Rashmi Haluwana | Associate Systems Support Engineer

Projects

Click on project cards to view detailed architecture diagrams and documentation

Internet Payment Gateway Systems (IPG)

AWS Cloud - High Available

Designed and deployed AWS infrastructure with VPC, EC2, RDS, S3, etc.. Established Site-to-Site VPN connections with multiple banks. Click to view all IPG projects.

VPC EC2 VPN RDS EKS S3 Cloudfront Route53 API Gateway WAF ACM ECR Code Pipeline Code Deploy Code Build SFS Lambda IAM Cost Explorer ALB/NLB Cloudwatch Cloudtrail Guard Duty Secrets Manager Parameter Store KMS

Click to expand all IPG projects

PAYPLUS IPG/POS ARCHITECTURE (AWS)

Project Type: Internet Payment Gateway (IPG) & POS Core Switching

Environment: AWS Cloud | Multi-AZ Deployment | PCI DSS

Objective: Designed and deployed a highly available, PCI DSS compliant Internet Payment Gateway and POS switching infrastructure to process secure financial transactions across multiple acquiring banks.

Architecture: Multi-tier VPC architecture spanning three Availability Zones with public, private, and database subnets. Implemented IPG Core, POS Core/Switch, E-Commerce, Merchant Portal, and Admin Portal applications on EC2 instances behind internal and external Application Load Balancers.

Integrations: Secure VPN connectivity with Banking Partners

Key AWS Resources used:

Compute: EC2 instances for IPG Core, POS Core, E-Commerce, Merchant Portal, Admin Portal

Networking: VPC, Public/Private Subnets, NAT Gateways, Route 53, ALB, VPN IPSec tunnels

Database: Amazon Aurora (Writer/Reader) in private DB subnets

Storage: S3 with CloudFront for static content delivery

Security: WAF, IAM, GuardDuty, Systems Manager, VPN IPSec with multiple banks (CBC, Peoples Bank, Mobitel)

DevOps: CodePipeline, GitHub integration

Monitoring: CloudWatch, CloudTrail

High Avalability and Scalability:

Multi-AZ deployment eliminating single points of failure

Aurora database with reader/writer separation

Load balanced application tiers

Auto-recovery capabilities

Security & Compliance:

PCI DSS compliant architecture

End-to-end encryption

IPSec VPN tunnels for bank integrations

WAF protection against web exploits

IAM least privilege access

PIXELPAY IPG PRODUCTION ARCHITECTURE (AWS)

Project Type: Internet Payment Gateway (IPG) - Production Environment

Environment:Multi-AZ | EKS-Based

Objective: Architected and deployed a cloud-native, containerized Internet Payment Gateway using Kubernetes on AWS EKS, enabling microservices-based payment processing with high scalability and resilience.

Architecture: Modern cloud-native architecture leveraging Amazon EKS for container orchestration, running microservices across multiple Availability Zones. Microservices include IPG Core, Settlement, Merchant Portal (Live/Sandbox), Admin Portal, Auth, Tokenization, Notification, Email, Backend/Frontend services.

DevOps: Full CI/CD pipeline from GitHub/CodeCommit to EKS deployment with CodePipeline, CodeBuild, CodeDeploy.

Key AWS Resources Used:

Container Orchestration: Amazon EKS clusters with worker nodes across 3 AZs

Microservices: IPG Core, Settlement, Merchant Portal (Live/Sandbox), Admin Portal, Auth, Tokenization, Notification, Email, Backend/Frontend services

Compute: EC2 worker nodes, Bastion Host, Admin Portal EC2

Networking: VPC, Public/Private Subnets, NAT Gateways, IGW, Route 53, NLB, ALB, API Gateway

Database: Amazon Aurora Cluster

Storage: S3, ECR for container images

Security: WAF, ACM, Secrets Manager, Parameter Store, IAM, Systems Manager

DevOps: CodePipeline, CodeBuild, CodeDeploy, GitHub, CodeCommit

Monitoring: CloudWatch, CloudTrail, GuardDuty

High Availability & Scalability:

EKS-managed container orchestration with auto-scaling

Microservices deployed across multiple AZs

Auto Scaling groups for worker nodes

Aurora database cluster with high availability

Horizontal pod autoscaling

Security & Compliance:

PCI DSS compliant container security

Secrets management via AWS Secrets Manager

WAF integrated with API Gateway and ALB

Bastion host for secure administration

Encrypted container images in ECR

Parameter Store for configuration management

DHIRAAGUPAY ARCHITECTURE (AWS)

Project Type: Internet Payment Gateway (IPG)

Environment: AWS Cloud | Maldives

Objective: Designed and implemented a secure, scalable Internet Payment Gateway solution for Dhiraagu, enabling digital payment processing in the Maldives region.

