eCustoms Traveller - System Architecture

10,000

Passengers / Hour / Direction

40,000

Passengers / Day / Direction

<300ms

AI Inference Latency

99.9%

Integration Uptime SLA

5,000+

API Calls / Minute

CLIENT / PRESENTATION LAYER

Web Application (React)Officer Dashboard · Admin Console · Analytics

Mobile App (Flutter)Traveller App · iOS + Android · Offline-Ready

Self-Service KioskBukit Chagar & Woodlands · QR + Biometric

▼

API GATEWAY & SECURITY LAYER

Apache APISIXRate Limiting · Throttling · JWT/HMAC · Open-Source

WAF (FortiGate)OWASP · XSS · SQLi · Bot Protection

Load BalancerRound Robin · Weighted · Health Probes

mTLS TerminationTLS 1.3 · Strict Cipher Suite

RBAC MiddlewareOAuth2 · OpenID Connect · CSRF

▼

MICROSERVICES LAYER (SUSE RANCHER / RKE2)

Registration ServiceE-KYC · OTP · Account Mgmt

Declaration ServiceForms · QR Code · Draft · Status

Assessment ServiceHS Code · Duty Calc · Rules Engine

Payment ServiceFPX · eWallet · CC · Receipts

Compound ServiceIssuance · Appeal · Settlement

Seizure ServiceRecords · Evidence · Disposal

Reporting ServiceDashboards · Analytics · Export

Access Control ServiceRBAC · Roles · Permissions

Notification ServicePush · Email · SMS · In-App

Helpdesk ServiceTickets · SLA · Escalation

Audit ServiceTamper-Proof Logs · Hash Chain

▼

AI / MACHINE LEARNING LAYER

Face Recognition Engine≥75% Accuracy · Liveness · Anti-Spoof

OCR EnginePassport · MyKad · Visa · Auto-Extract

Risk Scoring EngineTraveller Profiling · Country Risk · Velocity

Fraud DetectionAnomaly Detection · Pattern Analysis

CCTV Analytics11fps @ 2m · Object Detection · Thermal

ML Pipeline (MLOps)Training · Drift Detection · Auto-Retrain

▼

EVENT BUS & INTEGRATION (IRIS + KAFKA)

Strimzi (Apache Kafka)Event Streaming · K8s-Native Operator · CNCF

InterSystems IRISIntegration Engine · DTL Mapping · Routing · Fallback

Dead Letter QueueKafka DLQ + IRIS Error Handling

External APIsBNM · FPX · MyDigitalID · MyGDX · RMS

IRIS Business ServicesWebhook Receive · Payment Callbacks · E-KYC Events

▼

DATA LAYER

MS SQL 2022 EnterprisePrimary RDBMS · 4 VMs × 8 vCPU

Redis ClusterSession Cache · Rules Cache · Rate Limit

MinIO / Object StorageDocuments · Images · Evidence

Elastic Stack 8.xUnified APM · SIEM · Logs · Infra Monitoring · Forrester Leader

Secure VaultBiometric Store · AES-256 · KMS Rotation

▼

INFRASTRUCTURE LAYER

Sangfor HCI on HPE ProLiant (Putrajaya DC)4× HPE Nodes · 2×32-Core · 385GB RAM · aSAN · NVIDIA L4 GPU (Node 4)

Sangfor HCI on HPE ProLiant (DRC Kelana Jaya)2× HPE Nodes · DR Replication · Sangfor CDP

H3C Spine-Leaf Network25GbE Fabric · VXLAN · BGP-EVPN · HPE Ecosystem

FortiGate NGFW (HA)160Gbps · WAF · IPS · LB · Active-Active

Dahua WizMind NVR + CCTVBukit Chagar & Woodlands · AI-Enabled · 15TB

Technical Architecture Diagrams

Visual representations of all key architecture components. All technologies are Gartner/Forrester analyst-validated.

