 All right, it's time to go see if people drops him. It's a massive room Thanks, everyone My name is Daniel. I'm the VP of a business unit. We call compliant cloud at city network So the network is a Swedish IES provider also now a gold member of the open stack foundation on the community So proud of that together with the roger. Yeah, but who is working that our customer folks We're gonna talk about how folks and got going with open stack and I'm gonna finish off with how we as a provider Have to adapt and what we'd have to think about when we're working with Cloud solutions for bank and finance companies. So Roger kick it off Hi, thank you Yeah, I will work at the insurance company folks on an order insurance company based in Sweden And I work as an IT architect for technology infrastructure in a group called architecture and in in the IT innovation and With that it means that we try to Help the business with how to use technology to drive business But to set you in a context to describe what folks and do This is some Information it was founded early 1908 the same year as General Motors and at the same Year the first time a big ball was dropped in New York Times Square to celebrate a new year It consists of 23 companies has a premium volume of 50 billion Swedish crowns And we manage about 400 billion Swedish crowns for our customers We have almost every second swede insured About over 4 million. I think it's 4.2 million people and we are 4,000 employees and One interesting thing I think is the contract time For life insurance and other stuff is that we have contracts that runs over hundred and thirty years and with that it's an estimated lifetime of hundred years and 30 years for surviving relevant is and folks on is a driver for innovation and Want to impact the society in different way people companies and Even governments Foxham is a mutual company It means that if you take an insurance in Foxham, you're an owner of Foxham also like a stockholder and The vision is to that people should feel secure in the Sustainable world. I see some similarities with the mutual insurance companies and open source project Come and communities They have no shareholders that demands profits It's a lot of people that's get together to Achieve a common goal everyone Enjoy success and even setbacks both have the Will to improve for others and simplify in the world Hopefully that is compare comparison is something we can discuss maybe over where later tonight So a short intro to Foxham IT department. It's around 600 employees and of course some consultants We have a round approximately 800 application that runs on 1200 instances We have 50 develop and management system groups We run about 60 70 IT project per year Our workplace and data center and application operation is mainly outsourced not everything but mainly We have a big in-house development with co-op all we have Java dot net and others The technology and infrastructure. Yes, we have mainframe and that's a interesting thing because Foxham was the first Nordic company that had had the first commercial Mainframe in 50s. It was the IBM 650 that we were the first company to use to do efficiency in our company and Now I would this other side here's timeline over our transformation transformation and I start the years 2012 2012 2012 I call it the IT service in era We didn't got any funds and money to do cool stuff So it was keep just keep floating and then 2012 I was with to Set up architecture and IT innovation group And we started with Consolating the strategies because we have a strategy for every Area like technology development and everything but we saw it didn't map together So we Consolated lots of the strategies into one solution strategy at the same year. We found Interesting pattern called space-based architecture That we wanted to look more into 2013 we got a new CEO But it's a very technical See you he came from the Nasdaq Nordic, which is highly digital lies and The business wanted to modernize the IT So it was to really start and To the digital transformation we begun We started to do a lot of evaluations and proof of concepts and And then we For the first time on folks and we found out about open stack It was when the grizzly was released So we asked ourselves what in the heck is open stack is it's just another hype but in 2014 we had Done a lot of proof of concept and evaluations So we started to write the strategies for the future and how we would help folks on to achieve digital transformation So we went around and anchoring Information about the new technology have you could use it and everything How it would benefit the company both for business and IT? We got decision and we started to prepare for the directives to execute But back to the years 2013 to 2014 We asked ourselves what are the Future of application platform in infrastructure look like so here is some keywords. I won't go through all of them but one Point is very important for us. It was automation in an entire chain because if you have that as a goal Every fun everything else will come as as you go So what did we found when we did the evaluation and proof of concepts? We found an application server that implemented the space-based architecture pattern And the benefits was ability to easily scale up and out Extremely efficient and You if you scale you can scale near-liners scalability as you can get and The dynamic scalability was built into an engine level. So we didn't have to build it around it It gave good data consistency and high availability across all three tires it collapsed the presentation business logic and data layer Together the tires together It was extremely fast it Bay was based on in-memory technology and It was effortless parallelism it makes it to Paralyzed tasks over this review system and It had SLA driven container and SLA monitoring It was a perfect match for our solutions first solution for our customer-facing web applications and Mobile friendly websites, but we had a question. What should we run this platform on? The choices at the time it was the traditional we environment