Networking & Content Delivery
How LSEG connects the world of finance: Using AWS Cross-Region PrivateLink to transform global market data access
The London Stock Exchange Group (LSEG) is a leading global financial markets infrastructure and data provider, serving over 25,000 customers across 190 countries. The company operates the London Stock Exchange and provides critical market data, analytics, and trading technology to banks, asset managers, hedge funds, and other financial institutions worldwide. Through its Real-Time Optimized (RTO) platform, LSEG delivers over 8 million price updates each second, supporting high-frequency trading, algorithmic strategies, and real-time risk management across global capital markets.
Financial institutions need consistent, low-latency access to market data across multiple geographic regions. LSEG’s RTO platform addresses this imperative by providing a cloud-native market data distribution service that delivers low latency to trading applications, risk management systems, and analytics platforms worldwide.
LSEG’s RTO platform has revolutionized this paradigm through the deployment of Cross-Region AWS PrivateLink technology, expanding low latency market data access from six Amazon Web Services (AWS) Regions to a comprehensive 32-Region global footprint. This transformation enables financial institutions to access real-time market data from previously inaccessible AWS Regions while maintaining enterprise-grade security, reducing infrastructure costs, and streamlining network architecture.
In this post, we explore the technical architecture behind LSEG’s Cross-Region PrivateLink implementation, examine the AWS services that power this solution, and detail the performance and security benefits that make this approach compelling for financial institutions seeking to modernize their market data operations across geographic boundaries.
LSEG’s global expansion requirements
LSEG’s RTO service sought to expand its global reach to better serve financial institutions worldwide. This required addressing several key requirements:
- Broader regional coverage: Extending RTO’s availability beyond the initial six strategic AWS Regions to serve customers in emerging markets and new geographic areas.
- Simplified deployment model: Enabling global access without requiring infrastructure deployment in every target AWS Region, reducing operational complexity for both LSEG and customers.
- Enhanced customer flexibility: Allowing financial institutions to access RTO from any AWS Region where they operate, no matter where LSEG’s infrastructure is deployed.
- Streamlined connectivity: Eliminating the need for precise Availability Zone (AZ) coordination between provider and consumer endpoints to streamline customer onboarding.
- Predictable cost structure: Providing transparent, scalable pricing for cross-Region access based upon customer usage rather than infrastructure overhead.
With over 8 million price updates each second flowing through the RTO platform and data volumes growing 20–40% a year, LSEG sought to expand global access to its market data service. Initially available in six AWS Regions, LSEG recognized an opportunity to expand to more geographic locations without deploying infrastructure in each new AWS Region. Cross-Region PrivateLink enabled this expansion, allowing LSEG to extend RTO’s reach to 32 AWS Regions while maintaining the same low-latency performance and security standards.
Existing connectivity limitations
Before Cross-Region PrivateLink, financial institutions had three primary connectivity options, each with trade-offs:
- Internet connectivity: Although widely available, internet-based connections introduce latency variability and raise questions about the security of sensitive market data.
- In-Region PrivateLink: Provides excellent security and performance but limits customers to AWS Regions where LSEG has deployed RTO infrastructure.
- Delivery direct: Offers dedicated connectivity but requires physical infrastructure deployment and is limited to specific geographic locations.
How Cross-Region PrivateLink transforms market data delivery
Cross-Region PrivateLink technology fundamentally changes how LSEG’s RTO service delivers market data across geographic boundaries. This cloud approach provides private connectivity between VPC endpoint services across AWS Regions without exposing traffic to the public internet.
Architecture overview
The following diagram (Figure 1) shows the Cross-Region PrivateLink connectivity architecture for RTO:
Figure 1: Cross-Region PrivateLink connectivity architecture for RTO
In this architecture:
- Provider-side configuration: LSEG’s RTO service runs in provider VPCs across six strategic AWS Regions: US-EAST-1, US-EAST-2, EU-WEST-1, EU-CENTRAL-1, AP-NORTHEAST-1, and AP-SOUTHEAST-1.
- Cross-Region endpoint services: Cross-Region PrivateLink connectivity exposes endpoint services that are accessible from remote AWS Regions.
- Consumer-side integration: Financial institutions can create interface VPC endpoints in their local AWS Region that connect securely to LSEG’s endpoint services in distant AWS Regions.
- AWS Backbone transport: All cross-Region traffic flows over the AWS private global network backbone, avoiding the public internet entirely.