0Overall Technology Architecture - Layered View

Gartner Leader Forrester Leader Gartner MQ Recognized SOC Mandated | 11 Layers · 30+ Technologies · All Analyst-Validated

1Multi-Site Deployment Architecture

2Data Center Network Topology - Spine-Leaf Architecture

3DevSecOps CI/CD Pipeline Flow

4Integration Architecture - API Gateway Pattern

5Security Architecture - Defence-in-Depth Zones

6Traveller Journey - End-to-End Data Flow

Recommended Technology Stack

Application Layer

Component	Technology	Analyst Recognition	SOC Alignment	Justification
Web Frontend	React 18 + TypeScript	-	2-5-d multi-browser	Enterprise-grade, large talent pool in MY, responsive by default
Mobile App	Flutter 3.x	-	2-6 Mobile Module	Single codebase iOS+Android, offline-first, Bloc state management as specified in SOC
Backend Services	Java 21 + Spring Boot 3	-	2-5-a KRISA compliance	Government-preferred, mature K8s support, strong security libraries, aligns with MAMPU/CGSO
API Gateway	Apache APISIX	Apache Software Foundation · CNCF-adjacent · Cloud-Native API Gateway	2-5-13-1a API Gateway	Apache 2.0 open-source, zero cost. Rate limiting, throttling, JWT/HMAC signing, request transformation, load balancing. Built on Nginx/OpenResty with higher throughput than Kong. Native Kafka logging plugin feeds directly to Elastic. WAF covered by FortiGate. Declarative YAML + etcd config (GitOps-friendly). No vendor lock-in, no enterprise upsell
API Documentation	Swagger / OpenAPI 3.1	-	B-5-4 API skills	Mandatory per Lampiran B-5-4, auto-generates client SDKs
Internal Communication	gRPC	-	B-5-4 gRPC requirement	Low-latency inter-service calls, Protocol Buffers for type safety

AI / Machine Learning

Component	Technology	Analyst Recognition	SOC Alignment	Justification
ML Framework	PyTorch + TensorFlow	-	B-5-4 AI skills	Both explicitly mentioned in Lampiran B-5-4; PyTorch for R&D, TF for production serving
Face Recognition	InsightFace / ArcFace	-	2-7-9 ≥75% accuracy	Open-source, exceeds 75% threshold, supports liveness detection
OCR Engine	PaddleOCR	-	2-5-3-3 E-KYC OCR	Passport MRZ + multilingual document extraction. PaddlePaddle framework handles both structured (MRZ) and unstructured text. Tesseract dropped - PaddleOCR superior for Asian language support
ML Serving	NVIDIA Triton Inference Server	Forrester Leader - AI Infrastructure (NVIDIA)	2-5-12-10 <300ms	GPU-accelerated inference on NVIDIA L4, model concurrency, dynamic batching, meets <300ms latency
MLOps	MLflow (Phase 2)	-	B-5-4 drift detection	Phase 2 deployment: model versioning, experiment tracking, drift detection. Initial deployment uses manual model packaging into Triton. Reduces day-one ops burden
CCTV AI	NVIDIA DeepStream	Forrester Leader - AI Infrastructure (NVIDIA)	2-7-9 11fps @ 2m	Hardware NVDEC decode on L4 GPU, multi-camera batching (8+ streams), feeds Triton for face recognition

