Blog: Operational Resilience and Business Continuity: The Benefits of Active-Active

There's always been disciplines about business continuity in projects and delivery programs, but they have traditionally been overseen by the institution that's delivering them. Frameworks were loosely managed which often exposed unnecessary risk. It was not until January 2023 when the EU put DORA¹ (Digital Operational Resilience Act) into force, and set the timeline for a January 17, 2025, application deadline did it become a boardroom topic, and its frameworks start becoming part project planning and requirements’ documents.

Importance of ICT Security in Financial Sectors

For anyone still unaware, DORA (Digital Operational Resilience Act) is a European regulation that aims at strengthening the information and communication technology (ICT) security of financial entities and making sure that the financial sector in Europe can stay resilient in the event of a severe operational digital disruption. Other nations have started developing similar requirements and regulations.

Before DORA, institutions talked in terms of emergency situations. Once DORA came to be, the standard was to accept that contingency situations could happen any day at any time, and plans had to be developed for how to operate day-to-day so that if something goes wrong the architectural design and the construction of infrastructure will stand up.

Then on July 19, the CrowdStrike network outage became a real-world global case study that highlighted the importance of DORA compliance. Here is what we learned:

1. Even organizations specializing in security can face significant disruptions and thus it reinforces the importance of building robust procedures to withstand, respond to, and recover from various disruptions.
2. Dependency on third-party providers is prevalent in the industry; and although managing the risk falls on both parties, for the institution utilizing the service, it is important that they can ensure continuity of their operations.
3. Testing is a mandate of DORA. How often do organizations just trust their providers, like Microsoft^®. Regardless of the provider, regular exercises and drills need to happen throughout.

Active-Active Configuration: Enhancing System Resilience

As a provider of a business critical, cloud-native transaction processing payments infrastructure, we have constantly been questioned as to how we help our customers implement DORA requirements. One way we can enable compliance with DORA is implementing the highest standards of operational resilience via enabling the active-active (2 nodes) or multi-active (2+ nodes) configuration for the system. This is the process for simultaneously handling and processing multiple nodes rather than only having one active and the other on stand-by.  For the ultra-high operational resilience requirements dictated by the DORA regulation, the solution can be deployed in triple-active mode, where there are two active nodes and a third one that is synchronized in real-time with the other two nodes and in any time can be switched to immediately handle the workload.

Benefits of Active-Active Systems for Business Continuity 

• High Availability: Since multiple nodes are active, the failure of one node does not bring down the entire system. Other nodes continue to handle requests, ensuring systems can remain operational.
• Dynamic Scalability: You can add (or the system can do this automatically based on workload) more service instances to the configuration to handle increased loads, making it easier to scale the system horizontally. Since the load is distributed evenly across multiple nodes it can prevent any single node from becoming a bottleneck.
• Faster Processing: By having multiple nodes working simultaneously, the system can serve requests from the nearest or least busy node, reducing latency while handling more requests and processing data faster.
• Business Continuity via Improved Upgrades/Maintenance: Maintenance or upgrades can be performed on one node while others continue to operate, reducing downtime (blue-green pattern). Additionally, nodes can be added or removed from the system without shutting it down, allowing for more flexible maintenance.
• Automated CI/CD pipelines: ability to deploy the same executable code via automated CI/CD pipelines in diversified infrastructure makes you more resilient to failure in any single infrastructure.
• Minimized Risk of Downtime: Active-active systems are designed to minimize downtime, which is crucial for mission-critical applications and a requirement for disaster recovery (i.e. DORA)
• Geographic Distribution: If nodes are distributed across different geographic locations, the system can continue to function even if one location is affected by a disaster (Disaster Recovery).

To learn more about Diebold Nixdorf’s cloud-native transaction processing payments infrastructure, contact your Diebold Nixdorf representative.