 |
|
|
|
|
|
Architecture, Implementation and Support
Executive Summary
AIS Group
Problem
Design Parameters
Architectural Concerns
Legacy Technology:
Architectural Design
1. Network concepts
2. Terminal Servers Configuration
2. Database Configuration
3. Domain Architecture
4. Email Communication Architecture
5. Incoming and Outgoing Data Flow
6. Change Management
7. DE Primary and Backup Datacenter Data Replication
8. Other Operational Needs
9. Future Implementations and Improvements
Responsibility Model
Executive Summary
Digital Edge designed and implemented an information technology infrastructure for the financial service company AIS Group. The design and implementation addressed multiple business challenges and provided AIS Group with both a reliable and scalable comprehensive information technology system, as well as services fulfilling business demand which provided a foundation for future growth. Digital Edge designed and implemented the described solution. Digital Edge assisted AIS group with documentation and training facilitated the hiring and training of an appropriate system engineer to take the knowledge of the system in-house and transferred user support responsibility in-house keeping server and back office support responsibilities. See responsibility model table.
AIS Group
AIS Group provides an outsourced solution for fund administration of hedge funds. A service-based business, AIS targets their daily operational and reporting needs.
Problem
To design and implement technology architecture that would allow uninterruptible reliable services to AIS clients. The business flow of AIS could be described by following diagram:
Design Parameters
Architectural Concerns
1. Security
a. Reliable secured remote access from 3 offices
b. Manage multiple outgoing and incoming protocols
c. Physical security
d. Intrusion detection
2. Stability
a. 24/7 support team availability for all underlined technology
b. Locked down user environment.
c. Administration measures to restrict users from potentially dangerous operations.
d. Terminal server administration.
3. Processing capacity and reliability
a. To be able to sustain targeted amount of Oracle transactions
b. To be able to scale Oracle processing and data capacity
c. To be able to sustain targeted amount of terminal server users and VB clients
d. To be able to sustain targeted level of incoming information from multiple data sources
e. To be able to sustain targeted level of outgoing information to multiple clients and data consumers
4. Recoverability
a. Full recoverability within single environment in the case of any technology failures within 30 min.
b. 30 minutes data lose target.
c. Full recoverability in the case of global regional disaster
d. Up to 30 minutes data loss in the case of global regional disaster
e. Single component recoverability
5. Regulatory compliance
a. Security
b. Electronic communications
c. Incoming and outgoing data
d. Internal data
e. Change management
Legacy technology:
1. Oracle
2. Shadow Financial
3. SendMail
4. Proprietary Visual Basic modules managed by in-house development team
5. CVS source control.
Architectural Design
1. Network concepts
a. Backend servers reside at Digital Edge Primary and Backup interconnected facility. Secured tunnel between DE Primary and DE Backup data center is established and available for all clients needs.
b. Point-to-point connectivity between primary AIS office and Digital Edge primary facility. Ability to fail over to the internet secure tunnel in the case of point-to-point link failure.
c. Meshed VPN architecture between satellite offices and DE Primary and DE Backup data center to insure higher availability and avoid single point of failure.
d. Network High Availability concepts
2. Terminal Servers configuration
a. Multiple terminal server with elements of virtualization
b. Domain managed login rights
c. Centralized data storage from all Terminal Servers to NAS
d. Change management enforcement with 3 environments allowing graduate change propagation
3. Database Configuration;
a. Linux/Oracle deployment;
b. Oracle DataGuard for local database recoverability
c. 3 Oracle database servers working as 3 levels of recoverability. ORA1 pushes changes to ORA2. In the case of ORA1 failure, ORA2 comes up as a primary database pushing changes to ORA3. ORA3 is configured to push data to ORA1 in the case of ORA2 failure. Such architecture forms loop of change propagation providing maximum recoverability within targeted parameters. Also, such architecture minimizes hardware cost as targeted parameters allow not using hardware clusters or grid computing.
d. Besides DataGuard, nightly backups of production data on NAS environment
e. 3 database environments to address change management processbr>
f. Nightly backup of non-production databases to NAS
4. Domain architecture
a. Microsoft Active Directory for user authentication in terminal servers environment
b. Active directory in the main office and satellite offices providing higher availability and single login authentication for all AIS employees
c. Database servers are not part of domain authentication and users have no access to Oracle. There is only one way of accessing Oracle databases from terminal servers is by using standard Oracle protocol and authentication
5. Email Communication Architecture
a. MS Exchange / MS Outlook implementation allowing AIS employees better intercommunication and using sales workflow system
b. Up-front Linux based SMTP server
c. Archiving solution for SOX compliance
d. Daily backups to NAS
e. Standby Exchange server
6. Incoming and outgoing data flow
a. FTP/PGP combination for outgoing and incoming data
b. Custom scripts for PGP data encryption, push and pull
c. Custom Report delivery mechanisms
7. Change management
a. Microsoft VSS for source control
b. 3 environments for change propagation
c. System of commands and scripts for change propagation
d. Shadow Financial deployment processes
e. Single change management officer
8. DE Primary and Backup datacenter data replication
a. Mirrored environment
b. NAS data mirroring
c. Oracle archive log shipping and application
d. Domain security replication
9. Other operational needs
a. DE Oracle DBA services
b. DE Network Administration services
c. DE System Administration services
d. DE Monitoring cluster
e. DE Vendor coordination services
f. DE Hardware maintenance service
10. Future implementations and improvements.
a. Switching from NAS to SAN to consolidate data services and provide hardware bases for Clustering or Grid Computing
b. HDD cached tape backups to provide faster backup recovery
c. Easy conversion to Oracle Grid to provide on demand scaling and recoverability
Responsibility model
|
Type of Service
|
Responsible party
|
|
Desktops
|
AIS IT
|
|
Employee Email
|
AIS IT
|
|
Domain Security
|
AIS IT / Digital Edge
|
|
Shadow Client Deployments
|
AIS IT
|
|
Shadow Change Management
|
AIS IT
|
|
Custom Script Management
|
AIS IT
|
|
Defining specs for future implementation
|
AIS Business
|
|
Oracle DBA
|
Digital Edge
|
|
Terminal Servers maintenance
|
Digital Edge
|
|
Network Administration
|
Digital Edge
|
|
Firewall/WAN/Network security and high availability
|
Digital Edge
|
|
Site replications and synchronization
|
Digital Edge
|
|
Backup and Recovery
|
Digital Edge
|
|
Change management configuration
|
Digital Edge
|
|
Documentation
|
AIS IT / Digital Edge
|
|
|
|
|
|
|
|
|
|
|
