Private cloud and disaster recovery tools for IT infrastructure used in business applications for a company in the investment niche

Leave a request for a similar project

Leave a request for a similar project

Country
Cyprus
Business
Financial and investment company
Product
Investment, financial and other related services and facilities

The financial and investment company has created a network of authorised financial institutions and since 2008 has been providing its clients with a large portfolio of investment tools that deliver diverse trading opportunities and enhance asset security.

Colobridge products and services used:

Background

The company provides investment and ancillary services to clients in several jurisdictions, such as Switzerland, Hong Kong, Singapore, Belize, and the British Virgin Islands.

The investment company is subject to oversight of the Cyprus Securities and Exchange Commission (CYSEC). It acts as a government regulator and ensures that investment organisations comply with Cyprus and EU laws and regulations. Moreover, CYSEC issues licences to companies carrying out investment activities.

Every year, the client’s activities are reviewed by AMLCO, compliance officer, risk manager, as well as internal and external auditors.

Both institutions conducting internal and external audits are from the Big Four accounting firms. IT infrastructure used to support business services, data storage, processing and transmission is subject to a detailed audit.

Problem

The client used to host some of its IT infrastructure remotely and was not completely satisfied with the fact that the provider did not always provide the transparency required for data processing and storage.

Why was this a really major problem?

It is critical to protect financial and other confidential information so that it is not lost or compromised by unauthorised third parties. A structure with remote access (public cloud) remains secure for most business applications, but the client cannot manage all risks. Therefore, there is a slight chance that information may be compromised by someone or that fraudsters will exploit a vulnerability before the system is patched. All of this can lead to problems during an IT audit of a client’s infrastructure.

There may be problems with maintaining the licence and complying with regulators’ requirements. The licensing authority imposes certain requirements on how authorised companies store and process data. In a structure with remote access (public cloud), the client did not have access to the hypervisor and, accordingly, did not control how backups were created and was also unable to check whether they were really stored in encrypted form. There was also no way to access the provider’s system configurations and make sure that it was performing its obligations to the client. This is another obstacle to a successful IT audit.

Remote access structures (public clouds) are focused on servicing standard workloads, while the client planned to use SAP HANA. On the one hand, it can only run VMware as a virtualisation system, and on the other hand, it consumes large amounts of RAM. The remote-access structure (public clouds) had restrictions on the amount of RAM per virtual machine, so the client was looking for an opportunity to deploy a solution with out-of-the-box infrastructure requirements.

The client used to host some of its IT infrastructure remotely and was not completely satisfied with the fact that the provider did not always provide the transparency required for data processing and storage.

Why was this a really major problem?

It is critical to protect financial and other confidential information so that it is not lost or compromised by unauthorised third parties. A structure with remote access (public cloud) remains secure for most business applications, but the client cannot manage all risks. Therefore, there is a slight chance that information may be compromised by someone or that fraudsters will exploit a vulnerability before the system is patched. All of this can lead to problems during an IT audit of a client’s infrastructure.

There may be problems with maintaining the licence and complying with regulators’ requirements. The licensing authority imposes certain requirements on how authorised companies store and process data. In a structure with remote access (public cloud), the client did not have access to the hypervisor and, accordingly, did not control how backups were created and was also unable to check whether they were really stored in encrypted form. There was also no way to access the provider’s system configurations and make sure that it was performing its obligations to the client. This is another obstacle to a successful IT audit.

Remote access structures (public clouds) are focused on servicing standard workloads, while the client planned to use SAP HANA. On the one hand, it can only run VMware as a virtualisation system, and on the other hand, it consumes large amounts of RAM. The remote-access structure (public clouds) had restrictions on the amount of RAM per virtual machine, so the client was looking for an opportunity to deploy a solution with out-of-the-box infrastructure requirements.

Tasks

The client sought to avoid using a remote-access structure (public cloud) in favour of a more customised solution (private cloud) that would meet its performance, security and reliability requirements.

