Financial Infrastructure · DevOps · Boston

Engineering inside
financial services.

Ten years across private equity, retail, and asset management. Real technical experience covering infrastructure, cloud, security, and trading systems. Written plainly to help other engineers navigate this world.

Michael Harlow
Michael Harlow // sys.ghost  ·  Boston, MA
☕ Buy me a coffee
Latest post
Every engineering org I talk to is running AI agents somewhere in production now. Almost none of them have figured out how to operate them the way we operate everything else that touches customer data.
Jul 14, 2026 · 11 min read
Read →
Latest post
Every engineering org I talk to is running AI agents somewhere in production now. Almost none of them have figured out how to operate them the way we operate everything else that touches customer data.
Jul 14, 2026 · 11 min read
Read →
All posts

Archive

We scheduled a Technology Connect event for our engineering team and built a lineup of games around AI and infrastructure topics. Here's how we put it together and what I'd do differently.
← Back to posts
Infrastructure Apr 15, 2026 · 14 min read

Enterprise Job Schedulers and Managed File Transfer: What They Are, How They Fit, and When You Actually Need Them

Enterprise Job Schedulers and Managed File Transfer: What They Are, How They Fit, and When You Actually Need Them

Two categories of tooling show up in almost every large financial services firm and are almost never discussed in engineering blogs: enterprise job schedulers and managed file transfer platforms. They are not exciting. They do not appear in conference talks. The vendors who sell them have not rebranded around AI. But if you work in financial infrastructure long enough, you will inherit one or both of them, and understanding how they actually work will save you a lot of pain.

This post covers both: what they are, the major platforms you are likely to encounter, how they fit into a modern infrastructure, and the gotchas that take people by surprise.

Enterprise job schedulers

What they are

An enterprise job scheduler is a system for defining, triggering, monitoring, and managing batch jobs across an organisation. The word "enterprise" here means something specific: these are not cron jobs. Enterprise schedulers manage dependencies between jobs, handle failures with configurable retry and escalation logic, maintain audit trails, provide centralised visibility across many systems, and integrate with the monitoring and alerting infrastructure that operations teams actually use.

In financial services, the canonical use cases are:

  • End-of-day processing runs (positions, P&L calculations, reconciliations)
  • Data feeds from exchanges and counterparties that arrive on schedules
  • Report generation and distribution
  • Database maintenance jobs (index rebuilds, archival, replication checks)
  • Regulatory reporting extracts that need to complete by specific deadlines

The key characteristic is that these jobs have dependencies on each other, time constraints that are business-critical, and failure modes that need human attention. A cron job that fails sends no alert. An enterprise scheduler job that fails pages the on-call, holds downstream dependent jobs, and creates an audit record.

The major platforms

Control-M (BMC) is the dominant platform in financial services. If you work at a bank, an asset manager, or a large insurance company, there is a reasonable chance you are running Control-M somewhere. It has been around since the 1980s and has accumulated a staggering amount of functionality. The interface is dated but it works. The key concepts are jobs, job flows, resources, and conditions. Jobs have predecessors (they wait for other jobs to complete successfully before running) and conditions (they can set boolean flags that other jobs check before starting).

Autosys (Broadcom, formerly CA Technologies) is the other major incumbent in financial services. Architecturally similar to Control-M: centralised server (the Event Server), agents on the machines where jobs actually run, and a definition language (JIL, Job Information Language) for creating jobs. Autosys has a reputation for being somewhat more scriptable than Control-M, which makes it easier to manage as code.

jil
/* Simple Autosys job definition */
insert_job: eod_reconciliation
job_type: CMD
command: /opt/scripts/run_reconciliation.sh
machine: batch-server-01
owner: batchuser
permission: gx,wx
date_conditions: y
days_of_week: mo,tu,we,th,fr
start_times: "18:00"
condition: s(market_close_confirm) & s(positions_loaded)
alarm_if_fail: y
notification: mail="ops-team@example.com"

This defines a job that runs at 18:00 on weekdays, but only if two conditions are set (meaning two upstream jobs completed successfully). If it fails, it raises an alarm and sends email.

