X.25 to IP

• Windows + SQL 2008

• +2 NSK CPUs

• New Hitachi SAN

• New CISCO Switches

• [+2 NSK CPUs]

2009

Security

Target Environment

BPM

inbox

request

application

data access layer / transaction security

internal portal

scores transactions invoices docs

external portal

Reporting

logging

Accounting / Clearing

User monitoring

Business Process

A

statistics Roles Permissions Groups alerts

Business Process

B

Business Process

N

…

OLTP

Transaction, Terminal, Revenue,

Configuration, Documents, Receipts

technical data Analytics

Customer, Contract, Condition, Order

financial data

What does it mean for

Applications?

Systems

Databases

Reporting

Master Data

Scorecards WEB-RDN Reports

HWD

Card B/L

Loyalty

Accounting

Riskindices

Revenue

Trans-actions

Config

OTM

Fraud

Payments

HWD

Enscribe NonStop SQL Microsoft SQL Oracle SQL

Document Management

Return Debit Notes

WEB-RDN Reports

WEB Service- Orders

BI/BO (SPSS)

Clearing

SAP

Fraud Detection

from IT-Operations: 7x24 Monitoring

Equipment and Network

– Nagios, Prognosis

Central Processes

– UC4

Extract, Transform

Save

File transfers (batch)

• Export/copy/transport/import occupies ~3 times the disc capacity than needed

• Timely synchronisation of systems and applications increasingly complex

• Window to update all applications is constantly shrinking

• New applications / projects will need additional transfers and further complicate the situation

Monitoring UC4-Server

- A single link between databases usually includes several files

- hundreds of file-transfers a day

- High bandwidth demand between locations / servers

- Up to four systems are needed:

* sending system

* receiving system

* central file transfer system

* central monitoring system

Extract, Transform

Load

File Transfer FTP-Server

! Hardwired by IT ® - business processes and logic !

DB File DB File

Receiver

Sender

Curing the issue..

• Establishment of re-usable services

• Leaves data where it is

• No copies – no synchronisation needed

• Data is accessed via documented APIs

• Works across all systems

• inherent up-to-date for all application

• Centralization into small number of databases

• Classification according to the business criticality

• Located on system that provides the required availability

Program

API Call

Data classification..

to define the location and processing environment of data

Availability Overall time to access and process vital (application) data

Data Integrity Potential of data corruption or loss of consistency during processing

Confidentiality Level of protection against fraudulent use

Reliability Overall measurement for the result of correct data processing

Restorability Maximum time allowed to restore processing data after failure

-> documented and part of SLAs with customers

Service candidates

• Bank Number (check, convert, map name)

• Account Number (validate, convert)

• Credit Card (black/white list)

• BAFIN (registration, deregistration)

• Schufa (query, registration, deregistration)

• 3D Secure

• Address (find, complete, correct, validate)

• Currency (query, convert)

• Risk Index (select, compute, configure)

• Document (invoice, sales slip, ..)

• Consumptions (aggregation, forwarding)

• Authorisation (user, role, permissions)

• Transaction (query, match, update)

• Revenue (query, match, update)

• …

API Call

Guidelines for applications

24h Operation -> no planning for batch time slots

Mission critical applications and data on NonStop Kernel

Real-time -> no post processing „jobs“ for data clean-up etc.

File-Transfers and Batch processing only if indispensable (e.g. for banking and customer interfaces)

Customer access and self-provisioning using WEB technology

GUI elements always with national language support (German, English, French, ..)

Implementation of common functions as SOA-Services

must fit into 3-tier architecture

must use one logical SQL DB (no structured files)

must re-use existing databases and SOA-Services

Example mpass

Methods and Tools

Process Model

tailored ISO 15288 / ISO 12207 System / Software life cycle processes

tailored ISO 21500 (draft) Project and Portfolio Management processes

Beside documentation, quite some work left

Development Life Cycle Tools

-> most information is electronic; paper is used for customers / partners

Project Management

MS Project, MS Office files, participate

Requirements Engineering

HP Quality Center (ALM, RM)

Release Management

Dimensions PVCS CS

Change Management

Participate (for transition to Operations) Dimensions PVCS CS

Architecture and Design

No explicit modelling tool (partially UML)

Development

for Windows and NSK Guardian and OSS

Languages: C, C#, VB, C++, Java

MS Developers Studio, Eclipse

NSK: cross Compiler, Linker and Debugger

Windows: native Compiler, Linker and Debugger

Open Source: Eclipse with Plug-ins

Verification and Validation

HP Quality Center (Test Cases, Defects)

OLTP: Test automation with PDIAG and AS-Simulation

GUIs: QTP, SoapUI, JMeter *new: HP Fortify 360 *new HP Webinspect

Configuration Management

Dimensions PVCS CS

Way To Secure Software

It is possible to create good Software without Continues Integration, but

.. with frequent builds you will find failures earlier.

in a multi-developer environment the team communication will be increased

the current status of the project will be reported

Unit-Tests and SCA can be directly integrated in build procedure

you are able to deliver software almost any time

Why Continues Integration?