For this purpose, it is necessary to find a provider with physical infrastructure and software solutions that meet the licensing requirements for financial companies, since whether the company meets authorisation requirements depends on the findings of the regulators.

In order to find a solution that fully covers all the requirements and tasks, the client considered more than ten service providers in Europe and compared them based on such key criteria as solution portfolio, guaranteed availability, references, and others.

Colobridge was selected as a result of a competitive selection, and the final convincing factor was positive feedback from the company’s partners that had already worked with this service provider.

Two years after starting to work with Colobridge, the client set a new goal – to make the IT infrastructure even more resilient. At that time, it was concerned about a series of floods in Europe and a fire at one of the OVH SBG data centre campuses (the building where the Dedicated Service was provided in Strasbourg burned down). It should be noted that all incidents occurred within four months. Although the risks that it would happen again were close to zero, the client wanted to get another site to store critical business data. This was easy to implement on the Colobridge platform which combines two geographically remote and independent data centres.

Colobridge technology platform is deployed on a geographically distributed basis in two computer rooms in Tier III+ data centres in Germany. This makes it possible for us to use the most leading-edge solutions available from a single provider. We were really hopeful that the private cloud deployed on Colobridge platform would provide us with the security and reliability we needed.

Client’s IT Department Director

Implementation

At first, the client leased equipment and used several as-a-service solutions offered by Colobridge technology platform. Later, it bought back the servers but continued using the rest of the services it needed in the same format – storage, network ports and data channels. Having its own equipment helped to make ownership of the IT infrastructure more cost-effective. With relatively small capital expenditures, the client was able to reduce operating costs in the medium term.

Migration

It took two weeks to get ready to migrate the IT infrastructure to the new platform. All this time, the client’s representatives were in close communication with Colobridge team members to work out the data migration plan in detail and minimise the risk of stopping business-critical applications. The migration was completed seamlessly, with all services starting to operate without downtime from the main site, which was one of Colobridge’s two data centres.

Challenges

Even after the migration, there were occasional difficulties with the BSaaS service at peak times, although it was supported by fully compatible Enterprise-class networking equipment by HPE. The problem was solved by completely separating the SAN network from the traditional Ethernet network. Now the storage network uses separate high-performance Brocade equipment that runs steadily with any load.

Solution

The physical part of the financial investment company’s IT infrastructure is distributed between two data centres in Germany, united by Colobridge technology platform. One data centre hosts the main VMware virtualisation cluster with several instances, including SAP HANA. The second one is used to execute the Disaster Recovery plan. All business-critical services and SAP HANA logs are synchronised with this site in real time, which are also used to recover operations. At the disaster recovery site, the client rents dedicated hardware, virtualises it, and uses it as part of a geo-distributed VMware cluster as a “shoulder” for disaster recovery of business-critical services. Moreover, it stores some data as important backups locally, in its own data centre. Less important services, such as access control and others, are also placed here. Such IT infrastructure arrangements have made it as fault-tolerant as possible and reduced the risk of physical data being destroyed to zero, even in near-apocalyptic scenarios.

Colobridge provided the client with redundant block storage BSaaS (RAID 2.0+). Two-tier virtualised storage is a scalable and very reliable solution: data is divided into blocks, and these are distributed across all the discs in the storage pool, and there can be several hundred discs. Even if one block is lost, it can be easily restored from another disc, and this will not affect storage performance and availability.
Geographically remote servers are connected by a 10G channel based on DWDM Interconnect, which is provided as a Service and ensures secure data transmission over optical channels. Using so-called dark fibre means that the data channels are fully controlled by Colobridge platform and no other providers can access them.

If a disaster occurs at the Telehouse data centre where the main site is located, the client’s critical business services will be restored almost instantly as per the disaster recovery plan. Stress testing is performed once or twice a year. Technical specialists from the client’s side regularly update the information and are always aware of the latest policies, tools and procedures and that will make it possible to restore the infrastructure after a serious accident. If an emergency occurs in the second data centre ( the probability of this occurring is virtually zero), the investment company will be able to restore services from its side.

