Discover DXC Luxoft/ActiveViam’s cloud-hosted managed service solution

In brief

It’s critical to match an independent software vendor solution (ISV) to the specific requirements of a cloud-hosted environment to reap the highest optimized benefits of a properly managed cloud solution
DXC Luxoft, with the SaaS-hosting platform Luxoft Beyond, works with ISVs to bring fully managed solutions to clients quickly and repeatably
Learn how DXC Luxoft and ActiveViam have pooled their resources to deliver the ActiveViam Atoti product as a cloud-hosted, managed service solution on AWS, taking advantage of Atoti’s unique features
Atoti, from ActiveViam, is a massively scalable data management solution that expands vertically and horizontally. Typically, with on-premises implementations, many Atoti clients choose vertical scaling to optimize limited data center space. When considering cloud implementations, horizontal scaling is preferable, requiring unique IT policies and requirements, which can be a distraction for clients when initially setting up or transitioning to the cloud
Learn from this article how DXC Luxoft and ActiveViam have pooled their resources to deliver the ActiveViam Atoti product as a cloud-hosted, managed service solution on AWS, taking advantage of Atoti’s unique features
The combination of Atoti and Luxoft Beyond gives clients a robust, scalable, cost-efficient and secure SaaS solution that that helps them maximize the return on their cloud investment. This fully managed service on one of the most popular cloud offerings provides clients with a quick and easy way to onboard with Atoti

ActiveViam and DXC Luxoft share over 10 years of experience and hundreds of projects successfully deployed in cloud environments. In April 2024, the two companies announced a strategic alliance to provide Atoti as a cloud-based, managed services solution for financial services organizations. The goal is to bring together their respective expertise to help accelerate the modernization of financial services analytics and make the power of Atoti available to all organizations that may benefit from it.

This white paper summarizes the combined experiences and approaches used by both companies in successful cloud deployments, listing the guidelines and best practices that ensure successful implementation while optimizing cost and performance.

Many organizations, especially within the same industry, face comparable analytics problems, and the tight regulation of the financial sector further drives conformity. Consequently, buying software from specialized vendors is normally the most cost-effective way to conduct business.

Business needs differ significantly across industries. Each company has unique IT policies and capabilities, creating unique requirements for maximizing the benefits of a cloud-hosted solution for managing cost, performance optimization, testing, support, information security and compliance requirements (i.e., ISO 27001 and ISAE3001/SOC2 Type 2). Leveraging services partners specializing in vendor software deployment, change and hosting services.

DXC Luxoft is uniquely positioned to collaborate with vendors to accelerate their transformation toward providing SaaS solutions. It brings client transition expertise and provides outsourcing and compliance best practices for cloud-hosted environments.

DXC Luxoft and ActiveViam have pooled their expertise to deliver Atoti, ActiveViam’s flagship data analytics platform, as a cloud-hosted, managed service solution on AWS, taking advantage of Atoti’s unique features.

Luxoft Beyond — the platform for vendor SaaS

DXC Luxoft has developed a multi-cloud, SaaS-hosting platform to help bring software vendor solutions to clients quickly and repeatably, according to best practices and industry standards.

It’s based on an advanced information security control framework, incorporating many features as standard, including:

Cloud-native tools to implement both prevention and detection controls
Intelligent security information and event management (SIEM) software for threat detection
Rigorous procedures based on ITIL standards for managed incidents, problems and change

DXC Luxoft and ActiveViam recently onboarded Atoti, ActiveViam’s market-leading aggregation engine, to the Luxoft Beyond platform. Atoti joins other leading solutions, such as EarlyResolution, on Luxoft Beyond. This scalable, flexible and secure SaaS platform enables multiple ISVs to offer their clients access to best-in-class technology in a new way.

For this white paper, we will describe a deployment on AWS, keeping in mind that every cloud platform has its own strengths and specificities.

All cloud infrastructure is controlled through Infrastructure as Code (IaC) pipelines, with vulnerability scanning, observability, automated health checks and alerting, all customizable for the deployed vendor solution.

DXC Luxoft has undergone an SOC2 Type 2 independent audit for the solution and is an ISO 27001 accredited organization. These industry-standard certificates inspire confidence that DXC Luxoft operates secure cloud environments and confirms its adherence to industry best practices.

