Sunday, April 13, 2014

The Heartbleed bug

Many of you may have read or heard about the Heartbeed bug this week.  The Heartbeet bug is more of a possible exploit in the open-source code of OpenSSL, a very popular encryption method used in online services based on a Linux architecture.  The condition was introduced over 2 years ago by one of the many volunteers who contribute to open source projects like OpenSSL and despite being reviewed numerous times, the exploit went undetected until a few days ago.  The oversight in the code was forgetting to limit how large a response would be allowed to a module called a “Heartbeat” (hence the name Heartbleed).  Countless websites have used OpenSSL in both the public and private sector. 
Some clients have contacted HMS asking if TimeControl Online might be affected.  The answer is that it is not affected by the Heartbleed bug.  TimeControl Online does not use OpenSSL.

Tuesday, March 25, 2014

It's TimeControl's 20th Anniversary!

Yes, TimeControl is no longer a teenager!  It’s HMS Software’s 30th Anniversary (We’re now 30-something) and TimeControl is now 20.
image HMS Software was founded in 1984 and we’ll be celebrating all year with contests, give-aways and images from our ancient past and just to get things started, here’s something nostalgic.  Yes, this is a video of TimeControl 1.0.1, the first version of TimeControl released to market in January of 1994.
Click the image on the right to see a webcast of the old DOS version working (We'll spare you the description of what it takes to resurrect a DOS version in today's modern PC age so we could capture the webcast!)
If you'd like the see the more of our most recent version, stop by

Wednesday, March 12, 2014

Managing multiple instances of TimeControl

HMS has long supported the notion of having both a production and a staging installation of TimeControl and do not charge additional licensing costs for such use of the system. It is common, for example, to have a staging instance to use for testing upcoming versions or to use for training or internal development of reports, filters and validation rules prior to making these enhancements available to production users. A number of clients have asked what the steps are to support promoting from one instance to another. Once a version or a feature has been tested in the staging environment, how do we then make this available in the new environment? We’ve outlined some standard steps in managing multiple instances in this post.

How to create a second instance of TimeControl

Create a 2nd instance in a virtual environment

Case 1:
TimeControl is installed in a Virtual Machine environment and the database server and database are on the same Virtual Machine. Steps:
  1. Copy the Virtual Machine
  2. Change the IP to be unique
  3. Change the name of the Database Server to be unique
  4. Modify TimeControl.ini to point to the new IP
  5. Modify TimeControl.ini to point to the new database server
  6. Modify TimeControlWeb.ini to change the server’s IP address
  7. Modify host-headers in IIS to be unique and other DNS information as required
  8. See the “Cautions” section below
Case 2:
TimeControl is installed in a Virtual Machine environment and the database server and database are on different Virtual Machines. Steps:
  1. Copy / Backup both the TCSecure and TIMECTRL databases/schemas
  2. Create unique database names for each of these two databases (e.g. TCSECURE_Staging and TIMECTRL_Staging) and copy/restore the database files/schemas
  3. Copy the Virtual Machine
  4. Change the IP to be unique
  5. Modify TimeControl.ini to point to the new IP
  6. Modify TimeControl.ini to point to the new database names
  7. Modify TimeControlWeb.ini to change the server’s IP address
  8. Modify host-headers in IIS to be unique and other DNS information as required

Create a 2nd instance in a separate physical environment

If you are not using a Virtual Machine environment and instead have physical servers and want to set up a 2nd instance of TimeControl on a separate server, this will be the procedure. We will assume the database is also installed on a separate server but even if it is on the original TimeControl server, there is no obvious requirement to install a completely separate instance of your database software. Steps:
  1. Copy / Backup both the TCSecure and TIMECTRL databases/schemas
  2. Create unique database names for each of these two databases (e.g. TCSECURE_Staging and TIMECTRL_Staging) and copy/restore the database files/schemas
  3. Install the identical version of TimeControl on the new server
  4. Use the TimeControl Database Configurator to attach the new instance of TimeControl to the new databases.

Create a 2nd instance in the same physical or virtual environment

Some organizations wish to install a 2nd instance of TimeControl on the identical physical server. (It is quite unusual to install multiple instances on a virtual server as it is so easily replicated). Installing a 2nd instance of TimeControl on the same physical server is possible however the standard installation modules and upgrade modules will only work on the default installation. In order to update multiple instances on the same physical server, a series of manual steps must be performed. HMS Technical Services can guide you through this process if you require it.  


