Pontus Networks has recently architected the co-location infrastructure for an investment bank’s FX trading system. This case study covers some of the challenges found during the design, and solutions implemented to address them. The basic requirements were to ‘lift and shift’ the existing trading system into new data centers closer to the liquidity venues and clients. The new solution included three Equinix data centers in London, New York, and Tokyo. Each data center had two racks with 6 servers each — 3 servers for production, and 3 for user acceptance tests (UAT). The requirements involved the remote access to the systems, including core services automation for home-grown applications, and third party software, such as Informatica’s Ultra Messaging middleware.
What is co-location
Co-location is the placement of servers and network equipment as close as possible to an exchange or a electronic commerce network (ECN). Investment banks typically co-locate their infrastructure with an ECN to reduce their latency to the market data and to reduce the cost of having leased lines to customers.
Our customer had four main challenges with the co-location project infrastructure:
1) Firewall traversal – the co-location environment was isolated from the internal bank systems by a firewall. The firewall only allowed connections to be established from the internal systems out to the co-location environment.
2) Third party hosting – for tax reasons, our customer could not own any computer equipment in their Tokyo data center. Thus, they had to hire a third party to provide a fully hosted service. Because the third party would lease the servers and have full control of the operating system, the customer had to have a full audit trail of all actions performed in the system.
3) No persistent storage – for security reasons (e.g. If someone with physical access to the servers stole a hard drive) the customer could not have any audit trails or customer data persisted in co-location sites.
4) Over 100 Ultra messaging gateways – the customer has a number of different types of distinct physical and logical data flows. The physical flows were intra server (between two applications in the same server), inter server (between servers in the same data center), inter site (between co-location sites), and inter security zone (between the co-location and the internal security zones). The logical flows were for trade booking, pricing, command and control, and monitoring. Since there were three data centers, 6 servers per data center per environment, and 2 environments (UAT and PRD), the number of gateways quickly added up.
How PontusVision helped
PontusVision helped resolve the customer’s four main challenges as follows:
1) Firewall traversal – PontusVision can easily support any firewall configuration all the communication between components can be encrypted, and the direction of the connection between components can be easily controlled.
2) Third party hosting – PontusVision keeps a fully searchable audit trail of all user actions, and also allows full role-based access control on any part of the system. This allowed the customer to keep track of all activities in the hosted systems, and to control what activities are allowed to take place by the third party.
3) No persistent storage – PontusVision does not require any external databases, and allows data to be stored in virtually any location. PontusVision server was easily hosted in the client’s infrastructure, and seamlessly communicated with agents in the co-location sites.
4) Over 100 Ultra messaging gateways – PontusVision comes out of the box with templates that can easily create the configuration files and even start or stop the gateways themselves. The templates come with SMX settings, WAN settings, and even have port number and multicast address allocation strategies. The templates allow junior staff to easily deploy and support the whole infrastructure.