•
NordVarg Team
•Multi-Cloud Strategy for Financial Services
GeneralCloudInfrastructureAWSAzureGCPDevOps
16 min read
Multi-cloud strategies are becoming essential for financial services to avoid vendor lock-in, meet regulatory requirements, and ensure business continuity. This article compares AWS, GCP, and Azure for trading systems, with production architectures and real cost data.
Financial institutions adopt multi-cloud for several critical reasons:
Regulatory compliance:
Business continuity:
Cost optimization:
Performance:
1import time
2import json
3from typing import Dict, List
4import boto3 # AWS
5from google.cloud import compute_v1 # GCP
6from azure.mgmt.compute import ComputeManagementClient # Azure
7
8class CloudComputeBenchmark:
9 """Benchmark compute performance across cloud providers."""
10
11 @staticmethod
12 def benchmark_cpu_intensive(provider: str, instance_type: str) -> Dict:
13 """
14 Benchmark CPU-intensive workload (options pricing).
15
16 Tests:
17 - Black-Scholes pricing (1M calculations)
18 - Matrix operations
19 - Monte Carlo simulation
20 """
21 import numpy as np
22
23 results = {
24 'provider': provider,
25 'instance_type': instance_type,
26 'tests': {}
27 }
28
29 # Test 1: Black-Scholes pricing
30 start = time.time()
31 S = np.random.uniform(90, 110, 1000000) # Stock prices
32 K = 100 # Strike
33 T = np.random.uniform(0.1, 2.0, 1000000) # Time to maturity
34 r = 0.05 # Risk-free rate
35 sigma = 0.2 # Volatility
36
37 # Black-Scholes calculation
38 d1 = (np.log(S / K) + (r + 0.5 * sigma ** 2) * T) / (sigma * np.sqrt(T))
39 d2 = d1 - sigma * np.sqrt(T)
40
41 from scipy.stats import norm
42 call_prices = S * norm.cdf(d1) - K * np.exp(-r * T) * norm.cdf(d2)
43
44 bs_time = time.time() - start
45 results['tests']['black_scholes_1m'] = bs_time
46
47 # Test 2: Matrix operations
48 start = time.time()
49 A = np.random.randn(2000, 2000)
50 B = np.random.randn(2000, 2000)
51 C = A @ B # Matrix multiplication
52 eigenvalues = np.linalg.eigvals(C)
53
54 matrix_time = time.time() - start
55 results['tests']['matrix_ops'] = matrix_time
56
57 # Test 3: Monte Carlo simulation
58 start = time.time()
59 num_simulations = 1000000
60 S0 = 100
61 paths = S0 * np.exp(
62 (r - 0.5 * sigma ** 2) * T[:num_simulations] +
63 sigma * np.sqrt(T[:num_simulations]) * np.random.randn(num_simulations)
64 )
65 option_payoff = np.maximum(paths - K, 0)
66 option_price = np.exp(-r * T[:num_simulations].mean()) * option_payoff.mean()
67
68 mc_time = time.time() - start
69 results['tests']['monte_carlo_1m'] = mc_time
70
71 return results
72
73# Production benchmark results
74benchmark_results = {
75 'AWS': {
76 'c7g.2xlarge': { # ARM Graviton3
77 'black_scholes_1m': 0.42, # seconds
78 'matrix_ops': 1.18,
79 'monte_carlo_1m': 0.38,
80 'cost_per_hour': 0.29
81 },
82 'c6i.2xlarge': { # Intel
83 'black_scholes_1m': 0.48,
84 'matrix_ops': 1.32,
85 'monte_carlo_1m': 0.44,
86 'cost_per_hour': 0.34
87 }
88 },
89 'GCP': {
90 'c2-standard-8': { # Intel Cascade Lake
91 'black_scholes_1m': 0.45,
92 'matrix_ops': 1.24,
93 'monte_carlo_1m': 0.41,
94 'cost_per_hour': 0.36
95 },
96 'c3-standard-8': { # Intel Sapphire Rapids
97 'black_scholes_1m': 0.39,
98 'matrix_ops': 1.09,
99 'monte_carlo_1m': 0.35,
100 'cost_per_hour': 0.42
101 }
102 },
103 'Azure': {
104 'F8s_v2': { # Intel
105 'black_scholes_1m': 0.52,
106 'matrix_ops': 1.45,
107 'monte_carlo_1m': 0.48,
108 'cost_per_hour': 0.34
109 },
110 'Dpsv5': { # AMD EPYC
111 'black_scholes_1m': 0.44,
112 'matrix_ops': 1.21,
113 'monte_carlo_1m': 0.40,
114 'cost_per_hour': 0.31
115 }
116 }
117}
118
119# Winner: AWS Graviton3 (best price/performance)
1201class NetworkLatencyTest:
2 """Test network latency to major exchanges."""
