Continuity and Resilience (CORE)

ISO 22301 BCM Consulting Firm

Presentations by speakers at the

4th India Business & IT Resilience Summit

7th October, 2016 | Hotel Hilton, Mumbai India

Our Contact Details:

INDIA UAE

Continuity and ResilienceLevel 15,Eros Corporate Tower

Nehru Place ,New Delhi-110019Tel: +91 11 41055534/ +91 11 41613033

Fax: ++91 11 41055535Email: ms@continuityandresilience.com

Continuity and ResilienceP. O. Box 127557

Abu Dhabi, United Arab EmiratesMobile:+971 50 8460530

Tel: +971 2 8152831Fax: +971 2 8152888

Email: info@continuityandresilience.com

BCM & IT resilience in Aadhaar

Sumnesh JoshiADG, UIDAI Mumbai

4th INDIA Business & IT Resilience Summit

October 7, 2016 Mumbai

Understanding Aadhaar System

The Unique ID initiative

UIDAI mandate

To provide a unique number to the

residents of India

Collect basic demographic

information and biometric information

Guarantee non-duplication through

biometrics

Offer online authentication

services that can be used across India

Context and Need for Unique IDs

To clean up existing databases, to remove Duplicates and Fakes

To improve targeting and delivery of services

Enable service and applications that require a

verifiable unique ID

www.uidai.gov.in

Enroll Once …

5

Demographic Data Biometric Data

Resident’s Photograph

Resident’s

Finger Prints

Resident’s

Iris

• Mandatory data:– Name, Age/Date of Birth,

Gender and

– Address of the resident.

• Conditional data:– Parents/Guardian details

• Optional data:– Phone no., email address

• 12-digit Aadhaar Number - Unique, lifetime, biometric based identity

… Authenticate many times

• Supports answering the question “is a resident the person he/she claims to be”– Verifies resident information (demographics, biometrics, and OTP) for

a given Aadhaar number (1:1 matching)

– Online identity verification that is lightweight, ubiquitous, and secure

– responds with a “yes/no” and no personal identity information is returned as part of the response

– eKYC i.e sharing resident information with his / her consent

• Supports multi-factor authentication using demographics, biometrics, OTP and combinations thereof

• Supports all types of protocols and devices– Personal computer, mobile, PoS terminals, etc.

– Works with assisted and self-service applications

6

YES OR

NO

Name, GenderDOB, Address, …

OTP

OTP Request

AUA (Authentication Services)

OTP

KUA (e-KYC user) Services

Aadhaar Holder

Auth

Server

Leased lines

ASA

ASA

ASA

ASA

ASA

AUA

AUA

UIDAI Data Centre

Sub-AUA

Authentication Devices

Aadhaar Authentication Ecosystem Architecture

Work so far …

• Program launched on the ground in Sept 2010

• Enrolment– About 106 crore enrolments currently done and target to achieve

100% coverage by March 2017

• Authentication1. Around 90-95 lakh Auth transactions per day

2. 2,12,387 eKYC transaction per day using Finger print

3. 28,821 eKYC transactions per day using IRIS

4. 2.65 Cr Bank accounts have been opened using eKYC

5. 1,15,635 Micro ATM deployed

6. 1.14 Cr AePS transactions happened in July 16

11

Technology behind Aadhaar

Architecture Principles• Design for large scale

– Every component needs to scale to large volumes

– Millions of transactions and billions of records

• No vendor lock-in across the system– Use of open standards to ensure interoperability allowing multiple

vendors to supply systems/software/hardware

– If there are no standards, create one

– Allow the ecosystem to build plug-n-play libraries to standard APIs

– Use of open-source technologies wherever prudent

• Performance metrics made public through portal for transparency (PII anonymized)

• Strong end-to-end security

13

Designed for Scale

• Horizontal scalability for all components

– “Open Scaleout” architecture is the key

– Distributed computing on commodity hardware

– Distributed data store and data partitioning

– Horizontal scaling of “data store” a must!

• NO single point of bottleneck for scaling

– Typically, in database driven architecture, RDBMS become the single point of bottleneck

• Asynchronous processing throughout the system

– Allows loose coupling various components

– Allows independent component level scaling14

Enrolment Volume

• 1000 million Aadhaars in 6 years– Last 3months , 12 million aadhaar in a month

– 100+ trillion biometric matches a day!!!

• ~5MB per resident– Maps to about 10 PB of raw data!

– About 5+ TB of incremental data every day

– Replication and backup across data centers

– New enrolments and updates adds more data

• Additional workflow/process/event data– 100+ million events on an average moving through async channels

– Needing complete update and insert guarantees across data stores

– 15-20 TB I/O processing every day!

15

Authentication Volume

• 100+ million authentications per day– Mostly during 10 hr period

– Possible high variance on peak and average

– Multi-DC Active-Active architecture

• 100 million authentications per day means– 1 billion audit records every 10 days

– 4 TB encrypted audit logs every 10 days

– Need to keep recent audits online and older ones in archive

– Audit write must be guaranteed

16

BCM & IT resilience in Aadhaar

Need for BCM & IT resilience

• Aadhaar manages identity data of a billion+ residents– Data protection and service continuity very critical

– Data protection required for 10+ PB

• Stringent BCM & IT resilience Goals– Recovery Point Objective (RPO) must be zero (no data

loss across the system)

– Recovery Time Objective (RTO) must be less than 4 hours for enrolment and zero for authentication

• 24x7, multi data center operation

Need for BCM & IT resilience

• Having a business continuity and disaster recovery plan is a necessity – natural disasters such as flooding, earthquakes, to

man-made events such as power outages and terrorism

• Loss of critical enrolment data and the core CIDR services – results in financial and intangible losses that are

difficult to calculate

• Loss of authentication service and data means many services in the country will be affected

Data Center Details

• Currently 2 large data centers in Bangalore and Manesar

• Data centers connected via 1 Gbps links

– All data replicated across data centers

– 5+ TB of data replicated every day

• 24x7 Network Operations Center (NoC)

• Well defined, secure, rigorous data center processes

• Applications architected to run in multi-DC high availability mode allowing UIDAI to meet zero RPO and near-zero RTO

Comprehensive Framework

Failure levels & Impact

ITIL Processes at CIDR• Incident / Service Request Management

– Incident classification and SLA definition

– Tools and Knowledgebase for tracking and analysis

– People, Processes, and escalation

• Application Release Management– Major releases, patch management

– Automated deployment through central systems

– Staging, testing, rollout processes, tools, and teams

• Availability Management– Service availability, SLAs, metrics

– 24x7 NoC, monitoring, resolution, and escalation processes

Non–IT Related Requirements

• People– Staff for DR site

– Call center (separate and integrated)

• Operational – Declaring and communicating disaster to all

considered parties (registrars, others)

– Regular drills to ensure readiness in the event of a disaster

Conclusion

• Aadhaar is the largest biometric based online identity system in the World

– Providing “unique” identity to all residents

– Providing increased “access”, “Convenience”, and “transparency” to common man

• Aadhaar data is very large and is most critical

• Aadhaar services are 24x7 across multiple DCs

• BCP & DR requires clear definition, detail planning, and flawless execution

• Zero RPO and near Zero RTO must

26

THANK YOU