10. Topic 2, Contoso, Ltd Case Study B
Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco.
Payment Processing Query System
Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server 2014 database All servers run Windows Server 2012 R2.
The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago-
The database is currently J IB and is not expected to grow beyond 3 TB.
The payment processing system has the following compliance related requirement
• Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store.
• Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years.
• Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number
• Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years,
• Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances.
• Only allow all access to all the tiers from the internal network of Contoso.
Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage
Historical Transaction Query System
Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase.
Information Security Requirement
The IT security team wants to ensure that identity management n performed by using Active Directory.
Password hashes must be stored on premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication.
Contoso plans to implement the following changes:
* Migrate the payment processing system to Azure.
* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Contoso identifies the following general migration requirements:
Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention
• Whenever possible. Azure managed serves must be used to management overhead
• Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
• If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-
• If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
• Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of 9959 percent availability
• Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.
• Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
• Insure that the payment processing system preserves its current compliance status.
• Host the middle tier of the payment processing system on a virtual machine.
Contoso identifies the following requirements for the historical transaction query system:
• Minimize the use of on-premises infrastructure service.
• Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
• If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.
The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.
Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory.
Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.
You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.
What should you include in the recommendations?