Technical Working Group 9 October 2001

1
Technical Working Group9 October 2001
2
Agenda

• Background
• Test Environment Connectivity
• Production Environment Connectivity
• Multiple Connection support
• JSE Front-end Connectivity
• Message Authentication
• Customer Testing
• Questions

3
Background

• Connectivity to the testing environment will be
  available via JSE hub in South Africa from 26th
  November 2001 after user has passed Conformance
  Test
• Connectivity to test environment via the UK
  cannot be guaranteed by JSE
• JSE has no infrastructure in London
• LSE WorldCom IP roll-out dependency
• Pilot Jan 2002
• Live implementation March 2002 onwards for
  existing LSE clients

4
Background

• Connectivity to Production environment will be
  available via
• JSE hub in South Africa
• WorldCom in the UK ..BUT...
• JSE has no infrastructure in London
• LSE WorldCom IP roll-out dependency
• Pilot Jan 2002
• Live implementation March 2002 onwards for
  existing LSE clients
• JSE Clients not based in UK will only gain
  access 4th quarter 2002 via WorldCom
• Users must ensure time synchronisation
• JSE must be satisfied that there are no fairness
  issues present
• JSE members will not form part of market
  guarantee

5
Test Connectivity
6
Production Connectivity
7
Production Connectivity
Multiple Systems Connectivity
8
Production Connectivity
9
Production Connectivity
10
Requirements

• IP Addressing
• Test JSE SETS will be accessible on the same
  network address range as the TEST JETAPI
  currently
• (196.26.123.64 255.255.255.192)
• Production JSE SETS will be accessible on the
  same network address range as the production JET
  and JETAPI currently.
• (196.26.125.0 255.255.255.0)
• NB All existing services will continue to be
  available.
• JSE Information system data via UDP/Multicast
• Infrastructure must support Multicast for
  Host-Host and Feed handler connections
• Addresses will be made available shortly

11
Requirements

• Bandwidth requirements to be clarified
• Conformance tests for Information system will be
• configured with values equal to production
• Values to be published shortly
• JSE physical site information for Telkom line
  applications
• This information is available via e-mail,
• please contact jsespec_at_jse.co.za

12
Front-End Connectivity

• Requirements
• Workstation (64M RAM - NT or 2000)
• Server (SUN 100M RAM - Solaris 2.8)
• Line Speed (Guaranteed delivery)
• Local Hosting vs. JSE Hosting
• Backup (SLC and SLE)
• Admin (GL and Unix)

13
Line Applications
14
System Access Procedures

• Complete NAS request with all relevant customer
  information and submit to JSE
• Customer Network IP addresses (production and
  test)
• List of required services from JSE
• Number of connections, etc.
• JSE teams process request
• Configure Infrastructure
• Explain costing
• Issue contracts
• Trading Services
• Connectivity
• Testing Services
• Front-End (if applicable)
• Customer performs basic connectivity test with
  JSE

15
Message Authentication SII
Client establishes a TCP session to JSE
SETS. JSE SETS validates connection using the
USAP. Client logs on.   Host Security Module
(HSM) generates session keys.  HSM passes session
keys to JSE SETS.  JSE SETS passes the session
keys back to the client   Client
software/hardware decrypts session keys using the
KEK,  calculates MAC using the session keys and
application inserts  the MAC into the message.
Headers are encrypted.  Valid message is sent
to the JSE SETS
 
 
JSE SETS SII
CLIENT SYSTEM
 
16
Standards

• ANSI Data Encryption Standard (DES) X.3.92.
• The decryption procedure is described in ANSI
  X9.17 (Financial Institution Key Management).
• The Message Authentication Code (MAC) calculation
  is based on the ANSI Data Encryption Standard
  (DES) X.3.92.
• The message authentication procedure used by LSE
  is described in ANSI X9.19.
• LSE uses double-length (128 bit) keys to prevent
  exhaustive key determination. The method is
  described in ANSI X9.19.
• The entire message is not encrypted, only the
  session keys and MAC is encrypted.

17
Customer Testing Pre Go-live

• JSE will provide up to three conformance test
  sessions per day from 26 November 2001
• 12h00 - 15h00
• 15h00 - 20h00 (only upon special arrangement)
• Each session tests trading and/or information
  conformance
• Continuous access connections to CDS
• 11h00 - 15h00
• 15h30 - 19h30
• Three levels of service
• Continuous access
• Blocks of regular time
• When you want it (minimum time will be part of
  base testing service fee)

18
Customer Testing Post Go-live

• Three conformance test sessions per week
• Access to continuous test environment
• 11h00 - 15h00
• 15h30 - 19h30
• Three levels of service
• Continuous access
• Blocks of regular time
• When you want it

19
Next Session
Late October 11h00 JSE Auditorium
20
QUESTIONS