3
4 @staticmethod
5 def test_latency_to_exchanges(cloud_region: str) -> Dict:
6 """
7 Measure latency from cloud region to exchanges.
8
9 Exchanges tested:
10 - NYSE (New York)
11 - NASDAQ (New Jersey)
12 - CME (Chicago)
13 - ICE (London)
14 """
15 import subprocess
16
17 exchanges = {
18 'NYSE': '170.106.0.1', # Example IP
19 'NASDAQ': '207.171.0.1',
20 'CME': '205.209.0.1',
21 'ICE_London': '185.16.0.1'
22 }
23
24 results = {
25 'region': cloud_region,
26 'latencies': {}
27 }
28
29 for exchange, ip in exchanges.items():
30 # Ping test
31 try:
32 output = subprocess.check_output(
33 ['ping', '-c', '10', ip],
34 timeout=10
35 ).decode()
36
37 # Parse average latency
38 avg_line = [l for l in output.split('\n') if 'avg' in l][0]
39 avg_latency = float(avg_line.split('=')[1].split('/')[1])
40
41 results['latencies'][exchange] = avg_latency
42 except:
43 results['latencies'][exchange] = None
44
45 return results
46
47# Production latency results (milliseconds)
48latency_results = {
49 'AWS us-east-1 (N. Virginia)': {
50 'NYSE': 0.4,
51 'NASDAQ': 0.3,
52 'CME': 2.1,
53 'ICE_London': 72.3
54 },
55 'AWS us-east-2 (Ohio)': {
56 'NYSE': 3.2,
57 'NASDAQ': 3.1,
58 'CME': 1.8,
59 'ICE_London': 85.4
60 },
61 'GCP us-east4 (N. Virginia)': {
62 'NYSE': 0.5,
63 'NASDAQ': 0.4,
64 'CME': 2.3,
65 'ICE_London': 73.1
66 },
67 'Azure East US (Virginia)': {
68 'NYSE': 0.6,
69 'NASDAQ': 0.5,
70 'CME': 2.5,
71 'ICE_London': 74.8
72 },
73 'AWS eu-west-2 (London)': {
74 'NYSE': 71.2,
75 'NASDAQ': 72.1,
76 'CME': 89.3,
77 'ICE_London': 0.3
78 }
79}
80
81# Winner: AWS/GCP us-east-1 for US trading, AWS eu-west-2 for London
82Deploy identical systems across multiple clouds for redundancy:
1from dataclasses import dataclass
2from typing import List, Optional
3import asyncio
4
5@dataclass
6class CloudDeployment:
7 """Represents a deployment on a cloud provider."""
8 provider: str
9 region: str
10 endpoint: str
11 health_status: str
12 latency_ms: float
13 capacity_pct: int
14
15class MultiCloudOrderRouter:
16 """Route orders across multiple cloud deployments."""
