Public cloud utilization continues to increase, but many organizations need guidance on how to optimize the security and performance of their environment. A financial firm located in New York City contacted Vandis to see if we could provide immediate assistance for cloud issues they were facing. The organization was in need of a systems integrator that could help them with the following:
Under a tight timeline, the client was one week away from going to production on their new trading platform and our engineering team had to get their environment up and functioning quickly to support this initiative.
Vandis’ cloud engineering team was able to immediately identify and propose a multi-phase approach to their complex networking issues. The first step was alleviating the primary problem that was impacting their business: connectivity and dropped packets between their premise and AWS environment. Within 1 business day of coming on-site to whiteboard and perform a cloud security assessment the Vandis team proposed a plan to meet the client’s launch deadline for their new cloud trading platform. Over the course of 3 cutovers, Vandis replaced the legacy routing with a highly available routing topology that gave the client a redundant, low latency environment to successfully run their production trading platform on AWS.
Vandis’ Multi-Phase Plan:
Step 1: Get the business-critical application launched within their contractual deadlines and ensure they had reliable and consistent functionality.
Step 2: Removed Legacy VPN tunnels from the TGW to firewalls in the client environment that did not support dynamic routing. This was done to remove asymmetric routing and provide security and visibility to traffic sourcing from and egressing to the branch sites. This was accomplished by moving the IPsec tunnels to the FortiGate appliance in the Transit Gateway DMZ and having the FortiGate participate in BGP with the TGW providing both route table and security granularity.
Step 3: Vandis installed a collector for their Fortinet SIEM-as-a-Service platform to monitor the resource usage of the Fortinet firewalls as well as to ensure the connection SLAs were met for all their production platforms via synthetic transaction.
Step 4: Vandis deployed Checkpoint Dome9 to snapshot the client’s cloud environments to make on-going recommendations for their security and governance posture.
With the completion of this project, the client now has an AWS environment that is tailored for their business needs. Their rearchitected cloud environment now provides the security, visibility, and performance the financial industry requires from their data centers and cloud providers. The client’s application data flow is now more efficient which is a necessity for high volume trading companies. In addition, the implementation of their Fortinet FortiGate firewalls has increased the overall security of their environment. As our relationship as a trusted advisor evolves, the client has recently asked Vandis to assist on some additional projects that involve F5 Networks ASM, Kubernetes, and expanding their design to support international low latency trading.