This document serves as a Root Cause Analysis for the CampusM service interruption experienced by Ex Libris customers on November 8, 2016
The goal of this document is to share our findings regarding the event, specify the root cause analysis, outline actions to be taken to solve the downtime event, as well as preventive measures Ex Libris is taking to avoid similar cases in future.
Service interruption was experienced by Ex Libris customers served by the CampusM AP01 instance at the APAC Data Center during the following hours:
November 8, 2016 from 4:00PM until 4:30PM Singapore time
The service impact had been identified by the 24x7 hub using the monitoring systems. During the event the service was unavailable.
Root Cause Analysis
Ex Libris Engineers investigated this event to determine the root cause analysis with the following results:
A DDoS (Distributed Denial of Service) attack had been experiencedon the APAC data center. the DDoS attack had impacted the trafficcoming into the data center. The Ex Libris systems were able to identify the DDoS attack and prevent it from having any impact on the data. The traffic to the application was blocked by the Ex Libirs firewall for all users until the issue had been resolved.
Technical Action Items and Preventive Measures
Ex Libris has taken the following action and preventive measures to avoid such an occurrence in future:
- Updates were done to the monitoring system to allow identification of the DDoS attack and allow better management of the attack. As the DDoS attacks identified by Ex Libris expand and Change- an ongoing analysis is taking place and relevant updates are done to the security preventive activities on a daily basis.
ExLibris is committed to providing customers with prompt and ongoing updates during Cloud events. Ongoing and prompt updates on service interruptions appear in the system status portal at this address: http://status.exlibrisgroup.com/
These updates are automatically sent as emails to registered customers.