Trending from Trumpet: Pick a Portal Provider Soon

Trending: Choose a file sharing service sooner than later

Financial advisors often consider themselves the “quarterback” of a client relationship because they collaborate with accountants, estate planning attorneys and other professionals on behalf of their clients.

Since sharing files among outside professionals can be a hassle, increasingly, accountants and attorneys are beginning to use file sharing services or portals. These portals make the process easier, but when they are managed by another professional in the relationship other than the advisory firm, it can be more challenging for the advisor to maintain their status as “client care coordinator.”

Trumpet’s Takeaway: Stay in charge of information flow and sharing

We recommend advisory firms plan to select and begin using a file sharing service or portal in the coming year or so — before the client’s accountant or attorney asks the advisory firm to use theirs.

Being the point person on information flow helps the advisor maintain the “Client Care Coordinator” status. Plus, there are number of services, such as ShareFile, that are fairly straightforward to deploy and affordable for firms of any size.

Key Points

  • Select a file sharing service before your clients’ other professional advisors do
  • Stay on top of being the leader of client collaboration and information flow
  • Get underway – file sharing services are affordable and relatively easy to use

August 25, 2014 at 3:04 pm Leave a comment

Heartbleed status update

As you are probably aware, a major vulnerability in Internet infrastructure (referred to as Heartbleed), was recently identified for OpenSSL, the popular encryption software used by a large percentage of the web (most estimates put the figure at 2/3 of all web traffic).  If you are unfamiliar with Heartbleed, this article from The Guardian gives a decent, non techie overview.

As security of our client data is of utmost importance to Trumpet, we have performed a detailed security review of the software and services that Trumpet uses. This post describes a review of software supported, created or used by Trumpet along with a status update for each. At the end of this post, we also present a list of recommended best practices that advisory firms should consider taking in the wake of Heartbleed.

Software and Service Vulnerability Analysis

Upload Portal – The server responsible for our secure upload service had a vulnerable version of the OpenSSL library. This server has been patched. To protect against the unlikely event that Trumpet’s encryption certificates have been exposed, our encryption certificates have been revoked and new certificates have been issued.

Worldox Cloud – We have received confirmation from World Software Corporation Cloud Support that no aspect of Worldox’s web infrastructure relies on OpenSSL

Worldox Web/Mobile (Hosted) – We have received confirmation from World Software Corporation Cloud Support that no aspect of Worldox’s web infrastructure relies on OpenSSL. If you use the non-hosted version of Worldox Web/Mobile (i.e. you run your own IIS web server), you should ask your IT support staff to ensure that OpenSSL is not used or has been fully patched.

Worldox Professional, Virtuoso, Attach Plus, Assemblage, Symphony Profiler, Symphony OCR – These applications are locally installed and are not SSL web-based applications. These types of applications are not impacted by Heartbleed.

Trumpet’s back up – Trumpet does not store client account data to long term storage

GotoAssist – The official blog post from Citrix says this does not impact current versions. To follow or read their updates, refer to this blog post.

LogMeIn-Rescue – The official blog post from LogMeIn says the Rescue service is not impacted. To follow or read their updates, refer to this blog post. – The official blog post from LogMeIn says the service is not impacted. To follow or read their updates, refer to this blog post.

Gotomeeting – The official blog post from Citrix says this does not impact current versions. To follow or read their updates, refer to this blog post.

Paypal – Trumpet uses PayPal for online payment processing. Paypal indicates Paypal is not impacted, but that they are reaching out to integration partners to see if partners are. We have not been contacted by Paypal, and have not seen any activity that would indicate a problem. To follow or read their updates, refer to this blog post.

What Should You Do?

We know you trust and rely on many web services to manage your business.

Considering the security community’s surprise at this undetected vulnerability, we recommend you perform a review of applications used for both work and personal use and ensure they are up-to-date. We also recommend changing passwords on any web based software or service that may have been affected.

If you change passwords on services that integrate with your Assemblage system (Salesforce, Dynamics, SSL protected mail servers), be sure to update your Assemblage configuration.

Here at Trumpet, our team prepared a list of all web based software and services we use, we then tracked vulnerability status for each. As each service was known to no longer be vulnerable, we then tracked password changes for each user to ensure that everyone changed their passwords.

As a best practice, we also strongly encourage you to use different passwords for each website – that way a breech in one service won’t result in your other services being compromised.

Finally, because many web services will be revoking and re-issuing encryption certificates as a result of Heartbleed, we recommend that you ensure that you are running the latest update of your web browser and ensure that it is configured to check for revoked certificates. This will prevent any man-in-the-middle attacks that take advantage of an old certificate. Speak with your IT provider for instruction for your specific browser.

If you have questions, please do not hesitate to contact our support team at

April 14, 2014 at 9:13 am Leave a comment

Emailer Tool – New Features in Assemblage 2.0

Emailer Tool Enhancement

In addition to the changes described in our Assemblage 2.0 has arrived article, the Assemblage Emailer tool now allows you to specify Cc and Bcc recipients.

3-13-2014 2-16-36 PM

This may be very handy for some of you who wish to differentiate between the recipient and the additional recipient who receives the emails.

In addition, BCC will allow you to have the emails be copied to an internal email address (i.e. for compliance tracking), without the recipients seeing the extra recipient.

If you need assistance in reconfiguring the tool, email

Tools > Enable Edit Menu is More Robust

Particularly with regards to the Emailer Tool, it was hard to determine what values some of the queries would result in.  For example, if Assemblage was involved in looking up the “Dear” field from your CRM, it was not clear what value would be present in the Email body.  The old method was to select “Tools > Enable Edit Mode” and follow a lengthy procedure:

1)      Highlight the item from the list

2)      Select the Extractor you wish to investigate

3)      Select the “Edit” button

4)      Check the result

5)      Repeat for all items

3-13-2014 2-18-28 PM









The new method is much simpler.  You will still need to select “Tools > Enable Edit Mode”, and highlight the specific item from the list.  However, Assemblage now includes the results in the Extractor list:

3-13-2014 2-20-18 PM

March 13, 2014 at 2:23 pm Leave a comment

Assemblage 2.0 Worldox Auto Filer Interface Changes

In addition to the changes described in our ‘Assemblage 2.0 Interface Changes’ article, the Worldox Auto Filer tool has had quite a facelift.  The new user interface focuses on improved productivity and the ability to detect and correct problems early in the process.  This article gives the specifics.

Change in Launch Behavior

In prior versions of Assemblage, when you launched the Worldox Auto Filer tool, the tool opened blank and you had to use the File menu to select a particular configuration.  These steps are now combined into a single operation.  When launching the tool, you will automatically be prompted to select a configuration from the list.

3-7-2014 8-02-17 AM


If your list is blank (like the one here), you’ll select “Choose another…” and navigate to the location in which your configuration is stored.    Your recently used configurations will appear in the list the next time you use the tool, and you can simply double-click the one you want.  Once you’ve selected the configuration you want, the tool will appear with the configuration loaded for you.


The configuration portion of the dialog is now in the upper half of the window, rather than the left hand side of the screen.

3-7-2014 8-09-18 AM


In addition to the different look and feel to the configuration area, there are some useful new features here:

– It’s now much easier to select a profile group in the new interface.  You can select a profile group by clicking the (…) on the right hand side of the field.  This will open a list of your profile groups.

3-7-2014 9-52-10 AM


– Rather than having a number of “Blank” fields, the new user interface only displays the fields that are applicable to the particular profile group selected.

– This version of the Worldox Auto Filer tool also allows you to create relationships between files that have already been filed to Worldox and the file you’ll be auto-filing.  Some folks, for example, may wish to create a relationship between a report that is auto-filed to Worldox and the corresponding billing statement.  Email if you have any specific workflow needs that may apply to this aspect of the tool.

– The Worldox Auto Filer can now auto-file document A based on information associated with document B. For example, it may be desirable for a signed agreement to have a similar profile as the original unsigned agreement.  Email if you have any specific workflow needs that may apply to this aspect of the tool.

Items to Process List

In the old version of the software, the items to process were listed on the right hand side of the window.  In the new version they are listed in the bottom half of the window.

3-7-2014 10-04-37 AM



Here’s a brief description of the fields in the new tool and what they display:

ID – the full file path of the document you are filing
Filename – the filename of the document you are filing (not including the full path)
Description  – the description of the file as it will appear once it is filed to Worldox
Field Summary – the values of the fields you would populate as if you were filing the document directly to Worldox
Problems – any issues or problems, including required values that aren’t present, values that aren’t included in code look up tables, etc.
Save Result – as documents are filed successfully to Worldox, you will see a checkmark here along with the date the file was saved
Parent – a parent of the document if you choose to implement relationships

Each of the columns is sortable.  For example, you may wish to sort by Problems to quickly resolve issues prior to filing.

Here are a few great productivity tips related to the new user interface:

– If you are using the Worldox Auto Filer as a stand-alone tool, you now populate the list by dragging and dropping the files from the network directory structure onto the tool (instead of clicking the “+” button and locating the files in the folder structure)

3-7-2014 10-08-41 AM


– It is now easy to view or navigate to the documents in the list by right-clicking and choosing ‘View in Explorer’ or ‘Preview’.  This will be a big help when troubleshooting documents with filenames that aren’t human readable (Fidelity statements are a good example).

3-6-2014 7-14-10 AM





View in Explorer – this will open Windows Explorer with the file highlighted
Preview – this will open the document itself

– In the old version, you didn’t know if there were going to be filing problems until after you executed the auto-file operation.  You then had to look in the log output to see if there were any issues.  This worked, but it was definitely not user friendly!Now, the number of problems is displayed next to the action button – before you perform the action. Any rows that have problems will be marked with details in the Problems column (hover if necessary to get more detail).  You can also sort on the Problems column to gather all problem rows together for easy resolution.


March 10, 2014 at 10:19 am Leave a comment

Assemblage 2.0 Interface Changes

In builds 2.0 and higher, Trumpet, Inc. has introduced several changes to the Assemblage “tools”.  The new interface focuses on improved productivity and the ability to detect and correct problems early in the process.  In addition, two of the tools (Emailer and Worldox Auto Filer) have significant new functionality; we’ll cover those in a separate posting.

Multiple Results

In the past, if your data source (e.g. Portfolio Center, Junxure, map.xls spreadsheet) tells the Assemblage tool that a given document is associated with two different clients or values, Assemblage would simply pick one randomly, which could cause some unexpected results.

Now, the Assemblage tool will present you with the two values in the Problems column of the user interface so that you can resolve any issues prior to filing and/or publishing.

3-6-2014 7-11-17 AM

Making Changes to Paths

Prior to this release, if you made a change to a file path, or other item in the tool, you were prompted to save those changes upon closing the tool.  For example, if you changed the YYYYQQ designation in a file path to 2013 Q2, you would receive the following dialog:

3-6-2014 7-13-05 AM

This resulted in overwriting the YYYYQQ in the template.

Going forward, you will not be prompted to save those changes unless you are actively editing the configuration (i.e. you have Tools>Edit Mode enabled).

View Files on Disk

You can now right-click on any item in the list and choose to either preview it or view the item in Windows Explorer’.  Selecting View in Explorer will open Windows explorer with the file highlighted, Preview will open the document itself.

3-6-2014 7-14-10 AM

View in Explorer – this will open Windows Explorer with the file highlighted
Preview – this will open the document itself


March 6, 2014 at 7:20 am 2 comments

Assemblage 2.0 has arrived

Trumpet recently released Assemblage 2.0, an update to our automated performance reporting service.

If you’re not already familiar with Assemblage, Assemblage helps advisors to automatically and electronically assemble documents from various software applications into a unique set of collated reports per recipient.  It includes features to improve the appearance of your reports, such as table of contents, page numbers, letterhead, etc.  Assemblage then makes it easy to deliver the reports to your clients (via web portal, encrypted email, or print to paper),  and auto-file to Worldox or a Windows folder structure.

Here are just some of the new features in Assemblage 2.0 that we are excited about:

  • Added support for printing to Acrobat XI
  • Improved performance for “Send to > Printer” operations
  • PDF splitter is now 25% faster when reading large PDF files
  • When you hover over an item in the display lists of the Emailer, Publisher, or AutoFiler tools, you will see the full text
  • You can now copy and paste the status grid from the Emailer Tool for compliance purposes. This includes the document identifier and the date sent
  • Added option “SSL w/Self Signed Cert” to the Emailer Tool’s preferences as an authentication method for users with Self Signed Certificates
If you are an Assemblage user and you haven’t updated to 2.0 yet, we recommend you do so today!  Here’s a link to Instructions.

February 27, 2014 at 2:09 pm Leave a comment

A more detailed explanation of today’s web outage

We had a great question from one of our readers about what actually happened today, and whether it was just random, or if it was a directed attack, so I thought I’d put together a more detailed post.

Was it a random hit?

This would be random – happens every day, and has nothing to do with security.  A lot of large, well known firms have this happen to them also.  Nothing about us in particular made us a target, except that we are working on new web infrastructure (adding new servers) that caught the interest of some… let’s call them ‘creative web programmers from China and Russia’.

What happened?

To help explain what happened in layman’s terms, let’s try an analogy.  If you were in a deli trying to place an order to the order taker and another patron was calling out their order loudly to the same person, the order taker would probably hear your order correctly.  But if thousands of people are in the deli calling out their orders at the same time you are, the order taker would not possibly be able to tell who to pay attention to, and whose order to take.

The technical term for our adventure today is a “denial of service” attack, which is what happens when a very large number of requests are sent to the router that manages some of a firm’s web traffic.  Routers are somewhat like the “traffic cops” of the Internet, telling traffic where to go.  At some (huge) level of traffic, the router hits a point where it can no longer keep up with all of the requests, so it stops responding.

While it would be cool if the cause of this was a new knowledge article or video we posted on our site generating huge demand, but that was not, unfortunately, the cause of the increased requests.

That’s what happened today.  When the router received so many requests at once, it got overwhelmed and could not determine who to serve, so it stopped serving everyone.

Why does this happen?

So, why do people send so much bogus traffic to a router that a server can’t keep up with the requests that it shuts down?

Well, some people do it for fun.  Others do it because they are using the server’s responses to damage other websites.  In this case, the … ‘creative web programmers from China and Russia’ were trying to trick one of our web servers into sending responses to the Yahoo ad network, trying to trick Yahoo into thinking that real users had clicked on ads.  It is very doubtful that their attempts to generate fake ad clicks actually worked – but it sure did shut our web servers down for a couple of hours.

How was Trumpet impacted?

During this disruption, Trumpet was still able to operate normally.  Our IT staff was scrambling, but normal Trumpet operations, support, etc… continued on without issue.

What has Trumpet learned?

As part of the recovery effort, we have adjusted our router design so we can shift traffic between different servers better.  In the low probability event that one of our sites attracts the interest of ‘… creative web programmers from China and Russia’ again in the future, we will be able to take just that one site down (instead of all of our sites), and shift resources to bring that site back up more quickly with less interruption.  We have also changed our process for registering new web servers so they will not attract attention.

Probably the biggest thing that we’ve learned is that our network monitoring systems work (we knew about the problem early), and that our disaster recovery systems are effective (for example, having this blog hosted on a completely different area of the Internet allowed us to communicate about the issue, even though our primary web servers were down).

February 13, 2014 at 4:44 pm 1 comment

Older Posts Newer Posts

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 177 other followers

Recent Posts


July 2018
« Sep    


Trumpet Tweets