Upgrading traders' workplace infrastructure
In 2014, the workplace of the Raiffeisenbank trader was a table, under which there was an accumulation of system units with monitors, mice and keyboards connected to them. Not only was it very hard and inconvenient to work on all of this “zoo”, so one could forget about good and timely maintenance. Dust, which is inevitably generated in open spaces, increased heat emission from operating stations significantly reduced the service life of equipment significantly.
At that time, we were looking for a way out of this situation for a long time and as a result we came to a very
interesting and technological decision, which will tell today.
year 2014:
')
So, we realized that it was time to change something, and we formulated the main goals of updating the infrastructure of the workplaces of traders in Raiffeisenbank:
• Replacing existing computers with new ones and placing them in a separate technical room with optimal operating conditions, providing the necessary temperature, ventilation, humidity, and dust protection.
• Extend the life of the installed equipment.
• Replacing conventional keyboards at each user's workplace with one professional multifunctional keyboard of a trader.
• Ensure that trading employees can “back up” their colleagues at the time of their absence using the function of viewing and intercepting the management of information sources.
• Implementation of a high-performance solution and organization of distributed access to all sources of information in real time.
The most obvious solution to the problem is to deploy WMWare virtual workstations on the company's servers. However, here we very quickly ran into problems that were incompatible with the normal operation of the trader. First of all - this is the delay in the operation of a thin client. If, for example, an ordinary employee does not notice her, then for a trader even a second delay can lead to large financial losses. And the minimum system requirements for trading terminals usually correspond to the level of very high-performance working stations, which greatly reduces the attractiveness of using virtualization. In addition, the placement of software on virtual servers is very often forbidden (including by technical means) by companies that develop trading terminals (software).
Then we drew attention to the integrated solution from WEY, which is a complex of hardware that allows you to integrate various systems: trading, information, analytical, risk management system management, control, and organize modern trading in the bank, control center and control various security systems and networks. It included the integration of a large number of heterogeneous systems and data sources at each workplace. With it, you could combine Thomson Reuters Dealing (later FX Trading), Bloomberg, Moex (MICEX + RTS), Quik and many other trading platforms. Technologically, WEY is a distributed access platform, which consists of transmitting and receiving interface cards, Huawei switching network equipment, WEY control consoles adapted and configured for certain banking trading systems, and we used HP server of the SL family as workstations.
The WEY solution is completely hardware. Powered by WEY data transfer technology, providing real-time data transfer with the ability to encapsulate in IP for transmission in unicast and multicast mode. The communication of computers in a technical room with a trading room is carried out at the level of computer interfaces through the WEY platform, on a separate specially organized (dedicated) network segment based on the proprietary WEY protocol.
The built hardware and software complex allows you to integrate a large number of different systems, servers, information sources into a single platform, create groups of them, create user groups, distribute access rights and access priorities, create specialized control keys for different systems and manage them from any desktop places in real time.
HP servers were not chosen randomly. They could be put in a rack and thus reduce the space used in the technical room. However, initially a serious problem arose with them: the server hardware was not particularly designed to work as a full-fledged workstation, for example, it was delivered without video and sound cards. If there were no special problems with video cards, we used professional solutions from Nvidia, then there were problems with sound - the sound card simply could not be inserted ... The solution was unexpected - USB cards that were connected and installed inside the servers themselves to a free USB port on the motherboard the board.
Instead of several keyboards and mouse manipulators, one WEY MK 06 FPGA-based multifunctional keyboard with keys and a color LCD display was installed on each workplace. Special built-in blocks and function keys in the display for working with systems of leading providers of information-analytical and trading services can significantly speed up the work of the trader. The functional settings of the keyboard and the layout of the keys can be changed individually, depending on the user's requirements, ensuring the maximum convenience of work when performing daily operations.
Thanks to an intuitive keyboard interface, traders can start working with the new system immediately after its installation. All data is managed instantly, which is critical when working in foreign exchange and stock markets.
It was very important to ensure the security of the solution. In the trading hall can be several different systems from different providers that are in different networks. Some of these networks may be public and unsafe. With WEY, there is no need to install all the systems on one subnet in order for the user to work comfortably with all the multiple systems. The platform allows you to leave each system in your subnet and work the user with all the necessary systems and quickly switch between them. At the same time, all networks remain isolated, and the WDP system operates in a separate, isolated, specially organized segment. To transmit signals, a specially designed proprietary WEY protocol is used, encapsulated in IP for transport via Ethernet. Sender-receiver cards are connected to universal cards with SFP modules, which allow the system to be adapted to any cable system depending on customer preferences and object technical limitations .