Technical implementation of Cross-Region PrivateLink for RTO
LSEG’s implementation of Cross-Region PrivateLink for RTO provides several distinct technical advantages over traditional connectivity models:
Flexible multi-AZ deployment
Cross-Region PrivateLink builds upon the proven security and reliability of PrivateLink while extending connectivity across AWS Regions. With CRPL, consumers have the flexibility to deploy interface endpoints in any Availability Zone within their AWS Region, and can also choose to deploy across multiple Availability Zones for enhanced zonal resilience:
#Example AWS CLI command to create a Cross-Region VPC Endpoint with multi-AZ resilience
aws ec2 create-vpc-endpoint
--vpc-id vpc-0123456789abcdefg
--vpc-endpoint-type Interface
--service-name com.amazonaws.vpce.us-east-1.vpce-svc-0123456789abcdefg
--subnet-ids subnet-xxxxxxxxxxxxxxxxx subnet-yyyyyyyyyyyyyyyyyyyyy
--Region ap-southeast-2
--service-Region us-east-1
This command creates a VPC endpoint in the AP-SOUTHEAST-2 Region that connects to LSEG’s RTO service in US-EAST-1. The endpoint can be created in single or multiple subnets for flexibility, with AWS automatically handling the cross-Region connectivity.
Managed failover architecture
Cross-Region PrivateLink offers managed failover across Availability Zones in both the consumer and provider Regions:
- Consumer-side failover: When using the Regional DNS name to access a multi-AZ VPC endpoint, traffic is automatically rerouted to healthy Availability Zones in case a zone fails. This automatic failover requires using the Regional DNS endpoint rather than zonal-specific DNS names.
- Provider-side failover: If the failure of a zone affects the provider AWS Region, then AWS dynamically shifts traffic away from the affected Availability Zone to other healthy service Availability Zones to which the service is configured.
The dual-layer failover capability provides superior resilience when compared to traditional connectivity methods.
Security model
The Cross-Region PrivateLink security model maintains the same principles as in-Region PrivateLink:
Bidirectional authorization: Service providers can configure their endpoint services to require acceptance of endpoint connections, and consumers must create endpoints to approved services.
Private DNS integration: Consumers can also enable private DNS for their endpoints, allowing applications to use the same DNS names across AWS Regions.
Network-level security: All traffic between the consumer VPC endpoint and LSEG’s service flows over the AWS private network backbone, never crossing the public internet.
Integration with RTO authentication and discovery
The Cross-Region PrivateLink implementation integrates seamlessly with LSEG’s existing authentication and service discovery mechanisms:
Authentication flow
RTO supports both V1 (machine account) and V2 (service account) authentication mechanisms over Cross-Region PrivateLink connections. When accessing the service through a cross-Region endpoint, the authentication flow remains consistent:
- Authenticate through Delivery Platform Token Service API to obtain a security token.
- Use the security token to discover available service endpoints through the Service Discovery API.
- Establish a connection to a streaming service through the Cross-Region PrivateLink endpoint.
- Send a Login Request over the active connection using the security token.
- Request the desired permissioned content.
LSEG Service Discovery API with Cross-Region PrivateLink
LSEG’s Service Discovery API has been enhanced to support Cross-Region PrivateLink connections through other parameters:
Consumers can query the LSEG’s Service Discovery API for detailed information about available endpoints, including the Cross-Region PrivateLink service names required for establishing connections:
{
"services": [
{
"port": 14002,
"location": ["us-east-1a", "us-east-1b"],
"transport": "tcp",
"provider": "aws",
"endpoint": "us-east-1-aws-3-sm.optimized-pricing-api.refinitiv.net",
"dataFormat": ["rwf"],
"privatelink": "com.amazonaws.vpce.us-east-1.vpce-svc-0123456789abcdefg"
},
// Additional endpoints...
]
}
Connectivity options: After Cross-Region PrivateLink
Cross-Region PrivateLink addresses the limitations of existing connectivity methods by combining the security and reliability of PrivateLink with global reach. Unlike internet connectivity, it provides consistent low-latency performance over the AWS private network. Unlike in-Region PrivateLink, customers can now access the RTO from any of the 32 AWS Regions without LSEG deploying infrastructure in each location. Furthermore, unlike Delivery Direct, it requires no physical infrastructure deployment, which provides rapid customer onboarding.
The following diagram (Figure 2) demonstrates the connectivity options available with Cross-Region PrivateLink:
Figure 2: RTO connectivity options
Supported protocol: Cross-Region PrivateLink supports the same encrypted and unencrypted protocols as other RTO connectivity methods, including RSSL and WebSocket connections.
Region support matrix: LSEG can now provide RTO services across 32 AWS Regions globally, including both default AWS Regions and opt-in AWS Regions. This significantly expands the geographic coverage when compared to the original six-Region deployment without adding overhead or deploying additional resources in each AWS Region.
Technical consideration and lessons learned
During LSEG’s Cross-Region PrivateLink implementation, several key technical considerations emerged:
- DNS resolution: Providing consistent service discovery across AWS Regions required careful coordination between regional DNS configurations and the centralized Service Discovery API.
