1

Credit-Suisse PrimeTrade

Security and Installation Notes

Contents

Introduction 2 Installation Guide 3

Installation Guide via Installer 4 Detailed Notes and Appendices 9 Hardware Requirements 9 Network Requirements 10 Testing the Connection 10 PrimeTrade with Proxy Servers 12 PrimeTrade Security 13 Password Issues 15 Frequently Asked Questions 16

2

Introduction

This document is intended to assist with the following:-

• Installing PrimeTrade for the first time

• Updating your existing PrimeTrade to take advantage of our new Auto Deployment

function (Details below)

Summary:

• Simple to install and setup PrimeTrade

o Open firewall port 32000

o Allow certain sites to bypass proxy rules unchallenged for automatic updates, Please see Network requirements on page 10 for details. o Test connection o Install software from https://ptrade.ny.csfb.com/primetrade/ad/prod/map.html o Obtain usernames and passwords from CS sales contact

• PrimeTrade is an internet/intranet based real-time global order routing system.

• The client software is written in Java and will run on a number of platforms.

• The software may be installed on an individual workstation but not on a network file

server. User must have write and execute access to PrimeTrade directory and subdirectories.

• All user settings and portfolios are stored on the PrimeTrade central servers, allowing

users to log on to different workstations without the need to save their individual settings.

• Access points are available in New York, London, Tokyo, and Sydney.

• Auto updating version of PrimeTrade ensures access to newest features and best

performance.

• PrimeTrade uses advanced security features to ensure a secure connection (see notes

for more details)

• For further assistance, please contact the nearest PrimeTrade Technical Support

number:

o New York +1 212 325 6888

o London +44 20 7883 5888

o Tokyo +81 3 4550 5888

o Sydney +61 2 8205 5888

3

Installation Guide PrimeTrade Auto Deployment

Background: The auto deployment mechanism allows you to install PrimeTrade for the first time or

update your current PrimeTrade version to allow automatic updates when available. This will ensure

that you always have the latest version of PrimeTrade installed on your desktop. You can then

take advantage of the latest features. To install PrimeTrade please follow the following steps.

1. To Install PrimeTrade from the Auto Deployment website, follow the link listed below

https://ptrade.ny.csfb.com/primetrade/ad/prod/map.html After clicking on the link, choose yes

when prompted about the security certificate

2. On the website, choose your region and a Web Application will launch and install

PrimeTrade. When prompted, please click “Yes” to accept the security certificate.

3. Please enable the checkbox – Always trust content from this publisher and Click on Yes.

The application checks to see if PrimeTrade is installed in the home directory

(%USERPROFILE%\home\primetrade), and if not, PrimeTrade is installed and launched.

determined by the current users You will see the following screen while the installation is

taking place

4

4. Finally, you will be presented with a screen where you are required to enter your PrimeTrade

username and password. In addition desktop shortcuts will be created. PrimeTrade will also

be available from the Start Menu under Programs, PrimeTrade AD.

Installation Guide PrimeTrade Auto Deployment Installer

1. To Install PrimeTrade please go to http://www.csfb.com/primetrade/index.html, click download on

the left hand side and enter the User name and Password. Choose the version of PrimeTrade you

wish to download. We recommend the pt_lastest.exe.

2. Once downloaded, run the installation exe and it will launch the following dialog box. Please select Next.

5

3. The next dialog box prompts you to choose a directory to install PrimeTrade in. This defaults to the current Windows user’s home directory.

4. The next screen requests the region where the user will be using PrimeTrade. Select the region nearest your location and select next.

6

5. The next screen alerts about the shortcut on the Desktop and start menu. Please confirm by clicking Next.

5. The next screen confirms that all necessary information has been entered. Please click Next.

7

6. PrimeTrade will begin installation. The installation may take several minutes to complete.

.

6. Once the installation has complete the user is presented with a final screen confirming the successful installation. Click Finish. PrimeTrade can now be launched from the Start -> All Programs -> PrimeTrade (AD) or from the desktop shortcut.

8

Additional Notes on Installation

If a new update is available upon log in, then the previous Updating PrimeTrade dialog box is

displayed. Any pending updates are downloaded and installed and PrimeTrade is started with

new patches applied. When a new PrimeTrade patch is available while PrimeTrade is open, a

dialog box will alert the user of a new patch. It gives the option of restart the application to install

the patch or to be reminded to restart at a specified time.