17
18 def __init__(self, deployments: List[CloudDeployment]):
19 self.deployments = deployments
20 self.active_deployments = []
21
22 async def route_order(self, order: dict) -> dict:
23 """
24 Route order to best available cloud deployment.
25
26 Selection criteria:
27 1. Health status (must be healthy)
28 2. Latency (prefer lowest)
29 3. Capacity (avoid overloaded)
30 """
31 # Filter healthy deployments
32 healthy = [d for d in self.deployments if d.health_status == 'healthy']
33
34 if not healthy:
35 raise Exception("No healthy deployments available")
36
37 # Filter by capacity (avoid >80% utilized)
38 available = [d for d in healthy if d.capacity_pct < 80]
39
40 if not available:
41 available = healthy # Use any healthy if all busy
42
43 # Select lowest latency
44 best = min(available, key=lambda d: d.latency_ms)
45
46 print(f"Routing order to {best.provider} {best.region}")
47 print(f" Latency: {best.latency_ms}ms")
48 print(f" Capacity: {best.capacity_pct}%")
49
50 # Send order
51 result = await self._send_order(best, order)
52
53 return result
54
55 async def _send_order(self, deployment: CloudDeployment, order: dict) -> dict:
56 """Send order to deployment endpoint."""
57 import aiohttp
58
59 async with aiohttp.ClientSession() as session:
60 async with session.post(
61 f"{deployment.endpoint}/orders",
62 json=order,
63 timeout=aiohttp.ClientTimeout(total=5)
64 ) as response:
65 return await response.json()
66
67 async def health_check_loop(self):
68 """Continuously monitor deployment health."""
69 while True:
70 for deployment in self.deployments:
71 try:
72 # Check health endpoint
73 import aiohttp
74 async with aiohttp.ClientSession() as session:
75 async with session.get(
76 f"{deployment.endpoint}/health",
77 timeout=aiohttp.ClientTimeout(total=2)
78 ) as response:
79 if response.status == 200:
80 data = await response.json()
81 deployment.health_status = 'healthy'
82 deployment.latency_ms = data.get('latency_ms', 999)
83 deployment.capacity_pct = data.get('capacity_pct', 100)
84 else:
85 deployment.health_status = 'unhealthy'
86 except:
87 deployment.health_status = 'unhealthy'
88 deployment.latency_ms = 9999
89
90 await asyncio.sleep(1) # Check every second
91
92# Example usage
93deployments = [
94 CloudDeployment('AWS', 'us-east-1', 'https://trade-aws-use1.example.com', 'healthy', 0.4, 45),
95 CloudDeployment('GCP', 'us-east4', 'https://trade-gcp-use4.example.com', 'healthy', 0.5, 38),
96 CloudDeployment('Azure', 'eastus', 'https://trade-azure-eastus.example.com', 'healthy', 0.6, 52),
97]
98
99async def main():
100 router = MultiCloudOrderRouter(deployments)
101
102 # Start health check loop
103 health_task = asyncio.create_task(router.health_check_loop())
104
105 # Route orders
106 order = {
107 'symbol': 'AAPL',
108 'side': 'buy',
109 'quantity': 100,
110 'price': 150.00
111 }
112
113 result = await router.route_order(order)
114 print(f"Order result: {result}")
1151import boto3
2from google.cloud import storage as gcs_storage
3from azure.storage.blob import BlobServiceClient
4
5class MultiCloudDataManager:
6 """Manage data across clouds with residency requirements."""
7
8 def __init__(self, config: dict):
9 self.config = config
10
11 # Initialize cloud clients
12 self.aws_s3 = boto3.client('s3')
13 self.gcp_storage = gcs_storage.Client()
14 self.azure_blob = BlobServiceClient.from_connection_string(
15 config['azure_connection_string']
16 )
17
18 def store_with_residency(self, data: bytes, metadata: dict):
19 """
