Containers, engines, clients
The MATP architecture is designed to run as a cluster. It supports high-availability and automatic failover.
Clusters may have as few as one node or as many nodes as hardware and networking limitations can support. No strict limit exists for the number of nodes in a cluster. Multiple nodes can run on the same physical or virtual host if desired.
The free Community Edition of the MATP supports single-node clusters only. The premium Enterprise Edition supports multiple node clusters.
Execution Container
An MATP cluster has one or more Execution Containers. An Execution Container is a process that runs and maintains communication with other nodes in the cluster, if any. Execution Containers are configured to start one or more Engines. An Engine has a functional responsibility and includes, for example, the Deploy Anywhere Routing Engine (DARE), a Strategy Engine (SE), or the Market Data Engine (MDE).
Engines
The Engine is the basic unit of functional behavior. Engines are responsible for accomplishing some sort of business requirement and are the basic unit of the cluster setup. An Engine must live inside an Execution Container but may not live inside another Engine.
The development environment provides engines for DARE, Strategy, and an Marketdata unit in the same Execution Container. Communication streams always target an engine, and engines within the same Execution Container may communicate with each other.
Deploy Anywhere Routing Engine
The DARE component manages communication with external brokers and exchanges. DARE uses the Financial Exchange (FIX) protocol natively and can use other protocols with some customization.
Usually, all installations use the DARE component. The DARE component manages FIX communication with external destinations, sends orders, and receives execution reports. The DARE component also performs post-trade calculations like Profit and Loss and marks trade-related data available.
Strategy Engine
The Strategy Engine (SE) component is responsible for executing user-provided strategies. Strategies consist of JAR files built in a particular way that are uploaded and executed using the Strategy Client. As the SE is responsible for executing code that is unknown and potentially untrusted, it has unique security considerations.
User-provided strategies all execute in their own Classloader and application context, but there is no way to be completely sure that the code contained in a strategy is not malicious. SE components that run user-provided strategies with unknown content should run in their own Execution Container. To guarantee maximum security, each user should have their own Execution Container.
Market Data Engine
The Market Data Engine (MDE) component provides market data to other Engine components. The Market Data Engine consists of one or market-data adapters that each connect to a single source of market data. Generally, a single login is allowed to these sources, which means that the MDE must be able to provide market data to all the Engine components.
Clients
A Client connects an Execution Container and then to an Engine component within that Container. If all Engines are contained within the same Container, clients are in-process. If Engines are in different Containers, clients must be remote clients using marshaled communication streams like REST or gRPC. Photon always uses a remote client.
Remote Client
A Remote Client refers to a client that uses a marshaled wire protocol to communicate over a socket or similar mechanism. Data must be marshaled and unmarshaled. Remote clients are always less efficient than direct clients, but they are more flexible and secure. Remote Clients always use permission checks for every call, while Direct Clients do not. Remote Clients have no restrictions on whether the two endpoints are in the same process or not and can be geographically isolated on different physical or virtual machines.
Direct Client
A Direct Client refers to an in-process client that can improve efficiency. Direct Clients do not perform permission checks because the assumption is that the caller is already in-process and permission checks could be circumvented by calling the desired resource provider directly. For example, you can use the TradeClient to query open orders, or you could query the actual order summary service, bypassing the TradeClient . You cannot make the same direct call using a Remote Client.
Use Direct Clients only for trusted components. The security risk arises when using a Direct Client with a Strategy Engine, since SEs can run untrusted and unknown code. Always execute untrusted and unknown strategies in an Execution Container dedicated to a single user and using a Remote Client.
Photon
Photon is the UI client that provides access to the services and data of all the running Engines. Photon uses the same clients to connect to the Execution Containers and then the Engines that the Engines use to communicate with each other.