Reach for the Sky
“But that’s the way we’ve always done things around here.”
While growing up on a farm in the Midwest, this was a blasphemous phrase to utter. Ever since, I have believed that it is this type of complacent thinking that stifles new ideas and innovation before both can even begin. These ten words are even more dangerous for IT professionals, as they can limit the ability of the technology team to support corporate growth objectives, enable efficiency, and maintain a strong technical backbone of the business.
When my team at the International Securities Exchange (ISE), the owner and operator of three fully-electronic equity options exchanges, learned in February 2015 that we had nine months to extend the geographic diversity of our disaster recovery datacenter in order to comply with the U.S. Securities and Exchange Commission’s (SEC) Regulation Systems Compliance and Integrity (Reg SCI) initiative, it challenged us to deliver a creative solution quickly.
It wasn’t time to be Minnesota nice. It was time to act in a New York minute.
One option we considered was moving our existing physical disaster recovery (DR) infrastructure to a location farther away from our existing primary and backup data center. In case a wide-scale natural disaster or other catastrophe compromised our systems, the DR site would be activated if the primary and backup systems were unavailable and, thus, keep markets open. A physical site was a less-than-ideal scenario, however, as there would have been numerous upfront costs and, with time of the essence, a slower path to production. DR capabilities are extremely important but they are also providing the third level of redundancy, in the event both the primary and backup systems are unavailable. Therefore, the high cost of maintaining a physical presence that was unlikely to be used was not attractive from a business standpoint either.
Building the disaster recovery datacenter opened both new doors and new markets
ISE realized that a better alternative would be to build the entire environment in the cloud. Though no regulated securities exchange had done it before, a disaster recovery datacenter hosted in the cloud would bring numerous benefits and, with precious time dwindling, we made the decision to pursue this non-traditional path.
Focused on the Issues
As a pre-requisite, our team had to focus first on cyber-security. If cloud-based business continuity technology would compromise the security of our trading systems, the project would end before it even began. Not only must an exchange protect its own data, and the access to it, but it must also protect its users which are connected to its systems. ISE has more than 100 member firms, including banks, investment firms and other financial services companies; a data breach could have serious implications for ISE and all of its members. We vetted this issue thoroughly and determined that building a DR site in the cloud could actually provide benefits from a security perspective. After this box was affirmatively checked, we moved on to the next key issue – market data.
Our member firms require access to massive quantities of data derived from ISE’s markets, both historical information and real-time pricing. This is powerful, necessary information that ISE’s members depend on to make decisions about their trading activity. ISE’s markets each day facilitate more than two billion transactions and 150 million messages per second, all within a low-latency environment that averages 200 microseconds of turnaround time per transaction.
The next step was to evaluate the cloud service providers, where the site would be hosted, and examine the capabilities for each infrastructure. As the project progressed, there were critical pieces that were needed, like:
• Virtual network boundaries (AWS VPC);
• Functionality for market data multicast overlay networking; and
• Data encryption, archive, and retrieval.
These elements, and many others, were critical components to ensure that our cloud-based DR solution would meet SEC requirements and provide the highest levels of redundancy to our member firms in the event of a natural disaster or other market-compromising episode.
The Build Out
After evaluating several candidates, our team recognized that AWS from Amazon Web Services provided the necessary flexibility, reliability and scalability to implement the required tools for security and access to market data. With AWS, it was possible to mix and match diverse technologies that would solidify the infrastructure and simplify connections. Member firms could automatically connect to ISE’s cloud disaster recovery site through their existing disaster recovery connections.
One of the tools incorporated into the AWS environment by the ISE team is container technology. Containers enable infrastructure agnosticism by transporting critical software and services across traditionally uncooperative computing environments, creating an invisible infrastructure.
Containerization minimized the overall application footprint, reducing security attack vectors. Used in conjunction with a read-only operating system like CoreOS, this approach provided the opportunity to automate updates and implement dual-factor authentication which would reserve access to limited personnel only and further enhance security protocols.
We also deployed a cutting-edge technology called Weave into the environment. With Weave, multi-cast market data feeds could run normally in the cloud. Weave processes high-frequency interactions in the cloud and would accommodate a trading day’s normal volume of transactions and messages in low latency should the disaster recovery site need to be activated.
Building the disaster recovery datacenter opened both new doors and new markets. ISE can now use the cloud to test programs and deliver different services. For example, ISE’s staff accesses documents, email and the Internet through Citrix, which mobilizes the entire workforce and encourages more collaboration and productivity. Resources are now directed toward functionality, not infrastructure, keeping the technology team focused on how to put the business in the best position for success.
Perhaps most notable, though, was how a successful cloud-based datacenter solidified the launch of ISE’s third options exchange, ISE Mercury, in February 2016, guiding the business to accomplish a top objective.
Thankfully, technology isn’t geometry.
There is more than one solution to a problem. And, sometimes, that solution is something you haven’t tried yet.