1
Credit-Suisse PrimeTrade
Security and Installation Notes
Contents
Introduction 2 Installation Guide 3
Installation Guide via Installer 4 Detailed Notes and Appendices 9 Hardware Requirements 9 Network Requirements 10 Testing the Connection 10 PrimeTrade with Proxy Servers 12 PrimeTrade Security 13 Password Issues 15 Frequently Asked Questions 16
2
Introduction
This document is intended to assist with the following:-
• Installing PrimeTrade for the first time
• Updating your existing PrimeTrade to take advantage of our new Auto Deployment
function (Details below)
Summary:
• Simple to install and setup PrimeTrade
o Open firewall port 32000
o Allow certain sites to bypass proxy rules unchallenged for automatic updates, Please see Network requirements on page 10 for details. o Test connection o Install software from https://ptrade.ny.csfb.com/primetrade/ad/prod/map.html o Obtain usernames and passwords from CS sales contact
• PrimeTrade is an internet/intranet based real-time global order routing system.
• The client software is written in Java and will run on a number of platforms.
• The software may be installed on an individual workstation but not on a network file
server. User must have write and execute access to PrimeTrade directory and subdirectories.
• All user settings and portfolios are stored on the PrimeTrade central servers, allowing
users to log on to different workstations without the need to save their individual settings.
• Access points are available in New York, London, Tokyo, and Sydney.
• Auto updating version of PrimeTrade ensures access to newest features and best
performance.
• PrimeTrade uses advanced security features to ensure a secure connection (see notes
for more details)
• For further assistance, please contact the nearest PrimeTrade Technical Support
number:
o New York +1 212 325 6888
o London +44 20 7883 5888
o Tokyo +81 3 4550 5888
o Sydney +61 2 8205 5888
3
Installation Guide PrimeTrade Auto Deployment
Background: The auto deployment mechanism allows you to install PrimeTrade for the first time or
update your current PrimeTrade version to allow automatic updates when available. This will ensure
that you always have the latest version of PrimeTrade installed on your desktop. You can then
take advantage of the latest features. To install PrimeTrade please follow the following steps.
1. To Install PrimeTrade from the Auto Deployment website, follow the link listed below
https://ptrade.ny.csfb.com/primetrade/ad/prod/map.html After clicking on the link, choose yes
when prompted about the security certificate
2. On the website, choose your region and a Web Application will launch and install
PrimeTrade. When prompted, please click “Yes” to accept the security certificate.
3. Please enable the checkbox – Always trust content from this publisher and Click on Yes.
The application checks to see if PrimeTrade is installed in the home directory
(%USERPROFILE%\home\primetrade), and if not, PrimeTrade is installed and launched.
determined by the current users You will see the following screen while the installation is
taking place
4
4. Finally, you will be presented with a screen where you are required to enter your PrimeTrade
username and password. In addition desktop shortcuts will be created. PrimeTrade will also
be available from the Start Menu under Programs, PrimeTrade AD.
Installation Guide PrimeTrade Auto Deployment Installer
1. To Install PrimeTrade please go to http://www.csfb.com/primetrade/index.html, click download on
the left hand side and enter the User name and Password. Choose the version of PrimeTrade you
wish to download. We recommend the pt_lastest.exe.
2. Once downloaded, run the installation exe and it will launch the following dialog box. Please select Next.
5
3. The next dialog box prompts you to choose a directory to install PrimeTrade in. This defaults to the current Windows user’s home directory.
4. The next screen requests the region where the user will be using PrimeTrade. Select the region nearest your location and select next.
6
5. The next screen alerts about the shortcut on the Desktop and start menu. Please confirm by clicking Next.
5. The next screen confirms that all necessary information has been entered. Please click Next.
7
6. PrimeTrade will begin installation. The installation may take several minutes to complete.
.
6. Once the installation has complete the user is presented with a final screen confirming the successful installation. Click Finish. PrimeTrade can now be launched from the Start -> All Programs -> PrimeTrade (AD) or from the desktop shortcut.
8
Additional Notes on Installation
If a new update is available upon log in, then the previous Updating PrimeTrade dialog box is
displayed. Any pending updates are downloaded and installed and PrimeTrade is started with
new patches applied. When a new PrimeTrade patch is available while PrimeTrade is open, a
dialog box will alert the user of a new patch. It gives the option of restart the application to install
the patch or to be reminded to restart at a specified time.
