[et_pb_section fb_built="1" _builder_version="3.22"][et_pb_row make_equal="on" _builder_version="3.25"][et_pb_column type="4_4" module_class="ds-vertical-align" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text admin_label="The Challenge" _builder_version="3.27.4"]

[text-blocks id="requirements-2" align="right"]

The Challenge

An established asset manager approached us with a research platform challenge. Their application brought together market data with their own research and opinions into one view to create and evaluate their strategies.

Their legacy implementation ran on several servers as a monolithic application, with a hand managed and complex infrastructure. The overall performance was poor, which is unacceptable in a trading research environment where timeliness, speed and accuracy are paramount. In addition, the ongoing cost of this setup was hard to justify.

 

Key Considerations

  1. The solution had to be able to process several data feeds reliably and merge with the in-house research data.
  2. Security was paramount, with the highly sensitive trading research information held within the system.
  3. The application had to be responsive, dynamic with auto-scaling and auto-healing capabilities.
[/et_pb_text][et_pb_text admin_label="Solutions 3" _builder_version="3.27.4"]

[text-blocks id="technologies-used-2"]

The Solution

After reviewing the challenges, Hentsū were able to create an elegant serverless solution in Azure leveraging the huge power and scale of the cloud, which is simply not possible in a private cloud. Where possible we used cloud native services for their low cost, breadth of features available, and ease of management.

Hentsū took the existing legacy application and broke it up into microservices. The code was entirely rewritten into a modern cloud native stack, separating real-time applications from batch processing to be able to handle these appropriately.

The platform has built-in multi-region resiliency across the Azure cloud and is also hugely auto-scalable based on workloads and user demand. Within the application there are health checks and integrated alerts, automated recovery and restarts if any service fails.

Utilising such a cloud native serverless solution allows us to obtain huge processing power when needed, and only pay for what was actually used.

Technical Details

The entire platform has been built as a serverless solution. The batch work now uses Azure Batch; scripts have been turned into Docker containers which are scheduled onto temporary machines used for the smallest amount of time necessary. This allows for simplified management, huge parallelism, and low cost.

The application servers are now hosted with Azure App Service to leverage the reliability and huge number of management tools available. Hentsū built out the data pipelines to move data from the large number of feeds into an Azure Cosmos DB. A managed database was used to take away the headaches of managing a database on a machine, such as patching or disk management, while getting access to features such as georedundant automatic backups and one-button scaling.

Hentsū also developed the API server that allows individual services to get access to the data, as well as a web app that the client interacts with to perform their data analysis.

Bitbucket and Bamboo are used as the CI/CD pipelines, which test and build the application and batch Docker containers and then deploy to the container registry, all automatically when the code is updated. This can be adapted to use any repository and build server products if needed, such as Azure DevOps.

Security is crucial, with all access to the application handled natively within Azure and integrated with Azure AD for a seamless and authentication experience with world-class security.

The Benefits of Azure App Service

Everything you need to secure and manage a web app is contained in Azure App Service:

  • The servers are created as Docker containers, making them easy to create, version, and deploy
  • Deployment tools such as blue/green deployments, split traffic, and slot dependent environment variables for minimal interruption in deployments
  • All authentication handled through Azure Active Directory. This leveraged Azure class security while simplifying the platform development as app security did not need to be included in the app itself
  • One button upgrading / downgrading of hardware, with a change taking around 2 minutes
  • Custom domain handling and TLS/SSL set up in a few button presses
  • Network security, such as restricting access by IP
  • Log compilation and log streaming
  • Encrypted connection strings
[/et_pb_text][et_pb_text admin_label="Impact" _builder_version="3.27.4"]

Impact

The client was very pleased with the final product, particularly around the much lower cost and ease of administration. Additional iterations of the platform are already being seamlessly deployed, with the underlying infrastructure able to handle any amount of additional data or load from end users.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY
[et_pb_section bb_built="1" _builder_version="3.0.47"][et_pb_row _builder_version="3.0.48" background_size="initial" background_position="top_left" background_repeat="repeat"][et_pb_column type="4_4"][et_pb_text _builder_version="3.6"]

We are pleased to announce that our recent submission to the CSA Star registry, for our Security self-assessment document, was successful. The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

The STAR registry documents security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.

As a member of this registry we:

  • Provide our customers with a high level of transparency and confidence that we use best cloud security practices
  • Help customers make the best procurement decision for them
  • Define gaps and improve our security posture
  • Continuously improve and reach higher, third-party audited, security level and certification

With the successful submission of our self-assessment document to the CSA registry, we have completed our first step on the road to the full STAR Level 3 Goal.

