Title: Technical Working Group 9 October 2001
1Technical Working Group9 October 2001
2Agenda
- Background
- Test Environment Connectivity
- Production Environment Connectivity
- Multiple Connection support
- JSE Front-end Connectivity
- Message Authentication
- Customer Testing
- Questions
3Background
- Connectivity to the testing environment will be
available via JSE hub in South Africa from 26th
November 2001 after user has passed Conformance
Test - Connectivity to test environment via the UK
cannot be guaranteed by JSE - JSE has no infrastructure in London
- LSE WorldCom IP roll-out dependency
- Pilot Jan 2002
- Live implementation March 2002 onwards for
existing LSE clients
4Background
- Connectivity to Production environment will be
available via - JSE hub in South Africa
- WorldCom in the UK ..BUT...
- JSE has no infrastructure in London
- LSE WorldCom IP roll-out dependency
- Pilot Jan 2002
- Live implementation March 2002 onwards for
existing LSE clients - JSE Clients not based in UK will only gain
access 4th quarter 2002 via WorldCom - Users must ensure time synchronisation
- JSE must be satisfied that there are no fairness
issues present - JSE members will not form part of market
guarantee
5Test Connectivity
6Production Connectivity
7Production Connectivity
Multiple Systems Connectivity
8Production Connectivity
9Production Connectivity
10Requirements
- IP Addressing
- Test JSE SETS will be accessible on the same
network address range as the TEST JETAPI
currently - (196.26.123.64 255.255.255.192)
- Production JSE SETS will be accessible on the
same network address range as the production JET
and JETAPI currently. - (196.26.125.0 255.255.255.0)
- NB All existing services will continue to be
available. - JSE Information system data via UDP/Multicast
- Infrastructure must support Multicast for
Host-Host and Feed handler connections - Addresses will be made available shortly
11Requirements
- Bandwidth requirements to be clarified
- Conformance tests for Information system will be
- configured with values equal to production
- Values to be published shortly
- JSE physical site information for Telkom line
applications - This information is available via e-mail,
- please contact jsespec_at_jse.co.za
12Front-End Connectivity
- Requirements
- Workstation (64M RAM - NT or 2000)
- Server (SUN 100M RAM - Solaris 2.8)
- Line Speed (Guaranteed delivery)
- Local Hosting vs. JSE Hosting
- Backup (SLC and SLE)
- Admin (GL and Unix)
13Line Applications
14System Access Procedures
- Complete NAS request with all relevant customer
information and submit to JSE - Customer Network IP addresses (production and
test) - List of required services from JSE
- Number of connections, etc.
- JSE teams process request
- Configure Infrastructure
- Explain costing
- Issue contracts
- Trading Services
- Connectivity
- Testing Services
- Front-End (if applicable)
- Customer performs basic connectivity test with
JSE
15Message Authentication SII
Client establishes a TCP session to JSE
SETS. JSE SETS validates connection using the
USAP. Client logs on. Host Security Module
(HSM) generates session keys. HSM passes session
keys to JSE SETS. JSE SETS passes the session
keys back to the client Client
software/hardware decrypts session keys using the
KEK, calculates MAC using the session keys and
application inserts the MAC into the message.
Headers are encrypted. Valid message is sent
to the JSE SETS
JSE SETS SII
CLIENT SYSTEM
16Standards
- ANSI Data Encryption Standard (DES) X.3.92.
- The decryption procedure is described in ANSI
X9.17 (Financial Institution Key Management). - The Message Authentication Code (MAC) calculation
is based on the ANSI Data Encryption Standard
(DES) X.3.92. - The message authentication procedure used by LSE
is described in ANSI X9.19. - LSE uses double-length (128 bit) keys to prevent
exhaustive key determination. The method is
described in ANSI X9.19. - The entire message is not encrypted, only the
session keys and MAC is encrypted.
17Customer Testing Pre Go-live
- JSE will provide up to three conformance test
sessions per day from 26 November 2001 - 12h00 - 15h00
- 15h00 - 20h00 (only upon special arrangement)
- Each session tests trading and/or information
conformance - Continuous access connections to CDS
- 11h00 - 15h00
- 15h30 - 19h30
- Three levels of service
- Continuous access
- Blocks of regular time
- When you want it (minimum time will be part of
base testing service fee)
18Customer Testing Post Go-live
- Three conformance test sessions per week
- Access to continuous test environment
- 11h00 - 15h00
- 15h30 - 19h30
- Three levels of service
- Continuous access
- Blocks of regular time
- When you want it
19Next Session
Late October 11h00 JSE Auditorium
20QUESTIONS