Citihub Consulting was engaged by a Tier 1 European Equities Venue to conduct an infrastructure availability review of their European Dark Pool platform.
Have a similar challenge?
The provider had experienced unplanned outages and needed to identify potential availability risks and single points of failure affecting business systems.
The scope included all underlying infrastructure for matching engines and messaging and external connectivity. The study necessitated a full physical audit of data centre assets, and a full review of network infrastructure and Metro WAN inter-site connectivity.
How Citihub Consulting Helped
Citihub Consulting’s Application Risk Assurance (ARA) methodology was used to complete the review. This is a holistic, structured, and evidence-based approach covering all factors that affect infrastructure availability. ARA measures infrastructure availability through design reviews and analysing planned and unplanned infrastructure fail-overs.
Citihub Consulting’s review found that the infrastructure which was designed for high availability (HA) and fault tolerant capabilities still had a number of high-risk components compromising the HA design. These included: subtle but unintended single points of failure (SPOFs), latent run-time silent configuration errors, placement of HA services on shared frames, DNS issues, EOL hardware issues, and evolving BCP plans and insufficient testing of contingency plans.
Our review identified more than 80 risk items and categorised these as either High, Medium or Low based upon the potential for future impact and the probability of impact occurring. Risk items were also aligned by theme – covering such areas as Strategy and Architecture, Database Design, SPOFs, Operations Models and tools, BCP, and DC and Networking design.
The Client’s infrastructure SMEs reviewed risk items and took required remedial actions. “Red Hot” items identified as immediate risks to the business were resolved as they were identified, and other High Priority items were remediated through normal infrastructure investment upgrade plans.
Some risk items identified during the ARA were known to the client, but independent verification enabled the client to secure funding for full remediation.