This document serves as an overview on KATSANA Infrastructure, handling large-scale processes daily. The infrastructure is built from ground up to scale, and encapsulates the best of our know-how and experience since the beginning of KATSANA.
KATSANA services run on Amazon Web Services (AWS) at the Singapore datacenter (ap-southeast-1).
Security – Application
- HTTPS on all services, including API calls – Full SSL with Grade A certified implementation. RSA 2048-bits, SHA 256 with RSA certificate.
- Laravel framework has implemented good security measure, with code that is always reviewed by the community.
- Login throttles for consecutive login failures.
- Bcrypt-hashed password storage.
- Cookies stored with AES-256-CBC encryption/cypher.
- All requests are secured with CSRF token
Security – Servers
- AWS Security Groups firewall on all server instances and as well as IAM roles where each server only allowed to do what it supposed to do.
- Locked down server login using key and limited to only CTO & DevOps. No engineer nor company personnel has access to the production server.
- Closed unused ports and restrict direct access to certain IPs • Automated and manual security updates that immediately patch exploits / vulnerability.
- Logs are shipped to log server and monitored for suspicious activities
KATSANA Platform offers 99.5% uptime.
Note: While KATSANA Platform is highly redundant with high availability, it is heavily reliant on the availability of GSM connectivity and coverage. Network disruption on the telco side is bound to affect the transmission of location data from vehicle to the Infrastructure. As this is outside of our direct control, KATSANA is unable to provide a service warranty for telco connectivity.
Note: ‘KATSANA web’ above refers to https://www.katsana.com website which runs separately from KATSANA Platform. KATSANA Platforms typically performs at 99.95% or better availability.
Backup – Database
KATSANA runs full daily backup during low traffic hours at midnight to avoid any disruption to our service..
Backup are compressed and encrypted with AES-256 encryption and stored in AWS S3 bucket.
Full backup are kept for 90 days before being securely erased.
Backup – Code
Source code are hosted at Github.
Access to code are controlled and limited to staff that has permission.
Disaster Recovery – Database
In the event of disaster events such as database server crash, we have dedicated slave database server that can be promoted to be master in a matter of minutes. If in the worst case both main and slave database server crash and cannot be recover, KATSANA can restore the database using the full backup that we run daily.
Disaster Recovery – App Server
All our app server use autoscale technology which builds from an image that we constantly create every time a new version is released. In the event of an app server crash, a new server instance will be automatically launched using the latest image to replace the crashed server.