Versions Compared

Old Version 4

changes.mady.by.user CME Group

Saved on

compared with

New Version Current

changes.mady.by.user CME Group

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This topic describes the secure CME Globex logon process and scenarios for iLink and Drop Copy including: 

...

Info

For more information on HMAC, please refer to:

Testing and Certification

Certification via AutoCert+ is required for the CME Globex API secure logon. An iLink and Drop Copy certification suite is currently available in AutoCert+.

Note: Customers must create secure key pairs for New Release and CERT iLink and Drop Copy Sessions in the Request Center NR/CERT. 

Click here to access the help file to learn about the Request Center NR/CERT.

...

iLink and Drop Copy Security Credentials

...

Panel
titleSecure Key Pair Creation and Management in the CME Customer Center

When a customer creates a secure key pair, the credentials can be viewed and downloaded in the CME Customer Center.

  • Once created, credentials are accessible and available for multiple downloads in the CME Customer Center.
    • Clients are limited to 10 2FA tokens for logon and download per day.
  • A customer can have up to two secure key pairs for a Session ID for up to four weeks, after which the older secure key pair is automatically expired.
    • A newly created secure key pair will have a status of active, i.e. valid for logon.
    • The first secure key pair will expire in four weeks after the market close.

  • If a customer generates a third secure key pair:

    • One of the existing secure key pairs will be deleted, effective immediately, based on the customer selection. 
    • The remaining  secure key pair will expire in four weeks after the market close.
Info

 The Request Center is closed on weekends, from 4:30 pm Friday to 10:00 am Sunday CT.

For security reasons, CME Group requires customers to change their security credentials every 12 months. Notification regarding pending security credential expiration will be sent to registered administrators.

Info

In a Disaster Recovery (DR) scenario, if a customer has created or managed the secure key pair (Access Key ID + Secret Key) in production within 15 minutes prior to the disaster event, that security credential change may not be reflected in the DR environment; in such an unlikely event, customers should generate a new secure key pair upon CME Globex transition to the DR environment.

...

iLink and Drop Copy logon requests must reach CME Globex within 5 seconds to prevent a stale logon. Timestamps (tag 52-SendingTime) submitted by the client system in the Logon (tag 35-MsgTpe=A) message older than 5 seconds will be rejected. CME Globex will send a Logout (tag 35-MsgType=5) message to the client system.

Info

To ensure the timestamp value submitted in tag 52 is current, CME Group strongly recommends the following Network Time Protocol guidelines.

Logon Scenarios

Client systems use the Logon (tag 35-MsgType=A) message for authentication with CME Globex. There are three Logon scenarios:

...

Info

The client system must submit the Logon message within 60 seconds after establishing a TCP/IP connection. If the client system does not submit the Logon message within 60 seconds, the TCP/IP socket connection is assumed to be stale and the socket is closed.

See also:  Session Layer - Fault Tolerance for a discussion of setting the Fault Tolerance Indicator (FTI) at logon and failover scenarios.

...