Architecture: Multi-AZ VPC deployment with Application Load Balancers, EC2 instances for application tiers, RDS/Aurora for database layer, and VPN connectivity for bank integrations.

Security: PCI DSS aligned security controls, encrypted communications, and secure bank integrations.

Key AWS Resources Used:

VPC with multi-AZ deployment

Application Load Balancers for traffic distribution

EC2 instances for application tiers

RDS/Aurora for database layer

VPN connectivity for bank integrations

WAF, IAM, CloudWatch

High Availability:

Multi-AZ architecture ensuring business continuity and fault tolerance.

DIGICEYLON PROJECT (AWS)

Project Type: Biller Aggregation Platform & Internet Payment Gateway

Environment: AWS Cloud

Objective: Developed and deployed a comprehensive biller aggregation and payment processing platform enabling users to pay multiple bills through a single unified interface.

Architecture: Serverless-edge hybrid architecture leveraging CloudFront and API Gateway at the edge, with backend services deployed in private subnets for enhanced security.

Key AWS Resources Used:

Edge Services: Route 53, CloudFront, WAF, API Gateway

Networking: VPC, Public/Private Subnets, NAT Gateway, Network Load Balancer, Application Load Balancer, Bastion Host

Compute: EC2 instances for DigiCeylon Server, Backend APIs

Database: RDS in private DB subnets

Storage: S3 Bucket

Security: WAF integrated at edge and application layers

High Availability & Scalability:

CloudFront edge caching for improved performance

NLB + ALB combination for efficient traffic distribution

NAT Gateway for outbound connectivity from private instances

Bastion host for secure administrative access

Security:

WAF protection at CloudFront and API Gateway levels

Private subnet isolation for database and application servers

Bastion host jumphox pattern for production access

Architecture Diagram

Mobile Banking(APP) | Web Portals(Admin) | Internet Banking

AWS, Huawei Cloud and Orel Cloud

Built high-availability mobile banking and internet banking solutions across multiple cloud platforms. Click to expand all Mobile Banking projects.

Huawei ECS Huawei WAF Huawei VPN-Classic Cloud Eye Orel ECS Orel ELB Orel VPN IAM

Click to expand all Mobile Banking projects

AMANA BANK REMITTANCE APPLICATION (AWS)

Project Type: Remittance Application

Environment: AWS Cloud | Multi-AZ

Objective: Engineered a secure, high-performance remittance application enabling cross-border fund transfers with real-time processing capabilities.

Architecture: Two-AZ deployment with public-facing reverse proxy layer and private application/database tiers. Designed to handle high-volume remittance transactions with low latency.

Key AWS Resources Used:

Networking: Production VPC, Internet Gateway, Public/Private Subnets, NAT Gateway, Security Groups

Application Layer: Reverse Proxy, Web Portal, Mobile App Backend, Notifications Service

Database: RDS with Storage Auto Scaling (port 3306)

Storage: S3 Bucket for static assets and file storage

API: API Gateway for mobile backend exposure

Monitoring: CloudWatch

High Availability & Scalability:

Multi-AZ deployment

RDS with Storage Auto Scaling

Stateless application tier enabling horizontal scaling

Security:

Security Groups implementing strict port-level access control

Reverse proxy pattern for application protection

Private subnet isolation for database tier

API Gateway with throttling and authentication

Architecture Diagram

RDB BANK PRODUCTION HIGH AVAILABILITY ARCHITECTURE (OREL Cloud)

Project Type: Internet Banking & Mobile Application, PlatformPortal Services

Environment: OREL Cloud

Objective: Architected and deployed a highly available Internet Banking and Mobile Application infrastructure for RDB Bank, ensuring 99.9% uptime for critical banking services serving thousands of customers.

Architecture: Enterprise-grade high availability architecture spanning public, private, and database subnets with active-standby failover mechanism. The design ensures business continuity during component failures.

Key Resources Used:

Networking: VPC, Public/Private/DB Subnets, Application Load Balancer

Compute: IB Frontend Server, Portal Service, Application Backend Servers (Primary/Standby)

Storage: File Share Disk for Logs and Uploads

Database: Primary DB on Instance, Standby DB on Instance with Manual Fail-over

Security: WAF Integration, VPN Gateway

High Availability Features:

Redundant application servers across public and private subnets

Active-Passive database configuration with manual fail-over capability

Load balancer distributing traffic across healthy backend instances

Shared file storage accessible across all application servers

Security Implementations:

WAF protection at perimeter

VPN Gateway for encrypted connectivity with RDB Bank middleware

Private subnet isolation for database tier

End-to-end encryption for data in transit

Architecture Diagram

SEYLAN BANK HIGH LEVEL ARCHITECTURE (AWS)