Data & Messaging

Component	Technology	Analyst Recognition	SOC Alignment	Justification
Primary Database	MS SQL Server 2022 Enterprise	Gartner Leader - Cloud DBMS (Microsoft, 6th year)	3-1-1 Mandated	Explicitly required: 4 VMs, 8 vCPU each, 3-year SA
Cache Layer	Redis 7 Cluster	-	2-5-8-10 Caching	Industry-standard in-memory cache; session management, HS code rules caching, rate limiting
Message Broker	Strimzi (Apache Kafka on K8s)	CNCF Sandbox · Apache Kafka Core · K8s-Native Operator	2-5-13-1d Event-driven	Kafka explicitly mentioned in SOC. Strimzi runs vanilla Apache Kafka as K8s operator with built-in monitoring, auto-scaling, rolling upgrades. Zero subscription cost vs Confluent. Kafka topics fed by IRIS Business Operations
Integration Platform	InterSystems IRIS Data Platform	ISG Research Top-Ranked - Data Platforms; Gartner MQ - Cloud DBMS	2-5-13-1c Integration Hub	Interoperability engine with built-in DTL (Data Transformation Language) for JSON/XML/CSV mapping. Native Kafka adapter, business routing rules, retry/error handling, webhook receive. Replaces generic integration hub with enterprise-grade ESB. Used in government systems worldwide (central banks, healthcare, customs)
Search / SIEM / Logs	Elastic Stack (ELK)	Forrester Leader - Security Analytics (2025); Gartner Visionary - SIEM	2-5-5-7c SIEM, 3-1-16	SOC mandates Elasticsearch (3-1-16) and SIEM ELK/Splunk (2-5-5-7c). Handles SIEM correlation, immutable audit logs, full-text search
Object Storage	MinIO	-	2-5-3-4 Document upload	S3-compatible, on-prem, for document evidence, passport images, receipts

Infrastructure & Virtualization

Component	Technology	Analyst Recognition	SOC Alignment	Justification
HCI Platform	Sangfor HCI (aSV + aSAN)	Gartner MQ - Hybrid Mesh Firewall (Sangfor listed)	3-1-2 HCI Software	aSV hypervisor + aSAN storage + aSEC network security - maps to SOC HCI requirements. Cost-effective, CNCERT-certified, strong APAC support
Server Hardware	HPE ProLiant DL380 Gen11	Gartner Leader - Infrastructure Platform (HPE, highest Execution + Vision)	1-2 HCI Server	World's #1 rack server. iLO5 remote management, 2×32-core Intel Xeon, 385GB+ RAM, 25GbE OCP3.0. Node 4 equipped with NVIDIA L4 24GB GPU for AI inference
GPU Accelerator	NVIDIA L4 24GB (Tensor Core)	Forrester Leader - AI Infrastructure (NVIDIA)	2-5-12-10, 2-7-9	Ada Lovelace architecture, 24GB GDDR6, 72W TDP (single-slot). Powers DeepStream (multi-camera CCTV) + Triton (face recognition inference). Meets <300ms AI latency & 11fps@2m requirements
Container Orchestration	SUSE Rancher + RKE2	CNCF-Certified · DISA STIG · FIPS 140-2 · CIS Benchmark	3-1-11 Kubernetes	Open-source, security-hardened Kubernetes. U.S. DoD proven. Self-healing, autoscaling, Blue-Green/Canary. No subscription fee.
NVR / CCTV	Dahua WizMind Series	Gartner Peer Insights Customers' Choice - Video Surveillance	2-7-9 CCTV	WizMind AI cameras with built-in edge analytics. ONVIF-compliant NVR with 15TB storage per site. Feeds DeepStream via RTSP for centralized AI inference on L4 GPU. Deployed at Bukit Chagar and Woodlands checkpoints
Service Mesh	Istio (Open-Source)	CNCF Graduated Project - Industry Standard	2-5-13-4b mTLS	mTLS between services, traffic management, observability - runs natively on any Kubernetes including RKE2
Secret Management	HashiCorp Vault CE (Community Edition)	Gartner MQ - PAM (HashiCorp recognized)	B-5-4 Secret Mgmt	Explicitly named in Lampiran B-5-4. Community Edition - free, self-hosted (BSL 1.1 license). Full secret management, KMS rotation, dynamic secrets, biometric vault encryption. No subscription required.
OS	Red Hat Enterprise Linux 9	Gartner Leader - Cloud-Native App Platforms (Red Hat)	3-1-3a RedHat	SOC mandates RHEL, 3-year support. Foundation OS for all server nodes and Kubernetes workers
DR / Replication	Sangfor CDP + HCI DR	-	3-1-2e DR/Replication	Built-in Continuous Data Protection, HCI-native DR replication - near-zero RPO, automated failover

