When Dubai Multi Commodities Centre decided to launch its Tradeflow commodities platform, the company knew it would need a trusted hosting provider to give it the resilience and security required of a global market.
For the entity charged with developing commodity trade flows through Dubai, the Dubai Multi Commodities Centre (DMCC), the free flow of trade transactions is at the very core of its operations. Founded in 2002, the DMCC has multiple responsibilities centred on building Dubai as a commodity trading exchange. DMCC is responsible for developing the Jumeriah Lake Towers Free Zone, to create a state-of-the-art commodities hub, which today houses some 4,600 registered companies licensed in the free zone.
The DMCC oversees initiatives such as the Dubai Gold and Commodities Exchange, the Dubai Diamond Exchange, and the Dubai Tea Trading Centre, but its most recent launch, DMCC Tradeflow, goes to the very core of the business, of pulling together a central registry of ownership of commodities stored in the UAE, to facilitate global trades in those commodities.
DMCC Tradeflow is an online trade enabling platform that offers a secure and transparent central registry of ownership for commodities stored in Dubai. Within the online environment, title of stored commodities can be transferred or pledged within a robust legal and Sharia compliant framework. This unique commodities receipt platform fills a key gap in trade finance in the MENA region, by offering enforceable collateral based trade finance solutions for all participants in the value chain. DMCC Tradeflow allows physical inventories that are stored in DMCC certified and rated warehouses around the UAE to be converted into electronic negotiable instruments, ‘DMCC Tradeflow Warrants’, governed by a strong and transparent regulatory regime and administered by DMCC.
The DMCC Tradeflow platform was launched in February 2012 and currently covers a broad range of commodities, such as precious metals, steel, oil and soft commodities, with 34 companies and 150 users registered on the system.
For a core system, it is perhaps surprising that DMCC decided not to host the application itself, but instead went with a leased service agreement to host with eHosting DataFort. Paul Boots, director of DMCC Tradeflow, said that it was always the intention to host the platform externally, in order to be able to meet requirements for twenty-four hour a day monitoring, 24/7 support, monitoring and evaluation resilience, infrastructure resilience and dual site capability. DMCC wanted a 99.99% service availability, to ensure that users were always able to connect, a service level that company would not be able to meet internally.
“One of our primary considerations for the hosting of DMCC Tradeflow was to ensure that our global community was able to access the service securely on a 24hr basis. To achieve this we sought a Managed Services Provider that was able to evidence their commitment to service security in respect of threats from the internet, infrastructure resilience as well as M&E resilience. By evidencing capability in these respects we are confident that our users will obtain a highly reliable service which they will be able to depend upon,” said Boots.
To identify the right partner for the agreement, DMCC conducted a tendering process, which shortlisted 20 providers both in the UAE and elsewhere. DMCC developed testing software, that could assess the user experience, performance and availability of the providers selected data centre. This software monitored the round trip time every 10 seconds for 3 months using the Internet Control Message Protocol (ICMP).
Other factors in the decision included the availability of Expert OS, network, hardware and commercial product support; 24/7 staffing; availability of a Enterprise Management System that would accept DMCC’s SNMP traps; full intrusion detection and protection; meeting all Tier 3 data centre requirements; availability of secondary data centre with sufficient geographical separation; evidence of a professional maintenance regime for M&E and technical infrastructure; fully documented Standard Operating Procedures and service recovery to secondary site within 15 minutes.
DMCC decided upon eHDF as the best fit for its requirements, and the DMCC Tradeflow team worked with eHDF in end-to-end scoping and specifying technology requirements including the OS, hardware, licensed products and infrastructure.
The Tradeflow platform is hosted on technology from HP, with SAN from eHDF. The SAN is replicated across sites and the deployment also uses Oracle Enterprise to add further resilience. The service is provided on with 100% resilience at the primary site, fully replicated to the secondary site.
Boots said that security was also a major concern for the project, to ensure that the platform could meet all the required standards of the community. The platform employs four levels of security – standard SSL certificates, user name and password services, secondary shared phrase and breach/change notification. For Host to Host users DMCC also issues individual certificates from a third party authority.
Security access to each user is controlled and is divested down to the individual partner to control and is governed by their own security rules within a framework we provide. Any attempt to beach security is notified directly to the users for immediate action if required, and all passwords, account settings and forced updates must conform to industry best practices.
“As a green field project and an online transactional platform, technology and supporting infrastructure was very critical for us. The key to success was about building a global portal that would also meet every required internet security and banking standard, thereby meeting the service and security requirements of our community,” he said.
“Two important factors for us was to make sure that the security tools we incorporated were robust, and independently tested, and that we supported a clear demarcation between business process users and account management users. We also wanted the system to be user-friendly whilst meeting the functional business needs of our various communities. To ensure this we worked very closely with our users during the design phase and listened to their recommendations. This gave us confidence that the final service would be fit for purpose and exceed the expectations of our users,” he added.
Key evaluation requirements
- Availability of Expert OS, network, hardware and commercial product support
- 24 hr 7 days a week staffing
- Availability of a Enterprise Management System that would accept our SNMP traps
- Full Intrusion detection and protection
- Meeting all Tier 3 data centre requirements
- Availability of Secondary data centre with sufficient geographical separation
- Evidencing of a professional maintenance regime for M&E and technical infrastructure
- Fully documented Standard Operating Procedures
- Service recovery to secondary site within 15 mins