Reimagining Modern Finance Through Collaborative Infrastructure
This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>
This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>
Enterprise products, solutions & services
GF Securities supports the trading demands of over 20 million clients. Its mission-critical system must withstand three major pressures: sudden I/O surges during market spikes, elastic scaling of containerized applications, and 24/7 uninterrupted operations. Legacy storage solutions—limited in container compatibility, cross-node data sharing, and DR switchover efficiency—were increasingly unable to keep pace.
Amid the wave of cloud-native transformation, GF Securities, as a pioneer in the financial industry, sought a storage foundation capable of supporting both evolving technologies and mission-critical workloads. Leveraging a clear view of industry trends, the company strategically selected OceanStor Dorado all-flash storage and CloudEngine high-performance data center switches to future-proof its core storage technology roadmap. This product combination boasts seamless support for the native Container Storage Interface (CSI), end-to-end all-flash performance, active-active setup powered by Container Disaster Recovery (CDR), and a highly reliable network foundation.
In building an active-active architecture, GF Securities adopted Huawei CloudEngine series switches to establish its core network foundation. The switches feature a highly reliable design. All key components are redundant, providing solid assurance for stable system operation.
In high-concurrency and heavy-traffic service scenarios, CloudEngine switches provide full-line-rate forwarding and high-performance throughput, effectively supporting efficient operation of the core storage system. Combined with intelligent O&M technologies, Huawei's solution enables status visualization, fast fault locating, and simplified O&M, slashing O&M costs. Together, the CloudEngine switches and OceanStor Dorado storage offer a more stable network, higher performance, and simplified O&M, supporting continuous service growth with an advanced and reliable digital foundation.
The storage solution for intra-city equipment rooms uses the BGP active-active architecture to implement redundancy backup for network nodes and achieve seamless service switchover. Huawei OceanStor Dorado all-flash storage and the mature and stable IP network technology enable in-depth storage-network collaboration, delivering fast route convergence, low access latency, high data reliability, and uninterrupted mission-critical services. The BGP protocol is introduced to address the problem of logical port failover on the Layer 3 network, and a NAS active-active setup with three-layer networking is deployed.
GF Securities deploys a three-layer NAS active-active network. The storage servers in the two data centers are connected to the BGP network through access switches, and advertise the service addresses to the live network through BGP. The access switches then import the service routes and advertise them to the OSPF network in the same area, where hosts can access the NAS storage. On the aggregation switches (UP) and firewalls in the area, static routes associated with detection based on network quality analysis (NQA) are configured toward the NAS storage. This advertises the specific routes to the NAS storage across the entire data center and to the BGP backbone network, enabling NAS sharing across multiple areas within the data center and across multiple data centers. The storage network uses full-mesh connections. Each storage device has two physical ports connected to two switches, respectively, to implement link-level HA. In addition, Layer 3 BGP interconnection is used. Each interface advertises BGP service routes to ensure service HA.
In normal storage service access scenarios, the hosts in equipment rooms A and B collaborate with DNS servers to obtain the NAS storage addresses of the two rooms, respectively, for access. The storage devices in the two equipment rooms provide services simultaneously, and access requests outside the NAS area follow the principle of preferring the effective specific routes. In addition, the NAS storage performs synchronous data replication through the back-end replication network.
In common fault scenarios, for example, a hardware fault, process exception, or performance overload occurs on controller A in the equipment room, the system automatically triggers redundancy switchover and seamlessly switches the service control rights to controller B. After the switchover is complete, controller B takes over services and advertises related service routes to ensure uninterrupted storage services in a single equipment room. This implements controller-level redundancy protection and ensures stable running of local storage services.
In extreme fault scenarios, for example, the entire NAS storage cluster in equipment room A is abnormal and cannot provide local storage services, the system will start cross–equipment room DR switchover to enhance the system service availability. Access requests follow two paths:
1. Accessing NAS in the same area: The VIP1 service address in equipment room A will be automatically failed over to the storage node in equipment room B, and advertised through the BGP network in equipment room B. In addition, the access switch in equipment room B will import the VIP1 service route to the OSPF area and synchronize the route to the same area in equipment room A through the OSPF protocol. This ensures that hosts in the same area in equipment room A can access the VIP1 storage service via the OSPF network.
2. Accessing NAS across areas or equipment rooms: Due to the failure of the NQA-associated specific route on the aggregation switch (UP) in equipment room A, the summary route to the NAS in equipment room A can only be learned from equipment room B. As a result, access traffic is sent to equipment room B. After arriving at the aggregation switch (UP) in equipment room B, the traffic is then sent to the NAS service area in equipment room B via the summary static route for the NAS in equipment room A, thereby reaching the NAS storage address in equipment room A. (The VIP1 service address in equipment room A is automatically failed over to the storage node in equipment room B, and advertised through the BGP network in equipment room B.)
