Documentos de Académico
Documentos de Profesional
Documentos de Cultura
GTS DTIS
March, 2017
Version 1.2
CONFIDENTIAL
© Total System Services, Inc. All rights reserved worldwide.
Document History
CONFIDENTIAL
© Total System Services, Inc. All rights reserved worldwide.
Table of Contents
1.0 Overview............................................................................................................................................................. 4
2.0 Architecture Overview........................................................................................................................................ 4
2.1 Architecture Diagram...................................................................................................................................... 5
3.0 Connection and Security Access Requirements................................................................................................. 6
3.1 Customer Line Connection (Dedicated/Private Circuit)...................................................................................6
3.2 Internet Connection......................................................................................................................................... 6
3.3 Internet VPN Connection................................................................................................................................ 6
4.0 Access Control................................................................................................................................................... 6
4.0 TSYS Incoming Messaging DNS Resolution...................................................................................................... 7
4.1 Customer/Private & Internet VPN DNS Hosting.............................................................................................. 7
4.2 Internet DNS Hosting...................................................................................................................................... 7
5.0 TSYS Outgoing Messaging................................................................................................................................ 7
6.0 TSYS Internal Application Failover..................................................................................................................... 7
6.1 Application Tier Active/Active configuration.................................................................................................... 7
6.2 Application Tier Active/Passive configuration.................................................................................................. 7
6.3 Application Tier Active/DR configuration......................................................................................................... 8
7.0 TSYS Certificates............................................................................................................................................... 8
7.1 SSL Cypher and.............................................................................................................................................. 8
7.2 TSYS SSL Certificates.................................................................................................................................... 8
7.3 Mutual Auth Certificate.................................................................................................................................... 8
7.4 Signing Certificate........................................................................................................................................... 9
CONFIDENTIAL
© Total System Services, Inc. All rights reserved worldwide.
1.0 Overview
TSYS has deployed an industry proven API Gateway Appliance technology to quickly expose our Web Services
for consumption by our Customers. Through the use of a scaled hardware solution TSYS is able to offer its Web
Services across a common connection point, allowing cross system access through a single dedicated Customer
connection. Additionally it allows us to implement and update the highest security standards through repeatable
processes, allowing faster deployments while still securing our most critical data.
The high level data flow is listed below, with an accompanying diagram to follow.
Data Flow
Customer will resolve a URL used to route to the TSYS hosted Web Service endpoint. The
DNS will either be hosted on the TSYS DNS Servers or hosted internally at the Customers
site.
The Web request will route to the TSYS Client Facing firewalls.
The TSYS Firewalls will translate the request to a dedicated F5 Load Balancer connection
point for that Customer.
The F5 Load Balancer will balance traffic to a cluster of API Gateway Appliances.
Based on Context Path, or WSDL Schema Mapping, the API Gateway will route to the TSYS
back-end application for fulfillment.
The Request will be fulfilled, and a Response sent back to the Customer as a synchronous
transaction.
CONFIDENTIAL
© Total System Services, Inc. All rights reserved worldwide.
2.1 Architecture Diagram
3.0 Connection and Security Access Requirements
There are three primary connection methods into TSYS for Web Services.
1. Client Line
2. Internet
3. Internet VPN
Each connection method has different security requirements. Essentially the less secure the connection method
the more security required at the setup and/or message layer. Additional security measures are supported in lieu
of the standard protocols below and can be implemented at the Customers request.
CONFIDENTIAL
©2021 Total System Services, Inc. All rights reserved worldwide.
access is only allowed outbound from TSYS to pre-identified Customer systems. In order to establish access
between the TSYS and Customer API’s a ‘Network Services Access Questionnaire’ should be filled out and
returned to TSYS. Please include all Secondary/DR/Failover IP Addresses for the Production service, and also
any additional testing IP Addresses for the UAT services. The Project Manager and/or Customer Service
Representative can provide the Access Questionnaire on request.
CONFIDENTIAL
© Total System Services, Inc. All rights reserved worldwide.
6.2 Application Tier Active/Passive configuration
If the Application Tier is setup in an Active/Passive configuration the API Gateway interfaces will
be Active in both Data Centers, and route internally to the primary DataCenter location for the
Application. From a Customer Perspective both the TSYS Data Center locations will be available
for real time traffic during operational hours.
CONFIDENTIAL
© Total System Services, Inc. All rights reserved worldwide.
7.3 Signing Certificate
TSYS uses a Third Party issued named Signing Certificate for all Request and Responses that
have a signing requirement, you can download the TSYS issued signing certificate from the public
link below. TSYS can support a Customer issued internal or Third Party signing certificate, both
the Request and Response must be signed. TSYS cannot support signing certificates issued
longer than 2 years.
Please note that an error at the backend Application layer of the service will have unique error codes, for more
information please reach out to your Customer Service representative at TSYS or the Application Production
contact.
CONFIDENTIAL
© Total System Services, Inc. All rights reserved worldwide.
8.2 Soap 1.2 Fault Template
CONFIDENTIAL
© Total System Services, Inc. All rights reserved worldwide.