AWS Control Tower, GuardDuty and customized security control policies (SCPs) underpin the Luxoft Beyond framework, with Sumo Logic SIEM, AWS Inspector and many other tools in place. Jira Service Management and Opsgenie provide integration for alerting, monitoring, tracking SLAs and servicing client incidents. AWS Connect provides a contact point with phone and multilingual live chat for client interaction.

Atoti: Transform the way you analyze data

Created by ActiveViam and specifically designed for finance, Atoti is a semantic layer between data and user. It converts files and tables into business hierarchies and metrics that can be used and manipulated autonomously. Atoti fits any data analytics architecture (operating between data sources and visualization tools), delivering fast, precise and interactive analytics in any configuration, even for complex metrics requiring long chains of calculations and non-linear aggregation.

Atoti is used in production today at banks like HSBC, BNY, Danske Bank, Commerzbank and Santander for a wide variety of use cases ranging from credit risk analysis and liquidity risk management to real-time PnL at the front office and FRTB-compliant market risk reporting.

Atoti as a Luxoft Beyond-hosted platform

Atoti distributed architecture overview

Atoti is a massively scalable application that expands vertically and horizontally. Traditionally, with on-premises implementations, many Atoti clients choose vertical scaling to optimize limited data center space. However, in the cloud, horizontal scaling is usually preferable because it allows for scaling up and down in sync with demand and allows resource management to work with finer scaling increments.

This discussion of Atoti's scalability leads to a deeper exploration of how its distributed architecture plays a critical role. In particular, data nodes and other components within the existing architecture are key to maintaining performance and flexibility as scaling needs evolve. By leveraging both vertical and horizontal scaling, Atoti optimizes resource allocation, making it especially relevant in high-demand environments. This foundational architecture is crucial as we examine how it enables seamless integration with cloud services and sets the stage for enhanced scalability and operational efficiency, which we'll explore further.

Chart shows the Atoti distribution architecture

^{Figure 1: Atoti distributed architecture}

Atoti can run as a distributed cluster across multiple machines, featuring two types of nodes: Data nodes and query nodes. Data nodes contain data cubes that store facts, define hierarchies and calculate measures. Query nodes contain query cubes, which forward queries to the data cubes, aggregate results and return the final output. Query cubes also manage global hierarchies, merging topologies from all data cubes in the cluster.

Each data node holds the data for a specific date. The query node is the cluster entry point and holds no data. It receives the query, involves the impacted data node(s) and answers the end user. We have one query node for the whole cluster.

An architecture with data nodes allows horizontal scaling by distributing data across multiple nodes, which enables the system to handle increased load and storage requirements more efficiently. Each node in the cluster manages a portion of the data. The query node distributes the query over the data nodes. A maximum of calculations is done across these parallel nodes, and the results are sent back to the query node, which terminates the calculations.

A horizontal architecture is crucial for taking advantage of cloud’s elastic capabilities. Suppose more computing power is needed or users wish to load additional data. In that case, starting up more data nodes on a new machine is much easier, faster and more cost-efficient than migrating the whole application to a more powerful instance.

Containerization and container orchestration tools bring significant benefits when working with a horizontally scalable application. Atoti natively supports Kubernetes (K8s), the authentic standard for container orchestration.

Each application environment begins in a pod with an instance related to a single day’s worth of data. If one pod is down, the orchestrator restarts it. Note that there’s one instance from each date. Before mentioning anything related to the cloud, we can envision the deployment:

^{Figure 2: Conceptual Kubernetes deployment architecture}

Kubernetes/Helm is used to deploy Atoti. Each data node and the query node are in a pod. Only the query node pod is exposed to the outside world since it’s the visible part of the cluster.

Running Atoti in AWS

To deploy Atoti in Luxoft Beyond, ActiveViam and DXC Luxoft collaborated on a best-practice deployment pattern using Amazon’s Elastic Kubernetes Service (EKS) for container orchestration.

Specifics on the EKS architecture, automating the deployment of the Atoti Helm chart using AWS CodePipeline, monitoring with Amazon CloudWatch and scaling using Karpenter are all outlined.