Apache Airflow deserves mention here even though it occupies a different tier. Airflow is not an enterprise scheduler in the traditional sense, but it has become the dominant tool for data pipeline orchestration in modern data engineering work. If your firm has a data team that came from a technology background rather than a traditional financial services background, they are probably running Airflow. It is Python-native, code-defined, version-controllable, and significantly more pleasant to work with than Control-M or Autosys. Its weakness is operational maturity relative to the legacy platforms.

Working with legacy schedulers

If you inherit a Control-M or Autosys environment, a few things are worth knowing.

The job definition is not usually in source control. This is the first problem. In most legacy environments, jobs are defined directly in the scheduler's database, modified through a GUI, and not tracked in version control. Getting job definitions exported and into git is one of the most valuable things you can do for operational stability. Both Control-M and Autosys have export functionality; the process is tedious but worth doing.

Dependencies are the source of most incidents. The most common failure mode is a job that is waiting for a predecessor that has itself failed or been skipped. These chains can be long and the scheduler's dependency graph visualisation is often difficult to read. Invest time in understanding the critical path through your end-of-day runs, specifically which jobs are blocking the most downstream work.

Time-based triggers are less reliable than condition-based triggers. A job triggered at 18:00 will run at 18:00 whether the upstream data it needs is ready or not. A job triggered by a condition that upstream set will only run when upstream is actually done. Wherever possible, prefer condition-based triggering over time-based triggering.

Managed file transfer

What it is

Managed File Transfer (MFT) is a category of tooling for moving files between systems in a controlled, auditable, and reliable way. The "managed" part is important: unlike a simple FTP or SCP transfer, an MFT platform tracks every transfer, handles retries and failures, enforces encryption and authentication policies, provides non-repudiation (proof that a file was sent and received), and integrates with the audit infrastructure.

In financial services, this matters enormously. Files moving between systems often contain sensitive data: trade confirmations, regulatory reports, counterparty feeds, settlement instructions. Regulators care about how these files are transmitted, whether they are encrypted, who has access to them, and whether there is an audit trail. MFT platforms exist to answer all of these questions.

The major platforms

IBM Sterling File Gateway (formerly Sterling Commerce) is the dominant MFT platform in large financial institutions. It handles an enormous range of protocols (FTP, FTPS, SFTP, AS2, HTTP/S, and several financial industry-specific protocols), supports complex routing rules that transform and redirect files based on content or metadata, and provides the audit and non-repudiation capabilities that compliance teams need. It is also complex, expensive, and notoriously difficult to administer.

GoAnywhere MFT (Fortra) is a more modern alternative that has gained significant ground in financial services over the last decade. It supports the same protocol breadth as Sterling, has a significantly better administrative interface, and is easier to automate. For firms that are running Sterling because they inherited it and not because they specifically need its edge capabilities, GoAnywhere is often a viable migration target.

SFTP-based solutions are worth mentioning even though they are not full MFT platforms. Many firms run a managed SFTP service (either self-hosted on Linux with extensive scripting around it, or a cloud-based service like AWS Transfer Family) for specific use cases where the full weight of Sterling or GoAnywhere is not needed. This is reasonable for lower-risk file flows but becomes a problem when audit requirements or protocol support requirements grow beyond what basic SFTP can provide.

The key concepts

Trading partners are the external systems you are exchanging files with. In MFT terminology, a trading partner has a defined connection profile (protocol, credentials, endpoint), a set of agreed file formats, and a relationship that is tracked in the MFT platform. When something goes wrong with a specific partner, you look at that partner's configuration and recent transfer history.

Channels or routes define how files move between trading partners and internal systems. A channel typically specifies: where files come from, any transformation applied to them, and where they end up. Complex channels can fan out to multiple destinations or route based on file content.

Non-repudiation is the audit capability that makes MFT distinct from simple file copy. The platform records sender identity, file hash, timestamp, and acknowledgement from the receiver. This creates a chain of evidence that can be used to answer "was this file actually sent?" and "was it received intact?" questions that come up frequently in reconciliation failures and regulatory enquiries.

A practical example: replacing an SFTP script with Sterling

A common scenario: you have a batch job that uses a shell script to SFTP a file to a counterparty. It works, mostly. When it fails, it fails silently unless someone checks a log file. There is no audit trail. The credentials are in a config file on the batch server. Compliance wants evidence that the file was sent and received.

The Sterling-based replacement looks like this:

  1. Batch job writes the file to a Sterling-monitored mailbox directory instead of calling SFTP directly
  2. Sterling detects the new file, applies any required transformation (PGP encryption, format conversion)
  3. Sterling initiates the transfer to the counterparty via the agreed protocol
  4. Sterling records the transfer, including the acknowledgement from the counterparty
  5. Sterling triggers a completion event that the job scheduler can use as a condition

The batch job itself is simpler. The operational complexity moves into Sterling, where it is visible to the operations team, auditable by compliance, and monitored centrally.

How they work together

In practice, enterprise schedulers and MFT platforms are tightly coupled in financial services batch operations.

A typical end-of-day flow might look like this:

text
18:00 - Positions job runs (Control-M)
  -> Sets condition: positions_complete
     |
18:30 - P&L calculation job runs (condition: positions_complete)
  -> Sets condition: pnl_complete
     |
19:00 - Regulatory extract job runs (condition: pnl_complete)
  -> Writes extract file to Sterling mailbox
     |
     Sterling picks up file, encrypts it, sends to regulator via SFTP
     Sterling sets completion flag
     |
19:30 - Confirmation job runs (condition: sterling_regulatory_sent)
  -> Sends internal confirmation email

The scheduler manages job dependencies and timing. The MFT platform manages the actual file movement and provides the audit trail. Each does what it is good at.

The modernisation question

The honest answer about these platforms is that most firms would not build this way if they were starting from scratch. Event streaming, API-based integrations, and cloud-native data pipelines have replaced batch file transfers for many use cases. Airflow or Prefect have replaced enterprise schedulers for data engineering work.

But the legacy infrastructure is real and it is not going away quickly. The reconciliation runs that close the books at end of day have been running the same way for twenty years and the firm's appetite to modernise them is limited by risk tolerance and competing priorities. Counterparties that still send files over SFTP are not going to switch to API calls because you asked them to.

The useful posture is to understand the existing infrastructure well enough to operate it reliably, look for opportunities to introduce better tooling for new work rather than trying to immediately replace the legacy foundation, and build incrementally. New data feeds can go through Airflow rather than Autosys. New file transfers that are lower-risk can use AWS Transfer Family rather than Sterling. Over time the footprint of the legacy platforms shrinks, but the transition takes years and the old systems need to keep working in the meantime.

If you are walking into an infrastructure role at a financial firm and discovering Control-M and Sterling for the first time, start by finding someone who has worked with them for years and asking them to walk you through the critical path jobs and the trading partners that matter most. That knowledge is rarely documented anywhere. It lives in people, and those people are not always easy to find.

Found this useful?
☕ Buy Michael a Coffee
← More posts

Hey, I'm Michael Harlow.

Senior Systems Engineer · Boston, MA · Writing as sys.ghost

I have spent over a decade building and maintaining infrastructure at the intersection of technology and financial services. My career has taken me through three distinct sectors -- technology, private equity, and asset management -- and each one changed how I think about what reliable infrastructure actually requires.

I started in general IT, which is where most engineers who did not go straight into software end up. Data centers, networking, on-call rotations, learning to label cables properly because unlabeled cables are a promise that someone else will suffer later. The work taught me that almost every sophisticated system is, one layer down, a collection of unglamorous fundamentals that either hold or do not. I still believe that. I still label everything.

Private equity came next, and it was a different world. The infrastructure stakes there are less about uptime and more about data integrity. When deal teams are making acquisition decisions based on data you are responsible for, and when a due diligence process has a hard deadline that does not move regardless of what broke overnight, your relationship with reliability changes. A wrong number in an LP report does not cause an immediate incident. It causes a conversation in a partner meeting six weeks later, and by then you need to reconstruct what happened from imperfect records. I became obsessive about data provenance in PE and I have not stopped.

For the past several years I have been in asset management, supporting trading and investment operations infrastructure. This is the environment I find most technically interesting. The compliance requirements are demanding, the legacy systems have long institutional memories, and the tolerance for operational errors is genuinely low -- not just in terms of business impact, but in terms of regulatory consequence. When markets are open, there is no fixing it after the weekend.

I started Packet & Profit in January 2026 because I kept looking for the kind of writing I wanted to read and finding it mostly did not exist. There is a lot of content for engineers online. There is much less written by engineers working specifically inside regulated financial services firms, being honest about what that actually involves day to day. The compliance conversations, the legacy constraints, the incident management in front of stakeholders who measure downtime in dollars per minute. That is what I write about here.

Outside of work I have been running a Saturday morning robotics course at my local YMCA for kids aged 10 to 14. It is one of the better decisions I have made.

Certifications

Red Hat Certified Engineer (RHCE)
Certified Kubernetes Administrator (CKA)
AWS Solutions Architect -- Associate
CompTIA Security+
HashiCorp Vault Associate

My Stack

RHEL / Ubuntu
Kubernetes
OpenShift
Terraform
Ansible
Prometheus
Grafana
Python / Bash
AWS / Azure
Cisco / Palo Alto
PostgreSQL
Redis
HashiCorp Vault
Fluent Bit
Helm
ArgoCD

Career

2022 -- Present
Senior Systems Engineer, Asset Management -- Boston, MA
Leading infrastructure for trading operations and investment management systems. Responsibilities span network security, cloud migration strategy, Kubernetes platform engineering, and incident response. Deeply involved in T+1 settlement infrastructure work and the shift from overnight batch processing to near-real-time event-driven architecture.
2018 -- 2022
Systems Engineer, Private Equity -- Boston, MA
Built and maintained data infrastructure supporting deal teams, portfolio monitoring, and investor reporting. Managed infrastructure through multiple due diligence cycles with hard deadlines and high data integrity requirements. Led a major data platform migration from on-premises to cloud-hosted infrastructure, including security controls satisfying LP and regulatory requirements.
2015 -- 2018
Infrastructure Engineer, Retail Technology
Supported inventory management, real-time pricing, and supply chain integration systems across a high-SKU retail environment. Operated under peak load conditions where scale was a concrete engineering problem rather than an abstract one. Built out monitoring and alerting infrastructure from scratch and managed a full data center relocation.
2013 -- 2015
IT Engineer, Technology Sector
Established the professional fundamentals: data center operations, network infrastructure, endpoint management, and the on-call rotations that teach you more about system fragility than any textbook. Developed an appreciation for cable labeling that has never left me.

Get in Touch

If you are an engineer working in financial services, curious about the career path, or have a question about something I have written, I would genuinely like to hear from you. Use the and I will get back to you. If something here has been useful, a coffee is always appreciated.

A note on anonymity: I write under my own name but keep my current employer private. The financial services industry is small, the regulatory environment is real, and I want to write honestly without those constraints. All incidents and case studies on this site are anonymised. The technical content is real; identifying details are not.
Get in touch

Contact

Whether you are an engineer in financial services, have a question about something I have written, or just want to say hello - feel free to reach out. I read everything.

Powered by Resend · No spam, ever

Legal

Privacy Policy

Last updated: April 2026

This policy explains what information Packet & Profit collects when you visit this site, how it is used, and what choices you have.

Information We Collect

We do not require you to create an account or provide personal information to read this blog. The only personal information we collect is what you voluntarily submit through the contact form: your name, email address, and message. This information is transmitted via Resend and used solely to respond to your enquiry.

Google AdSense and Advertising

This site uses Google AdSense to display advertisements. Google AdSense uses cookies and similar tracking technologies to serve ads based on your prior visits to this and other websites. This means Google may use information about your visits to this site to show you personalised ads on other sites across the web.

You can opt out of personalised advertising by visiting Google Ads Settings, aboutads.info, or optout.networkadvertising.org. See Google advertising policies for more.

Cookies

This site uses a single first-party cookie to remember your theme preference (light or dark mode). This cookie contains no personal information. Third-party cookies may be set by Google AdSense for advertising purposes as described above.

Analytics

This site does not currently use any analytics platform beyond what Vercel provides as part of its standard hosting service (aggregated, anonymised traffic data).

Contact Form

When you submit the contact form, your name, email address, subject, and message are transmitted to the blog author via Resend. This data is not stored by this site and is not shared with any third party beyond Resend. See Resend's privacy policy for details.

Third-Party Links

Posts on this site may link to external websites. We are not responsible for the privacy practices or content of those sites.

Your Rights

If you have submitted a message via the contact form and would like that information removed, or if you have any questions about this policy, please use the contact form to get in touch.

Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects when it was last revised.

Legal

Terms of Service

Last updated: April 2026

By accessing and using Packet & Profit (packetandprofit.com), you agree to be bound by these Terms of Service. If you do not agree, please do not use this site.

Use of Content

All written content, illustrations, and code examples published on this site are the original work of Michael Harlow unless otherwise stated. You are welcome to share links to posts and quote brief excerpts (with attribution), but you may not reproduce full articles, copy content to other websites, or use the content for commercial purposes without written permission.

No Professional Advice

Content published on this site reflects personal opinions and professional experience. It is provided for informational and educational purposes only. Nothing on this site constitutes financial, investment, legal, or professional advice of any kind. See the for more detail.

Third-Party Links

This site may contain links to third-party websites. These links are provided for convenience and do not constitute an endorsement of the linked site or its content. We have no control over and accept no responsibility for external sites.

Advertising

This site participates in Google AdSense, which displays advertisements from third-party advertisers. The presence of an advertisement does not constitute an endorsement of the advertiser's products or services. Ad content is determined by Google based on the content of this site and your browsing history.

Accuracy of Information

While we make every effort to ensure the accuracy of information published on this site, technology and financial markets change rapidly. Information that was accurate at the time of publication may become outdated. We do not warrant the completeness, accuracy, or timeliness of any content on this site.

Limitation of Liability

To the fullest extent permitted by law, Packet & Profit and its author shall not be liable for any direct, indirect, incidental, or consequential damages arising from your use of, or inability to use, this site or its content.

Changes to These Terms

We reserve the right to update these terms at any time. Continued use of the site following any changes constitutes your acceptance of the revised terms. The date at the top of this page reflects the most recent revision.

Contact

If you have questions about these terms, please use the .

Legal

Disclaimer

Last updated: April 2026

Packet & Profit is a personal blog written by Michael Harlow, a Systems Engineer based in Boston, MA. The views expressed here are entirely his own and do not represent those of any employer, client, or organisation he is affiliated with.

Not Financial or Investment Advice

This site discusses financial services technology, investment management infrastructure, and related engineering topics from a technical practitioner's perspective. Nothing published here is financial advice, investment advice, or a recommendation to buy, sell, or hold any security, asset, or financial instrument. The author is not a registered financial adviser, broker, or investment professional.

Content that references financial markets, trading systems, or investment firms is provided for technical and educational context only. Any figures, case studies, or examples are illustrative and should not be relied upon for financial decisions.

Not Legal or Professional Advice

Nothing on this site constitutes legal, compliance, regulatory, or professional advice. Readers should consult qualified professionals for advice specific to their circumstances.

Professional Experience

Posts on this site draw on the author's professional experience in systems engineering across private equity, retail technology, and asset management. Specific details about employers, clients, projects, and colleagues have been anonymised or generalised. Any resemblance to specific organisations is incidental.

Accuracy

The author makes reasonable efforts to ensure published information is accurate at the time of writing. The technology and financial services landscape changes quickly. Readers should verify any technical or regulatory information against current primary sources before acting on it.

Affiliate Links and Advertising

This site displays advertisements through Google AdSense. The site may also contain links to tools, services, or products that the author uses or finds useful. These are not paid endorsements unless explicitly stated. The author's opinions are his own and are not influenced by advertisers.

Questions

For questions about anything on this site, please use the .

This site uses cookies for theme preferences and displays ads via Google AdSense, which may use cookies to personalise ads.