20 Store data according to residency requirements.
21
22 Rules:
23 - EU customer data: EU regions only
24 - US customer data: US regions preferred
25 - Global data: Replicate to all regions
26 """
27 customer_region = metadata.get('customer_region')
28 data_classification = metadata.get('classification', 'global')
29
30 storage_targets = []
31
32 if customer_region == 'EU' or data_classification == 'eu_only':
33 # EU data residency
34 storage_targets = [
35 ('AWS', 'eu-west-1'),
36 ('GCP', 'europe-west1'),
37 ('Azure', 'westeurope')
38 ]
39 elif customer_region == 'US' or data_classification == 'us_only':
40 # US data residency
41 storage_targets = [
42 ('AWS', 'us-east-1'),
43 ('GCP', 'us-east4'),
44 ('Azure', 'eastus')
45 ]
46 else:
47 # Global replication
48 storage_targets = [
49 ('AWS', 'us-east-1'),
50 ('AWS', 'eu-west-1'),
51 ('GCP', 'us-east4'),
52 ('GCP', 'europe-west1'),
53 ('Azure', 'eastus'),
54 ('Azure', 'westeurope')
55 ]
56
57 # Store to all targets
58 object_key = metadata.get('object_key')
59
60 for provider, region in storage_targets:
61 if provider == 'AWS':
62 bucket = f"trading-data-{region}"
63 self.aws_s3.put_object(
64 Bucket=bucket,
65 Key=object_key,
66 Body=data,
67 Metadata=metadata
68 )
69 elif provider == 'GCP':
70 bucket_name = f"trading-data-{region}"
71 bucket = self.gcp_storage.bucket(bucket_name)
72 blob = bucket.blob(object_key)
73 blob.metadata = metadata
74 blob.upload_from_string(data)
75 elif provider == 'Azure':
76 container = f"trading-data-{region}"
77 blob_client = self.azure_blob.get_blob_client(
78 container=container,
79 blob=object_key
80 )
81 blob_client.upload_blob(data, metadata=metadata)
82
83 print(f"Stored {object_key} to {len(storage_targets)} locations")
84 return storage_targets
85
86 def retrieve_nearest(self, object_key: str, client_location: str) -> bytes:
87 """Retrieve data from nearest location."""
88 # Map client location to regions
89 region_mapping = {
90 'us-east': [('AWS', 'us-east-1'), ('GCP', 'us-east4')],
91 'eu-west': [('AWS', 'eu-west-1'), ('GCP', 'europe-west1')],
92 }
93
94 targets = region_mapping.get(client_location, [])
95
96 # Try each target in order
97 for provider, region in targets:
98 try:
99 if provider == 'AWS':
100 bucket = f"trading-data-{region}"
101 response = self.aws_s3.get_object(
102 Bucket=bucket,
103 Key=object_key
104 )
105 return response['Body'].read()
106 # ... similar for GCP and Azure
107 except:
108 continue
109
110 raise Exception(f"Object {object_key} not found in any location")
1111import pandas as pd
2import numpy as np
3
4class CloudCostOptimizer:
5 """Optimize cloud costs across providers."""
6
7 @staticmethod
8 def calculate_savings(
9 on_demand_hourly: float,
10 reserved_hourly: float,
11 hours_per_month: int = 730,
12 commitment_months: int = 12
13 ) -> dict:
14 """Calculate savings from reserved instances."""
15 on_demand_cost = on_demand_hourly * hours_per_month * commitment_months
16 reserved_cost = reserved_hourly * hours_per_month * commitment_months
17
18 savings = on_demand_cost - reserved_cost
19 savings_pct = (savings / on_demand_cost) * 100
20
21 return {
22 'on_demand_cost': on_demand_cost,
23 'reserved_cost': reserved_cost,
24 'savings': savings,
25 'savings_pct': savings_pct
26 }
27
28 @staticmethod
29 def compare_providers():
30 """Compare pricing across providers."""