Once you have copied your 2nd instance, you may wish to check for scheduled and automated functions that were activated in your production instance that you may wish to disable in your 2nd instance. These may include the following:
  1. Project Management Links
    If there are links to a project management system, then the scheduled links you’ve created will activate on schedule if you don’t make any changes. The Connection Pool information in the Interface Definition will be pointing to your production project management tool. If there is a scheduled job pending then data will move in and/or out of the project tool as scheduled. If there is pending posted data for the pm system or if you enter any data in the 2nd instance, it will be sent to your project pm system. We recommend immediately disabling scheduled jobs and repointing the interface definition to a 2nd project management system instance.
    Caution: If you do not repoint these project links to a non-production instance of your project management tool or disable the links, then you may send duplicate timesheet entries to your project management system!
  2. Email notifications
    If you have scheduled automated email notifications of missing timesheets, the 2nd instance will start happily sending them out along with the production instance. We recommend disabling any scheduled jobs.
    Caution: Not disabling email notifications can cause confusion as users may receive email notices from the 2nd instance complaining of a missing timesheet which has already been completed by the user in the main instance.
  3. Triggers
    If you have made triggers within the database to move data in and/or out of TimeControl to link to finance, payroll, billing etc., these triggers will continue to function in the 2nd instance unless you disable them.
    Caution: Not disabling triggers which were designed to move data to finance for billing or payroll may result in data being sent twice!

How do we promote features between instances?

Once you have a 2nd instance implemented and you have checked the Caution section and taken the appropriate actions, you are able to start thinking of how to use the 2nd instance for testing and staging. There are some elements of TimeControl which were designed to be easily moved between instances. Other elements are more difficult.

What can be promoted easily

  1. Filters
  2. Validation Rules
  3. Language Definitions
  4. Reports
For all 4 of these categories, you can create a Export Package from the Links menu. Exporting a Validation Rule will also export any filters which are reference within it. Exporting a filter will also automatically include any “filters within filters” which are referenced. In the production instance, you can then Import a Package from the Links menu and this item will be successfully promoted and instantly available.

Categories of data that are more difficult to promote

  1. User Defined Fields
  2. Pop-up values for user defined fields
  3. Import/Export definitions
  4. Personal settings
For these categories, we assumed that this information would be updated directly in the production system. User Defined Fields are typically only created during the deployment. The Import/Export definitions carry an entire audit aspect of them which is managed behind the scenes and Personal settings are, well, personal. The best practice for almost all cases involving these 4 categories is to create them manually in the production instance.

Other methods of moving data from staging to production

There are several other methods of moving data from the 2nd instance back into production but each requires some skill.
  1. Export tables from staging and Import into production
    TimeControl’s standard export and import modules allow all kinds of data to be moved. Export from one system and Import to the 2nd system definitions can be created and saved and then the actual creation of the transaction file and its import is very quick.
  2. Triggers and custom code
    For those who have more intimate and long standing links required, creating triggers at the database level can be accomplished. This has the benefit of being hidden from the user and the disadvantage of being hidden from the user. When triggers move data automatically in the background, a best practice is to have solid process and procedure documentation that lets all relevant parties know what is happening to the data and why.

Maintaining a “Cold Server” for disaster recovery

Some organizations have a requirement to create a “Cold Server” and keep it in stand-by for disaster recovery. This is relatively simple to do. First, follow the instructions on creating a 2nd instance to ensure it has been updated correctly. You will need to update the 2nd instance each time you do a TimeControl Upgrade of the production instance. Once the instance is established, you can hibernate the Virtual Machine or turn off the physical server (if it is dedicated) or simply turn off the TimeControl ATS, TimeControl TTS and TimeControl Scheduler Services along with the TimeControl Website (In IIS) Second, ensure that regular backups of your production instance are occurring. Should a disaster occur, activating the Cold Server is very simply:
  1. Turn on the Virtual Machine, turn on the Physical Server or Start the TimeControl ATS, TimeControl TTS and TimeControl Scheduler as required.
  2. Restore the production database backup to the 2nd instance

Ask for help

HMS Services often assist our TimeControl clients with establishing and updating multiple instances.  Contact customer server at to inquire about our services.

Saturday, February 15, 2014

What do the version numbers mean?