The core challenge of containerization lies in the agile collaboration between storage resources and container clusters. With this in mind, GF Securities adopted Huawei OceanStor Dorado all-flash storage and leveraged the native CSI to seamlessly integrate the storage layer with Huawei's Cloud Container Engine (CCE). This deep integration empowered the company to build a unified and efficient storage–container architecture.
Optimal agility and elasticity: With Huawei's solution, GF Securities increased storage resource provisioning speed by 100% compared to traditional approaches, enabling effortless handling of batch microservice boot storms. In addition, the solution supported dynamic creation and reclamation of PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs), perfectly meeting the company's need for elastic resource provisioning during containerized deployments of mission-critical applications.
Seamless mobility: By taking full advantage of the standardized CSI, GF Securities achieved seamless linkage between storage resources and container pods, enabling cross-node data sharing and ensuring real-time data updates for container failovers. This eliminated inefficient cross-pod access and cumbersome data copying processes in traditional container storage.
Ultimate performance: Powered by an end-to-end NVMe architecture, OceanStor Dorado all-flash storage has built a data highway for GF Securities, delivering stable latency under 1 ms—a 3x performance boost over the legacy storage. This robust capability allows GF Securities to easily handle I/O surges during peak trading periods such as opening auctions and end-of-day volatility.
Driven by an uncompromising commitment to business continuity, GF Securities has built an intra-city active-active storage architecture based on Huawei's native CDR technology. This design has achieved high DR standards with RPO = 0 (zero data loss) and RTO ≈ 0 (near-zero recovery time).
Symmetric active-active architecture: The architecture synchronizes data in real time between two storage systems, combined with an independent third-party arbitration mechanism to guarantee data consistency between the two sites. It supports concurrent host read/write operations and load balancing, establishing a truly symmetric active-active model rather than the traditional active–standby failover setup.
Network convergence: Unlike traditional DR solutions, Huawei OceanStor Dorado's NAS active-active architecture eliminates the need for dedicated gateways and supports various networking methods, including IP, Fibre Channel, and RoCE. This architecture implements link convergence in seconds via the BGP protocol and narrows down the fault domain by 50%, seamlessly integrating with the existing network environment.
To meet its O&M team's need for efficient and intelligent management, GF Securities adopted the AI-driven, visualized O&M platform that works seamlessly with OceanStor Dorado. This platform enables global monitoring and alarming across storage resources, container clusters, and data flows.
Proactive defense: Powered by an advanced machine learning model, the platform enabled GF Securities to gain real-time insights into every I/O activity. Within just one minute, the platform can accurately identify anomalies such as ransomware, marking a transformative shift from reactive response to proactive defense.
Higher efficiency at lower costs: By leveraging automated data balancing and fault recovery as well as Self-Monitoring, Analysis, and Reporting Technology (SMART) and disk sub-health warning, GF Securities significantly simplified O&M. As a result, the O&M team boosted overall efficiency in data backup and routine maintenance by over 75%—truly achieving smart and mobile O&M with peace of mind.
Network-wide visibility: Turbocharged by the xFlow smart and on-demand full-flow technology, Huawei's intelligent network O&M platform helped GF Securities analyze the TCP link setup status across the entire network via ERSPAN lightweight mirroring, accurately reproducing the real-world service traffic forwarding paths. In addition, the platform visualized network-wide traffic conditions by deeply correlating device information and monitoring microbursts, packet loss, and other key indicators in real time.
GF Securities' cloud-native transformation journey—from supporting containerized deployments with the CSI, to building CDR-based active-active architecture for always-on services, and further to intelligent O&M for enhanced management efficiency—fully validates the technical value of high-end all-flash storage.
Looking ahead, GF Securities plans to establish a joint team with Huawei to deepen their partnership. With a focus on mission-critical scenarios in the securities industry, such as quantitative trading and AI-driven market analysis, the team will drive extensive co-innovation backed by seamless collaboration between OceanStor Dorado all-flash storage, CCE-powered container cloud, and CloudEngine data center switches. Furthermore, GF Securities will keep exploring the deep integration of network-storage-compute-application, with an aim to push the digital-intelligent transformation of the financial industry even further.
Huawei OceanStor Dorado All-Flash Storage series are designed for mission-critical workloads.
Copyright © 2026 Huawei Technologies Co., Ltd. All rights reserved.
