Tokopedia (www.tokopedia.com) is an Indonesian technology company with a mission to democratize commerce through technology. It is the leading marketplace platform in Indonesia, and has pioneered digital transformation in the country by empowering millions of merchants and consumers by building a Super Ecosystem where everyone can start and discover anything.02
Tokopedia currently runs its applications based on a micro services oriented architecture. Each application provides a set of well-defined APIs that can communicate with other applications. The service registration and discovery is currently handled by Consul.
Tokopedia’s major architecture is already cloud-native; however, due to the lack of a major public cloud provider in Jakarta, Tokopedia currently operates its IT infrastructure in three locations: BizNet Jakarta, Alibaba Cloud Singapore and AWS Singapore. The three environments are connected either via international private leased line or IPsec VPN. The current architecture has brought much higher complexity in terms of overall operations and is the result of a trade-off between the benefits of a major public cloud can bring and the network latency, regulation and compliance needs.
Also, with the increasing focus on security, Tokopedia was looking to enhance the protection of our web applications in the most effective and manageable way. With a multi-cloud strategy in place, having one unified portal for all security solutions became a natural need. Tokopedia was aiming for a centralized web application protection solution that not only provides world class security, but can also protect applications deployed across various cloud or on-prem platforms. This would enable our security team to easily manage our web apps from a centralized portal and deploy changes in security rules across platforms in one go.03
Why Alibaba Cloud
Started from a monolithic architecture, Tokopedia has gradually moved into a micro-services oriented architecture with its IT infrastructure running on two public cloud providers in Singapore and one co-location vendor in Jakarta. Since Tokopedia only operates its business in Indonesia, the plan is to consolidate its IT infrastructure into one leading public cloud provider that has a local presence to support its long-term growth in Indonesia. Since Alibaba Cloud has decided to open a region in Jakarta in early 2018, Tokopedia and Alibaba Cloud has aligned the strategic direction to leverage Alibaba Cloud’s IaaS, Big Data, and AI capabilities to support all Tokopedia services going forward.
With strong presence in Indonesia backed by two local data centers, and a gamut of services offered including compute, database, security, media, big data etc, Alibaba Cloud is considered as a leader in public cloud services in the country. Tokopedia had already deployed Alibaba Cloud WAF for applications deployed in Alibaba Cloud and experienced the efficacy of the solution. Now, they are looking at similar protection to be made available for our workloads deployed on other cloud platforms. Alibaba Cloud Hybrid WAF solution became a great fit for this requirement. With its ability to be deployed on other cloud platforms, HWAF synchronizes with Alibaba Cloud WAF for security rules and gives Tokopedia a centralized portal to manage their application security across various platforms. Through this, HWAF provides the same level of strong security to web applications as the Alibaba Cloud WAF.04
Alibaba Cloud provides a comprehensive set of product portfolios ranging from IaaS, Big Data, AI, and Security to meet various use cases and needs from Tokopedia.
From the networking perspective, Alibaba Cloud helped Tokopedia setup an international private leased line between Alibaba Cloud Singapore and Biznet Jakarta as well as an IPsec VPN between Alibaba Cloud Singapore and AWS Singapore to provide a secure networking environment to facilitate the full-site migration.
Each Tokopedia application follows a cloud-native architecture with well-defined web, application, caching, and database tiers with certain applications leveraging NoSQL database as well.
Each application typically has its own web tier, application tier, and using Redis to service as the caching layer to offload the database traffic; Tokopedia mainly relies on PostgreSQL as the major relational database with a typical setup consisting of a major node, a slave node, and a couple of read replicas depending on the load of the application; Depending on the nature of the application, Cassandra is sometimes used to service the NoSQL needs.
To support the full-stack migration, Alibaba Cloud has planned the migration journey together with Tokopedia following the migration best practices with the support of a set of robust migration tools at different layers such as Database Transmission Service (DTS), P2V/ V2V, OSS Import to support various kinds of scenarios such as migration of relational & NoSQL database, caching, VM, and object storage.
While for the hybrid WAF, the setup is deployed in local/other cloud platforms and consistently synchronized with the Alibaba Cloud WAF console from where they can control all of their WAF deployment across different platforms.
Through this setup, Tokopedia deployed Alibaba Cloud Hybrid WAF in our cloud platform (not Alibaba Cloud). The HWAF consists of defense nodes which have HWAF agent deployed in them, and management nodes which manage the scheduling and coordination of defense nodes. These different nodes are load balanced through respective Defense and Management load balancers. The HWAF structure automatically syncs with Alibaba Cloud WAF console and implement the same set of rules and other security configuration on the HWAF. The logs for HWAF are also promptly saved in Log Service in Alibaba Cloud.05
Tokopedia currently runs 20+ full-stack core applications with close to 1000 VMs and various kinds of managed services in a reliable, scalable, and cost-effective IT infrastructure on Alibaba Cloud. Besides that, Tokopedia is also leveraging the end-to-end big data solutions starting from data ingestion, data storage, data processing, data analysis, and data visualization from Alibaba Cloud to get quick insights from its huge offline and incremental data sets. Alibaba Cloud is also bringing the AI capabilities such as image search to provide more intelligence and better user experience to Tokopedia’s customers.06
Having one central console for managing all security needs helps Tokopedia to provide increased coordination and flexibility to continue using different platforms for hosting their applications while exercising the selection to receive optimum security coverage through Alibaba Cloud WAF solutions. With their positive experience using Alibaba Cloud security services, they look forward to collaborating further with Alibaba Cloud to help them achieve their mission of democratizing commerce through technology in Indonesia.