For more information click here: https://cloudsecurityalliance.org/star/

 

[/et_pb_text][et_pb_text _builder_version="3.17.6" custom_margin="-35px||-2px" custom_padding="0px||0px"]

 

[/et_pb_text][et_pb_image src="https://hentsu.com/wp-content/uploads/2019/09/STAR-Table.jpg" _builder_version="3.17.6" custom_margin="||40px|" /][et_pb_text admin_label="Text 2" _builder_version="3.17.6"]

About Hentsū

We have the breadth and depth of knowledge and experience to design, build and manage every aspect of your hedge fund technology. We offer next generation Corporate IT with cloud-based offerings such as O365 and OneDrive, Cloud Strategy Roadmap Design and Implementation, Data Science as a Service and Regulatory Technology solutions.

Talk to us about your public cloud strategy today. Contact us at hello@hentsu.com

[/et_pb_text][et_pb_cta title="Talk to us about your public cloud strategy today" button_url="https://hentsuprod.wpengine.com/contact" url_new_window="on" button_text="Contact Us Today" _builder_version="3.16" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"]

Need to improve how you run your hedge fund technology? Concerned with your legacy private cloud provider? Not getting the service you need?

Hentsū can help!

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section]

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY
[et_pb_section fb_built="1" _builder_version="3.0.47"][et_pb_row _builder_version="3.0.48" background_size="initial" background_position="top_left" background_repeat="repeat"][et_pb_column type="4_4" _builder_version="3.0.47" parallax="off" parallax_method="on"][et_pb_text _builder_version="3.6"]

We are pleased to announce that the 2019 AITEC DDQ is now available to all AITEC and AIMA members and we are now formally on the AITEC vendor list. The AITEC-AIMA DDQ for Vendor Technology and Cyber Security was created to streamline the process of conducting due diligence on vendors servicing the alternative asset management industry. We are proud to join this list of innovative solution providers as we continue to offer top expertise to our clients.

Do not hesitate to reach out to us for more information on the AITEC DDQ.

Click here, for more information on our memberships and partnerships: https://hentsu.com/solutions/ and additional information on AITEC can be found here: https://www.aitec.org.

 

[/et_pb_text][et_pb_text admin_label="Text 2" _builder_version="3.6"]

About Hentsū

We have the breadth and depth of knowledge and experience to design, build and manage every aspect of your hedge fund technology. We offer next generation Corporate IT with cloud-based offerings such as O365 and OneDrive, Cloud Strategy Roadmap Design and Implementation, Data Science as a Service and Regulatory Technology solutions.

Talk to us about your public cloud strategy today. Contact us at hello@hentsu.com

[/et_pb_text][et_pb_cta title="Talk to us about your public cloud strategy today" button_url="https://hentsuprod.wpengine.com/contact" url_new_window="on" button_text="Contact Us Today" _builder_version="3.16" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"]

Need to improve how you run your hedge fund technology? Concerned with your legacy private cloud provider? Not getting the service you need?

Hentsū can help!

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section]

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY
[et_pb_section bb_built="1" _builder_version="3.17.6" custom_padding="0px||0px"][et_pb_row _builder_version="3.17.6"][et_pb_column type="4_4"][et_pb_text _builder_version="3.17.6"]

Microsoft recently had a flurry of announcements about Office 365 and especially Microsoft Teams. Below, we highlight  some of the key changes important to the asset management space. 

Microsoft: Now Available 

Outlook on the web - Conditional Access 

Office 365 can now set up policies that block users from downloading files from Outlook on the web to non-compliant devices. This helps provide more flexibility on the go, but still retains a good degree of security around your company files. 

Azure AD Password Protection 

Azure AD Password Protection helps you eliminate easily guessed passwords from your environment, which can dramatically lower the risk of being compromised by a password spray attack. Specifically, these features let you:  

  • Protect accounts in Azure AD and Windows Server Active Directory by preventing users from using passwords from a list of more than 500 of the most commonly used passwords, plus over 1-million character substitution variations of those passwords.  
  • Manage Azure AD Password Protection for Azure AD and on-premises Windows Server Active Directory from a unified admin console. 

Update to Exchange Mailbox Auditing – Mailboxes Audited by Default and New Mailbox Actions to Audit 

To ensure clients have access to critical audit data to investigate security or regulatory incidents in their tenancy when required, the Exchange Online service introduces a configuration that automatically enables mailbox auditing on all applicable mailboxes to users of the Commercial service. With this update, it is no longer required to configure the per-mailbox audit setting for the service to begin storing security audit data. These actions are of high interest to understand the activities that are taking place within the tenant. 

Combined Password Reset & MFA Registration 

Microsoft released a preview of a new user experience that allows users to register security info for multi-factor authentication (MFA) and password reset in a single experience. Now when a user registers security info such as their phone number for receiving verification codes, that number can also be used for resetting a password. Likewise, users can change or delete their security info from a single page, making it easier to keep information up-to-date. 

