16. Jan 2023

Eurex

Nur in Englisch: T7 connectivity options: Updated information on the mandatory interface encryption to strengthen the protection of critical information infrastructure

Nur in Englisch: Eurex Circular 005/23 T7 connectivity options: Updated information on the mandatory interface encryption to strengthen the protection of critical information infrastructure

1.  Introduction

As previously announced in Eurex Circular 085/22, Eurex has now implemented mandatory changes regarding data transmission via the T7 trading interfaces. These changes have been made to improve the security of information transmitted via communication networks to further reduce the risk of unauthorized interception, manipulation, or misuse.

To support Trading Participants with the implementation of their security requirements, Eurex now offers additional connectivity options to implement Transport Layer Security (TLS) for sensitive data in critical business areas.

Together with the introduction of T7 Release 10.1 on 27 June 2022, Eurex introduced an additional TLS connectivity option (payload encryption) for the FIX LF interface. The introduction of a TLS connectivity option for the ETI interface, for Low Frequency (LF) sessions only, was implemented with T7 Release 11.0 on 21 November 2022. 

Besides the additional connectivity options, Password encryption (by Deutsche Börse’s public RSA key) for ETI High Frequency (ETI HF) sessions will also be implemented in T7 Release 11.1, which is currently planned for 22 May 2023. ETI HF will offer session- and user-login message templates for both, encrypted and un-encrypted password transmission.

From 23 October 2023 onwards, the usage of ETI HF production sessions will be restricted to Eurex Exchange's Equinix FR2 facility (non-public ground). Usage of ETI HF sessions from other locations will no longer be possible in the T7 production environment.

More information about the mandatory interface encryption initiative is available on the Eurex website www.eurex.com on our dedicated initiatives page and location under the following link:

Support > Initiatives & Releases > Readiness for projects > Mandatory Interface Encryption

System documentation, circulars, timeline and much more information can also be found there. A “Frequently Asked Questions (FAQ)” document providing answers to the most common questions will be published on the above-mentioned support site soon.

2.  Required action

Trading Participants should be aware that support for the connectivity option without TLS in the production environment will be withdrawn from 8 May 2023 for FIX LF Sessions and from 23 October 2023 for ETI LF sessions. 

  • If not already done, existing applications must now be adapted to use the FIX LF TLS or ETI LF TLS connectivity option.

Trading Participants with ETI HF sessions should also be aware that applications must be adapted to use login message templates with encrypted passwords following the introduction of T7 Release 11.1 on 4 April 2023 in simulation and 22 May 2023 in production. Password encryption for ETI HF will become mandatory from 11 December 2023 in the production environment shortly after the introduction of T7 Release 12.0 which is currently planned for November 2023.

  • Trading Participants using ETI HF sessions from a location outside of Eurex Exchange's Equinix FR2 facility must either replace the HF session with a ETI LF session or transfer the session to an installation within Eurex Exchange's Equinix FR2 facility by 23 October 2023. 

3.  Details 

To support Trading Participants in their adoption of the additional TLS connectivity options, both connectivity options are currently being offered in parallel. TLS encrypted FIX LF and ETI LF connectivity options are available on dedicated TCP/IP ports on the same gateways as the un-encrypted version. In the T7 production environment, usage of the FIX LF TLS connectivity option will become mandatory from 8 May 2023 and the ETI LF TLS connectivity option will become mandatory in the production environment from 23 October 2023. 

More information about the FIX LF and ETI LF TLS connectivity options is provided in the Network Access Guide which is available on the Eurex website under the following link:

Support > Initiatives & Releases > T7 Release 11.0 > Network Access

3.1. Production environments

HF sessions are currently available for use not only within Eurex Exchange’s Equinix FR2 facility but also in other locations connected to Eurex via networks on public ground. The usage of ETI HF production sessions from locations outside of Eurex Exchange’s Equinix FR2 facility will no longer be possible in the T7 production environment from 23 October 2023 onwards. The ability to order ETI HF production sessions for locations outside of Eurex Exchange's Equinix FR2 facility in the Member Section will be removed from 21 August 2023.

3.2. Simulation and Disaster Recovery environments

The usage of ETI HF sessions from locations outside of Eurex Exchange’s Equinix FR2 facility for the T7 simulation environment will still be possible. HF sessions will also continue to be available in the event of the disaster recovery scenario for production. 

For all environments, once the encrypted communication becomes mandatory, the un-encrypted TCP/IP ports for FIX LF and ETI LF will be shut down and the login message templates (with unencrypted passwords) for ETI HF will no longer be supported.

The T7 market data and reference data interfaces are not affected by the changes.

The following tables provide a consolidated overview of the respective availability, mandatory and decommissioning dates in the simulation and production environments for the respective connectivity options, password encryption und usage on HF sessions from outside of Deutsche Börse’s Equinix FR2 facility: 

Interface

T7 Release

Availability in Simulation

Mandatory in Simulation

Availability in Production

Mandatory in Production

FIX LF

10.1

02.05.22

10.03.23

27.06.22

08.05.23

ETI LF

11.0

12.09.22

04.08.23

21.11.22

23.10.23

ETI HF

11.1

04.04.23

24.11.23

22.05.23

11.12.23

Event

Environment

T7 Release

Decommissioning date

Ordering of HF Session outside the Equinix FR2 facility in the Member Section

Production

11.1

21.08.23

Usage of HF Sessions outside the Equinix FR2 facility

Production

11.1

23.10.23

Further information

Recipients:

All Trading Participants of Eurex Deutschland and Vendors

Target groups:

Front Office/Trading, IT/System Administration

Contact:

Technical Key Account Manager via your VIP number or cts@deutsche-boerse.com

Related circular:

Eurex Circular 085/22

Web:

Support > Initiatives & Releases > Readiness for projects > Mandatory Interface Encryption

Authorized by:

Wolfgang Eholzer


Marktstatus

XEUR

Das Markt-Statusfenster gibt Hinweise  zur aktuellen technischen Verfügbarkeit des Handelssystems. Es zeigt an, ob Newsboard-Mitteilungen zu aktuellen technischen Störungen im Handelssystems veröffentlicht wurden oder in Kürze veröffentlicht werden.

Wir empfehlen dringend, aufgrund der Hinweise im Markt-Statusfenster keine Entscheidungen zu treffen, sondern sich in jedem Fall auf dem Produktion Newsboard  umfassend über den Vorfall zu informieren.

Das sofortige Update des Markt-Status erfordert eine aktivierte und aktuelle Java™ Software für den Web Browser.