From Traditional Ops to Automated Security: Ctrip’s Journey and Lessons

Preface

The author shares a personal story of an operations professional, describing early experiences with Unix workstations, scientific computing, and the gradual discovery of security concepts.

1. Joining Ctrip

In early 2007 the author entered Ctrip, a NASDAQ‑listed travel company, and immediately faced a large‑scale operations environment with over a thousand servers and a youthful team.

2. Traditional Operations at Ctrip

Projects in 2010‑2011 are illustrated with timeline charts. Most projects lasted three months or longer, with many security initiatives (DMZ, database security, branch security) extending beyond a year. Typical processes involved procurement, documentation, and manual configuration of firewalls and other devices.

3. Our Team

Team photos from 2009, 2011, and 2012 show growth from three members to eleven by 2012. Key challenges included:

Unreliable future forecasting – equipment was purchased based on a 40‑50% annual growth estimate, leading to premature replacement.

Pushing application security – integrating code review into development required bridging the gap between operations and development.

Rapid response – reducing server provisioning from weeks to two hours and scaling firewall devices from four to over a hundred.

Automated IP Blocking

To address slow manual IP blocking, the team built a system that automatically receives malicious IP lists and blocks them on an IPS. After a major incident where tens of thousands of legitimate user IPs were mistakenly blocked, safeguards such as rate limiting, quantity caps, and manual override were added.

Automation Delivery

The team identified three essential capabilities for network security: perception, blocking, and forensics. Automation tools were created for distributed vulnerability scanning, certificate deployment, and other DevOps‑driven processes, dramatically reducing scan and deployment times.

Firewall Automation Operations

A large‑scale firewall automation system was implemented, featuring robust fail‑safe mechanisms. Over a year and a half, the eight‑person team filed more than 30 patents, with many under review.

4. Conclusion

The rapid transformation of the operating environment demands a “reset” mindset: continuously learn new technologies, adapt to change, and maintain automation to stay relevant in operations and security.