One of the key benefits of the AWS platform is the large variety of services native to it, especially compared to on-prem deployments. Amazon ensures that those tools not only work optimally on their platform but also work well together, with no compatibility issues or loss of performance.

While all cloud platforms offer a similar array of native tools, AWS’s offering is especially rich. However, this doesn’t prevent us from using third-party tools when they provide specific benefits.

The primary AWS services used when implementing an Atoti environment on the Luxoft Beyond platform are as follows:

Amazon DynamoDB: A fundamental value and document database that delivers single-digit millisecond performance at scale. Manages Terraform state locking to ensure that only one execution can modify the state at a time
Amazon EC2 (Elastic Compute Cloud): Provides scalable compute capacity in the cloud, allowing the deployment of virtual servers. It hosts worker nodes for the Kubernetes cluster where Atoti runs. This is the foundation for an elastic, cost-effective deployment in AWS
Amazon ECR (Elastic Container Registry): A fully managed Docker container registry that makes storing, managing and deploying Docker container images easy. Stores Docker images by CodeBuild, so we don't have to install Terraform and other tools with each build. This accelerates builds and saves costs. Deploys container images and Helm charts
Amazon EFS (Elastic File Storage): A fully managed, scalable file storage that can be attached to multiple virtual machines. In this case, EFS provides persistent storage shared by numerous application pods in the EKS cluster. EKS provides an EFS Container Storage Interface driver add-on that eases the driver set-up process
Amazon EKS (Elastic Kubernetes Service): A managed Kubernetes service that simplifies running Kubernetes on AWS without installing and operating your own Kubernetes control plane or nodes. Provides the Kubernetes control plane and worker nodes for running Atoti
Amazon Route 53: A scalable and highly available domain name system (DNS) web service. Manages domain names and directs traffic to the correct resources, ensuring high availability and reliability
Amazon S3 (Simple Storage Service): A fully managed object storage service that is scalable and cost-effective. Stores the pipeline artifacts and acts as the Terraform back end for state files
Amazon SNS (Simple Notification Service): A fully managed messaging service for both application-to-application and application-to-person communication. Sends notifications for manual approval steps and pipeline alerts
Amazon VPC (Virtual Private Cloud): This lets you provision a logically isolated section of the AWS cloud for launching AWS resources in a virtual network. Provides network isolation and security for the EKS cluster
AWS Certificate Manager: Provisions, manages and deploys public and private SSL/TLS certificates for use with AWS services and your internal connected resources. Manages SSL/TLS certificates to secure network communications
AWS CodeBuild: A fully managed build service that compiles source code, runs tests and produces software packages. Executes the various stages of the pipeline, including validation, planning and applying Terraform configurations. Builds Docker images and Helm charts
AWS CodeCommit: A source control service that hosts secure Git-based repositories. Stores the Terraform modules, Helm charts and Docker files
AWS CodePipeline: Orchestrates the CI/CD process by automating the build, test and deploy phases of the release process. Manages the flow of the pipeline, coordinating each stage of the Terraform deployment
AWS ELB (Elastic Load Balancer): Distributes incoming application traffic across multiple targets (e.g., EC2 instances in multiple availability zones). ELB spreads the load across the Atoti application instances running in the EKS cluster
Private subnets: Subnets allow network traffic to remain private within the VPC. Hosts the worker nodes and other resources that don’t need direct internet access
VPC endpoints: Enable private network connections between your VPC and supported AWS services as well as VPC endpoint services. They allow access to AWS services without traversing the public internet, enhancing security and performance due to low latency and high throughput

Architecture

^{Figure 3: Atoti deployment architecture}

Atoti supports a variety of container orchestration tools such as Docker, AWS Elastic Container Service, AWS Elastic Kubernetes Service, Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE). In this case, the target cloud provider was AWS, so the obvious choice was between ECS and EKS. EKS appeared best, as it’s based on Kubernetes: With EKS, managing K8s-based workloads is much easier, as the overhead of administering the K8s resources is significantly reduced compared to other options.

Infrastructure as Code

^{Figure 4 : Infrastructure as Code pipeline design}

Infrastructure as Code (IaC) involves managing and provisioning infrastructure resources using code. This allows for maintaining consistency and enabling automated, repeatable, faster deployments. It is essential to keep mission-critical applications up to date in a cost- and time-efficient way.

By treating infrastructure as code, teams can control versions, test the changes to their infrastructure before deployment and better ensure business continuity.

Another benefit of IaC is that it facilitates the migration of an application from one environment to another. While this white paper presents a deployment on AWS, customers do not want to be stuck with a single provider, and a proper IaC deployment makes it much easier to switch to another cloud environment with minimal investment.

The recommended tool for implementing IaC with Luxoft Beyond is Terraform from Hashi Corp, a widely used open-source tool favored for its flexibility. AWS CloudFormation and Cloud Development Kit (CDK), AWS-native IaC formats, are also available, but crucially, Terraform supports multiple cloud providers, making it easier to migrate Atoti to another environment eventually.

Pipeline workflow

Source stage

Role: CodePipeline retrieves Terraform modules and Terraform’s source code from CodeCommit
Service: AWS CodeCommit

Validate stage

Role: CodeBuild validates the Terraform code using tools like Checkov and TFLint
Service: AWS CodeBuild

Plan stage

Role: CodeBuild generates a Terraform plan outlining the changes to be made
Service: AWS CodeBuild

Manual approval stage

Role: The pipeline pauses for a manual review and approval of the Terraform plan
Service: AWS SNS

Apply stage

Role: CodeBuild applies the Terraform configuration, provisioning the resources
Service: AWS CodeBuild

Provisioning resources

Role: Terraform provisions resources in the EKS cluster and other related AWS services
Service: Amazon EKS, Amazon EC2, Amazon S3, AWS IAM, AWS CloudWatch alarms, etc.

CI/CD Helm deployment

Chart details the Infrastructure as Code pipeline with Helm

^{Figure 5: Infrastructure as Code pipeline with Helm}

A continuous integration and continuous deployment (CI/CD) pipeline automates the deployment process of the Atoti application to an EKS cluster, ensuring a consistent, compliant and repeatable process. A combination of AWS CodePipeline, CodeCommit and CodeBuild is used within Luxoft Beyond to create a deployment pipeline for the Helm charts. These services offer a more cost-effective alternative to self-managed options like Jenkins, reducing overhead costs tied to infrastructure management.

Unlike EC2 instances, which are billed hourly regardless of usage, CodePipeline is billed per execution, aligning costs more closely with actual demand. This pricing model ensures that you're only paying for what you use, contributing to an overall more efficient and scalable system. Additionally, AWS-native tools fit the Luxoft Beyond ethos of cloud-native tooling to maximize compatibility and performance.

AWS CodeBuild provides a temporary virtual machine to compile source code, execute unit tests and perform other processes such as building Helm charts and Docker images. CodeBuild runs within a VPC for enhanced security.

The CI/CD pipeline starts with CodeCommit as the source code repository (where Helm charts and Docker files are stored). CodePipeline orchestrates the entire CI/CD process, automatically triggering the pipeline whenever a commit to the source repository occurs. CodeBuild is then used to build the Docker image and create Helm charts (stored in a private Elastic Container Registry [ECR]). Application artifacts and a license file are securely stored and retrieved from S3 during the Docker build phase.

CI/CD workflow

Build phase:

CodeBuild builds the Docker image and creates a Helm chart
The Docker image and Helm chart are stored in a private ECR repository

Deployment phase:

CodeBuild installs the Helm chart onto the EKS cluster
The pipeline execution is paused to allow a manual approval step. This allows for review and approval before deployment

Monitoring using Amazon CloudWatch

Chart shows monitoring and observability with AWS CloudWatch and Fluent Bit

^{Figure 6: Monitoring and observability with AWS CloudWatch and Fluent Bit}

Amazon CloudWatch is AWS’ native monitoring solution. It monitors applications and AWS resources such as EC2 instances, in real time.

The Amazon CloudWatch Observability add-on makes monitoring applications running in the EKS cluster easier. Once enabled, the add-on sets up CloudWatch Agent and Fluent Bit and enables CloudWatch Container Insights. The CloudWatch agent collects detailed metrics such as CPU, memory, network activity and disk I/O, and sends them to CloudWatch. Fluent Bit is responsible for sending container logs to CloudWatch.

