Powered by

# Deployment and Operation

# Introduction

The Nekuti Matching Engine is a high-performance, versatile trading system designed to power a wide range of financial exchanges. Its flexibility allows it to be adapted for cryptocurrency exchanges, traditional financial markets, including stock exchanges, over-the-counter (OTC) trading, commodities, and futures markets.

# Purpose of this Manual

This operations manual serves as a comprehensive guide for technical staff responsible for the installation, configuration, operation, and maintenance of the Nekuti Matching Engine. It provides detailed instructions and best practices to ensure optimal performance, security, and reliability of the system.

# Intended Audience

This manual is intended for:

  • System administrators
  • DevOps engineers
  • Site reliability engineers
  • Exchange operators
  • Technical support staff

Readers are expected to have a strong background in server administration, database management, and general trading system operations.

# Key Features and Capabilities

The Nekuti Matching Engine offers a robust set of features essential for running a modern financial exchange:

  1. Order Matching: Efficiently matches buy and sell orders across various instrument types.
  2. Account Management: Tracks and manages user account balances.
  3. Margin Trading: Supports margin trading with real-time margin usage calculation and validation.
  4. Asset and Instrument Definitions: Flexible system for defining various tradable assets and instruments.
  5. Trade Processing: Handles trade execution and recording.
  6. Order Book Management: Maintains a real-time order book for all trading pairs.
  7. Risk Management: Includes an insurance fund and performs automated liquidations and Auto-Deleveraging (ADL) when necessary.
  8. API Integration: Implements an industry-standard JSON-based REST API, facilitating easy integration with front-end systems and third-party tools.
  9. Real-time Data: Offers a WebSocket API for live data streaming.
  10. Testing Interface: Ships with a simple web-based UI for integration testing and system verification.

# System Boundaries

While the Nekuti Matching Engine provides core exchange functionality, it does not include:

  • Know Your Customer (KYC) processes
  • Custody or settlement services
  • Regulatory reporting functionality
  • A full-featured graphical user interface for end-users

These components would need to be provided by separate systems integrated with the Nekuti Matching Engine.

# System Overview

The Nekuti Matching Engine is composed of several interconnected processes, each serving a specific role in the overall system architecture. This distributed design ensures scalability, security, and reliability. Below is an overview of each component:

# Core Engine and Command Sequencer

  • Primary Function: Receives and processes trading commands, maintains the order book, and executes trades.
  • Communication: Accepts commands over a TCP connection using a proprietary binary format.
  • Data Persistence: Commands are persisted to disk in sequence before processing, ensuring data integrity.
  • Network Position: Typically situated behind a firewall NAT for enhanced security.
  • Outbound Connections: Connects to User Gateways over TCP, allowing for a secure network architecture.

# User Gateways

  • Primary Function: Provide external API access for users.
  • APIs: Offers JSON-based REST API and WebSocket connections.
  • Communication with Core: Sends subscription or query commands to the engine and read-models over TCP.
  • Data Flow: Receives responses or streams of data from the engine based on subscriptions and queries.
  • Network Position: Located in an internet-facing DMZ network.

# Control Gateways

  • Primary Function: Provide operational control and monitoring capabilities.
  • Features: Includes all User Gateway features plus additional administrative controls.
  • Communication: Initiates TCP connections to the engine, unlike User Gateways.

# Snapshotter

  • Primary Function: Generates periodic snapshots of the system state.
  • Operation: Loads persisted commands and the most recent snapshot, then creates a new snapshot if necessary.
  • Purpose: Enables faster system recovery and startup by allowing the engine to start from the most recent snapshot rather than replaying all historical commands.

# WebUI

  • Primary Function: Provides a simple web-based user interface.
  • Technology: Built using Node.js.
  • Purpose: Allows exploration and validation of user-facing exchange features.
  • Use Case: Primarily intended for testing and integration purposes, not as a production trading interface.

# System Requirements

# On-Premises Deployment

  • Hardware:
    • High-performance x86 servers with fast CPUs
    • At least 32GB RAM
    • Low-latency storage (SSDs strongly recommended)
  • Network:
    • Low-latency, high-bandwidth network connections between components (2.5-10 Gbps recommended)
  • Operating System:
    • Linux (specific distribution requirements to be detailed in the Installation section)
  • Additional Software:
    • Azul Java Runtime Environment 21 or later
    • Node.js
    • PM2 for process orchestration (optional)

# Cloud-Based Deployment

  • Compute Resources:
    • High-performance virtual machines or dedicated instances
    • Equivalent to x86 servers with fast CPUs
    • Minimum 32GB RAM per instance
  • Storage:
    • High-performance block storage (e.g., AWS EBS io2, Google Cloud SSD Persistent Disk)
    • Consider using local SSDs for even lower latency where available
  • Networking:
    • Low-latency, high-bandwidth network connections between components
    • Use of placement groups or similar features to ensure co-location of related instances
    • Consider dedicated interconnects for hybrid cloud setups
  • Operating System:
    • Linux-based cloud images (specific requirements to be detailed in the Installation section)
  • Additional Services:
    • Load balancers for distributing traffic to User Gateways
    • Virtual Private Cloud (VPC) for network isolation
    • Identity and Access Management (IAM) for secure access control
  • Software Requirements:
    • Same as non-cloud deployment:
      • Azul Java Runtime Environment 21 or later
      • Node.js
      • PM2 for process orchestration (optional)

# Architecture Diagram 

flowchart TD
 subgraph lan["LAN"]
        engine["Engine"]
        snapshotter["Snapshotter"]
        control["Control Gateway"]
        readmodel["Read Model"]
  end
 subgraph dmz["DMZ network"]
        ugw["User Gateway"]
        nj["Web Server"] --> ugw
  end
    engine --> ugw
    control --> engine
    readmodel --> engine
    readmodel --> ugw
    style engine stroke:#FF6D00

This distributed architecture allows for horizontal scaling of user-facing components while maintaining a centralized, deterministic core for order matching and trade execution. The separation of concerns between different processes enhances security, reliability, and maintainability of the overall system.

© Copyright 2025. All rights reserved.