Environment that it hadn't Integrated of the stack or some so it wasn't invented at the time so We could use dedicated service, but we felt that was to go back in time We could use public cloud But we were not mature enough not even the public clouds were mature to handle the sensitive in the data that we handled We could ask our IT Sourcing partners to build a cloud for us internally in our data centers but that Make us lose control. We were dependent to go in there their face We wanted to control the face of the project So we could build our own cloud So we chose to build our own cloud inside our data center, so I ordered 10 blade service and with red hat red hat on and designed how to set up the set OpenStack solution and I got help from Consentals to help on different parts and Why did we choose open stack? It's like what what we have heard in the keynotes, too it's followed the open source initiative and We see it as the cloud standard It's the big community and ecosystem it grows all the time The Openness and accessibility made us self-sufficient So we had our own resources in the project and didn't have to wait for another Company to help us at the same time We can handle the security and regulation part on the way with a technical improvement and development We also want to get more insight of what is cloud everybody talks about cloud but it's just another way to Get capacity and compute power So it helped us when we wrote strategies for Like sourcing strategy And it was a really hard work. I say this is some keywords and that we came across and It was very funny time because you Got deep in stuff and learned a lot and That's important because it's important to have competence in the group Here's one Network topology of the open stack. I think it's the second version that we set up and I can say we in on the storage side we use the set platform for storage and It's using the basic components in open stack After have set up free infrastructure with open stack We did a reflection Do folks on really want to operate and handle? infrastructure As a service inside by ourself No, we want to focus on business development Development and innovations and application technology So we wondered is there any wall out there who could help us on the way to Give us an infrastructure service that met our demands So now we have come to the year 2015 last year It was execution time We started to work first to look on the agile method safe and The way of working setting up the teams Talking about how it would work together And then we had four platforms to set up We had the web content management web content web content delivery We had the application platforms and we have the operation platforms in a little time We are needed to set continuous integration and continuous delivery process and Also look at the roles of of xops How would we handle it shall we should we use only DevOps or DevOps and sysops And then we needed to do a procurement to get an open stack as a service and I On the procurement is like every procurement you do the only thing with this was it was more people involved and more focus on Regulation and security. It was lots of risk assessments and After oh, sorry, we found Provider city networks that gave us good impression that in Were very technical and could lots of open stack and DevOps and things that we wanted to have help with and Also, they were very good at regulations and IT security They proved for us that They were a player that could help us to be more movable than the big big providers but it was a little bit problem because The company size was like a system development group in Folk Sam So the size of the company was a problem for some people But we told the management that with new technology and The modern infrastructure that you have and with the automation you don't need to have 2000 employees to deliver this kind of service. That's why Automation is a driver. So what have we built on open stack? Below you have the service from city networks that deliver the virtual data center ability to Create the virtual data center and on top that we have the application infrastructure with a CMS VSM and a search platform and a Java platform and the operation platform and On the operation platform use the elk stack and the tic stack to collect logs and metrics and On the orchestration side we use Ansible and heat for provisioning and Confirration management is also Ansible and we are going to take in Ansible tower and we are looking also at another Open source project is called cloudify to ever to see how it fits in and If you look at this stack Everything can be replaced That's the mind we had have all the time to lose coupled components that we can change so we can change Java platform and orchestration tools and everything But it's a package that we have that we can put on every Any provider we can go to Azure we can go to OBS or something here's a Picture I think is was the first or second version of our continuous delivery process that we set up and It really works Fine for us, but as you see in In the middle we have a border for we haven't continuous deployment after Certain level so now Since in March 2016 we have been in production and we have some incidents But we have been resilence So the customer haven't noticed anything So together with open stack you have we have really created a dynamic elastic automation that don't Makes customer Notice incidents and we have terminated the big program and projects and The organization line is taking over what we did in the project, but we're not ready yet It's still some things to help them with you remember this slide about the keyboards and Have we a shield of this I would say yes we have but not all the way it's a continuous process to improve us never Nothing is ever ready. So now I come to consideration and lesson learn One thing that struck me that we was so focused on security and regulation around the Infrastructure service and the provider That we forgot ourselves what we put on open stack. We must also be compliant So we have launched a big