Quant Hedge Fund in the Cloud – Secure and Flexible Desktops on the Public Cloud


Hentsū has been deploying hedge funds to the public cloud since 2015, on AWS, Azure and Google. Recently, one of our quant hedge fund clients requested a secure environment to be deployed for both their corporate and development workloads. The client required an environment that could be rolled out quickly, with minimal hardware and licensing costs. There was also a need to eliminate capacity planning, resource forecasting and dealing with data centres and connectivity costs. Another crucial requirement was that it had to be accessible from anywhere, with as much flexibility as possible, whilst still providing elevated security over their intellectual property.

We chose to build the environment using Amazon Web Services (AWS) as the cloud provider, divided into separate Virtual Private Cloud (VPC) zones, with a custom virtual desktop infrastructure (VDI) platform.

Key Requirements

A large part of the client’s work involves software development, and as such, the developers require access to multiple desktops depending on the work they do: corporate desktops for regular email, documents and browsing; and highly secure development desktops, where the data coming in or out of the environment is controlled intensely. Furthermore, the client has offices in both New York and Singapore, with users requiring the ability to access their own desktop regardless of their office location.

Cloud Desktops Solution

The beauty of using public clouds like AWS, Azure, or Google Cloud, is that Hentsū can quickly deploy infrastructure to multiple geographical locations. We help even the smallest client effortlessly project their presence across the globe, in the same way you would for a large established firm. As with most of our clients, the use of thin clients and redundant fast connectivity to the cloud minimises office infrastructure footprint.

Since good latency is crucial for virtual desktops, we used the multiple cloud regions to run closest to the end user, with virtual desktops deployed in AWS North Virginia and AWS Singapore. Users would be directed to the closest desktop, depending on the location from which they logged on. In case of DR, the other region can take over for all users.

Each region is divided into separate logical groups, with different security constraints. An infrastructure VPC provides the common services, with replication between the two regions. The desktops are divided into corporate and development security zones.

For this implementation, we chose Microsoft’s Remote Desktop Protocol (RDP) as the best balance of cost, simplicity and flexibility.

Security and Resiliency

Data security and protection are paramount for any organization with sensitive IP, no matter where the environment is hosted. Crucially, public cloud deployments offer a breadth and depth of security functionality a legacy private cloud cannot match.

Hentsū believes in “Infrastructure as Code”, as such, we used our standard Terraform and configuration management framework for this deployment. This provides detailed level of auditing and control across the infrastructure, with changes tracked using Git version control. This allows us to immediately detect any unauthorised deviations and roll back quickly if necessary.

The environment created has the usual AWS security, such as encryption of data at rest and in transit, granular permission control, auditing and separation of workloads. Additionally, all instances have encrypted volumes, and encrypted backups of these volumes. S3 buckets have strict access policies and server-side encryption enabled. Databases hosted on Amazon RDS are automatically encrypted and replicated across availability zones for resiliency.

Hentsū also added network level protection, Layer 7 filtering, Office 365 Tenant Restrictions, and Mail Flow rules. Crucially, we’ve achieved the desired level of data loss protection without interrupting user workflow and cloud platform interaction.

The Cost Benefits

The public cloud pay-as-you-use model gives our clients huge cost advantages and eliminates unnecessary upfront commitments. Using the Hentsū VDI tooling resources can be shut down, deallocated, or scale up or down to match current workloads. We also deploy user desktops to automatically hibernate when not in use, keeping costs to a minimum.Hibernated instances do not incur compute costs, and work can be resumed when powered back up. These automated cost optimisations are seamless and transparent to end users. Over-provisioning and paying for idle resources is a thing of the past.

Our client saved over 35%, which amounted to thousands of dollars, on the monthly costs compared to their old private cloud provider. There were further significant savings on equipment, software licensing, support packages, colocation and connectivity costs. In addition, being able to deploy quickly from code sets Hentsū apart when it comes to project costs.

Time Efficiency Benefits

Working with infrastructure as code and eliminating the need to purchase hardware meant that the client was swiftly deployed in under 4 weeks. Furthermore, our client developers’ overall productivity has improved, because they are now able to experiment quickly and cost-effectively, whilst maintaining the company data security model.

Hentsū Background

We are experts in designing, building, and managing public cloud solutions for asset managers. We cater to firms across the globe, serviced out of our primary offices in London and New York. We are partners with all three major cloud platforms, AWS, Azure and Google.

Looking to start small or deploy large environments, coming from a discretionary, quant or multi asset background, or migrate from your legacy private cloud environment – Hentsū can help with your technology requirements: