A stock exchange is a deterministic state machine wrapped in microsecond-budgeted I/O. The dominant pattern, popularized by LMAX and now near-universal across NYSE Pillar / Nasdaq INET / CME Globex / Eurex T7, is **single-writer matching** behind a **sequencer** that linearizes every event before it touches the book. Everything else — gateways, market data, surveillance, post-trade — exists to make that single thread fast, recoverable, and provably deterministic. The hard parts: - **µs budget end-to-end**: NIC ingress to NIC egress p99 < 50 µs across gateway + risk + sequencer + match + MD egress. p99.99 < 150 µs. HFT customers budget tick-to-trade ≤ 10 µs round trip on their side, so any internal regression is detected within minutes. - **Determinism**: replay the journal six hours later → byte-identical book. No wall clocks, no hash-map iteration order, no allocator dependence, no JIT warmup leaks. - **Bit-identical hot-standby**: same code, same JVM, same kernel, same NIC firmware. Facebook IPO 2012 shipped a secondary that *had the data* but ran a slightly different code path — $10M SEC settlement, $62M investor fund. State equality is necessary but not sufficient. - **Reg SCI / 15c3-5**: pre-trade risk is in the order path, not async. Knight Capital lost $440M in 45 minutes when a feature-flag flip woke 8-year-old dead code and there was no kill switch. - **MiFID II RTS 25**: ±100 µs UTC traceability for HFT venues. Lose the GPS lock for 4 minutes and you're reportable.