PrimeTrade, by default, installs files into %USERPROFILE%\home\primetrade. The files in
%USERPROFILE%\home\primetrade\prod\clientdata are never overwritten on an update, so
custom settings input in the custom property files will not be changed when upgrading
PrimeTrade. In this directory is a pt_custom.prop file that can be edited to save proxy settings and
other company specific connection properties. In this file automatic updates can also be turned off
by setting autodeploy to false.
9
Detailed Notes and Appendices
Hardware Requirements
We recommend the following minimum hardware and software when running PrimeTrade
Component Minimum Specifications Notes Processor Pentium 4 Up-to-date processor
recommended
Memory 512MB or more We recommend 1 gb or more if
running other applications Monitor 19” Larger monitor preferred for larger
viewing area
Graphics 128+ MB video RAM Resolution
1280x1024, 65,000 color palette
Soundcard Any sound card with built
in speakers
Windows Version Windows XP or greater Windows Vista and Windows 7 Supported
Bandwidth High Speed internet
connection Bandwidth requirements are
dependent on the types of product
traded Web Browser Internet Explorer 6 or
above
Java Sun‘s Java Plug-in v 1.6.1
for web applet This can be downloaded from
Sun‘s website:
http://java.sun.com/products/plugin/
10
Network Requirements
The PrimeTrade client software initiates an outbound, encrypted TCP/IP socket connection
from your network to a PrimeTrade Access Point. The PrimeTrade servers never initiate a
connection into your network. The PrimeTrade client software must be able to make a
connection with the two following PrimeTrade Access Points through port 32000 for each
region:
Access Point Server Name (IP Address) Port
New York primetrade1.ny.csfb.com (199.53.16.54)
primetrade2.ny.csfb.com (199.53.16.55)
32000
London primetrade1.ln.csfb.com (199.53.18.54)
primetrade2.ln.csfb.com (199.53.18.55)
32000
Tokyo primetrade1.tk.csfb.com (199.53.20.54)
primetrade2.tk.csfb.com (199.53.20.55)
32000
Sydney primetrade1.sy.csfb.com (199.53.22.54)
primetrade2.sy.csfb.com (199.53.22.55)
32000
There are two servers at each PrimeTrade Access Point. If one server becomes unavailable,
the PrimeTrade client software will automatically fail-over onto the other machine at the same
location. For optimum reliability, we recommend that client workstations are configured so they
can see all Access Points. As an alternative to opening port 32000, tunneling via 443 or
80 is an option but may result in slowness, as the traffic could be unnecessarily virus-scanned.
There are two options for connecting to PrimeTrade; by internet or a dedicated Leased Line
service. Both are described below.
The Auto-Update component of PrimeTrade requires the ability to connect to the below
specified addresses 'unchallenged' by your proxy. In the case where clients have an NTLM
style proxy, you will be required to configure proxy bypass rules to allow unchallenged
connections to the following addresses depending on your region.
In the Americas Region:
https://ptrade.ny.csfb.com/primetrade/ad/*(the * denotes a wildcard. All content under this
address should be accessible)
http://www.credit-suisse.com
In the European Region :
https://ptrade.ln.csfb.com/primetrade/ad/*(the * denotes a wildcard. All content under this
11
address should be accessible)
http://www.credit-suisse.com
In the Asia Region:
https://ptrade.tk.csfb.com/primetrade/ad/*(the * denotes a wildcard. All content under this
address should be accessible)
http://www.credit-suisse.com
In the Australian Region:
https://ptrade.sy.csfb.com/primetrade/ad/*(the * denotes a wildcard. All content under this
address should be accessible)
http://www.credit-suisse.com
Internet
PrimeTrade can be accessed via the Internet. In this configuration, the client needs a
connection to their local ISP (Internet Service Provider). This can be an ISDN link or a leased
line. To install this type of connection, the client needs to contact their local IT support or
Internet provider. The only notable disadvantage is that there is no guarantee of bandwidth or
reliability. Performance of PrimeTrade will greatly depend on bandwidth availability and the
actual path taken through the Internet at the time.
12
Leased Line
A dedicated circuit connection can be installed between the client site and CREDIT-SUISSE
via an access provider, i.e. Radianz or AT&T. Advantages of the Leased Line service are:
• guaranteed minimum bandwidth, which can be exceeded to cater for peak times,
• dedicated bandwidth,
• higher level of security,
• ease of upgrade.
• The main disadvantage is the higher cost.
Testing PrimeTrade connection
Once port 32000 is opened on the firewall, the connection can be test by telnetting to the IPs listed for your region. Open a windows command prompt by going to the Start menu, selecting
Run… and typing in cmd into the window that opens. Once in the command prompt, type “telnet
199.53.16.54:32000” (or the IP of the region you are trying to connect to, and then colon 32000)
and make a connection to our servers. If the connection is made, then
PrimeTrade is ready to be installed, If not, something is blocking the traffic over the port 32000.
Please make sure the port 32000 is open and that your ISP is not blocking the traffic. If the
ping is successful, then you are ready to install PrimeTrade.
PrimeTrade with Proxy Servers
PrimeTrade client software normally tries to connect directly to a PrimeTrade Access Point. If
you are connecting across the Internet and your organization has a firewall and/or proxy server
installed, you may not be allowed to connect directly to the outside world. In this case, you will
need to install a TCP proxy to relay traffic from your workstations, across the firewall. CREDIT-
SUISSE have tested PrimeTrade with a number of third party proxy solutions including:
• Microsoft Proxy (requires —basic“ authentication)
• SOCKS v5 (including NEC e-Border.)
• plug-gw from http://www.tis.com
If you are using a proxy server to connect PrimeTrade Servers, your
%USERPROFILE%\primetradeprod\pt_custom.prop file needs to be modified (NOTE: If you have already configured this file in a previous version you can copy this from your previous version‘s directory and reuse it in this version). Enter your proxy server hostname and proxy port on each region‘s line in the setup section below as follows. You would replace the hostname —proxyexample1“ and —8080“ with your own proxy server and port number.
13
Broker.httpProxyHostname = Local HTTP Proxy Host Name Broker.httpProxyPort = Local HTTP Proxy Port Number
If your proxy server requires a username & password to login you can specify it in the
following section as follows. Note: This is the proxy server‘s username/password, not your
PrimeTrade username/password.
Broker.httpProxyUsername = Local Proxy authentication user name
Broker.httpProxyPassword = Local Proxy authentication user password
PrimeTrade's Security
The client software initiates an outbound, encrypted session to a PrimeTrade Access Point. On
top of this, each trader requires a user ID and password to access their terminal and trade.
Trading privileges are assigned centrally by CREDIT-SUISSE on a user-by-user basis. The
user is authenticated on each connection to PrimeTrade. New users are assigned a temporary
password and will be asked to change it once they log in.
The client communicates with a PrimeTrade access point over a proprietary secure TCP/IP
socket connection. The Windows-based install program can place the software in any
directory. The software uses the Java Runtime Engine (JRE), which is supplied in the
download. The installation process does not install any DLLs in the Windows directories or
change any registry settings. This simplicity makes it easy to deploy across a large number of
workstations very quickly.
PrimeTrade has a number of security layers:
• Network Layer - This will depend on the type of connection between the client and
servers. For clients connecting via a Frame Relay circuit, a third party cannot attempt to
listen in to the conversation or pretend to be one party without the circuit owner's (the
Telecom Company's) knowledge. Firewalls and Proxies at both CREDIT-SUISSE and
the client make it virtually impossible for a third party to gain access to either network, or
"hijack" a trader's terminal. Monitoring by the telecom company and by network security
teams at both ends of the connection will highlight any attempts to gain unauthorized
access. These attempts will be investigated thoroughly.
• Messaging Layer - PrimeTrade uses an SSL-style encryption method based on
public and private keys. The key size determines the complexity of the encryption,
and therefore the amount of effort required decoding the conversation.
14
CREDIT-SUISSE uses a 128bit key size, and will be changed to use larger keys when
laws permit. Each session is assigned a unique set of keys, so the encryption
changes every time a user logs off and back on. This means that any attempt by a third
party to listen in to or "hijack" a PrimeTrade session will require an enormous amount of
time and effort. The chances of anybody cracking the code within a single session are
infinitesimally small. On top of the encryption level sits CREDIT-SUISSE's in-house
messaging layer. The format of this is not public knowledge, so it creates another level of
complexity for anybody attempting to listen.
• User Authorization Layer - Access to your PrimeTrade account is protected by a
unique username and password combination. It is the responsibility of the individual
trader to ensure his password is kept secret. The PrimeTrade client software can be
locked if a trader leaves the desk, preventing any unauthorized trading. Each user is
only allowed to log in once anywhere in the world, so unauthorized login attempts are
quickly detected. All attempts to log in to the servers are monitored, and users can be
locked out immediately. Passwords are assigned by CREDIT-SUISSE and are reset and
maintained by the user.
