Creating PCI-Compliant SaaS Applications for the Cloud

Share

NetBrain

Executive Summary

NetBrain NetBrain is the market leader for network automation. Its adaptive network automation platform provides engineers with dynamic visibility across their hybrid networks and automation for key tasks across their IT workflows.

Today, more than 2,000 of the world’s largest enterprises and managed service providers use NetBrain to automate network documentation, accelerate troubleshooting, and strengthen network security—while integrating with a rich ecosystem of partners. NetBrain is headquartered near Boston, Massachusetts with offices worldwide.

The Challenge

NetBrain was building a multi-region Payment Card Industry (PCI) DSS and HIPAA-compliant application, consisting of multiple services across Windows and Linux. The company wanted to offer a Software-as-a-Services (SaaS) version of this application for their software stack and host it in the cloud.

Their plan was to create two separate architecture designs for the two compliance groups; one for PCI DSS/HIPAA, the other for GDPR/Cyber Essentials Plus. Then, they needed to review and develop the automation necessary to deploy a production environment for the first compliance group.

For help in building its SaaS offering, NetBrain turned to ClearScale, an AWS Premier Consulting Partner.

The ClearScale Solution

The ClearScale team conducted a thorough review of NetBrain’s current architecture, gathering requirements for all of NetBrain's use cases and application capabilities. Then, they chose to build NetBrain’s SaaS offering by using Kubernetes, an open-source system that automates the deployment, scaling, and management of containerized applications. The Rancher management tool was used to deliver Kubernetes-as-a-Service. With Kubernetes and Rancher, NetBrain gained the ability to run multiple services and tenants on the same machine.

The highly available Kubernetes cluster was deployed across the different availability zones. Terraform, an open source tool for creating, changing, and improving infrastructure, provided infrastructure as code. After reviewing the current automation, ClearScale used Jenkins, the leading open source automation tool, to develop automation for the infrastructure and containers, as well as for deploying each individual application.

All hosts, pods, and connectivity within the Kubernetes cluster were managed with the Rancher orchestration tool, which also connected the Windows and Linux hosts on Amazon Virtual Machines. All Kubernetes images were managed by using HELM charts, collections of files that describe a related set of Kubernetes resources, enabling ClearScale to dynamically configure each pod.

To support logging, an ELK stack was deployed with the help of a managed Amazon Elasticsearch/Kibana stack. Elasticsearch is a popular analytics and search engine that’s tightly integrated with Kibana, making it an easy choice for visualizing data stored in Elasticsearch. Prometheus, an open-source monitoring solution for Kubernetes, was used for collecting and exporting container logs to Logstash and then be stored in Elasticsearch. ClearScale collected tags from each individual tenant and service running within each tenant, to gain full coverage of the application.

Throughout the designing and building of this system, ClearScale gave security top priority. All connections are made over TLS/SSL authentication and data encryption protocols, configured on all individual services. Additionally, all access is controlled and restricted using Kubernetes namespaces plus Role-Based Access Control (RBAC), providing separation between tenants. Additional security is achieved through a host-based intrusion detection OSSEC, with agents installed on all individual docker images.

Finally, ClearScale loaded the test production environment to identify areas for cost optimization, then made the necessary updates to reduce costs.

Architecture Overview Diagram

The Benefits

Thanks to ClearScale, NetBrain now has the foundation which will lead to a SaaS offering that will provide the advantages of containers, while keeping all tenants separate using Kubernetes.

Talk to Us

To speak with ClearScale now, call: 1-800-591-0442

ClearScale is ready to handle your next cloud project. Get in touch today to speak with a cloud expert and discuss how we can help.


Send message
San Francisco

Headquarters

71 Stevenson St.

Suite 400

San Francisco, CA 94105

O: 1-800-591-0442

F: 1-415-655-6601

San Jose

5450 Thornwood Dr

Suite #L

San Jose, CA 95123

Denver

1400 16th Street,

Suite 400

Denver, CO 80202

O: 1-720-932-8028

Phoenix

2942 N 24th Street,

Suite 114

Phoenix, AZ 85016

O: 1-602-560-1198

New York

165 Broadway, 23rd Floor

New York City, NY 10006

O: 1-646-759-3656

Houston

11757 Katy Freeway

Suite 1300

Houston, Texas 77079

O: 1-281-854-2088

Toronto

100 King Street West

Suite 5600

Toronto, Ontario, M5X 1C9

O: 1-416-479-5447

About Us  |  Careers  |  Privacy Policy
@ Subscribe
Share