Maintaining the SWIFT environment

Regular activities


Daily activities
  • Back up the system and the application data
  • Monitor the systems and review the error logs
  • Login to FIN to process messages that have been received
  • Restart Alliance Access for database maintenance purposes, except if specific arrangements have been made for continuous operation
  • Export the RMA authorisations and distribute them to your other applications, if required
Weekly activities
  • Check the SWIFTNet Link connectivity after a weekend when maintenance activities are performed (see Support for the planning of the full year)
  • Check the connection to the HSM box by performing the SwHSMSelfTest command
  • Archive the Alliance Gateway logs and journals
  • Archive the messages and events of Alliance Access or Alliance Entry
Monthly activities
  • Restart SWIFTNet Link and Alliance Gateway, in order to ensure that the processes that use certificates are stopped. By performing this restart, the certificates can be renewed the next time that they are used to log on.
  • Open all the PKI certificates at least once. Use the CertInfo command (see SWIFTNet Admin Services: Operational Interface - Certificate Management for SWIFTNet Link on the SWIFTNet Link CD)
  • Back up all the PKI certificates after you have opened them. Use the SNL_BackUp.pl command (see SWIFTNet Admin Services: Operational Interface - Backup/Restore for SWIFTNet Link on the SWIFTNet Link CD). Note: This will back up all the certificates that are stored on disk. It will not back up the certificates that are stored in the HSM.
  • Test the unused spare dial-up VPN box (see VPN Box section)
  • Check the correct functioning of your fallback connectivity. SWIFT has implemented a set of measures and tools, which are adapted to each of the connectivity packs. See Fallback Connectivity Testing for further information.
Yearly activities
  • Reboot all your HSM boxes.
   

Best practices for a system upgrade


Before installation
  • Take a full system backup
  • Note the version of the operating system and patches
  • Read the release letter and check the operating system release and patch levels
  • Check the Knowledge Base for any known issues
After installation
  • Take a full system backup
  • Back up all the PKI certificates after you have opened them. Use the SNL_BackUp.pl command (see SWIFTNet Admin Services: Operational Interface - Backup/Restore for SWIFTNet Link on the SWIFTNet Link CD)
  • Run the swiftnet status command and save the output in a new reference file. Do this when the SWIFTNet Link is running, and when the SNL is not running. This will be helpful in case of problems with the SWIFTNet Link processes. For more information, see the SWIFTNet Link section of this guide.
   

Best practices for resilience

  • Building a resilient infrastructure can be done by duplicating the components in various configurations. Your prime site must not contain any single point of failure. This ensures that you can continue the operation in case of a failure of a component, instead of having to wait until the component has been replaced. See the SWIFTNet Resilience Guide for the possible configurations.
  • For critical operations, SWIFT recommends that you build a disaster site to continue the operation after a major problem in the prime site. It should be possible to switch to the disaster site in 2 hours and to start the processing of the business traffic in 4 hours after a prime site failure. The disaster site must be kept up-to-date and the fail-over procedures must be tested twice per year.
  • Alternatively, operations can also be spread over two sites that are simultaneously active. Procedures to re-route traffic to one site to cope with a site failure must also be tested twice per year. Special care should be taken on the organisational aspects and on the usage of PKI certificates in recovery scenarios.