security compliance
TRANSCRIPT
Customer Programme Security & Compliance Audit
Ajay Kumar Uppal – Provider Technical Design Authority
November ‘2012
High security location.
Footprint 12,000 m2
approx. 6,000 m2 usable for IT.
Two buildings.
Different high security cells.
Allach Euro Industrie Park
Separate connections 13 km
and 27 km / DWDM.
EIP-ALL distance about 10 km.
Certifications: ISO27001 & ISAE3402.
Protected area.
Footprint 13,000 m2
approx. 9,600 usable for IT.
Green-IT Datacenter2020
Application services dedicated for BP
Database services dedicated for BP
Internal Resource Directory dedicated for BP
Dedicated storage Dedicated storage SAN
Private Cloud - Twin Core Datacentres Inbuilt HA – DR based on 2 x 100% Active-Active DCs
DSC Architecture Type DSC is a multi-instance (single tenant) Architecture and and NOT a multi-tenant Architecture
Dedicated software (App) instances set up for different customer organizations.
Customerhas dedicated components namely Active Directory,
Servers, NW and Storage Hardware – SHARED (via virtualization and other means). Provider calls this as “Hardware Level Multitenancy” (*1)
Operational Zone hosting the management services for systems management, deployment services, monitoring, backup and provisioning is SHARED across various customers.
Operational Zone is managed exclusive by Provider. No customer has access to this zone.
(*1) Provider DSC Architecture – based on not sharing Server HW cross security zones
3
Service Offering - High Level Service Description Availability
Email • High availability email service , providing end users & applications
with ability to send & receive (up to 25mb) mail and store mail within
mailbox (default 2Gb with uplift options in 5Gb increments up to
25Gb (unlimited)
• Makes use of all features and functionality available within the latest
version of Exchange.
• Supports SMIME encryption.
Service: 99.99%
Email delivery: 95% within 60
seconds
External Mail Access
Service
• Single external gateway, enabling End Users to access mail services
from any device, at any time, from anywhere - using
smartphones(active sync), Outlook Web Access (OWA) and Outlook
Anywhere (RPC over HTTP).
Service: 99.99%
BlackBerry • Offers secure access and use of email service and calendaring using
Corporate provisioned Blackberry devices
• Supports SMIME email encryption.
Service: 99.9%
Journal service • Available to Customer’s Legal & Compliance Business Units, where
mailboxes/Users placed on Legal Hold /MRL will be enabled on the
Service – assuring all emails sent and received to/from the mailbox
are copied in transit and stored within legal compliant Storage with
requested Data Retention Policies applied.
• Fulfilment of e-discovery requests, and provision of Discovery Tools
are incorporated into the Service Offering.
Service: 99.99%
E-Discovery tools: 99.9%
E-Discovery requests: identify
data within 24 hours, deliver data
within 3 days.
Support Service Levels are aligned to the Integrated Service Desk (ISD) contracted SLAs, and in most cases offer enhanced
response and provisioning times. Request Fulfilment SLAs are aligned to Service Objective of ‘quick provisioning’ – in most
cases Standard Requests will be subject to automated provisioning via MyIT self-service portal with integration into ITIM and
Provider’ provisioning systems.
Recovery
- RPO 0h
- RTO 4h
Mailboxes
Availability and Performance
Service Availability 99.99%
Message delivery 95% in 1 min,
5% in 2 min
Achieved by active / active
configuration- across 2
datacentres
Service Offering End-to-End SLA Summary
P1: 95% in 2h, 5% in 4h
P2: 95% in 4h, 5% in 8h
P3/P4 Premium: 95% in 1`.5 days, 5% in 3 days
P3/P4 Standard: 95% in 3 days, 5% in 6 days
Incident Resolution & Other
Customer’s Service Level Categories
Service Categories
Critical Service Levels
14
Key Measurements
25
Performance Indicators
4
Pro
mote
/Dem
ote
BP Internet Area (DMZ) – Prod LandscapeMS TMG Servers MS TMG Servers
BP Services Area – Prod Landscape
Edge Transport Server
Firewall
Multi-Role Server(EdgeSync Service is located on the
Hub Transport Server)
Active Directory Domain Controller
Active Directory Domain Controller
Firewall
Edge Transport Server
Firewall
Multi-Role Server(EdgeSync Service is located on the
Hub Transport Server)
Firewall
Inbound SMTP (25)
Outbound SMTP (25)
Symantec.cloud(MessageLabs)
Outbound SMTP (25)
Inbound SMTP (25)
Outbound SMTP (25)
Inbound SMTP (25)
Outbound SMTP (25)
Inbound SMTP (25)
Content Scanning MessageLabs, MS TMG, Edge, TrendMicro,
Firewalls
Major Information Security components
for CustomerGES Programme are
•Physical Security
• Provider Twin-Core DCs in
Munich
•Disaster Recovery
•-met by running 2 x 100%
• Active – Active Twin Core DCs.