PrimeTrade, by default, installs files into %USERPROFILE%\home\primetrade. The files in

%USERPROFILE%\home\primetrade\prod\clientdata are never overwritten on an update, so

custom settings input in the custom property files will not be changed when upgrading

PrimeTrade. In this directory is a pt_custom.prop file that can be edited to save proxy settings and

other company specific connection properties. In this file automatic updates can also be turned off

by setting autodeploy to false.

9

Detailed Notes and Appendices

Hardware Requirements

We recommend the following minimum hardware and software when running PrimeTrade

Component Minimum Specifications Notes Processor Pentium 4 Up-to-date processor

recommended

Memory 512MB or more We recommend 1 gb or more if

running other applications Monitor 19” Larger monitor preferred for larger

viewing area

Graphics 128+ MB video RAM Resolution

1280x1024, 65,000 color palette

Soundcard Any sound card with built

in speakers

Windows Version Windows XP or greater Windows Vista and Windows 7 Supported

Bandwidth High Speed internet

connection Bandwidth requirements are

dependent on the types of product

traded Web Browser Internet Explorer 6 or

above

Java Sun‘s Java Plug-in v 1.6.1

for web applet This can be downloaded from

Sun‘s website:

http://java.sun.com/products/plugin/

10

Network Requirements

The PrimeTrade client software initiates an outbound, encrypted TCP/IP socket connection

from your network to a PrimeTrade Access Point. The PrimeTrade servers never initiate a

connection into your network. The PrimeTrade client software must be able to make a

connection with the two following PrimeTrade Access Points through port 32000 for each

region:

Access Point Server Name (IP Address) Port

New York primetrade1.ny.csfb.com (199.53.16.54)

primetrade2.ny.csfb.com (199.53.16.55)

32000

London primetrade1.ln.csfb.com (199.53.18.54)

primetrade2.ln.csfb.com (199.53.18.55)

32000

Tokyo primetrade1.tk.csfb.com (199.53.20.54)

primetrade2.tk.csfb.com (199.53.20.55)

32000

Sydney primetrade1.sy.csfb.com (199.53.22.54)

primetrade2.sy.csfb.com (199.53.22.55)

32000

There are two servers at each PrimeTrade Access Point. If one server becomes unavailable,

the PrimeTrade client software will automatically fail-over onto the other machine at the same

location. For optimum reliability, we recommend that client workstations are configured so they

can see all Access Points. As an alternative to opening port 32000, tunneling via 443 or

80 is an option but may result in slowness, as the traffic could be unnecessarily virus-scanned.

There are two options for connecting to PrimeTrade; by internet or a dedicated Leased Line

service. Both are described below.

The Auto-Update component of PrimeTrade requires the ability to connect to the below

specified addresses 'unchallenged' by your proxy. In the case where clients have an NTLM

style proxy, you will be required to configure proxy bypass rules to allow unchallenged

connections to the following addresses depending on your region.

In the Americas Region:

https://ptrade.ny.csfb.com/primetrade/ad/*(the * denotes a wildcard. All content under this

address should be accessible)

http://www.credit-suisse.com

In the European Region :

https://ptrade.ln.csfb.com/primetrade/ad/*(the * denotes a wildcard. All content under this

11

address should be accessible)

http://www.credit-suisse.com

In the Asia Region:

https://ptrade.tk.csfb.com/primetrade/ad/*(the * denotes a wildcard. All content under this

address should be accessible)

http://www.credit-suisse.com

In the Australian Region:

https://ptrade.sy.csfb.com/primetrade/ad/*(the * denotes a wildcard. All content under this

address should be accessible)

http://www.credit-suisse.com

Internet

PrimeTrade can be accessed via the Internet. In this configuration, the client needs a

connection to their local ISP (Internet Service Provider). This can be an ISDN link or a leased

line. To install this type of connection, the client needs to contact their local IT support or

Internet provider. The only notable disadvantage is that there is no guarantee of bandwidth or

reliability. Performance of PrimeTrade will greatly depend on bandwidth availability and the

actual path taken through the Internet at the time.

12

Leased Line

A dedicated circuit connection can be installed between the client site and CREDIT-SUISSE

via an access provider, i.e. Radianz or AT&T. Advantages of the Leased Line service are:

• guaranteed minimum bandwidth, which can be exceeded to cater for peak times,

• dedicated bandwidth,

• higher level of security,

• ease of upgrade.

• The main disadvantage is the higher cost.