- Connection pooling: High-frequency trading applications needed optimization for connection reuse across cross-Region endpoints to maintain performance.
- Monitoring and observability: Cross-Region connectivity required enhanced monitoring to track latency and availability across multiple AWS Regions simultaneously.
Performance and network characteristics
Cross-Region PrivateLink routes traffic over the AWS private backbone network rather than the public internet.
Latency measurements
Testing between AWS Regions shows the following network transit times:
| Region Pair | Average Latency (ms) | 95th Percentile (ms) |
|---|---|---|
| US East ↔️ US West | 70 | 85 |
| US ↔️ EU | 90 | 110 |
| US ↔️ APAC | 160 | 190 |
| EU ↔️ APAC | 170 | 200 |
These measurements only represent network transit. Total latency includes RTO service processing time and client application overhead.
Comparison to public internet connectivity
Prior to Cross-Region PrivateLink availability, customers outside of the LSEG deployment Regions connected through public internet. The following table shows the key differences:
| Characteristic | Public Internet | Cross-Region PrivateLink |
|---|---|---|
| Routing | Variable paths through ISP networks | Fixed paths over AWS backbone |
| Traffic exposure | Crosses public networks | Remains on AWS private network |
| Configuration | Requires VPN or Direct Connect for privacy | Direct VPC endpoint connection |
| Failover | Manual or third-party solutions | Automatic across Availability Zones |
Characteristic Public internet Cross-Region PrivateLink Routing Variable paths through ISP networks Fixed paths over AWS backbone Traffic exposure Crosses public networks Remains on AWS private network Configuration Requires VPN or Direct Connect for privacy Direct VPC endpoint connection Failover Manual or third-party solutions Automatic across Availability Zones
Bandwidth scaling
The Cross-Region PrivateLink implementation maintains the same scaling characteristics as in-Region PrivateLink:
- Bandwidth scales automatically with demand, starting at 10 Gbps per Elastic Network Interface (ENI) and increasing as needed
- Automatic scaling of bandwidth as traffic increases without manual intervention
- Support for thousands of concurrent connections per endpoint
Data transfer pricing
Cross-Region PrivateLink uses standard AWS inter-Region data transfer rates:
| Region Pair | Cost per GB |
|---|---|
| Within same Region | $0.01 |
| US East ↔️ US West | $0.02 |
| US ↔️ EU | $0.05 |
| US ↔️ APAC | $0.09 |
Other charges apply: hourly fee per endpoint and per connection hour. Go to the AWS PrivateLink pricing.
Customer success stories
Several financial institutions have already implemented Cross-Region PrivateLink for RTO access:
Global investment bank: Reduced market data latency by 45% for their APAC trading desk by accessing RTO through Cross-Region PrivateLink from AP-SOUTHEAST-2 to US-EAST-1. This allowed the firm to consolidate infrastructure while maintaining performance requirements for real-time trading applications.
Hedge fund: Established a new trading operation in the ME-SOUTH-1 Region without deploying more infrastructure in RTO-enabled AWS Regions. They used the Cross-Region PrivateLink implementation to launch in weeks rather than months, with latency characteristics that met their algorithmic trading requirements.
Conclusion
LSEG’s implementation of Cross-Region PrivateLink for RTO represents a significant step forward in global market data delivery. Financial institutions can use the AWS global network backbone and PrivateLink technology to access real-time market data from 32 AWS Regions worldwide without compromising security, reliability, or performance. The solution addresses a fundamental challenge in global financial markets: providing consistent, low-latency access to critical market data regardless of geographic location, with institutions able to establish new trading operations in weeks rather than months while maintaining enterprise-grade security and performance standards.
As financial markets continue to evolve, technologies such as Cross-Region PrivateLink will play a crucial role in enabling institutions to build truly worldwide market data strategies. This transformation allows organizations to focus on competitive differentiation and business growth rather than being constrained by infrastructure limitations and connectivity challenges.
About the authors
Mike Granoski (Guest)
Mike Granoski is the Director of Real-Time Architecture at LSEG, where he leads the modernization of cloud‑native, low‑latency pricing distribution systems. As Principal Architect for Real-Time Optimized (RTO), he drives innovation in high‑performance market data delivery, focusing on resiliency, throughput, and exceptional client experience.
Rohit Singh
Rohit Singh is a Principal Solutions Architect at AWS with over 9 years of experience helping enterprise customers design and build cloud-native solutions. He specializes in financial services and capital markets, working with exchanges and trading firms on low-latency architectures, data platforms, and generative AI. Rohit is based in the UK and is passionate about helping organizations modernize their technology to drive innovation and business outcomes.