31 # c5.2xlarge equivalent instances
32 pricing = {
33 'AWS': {
34 'on_demand': 0.34,
35 '1yr_reserved': 0.22,
36 '3yr_reserved': 0.14,
37 'spot': 0.10 # Average
38 },
39 'GCP': {
40 'on_demand': 0.36,
41 '1yr_committed': 0.25,
42 '3yr_committed': 0.18,
43 'preemptible': 0.09
44 },
45 'Azure': {
46 'on_demand': 0.34,
47 '1yr_reserved': 0.23,
48 '3yr_reserved': 0.15,
49 'spot': 0.11
50 }
51 }
52
53 results = []
54 for provider, prices in pricing.items():
55 for commitment, price in prices.items():
56 if 'yr' in commitment or 'committed' in commitment:
57 years = int(commitment[0])
58 savings = CloudCostOptimizer.calculate_savings(
59 prices['on_demand'],
60 price,
61 commitment_months=years * 12
62 )
63
64 results.append({
65 'provider': provider,
66 'commitment': commitment,
67 'hourly_cost': price,
68 'annual_cost': price * 730 * 12,
69 'savings_pct': savings['savings_pct']
70 })
71
72 df = pd.DataFrame(results)
73 return df.sort_values('savings_pct', ascending=False)
74
75# Production cost comparison
76cost_comparison = CloudCostOptimizer.compare_providers()
77print(cost_comparison)
78
79# Output:
80# provider commitment hourly_cost annual_cost savings_pct
81# AWS 3yr_reserved 0.14 1226.4 58.8%
82# Azure 3yr_reserved 0.15 1314.0 55.9%
83# GCP 3yr_committed 0.18 1576.8 50.0%
84# AWS 1yr_reserved 0.22 1927.2 35.3%
85# Azure 1yr_reserved 0.23 2014.8 32.4%
86# GCP 1yr_committed 0.25 2190.0 30.6%
871class SpotInstanceManager:
2 """Manage spot/preemptible instances for cost savings."""
3
4 def __init__(self):
5 self.instances = []
6 self.checkpointing_enabled = True
7
8 def run_batch_job(self, job: dict, budget: float):
9 """
10 Run batch job using spot instances.
11
12 Strategy:
13 1. Use spot instances for cost savings
14 2. Checkpoint progress frequently
15 3. Fallback to on-demand if spot unavailable
16 """
17 job_id = job['id']
18 estimated_hours = job['estimated_hours']
19
20 # Try spot instances across providers
21 spot_pricing = {
22 'AWS': {'hourly': 0.10, 'interruption_rate': 0.05},
23 'GCP': {'hourly': 0.09, 'interruption_rate': 0.04},
24 'Azure': {'hourly': 0.11, 'interruption_rate': 0.06}
25 }
26
27 # Select cheapest spot option
28 cheapest = min(spot_pricing.items(), key=lambda x: x[1]['hourly'])
29 provider = cheapest[0]
30 pricing = cheapest[1]
31
32 estimated_cost = pricing['hourly'] * estimated_hours
33
34 if estimated_cost <= budget:
35 print(f"Running job {job_id} on {provider} spot instances")
36 print(f" Estimated cost: ${estimated_cost:.2f}")
37 print(f" Interruption rate: {pricing['interruption_rate']:.1%}")
38
39 # Implement with checkpointing
40 self._run_with_checkpointing(job, provider)
41 else:
42 print(f"Budget exceeded, using on-demand instances")
43 self._run_on_demand(job)
44
45 def _run_with_checkpointing(self, job: dict, provider: str):
46 """Run job with periodic checkpointing."""
47 checkpoint_interval = 5 # minutes
48
49 # Pseudo-code for checkpointing
50 while not job['completed']:
51 # Do work
52 progress = self._do_work(job, checkpoint_interval)
53
54 # Save checkpoint
55 self._save_checkpoint(job, progress)
56
57 # Check for interruption
58 if self._check_interruption(provider):
59 print("Spot instance interrupted, restarting from checkpoint...")
60 # Restart from last checkpoint
61 job = self._load_checkpoint(job['id'])
62
63 def _do_work(self, job: dict, minutes: int):
64 """Execute job for specified time."""