project to handle that some that kind of questions too What's our self service? That's very good feature But it gets a problem when developers and teams Have the environments up and go on vacation So the effect universe and cost savings with the pay per use doesn't get good because They are not Understanding that they need to take them Down when they're not working with them that we have the cost model of pay per use per second so we must educate our teams and talk about it, but we are also looking at a Technical solution to use metrics and logs to see if anyone working in the environments and often While we take them down safely another thing To run all production environment on this laptop for instance, it's very good to For developers and everything but The problem is I can take this home and sit at home Setting up the environment even if the performance is low. I can test some attacks and Hack the systems with nobody knowing about it In a traditional way you had to hack On on the production environment if you borrow on the internet But in this case if we lose the information Then anyone can try to Do attack a pattern that is a functional and So you need to consider how to handle How is your how you handle the development teams and what they can do with Their development environments and another thing staff to risk analyze with the right People for them beginning we started because in a hurry, but We forgot some roles so It's good to have the lawyer in in the beginning because if you go 60% of your process And taking the lawyers you start on the page one again Everything is not always Everything got don't go as planned so be pragmatic Fail fast that we have done many times and as an architect you need another way to work with architecture and design Because it's you must use principle and guidelines Because you don't have the finer solution in an architecture way you can have a framework of principles and guidelines and another lesson learned is You must put some effort to change the orientation In our program and project that we did It was like a shadow IT we took the team of 70 people in another house and They worked Isolated from all the process that we had inside folks on Otherwise it would have taken three four years and What we did we did it on six month but When the organization line will take over They are not prepared in In our case, so that's why I'm sitting and helping them to take the platforms the Way of working and everything So I must work with them a couple months more and have a plan B No, sorry Don't underestimate the security challenger We saw that if we would build a Platform as a service that we can move everywhere. You must have security on every levels and For example, we have Or our fantasy station on What is called integration and session calls between applications and we Encrypt some data Have a plan B in just in case When we went with city networks, we didn't know if they could meet our demands and needs As the way we wanted So we needed a plan B to Have in just in case, but we didn't need to X Use that plan B Think about cloud and not multi cloud strategy in hybrid strategy And also multi provider Because That's I was on the Gartner conference in London for three weeks ago and Everybody talks about multi provider and I think it's the right way to Separate the risks and think about your cloud maturity We were free people on folks and that had the whole picture and went in core to Work with open stack and everything else But we Needed help from the outside and we have got help from city networks and another consultant firm and With their help we have come this way all those bay and are in production So now it's time for Daniel to take over. All right. Thank you I'm gonna make a little call of arms here today We are an IS provider working with bank and finance services And we made a conscious decisions that we wanted to start to live with these types of services to these Regulated industries in general not only bank finance could be at a moment. It could be health care We personally feel and they can attest to that these sort of these industries are being held back Essentially because there's all these cool features out there all these great things that you guys develop and everything that we come up with And they can't use it Because it's either a regular toward demand that puts a lid on it or it's it's a this is how we always always done thing Type of mentality, which is really hard to change We Realized when we start to work in these industries that we have all these cool features Please start use it. It's out there and everyone's like yeah in a year or two, mate Because they don't work. They don't move really fast. That's just a simple truth of it We want to help that and I want to make a call of arms to everybody that it is time to get these industries going The reason being is that these companies are working in heavily disruptive industries Today you have small companies come growing fast and taking over industries They they're changing the way they do business today how banking finance was a couple of years ago It's not true anymore today. We do almost all our services with our cell phones or our tablets or our laptops We don't go to a bank office anymore We don't go to an insurance company's office anymore and these types of industries are being attacked by disruptive companies Which they could either try to defend themselves against which is probably gonna be a bad thing They're gonna lose that in that because if you have a modern idea and moderately thinking when you start your business You have you have you have a leg up so to speak so these companies have to start to adapt and I feel as as a provider of these services and developers and whoever we might be you can assist and I'm gonna try to just put our Our way of model what way of thinking Innovation was mentioned this morning innovation is hard. It's really really hard But these industries have to innovate and they have to change the way they're doing their business and they have to do it quite rapidly and a technology like open stack is a Great tool to get it done When folks on came to us and this is just in general it could be any type of insurance company When they asked for innovation agility pay-to-go scalable flexible automation orchestration That's that is not really the that's not really an issue because we do that every day We have a public cloud city a city cloud Spread around the world. This is the type of services that we deliver, but when they add on top of their their Legislations the rules and legislation that they have to follow now is the exciting bits because as a provider now You have to start to adapt to the rules The main thing for these companies is that if they want to use cloud services today their lawyers are gonna say no I Can give a great example? We are a couple of months ago. We started a negotiation with the financial Institute in Sweden Their lawyers said straight up if you put the word cloud in the contract It's a nine-month process if you call it a capacity service. We're good to go So if I say you can call it whatever you want and we're good to go But the world cloud is it's not a positive word because we made it something new we called it We call the new thing here comes cloud services You never seen before the truth and reality is it's the next generation outsourcing. It's the next generation of virtualization It's an external generation Generation of orchestration. That's what it is If we could just stick to that then the lawyers can follow suit and we can get going more rapidly because when we call it cloud And you've never seen this before Automatically they're thinking we can't use the service Because it's all about control of data and it's all about audibility Auditability is the key word for everybody if you're gonna try to deliver these services to a bank of finance industry Or a regulated industry in general The auditor wants to see your data center and you have to open up your books You have to open up your data centers and let them in and show you exactly where these customers are at This is the problem today with the Amazons of the world and the public cloud providers that are just a public cloud providers such as Ourselves we have our public cloud as well, which is for anybody with a credit card to use just like AWS So we found out that we had to separate these customers to a separate cloud What we call a community cloud it is pay-as-you-go. It is still IAS is still open stack We run the talk up by the way. I'm gonna get turn a couple of seconds But you have to adapt Your in your platform to their industry and their rules and the radiations GDPR everybody knows about it General data protection rule comes from the EU already taken effect It's gonna affect not only the customers is gonna affect us as providers And it's gonna affect you as developers as well because you have to start to think about How we handle PII data today and the technical aspects of it and the security aspects of it So general data protection rule is there to protect us in the EU problem is though It's not a it's not a law in the US. It's not a law in Asia. It's only a law in Europe So coming back to the discussion we heard it during the keynote this morning That in Europe we really like our data. We want to protect our People it's true But it's come to a degree where it's so now separated from The three different contests or the several contests around the world We don't have the same rules and legislations regarding PII data But we had to adapt to folks in this case Their Swedish company they live in Europe. They work in Europe. They function in Europe We had to adapt to the European laws. We're European entity as well. So EU is is that so to speak we have to adapt Solvency is also EU directive that you have to be compliant with as a provider of the services Basel is for banks Solvency is essentially you can explain this better than I can but what essentially is it is a framework for a insurance company for for how they have to work and what they have to report and they have to be Responsible to the EU to report and what they do when and where and if you provide a service like this to An insurance company or a bank you as a provider become a part of that chain So you also have to be able to report to the EU everything that it comes into what you do and Then of course the general data protection authorities as I mentioned They want to keep track of what you do and you have to be able to open your doors and enable and allow audits extremely important Because when you don't is when the lawyers say no essentially Okay, so This is how we did We as I mentioned we built a separate community cloud It is separate from our public cloud But it can be combined because not everything that folks on dust is heavily heavily regulated and horrible You can actually use some of it in a public cloud. It's all depends on what type of data it is But we build a separate cloud Based on open stack as I mentioned the currently running metaka We also realized coming back to the solvency and all of the regular Regulatory aspects that we had to share the load of responsibility Either you take full-stake which is a possibility as well If you're a large company you can take full-stake and you can control the entire chain Or if you're a smaller company like us You have to control what you can control and you have to be really honest with yourself What you're really good at if we as an infrastructure company know that that's our that's our strength, right? Code and maybe the open stack distribution is really not our strength the facilities themselves might not be our strength So we heavily depend on partners We shows the group go with the redout distribution of the open stack and the OS versions In our community cloud based on the fact that essentially we looked out to say who is working with and really following the Security aspects and really want to be a part a player with it regarding the security aspects within the open stack from Foundation and the family redout was one of them. There's several other out there as well But after our due diligence, we decided to go redout We have facility managers within in our data centers. We have one in Stockholm and one in Koskrona Which is in southeastern Sweden. We also have facilities in London and Frankfurt where we can provide these types of services and There we heavily depend on interactions as partners us for the facility itself and then we host all our Infrastructure within their facilities because once again coming back to the fact that you need to realize what you're good at Maintaining a facility can be really really expensive ISO Certificates how many have in your company the ISO certificates did is 27,001 15 and 18 in your company today Okay, we do and so does Amazon and so does Microsoft and almost every other IS provider out there This is also a key feature and something that needs to be in place in order to be able to deliver these type of services to especially banking finance The 15 is for banking finance itself. It's the only ISO standard for banking finance and The 18 is for PAI data and the 27 said 001 is for IT security in general What this means is that we as a company as a provider so does the Microsoft or so does Amazon is audited at least once a year By a third-party auditor who guarantees that we actually follow suit and actually work according to these ISO certificates also Coming back to what you as a company if you are looking into running these types of services, or if you are a provider if you today were to outsource your I your idea for structure to whoever it might be a normal outsourcing case You would never do that without a direct contract with that provider In the IAS world today We have our standard agreements and they are extremely pro us and they're extremely pro that the the delivering partner because it is Because of the fact that we have customers with credit cards just using your services We don't know when and where they can leave tomorrow. So they have to be very pro us But they don't work for the regulator industries You need to allow to sign a direct contract with your customer And in that contract you steep blade when where and how just like you do in a normal outsourcing world If you can do that you get rid of the main issue with which is the legal portion of it Which you can you can control when where well how also? What happens when we leave and you control the fact that we as a provider don't move your data Which is also extremely important coming back to the fact that they have to get to data center in Sweden And they are not allowed to move their data outside of Sweden because they are what heavily PII regulated company Everything they do is PII data Right, so we as a private cannot move the data for them has to be stipulated in the contract if you stick to that Then these types of services are Absolutely more than doable the whole notion that cloud is not for regulated industries is false in my mind You can absolutely do it You have to follow suit to their according to their rules and regulations, but it's absolutely there to be delivered It can be a public cloud as I mentioned what we call a community cloud where you have several companies sharing the Infrastructure so you can actually run a true pay-as-you-go model Or it could be a dedicated or a dedicated private cloud For banks for instance according to their laws, they're not allowed to share Storage when with any other company, so they have to run in a private cloud insurance companies different story They can share infrastructures we can actually combine multiple companies on the same infrastructure within the same Ruleset and therefore provide a true IAS pay-as-you-go model for for high a highly regulated companies such as folks on or You can do a true hybrid Meaning if you already have a data center, which you really like really love and you don't want to leave and The CIO the CIO with the CEO of the company says we don't want to move anywhere We still want to run our own data center. That's all good Because you can combine that with a public cloud providers data center and build a hybrid as long it is according to the regulations in According to that business as long as you have your ISO certificates in place and you're willing to allow audits Then you can build a hybrid so once again The whole notion of that cloud is insecure the whole notion that Regulated industries cannot run their services in the public cloud is false To the extent that you have to have a direct contract where your state and Stipulate all the rules and regulations and how you have to follow suit as a provider If you do that you can actually do it if it is by standard agreements alone I agree. It's not okay because it's not good enough and Also, remember that the world cloud still in the regulated industries are heavily infected It's not we we take it for granted the way cloud service is great because we understand what it is But the lawyers of the day have some work to do as I mentioned If I have one word of cloud in the contract is a nine month process if I say if I call that capacity service We're good to go So keep that in mind Our time is almost up. So either we open up for questions or you can meet us outside But with that we thank you for your attention and any questions Sure You meaning the the office like itself for all right So what we do is we don't we don't use this in this platform as the game pick platform We have a public cloud for that. We all when the new release come out We're almost three months behind when we do the upgrade in the in the in our in our community clouds And when we in our in our private clouds We want to see that everything works before we do any major changes But we still try to keep up as I mentioned we're on the talk right now when we We are we're on the talk on in every data center that we run both public and community wise and we have the We have the Strategy to always be on the latest version as much as possible We all but we always do launch our public cloud first and then we do the community cloud afterwards when we know what's happened We're outside if you want to talk to us. Thanks so much