Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
1 like1,483 views
The document outlines a presentation by Nikki Tirado on building a payment portal in the cloud, focusing on PCI compliance and the use of a hybrid cloud for eCommerce. It details the technical implementation, including the selection of a secure framework and the importance of involving stakeholders in the requirements gathering process. Results after the launch showed significant improvements in transaction volume and customer feedback.
Ecommerce and digital workshop / Unlocked: the Hybrid Cloud 12 May 2014
- 1. eCommerce & Digital WORKSHOP NIKKI TIRADO, PRODUCT TRAINER
- 3. AGENDA Introduction Cyber-Duck Case Study Hybrid Cloud Handling the Spikes Spring Sale!
- 4. BUILDING A PAYMENT PORTAL IN THE CLOUD12 May 2014 A case study from Cyber-Duck Ltd Presentation at Rackspace Unlocked
- 5. Hi. I am Sylvain Reiter Co-Founder and Development Director @sylvainreiter
- 6. PCI Compliance in the Cloud Case Study from dlc Project methodology Technological decisions Results
- 7. PCI Compliance… Introduced in 2004 as a global body, today PCI DSS 3.0 Affects all business processing payments (merchants & service providers) Enforces data security and fraud prevention 4 levels of compliance
- 8. … in the Cloud Still early days Rapid technological changes Best suited for demanding systems Flexibility of use ready for production applications
- 9. BUILDING A PAYMENT PORTAL
- 10. Requirements Gathering Make sure you involve ALL stakeholders Document expected outcomes for all flows Take an agile approach to the timeline Define business and technical requirements early
- 11. User Experience Phase Make informed decisions via historical data analysis Mock up user journeys on ALL devices Iterate the prototype with real users’ feedback Carefully optimise the copywriting and ‘Call to Actions’
- 12. Technical implementation (1/3) Select a proven and secure framework We picked the PHP 5.4 Laravel framework Take an API-driven approach to ensure modularity and easy exchange with external systems We used industry standard REST-ful methods and XML
- 13. Technical implementation (2/3) Ensure you have robust and accurate data We validate every customer record with the back-office system Store user details as per the Data Protection Act We only store the users’ details during the checkout process
- 14. Technical implementation (3/3) Delegate PCI to the experts We use SagePay’s iFrame technology, shifting responsibilities Add rigorous rules to the payment gateway’s settings We enforce 3D secure validation and recommend manual due diligence if addresses mismatch
- 15. Hosting platform features Use flexible and secure partners We use Rackspace’s High Performance Clouds Delegate the technical support to the experts Rackspace’s Monitoring tools and Fanatical Support gives us and our client 24/7 piece of mind
- 16. Hosting platform security PCI compliancy requires quarterly vulnerability scans Security Metrics handle scans and reports on issues Private Clouds and Firewalls are protecting the data Database server is not accessible from the outside world, IPTables firewall restricts access to API endpoint.
- 17. THE RESULTS
- 18. 4 months post launch… 100% uptime on the platform over 10,000 transactions (228% increase from pre-launch) 40h of agent time per month saved (calls & admin time) Great customer feedback, 44% via mobile Ongoing improvements and new feature developments
- 19. THANKS FOR YOUR TIME!
- 21. + + Why Hybrid?
- 22. SECURITY PERFORMANCE RELIABILITY PER UNIT COST UTILITY BILLING SPEED MUTLI-TENANT & GENERALIZED SINGLE TENANT & SPECIALIZED SECURITY PERFORMANCE RELIABILITY PER UNIT COST UTILITY BILLING SPEED Built - In Trade Offs: Hybrid Simplified A CROSS SECTION OF ADVANTAGES AND DISADVANTAGES PUBLIC CLOUD DEDICATED PRIVATE CLOUD
- 23. Traditional It
- 24. Results
- 25. Utility Model
- 26. Results
- 27. PLANNING FOR SPIKESPLANNED AND UNEXPECTED
- 28. Auto scale
- 29. Auto scale - Scaling group - Server image
- 30. Auto scale - Scaling policies
- 31. Auto scale - Scaling policies SCHEDULED 8:00am LOAD BALANCER SERVER
- 32. Auto scale - Scaling policies SCHEDULED 9:00am LOAD BALANCER SERVER SERVER
- 33. CLOUD MONITORINGAuto Scale - Event based
- 34. Event based
- 37. Live Demo • Create Magento Deployment • Set up monitoring • Image web servers • Configure Autoscale group and policy • Start the Spring Sale
- 39. RACKSPACE® HOSTING | 5000 WALZEM ROAD | SAN ANTONIO, TX 78218 US SALES: 1-800-961-2888 | US SUPPORT: 1-800-961-4454 | WWW.RACKSPACE.COM RACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN TH E UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COMRACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN TH E UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM RACKSPACE® HOSTING | 5 MILLINGTON ROAD | HYDE PARK HAYES, MIDDLESEX UB3 4AZ UK INTERNATIONAL: +44 (0)20 8734 2500 | FREEPHONE: 0800 988 0100 | WWW.RACKSPACE.CO.UK RACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN TH E UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM RACKSPACE® HOSTING | 5 MILLINGTON ROAD | HYDE PARK HAYES, MIDDLESEX UB3 4AZ UK INTERNATIONAL: +44 (0)20 8734 2500 | FREEPHONE: 0800 988 0100 | WWW.RACKSPACE.CO.UK RACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN TH E UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM Nikki.Tirado@rackspace.co.uk Nikki Tirado@nikkitirado