SNEHIT - stock.adobe.com
How Aarogya Setu is addressing scale and security challenges
India’s contact-tracing platform leverages microservices, encryption techniques and cloud-based visibility tools to address scale and security requirements
In the early days of the Covid-19 pandemic, online travel booking platform Goibibo’s co-founder Vikalp Sahni and some developers banded together to explore the possibility of building an app to support India’s contact-tracing efforts.
At the time, the Indian government was planning to do the same and roped in Sahni’s team to build what has now become Aarogya Setu, one of the most downloaded apps in the world.
Like other contact-tracing apps, Aarogya Setu uses Bluetooth to securely exchange a digital signature of close contacts between two smartphone users, including time, proximity, location and duration.
The data is stored on the user’s device and should the user come into close contact with another user who tested positive for Covid-19 in the past two weeks, the app will calculate the risk of infection and notify affected users.
Today, the app is being used by 10% of India’s population with some 140 million downloads. In May 2020, the Indian government open-sourced the app’s source codes to alleviate public concerns about privacy and security.
Privacy and security, however, was always a priority for Sahni and his team of volunteer developers when they were building the technology platform for the app, which leverages cloud services from Amazon Web Services and is hosted on government datacentres across India.
Sahni, who recently left Goibibo to start a new health technology company, said the team had developed a private architecture for the app, which only pushes out data if there is a case of infection. All data at rest and in motion is also encrypted in accordance with best practices, he told Computer Weekly.
Security safeguards
The security safeguards were crucial as the team had expected the platform to be targeted by threat actors that were eyeing its data. True enough, the platform’s firewalls and security policies had blocked traffic from between 20,000 and 25,000 IP addresses and identities, Sahni said.
There were also distributed denial-of-service (DDoS) attacks, as well as targeted attacks by some renowned hackers, but Sahni said nothing came out of those attempts.
Read more about IT in India
- Tata Group’s financial services arm has been migrating branch walk-ins and voice calls to self-service digital channels staffed by chatbots as it expands its digital footprint.
- Security operations teams in India see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic.
- The Covid-19 pandemic is turning out to be a big fork in the road for many companies. But what about the industry that keeps the lights on for them?
- The Covid-19 pandemic’s impact on IT spending is expected to hit home in India’s storage market.
Besides fending off cyber threats, the development team had to ensure the platform could scale with the rapid growth in the number of users. Within 13 days since Aarogya Setu was made available, the app recorded 50 million downloads, surpassing a previous record set by Pokemon Go.
Sahni said to build the most scalable platform possible, the team developed microservices, built data pipelines and leveraged NoSQL databases, so that data can be distributed quickly and scale well. At one point, the contact-tracing app recorded seven million server requests in just one minute.
As an early adopter of New Relic, a cloud-based application to help developers track the performances of their services, Sahni looked to the vendor to understand the scale issues that Aarogya Setu could face.
At the time, the Indian government had also joined New Relic’s Covid-19 relief programme, which provides 90 days of full-stack observability, with support that has since been extended for an additional three months for Aarogya Setu.
Knowing that the team needed to be well prepared for a huge wave of demand, the government felt that visibility into the technology and user experience was essential as the app became widely adopted. “With a roll-out at this size and scale, not having effective monitoring and visibility would have meant that we wouldn’t have been able to live up to the expectations of our citizens,” a government official said.
“Technology roll-outs will tend to fail at one point or another, but the most important thing is how quickly businesses can bounce back from these failures. New Relic allowed us to identify gaps of where we could have done better and ensured that any issues that occurred were addressed quickly,” she added.
For example, there was once when the team encountered a longer than usual response time, which was eventually traced to the way a database was configured. Sahni said these issues would have been hard to resolve without the use of New Relic.
Read more on Endpoint security
-
![]()
Cloud and observability tools help global first responders
By: Beth Pariseau
-
![]()
Experts expect Sumo Logic match post-New Relic acquisition
By: Beth Pariseau
-
![]()
OSC&R supply chain security framework goes live on Github
By: Alex Scroxton
-
![]()
New Relic streamlines DevOps monitoring tools amid upheavals
By: Beth Pariseau