Network & Security

Component	Technology	Analyst Recognition	SOC Alignment	Justification
NGFW / WAF / IPS / LB	FortiGate (e.g. 3000F series)	Gartner Leader - Hybrid Mesh Firewall (Fortinet, highest Execution)	SOC 4 Section 2.1	160Gbps FW throughput, 55Gbps IPSec, built-in WAF+IPS+LB, HA Active-Active, virtual domains
Network Fabric	H3C Spine-Leaf (25GbE)	HPE Ecosystem (HPE owns 49% of New H3C)	SOC 4 switches	H3C S9850-4C (spine), S6860-54HF (25GbE fiber leaf), S6860-54HT (copper leaf), S6850-56HF (border leaf), S5560X (mgmt). Comware OS, VXLAN/BGP-EVPN, M-LAG, HWTACACS native. HPE-affiliated vendor synergy with ProLiant servers.
SSL Certificate	EV SSL	-	3-1-1a	Extended Validation SSL as specified
APM / Observability	Elastic Stack 8.x (Unified)	Forrester Leader - Security Analytics; Elastic Observability for APM/Infra/Logs	3-1-3 IT Monitoring	Single platform for APM, SIEM, logs, infrastructure monitoring, and security analytics. Elastic APM provides distributed tracing, code-level visibility, anomaly detection. Eliminates dual-platform complexity. Self-hosted on HCI, no per-host subscription. Saves ~$50-80K/yr vs Dynatrace

Stack Philosophy: Every major technology choice is validated by Gartner Magic Quadrant or Forrester Wave recognition, giving the evaluation committee confidence in vendor maturity and long-term viability. Core platform vendors - Apache APISIX (Apache Software Foundation, cloud-native API gateway, zero subscription cost), Fortinet (Hybrid Mesh Firewall Leader), GitLab (DevOps Platforms Leader, 3 years - unified CI/CD, SAST, DAST, SCA, container registry), SUSE Rancher/RKE2 (CNCF-Certified, DISA STIG, FIPS 140-2 - U.S. DoD proven Kubernetes), Elastic Stack 8.x (Forrester Leader Security Analytics - unified APM, SIEM, logs, infrastructure monitoring, distributed tracing in single self-hosted platform, ~$50-80K/yr saved vs dual-platform), HPE (Infrastructure Leader), and Microsoft SQL Server - are all current Gartner/Forrester Leaders or industry-certified platforms. InterSystems IRIS serves as the integration backbone with built-in interoperability engine, DTL transformation, and native Kafka connectivity (Strimzi) - replacing generic middleware with an enterprise-grade platform used in central banks and government systems worldwide. The Sangfor HCI + HPE ProLiant combination delivers enterprise reliability at an optimised cost point. Elastic Stack 8.x serves as the single observability and security platform - APM, SIEM, logs, infrastructure monitoring, and distributed tracing unified in one self-hosted deployment. Eliminates dual-vendor complexity and saves ~$50-80K/yr in Dynatrace subscription. The NVIDIA L4 GPU on HPE Node 4 provides dedicated AI acceleration for DeepStream CCTV analytics and Triton inference serving, meeting SOC performance requirements (<300ms AI latency, 11fps face recognition).

Module Architecture Breakdown

Each module is a self-contained microservice communicating via API Gateway (APISIX) + InterSystems IRIS + Strimzi Kafka events

Laman Utama (Homepage)

Contextual personalization based on travel history, risk profile. Real-time sync with backend. Failover mode for static content. QR Code identity & verification layer with SHA-256 hash.

Bilingual · Mobile Responsive

Registration & E-KYC

Passport + country-of-origin unique ID. OTP verification. Face matching ≥95% accuracy. Liveness detection (active/passive). OCR for MyKad/Passport/Visa. Spoofing detection (photo/video/3D mask).

AES-256 biometric storage · KMS rotation

Access Control (RBAC)

Role hierarchy with maker-checker. API role enforcement per endpoint. Integration with government SSO + OpenID Connect. Federation login + mobile JWT device binding.

CGSO + ISO 27001 compliant

Declaration Module

Personal info, travel info, goods categories with duty calculator. QR code generation for officer scanning. Auto-save draft. Real-time status updates. Image upload for receipts/goods.

