Redefining Perspectives A thought leadership forum for technologists interested in defining a new future
Session 2
Lessons from Real Life Cloud Computing
Implementations
Vibhor Mathur Senior Specialist – Technology
Sapient Global Markets (India)
Vibhor has more than 14 years of experience in designing
and developing complex business critical applications
primarily using C++ / VC++ technologies
He has a strong hold on the Trading and Risk Management
domain, specifically in the areas of trade life cycle
management and handling of OTC (Over the Counter)
trades
Shivam Kumar Specialist – Technology
Sapient Global Markets (India)
Shivam has over 9 years of experience in software design
and development. He specializes in performance and
scalability of applications
He has developed various systems using platform and
technologies like compute grids, Hadoop and Cloud
Computing to achieve scalability. He has co-authored in-
house compute grids and elastic servers
CLOUD COMPUTING:
LESSONS FROM REAL LIFE IMPLEMENTATIONS Vibhor Mathur and Shivam Kumar
May 2014
What We’ll Cover
Share a perspective on the challenges faced and lessons learnt from real life experiences of
working on cloud based implementations
Porting a complex app from on-premise to cloud
1
Integrating a cloud application with on-premise infrastructure
2
© COPYRIGHT 2014 SAPIENT CORPORATION
Porting a Complex Application from
On-premise to Cloud
We’ll Focus on…
• Solution Layout
• Security
• Performance
• Platform Availability
• Operations
CMRS | Application Context
9
TRADING FIRM
TRADING
SYSTEM 1
TRADING
SYSTEM 2
TRADING
SYSTEM 3
TRADING
REPOSITORY (e.g. DTCC)
CMRS (Sapient)
© COPYRIGHT 2014 SAPIENT CORPORATION
CMRS | Deployment on Cloud
© COPYRIGHT 2014 SAPIENT CORPORATION
• Hardware Based
Limitations – e.g.
use of MQ
Porting from On-premise to Cloud (1/2)
MQ SERVER 1
MQ SERVER 2
MQ RECEIVER
CMRS ON PREMISE TRADING REPOSITORY
DEDICATED NETWORK
Interfacing with external entities needs to be thought through across the following dimensions:
© COPYRIGHT 2014 SAPIENT CORPORATION
TRADING REPOSITORY
Porting from On-premise to Cloud (1/2)
SFTP SERVER 1
SFTP SERVER 2
SFTP RECEIVER
CMRS ON CLOUD
Cloud Service
Interfacing with external entities needs to be thought through across the following dimensions:
© COPYRIGHT 2014 SAPIENT CORPORATION
• Hardware Based
Limitations – e.g.
use of MQ
INTERNET
TRADING REPOSITORY
Porting from On-premise to Cloud (1/2)
SFTP SERVER 1
SFTP SERVER 2
SFTP RECEIVER
CMRS ON CLOUD
Cloud Service
Interfacing with external entities needs to be thought through across the following dimensions:
© COPYRIGHT 2014 SAPIENT CORPORATION
INTERNET
• Hardware Based
Limitations – e.g.
