As XRHMA® is used by major Domestic and Foreign Banks following international security standards and they are audited by International Auditors, for Security, Integrity, Audit and Control Requirements XRHMA® has been adjusted to fully cover them.
The security system of XRHMA® is custom designed, but it can used windows security for authentication purposes. System security is based on both user level and function level. For each user are assigned special rights, the group of customer where has access (per Profit center, per branch, per agent), the function of the application which he has access too. All system functions-selections are controlled by XRHMA® security even reports. Also a second level signature is activated on function level for online verification for significant function where it is required. Extensive auditing and logging at user level provides an overview of all tasks. Database access can also be secured at database level by the use of SQL server security. Regarding web users XRHMA® assigns/generates PINs for each web user and correlates PIN with XRHMA ID, so from web access the user security data are handled by XRHMA®. Remote clients (Multiclients etc) communicate direct with the Application Server (Request Server) with DCOM or TCPIIP. All data transferred are encrypted and compressed using SSL or MS Certification method. Security of data transfers is provided by SQL Server encryption libraries. SSL can also be used to provide stronger encryption, message integrity and server authentication in combination with a Certificate Authority.
Extensive auditing and logging at user level provides an overview of all tasks. System maintains a detailed audit trail for all actions related to XRHMA® operations. In case of modifications or cancellations the previous data are kept and can be compared with the new ones. The audit trail record contains username, date-time, function affected, previous & new status of changed fields. In case the administrator set the system to keep audit trail for reports, the selection criteria and the headers of each report are recorded too. There are a lot of viewing criteria available to authorized users, internal auditors, management etc, to locate and check the history of every action in the system.
System key data (customer details, commissions, interest, discounts etc.) maintenance is done under single or dual control and previous & new data are recorded in the audit trail. So all these records are available to authorized users for previewing and printing.
XRHMA® transactions are based on the double processing accounting, which means that all the transactions are related with balanced batches of G/L entries. So at any time total credit & debits are always balanced. The daily system integrity confirmation is done by means of back office or accounting reports. Also there is a special designed module where system totals appear and correlate with accounting totals. Regarding securities balances (quantities), there is a daily reconciliation process with Central Depositories and foreign brokers to verify the balance of each customer or Omnibus account with the corresponding Depository account.
Orders, modifications, cancellations and executions are kept in a well organized tree structure, easy for authorized users, auditors, management etc. to review and investigate orders/trades history.
There are no limits for the number of concurrent users. It is subject to system licences.
There are no other system limitations that should be taken under consideration. The system is based on a 3 tier, layered architecture that offers many options regarding horizontal and vertical scalability, performance, availability, reliability and fault tolerance. More specifically, load balancing, connection pooling, multi threading and clustering techniques guarantee system performance and scalability.
System Availability. As mentioned above the system is based on a 3 tier architecture layered architecture supporting both high availability and dynamic load balancing. High availability of 99.99% and disaster recovery can be achieved using a combination of standard load balancing, clustering and fail over techniques. More precisely, the system is based on Microsoft Windows DNA Architecture featuring COM+ Application Server and MSSQL Server. In addition, a WEB Based Trading Platform and a WEB Service Wrapper for the Application Server, both running on MS IIS, have been developed. Network Load Balancing (NLB), Component Load Balancing (CLB) and Microsoft Cluster Service could be used.
The system provides a set of tools for downloading data from the Trading & Fund Management systems. These tools include:
A user friendly report generator, where the user can define the report layout field-by-field and also the selection criteria for making at hoc queries from almost all customer’s data.
Crystal Report Generator, where a more experienced user can define its own report and queries.
All XRHMA® reports are exported to various types of files/formats and destinations. Ie. PDF, CSV, RTF, XLS, DBF, WKS etc. Also all reports can be extracted unformatted (row data). Finally, data are available to third party reporting tools or other systems through standard database tools or Application Server documented API (COM+ Components).
System Security is based on custom forms based security and provides the ability to define different level of security on both user and function level. For each user are assigned special rights-attributes giving access to specific groups of customer (per Profit center, per branch, per agent) and application functions. Also a second level signature can be activated on function level for online verification of significant functions.
The system does not require changes to firewalls. Connection to Request Server (Com+ Application Server) can be implemented using either our WEB Service Wrapper or DCOM tunnelling techniques. Thus, system’s thick clients (Win32 Multiclient), thin clients (WEB Trading) or even third party systems are able to connect to the system using port 80 (and http).
In case for remote users to have additional security (single session) based on hardware, the system gives the option to the security officer to burn USB for each user profile, so in order a user to sign on, the system is required the specific USB to be attached.
A WEB Service Wrapper is provided upon COM+ Based Application Server that can be used for application integration and interoperability, as well as, for XML data transferring.
The system provides many options for batch interfaces including file export routines, queuing (store and forward) and database batch integration techniques. Data can be exchanged in various formats and layouts such as CSV, XML, XLS etc.
The system supports calls to external WEB Based Systems passing data through custom parameters (i.e. CustomerID, StockID etc). These calls are appearing to System’s menu (and/or custom buttons). Thus, new functionality can be added.
End User customization includes menu refinement (including/excluding choices) and grid layout refinement and storing (column position and visibility status, sorting, grouping etc).