Provisioning Infrastructure as Code Through Microsoft Backed Terraform
Quick and reliable public cloud deployments using Terraform
Enables users to describe public cloud environments in code
OK, the secret is out (our CTO Alex gave a talk about it, you can watch it below). One of the reasons Hentsū can deploy environments so quickly and reliably is because of the tools we’ve selected. We’ve been using HashiCorp Terraform to describe, deploy and maintain public cloud environments since the company was founded. So we were glad to see Microsoft recently announced a multi-year partnership with HashiCorp to enhance the Terraform Provider for Azure. This is great news for Terraform users, like Hentsū, who have already benefited from using the Infrastructure as Code method of provisioning.
What Exactly is Terraform?
Terraform enables us to describe public cloud environments in code (HashiCorp Language). Terraform can then compare a public cloud account to the code and create a plan of changes to bring the environment up to date. If the plan is acceptable it can then be applied by Terraform to create, update or delete infrastructure resources such as networks, routing tables, firewall rules and virtual machines. It does this rapidly with as much parallelisation as possible leading to a slick, reliable and iterative way of deploying and maintaining public cloud environments. Deploying additional environments (test, staging, production) becomes a copy & paste exercise, or we create reusable modules. Using a code versioning system, like Git, we can version control a public cloud environment and even rollback to a previous version if, for example, a firewall rule change didn’t have the desired result. Changes can be codified on a separate code branch, and a pull request and approval required to promote changes to the master branch. This makes for a robust change management workflow for business-critical production environments. The code commit history provides an audit trail of who changed what, and the commit notes describe why. Terraform requires administrative credentials to make changes to public cloud environments. Storing these securely is a challenge so we prefer to generate short lived credentials that are usable for maximum 1 hour. Also, as part of a release pipeline, a scheduler like Teamcity or Jenkins can apply approved changes on behalf of IT and development teams.
Hentsū and Terraform
Microsoft backing HashiCorp only confirms that using Terraform to provision resources on cloud platforms is becoming the standard way of deploying infrastructure. Hentsū has first-hand experience using the software to deploy infrastructure successfully for its clients.
How Hentsū can Help
Want to discuss using Terraform software to deploy onto the cloud? Contact us at: firstname.lastname@example.org
It appears the UK regulator might want to rewrite those famous Stones lyrics. It has truly been refreshing to see the Financial Conduct Authority (FCA) adopt such a progressive attitude towards cloud services. Regulatory guidance or consultations typically precipitate a collective sigh from the market. But the FCA’s guidance consultation 15/6 issued last November was instead met with universal approval. Many even claimed it would pave the way for financial services companies to take advantage of cloud computing services. Cloud architectures and delivery models have naturally long been championed by IT professionals. But, with the FCA clarifying that it doesn’t object to the use of a public cloud per se, the floodgates truly have been opened. Of course the guidance comes with a caveat. The regulator insists firms must continue to comply with regulations such as Systems and Controls (SYSC). But, caveats aside, this is pretty progressive. It is also helpful in cementing the regulator’s position as a supporter of innovation. Our industry has often been hamstrung by decades of technical debt and a desire to maintain the status quo. Surely having a regulator take an active stance in promoting and fostering innovation is to be applauded? This follows in the older news of other financial regulators embracing, publicly approving or even themselves using the public cloud, for example Singapore and FINRA. The European Union Agency For Network And Information Security (ENISA) had a good summary in their recent report, covering also the Dutch and Swiss regulators.
FCA Cloud Guidance - the Risks and Considerations
That said, adopting cloud services is not without risk. It is therefore absolutely right that the published guidance documents a detailed list of factors firms should take into account before doing so. It is imperative that any solution is implemented correctly. The guidance offers a comprehensive, but by no means a prescriptive list of all those factors that need to be considered. These include: legal and regulatory, risk management, international standards, provider oversight, access to data and business premises, outsourcing supply chains, change management processes, business continuity and resolution plans, and finally vendor risk. Encouragingly the FCA offers constructive guidance within each of those categories. For example, given that some cloud service providers keep the location of their data centres a guarded secret (for security reasons), the FCA acknowledges that “service providers may, for legitimate security reasons, limit access to some sites – such as data centres.” Even so, not having physical access to a data centre, does not prohibit firms from complying with audit obligations to provide access to certain data sets. We believe the FCA is showing both a pragmatic and progressive approach towards cloud adoption and is in our opinion a new chapter for financial technology. And it is already materialising on the ground with a wave of recent or imminent announcements of big adoptions of public cloud computing from some established names across the spectrum of financial services. To understand more about our managed cloud services visit //hentsuprod.wpengine.com/why-hentsu/ As fans of the Rolling Stones, we just had to include an obligatory picture:
Hentsū, the specialist hedge fund managed services provider, is proud to announce the upgrade of our AWS consulting partner status to APN Standard Consulting Partner. As an AWS Consulting Partner with our financial services pedigree we are ideally placed to help hedge funds of all sizes design, architect, build, migrate and manage their workloads and applications on AWS.
Hentsū and AWS Consulting
Hentsū was "born in the cloud", and since our inception we have worked closely with AWS to deliver specialist hedge fund solutions, which leverage the full benefits of AWS. We hold official AWS certifications and Hentsū consultants have been working with AWS since 2010. We have the necessary skills and technical knowledge to design, deploy and manage complex solutions on the AWS platform. We combine this deep technical expertise with decades of trading and asset management experience, to bring unique value to the projects we deliver. This partner tier upgrade is recognition of the built-in Hentsū AWS skills and capabilities. Find out more about from the Amazon Partner Network site.
Hentsū Cloud Services
Hentsū can help you leverage cloud platforms to drive innovation and business agility. The focus is not just about reducing your costs, but also about increasing system performance and scalability. Migrating complex trading systems to the cloud requires careful analysis and planning, the right architecture and a detailed migration process. For early migrations we work through proof of concepts to identify risks, effective approaches and build team skills and confidence. We use proven methodologies such as the AWS Cloud Adoption Framework, with additional workflows and approaches specific to financial services.
Hentsū Cloud Solutions
Hentsū delivers cloud solutions which are fully compliant with FCA, SEC & CFTC rules and regulations. We embed by default the security, disaster recovery (DR) and business continuity (BCP) expected in critical fund management environments. Our tooling and experience is cloud agnostic across AWS, Azure and Google, to help deliver the best solutions for our customers.