Project Type: Internet Banking & Mobile Application,Portal Services

Environment: AWS

Objective: Designed a modern, containerized Internet Banking and Mobile Application platform for Seylan Bank using Kubernetes microservices architecture, enabling agile feature development and elastic scalability

Architecture: Cloud-native EKS-based architecture with public node groups for ingress controllers and frontend applications, and private node groups for business microservices and database tier. This separation ensures both security and scalability

Key Resources Used:

Container Orchestration: Amazon EKS with Public and Private Node Groups

Ingress: Nginx Ingress Controller, Application Load Balancer

Frontend: IB Frontend, AdminPortal Frontend running on public node groups

Microservices (18 services): Account, Card, Loan, Promotion, User, KYC, Report, Gov,etc..

Database: Amazon Aurora with Reader/Writer endpoints

Database: Infrastructure: Bastion Host, VPC, Public/Private Subnets, NAT Gateways

Database: Monitoring: CloudWatch, Custom Monitoring Service, Bank SEIM Soultion

Security: WAF, IAM, VPN Gateway

High Availability Features:

Redundant application servers across public and private subnets

Active-Passive database configuration with manual fail-over capability

Load balancer distributing traffic across healthy backend instances

Shared file storage accessible across all application servers

High Availability Features:

EKS-managed container orchestration across multiple AZs

Public and private node group separation for security and performance

Aurora database with reader/writer endpoints for read scaling

Horizontal pod autoscaling based on demand

Security Implementations:

WAF protection at entry point

Private node groups isolating sensitive microservices

Bastion host for secure cluster administration

VPN Gateway connectivity with PayMedia/Seylan Bank

IAM role-based access control for least privilege

Security Implementations:

Containerized microservices deploy via CI/CD pipeline

Centralized logging and monitoring

Architecture Diagram

FINTREX PRODUCTION ARCHITECTURE (Huawei Cloud)

Project Type: Internet Banking (IB) & Portal Services and Mobile Application

Environment: Huawei Cloud

Objective: Implemented a secure, DMZ-based Internet Banking and Portal Services infrastructure on Huawei Cloud, enabling secure financial services delivery for Fintrex's digital banking customers.

Architecture: Three-tier architecture with DMZ subnet for web-facing components, private subnet for application and database servers, and site-to-site VPN connectivity for secure internal access.

Key Resources Used:

Networking: VPC - Production, DMZ Subnet, Private Subnet, Security Groups

Compute: WEB Server (NGINX), App Server, DB Server, Portal Services, IB FrontEnd

Security: NAT functionality on Web Server, Site-to-Site VPN

Storage: File Share for persistent data

High Availability Features:

Redundant application components

Shared file storage ensuring data consistency across servers

Stateless web tier enabling horizontal scaling

Security Implementations:

DMZ architecture isolating web servers from internal application tier

Web Server acting as NAT gateway controlling outbound traffic

Strict TCP port control (3306 for MySQL, 3606 for application)

Site-to-Site VPN for secure connectivity with corporate network

Private subnet isolation for database and application servers

Architecture Diagram

Professional Summary

4

8+

10+

99.9%

Technical Skills

Cloud Platforms & Services

AWS

GCP

Huawei Cloud

Orel Cloud

DevOps & Automation Tools

Container runtime

Orchestration

CI/CD & Automation

Infrastructure as Code

System Administration & OS

Operating Systems

Server Management

Networking

Logging and Monitoring

Security & Compliance

Standards

Security Tools

VPN Solutions

Soft Skills & Languages

Professional Skills

Languages

Projects

Internet Payment Gateway Systems (IPG)

PAYPLUS IPG/POS ARCHITECTURE (AWS)

PIXELPAY IPG PRODUCTION ARCHITECTURE (AWS)

DHIRAAGUPAY ARCHITECTURE (AWS)

DIGICEYLON PROJECT (AWS)

Architecture Diagram

Mobile Banking(APP) | Web Portals(Admin) | Internet Banking

AMANA BANK REMITTANCE APPLICATION (AWS)

Architecture Diagram

RDB BANK PRODUCTION HIGH AVAILABILITY ARCHITECTURE (OREL Cloud)

Architecture Diagram

SEYLAN BANK HIGH LEVEL ARCHITECTURE (AWS)

Architecture Diagram

FINTREX PRODUCTION ARCHITECTURE (Huawei Cloud)

Architecture Diagram

Work Experience

PayMedia Private Limited

PayMedia Private Limited

Certifications

AWS Cloud Practitioner

Oracle Cloud Infrastructure

Huawei Cloud Tech Essentials

Cisco CCNA

Education

Bachelor of Information Communication Technology (Honors)

Contact

Get In Touch

Project Architecture