!

Why Static Code Analysis?

"Since most security for Web applications can be implemented by a system administrator, application developers need not pay attention to the details of securing the application…“

BEA WebLogicServer Security Documentation

?

Why Static Code Analysis?

But… Infrastructure attacks are been faced with all the following obstacles and elements

Adversaries have lot fewer obstacles when attacking code

Why Static Code Analysis?

Top 10 Web Application Security Risks for 2010:

A1: Injection

A2: Cross-Site Scripting (XSS)

A3: Broken Authentication and Session Management

A4: Insecure Direct Object References

A5: Cross-Site Request Forgery (CSRF)

A6: Security Misconfiguration

A7: Insecure Cryptographic Storage

A8: Failure to Restrict URL Access

A9: Insufficient Transport Layer Protection

A10: Unvalidated Redirects and Forwards

www.owasp.org

Increasing number of vulnerabilities..

Software contains a lot more lines of code, for example – Windows NT 3.1 5 Mill. LOC

– Windows Server 2003 50 Mill. LOC

More developers working on one application, therefore the overall system knowledge is been lost by individuals

Time Is Money … … No Time To Think!

Why is a Static Code Analysis needed

Secure web applications are only possible when a secure software development lifecycle is used.

Build & Scan Flow

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

Developing

Build & Scan Flow

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

Check-in new code

Build & Scan Flow

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

Scheduled Check-out and build

Build & Scan Flow

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

Handover for Secure Scanning

Build & Scan Flow

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

Scan Results upload

Build & Scan Flow

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

Auditor Reviews Result

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

Auditor Submits Security

Issues to Bug Tracker

Build & Scan Flow

Build & Scan Flow

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

Developer picks up defect and writes fixes / patch

Build & Scan Flow

Build

SCA

SSC

Source Code

Repository

CI Server

Developer

Defect Tracker

Auditor

And so on …

CI & SCA & PEN Test Integration

Ingenico World

Data Centres

Scope

NAR

NER

Spain

Turkey France

Group IT Germany

LAR

Italy

Australia

Findings

5+ Transaction platforms

>900 peripheral Servers

>1.000 Network & Communication

lines

>48 Data Center

15 IT Organisation Units

Processes

heterogenous

Communication

heterogenous

Collaboration

dispersed

Needs

harmonized

Infrastructure

common

Architecture Management

standardized

Organization & Processes

Findings and Needs

Processing platforms

Five independent processing systems

.. plans to acquire more

Different scope and processing capabilities

Several redundant functionalities

Isolated data islands

High TCO

•Scattered computing environments

•Dispersed know-how

•All sorts of tools

•Selective disaster recovery

•High maintenance effort

•No deployment infrastructure

Unequal Environments

Access Systems Application Servers

TRX-Monitors

Databases

Operating Systems

Architecture? - Terminology

Enterprise Architecture

Software Architecture

Hardware Architecture - Infrastructure

Server Op.Sys. Storage Backup DBMS Tools

AXIS

Poseidon Opal Korvac

IS Iberia SAP

Network

CRM

Exchange

Reporting

MDM

Workflow

DWH

DMS

TRX-Systems Peripheral Systems

Goals Bus. Proc.

Bus. Infos Roles

Org Structures

Org. Behaviours

their • externally visible properties • relationships between them

Business entities/components

Transfer2

Vision

Processing solution(s) provided by a managed software architecture for Payment Services and VAS Transactions

For international customer base,

Transactional and real-time,

High Available, Scalable and Secure

Re-usable components of high quality,

absolute data integrity,

online measurable KPI‘s

Business

Processes

Software

Solutions

Infrastructures

User interfaces

Functions Data Security

Integration

Enterprise Architecture

Software Architecture

Hardware Architecture

Environmental Trends Business Strategy

Current-State Architecture

Future-State Architecture

Org

aniz

e A

rch

ite

ctu

re E

ffo

rt

Develop Requirements

Develop Principles

Develop Models

Architecting

Governing and Managing Closing the

Gap

Application Architecture is derived from business strategy, enterprise setup and technology drivers:

Managed through an Architecture Board

Provides detailed solution requirements

Provides governance for transition process

Strategy

Architecture Board

incorporates major platforms / solutions

selects architecture and design patterns

Regions & Subsidiaries

Core

Delivery

80% On

release

• 20% off release

• Configuration

• Administration

• Local adoptions

• re-usable SW Components

from ?/100% to 80/20% central delivery over time

step-by-step, evolutionary

model

General guideline and

policies

Implementation decisions

best of technology

and available components

Detailed components requirements

re-useable components

Ingenico Processes

49

Thank you for your attention

easycash GmbH

Wolf-Henner Ruhnau

Am Gierath 20

40885 Ratingen

Tel.: 02102/973-338

Q & A