Axiom IO leads the cloud transformation of K&S, a global financial services giant

Client Background

Founded as a Discount House in 1866, King & Shaxson has evolved into a financial services company incorporating an investment firm, trading venue, asset management, advice and training, and the safe custody of client assets. King & Shaxson serves customers worldwide.

The Challenge

The customer requirement was to publish their trading application, which is accessed securely by users across various device, from anywhere and at any time. In addition to this, global access to this application was a necessity while taking into consideration, security, maintenance, monitoring, regular backup & recovery policy and high availability of the servers and VPNs.

The Solution

We have started the engagement with an assessment phase to understand the Infrastructure and Application landscape. After the assessment, we have recommended using Citrix to publish the trading application, while restricting application access from particular IP addresses. AWS cloud was used for deployment to take advantage of the AWS services for high availability, scalability and enhanced performance. We have deployed primary Citrix servers in one zone and secondary Citrix servers in an alternate zone.

The Implementation

  • Building the infrastructure as per the best practices on AWS.
  • Building Citrix servers in two AWS zones for high availability.
  • Configured services in AWS for Environment Security, Monitoring, Maintenance, and High availability.
  • Run a final failover and shut down the source VMs (old VMs)

Technologies Used

CITRIX MCS

  • Citrix MCS is used to deploy AppServers

VPN

  • AWS Site-to-Site VPN
  • Border Gateway Protocol (BGP)
  • Custom VPN strongSwan
  • OpenVPN

AWS

  • AWS Systems Manager
  • AWS Backup
  • Automated scheduled On-premises backup to Amazon S3
  • AWS Lambda for instance stop/start
  • AWS CloudTrail and VPC Flow Logs for logs
  • AWS Config to capture resource compliance timeline
  • AWS CloudWatch to monitor logs and notifications

Security Components

AWS

  • Alerts were configured to trigger any changes in the environment
  • Simple notification service is implemented to push alerts, regularly

AWS Security Hardening

  • Security hardening (CIS Benchmark) is implemented in the environment

The Result

  • The clients are extremely delighted with the performance and an ability to upgrade/update the trading application at any time by simply updating Master Image which automatically replicates all Application Servers.
  • Users can access AWS resources from anywhere
  • A foolproof backup solution for client’s on-premises servers
  • As the Customer is particular on VPN parameters and with a workaround the requirement was fulfilled
  • As the Customer is particular on VPN parameters and with strongSwan it was fulfilled