This document serves as a Root Cause Analysis for the Primo service interruption experienced by Ex Libris customers on October 14, 2016
The goal of this document is to share our findings regarding the event, specify the root cause analysis, outline actions to be taken to solve the downtime event, as well as preventive measures Ex Libris is taking to avoid similar cases in future.
Service interruption was experienced by Ex Libris customers served by the Primo MT EU01 instance at the Europe Data Center during the following hours:
October 14, 2016 from 11:35 AM until 1:53 PM Amsterdam time zone
During the event, the service was unavailable for the environment.
Root Cause Analysis
Ex Libris Engineers investigated this event to determine the root cause analysis with the following results:
We were able to identify a new form of DDoS (Distributed Denial Of Service) attack directed at Primo institutions. In this case the DDoS attack was aimed at the mail sending functionality, causing a significant load on the system and preventing a normal use.
Technical Action Items and Preventive Measures
Ex Libris has taken the following action and preventive measures to avoid such an occurrence in future:
- Ex Libirs engineers have added another pattern block on the following elements -Network Security Management System, LoadBanacer and Firewall.
- CAPTCHA functionality was updated on the environment, ensuring that a robot will not be able to use the mail sending functionality.
ExLibris is committed to providing customers with prompt and ongoing updates during Cloud events. Ongoing and prompt updates on service interruptions appear in the system status portal at this address: http://status.exlibrisgroup.com/