This document serves as a Root Cause Analysis for thePrimo service interruption experienced by Ex Libris customers on October 12, 2016
The goal of this document is to share our findings regarding the event, specify the root cause analysis, outline actions to be taken to solve the downtime event, as well as preventive measures Ex Libris is taking to avoid similar cases in future.
Service interruption was experienced by Ex Libris customers served by the Primo MT EU01 instance at the Europe Data Center during the following hours:
October 12, 2016 from 12:32 PM until 2:44 PM Amsterdam time zone
During the event, the service was unavailable for the environment.
Root Cause Analysis
Ex Libris Engineers investigated this event to determine the root cause analysis with the following results:
We were able to identify a DDoS (Distributes Denial Of Service) attack directed at Primo institutions. The attack is meant to prevent legitimate users from using the system - accessing information and receiving service.
Technical Action Items and Preventive Measures
Ex Libris has taken the following action and preventive measures to avoid such an occurrence in future:
- We were able to identify a repeating pattern in the attack. Changes were done in the Network Security Management system, LoadBalancer and firewall to block requests containing the identified pattern.
- Updates were done to monitoring processes to allow additional identifications of possible attacks and their source.
ExLibris is committed to providing customers with prompt and ongoing updates during Cloud events. Ongoing and prompt updates on service interruptions appear in the system status portal at this address: http://status.exlibrisgroup.com/