The system provides the ability to create logins and passwords for users, logging the use of systems by users. In the latest SmartTouch keyboards, there are user presence sensors at the workplace that allow you to automatically “log out” the user from the system as soon as he leaves the workplace. At this point, all monitors turn dark.
Information security is provided by allocating a separate network segment for WEY data transmission. This segment transmits the encrypted data of the open interfaces of computers, effectively extending the PC connections with monitors and controls. Computers remain in their networks. That is, the data itself, with which one or another system operates in this network segment, is not visible and not accessible for possible attacks. Security issues remain the same as if computers continued to remain in the workplace. Having moved all the equipment to a closed and protected technical room, it was possible to ensure its safety, extend the service life and limit unauthorized access becomes much easier.
How is viewing and interception of control of information sources provided?
The system creates source groups and user groups. The system allows you to flexibly organize access rights and access priorities not only for different groups of users to systems, but also within each group. There are 5 types of access rights:
• no access rights
• full access
• only viewing mode
• private mode
• access mode only on permitted interfaces
In the process of assigning access rights and priorities, for example, managers are assigned higher access rights and priorities, which allows the head of a department (department) to connect to any system in viewing mode and, if necessary, take control of the system. At the same time, on the LCD display of the manager's keyboard, it will be seen which of the users is currently using this system.
For each user is determined by its level of access to resources. Managers have a higher level than their employees and, in accordance with this, can intercept the management of systems in critical situations with one keystroke on the control console.
In order to add a new workplace, you just need to connect receiving cards and a keyboard to the WEY network and create a new user in the system, assign access rights and priorities to it. After this, absolutely all sources integrated into the system can be available at the workplace. The same applies to the sources themselves - computers. A new transmission card is being installed, to which the system interfaces are connected. And everything, the system from this moment is available for viewing or control from any workplace (depending on the access rights settings of a specific user). In this case, the user can log into the WEY system from any workplace. He is not attached to any of them. Therefore, jobs can be located even in another building. Thus, the system can be expanded in minimal steps.
2017:
At that time, we were looking for a way out of this situation for a long time and as a result we came to a very
interesting and technological decision, which will tell today.
year 2014:
')
So, we realized that it was time to change something, and we formulated the main goals of updating the infrastructure of the workplaces of traders in Raiffeisenbank:
• Replacing existing computers with new ones and placing them in a separate technical room with optimal operating conditions, providing the necessary temperature, ventilation, humidity, and dust protection.
• Extend the life of the installed equipment.
• Replacing conventional keyboards at each user's workplace with one professional multifunctional keyboard of a trader.
• Ensure that trading employees can “back up” their colleagues at the time of their absence using the function of viewing and intercepting the management of information sources.
• Implementation of a high-performance solution and organization of distributed access to all sources of information in real time.
Virtualization
The most obvious solution to the problem is to deploy WMWare virtual workstations on the company's servers. However, here we very quickly ran into problems that were incompatible with the normal operation of the trader. First of all - this is the delay in the operation of a thin client. If, for example, an ordinary employee does not notice her, then for a trader even a second delay can lead to large financial losses. And the minimum system requirements for trading terminals usually correspond to the level of very high-performance working stations, which greatly reduces the attractiveness of using virtualization. In addition, the placement of software on virtual servers is very often forbidden (including by technical means) by companies that develop trading terminals (software).
WEY
Then we drew attention to the integrated solution from WEY, which is a complex of hardware that allows you to integrate various systems: trading, information, analytical, risk management system management, control, and organize modern trading in the bank, control center and control various security systems and networks. It included the integration of a large number of heterogeneous systems and data sources at each workplace. With it, you could combine Thomson Reuters Dealing (later FX Trading), Bloomberg, Moex (MICEX + RTS), Quik and many other trading platforms. Technologically, WEY is a distributed access platform, which consists of transmitting and receiving interface cards, Huawei switching network equipment, WEY control consoles adapted and configured for certain banking trading systems, and we used HP server of the SL family as workstations.
