- [email protected]
- St.Kilda Tower, Suite 416/1 Queens Rd, Melbourne VIC 3004
CyberArk Deployment for Secure Payment Access Platform
Cyber Ark Deployment
The Privileged Access Management (PAM) project will build a new capability in one of our major retail clients in Australia to further uplift and secure users and systems accessing data related to PI; or Personal Information or have elevated privileges that can access critical business systems.
This new capability will be implemented by the CyberArk Privileged Account Security Solution – which combines an isolated vault server and a unified policy and discovery engine to provide security for privileged accounts.
The core PAM components are configured in an active-active configuration at the Application tier and load balancer. They support automatic failover to meet the High availability requirement.
The scope of the project is:
- Design a new PAM infrastructure for both non-prod and Prod environments.
- Build a new PAM infrastructure – Non-Prod and Prod (including OOB network) that adhere to PCI compliance.
- Install CyberArk components and other PAM-related software components to the new PAM infrastructure.
- Deliver a new build script template to automate CyberArk Privilege Session Manager (PSM) installation as standard for future PSM build processes.
- Build a new backup platform for PAM prod infrastructure.
- On-board the Payment platform asset/servers to the new PAM (CyberArk) platform.
- Ensure the New PAM platform is PCI compliant.
DR Service Level
- The PAM Production environment's Recovery Point Objective, or RPO, will be 60 minutes.
- The PAM Production environment's Recovery Time Objective, or RTO, will be 60 minutes.
- The PAM non-production environment will be Business Hours only support with an RPO of 72 hours and best effort, “next business day” RTO.
- Recovery of the f system depends on the component failing and may take a shorter time than 60 minutes to resume operation. Below is the RTO time of each component:
Recovery Time Objective (RTO) | Time (Sec) | Comments |
---|---|---|
Cluster failover (failover from one node to another) | 60 seconds | Automatic failover of the cluster to the next available node (no human intervention is required) |
Manual DR failover (failover from Primary site to Secondary site) | ~600 seconds | The time to manual failover is estimated at 5 minutes once initiated |
Automatic DR failover (failover from Primary site to Secondary site) | ~300 seconds | Once Automatic failover is configured, CyberArk is configured to perform the failover in the specified interval |
PSM failover | 120 seconds | Automatic failover of the load balancer to the next available node (no human intervention is required) |
PVWA failover | 120 seconds | Automatic failover of the load balancer to the next available node (no human intervention is required) |