This document serves as a Root Cause Analysis for the Primo Centralservice interruption experienced by Ex Libris customers on November 7, 2016
The goal of this document is to share our findings regarding the event, specify the root cause analysis, outline actions to be taken to solve the downtime event, as well as preventive measures Ex Libris is taking to avoid similar cases in future.
Service interruption was experienced by Ex Libris customers served by the Primo Central instance at the North America Data Center during the following hours:
November 7, 2016 Periodically From 9:00 AM to 11:40AM Chicago Time Zone
The service impact had been identified by the 24x7 hub using the monitoring systems. During the event, there were total of 35 minutes for which the service was unavailable
Root Cause Analysis
Ex Libris Engineers investigated this event to determine the root cause analysis with the following results:
A DDoS (Distributed Denial of Service) attack had been experienced and had caused the impact on the service.
We have identified an intensive distributed attack, coming from a significant number of IPs.
Technical Action Items and Preventive Measures
Ex Libris has taken the following action and preventive measures to avoid such an occurrence in future:
o Specific Local Primo environments being attacked had been identified. Their connection to PrimoCentral had been disabled and work was done with the specific customers to help them mitigate their attack.
o Monitoring improvements were made to the application level monitoring tools available that now allow a quicker identification of the source of the attack. With a quicker identification of the source, blocking of the attacker can be done quicker and sometimes event before a system disruption is experienced.
ExLibris is committed to providing customers with prompt and ongoing updates during Cloud events. Ongoing and prompt updates on service interruptions appear in the system status portal at this address: http://status.exlibrisgroup.com/
These updates are automatically sent as email to registered customers.
|Nov 15, 2016||Initial Publication|