Skip to main content
  • Subscribe by RSS
  • ExLibris Dev

    Primo Central - RCA - November 7, 2016


    This document serves as a Root Cause Analysis for the Primo Centralservice interruption experienced by Ex Libris customers on November 7, 2016


    The goal of this document is to share our findings regarding the event, specify the root cause analysis, outline actions to be taken to solve the downtime event, as well as preventive measures Ex Libris is taking to avoid similar cases in future.

    Event Timeline

    Service interruption was experienced by Ex Libris customers served by the Primo Central instance at the North America Data Center during the following hours: 


    November 7, 2016 Periodically From 9:00 AM  to 11:40AM Chicago Time Zone


    The service impact had been identified by the 24x7 hub using the monitoring systems. During the event, there were total of 35 minutes for which the service was unavailable


    Root Cause Analysis

    Ex Libris Engineers investigated this event to determine the root cause analysis with the following results:

    A DDoS (Distributed Denial of Service) attack had been experienced and had caused the impact on the service.

    We have identified an intensive distributed attack, coming from a significant number of IPs.

    Technical Action Items and Preventive Measures

    Ex Libris has taken the following action and preventive measures to avoid such an occurrence in future:

    o    Specific Local Primo environments being attacked had been identified. Their connection to PrimoCentral had been disabled and work was done with the specific customers to help them mitigate their attack.

    o    Monitoring improvements were made to the application level monitoring tools available that now allow a quicker identification of the source of the attack. With a quicker identification of the source, blocking of the attacker can be done quicker and sometimes event before a system disruption is experienced.

    Customer Communication

    ExLibris is committed to providing customers with prompt and ongoing updates during Cloud events. Ongoing and prompt updates on service interruptions appear in the system status portal at this address:

    These updates are automatically sent as email to registered customers.


    Publication History

    Date Publication Type
    Nov 15, 2016 Initial Publication


    • Was this article helpful?
    // feedback widged