100,000 declarations/day capacity

Assessment & Classification

HS Code classification engine with AI-assisted suggestions. Rules engine processing 500-1,000 rule checks per declaration. Duty/tax calculation with BNM exchange rates. Exemption handling.

<1s classification · 100K calcs/day

Payment Module

FPX, e-Wallet, Credit/Debit Card. Auto receipt generation (PDF + QR verification). Receipt cancellation. EOD reconciliation with bank reports. Payment history & monitoring.

FPX callback ≤1 second

Compound Module

Compound notice generation. Amount calculation based on offence type. Payment tracking with installment support (if applicable). Appeal workflow. Officer approval chain.

Full audit trail · Digital signatures

Seizure Module

Seizure record management. Evidence chain tracking. Disposal workflow. Storage location management. Integration with compound for related cases.

Tamper-proof evidence logging

AI Module

User profiling & classification. Face recognition (CCTV integration). Fraud detection with anomaly analysis. Risk scoring engine. Country-risk & velocity checks. ML model auto-retraining.

≥10,000 inferences/hr · <300ms

Mobile App

Flutter-based (iOS + Android). Offline declaration filling with encrypted local storage. Biometric login (Face ID / Touch ID). Push notifications (Firebase / APNS). QR payment & declaration.

OWASP Mobile Top 10 · Root detect

Integration Module

API-first architecture. InterSystems IRIS as Integration Engine with DTL data mapping, business routing rules, and native Kafka adapter. RESTful + Webhooks + SFTP. IRIS Business Services receive external callbacks (FPX, E-KYC); IRIS Business Operations call external APIs (BNM, MyDigitalID, MyGDX, RMS, HS Explorer, Email). Kafka handles async event streaming.

≥5,000 API calls/min · 99.9% uptime

Data Analytics & ML

Planning & scope definition. Data collection & preprocessing. Exploratory data analysis & feature engineering. ML modeling. Dashboard implementation with visual analytics.

6 core functions: Profile, Classify, Face, Fraud, Risk, ML

Infrastructure Architecture

Data Center Layout

Location	Role	Hardware	Network
Pusat Data Putrajaya (Primary Production)	Production workloads, AI inference, primary database	4× HPE ProLiant DL380 Gen11 (2×32-core, 385GB RAM, 3×15.36TB SSD RAID6, 4×24TB HDD) running Sangfor HCI. Node 4 includes NVIDIA L4 24GB GPU for AI/ML inference (DeepStream + Triton)	Spine-Leaf 25GbE fabric, FortiGate NGFW HA pair (160Gbps)
DRC Kelana Jaya (Disaster Recovery)	DR replication, standby workloads, failover target	2× HPE ProLiant DL380 Gen11 (same specs) running Sangfor HCI	Spine-Leaf 25GbE fabric, FortiGate NGFW HA pair
Bukit Chagar (JB Operations)	Checkpoint operations, CCTV/NVR, kiosk hosting	NVR + CCTV cameras, network switches	Mini-core + management switches, connectivity to DC
Woodlands (Singapore Operations)	Checkpoint operations, CCTV/NVR, cross-border link	NVR + CCTV cameras, network switches	Mini-core + management switches, cross-border WAN

HCI Cluster Design (Sangfor HCI on HPE ProLiant)

Putrajaya (4-node cluster): Sangfor aSAN distributed storage across 4× HPE ProLiant DL380 Gen11 nodes provides built-in redundancy (can tolerate 1 node failure). ~184TB raw HDD + ~184TB raw SSD. After aSAN overhead, expect ~120TB usable hybrid storage. Each HPE node contributes 64 cores = 256 total cores for VM allocation. Node 4 is designated as the AI/GPU node, equipped with an NVIDIA L4 24GB Tensor Core GPU for DeepStream video analytics and Triton model inference. Sangfor aSV hypervisor hosts the production K8s cluster and SQL Server VMs, with GPU passthrough configured on Node 4 for direct GPU access from AI containers. Sangfor HCI Manager provides unified console for compute, storage, and network management.