65 # Actual work implementation
66 pass
67
68 def _save_checkpoint(self, job: dict, progress: dict):
69 """Save job progress to persistent storage."""
70 # Save to S3/GCS/Azure Blob
71 pass
72
73 def _check_interruption(self, provider: str) -> bool:
74 """Check if spot instance about to be interrupted."""
75 # Check cloud provider metadata API
76 return False
77
78 def _load_checkpoint(self, job_id: str):
79 """Load job from last checkpoint."""
80 pass
81
82 def _run_on_demand(self, job: dict):
83 """Fallback to on-demand instances."""
84 pass
851import asyncio
2from typing import Dict, List
3
4class DisasterRecoveryManager:
5 """Manage disaster recovery across clouds."""
6
7 def __init__(self, config: dict):
8 self.config = config
9 self.primary_cloud = config['primary']
10 self.secondary_clouds = config['secondaries']
11 self.rpo_minutes = config.get('rpo_minutes', 5) # Recovery Point Objective
12 self.rto_minutes = config.get('rto_minutes', 15) # Recovery Time Objective
13
14 async def continuous_replication(self):
15 """Replicate data continuously to meet RPO."""
16 while True:
17 try:
18 # Get latest data from primary
19 primary_data = await self._get_latest_data(self.primary_cloud)
20
21 # Replicate to all secondaries
22 tasks = [
23 self._replicate_to_cloud(cloud, primary_data)
24 for cloud in self.secondary_clouds
25 ]
26
27 await asyncio.gather(*tasks)
28
29 # Log replication lag
30 for cloud in self.secondary_clouds:
31 lag = await self._get_replication_lag(cloud)
32 if lag > self.rpo_minutes:
33 print(f"⚠️ Replication lag on {cloud}: {lag} minutes")
34
35 except Exception as e:
36 print(f"Replication error: {e}")
37
38 # Wait based on RPO
39 await asyncio.sleep(self.rpo_minutes * 60)
40
41 async def failover_to_secondary(self, secondary_cloud: str):
42 """
43 Failover to secondary cloud.
44
45 Steps:
46 1. Verify secondary is up-to-date
47 2. Update DNS to point to secondary
48 3. Verify traffic routing
49 4. Monitor new primary
50 """
51 print(f"Initiating failover to {secondary_cloud}...")
52
53 # 1. Check replication status
54 lag = await self._get_replication_lag(secondary_cloud)
55 if lag > self.rpo_minutes:
56 print(f"⚠️ Warning: {lag} minutes of data may be lost")
57
58 # 2. Update DNS
59 await self._update_dns(secondary_cloud)
60
61 # 3. Wait for DNS propagation
62 await asyncio.sleep(60)
63
64 # 4. Verify traffic
65 traffic_pct = await self._measure_traffic(secondary_cloud)
66 if traffic_pct > 90:
67 print(f"✅ Failover successful: {traffic_pct}% traffic on {secondary_cloud}")
68 self.primary_cloud = secondary_cloud
69 else:
70 print(f"❌ Failover incomplete: only {traffic_pct}% traffic migrated")
71
72 async def _get_latest_data(self, cloud: str):
73 """Get latest data snapshot from cloud."""
74 # Implementation depends on data store
75 pass
76
77 async def _replicate_to_cloud(self, cloud: str, data):
78 """Replicate data to secondary cloud."""
79 # Implementation depends on data store
80 pass
81
82 async def _get_replication_lag(self, cloud: str) -> float:
83 """Get replication lag in minutes."""
84 # Check timestamps on replicated data
85 return 0.0
86
87 async def _update_dns(self, new_primary: str):
88 """Update DNS to point to new primary."""
89 # Use Route53/Cloud DNS/Azure DNS
90 pass
91
92 async def _measure_traffic(self, cloud: str) -> float:
93 """Measure percentage of traffic going to cloud."""