Thanks to the solution offered by Colobridge, we have deployed a multi-layered and secure IT infrastructure. It flawlessly passes stress tests, meets the high security requirements set for fintech companies, and makes it possible to pass audits and obtain an investment licence without any hassle. We have no doubts that our IT infrastructure will remain resilient even under the most unlikely scenarios.

Client’s IT Department Director

Results

Placing the IT infrastructure in two independent geographically distributed data centres enabled the financial investment company to significantly minimise the risks of critical data being physically damaged and lost. The company uses extra as a Service solutions to ensure that data is securely stored and transferred between the data centres and from its local site to Germany. Moreover, as a service model has helped to make a complex IT infrastructure cost-effective. It is more financially efficient than the classic approach of renting physical equipment.

Colobridge platform met expectations in terms of fault tolerance, performance and security. The client successfully passes IT infrastructure audit – the findings of the audit company enable it to meet the stringent requirements set by regulators and ensure that the company is continuously authorised to carry out investment activities.

Passing IT audit became a mere formality: the auditors are familiar with the certificates and other documents of the two data centres where Colobridge technology solution is deployed. These data centres are among the top 5 best in Europe, and such giants as Bloomberg, Morgan Stanley and the London Stock Exchange have already entrusted their data to these data centres.

From this viewpoint, one could say that Colobridge is a benchmark site for hosting a fintech company’s infrastructure. Even the most unlikely risks of infrastructure being physically destroyed have been reduced to zero, and the hybrid financial model has allowed us to make it cost-effective to own it. Placing our own servers is cheaper than renting them directly, and the replacement fund issue is resolved by redundant infrastructure, which saves time required to purchase and deliver the necessary components. The processes that cannot be interrupted are supported by Colobridge as a service model.

Placing part of the client services in a private cloud made it possible to avoid forced downtime during the pandemic in 2019, when the Cyprus authorities imposed strict restrictions on visiting offices and leaving the house. The staff continued to work as usual, using systems and access keys to connect remotely. At the same time, many other companies were unprepared and had to shut down operations and suffer losses simply because they had not planned for remote workstations in the cloud.

We are satisfied with how reliable, simple and transparent Colobridge solutions are. We can quickly contact and get a response from a competent staff member 24/7. Communication in the native language makes it much easier to communicate even with Software Architect-level developers, and if there are any troubles (which so far have been only an exception), we can count on quick support provided by the troubleshooting team and second- and third-line support specialists.

Client’s IT Department Director

Cooperating with Colobridge summed up

The client is confident that the IT infrastructure is reliable and stable, and its fault tolerance is regularly confirmed by stress tests.

The documentation provided by Colobridge data centres makes passing an IT audit easy and hassle-free. It also helps to meet the strict requirements set by regulators to maintain the investment licence.

Client is fully in control of IT infrastructure and the entire data lifecycle and manages them.

Investment company staff can quickly start working remotely from any location in the world. All they need to do is connect to the company’s internal systems via a computer or tablet.

BSaaS (Storage as a Service) enabled the company to efficiently spend time and money on the services of narrowly focused IT specialists and quickly scale up the storage space available on demand.

Using other products based on the service model allowed to delegate hardware maintenance of IT infrastructure to Colobridge specialists in order to cut costs and make it easier to scale in the future. The client’s services consume as many resources as needed at a given time.

The client has a good reputation in the global investment company market thanks to its stable online services.

The risks of financial losses because of IT infrastructure malfunctions are reduced to zero.

Current architecture:

Colobridge really cares that every customer is comfortable and Colobridge is truly interested in making sure that they are satisfied. The most significant aspect of the customer care policy is a personal account manager who can be approached with any issue.

Client’s IT Department Director

See more

Data and Security

How to Choose a Cloud for Business: 7 Key Criteria

Corporate IT

Private Cloud or IaaS: where to move your IT infrastructure?

What’s next?

Try the cloud for free up to 2 weeks

Tell us about your tasks and business requirements

What’s next?

Try the cloud for free up to 2 weeks

Tell us about your tasks and business requirements