Outlook Calendar: Option to Block Forwarding of Meeting Invites 

Meeting organizers have the option to prevent attendees from forwarding a meeting invitation. This option is available only for users in Office 365. In the first release, the option to prevent forwarding is available when creating or editing meetings in Outlook on the web, but the option will become available in Outlook for Windows shortly after. 

In Development: To Keep an Eye On 

Admin tool: TeamSite Auto-Mount 

Admins can specify TeamSite Libraries that they want their users to automatically sync with OneDrive for Business. 

Passwordless Sign-in for Work Accounts 

Microsoft Authenticator mobile app now supports sign-in with your face/fingerprint or device PIN to your work accounts. You can take out the security risk of passwords and have the convenience of using a device you already own and carry with you. This option can be configured by administrators in the Azure Active Directory. 

For more Information on the latest Microsoft updates check out the roadmap here.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.17.6"][et_pb_column type="4_4"][et_pb_cta title="Contact Us" button_text="Click Here" _builder_version="3.17.6" button_url="https://hentsuprod.wpengine.com/contact"]

To learn more about how we can support you with these updates and more, contact us today. 

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section]

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY
[et_pb_section bb_built="1" _builder_version="3.17.6" custom_padding="0px||0px"][et_pb_row _builder_version="3.17.6"][et_pb_column type="4_4"][et_pb_text _builder_version="3.17.6"]

We have provided cloud solutions to asset managers for the past three years and in this time completed various types of email migrations to Office 365. These migrations include a mix of moving clients from an on-premise Exchange or a third-party legacy private cloud provider entirely to Office 365 to working with hybrid solutions that span both own on-premise and Office 365. 

During these migrations we noticed a range of issues with clients who opted to set up their Office 365 accounts via a more economical re-seller or through bundled packages with other services. 

Here are a few things to be wary of when setting up your Office 365 accounts with the wrong partner:

  1. Some of these providers offer what is called a “Syndication Tenant”. Microsoft retired this type of subscription but it is still offered by many existing re-sellers. With a Syndication Tenant agreement, the Office 365 account, Azure AD tenant and data is held by the re-seller and can’t be easily migrated away. In this setup, a multiple step process is required to hand over the account to another partner. The data needs to be backed up, the account deleted, and the data re-imported into a new account. All of this means extra complexity, user upheaval and extended downtime. 
  2. Some re-sellers, especially the syndicated tenant providers, do not offer the account holder true admin rights which means only a subset of the Office 365 functionality and management is available. 
  3. You could end up locked into a strict contract when negotiating your agreement. Sometimes your contract could last up to two or three years with no variations possible on the user services and license counts. 
  4. Security options are limited when compared to native Office 365 solutions or conditional access policies.
  5. Interface solutions from these re-sellers often lack basic functionality such as single sign on tools. 

With issues like these it is important to do your due diligence when exploring your options before committing. More likely than not you will find that your safest and most efficient option is to partner with a trusted and experienced service provider or go to Microsoft directly.

How Hentsū does it differently

We are a Tier 1 Microsoft Cloud Service Provider (CSP) and work directly with Microsoft. We are also a Silver partner and specialists in the asset management industry. All of this allows us to provide a range of flexible solutions tailored to the world of fund management. 

A good time to reach out to us is when your fund is about to be registered (SEC, FCA, etc). We know the industry requirements and can provide guidance on best practices and compliance. We also have the ability to work earlier with startups to ensure that they have all the tools in place from day one and can scale as they grow. 

Generally, we advise to take the following steps when setting up cloud services: 

  • Create a native Office 365 account through Microsoft directly, or use one of the Hentsū starter packages. We create client accounts directly with Microsoft so you hold the keys to the Azure AD tenant.  Your data is always your data so you can migrate to another provider at any time.  
  • Validate that you hold ownership over your Office 365 account and email domain. 
  • Purchase license subscriptions and set up users and groups.
  • Don’t go for 12 month commitments until you are sure of which services you actually need. We offer all of our clients the same 12 month discounts but on a monthly rolling basis. 
  • Set up data loss prevention and data retention policies and be aware of two factor authentication and mobile device security. We enable all these features by default as you on-board to our setup.

So be sure to carefully consider all the possibilities before signing on with Office 365 re-sellers or bundled solutions, as there are a range of options for your Office 365 needsIf you are unsure of where to go next for your Office 365 solutions, reach out today to learn how we can best support you. 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.17.6"][et_pb_column type="4_4"][et_pb_cta title="Talk to us about your Office 365 needs" button_url="https://hentsuprod.wpengine.com/contact" button_text="Contact Us Today" _builder_version="3.17.6"]

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section]

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY