A European Fintech Company Ramps Up IT Resilience in Its Native AWS Environment
About the Company
This European Fintech company, founded during the last decade, has grown quickly in a short time. They are a leading, award-winning provider of financial technologies and services to Forex and CFD trading companies and to private individuals engaged in online trading.
Five million accounts worldwide use the company’s Forex and CFD trading platform with data-driven front-end and back-office software.
The company’s environment was born and resides in the AWS cloud and consisted of EC2 instances, load balancers, RDS instances and more.
Continuous availability and data-loss prevention are key issues and important objectives for this fintech company.
As a company developing in a relatively new industry, the European Fintech was able to benefit from the many advantages of establishing their native cloud-based business environment on AWS. This included quick set-up, application development, time to market and lower TCO – all this without the burden of interfacing with legacy systems, datacenters or private clouds. And, in addition, AWS was responsible for significant parts of the operational and management activities of their environment. But, AWS is not responsible for everything; the fintech learned that it is responsible for its own operating system, software and utilities, and more. Bottom line: providing continuous and secure availability to their trading platform was in the fintech’s court.
In practical terms, this means they must make sure that all the trading, training and customer support services they provide to their clientele – who hold 5 million accounts, are located on three continents, in several different time zones, and communicate in nine languages – are available 24x7x365.
And, since trading frequently requires split-second decisions and actions, this means there is no room for downtime, lags or “glitches.” Customers need continuous access to relevant business information and to ability to make trades.
This was the key reason the fintech sought to proactively discover their environment’s weak points, those vulnerable to causing unavailability, data loss, or those potentially exposed to a cyberattack. Their first step was to test Continuity Software’s AvailabilityGuard NXG™ solution for AWS.
AvailabilityGuard NXG automatically and proactively detects risks and misconfigurations across all layers. It runs analyses against a knowledge base of hundreds (and growing) of vendor, industry and community-driven best practices. Risks are pinpointed, enabling their repair before they harm operations. DevOps teams also use the solution to rapidly validate resilience.
The fintech company had a complex AWS environment with a large volume of ongoing changes whose integration needed to comply with the hundreds and even thousands of constantly evolving vendor, industry and regulatory best practices. This made it impossible to manually identify downtime, data- loss and security risks without automation.
Certainly, the fact that their environment was fully AWS based did not absolve the fintech from needing to ensure the correct configurations of the many changes being continuously implemented in their environment. In addition to their own IT team which handled ongoing work, they used multiple software and other vendors whose maintenance professionals were also involved in making changes and updates. Obviously, AWS, too, was a heavy contributor to maintenance activities and at the same time, also issued a continuous stream of new services that could be integrated into the environment – and as such, needed to be configured correctly so as to avoid any negative impact to the environment.
AvailabilityGuard NXG for AWS: Resilience for AWS based Enterprise
Continuity Software’s AvailabilityGuard NXG solution starter package was initially installed to assure resilience on the European telco’s new and critical VxBlock-based SAP Cloud environment, comprised of VMware ESXi clusters, Cisco UCS blades, a range of Dell EMC storage systems (including VMAX, VPLEX, VNX), and Cisco MDS switches.
The telco wanted to ensure a stable roll out of their new SAP implementation by validating that it was misconfiguration-free, at least on day one. They knew it wouldn’t remain that way and that they needed to commit to a new system of continual checks and repairs of misconfigurations in order to keep their services running at top performance levels.
AvailabilityGuard NXG scanned and analyzed configuration data from all IT infrastructure layers. Its initial scan of the SAP stack led to the identification of close to 90 issues of varying severity including some that “you’d never even search for and wouldn’t find even if you did,” according to the team. The most significant findings were cross-layer misconfigurations between the UCS and VMware layers; additional issues were found in the VMware and VPLEX environments.
Based on the successful initial results, the telco decided to expand the AvailabilityGuard NXG deployment to protect additional business services, including critical applications deployed on AWS (using EC2, S3, VPC and CloudFront services) and their large digital TV environment.
With the fintech company’s decision to improve IT resilience, Continuity Software’s team set up AvailabilityGuard NXG for AWS to scan one AWS account on a representative subset of the production environment including 500 nodes consisting of: EC2 instances, load balancers, and RDS instances. The scan looked for potential misconfigurations and deviations from vendor and industry best practices across all layers such as virtual machines, containers, networks, load balancers, databases, cloud storage, DNS, and more.
To analyze configuration and identify trends, metadata was collected over a month. There was no performance impact and no software was installed.
Results. AvailabilityGuard NXG scanned and analyzed configuration data from all the AWS infrastructure layers. The scans detected 300 configuration risks in EC2, CloudFront, S3, ELB, ASG, RDS, and other AWS services.
Risks were broken down by impact on the AWS environment. There were risks of downtime, data loss, performance deterioration and best practices violations – clearly all areas critical to the fintech’s operations. Of particular concern were the majority of risks ranked as “high” to security and of data loss, and the many different types of risk of downtime.
The results were an eye-opening revelation to the fintech’s DevOps team. Based on the visibility and insight they received from the trial period of a single AWS environment, they decided to deploy the solution and use it on an ongoing basis.
Seeing is Believing
The fintech company saw for themselves that by conducting a significantly greater number of checks to their environment than made possible by AWS-provided checks, they gained a great deal of information and insight about the resilience of their environment. They saw all the different types of risks and how each one would impact business and technical aspects of their operations. More important, each misconfiguration or potential point of failure detected was accompanied by a straightforward explanation of the remediation steps needed to correct the problem. Risks are ranked by urgency, making it simpler for the IT team to set priorities for repair.
How do you know what’s right? This could be a philosophical question, but in this context the arbiter of what is the correct way to proceed is Continuity Software’s proprietary, deep knowledgebase of vendor, industry and community-driven best practices. AvailabilityGuard NXG relies on its constantly updated information on best practices to know how to optimally configure all the connections that must be in place for the environment to run smoothly, continuously and dependably.
The European Fintech company realized that with AvailabilityGuard NXG for AWS they could more reliably provide uninterrupted availability to their very large and active customer base in the particularly high-pressure world of online trading.
Although the overall trend worldwide is for enterprises to move more workloads to the public cloud, enterprises that are exclusively cloud-based or were born in the cloud still comprise a minority of companies. They are still learning about the necessary and best options for meeting their needs in their role as both technology and service-providers. This is where AvailabilityGuard NXG for Public Cloud comes in and is a game-changer that improves service availability and security by assuring IT resilience of public cloud environments.
Prevent outages and data-loss on your AWS environment