Kelana Jaya (2-node cluster): Sangfor HCI 2-node with witness appliance. Sangfor CDP (Continuous Data Protection) replication from Putrajaya with near-zero RPO. Hosts standby VMs that activate during DR failover. Annual DR simulation test as required by SOC 1-20-23.

Why Sangfor + HPE:
• Cost advantage - Sangfor HCI licensing is significantly more affordable than VMware post-Broadcom acquisition, reducing CAPEX without sacrificing enterprise features
• HPE reliability - ProLiant DL380 Gen11 is the world's #1 rack server with industry-best uptime, iLO5 for remote management, and global warranty support including Malaysia
• Built-in DR - Sangfor's native CDP eliminates the need for separate SRM licensing; replication and failover orchestration are included in the HCI platform
• Security-native - Sangfor aSEC provides microsegmentation at the hypervisor level, mapping directly to SOC 3-1-2d (Network Security Virtualization)
• Local support - Sangfor has a strong presence in Malaysia with local TAC and professional services, critical for a government project with SLA requirements

4-Environment Strategy

Environment	Location	Purpose	Notes
Development	Petender premises	Active development, unit testing	Petender's own infra (SOC 2-5-b mandate)
Testing / UAT	Petender premises → DC	Integration testing, UAT, PAT	Mirrored config, initially at petender
Staging	Putrajaya DC	Pre-production validation, load testing	Identical to production config
Production	Putrajaya DC + DRC	Live operations	Full HA, DR replication active

Network Topology (Spine-Leaf)

Design rationale: The SOC specifies a full spine-leaf fabric with 25GbE fiber leaf switches, spine switches, copper leaf switches, border/service leaf switches, a mini-core switch, and management switches. This maps to a standard VXLAN/BGP-EVPN data center fabric:

• Spine switches (2×) - H3C S9850-4C - 32×100GE + 4×400GE, L3 backbone, ECMP load balancing
• 25GbE Fiber Leaf (2×) - H3C S6860-54HF - 48×25GE SFP28 + 6×100GE QSFP28, server connectivity for HCI nodes
• Copper Leaf (2×) - H3C S6860-54HT - 48×10GBase-T + 6×100GE, management network, IPMI/iLO, monitoring
• Border/Service Leaf (2×) - H3C S6850-56HF - 48×10G SFP+ + 6×100GE, firewall connectivity, WAN uplinks
• Mini-Core (1×) - H3C S6850-56HF - Bukit Chagar / Woodlands site aggregation
• Management Switch (1×) - H3C S5560X - OOB management network

Why H3C: HPE owns 49% of New H3C Group, creating a unified HPE + H3C vendor ecosystem with ProLiant servers. Comware OS natively supports HWTACACS, M-LAG, VXLAN/BGP-EVPN, MACsec, and RoCE v1/v2 - meeting all SOC 4 requirements. H3C OAP (Open Application Platform) provides equivalent functionality to OPS Programming, and INT (In-band Network Telemetry) covers iFIT requirements.

Security Architecture (Defence-in-Depth)

Security Layers

Layer	Controls	SOC Reference
Perimeter	FortiGate NGFW (WAF + IPS + LB), DDoS protection, IP whitelisting, geo-blocking	SOC 4 Section 2.1
Network	Sangfor aSEC microsegmentation, VXLAN isolation, mTLS (Istio service mesh)	3-1-2d Network Security Virt, 2-5-13-4b mTLS
Application	OWASP Top 10 + Mobile Top 10, CSRF, RBAC middleware, API role enforcement, input validation	2-5-5-6, 2-6-19 OWASP
Authentication	JWT (short expiry) + Refresh Token rotation + Device Binding, OAuth2/OpenID Connect, Government SSO, Biometric (Face ID/Touch ID)	2-5-13-4a, 2-6-12
Encryption	TLS 1.3 (transit), AES-256 (at rest), HMAC-SHA256/SHA512 (request signing), KMS key rotation	2-5-13-4c, 2-6-12d
Data	Biometric segmented secure vault, hash-chain audit logs (tamper-proof), PII tokenization	2-5-3-3d, 2-5-5-7
Anti-Fraud	Replay attack prevention (nonce + timestamp + signature expiry), request tampering detection (checksum), root/jailbreak detection, anti-automation/bot protection	2-5-13-4d/e, 2-6-12c
Audit	Immutable storage, hash chaining, Elastic Security SIEM integration, NTP-synced timestamps, before/after change logging	2-5-5-7