Testing PrimeTrade connection

Once port 32000 is opened on the firewall, the connection can be test by telnetting to the IPs listed for your region. Open a windows command prompt by going to the Start menu, selecting

Run… and typing in cmd into the window that opens. Once in the command prompt, type “telnet

199.53.16.54:32000” (or the IP of the region you are trying to connect to, and then colon 32000)

and make a connection to our servers. If the connection is made, then

PrimeTrade is ready to be installed, If not, something is blocking the traffic over the port 32000.

Please make sure the port 32000 is open and that your ISP is not blocking the traffic. If the

ping is successful, then you are ready to install PrimeTrade.

PrimeTrade with Proxy Servers

PrimeTrade client software normally tries to connect directly to a PrimeTrade Access Point. If

you are connecting across the Internet and your organization has a firewall and/or proxy server

installed, you may not be allowed to connect directly to the outside world. In this case, you will

need to install a TCP proxy to relay traffic from your workstations, across the firewall. CREDIT-

SUISSE have tested PrimeTrade with a number of third party proxy solutions including:

• Microsoft Proxy (requires —basic“ authentication)

• SOCKS v5 (including NEC e-Border.)

• plug-gw from http://www.tis.com

If you are using a proxy server to connect PrimeTrade Servers, your

%USERPROFILE%\primetradeprod\pt_custom.prop file needs to be modified (NOTE: If you have already configured this file in a previous version you can copy this from your previous version‘s directory and reuse it in this version). Enter your proxy server hostname and proxy port on each region‘s line in the setup section below as follows. You would replace the hostname —proxyexample1“ and —8080“ with your own proxy server and port number.

13

Broker.httpProxyHostname = Local HTTP Proxy Host Name Broker.httpProxyPort = Local HTTP Proxy Port Number

If your proxy server requires a username & password to login you can specify it in the

following section as follows. Note: This is the proxy server‘s username/password, not your

PrimeTrade username/password.

Broker.httpProxyUsername = Local Proxy authentication user name

Broker.httpProxyPassword = Local Proxy authentication user password

PrimeTrade's Security

The client software initiates an outbound, encrypted session to a PrimeTrade Access Point. On

top of this, each trader requires a user ID and password to access their terminal and trade.

Trading privileges are assigned centrally by CREDIT-SUISSE on a user-by-user basis. The

user is authenticated on each connection to PrimeTrade. New users are assigned a temporary

password and will be asked to change it once they log in.

The client communicates with a PrimeTrade access point over a proprietary secure TCP/IP

socket connection. The Windows-based install program can place the software in any

directory. The software uses the Java Runtime Engine (JRE), which is supplied in the

download. The installation process does not install any DLLs in the Windows directories or

change any registry settings. This simplicity makes it easy to deploy across a large number of

workstations very quickly.

PrimeTrade has a number of security layers:

• Network Layer - This will depend on the type of connection between the client and

servers. For clients connecting via a Frame Relay circuit, a third party cannot attempt to

listen in to the conversation or pretend to be one party without the circuit owner's (the

Telecom Company's) knowledge. Firewalls and Proxies at both CREDIT-SUISSE and

the client make it virtually impossible for a third party to gain access to either network, or

"hijack" a trader's terminal. Monitoring by the telecom company and by network security

teams at both ends of the connection will highlight any attempts to gain unauthorized

access. These attempts will be investigated thoroughly.

• Messaging Layer - PrimeTrade uses an SSL-style encryption method based on

public and private keys. The key size determines the complexity of the encryption,

and therefore the amount of effort required decoding the conversation.

14

CREDIT-SUISSE uses a 128bit key size, and will be changed to use larger keys when

laws permit. Each session is assigned a unique set of keys, so the encryption

changes every time a user logs off and back on. This means that any attempt by a third

party to listen in to or "hijack" a PrimeTrade session will require an enormous amount of

time and effort. The chances of anybody cracking the code within a single session are

infinitesimally small. On top of the encryption level sits CREDIT-SUISSE's in-house

messaging layer. The format of this is not public knowledge, so it creates another level of

complexity for anybody attempting to listen.

• User Authorization Layer - Access to your PrimeTrade account is protected by a

unique username and password combination. It is the responsibility of the individual

trader to ensure his password is kept secret. The PrimeTrade client software can be

locked if a trader leaves the desk, preventing any unauthorized trading. Each user is

only allowed to log in once anywhere in the world, so unauthorized login attempts are

quickly detected. All attempts to log in to the servers are monitored, and users can be

locked out immediately. Passwords are assigned by CREDIT-SUISSE and are reset and

maintained by the user.