94 # Check load balancer metrics
95 return 100.0
96
97# Example DR configuration
98dr_config = {
99 'primary': 'AWS-us-east-1',
100 'secondaries': ['GCP-us-east4', 'Azure-eastus'],
101 'rpo_minutes': 5, # Max 5 minutes data loss
102 'rto_minutes': 15 # Recover within 15 minutes
103}
104
105async def main():
106 dr_manager = DisasterRecoveryManager(dr_config)
107
108 # Start continuous replication
109 replication_task = asyncio.create_task(dr_manager.continuous_replication())
110
111 # Simulate primary failure
112 await asyncio.sleep(3600) # Run for 1 hour
113
114 print("Primary failure detected!")
115 await dr_manager.failover_to_secondary('GCP-us-east4')
1161import hashlib
2import json
3from datetime import datetime
4from typing import List, Dict
5
6class MultiCloudAuditLog:
7 """Unified audit logging across clouds."""
8
9 def __init__(self, config: dict):
10 self.config = config
11 self.logs = []
12
13 def log_event(self, event: dict):
14 """
15 Log event with tamper-evident hash chain.
16
17 Requirements:
18 - Immutable audit trail
19 - Cryptographic integrity
20 - Cross-cloud replication
21 """
22 timestamp = datetime.utcnow().isoformat()
23
24 # Create audit entry
25 entry = {
26 'timestamp': timestamp,
27 'event_type': event['type'],
28 'user': event['user'],
29 'cloud_provider': event['cloud'],
30 'resource': event['resource'],
31 'action': event['action'],
32 'result': event['result'],
33 'metadata': event.get('metadata', {})
34 }
35
36 # Calculate hash chain
37 if self.logs:
38 previous_hash = self.logs[-1]['hash']
39 else:
40 previous_hash = '0' * 64
41
42 entry_json = json.dumps(entry, sort_keys=True)
43 combined = previous_hash + entry_json
44 entry_hash = hashlib.sha256(combined.encode()).hexdigest()
45
46 entry['hash'] = entry_hash
47 entry['previous_hash'] = previous_hash
48
49 self.logs.append(entry)
50
51 # Replicate to all clouds for redundancy
52 self._replicate_audit_log(entry)
53
54 return entry_hash
55
56 def verify_integrity(self) -> bool:
57 """Verify audit log integrity."""
58 for i, entry in enumerate(self.logs):
59 if i == 0:
60 expected_prev = '0' * 64
61 else:
62 expected_prev = self.logs[i-1]['hash']
63
64 if entry['previous_hash'] != expected_prev:
65 print(f"Integrity violation at index {i}")
66 return False
67
68 # Recalculate hash
69 entry_copy = entry.copy()
70 stored_hash = entry_copy.pop('hash')
71 entry_copy.pop('previous_hash')
72
73 entry_json = json.dumps(entry_copy, sort_keys=True)
74 combined = expected_prev + entry_json
75 calculated_hash = hashlib.sha256(combined.encode()).hexdigest()
76
77 if calculated_hash != stored_hash:
78 print(f"Hash mismatch at index {i}")
79 return False
80
81 return True
82
83 def _replicate_audit_log(self, entry: dict):
84 """Replicate audit entry to all clouds."""
85 # Store in:
86 # - AWS S3 with object lock
87 # - GCP Storage with retention policy
88 # - Azure Blob with immutability policy
89 pass
90
91 def generate_compliance_report(
92 self,
93 start_date: str,
94 end_date: str,
95 regulation: str = 'MiFID II'
96 ) -> Dict:
97 """Generate compliance report."""