Security Posture Assessment (SPA) - 4 Cycles

IPT + EPT

Internal & External Penetration Testing - network-level vulnerability discovery from both inside and outside the perimeter

SAST + DAST

Static & Dynamic Application Security Testing - code-level and runtime vulnerability scanning integrated into CI/CD pipeline

SBA + WASA

Security Baseline Assessment + Web Application Security Assessment - configuration hardening and web-specific attack surface analysis

HVA + DSA + PDA

Host Vulnerability, Database Security, and Perimeter Device Configuration & Vulnerability Assessments

SPA Strategy: Engage a qualified third-party security consultancy (SOC 5-2-1 mandates professional certified ICT security consultant). Schedule SPAs at: (1) Post-development pre-UAT, (2) Pre-Go-Live, (3) Year 2 mid-warranty, (4) Year 3 end-warranty. Each cycle covers all 9 assessment types. Findings feed back into the DevSecOps pipeline for immediate remediation.

Compliance Framework

Standard	Scope
CGSO (Government Security)	Mandatory for all government ICT systems
ISO 27001	Information security management system
OWASP Top 10 + Mobile Top 10	Web and mobile application security
PDPA (Personal Data Protection)	Malaysian data protection compliance
PCI-DSS (where applicable)	Payment card processing standards
KRISA	Public sector application engineering guidelines

Integration Architecture

External System Integration Map

System	Protocol	Direction	Purpose	Criticality
Bank Negara Malaysia (BNM)	RESTful API / SFTP	Inbound	Exchange rates, monetary policy compliance	High
Payment Gateway (FPX)	REST + Webhooks	Bidirectional	Payment processing, callback notifications	Critical
HS Explorer (HS Code)	RESTful API	Outbound	Harmonized System code lookup & classification	Critical
Revenue Management System (RMS)	RESTful API	Bidirectional	Revenue reconciliation, reporting	High
CCTV System (Dahua WizMind)	RTSP + SDK	Inbound	Video feed for AI face recognition & analytics. Dahua WizMind cameras with built-in edge AI, ONVIF-compliant	Critical
Email Service	SMTP / API	Outbound	Notifications, OTP, receipts	Medium
MyDigital ID	OpenID Connect	Bidirectional	National digital identity verification	High
MyGDX (JDN)	RESTful API	Bidirectional	Government data exchange platform	High

Integration Architecture Pattern

API Gateway → InterSystems IRIS → Kafka → External Systems

All external calls route through the Apache APISIX (rate limiting, JWT signing, request transformation) → InterSystems IRIS Integration Engine (DTL data transformation JSON/XML/CSV, business routing rules, retry logic, fallback handling) → External API endpoints.

Integration pattern: IRIS Business Services receive inbound webhooks (FPX payment callbacks, E-KYC events) and validate them (HMAC signature). IRIS Business Operations call outbound APIs (BNM, MyDigitalID, MyGDX, RMS, HS Explorer). All events published to Kafka for async downstream processing.

Event-driven flow: Kafka topics handle asynchronous events (e.g., "Declaration Submitted" triggers Assessment Service + Notification Service simultaneously). IRIS native Kafka adapter bridges synchronous API calls with async event streaming.

