TMX Group operates global markets, builds digital communities, and creates analytics solutions that facilitate the funding, growth,
and success of businesses, traders, and investors. Its primary operations include Toronto Stock Exchange, TSX Venture Exchange,
TSX Alpha Exchange, The Canadian Depository for Securities, Montréal Exchange, Canadian Derivatives Clearing Corporation, and Trayport.
For more information, visit tmx.com.
TMX Group had reached an inflection point. One where conventional IT operations would no longer be sustainable and would no longer suffice. One that necessitated a “full paradigm shift,” says TMX Group CTO and CISO Bobby Singh.
“We have a huge IT shop, and in the past, we were very internally focused,” Singh admits, citing an if-we-build-it-they-will-come mentality. “But we needed to change. We needed to put clients first.”
Those internal clients wanted to expand their use of cloud services and open source tools. They wanted to adopt emerging technologies that would improve business collaboration, productivity, and analytics. And they wanted infrastructure resources and test environments to be delivered at a moment’s notice.
Unfortunately, the company’s former infrastructure wasn’t up to the task. Like many traditional IT environments that are heavily siloed and manually administered, it couldn’t keep up with the pace, scale, or complexity of modern business. And it was becoming increasingly expensive to maintain.
“Doing more and doing it with speed and cost efficiency requires automation,” Singh says. “So we focused on our backend operations as a foundational element of our new IT approach.”
Prioritizing data center automation, standardization, and management efficiency, the company’s infrastructure team started researching Software-Defined Networking (SDN) technologies.
“We brought ACI into our lab and began playing with it,” recalls Anatoly Korolkov, director of data center infrastructure at TMX Group. “It didn’t take long for us to realize this is what we need.”
TMX Group deployed Cisco ACI, the industry’s leading SDN solution, in its two data centers soon thereafter. Using a Cisco ACI Multi-Pod design, the data centers mirror one another and are centrally managed as one operating domain.
“Cisco ACI allows us to manage both of our data centers and all of our workloads—both physical and virtual—with a single pane of glass,” says Korolkov. “It gives us visibility, consistency, flexibility, and control.”
Control is a must for a highly regulated organization like TMX Group, which has to maintain extraordinary levels of availability, security, and compliance as an essential spoke in the global financial wheel. If its network goes down or gets compromised, Singh says there can be a cascade effect across the entire financial industry.
“If we’re not solid, fast, and secure,” he warns, “things can start falling apart quickly.”
The active/active data centers with Cisco ACI help prevent such calamities, providing full redundancy and automatic failover in the event of an outage. And the zero-trust model and segmentation capabilities of Cisco ACI have helped TMX Group isolate and protect roughly 30 tenants—including Toronto Stock Exchange, Montréal Exchange, multiple clearing houses, and internal business units.
“We used to have different networks and applications for each of them, which created technical inconsistency and operational inefficiency,” Korolkov notes. “Now we are managing one network, one policy model, and one set of applications in a highly secure multitenant environment.”
The adoption of a software-defined, policy-driven data center network has spurred cultural changes at TMX Group—not only within the infrastructure team, but across the entire IT organization and throughout the business. “There’s a learning curve with ACI, but our team has become stronger as a result,” says Korolkov. “Our people are really enjoying working with the technology because everything is faster and more flexible.” Others have taken notice. The company implemented a DevOps model last year, in part because the infrastructure can now support the relentless pace and ongoing change of agile development practices. And business groups are realizing they don’t have to wait weeks for infrastructure resources to be configured and deployed.
“The relationship between the business and IT is much better,” Singh reports. “We have a deeper understanding of business needs, which makes our job more interesting and fulfilling. And the business is seeing faster deployments, more agility, and more responsiveness from IT.”
Instead of sequential handoffs—tossing requests over the proverbial fence and waiting for an indeterminate period of time for them to come back—TMX Group’s network, compute, security, and applications teams are now working in synchronous fashion. Deployments that used to take weeks now take hours. “We’re more integrated in supporting business and client needs,” says Singh, “which has been a huge, positive cultural shift.”
With foundational technologies and streamlined operational processes in place, TMX Group is preparing for the next phase of its paradigm shift. Singh and his team plan to further refine firewall rules and application policies. They will double down on infrastructure automation and microsegmentation. And they intend to create self-service provisioning capabilities that will further accelerate business operations and outcomes—without hindering IT security, governance, or compliance. TMX Group is also evaluating Cisco Cloud ACI on AWS and Cisco Tetration Platform. The company has conducted a field trial of Cloud ACI, which extends the policy model to public cloud environments. And it is in the process of testing Cisco Tetration, which works in tandem with Cisco ACI to provide granular visibility of application connectivity, dependencies, and data flows.
“It’s still early, but our first impressions of Tetration and Cloud ACI have been very positive,” says Korolkov. “Cloud ACI allows applications to be managed in the cloud the same way they are managed in the data center. And Tetration gives us an opportunity to see all of our network communications and flows. With that type of visibility, we can further improve our policies and segmentation, and we can detect and understand anomalies that we can’t see today.”