use of MQ
• Static IP Address
Limitation
PU
BLI
C
PR
IVA
TE
Porting from On-premise to Cloud (2/2)
Partner with the cloud platform vendor to establish the architecture
• Deployment Design – e.g. use of availability sets
• Security – e.g. use of access control lists
• Software license usage – e.g. optimizing the use of BizTalk
licenses
© COPYRIGHT 2014 SAPIENT CORPORATION
Security in Cloud
15
Data in Transit
• Transmission over sFTP
Data at Rest
• Data Encryption
• Disable Copy over RDP
Environment
• Access Control Lists (ACLs)
• Site to Site VPN Tunnel
• Penetration Testing
• Intrusion Detection
Governance
• Processes
• Audits
© COPYRIGHT 2014 SAPIENT CORPORATION
Plan for Performance Related Changes
0
5
10
15
20
25
30
35
40
45
1 2 3 4 5 6 7 8 9 10
Thro
ugh
pu
t (m
sgs/
sec)
Iterations
On Cloud On Premise
• Performance of the application cannot be assumed to be same as on premise
• Key physical characteristics of the cloud platform
• IOPS of the system drive – e.g. system
drives are read optimized by default
• Potential deployment re-engineering
• Distribution of key database files
across disks
© COPYRIGHT 2014 SAPIENT CORPORATION
Platform (Un)Availability – Assume Things will go Wrong
Event Possible Mitigation
Scheduled Outages
Processes / Standard Operating Procedures
Unscheduled Outages
Processes + Deployment Design
Human Error Processes + Governance
© COPYRIGHT 2014 SAPIENT CORPORATION
• Infrastructure Management
• Patching, anti-virus updates
• Monitoring
• Service Level Agreements
• Understanding the SLAs of all the players including the cloud platform provider
• SLAs we offer has a significant impact on the cost e.g – 24x7 vs 16x5 support model
• Costs
• Infrastructure cost – architecture choices has a major impact
• Supporting the platform – people cost could be substantially higher
Operating a Cloud Based SaaS Platform
© COPYRIGHT 2014 SAPIENT CORPORATION
Integrating a Cloud App with On-premise
Infrastructure
We’ll Focus on…
• Introduction to Risk Calculator
• Motivators for Moving to Cloud
• Application Topology
• Demo – Key Features
• Auto Scaling
• Integration with Enterprises Services
We’ll focus on…
© COPYRIGHT 2014 SAPIENT CORPORATION
• Risk Calculator finds out risk scores of
Mortgage Backed Securities (MBS)
• Large number of MBS securities.
• Characteristics
• Highly CPU intensive process
• Irregular usage pattern
Introduction to Risk Calculator
Portfolio Manager
Risk Calculator Client
Logging
Service
Application Monitor
Application Support Team Server
Server Server
Server
© COPYRIGHT 2014 SAPIENT CORPORATION
Why move Risk Calculator to Cloud
• Scale-on-Demand: Cloud allows risk calculator to add computing power when
needed
• No Initial Investment: on procuring infrastructure that is not fully utilized
• Reduced Maintenance Overheads: maintenance for components unsupported by
the enterprise can be outsourced to the cloud
© COPYRIGHT 2014 SAPIENT CORPORATION
Application Topology on Cloud
EC2
Server Server
Server Server
Risk Calculator
Client
Request Queue (SQS)
Response Queue (SQS)
ENTERPRISE
Elastic Cache
Simple Storage Service (S3)
© COPYRIGHT 2014 SAPIENT CORPORATION
ENTERPRISE
EC2
Server Server
Server Server
Risk Calculator Client
Request Queue (SQS)
Response Queue (SQS)
Elastic Cache
Simple Storage Service (S3)
Auto Scaler
Server Server
Auto Scaling
© COPYRIGHT 2014 SAPIENT CORPORATION
Enterprise Integration
EC2
Server Server
Server Server
Risk Calculator Client
Request Queue (SQS)
Response Queue (SQS)
ENTERPRISE
Elastic Cache
Simple Storage Service (S3)
Auto Scaler
Server Server
Logging Service
Application Monitor
Reverse Tunnel Apache HTTPD Reverse Proxy
© COPYRIGHT 2014 SAPIENT CORPORATION
ENTERPRISE
Credentials Management
Credentials Store
Credential Service
Risk Calculator Auto Scaler
Enterprise Authentication Server
Identity and Access Management (IAM)
© COPYRIGHT 2014 SAPIENT CORPORATION
Lessons Learnt
27
Lessons Learnt
1. Porting an On-premise Application to Cloud
• Design the solution considering cloud constraints e.g. dependency on hardware
• Running a SaaS platform is a different ball game e.g. Cost Management, SLA
Management
• Cost is not a differentiator - go with a vendor who is willing to partner
© COPYRIGHT 2014 SAPIENT CORPORATION
Lessons Learnt
2. Integrating an Application on Cloud with On-premise Infrastructure
• Use hybrid cloud model where the need for compute power is extremely variable
• Integrating with enterprise services will be needed – design for it upfront
• Integrating from cloud into the enterprise is not trivial e.g. security perception
© COPYRIGHT 2014 SAPIENT CORPORATION
Thank You