• Trading Rights Layer - Traders can only trade in the markets they have been given permission for. CREDIT-SUISSE sets a maximum lot size for each product, and the
trader can reduce that limit to prevent keying errors.
Password Notes
Changing Password
There are several situations where the user can or must change their password:
° user’s password has expired
° user’s password has been reset by CREDIT-SUISSE
° user changes their own password
If the user violates any of the password composition check rules, they will be presented with a
dialog, indicating they cannot log in.
User Password Details
It should be noted that all password resetting is done over a secure (SSL) connection.
15
User‘s Password Expired
Whenever a user‘s password has expired, either by achieving its maximum lifetime or having
been manually expired by a CREDIT-SUISSE Administrator, they will be presented with the
—Choose a new password“ dialog. The user must set a new password to continue logging in.
They may also disable password expiration at this time by checking the —Disable Password
Expiration checkbox. If your password has been reset by an Administrator within
CREDIT-SUISSE, you will receive an e-mail titled “Information you requested.” Your new
password will be contained within the message.
User Password Reset (User)
A user can reset their own password at any time by selecting the —Change Password option
from under Preferences | User sub-menu.
16
When a user selects the a Change Password option they are presented with the —
Change Password dialog.
The user must then correctly enter: their current password, a new password, and then confirm
their new password. They may also disable password expiration at this time by checking the
—Disable Password Expiration“ checkbox.
Frequently Asked Questions
Cannot log in to broker
• Either your PrimeTrade password is incorrect, or you entered the incorrect login. On the login
screen, click on the link —forgot your password“ and you will be able to enter your email or
PrimeTrade ID and reset your password automatically
Correct login/password, but the error —Database service unavailable“ appears and
your session stops.
• You may be using an old/decommissioned version of PrimeTrade. Consult with support for
the correct version. You may click on the menu —Help —About PrimeTrade for the version
you are using.
• There may be a problem with your login (misconfiguration). Consult with the help desk.
• You may be accessing PrimeTrade during a maintenance window (weekend) and the
database may be offline. Consult with the help desk.
• If you are not using a shortcut and are launching directly from the Start menu, find the
17
ptradeny.bat file under ~/PrimeTrade/bin and set the memory option in the same way.
Error to Fetch Exchange
• This message appears when your setup has an error, preventing you from connecting to
futures or equity exchanges. You will see prices for what is in your futures blotter, but will be
unable to add products and unable to trade. Contact support. Note: non-futures/equity users
will not see this error message.
Derivative service unavailable
• Futures service is not running. Contact support.
A pop up window after a successful login reads —password incorrect.“
• Your second level setup for futures and/or equities was incorrectly set up. Contact support
A pop up window after a successful login reads —EDO password is mandatory or
—Login failed. No login reply from Futures order Service
• Your second level setup for futures and/or equities was not set up at all. Contact support.
A pop up window after a successful login reads —User does not exist in EDO
• Your access for futures and/or equities is not correct or is incomplete. Contact support.
A proxy pop up message appears when logging in to PrimeTrade
• PrimeTrade cannot connect and is asking for a proxy server as a last resort to make the
connection. If you have a proxy, enter the information here to complete the login. It would be
prudent to enter that information into the prop file (see above).
• If you do not use a proxy, then you no longer have access through the firewall to connect via
port 32000. Contact your firewall/network security team.
• Your ISP is down. Contact your ISP helpdesk.
A pop up window with an error code and no explanation appears when logging into
PrimeTrade and your login fails
• Your version of PrimeTrade is out of date and you need to upgrade.
• Your version of PrimeTrade is current, but you are using an old prop file, modified to connect to
different servers. Contact support or upgrade to sync the files.
18
Installing a non-automatic updating version of PrimeTrade To install PrimeTrade
without any automatic update go to http://www.csfb.com/primetrade/index.html and then
enter your information, select the
pt-latest.exe and download the installation executable, making note of where the file is being
saved. Run the executable and an installation shield will open that will walk you through the
installation process and allow you to choose which regions to install, and where to install
PrimeTrade on the computer.
PrimeTrade Installation Directory
Prime Trade installs in the the current users home directory in
%USERPROFILE%\home\primetrade. This is determined by taking the parent directory of the
current user’s “Desktop” location. The installer uses: reg query
“HKCU\Software\Microsoft\Windows\CurrentVersion\Exokirer\Shell Folders” /v Desktop
If you encounter any other error codes that prevent you from logging in, contact
support.