All the collected metrics and logs can be viewed from the CloudWatch dashboard on the AWS Console. The Container Insights allows for viewing various vital metrics, like how much memory or CPU the application uses with a pod/container. Those metrics are essential to ensure not only continuity of service (a key requirement for compliance), but also that the AWS instance is properly sized, and that the elastic nature of the cloud is utilized wherever possible to minimize costs, especially compared to on-prem deployments.

Alerts can be triggered via CloudWatch Alarms. For example, we might want to be notified when pods within a specific Kubernetes namespace are restarted, as this could indicate a problem with the container. CloudWatch Alarms is integrated with Amazon Simple Notification Service (SNS) and Opsgenie to produce alerts for support teams to investigate. They can also automatically generate incident records within Jira Service Management to formally track SLAs.

Conclusion

The combination of Atoti and the Luxoft Beyond SaaS platform gives ActiveViam and DXC Luxoft a robust, scalable, cost-efficient and secure risk analysis and management solution for clients that also helps them maximize the return on their cloud investment. The Atoti deployment blueprint can be used outside Luxoft Beyond and AWS. Still, this fully managed service on one of the most popular cloud offerings provides clients with a quick and easy way to onboard with Atoti. It means they can focus on what matters most — the business configuration and data that sets them apart from competitors.

Atoti and DXC Luxoft redefine cloud-native data analytics by seamlessly integrating advanced technologies with industry-best cloud deployment practices. By leveraging the unique strengths of both platforms, clients benefit from enhanced operational efficiency, greater flexibility and the assurance of best-in-class security and compliance standards.

Whether scaling financial data solutions or streamlining risk management processes, this collaboration empowers businesses to harness the full potential of the cloud. ActiveViam and DXC Luxoft continue to set new standards for managed services, combining their expertise to bring clients unmatched value and performance in their cloud journeys.

Find out more

To learn more about the cloud deployment insights gained by DXC Luxoft and ActiveViam across multiple engagements or how to ensure successful implementation while optimizing cost and performance, contact ActiveViam or DXC Luxoft.

Download PDF version

Mbulaheni Davhana

Cloud Architect, DXC Luxoft

Mbulaheni is a seasoned Cloud Architect at DXC Luxoft with over a decade of experience in IT, specializing in cloud architecture and DevOps. He has extensive experience designing and implementing cloud solutions that prioritize security, scalability, and operational efficiency. Mbulaheni is passionate about simplifying complex technologies to help businesses achieve their cloud transformation goals.

Julien Gautier

VP of Product Marketing, ActiveViam

Julien is a marketing executive with 15 years of experience in the tech and software industry. He began his career with the prestigious French “licorn” Withings, focusing on innovative connected health devices. Joining Quartet FS in 2015 as Marketing Director, Julien led the company’s rebrand into ActiveViam and played a significant role in launching its line of packaged solutions. Now, as VP of Product Marketing at ActiveViam, he uses his expertise to develop thought-provoking whitepapers highlighting client stories and drives strategic marketing initiatives supporting the global market presence.

Nida Bouzid

Principal Solution Architect, ActiveViam

Nida has been a Principal Solution Architect at ActiveViam since its inception in 2007. With experience across R&D in Paris and leading tech initiatives in APAC from Singapore, Nida has gained significant expertise in technology solutions. Now in Amsterdam, Nida leads the Solution Architect team, developing strategies for global client needs. He holds a Master’s degree in Scientific studies from INSA Lyon.

Hugh Richards

Ecosystem Strategy, Banking and Capital Markets Solutions, DXC Luxoft

Hugh has gained over 30 years’ experience in financial services, investment banking, software company management and market strategy. He brings a unique balance of global business and technology leadership, focused on strategy, execution and innovation change management.

Mark Perkins

Global Offering Lead, as-a-Service Solutions, DXC Luxoft

Mark has 14 years’ experience across London and Sydney, focusing on the application of cloud-based solutions to trading and risk technology in capital markets. Working for Excelian and then DXC Luxoft, he helped to significantly grow the Digital Consulting practice in Australia before moving to ANZ, where he ran the Market Risk Technology team and led a cloud acceleration program within ANZ Institutional. Mark relocated to London in 2021, joining DXC Luxoft to drive the as-a-Service transition across Banking and Capital Markets.