Our client is the fastest growing information security company in Asia providing services such as security assurance, compliance, governance, monitoring, analytics, and management services. Over the past decade, they have been delivering technology solutions to ensure impenetrable security to 700 customers in 30 countries across Asia and Europe. Using their industry knowledge, security-related expertise, and technology capabilities, they offer a unique technology platform and integrated services framework for their clients to actively monitor, reduce, and prevent risk.
The Office Security Portal is an online console that manages multiple functions pertaining to the client’s office security services at various customer locations. Our client’s business solution is an amalgam of hardware and software components providing security services and the ability to manage service configurations. The service subscription and service delivery of all office security service related reports/analysis is controlled from the client’s cloud infrastructure. This cloud infrastructure has multiple servers that cater to various functions in office security service management.
Being a security service provider, the client required a portal with functionality that would enable them to manage different user roles. Their customers are organizations that have one or more CPEs (Customer Premise Equipment) and avail different services from the client.
The client needed a scalable web portal that integrates with the CPE to manage various services. The web portal was expected to offer various service desk functionalities and integrate with third-party systems for implementing SMS functionality.
QBurst developed a scalable, user friendly, and aesthetically appealing portal for client users and their customers. The fully functional web portal was customized to manage all front-end functions related to the security services offered through CPE by the client for customers and their own users. The portal was integrated with key internal and external systems for optimum performance and results. There are mainly three roles—Customer (account owner, admin, users), Sales Manager, and Client (users, admin)—that can carry out assigned operations.
- Web portal provides a single access point for customers to subscribe/unsubscribe services and manage service configuration of their CPE.
- Central Controller handles service subscription related change requests from portal and appropriately configures them.
- CPE Controller runs the CPE and checks whether all configured services are functional.
- The highly customizable dashboard includes various widgets.
- Service management feature includes all security services such as Firewall, VPN, IPS/IDS, and proxy managing functionality.
- Customers can raise service requests through the service desk provided in the portal.
- Portal sends alerts and notifications generated manually or automatically.
- User management helps add/edit/delete/disable users of client OSP.
- Log analysis and report generation were incorporated.
- SMS and email gateways were implemented.
QBurst developed a multi-tiered architecture to effectively service data requests for large scale deployments and provide a scalable systematic structure. We used Spring Security with Hibernate and Velocity Templates for the development of four components.
Security Portal: This includes user authentication/authorization, customer/site/user views, service desk for ticket management, CPE service configurations, reports, notifications, and settings. The portal allows customers to create tickets for service configurations and the client admin serves the ticket by tuning the services in the portal.
Central Controller: This is basically an API service through which all the communication between CPE and portal is achieved. It is also used for several backend jobs with the help of Quartz Scheduler.
CPE Web App: This facilitates local user LDAP authentication and identity management.
Log Analysis: This is for analyzing various service logs from CPE and populating report data for the portal. It uses regular expressions and pattern matching for log parsing and handles multiple jobs efficiently in a threaded manner.
- Spring 3.1.0
- Hibernate 3.6.4
- The portal could scale to handle 5000 CPEs with 50–500 users/hosts per CPE.
- The intuitive and easy-to-navigate user interface facilitated client and end-customer use.
- All features and functionalities seamlessly worked across multiple browsers (Internet Explorer, Firefox, Chrome).
- The portal was compliant with Top 10 OWASP security practices and passed the security assessment by the client’s testing team.