Signature Systems is an IT consulting and services company based in London, UK.

A provider of professional IT services, including custom application development, testing, and system integration, the company provides automation solutions that enhance business processes. Whether it is Business Process Re-engineering (BPR) or high-end consulting, the company uses standard modelling and analysis practices to understand organization needs.

The Signature Systems Automation Solution is led by a team of experts with extensive experience in delivering automation solutions.

Signature Systems had two critical projects. One is Jibli, which is a mobile shopping application and the other is DinarPay, which is a currency transfer payment platform.

It was planned to launch DinarPay as soon as possible as a fintech application. The production and testing environments of DinarPay were expected to be deployed to AWS securely. The requirements are stated as follows:

• The deployment of DinarPay web application, backend application and database servers to AWS
• Web application, backend application and database servers should be highly available (clustered)
• The deployment should handle the following projected transaction details.

Following is the list of software’s and API’s used for the Core PGS System development – which is responsible for Mobile API Web services and Web System.

The DinarPay Payment Gateway and Core Engine will process all requests and responses through the hardware architecture below. The below representation is for the production setup environment.

A solution with the following AWS Services is proposed and implemented:

DinarPay application is deployed with Elastic Beanstalk. The web and backend applications are running on EC2 on two private subnets behind an Elastic Load Balancer. For scalability, EC2 runs in auto-scaling groups. The RDS service with read replica, is also hosted on the same private subnet.

Route 53 service is used for DNS. WAF and Shield services are used for security.

The VPCs of DinarPay and Jibli workloads on AWS are securely connected to each other with VPC peering. The developers access a bastion host that is secured with OpenVPN.

For PCI DSS compliance, Inspector, Amazon CloudWatch, CloudTrail and AWS Config are used to monitor and audit all services. Also, for the Intrusion Detection/Intrusion Prevention System (IDS/IPS) and File Integrity Monitoring (FIM) requirements, Trend Micro Cloud One Workload Security is preferred. Cloud One is a SaaS product managed by Trend Micro, and it has many security features including IDS/IPS, FIM, Anti-Malware, Web Reputation and Application Control.

TrendMicro is used for cloud security in addition to AWS security services. And OpenVPN is used for the Client VPN Solution.

The following AWS Services are used in the solution: EC2, Elastic Beanstalk, VPC, Elastic Load Balancing, RDS MySQL, S3, EBS, CloudWatch, CloudTrail, IAM, Shield, WAF, IAM, Route53, AWS WAF, Inspector, ACM.

The designed architecture is deployed to AWS and PCI DSS compliance is audited by a third party company.

In a secure, scalable, and highly available environment, DinarPay runs on AWS in the eu-central-1 (Frankfurt) region across multiple availability zones. An independent third-party audits and approves its PSI DSS compliance.

Continually providing proactive and reactive support for the DinarPay production workload, Commencis continues to provide managed services to DinarPay.