Bancard streamlines PCI compliance with Canonical's Landscape

Landscape centralises management of Ubuntu servers to increase efficiency and support compliance with financial industry regulations

Summary

NA Bancard provides fully managed, cost-effective payment processing services, enabling US businesses to accept non-cash payments in store, online, and through mobile channels. Mission-critical financial transactions are processed by more than 100 Ubuntu servers, which are managed centrally using Canonical’s Landscape systems management and monitoring tool. Since deploying Landscape, NA Bancard has greatly reduced the time and cost associated with routine server administration and achieved fast returns on investment. It has also improved the speed and consistency of patch management, change management, user management and asset management, streamlining compliance with complex Processing Card Industry (PCI) regulations.

Challenge

Today, accepting credit cards and other non-cash payments is a necessity for most US businesses. What’s more, the rapid growth of online and mobile channels is placing greater demands than ever on payments systems and infrastructure.
To help organisations overcome these challenges, NA Bancard provides all the infrastructure and systems business customers need to process non-cash payments across multiple channels – all as a fully managed service. Providing a wide range of capabilities, from credit and debit card processing to electronic balance transfers and gift and loyalty cards, NA Bancard offers some of the lowest rates in the industry, helping businesses keep hold of their hard-earned profits.

Serving 135,000 customers and processing transactions worth $12 billion every year, NA Bancard and its customers need IT infrastructure that is constantly available and totally secure. Equally importantly, the company’s IT environment and management processes must comply with strict Payment Card Industry (PCI) regulations.

“PCI regulations can be a minefield,” says Kelly Corbin, Senior Systems Administrator at NA Bancard. “Once a year, we have to demonstrate proper management of our IT environment, from change management and user management, to data management, backup and recovery. That can be a nightmare – especially if management is carried out manually on individual servers,” he adds.

To streamline PCI compliance requirements and automate time-consuming management tasks, Corbin and his team began looking for a new solution to centralise and automate server administration. “We wanted tools for managing patches, provisioning resources and controlling user access centrally in a fully automated and compliant way,” he says. “What’s more, we needed better visibility of available IT resources to ensure consistently excellent service for our customers.”

Solution

NA Bancard uses the Linux-based Ubuntu Server operating system to deliver world-class payments services for its customers. “Ubuntu is extremely easy to harden for security, and it provides the high levels of availability and performance we need in our industry,” says Kelly. “We process all our customers’ transactions using 100 Ubuntu Servers running 10.04 and 12.04 LTS versions,” he adds.

Corbin evaluated a number of potential solutions for centralising and automating management of the company’s mission-critical Ubuntu estate. “It wasn’t easy to find a solution for automating management and compliance at first,” he says. “However, when I discovered Canonical’s Landscape Server, I knew it was the perfect fit for us.”

Available through the Ubuntu Advantage service, Canonical’s Landscape systems monitoring and management tool is designed to support efficient administration of large, distributed Ubuntu deployments. Landscape is available as both an online, hosted service and a dedicated service – and NA Bancard chose the latter to maximise security.

Landscape provides simple tools for managing NA Bancard’s Ubuntu servers and running scripts from a single, centralised interface. These tools help the admin team reduce time spent on routine tasks and streamline compliance with key PCI management requirements. Specifically, the company is using Landscape to increase the efficiency of:

Patch management

Landscape enables deployment of security updates and other patches across sub-sets of Ubuntu servers or the entire NA Bancard estate with the click of a mouse, reducing management workloads and ensuring all servers are secure and up to date.

Compliance reporting

Landscape uses pre-saved scripts to collect and consolidate compliance data across the Ubuntu estate. This is made available to administrators and auditors to demonstrate compliance with PCI regulations for IT management.

User access management and resource provisioning

Using Landscape, the admin team gives users access to the resources they need using scripts pushed out to multiple servers, with no need for time-consuming configuration of individual machines.

Asset management

Landscape uses centrally stored scripts to collect information on hardware and software across the NA Bancard environment, providing a clear, current view of available resources.

Results

Streamlined PCI compliance

Landscape makes it much faster and easier for NA Bancard to comply with key PCI regulations for IT infrastructure and management – and demonstrate compliance to the regulator. “Because we can manage groups of machines and the entire Ubuntu estate centrally, and run scripts across multiple machines as timed events, we can be sure that we are meeting PCI requirements for patch management, change management, user access, security and more,” says Corbin. “Auditors love the fact that we have centralised tools for updating servers and reporting on every element of our infrastructure,” he adds.

With Landscape, NA Bancard has reduced the time needed to comply with its annual PCI audit significantly. “We currently undergo audits once a year, but we will soon move to a six-monthly audit cycle,” says Corbin. “When that happens, the impressive time savings we achieve with Landscape will double overnight,” he adds.

Time savings on routine admin

Previously, Kelly and his team logged on to individual servers to make changes or provide access for new users. “Landscape is a one-stop-shop for all our server management and monitoring needs,” he says. “For example, if I want to give web masters access to web servers, I can do it centrally, instead of accessing and configuring 20 web servers,” he adds. “That’s just one example of how Landscape reduces our administrative workloads by an order of magnitude and frees our team to focus on value-added projects.”

Fast returns on investment

The time savings delivered by Landscape translate into significant cost reductions and fast returns on NA Bancard’s investments. “We consider Landscape to be a very worthwhile investment,” says Corbin. “The technology has already paid for itself and we expect it to deliver even greater returns in the future.”

Improved visibility of available resources

Previously, there was undocumented hardware in the NA Bancard environment, making it difficult to analyse available resources.
“We couldn’t drill down to see details of each server and its components, which impacted planning and provisioning decisions,” says Corbin. “With Landscape, we can drill down into every server to see exactly what’s inside it – helping us improve capacity planning and performance,” he adds. “What’s more, when we add a new server, it is integrated into the system automatically, ensuring we always have a current, accurate view of our environment and the resources available.”

As well as informing better planning decisions, information on hardware resources is extremely valuable for NA Bancards asset team. “By passing on information about servers to the asset team, we help them understand how the value of equipment is depreciating over time and make better financial decisions,” says Corbin.

Management simplicity

Landscape is an extremely intuitive system that reduces management complexity at every turn. “I would say that Landscape makes simple admin tasks even simpler,” adds Corbin. “Because we can update and configure multiple servers centrally with the click of a mouse, we can reduce the time we spend on routine tasks and focus on strategic tasks that add real value to the business.”

Increased service availability

Landscape provides a clear view of processes running on every NA Bancard server, at any given time. As a result, it is possible to identify potential issues before they impact customer-facing services. “Landscape gives us new insight into what could potentially go wrong,” says Corbin. “This means we can remediate any issues before they impact service and increase the availability of our mission-critical services.”

Enterprise-class support

NA Bancard is able to access Landscape through Canonical’s Ubuntu Advantage service, which provides enterprise-class support for Ubuntu environments. “It’s testament to the quality and reliability of Ubuntu that we have hardly ever called on Canonical for support,” says Corbin. “However, when we did need them, they responded quickly with a solution that kept our critical systems up and running – which is just the kind of commitment and responsiveness we need in the financial services industry.”

Fast, simple deployment

NA Bancard was able to deploy Landscape very quickly and easily across all 100 of its Ubuntu servers. “We had Landscape deployed and devices registered to it within two hours and I was able to start using the system with no need for additional training,” says Corbin. “There was no disruption to our critical processes, and we were able to enjoy the benefits of centralised, streamlined server management from the word go.”