I've been algo trading for about 10 years now - from some super basic setups initially (single computer at home) to cloud based strategies to hybrid models where I backtest at home but deploy the code in the cloud to using AWS lambda. Over this time this has resulted in spaghetti code (having over 110 strategies with only a fraction of them delivering actual results didn't help either) little to no documentation on the whole thing and a setup that feels like it cannot easily scale. It all started with my TWS version being close to end of life and me upgrading TWS - I think it's time to modernize some of this and get rid of all the clutter - possibly rewrite some of the code from Java in Python - now that IB has a python API. I'm also planning on much better security around my accounts - some of my passwords have been in place for much longer than 10 years. I opened a tastyworks account at the beginning of the year - they don't have API support or Portfolio Margin yet but will over the next six month. I don't trade much with them yet since the platform is still pretty raw but as they mature I'm planning to slowly transition and harden my trading setup - right now I've to manually figure out P&L since it's spread across three brokers (IB/TD/Tastyworks) and only two of them have API access. My plan is to have this thread for about 6-9 month as I slowly transition (I have a sales job in a software company which pays most of the bills) - post the steps in the process and once stuff is running in the new environment possibly P&L. I just ordered a super cheap server @ https://vpsdime.com/ - (35$/month) which will host most of my functions to make this work
Well - the server is up and running and I can log in. Step 1 - change my password - done. Step 2 - check what's running/listening on it before investing much time - looks like it's missing some libraries - installed netstat (yum install net-tools) Step 3 - change ssh to non standard port https://www.liberiangeek.net/2014/11/change-openssh-port-centos-7/ Step 4 - Stop smtp and remove it from box http://www.tecmint.com/remove-unwanted-services-in-centos-7/ Step 5 - get a drink - this should survive a couple hours now
I'm not overly worried of VPS versus physical - I think if you have a bad provider you're screwed either way. It's just as easy for them to get the drives out of your physical box as it is for them to mess with a VPS. Hence step 1 - change your password and step XXX (not sure where that'll land) and encrypt your drive. I am worried about the overall availability but with VPS I can use the same process and build another system at another provider in case vpsdime isn't that reliable. I also like the flexibility of a VPS - being able to increase or decrease capacity based on backtests or system needs. I also invested into some cots software last year called splunk (splunk.com) - I've used the free version forever - mainly to debug my trading logic and logs - I plan on using that for security as well. I've set up a basic dashboard in the last hr to alert on failed logins and other potential hack attacks or if someone messes with the system.
Maybe you should look at something such as Chef or Puppet so that you can replicate your setup in 1 click, keep it updated across multiple servers etc. Also have a look at SoYouStart.com (OVH.com / Kimsufi.com) Online.net and scaleway.com, for 35$ per month you will have a better server with unmetered traffic and baremetal instead of vps, I've been using them since 2006.
Why is bare metal better for trading? I current operate on a vps but I certainly could change if it would be better.
First of all thanks to both of you - that's the type of interaction I was hoping for. Now specifically to share some of my experiences. I wasn't aware that you could get physical servers for that little money - that's great input. Some of the providers are outside of the US - I'm a little hesitant using them - not cause of trust issues but cause of IB. I remember I was traveling abroad for work about 7 or 8 years ago and had to quickly get out of a position. I logged into TWS with my second ID and closed my position. A day or two later I got an email from the compliance department from interactive brokers telling me that they thought it was potentially a hack attack (which is great that they look for that) but even worse that my account may be closed because of that (which came out of nowhere but some of IB's actions certainly are). Since that email I am very worried about my IP footprint when logging into IB - I had to show them the flight/etickets ... just to keep my account and IB was (and still is) my main trading gateway. So having a non US ip address is a no go since I'm too dependent on IB. I even set up a VPN that when I'm traveling for work these days I'm always coming in from the same ip address (my home network) to avoid this situation in the future - in the low cost auto-trading space IB is the 800 pound gorilla and you don't want to upset them. As far as chef/puppet goes - here's a little bit more background. I'd love to build my new stuff on more modern components, micro services, containerized deployments that can easily scale up or down based on demand but reality is that my trading doesn't work that way. I'm still in the pets category - no need for cattle - even though I'd really like to switch (If you're not familiar with this check out Understanding pets vs cattle in the middle of this post) http://cloudscaling.com/blog/cloud-computing/the-history-of-pets-vs-cattle/ The reality of my system is - I need rock solid security since it hosts more than half of my net worth. I need market access (via IB, TOS and eventually tastyworks) I have some batch/bulk jobs that download daily quotes and 15 second quotes but can literally run for hours - none of my trading decisions are based on that I need to be able to launch the strategy code and monitor execution (e.g. react to partial fills) - most of my trading activity is in the first and last 30 minutes of the trading day - the initial data prep for that is typically less than 15 minutes of data crunching to identify potential candidates. I need to be able to do automated accounting across the brokers - this is automated via IB and TD but is manual for tastyworks I need to be able to backup my open trades easily - that's the only persistent information - quotes and everything else can be backfilled within a very short period of time (less than a day) - losing open trades would require manual input and research and for sure set me back 4-6 hrs to do.
Ignoring the auto scaling bit, using an automated provisioning system like puppet, chef, ansible, or saltstack (my preference) allows you to move to another provider with very little effort. This time you're spending changing passwords, ssh ports, setting up fail2ban or whatever you're using to monitor failed login attempts, the removal of unnecessary services, installation of software packages/libraries that you do need, and so forth gets defined in your provisioning system. If you need to basically recreate that environment on a new system, you just install and run the provisioner on the new host, wait a couple minutes, and you're done. If you don't change hosts often, then the time to set up such a system may not be worth it to you, but there are benefits. What if your system gets hosed for whatever reason (file system corruption, you made a config change that broke something, package update had unintended consequences)? What if it gets hacked? What if you just want to rebuild it for whatever reason? Another nifty feature is that you can then add your provisioning configurations to a source repository (ie Git) and then you can effectively version control your server configurations. This also then lets you run those same provisioning scripts against a test VM on your local computer before deploying those server level changes to your live VPS. Docker has some benefits in this realm as well. In some ways it's actually easier to achieve a similar effect using docker, but then you have to run within a docker rather than having the flexibility of going with any old VPS or bare metal like you can with puppet/chef/ansible/saltstack. I even toyed around with using saltstack to create my docker images. That way I can use my saltstack configs to deploy to bare metal, VPS, AWS, docker, whatever. Anyway the point is, a lot of the newer techniques used today are geared towards autoscaling, high availability, and other forms of distributed architecture, but there's still benefits at least to using a method of versioning and consistently reproducing a server environment whether that's through the use of a provisioning software like puppet/chef/ansible/saltstack or through the use of docker.
I don't think that you need to have any fear of using a provider outside the USA. IB has many customers outside the USA. Those customers are not kicked out by IB every time they place an order. I think that your issue with IB at that time was caused by the fact that your messages always came from location A, and now suddenly and unexpectedly, from location B. This triggered their suspicion. I also think that IB's behaviour these days would be different than 7 or 8 years ago, as many traders are now using mobile apps and thus connect to IB from anywhere. The two factor authentication helps in keeping things more secure, even if those customers keep on logging in from different geographical locations.