The WEY solution is completely hardware. Powered by WEY data transfer technology, providing real-time data transfer with the ability to encapsulate in IP for transmission in unicast and multicast mode. The communication of computers in a technical room with a trading room is carried out at the level of computer interfaces through the WEY platform, on a separate specially organized (dedicated) network segment based on the proprietary WEY protocol.
The built hardware and software complex allows you to integrate a large number of different systems, servers, information sources into a single platform, create groups of them, create user groups, distribute access rights and access priorities, create specialized control keys for different systems and manage them from any desktop places in real time.
HP servers were not chosen randomly. They could be put in a rack and thus reduce the space used in the technical room. However, initially a serious problem arose with them: the server hardware was not particularly designed to work as a full-fledged workstation, for example, it was delivered without video and sound cards. If there were no special problems with video cards, we used professional solutions from Nvidia, then there were problems with sound - the sound card simply could not be inserted ... The solution was unexpected - USB cards that were connected and installed inside the servers themselves to a free USB port on the motherboard the board.
Multifunctional keyboard WEY MK 06
Instead of several keyboards and mouse manipulators, one WEY MK 06 FPGA-based multifunctional keyboard with keys and a color LCD display was installed on each workplace. Special built-in blocks and function keys in the display for working with systems of leading providers of information-analytical and trading services can significantly speed up the work of the trader. The functional settings of the keyboard and the layout of the keys can be changed individually, depending on the user's requirements, ensuring the maximum convenience of work when performing daily operations.
Thanks to an intuitive keyboard interface, traders can start working with the new system immediately after its installation. All data is managed instantly, which is critical when working in foreign exchange and stock markets.
Security
It was very important to ensure the security of the solution. In the trading hall can be several different systems from different providers that are in different networks. Some of these networks may be public and unsafe. With WEY, there is no need to install all the systems on one subnet in order for the user to work comfortably with all the multiple systems. The platform allows you to leave each system in your subnet and work the user with all the necessary systems and quickly switch between them. At the same time, all networks remain isolated, and the WDP system operates in a separate, isolated, specially organized segment. To transmit signals, a specially designed proprietary WEY protocol is used, encapsulated in IP for transport via Ethernet. Sender-receiver cards are connected to universal cards with SFP modules, which allow the system to be adapted to any cable system depending on customer preferences and object technical limitations .
The system provides the ability to create logins and passwords for users, logging the use of systems by users. In the latest SmartTouch keyboards, there are user presence sensors at the workplace that allow you to automatically “log out” the user from the system as soon as he leaves the workplace. At this point, all monitors turn dark.
Information security is provided by allocating a separate network segment for WEY data transmission. This segment transmits the encrypted data of the open interfaces of computers, effectively extending the PC connections with monitors and controls. Computers remain in their networks. That is, the data itself, with which one or another system operates in this network segment, is not visible and not accessible for possible attacks. Security issues remain the same as if computers continued to remain in the workplace. Having moved all the equipment to a closed and protected technical room, it was possible to ensure its safety, extend the service life and limit unauthorized access becomes much easier.
How is viewing and interception of control of information sources provided?
The system creates source groups and user groups. The system allows you to flexibly organize access rights and access priorities not only for different groups of users to systems, but also within each group. There are 5 types of access rights:
• no access rights
• full access
• only viewing mode
• private mode
• access mode only on permitted interfaces
In the process of assigning access rights and priorities, for example, managers are assigned higher access rights and priorities, which allows the head of a department (department) to connect to any system in viewing mode and, if necessary, take control of the system. At the same time, on the LCD display of the manager's keyboard, it will be seen which of the users is currently using this system.
For each user is determined by its level of access to resources. Managers have a higher level than their employees and, in accordance with this, can intercept the management of systems in critical situations with one keystroke on the control console.
Expansion of the trading room
In order to add a new workplace, you just need to connect receiving cards and a keyboard to the WEY network and create a new user in the system, assign access rights and priorities to it. After this, absolutely all sources integrated into the system can be available at the workplace. The same applies to the sources themselves - computers. A new transmission card is being installed, to which the system interfaces are connected. And everything, the system from this moment is available for viewing or control from any workplace (depending on the access rights settings of a specific user). In this case, the user can log into the WEY system from any workplace. He is not attached to any of them. Therefore, jobs can be located even in another building. Thus, the system can be expanded in minimal steps.
2017:
Source: https://habr.com/ru/post/334570/
All Articles