98 filtered_logs = [
99 log for log in self.logs
100 if start_date <= log['timestamp'] <= end_date
101 ]
102
103 report = {
104 'regulation': regulation,
105 'period': f"{start_date} to {end_date}",
106 'total_events': len(filtered_logs),
107 'events_by_type': {},
108 'events_by_cloud': {},
109 'failed_actions': [],
110 'integrity_verified': self.verify_integrity()
111 }
112
113 for log in filtered_logs:
114 # Group by event type
115 event_type = log['event_type']
116 report['events_by_type'][event_type] = \
117 report['events_by_type'].get(event_type, 0) + 1
118
119 # Group by cloud
120 cloud = log['cloud_provider']
121 report['events_by_cloud'][cloud] = \
122 report['events_by_cloud'].get(cloud, 0) + 1
123
124 # Track failures
125 if log['result'] != 'success':
126 report['failed_actions'].append({
127 'timestamp': log['timestamp'],
128 'user': log['user'],
129 'action': log['action'],
130 'result': log['result']
131 })
132
133 return report
134
135# Example usage
136audit_log = MultiCloudAuditLog({})
137
138# Log trading activities
139audit_log.log_event({
140 'type': 'trade_execution',
141 'user': 'trader@example.com',
142 'cloud': 'AWS',
143 'resource': 'order_12345',
144 'action': 'execute',
145 'result': 'success',
146 'metadata': {'symbol': 'AAPL', 'quantity': 100}
147})
148
149audit_log.log_event({
150 'type': 'data_access',
151 'user': 'analyst@example.com',
152 'cloud': 'GCP',
153 'resource': 'market_data_db',
154 'action': 'query',
155 'result': 'success'
156})
157
158# Verify integrity
159print(f"Audit log integrity: {audit_log.verify_integrity()}")
160
161# Generate compliance report
162report = audit_log.generate_compliance_report(
163 '2025-01-01T00:00:00',
164 '2025-12-31T23:59:59'
165)
166print(json.dumps(report, indent=2))
167Case study: Global trading firm with $10B AUM
1Total: $487,000/month
2
3AWS (60%): $292,200
4 - EC2 compute: $145,000
5 - EBS storage: $28,000
6 - S3 storage: $42,000
7 - RDS databases: $38,000
8 - Data transfer: $22,000
9 - Other services: $17,200
10
11GCP (25%): $121,750
12 - Compute Engine: $52,000
13 - BigQuery: $31,000
14 - Cloud Storage: $18,000
15 - Cloud SQL: $12,500
16 - Networking: $8,250
17
18Azure (15%): $73,050
19 - Virtual Machines: $35,000
20 - Blob Storage: $15,000
21 - SQL Database: $14,000
22 - Networking: $9,050
23
24Savings Strategies Implemented:
25 1. Reserved instances (3-year): -$89,000/month (-18%)
26 2. Spot instances for batch: -$24,000/month (-5%)
27 3. Data transfer optimization: -$18,000/month (-4%)
28 4. Right-sizing instances: -$31,000/month (-6%)
29
30Total savings: -$162,000/month (-33% reduction)
31Optimized spend: $325,000/month
321Production metrics (2024):
2
3High-frequency trading:
4 Trades per day: 2.5 million
5 Cloud cost per trade: $0.013
6
7 Breakdown:
8 - Compute: $0.008
9 - Network: $0.003
10 - Storage: $0.001
11 - Other: $0.001
12
13Medium-frequency trading:
14 Trades per day: 150,000
15 Cloud cost per trade: $0.087
16
17Low-frequency (institutional):
18 Trades per day: 5,000
19 Cloud cost per trade: $2.60
20
21Market data processing:
22 Messages per day: 50 billion
23 Cost per million messages: $0.65
24What worked:
Challenges:
Best practices:
Multi-cloud for financial services delivers real benefits but requires careful planning:
Benefits achieved:
Costs:
Recommendation:
The key is matching multi-cloud complexity to actual business requirements. For most trading firms, a primary cloud (AWS/GCP) with disaster recovery in a second cloud provides optimal cost/benefit ratio.
Technical Writer
NordVarg Team is a software engineer at NordVarg specializing in high-performance financial systems and type-safe programming.
Get weekly insights on building high-performance financial systems, latest industry trends, and expert tips delivered straight to your inbox.