Nayax is a leading cashless, telemetry, management, monitoring & BI solutions provider for the unattended machine industry, including vending machines. The Nayax solution is compatible with all forms of credit, debit, prepaid, and postpaid cards in the form of contact, swipe, and contactless payment.
Its system is compliant with all automated vending machine protocols, fits to all machines, and provides the hardware, software, SIM cards, connectivity, credit card clearing, and management & monitoring solutions to energize your vending business. The Nayax Cashless Payment & Telemetry System has worldwide wireless coverage, the latest technology and secure access to the Nayaxvend back office—an online management and control application.
With its increasing popularity, along with the huge rise in connected devices, the cloud is fast becoming a favored target for cyber attackers looking to exploit security vulnerabilities and gain access to valuable corporate and financial data. This makes financial data security critical to applications that rely on online cashless purchases. Nayax systems communicate with financial organizations, such as banks, and online payment services, such as PayPal, and need to have a highly secure and segmented network. The company also needs to ensure traffic generated by its systems is transmitted to these financial organizations from a trusted IP source.
Successful migration and deployment of Nayax services to AWS required a system of consistent database backup as well as building a complete disaster recovery (DR) solution. These would have to support not only live services but also the whole system configuration—including Fortinet virtual firewall appliances, which are a critical security building block for Nayax. However, when the company first explored the options available, there was no native or common practice they could turn to for their complex security and recovery requirements.
As Nayax grew, one of the main challenges it faced was migrating and replicating services in new regions quickly and being able to support the rapidly increasing demand for its services. With a colocated data center approach, it would’ve taken considerably longer to identify and purchase the resources required as well as configure, test and manually deploy its network and systems. As this whole process took weeks to complete, Nayax looked for a solution that would arm the IT team with a fast and flexible deployment solution.
In comparison with its colocated data center resources, which are exclusively dedicated to Nayax workloads, AWS is a multi-tenant environment. So the first question the Nayax team needed to answer was whether Amazon would be able to support the thousands of MSSQL database write-intensive transactions every second (85% of all transactions) in a reliable way when dealing with financial data and large data blocks.
Nayax implemented Emind best practices to securely construct an enterprise-grade cloud architecture and support its network design process, leveraging a number of AWS products and services to ensure protection.
It used Route 53 and CloudFront, Amazon cloud’s DNS and CDN services respectively, to route traffic through its Fortinet appliances in the lower system layers. These appliances provide comprehensive threat protection including intrusion prevention, SSL encryption and antivirus. In addition, the appliances also provided first-layer load balancing to support the Nayax UDPunique communication method. They also serve as secure IPSec gateways providing a secure tunnel between the cloud and the Nayax on-premise environment. In addition, each system layer includes web servers, middle tiers and databases, which are secured using a separate AWS VPC.
Finally, the system needs to validate that the IP addresses are white-listed by these financial organizations. Emind deployed an AWS Lambda process to validate the list of IP addresses used for outbound traffic— to support trusted and secure communication with external financial organizations.
Emind cloud experts deployed an active-active cluster configuration across AWS availability zones (AZs). In other words, all nodes in the cluster actively process server requests, which are distributed between them by a load balancer. This offers better throughput and response times in comparison with an active-passive arrangement, where at least one of the nodes acts as a secondary failover server and so remains on standby.
What’s more, to provide redundancy, the Nayax solution also maintains an active replica of all system components, including the web and middle tier servers as well as the MSSQL database. The replica database node is in active mode, but is read only, meaning it can still be queried by Nayax systems. However, if something happens to the main node, operations automatically fail over to the read-only node, which then becomes a read/write node. In addition to the core components of the system and to ensure consistent security, the joint Nayax and Emind team deployed an active replica of the Fortinet appliances as well, thereby keeping the unique Nayax architecture highly secure even in the case of a disaster. In addition, for monitoring purposes, the teams deployed Graylog for log management and Opsview for monitoring the whole cloud deployment.