•Intrusion Protection
•Symantec’s MessageLabs solution –
being provisioned / subscribed by BP
•Microsoft Threat Management
Gateway
•Firewalls
•Edge Servers
•TrendMicro A/V and A/S
•2- Factor OWA Authentication
•Encryption
•S/MIME
All external SMTP traffic will go
through Symantec Message Labs.
Threat Management & Operational Security
20110816_NEVIS_on-boarding Pack_V0 1_MH.pptx
A.V.E.R.T (Antivirus Emergency Response Team)
Viruses, worms and Trojans
ensure continuous updating of measures and software shields.
provides comprehensive and effective protective services for IT
infrastructure such as gateway systems, mail or server systems and workstations.
CERT (Computer Emergency Response Team)
Incident Response,
Vulnerability Management,
Neighbourhood Watch,
Forensic Analyses etc.
SIEM (Security Information & Event Management)
planning, provision and operation of solutions
for recording and correlation of security-relevant information
their rule-based evaluation and alarming
Intrusion Protection
Network Intrusion Prevention Systems (NIPS)” which is positioned at the edge of
the internet area (“DMZ”) in the network
proactive - better than standard IDS
enhanced security features and higher level of automation compared to normal IDS solution.
a real-time monitoring and identification of suspicious network activities and
analyses the entire internet traffic (decrypted traffic).
integrated & configured easily in physical and logical connections based on VLANs (IEEE 802.1q).
optimum protection with default policies and provides simple and transparent reports.
automatically created event-logs giving an overview of all monitored activities.
Additionally to these logs Customer can at all times compile a report about all network activities
Key functionality:
•Signature and anomaly detection safeguards against known, zero-day and DoS attacks.
•Monitoring and aversion of attacks on applications, including Web applications.
•Firewall (TCP/IP package filter).
•Protection from buffer overflows (as these are weaknesses that can be exploited).
•Analysis of encrypted data traffic (SSL) with separate Hardware.
•Monitoring 200 + network protocols and file formats (deep packet inspection in OSI layers 2-7).
•Seamless, automated intrusion protection for maximum security.
•Central service management frees up your administrators.
•Compliance with PCI DSS, SOX and ISO 27001.
•Around-the-clock services, including active monitoring plus incident, problem, change, and
release management.
Internet
DSC.bp.com DSC DNS Client
Resolver
DSC.BP.com
AD.bp.com
Member Server
DSC.BP.com
BP1.AD.bp.com
Domain Controller
Forwarder
Resolver
AD.BP.com
BP1.AD.BP.com
AD.bp.com
Domain Controller
ForwarderAD.BP.com
Seco
nd
ary
Internet
Facing DNS
Forwarder
Forwarder
AD Integration DNS zone Secondary DNS zone
Secondary
Only secondary to EMDC 1 & 2
Servers. The rest of AD top level
DNS will be secondary from there
AD.bp.com
Domain Controller
BP1.AD.bp.com
Domain Controller
AD.BP.com
BP1.AD.BP.com
Conditional
Forward
TSI
Datacenter
BP
Datacenter
Colo
Area
BP / T-Systems DNS Architecture for GES
(Version 3)
Conditional
Forward
Forwarder
Forwarder
CustomerGlobal Email Service
- DNS
Access Management 2-Factor OWA Authentication
In DSC (FMO) the TMG server is
customized to validate certificate of
users.