Resilience patterns:
• Circuit Breaker - if external API fails 3× consecutive, circuit opens, requests go to fallback mode (data stored temporarily, resent when system recovers per SOC 2-5-13-5)
• Dead Letter Queue - unprocessable payloads stored in Kafka DLQ + IRIS error queue for officer review, replay, and manual correction (SOC 2-5-13-6)
• Retry with Exponential Backoff - automatic retry for transient failures
• Two-Way Sync with Eventual Consistency - deduplication, conflict resolution with defined Source of Truth (SOC 2-5-13-8)
• Checksum Comparison - payload integrity verification to prevent tampering and data corruption

Performance Requirements

≥5,000

API calls / minute

≤1s

FPX callback processing

99.9%

Integration uptime

Data loss tolerance

DevSecOps & Deployment Strategy

CI/CD Pipeline

Stage	Tool	Analyst Recognition	Action
Source Control	GitLab (Self-Hosted)	Gartner Leader - DevOps Platforms (3rd year) + AI Code Assistants (2nd year); Forrester Leader - DevOps	GitFlow branching, merge request approvals
Build	GitLab CI/CD	(Included in GitLab - Gartner Leader)	Maven/Gradle build, Docker image creation, integrated pipeline
SAST + SCA	GitLab SAST + Dependency Scanning	(Included in GitLab - Gartner Leader DevOps Platforms)	Static code analysis, dependency scanning, secret detection - built into CI/CD pipeline
Unit Test	JUnit + Mockito	-	Minimum 80% code coverage gate
Container Scan + Registry	GitLab Container Registry + Scanning	(Included in GitLab - Gartner Leader DevOps Platforms)	Container image vulnerability scanning + private registry - single platform
Deploy (Dev/Test)	GitLab CI/CD → RKE2	(Included in GitLab - Gartner Leader DevOps Platforms)	Direct deployment to Kubernetes via GitLab pipeline
DAST	GitLab DAST	(Included in GitLab - Gartner Leader DevOps Platforms)	Dynamic testing against staging environment
Performance Test	Apache JMeter / Gatling	-	Load testing: 10K passengers/hr simulation
Deploy (Staging)	GitLab CI/CD + Manual Gate	-	JKDM approval required before production
Deploy (Production)	Blue-Green / Canary (RKE2)	-	Zero-downtime deployment with instant rollback

Deployment Strategy

Blue-Green Deployment (Primary): Two identical production environments. New release deploys to "green" while "blue" serves traffic. After validation, traffic switches instantly. If issues arise, switch back to "blue" in seconds. This is explicitly referenced in Lampiran B-5-4.

Canary Deployment (For high-risk changes): Route 5% of traffic to new version, monitor error rates and latency, gradually increase to 100% over 2-4 hours. Automatic rollback if error rate exceeds threshold.

Monitoring & Observability

Layer	Tool	Analyst Recognition	Metrics
Infrastructure	Elastic Infrastructure Monitoring (Metricbeat)	Forrester Leader - Security Analytics (Elastic)	CPU, RAM, disk, network, VM health via Metricbeat agents (SOC 1-20-21)
Application (APM)	Elastic APM	(Included in Elastic Stack - Forrester Leader)	Request latency, error rate, throughput per service, distributed tracing, anomaly detection
API Monitoring	Elastic APM + SIEM (APISIX logs via native Kafka plugin)	Forrester Leader - Security Analytics (Elastic); Elastic APM for observability	Latency, success/failure rate, traffic volume, API status (SOC 2-5-13-9a)
Log Aggregation / SIEM	Elastic Security (SIEM)	Forrester Leader - Security Analytics (Elastic, 2025); Gartner Visionary - SIEM	Centralized logging, immutable audit trail, SIEM correlation, hash-chain integrity
Alerting	Elastic Alerting + Watcher	(Included in Elastic Stack - Forrester Leader)	Rule-based + ML anomaly detection, real-time alerts, PagerDuty/Slack integration (SOC 2-5-13-9c)
Tracing	Elastic APM (OpenTelemetry)	(Included in Elastic Stack - Forrester Leader)	Distributed tracing across microservices, service maps, OpenTelemetry native

Disaster Recovery

RPO: Near-zero (Sangfor CDP continuous data protection)
RTO: <4 hours (Sangfor HCI automated failover orchestration)
Annual DR Test: 1× per year as mandated by SOC 1-20-23
DR Documentation: DRTP and DRMP maintained and updated (SOC 1-20-25)
Replication: Continuous async replication Putrajaya → Kelana Jaya via Sangfor HCI native DR