bcm & it resilience in aadhaar
TRANSCRIPT
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
4th India Business & IT Resilience Summit
7th October, 2016 | Hotel Hilton, Mumbai India
Our Contact Details:
INDIA UAE
Continuity and ResilienceLevel 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535Email: [email protected]
Continuity and ResilienceP. O. Box 127557
Abu Dhabi, United Arab EmiratesMobile:+971 50 8460530
Tel: +971 2 8152831Fax: +971 2 8152888
Email: [email protected]
BCM & IT resilience in Aadhaar
Sumnesh JoshiADG, UIDAI Mumbai
4th INDIA Business & IT Resilience Summit
October 7, 2016 Mumbai
Understanding Aadhaar System
The Unique ID initiative
UIDAI mandate
To provide a unique number to the
residents of India
Collect basic demographic
information and biometric information
Guarantee non-duplication through
biometrics
Offer online authentication
services that can be used across India
Context and Need for Unique IDs
To clean up existing databases, to remove Duplicates and Fakes
To improve targeting and delivery of services
Enable service and applications that require a
verifiable unique ID
www.uidai.gov.in
Enroll Once …
5
Demographic Data Biometric Data
Resident’s Photograph
Resident’s
Finger Prints
Resident’s
Iris
• Mandatory data:– Name, Age/Date of Birth,
Gender and
– Address of the resident.
• Conditional data:– Parents/Guardian details
• Optional data:– Phone no., email address
• 12-digit Aadhaar Number - Unique, lifetime, biometric based identity
… Authenticate many times
• Supports answering the question “is a resident the person he/she claims to be”– Verifies resident information (demographics, biometrics, and OTP) for
a given Aadhaar number (1:1 matching)
– Online identity verification that is lightweight, ubiquitous, and secure
– responds with a “yes/no” and no personal identity information is returned as part of the response
– eKYC i.e sharing resident information with his / her consent
• Supports multi-factor authentication using demographics, biometrics, OTP and combinations thereof
• Supports all types of protocols and devices– Personal computer, mobile, PoS terminals, etc.
– Works with assisted and self-service applications
6
YES OR
NO
Name, GenderDOB, Address, …
OTP
OTP Request
AUA (Authentication Services)
OTP
KUA (e-KYC user) Services
Aadhaar Holder
Auth
Server
Leased lines
ASA
ASA
ASA
ASA
ASA
AUA
AUA
UIDAI Data Centre
Sub-AUA
Authentication Devices
Aadhaar Authentication Ecosystem Architecture
Work so far …
• Program launched on the ground in Sept 2010
• Enrolment– About 106 crore enrolments currently done and target to achieve
100% coverage by March 2017
• Authentication1. Around 90-95 lakh Auth transactions per day
2. 2,12,387 eKYC transaction per day using Finger print
3. 28,821 eKYC transactions per day using IRIS
4. 2.65 Cr Bank accounts have been opened using eKYC
5. 1,15,635 Micro ATM deployed
6. 1.14 Cr AePS transactions happened in July 16
11
Technology behind Aadhaar
Architecture Principles• Design for large scale
– Every component needs to scale to large volumes
– Millions of transactions and billions of records
• No vendor lock-in across the system– Use of open standards to ensure interoperability allowing multiple
vendors to supply systems/software/hardware
– If there are no standards, create one
– Allow the ecosystem to build plug-n-play libraries to standard APIs
– Use of open-source technologies wherever prudent
• Performance metrics made public through portal for transparency (PII anonymized)
• Strong end-to-end security
13
Designed for Scale
• Horizontal scalability for all components
– “Open Scaleout” architecture is the key
– Distributed computing on commodity hardware
– Distributed data store and data partitioning
– Horizontal scaling of “data store” a must!
• NO single point of bottleneck for scaling
– Typically, in database driven architecture, RDBMS become the single point of bottleneck
• Asynchronous processing throughout the system
– Allows loose coupling various components
– Allows independent component level scaling14
Enrolment Volume
• 1000 million Aadhaars in 6 years– Last 3months , 12 million aadhaar in a month
– 100+ trillion biometric matches a day!!!
• ~5MB per resident– Maps to about 10 PB of raw data!
– About 5+ TB of incremental data every day
– Replication and backup across data centers
– New enrolments and updates adds more data
• Additional workflow/process/event data– 100+ million events on an average moving through async channels
– Needing complete update and insert guarantees across data stores
– 15-20 TB I/O processing every day!
15
Authentication Volume
• 100+ million authentications per day– Mostly during 10 hr period
– Possible high variance on peak and average
– Multi-DC Active-Active architecture
• 100 million authentications per day means– 1 billion audit records every 10 days
– 4 TB encrypted audit logs every 10 days
– Need to keep recent audits online and older ones in archive
– Audit write must be guaranteed
16
BCM & IT resilience in Aadhaar
Need for BCM & IT resilience
• Aadhaar manages identity data of a billion+ residents– Data protection and service continuity very critical
– Data protection required for 10+ PB
• Stringent BCM & IT resilience Goals– Recovery Point Objective (RPO) must be zero (no data
loss across the system)
– Recovery Time Objective (RTO) must be less than 4 hours for enrolment and zero for authentication
• 24x7, multi data center operation
Need for BCM & IT resilience
• Having a business continuity and disaster recovery plan is a necessity – natural disasters such as flooding, earthquakes, to
man-made events such as power outages and terrorism
• Loss of critical enrolment data and the core CIDR services – results in financial and intangible losses that are
difficult to calculate
• Loss of authentication service and data means many services in the country will be affected
Data Center Details
• Currently 2 large data centers in Bangalore and Manesar
• Data centers connected via 1 Gbps links
– All data replicated across data centers
– 5+ TB of data replicated every day
• 24x7 Network Operations Center (NoC)
• Well defined, secure, rigorous data center processes
• Applications architected to run in multi-DC high availability mode allowing UIDAI to meet zero RPO and near-zero RTO
Comprehensive Framework
Failure levels & Impact
ITIL Processes at CIDR• Incident / Service Request Management
– Incident classification and SLA definition
– Tools and Knowledgebase for tracking and analysis
– People, Processes, and escalation
• Application Release Management– Major releases, patch management
– Automated deployment through central systems
– Staging, testing, rollout processes, tools, and teams
• Availability Management– Service availability, SLAs, metrics
– 24x7 NoC, monitoring, resolution, and escalation processes
Non–IT Related Requirements
• People– Staff for DR site
– Call center (separate and integrated)
• Operational – Declaring and communicating disaster to all
considered parties (registrars, others)
– Regular drills to ensure readiness in the event of a disaster
Conclusion
• Aadhaar is the largest biometric based online identity system in the World
– Providing “unique” identity to all residents
– Providing increased “access”, “Convenience”, and “transparency” to common man
• Aadhaar data is very large and is most critical
• Aadhaar services are 24x7 across multiple DCs
• BCP & DR requires clear definition, detail planning, and flawless execution
• Zero RPO and near Zero RTO must
26
THANK YOU