TMG Filter will verify the following:
•The Certificate presented by the
client/user is valid in terms of
date/expiry??
•The certificate from the specified
CustomerPKI??
•It can have a subject string
•The Certificate is not revoked via an
online responder
After the certificate is validated, TMG
establishes connection to Exchange
which prompts user for logon
credentials.
Customerwill be required to make PKI
Online Responder available via http
(internet).
Data Centre1
EV SRV4
Discovery
Accelerator
SRV2
(cold standby)
SRV1
(cold standby)
SRV6
(cold standby)
NetApp Metro-Cluster
FAS6080FAS6080
2x 4GBpsNAS Filer NAS Filer
Fibre Channel - SAN
Dedicated Customer Network
Data centre 2
Enterprise Vault Architecture
SRV3
(cold standby)
SRV5
(cold standby)
SRV4
(cold standby)
SRV5
CA IST
SRV6
CA GOM
MS SQL DB Mirroring(Log shipping)
Exchange 2010Journaling & Archiving
EV SRV3
Journal Archiving
EX SRV1Journaling Mbx
Journal Archiving
EV SRV1
EV SRV2
Journal Archiving
EX SRV2Journaling Mbx
EX SRV4Journaling Mbx
EX SRV3Journaling Mbx
DAG
DAG
Figure 3
Compliance Enterprise Vault Architecture for Journalling
Provider is provisioning an end-to-end journaling
solution that will help Customerto be compliant with
various international regulations that include the
following:
•Sarbanes-Oxley Act of 2002 (SOX)
•Security Exchange Commission Rule 17a-4 (SEC
Rule 17 A-4)
•National Association of Securities Dealers 3010 &
3110 (NASD 3010 & 3110)
•Gramm-Leach-Bliley Act (Financial Modernization
Act)
•Financial Institution Privacy Protection Act of 2001
•Financial Institution Privacy Protection Act of 2003
•Health Insurance Portability and Accountability Act
of 1996 (HIPAA)
•Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and
Obstruct Terrorism Act of 2001 (Patriot Act)
•European Union Data Protection Directive (EUDPD)
•Japan’s Personal Information Protection Act
Mo
bile
Iro
n
Vo
da
fon
e (
MD
M)
BP
Do
ma
in
DS
C D
om
ain
DM
Z
DM
Z
Exchange servers Exchange servers
1a: User registers device
MDM VSP server checks AD for
authentication / routing & routes either to
BP or DSC
1b: Device gets registered
Syncs AD / Attributes
once in 12 hours
2a: User makes a EAS connection
2b: Request
is pass
ed to m
obile iro
n
Https://tbd
http
s
MDM VSP server checks AD for
authentication / routing & routes either to
BP or DSC
TMG Array
MS Exchange MDM (ActiveSync) Interface
Building Block
approach
Physical Servers- All Windows Server
Virtual Servers- All Hyper-V
Server Operations
Twin-Core
Datacenter
Housing
Network
Datacentre Operations
Microsof t System
Centre Suite
Exchange
Enterprise Vault
Blackberry
Application Operation
Dedicated SAN
High I/O
requirements
Low I/O
requirements
Storage
4 Remote Locations Central Solution
in Twin Core Data centre
Exchange2010
Active Directory
Anti Virus/Spam
Exchange 2010 incl.
Archiving
Public Folders
Active Directory
FirewallOutlook Anywhere
Outlook Web Access
1st Level
2nd/3rd
Level
Internet
Service Desk
BPDatacentres
InterfacingApplications
ActiveDirectory
MailUsers
BPOffice Location
Any Device
Bring your own device
Home / OffPremise User
Symantec JournalingBlackberryBlackberry (Alaska)
Message Labs
Storage - Overview
30/12/2016 19
MESSAGING CORE
Database Availability Groups (DAG) configured in a 2-DAG constellation
Up to 12000 users supported per DAG (this can flex)
CAS configured as an array and is part of each CAS.
Each server in the CAS has an active & passive copy of DB
Mail database is backed up using NetApp Snapshot technology