• Trading Rights Layer - Traders can only trade in the markets they have been given permission for. CREDIT-SUISSE sets a maximum lot size for each product, and the

trader can reduce that limit to prevent keying errors.

Password Notes

Changing Password

There are several situations where the user can or must change their password:

° user’s password has expired

° user’s password has been reset by CREDIT-SUISSE

° user changes their own password

If the user violates any of the password composition check rules, they will be presented with a

dialog, indicating they cannot log in.

User Password Details

It should be noted that all password resetting is done over a secure (SSL) connection.

15

User‘s Password Expired

Whenever a user‘s password has expired, either by achieving its maximum lifetime or having

been manually expired by a CREDIT-SUISSE Administrator, they will be presented with the

—Choose a new password“ dialog. The user must set a new password to continue logging in.

They may also disable password expiration at this time by checking the —Disable Password

Expiration checkbox. If your password has been reset by an Administrator within

CREDIT-SUISSE, you will receive an e-mail titled “Information you requested.” Your new

password will be contained within the message.

User Password Reset (User)

A user can reset their own password at any time by selecting the —Change Password option

from under Preferences | User sub-menu.

16

When a user selects the a Change Password option they are presented with the —

Change Password dialog.

The user must then correctly enter: their current password, a new password, and then confirm

their new password. They may also disable password expiration at this time by checking the

—Disable Password Expiration“ checkbox.

Frequently Asked Questions

Cannot log in to broker

• Either your PrimeTrade password is incorrect, or you entered the incorrect login. On the login

screen, click on the link —forgot your password“ and you will be able to enter your email or

PrimeTrade ID and reset your password automatically

Correct login/password, but the error —Database service unavailable“ appears and

your session stops.

• You may be using an old/decommissioned version of PrimeTrade. Consult with support for

the correct version. You may click on the menu —Help —About PrimeTrade for the version

you are using.

• There may be a problem with your login (misconfiguration). Consult with the help desk.

• You may be accessing PrimeTrade during a maintenance window (weekend) and the

database may be offline. Consult with the help desk.

• If you are not using a shortcut and are launching directly from the Start menu, find the

17

ptradeny.bat file under ~/PrimeTrade/bin and set the memory option in the same way.

Error to Fetch Exchange

• This message appears when your setup has an error, preventing you from connecting to

futures or equity exchanges. You will see prices for what is in your futures blotter, but will be

unable to add products and unable to trade. Contact support. Note: non-futures/equity users

will not see this error message.

Derivative service unavailable

• Futures service is not running. Contact support.

A pop up window after a successful login reads —password incorrect.“

• Your second level setup for futures and/or equities was incorrectly set up. Contact support

A pop up window after a successful login reads —EDO password is mandatory or

—Login failed. No login reply from Futures order Service

• Your second level setup for futures and/or equities was not set up at all. Contact support.

A pop up window after a successful login reads —User does not exist in EDO

• Your access for futures and/or equities is not correct or is incomplete. Contact support.

A proxy pop up message appears when logging in to PrimeTrade

• PrimeTrade cannot connect and is asking for a proxy server as a last resort to make the

connection. If you have a proxy, enter the information here to complete the login. It would be

prudent to enter that information into the prop file (see above).

• If you do not use a proxy, then you no longer have access through the firewall to connect via

port 32000. Contact your firewall/network security team.

• Your ISP is down. Contact your ISP helpdesk.

A pop up window with an error code and no explanation appears when logging into

PrimeTrade and your login fails

• Your version of PrimeTrade is out of date and you need to upgrade.

• Your version of PrimeTrade is current, but you are using an old prop file, modified to connect to

different servers. Contact support or upgrade to sync the files.

18

Installing a non-automatic updating version of PrimeTrade To install PrimeTrade

without any automatic update go to http://www.csfb.com/primetrade/index.html and then

enter your information, select the

pt-latest.exe and download the installation executable, making note of where the file is being

saved. Run the executable and an installation shield will open that will walk you through the

installation process and allow you to choose which regions to install, and where to install

PrimeTrade on the computer.

PrimeTrade Installation Directory

Prime Trade installs in the the current users home directory in

%USERPROFILE%\home\primetrade. This is determined by taking the parent directory of the

current user’s “Desktop” location. The installer uses: reg query

“HKCU\Software\Microsoft\Windows\CurrentVersion\Exokirer\Shell Folders” /v Desktop

If you encounter any other error codes that prevent you from logging in, contact

support.