We’re often asked what the significance of our version numbers are and how often we release a new update, upgrade or version.  Here is an extract from the TimeControl Installation Guide explaining our 4-part version number:
HMS releases updates to TimeControl in three different levels: Updates
An update to TimeControl is identified by the 3rd level of the version number.  For example, in version 6.1.2, “2” would be an update.  An update to TimeControl includes fixes to existing functionality and while it may have small additions to the data structure it has no changes to the existing data structure.  An update may include minor enhancements to existing functionality and, less typically, new functionality. Upgrades
An upgrade to TimeControl is identified by the 2nd level of the version number.  For example, in version 6.1.0, “1” would be an upgrade.  An upgrade to TimeControl may fix existing functionality and will contain enhancements to existing functionality as well as new functionality.  An upgrade may include some changes to existing data structures as well as additional data structure elements. Versions
A new version of TimeControl is identified by the 1st level of the version number.  For example, in version 6.0.0, “6” would be a new version.  A new version of TimeControl represents a change in the underlying architecture.  This may mean a change or an increase in the types of platforms supported, in the technology layers such as database connections or communications protocol and in the fundamental interface design and architecture.  A new version typically includes new functionality and enhanced or changed existing functionality.  In some cases, functionality in a new version is deprecated.  Data structures may undergo significant change in a new version compared to an old version. Build
In addition to new updates and upgrades, you may find a 4th digit in your version.  This is a “Build” number and this may change over time.  A new build is usually made when we identify a hotfix that is required but only for a limited circumstance so a complete new Update isn’t required. 
Where to find your version number
VersionInfo If you are the Administrator, go to the TimeControl administrator Menu, Select “About” in the Actions menu on the right and then click “Support Information”.  You’ll see a screen like the one here taken from the TimeControl evaluation system.  Here you can see the version is  That’s Version 6, Upgrade 6, Update 2 and build 1.
This screen also shows the version of every component of TimeControl.  The Technical Support team often asks for this information as a mismatch between one component and another after an upgrade can be a problem.

Friday, November 22, 2013

TimeControl Rates Tutorial

Sometimes here at HMS, we work with something within the TimeControl timesheet system so often, that we forget just how remarkable a feature it is. 
TimeControl and TimeControl Industrial Rates functionality falls right into that category.  There are numerous TimeControl functions that make up the Rates capabilities and we’ve now released a tutorial on how to work with those functions to solve business problems
Some clients need to price hours for invoicing.  Others need to cost the hours for job costing. Perhaps you have different rates for different clients or different rates for different projects.  The rates architecture in the TimeControl timesheet system is the most flexible in the industry and it must be because TimeControl is used for different purposes simultaneously. 
It is a key differentiator over other timesheet options.
Did you know that TimeControl supports an unlimited number of Rate Codes per employee or rates_tutorial_cover_200x258 an unlimited number of Rate Codes in the system?  And, for each and every Rate Code, you can store multiple values. Rates in TimeControl can be defined globally, at the resource or employee level and you can configure TimeControl to show only those rates that are appropriate to a particular situation.
TimeControl Rates can be used to track both internal costs and external invoicing values at the same time.
TimeControl Rates allows you to track an employee working at one rate on one project, and another rate on a different project in the same day.
TimeControl Rates allows the tracking of unpaid overtime and even though you have no extra actual cost today, you could still invoice the work recorded.
Rates play a key part of many timesheet scenarios and TimeControl responds to that challenge with its flexible rate structure.
Both current and prospective TimeControl architects can find out more about TimeControl Rates in our new tutorial at: and on the new section of the TimeControl website at

Wednesday, November 6, 2013

Updated DCAA Solutions area

Every year the US Defense Contract Audit Agency (DCAA) audits thousands of government contracts representing billions of dollars of value. dcaa_wp_cover_200x261 The Agency does this not only for the US Department of Defense but also for the Department of Energy, Homeland Security and many other federal and state agencies.  The DCAA sets standards for how to account for, track and invoice government contracts and amongst those standards are requirements for timesheet systems.
TimeControl has been used by many of our clients to help with their DCAA compliance and given HMS Software’s long standing high profile in defense and aerospace, it will come as no surprise that TimeControl has many features that were specifically designed to accommodate the DCAA.
On the TimeControl website, you’ll find a solutions area dedicated to how to configure TimeControl for DCAA compliance.  We’ve just updated the DCAA Solutions area with a new white paper, slides and webcast that are up to date with the latest in DCAA Requirements.  For more information on the DCAA, go to
Access to the DCAA Solutions area is free. You’ll find it at

Friday, October 18, 2013

Chris Vandersluis to speak at PMI Global Congress

HMS Software’s president, Chris Vandersluis speaks at events all over the world about Enterprise Timesheet and Enterprise Project Management systems and principles.  This month, you can hear Mr. Vandersluis speak at two Project Management Institute (PMI) events: If you are in the Ann Arbor area, Mr. Vandersluis will be presenting “Creating Business Prioritization for Projects and Portfolios” at PMI’s Hudson Valley Chapter On October 21st, You can find out more about this event on the PMI HVC website. Are you going to the PMI Global Congress in New Orleans?  On October 25th and 26th, Mr. Vandersluis will be speaking on two topics On Monday, October 28 at 10:45AM he will present “Cancel a Project Without Cancelling your Career”
On Tuesday, October 29 at 11:30AM he will present “Panning for Gold by Data-mining your Project Tracking Data”
You can find out more about the 2013 PMI Global Congress at:
If you’d like more information about these sessions, would like to meet Mr. Vandersluis during these events or to see more information on talks by Mr. Vandersluis, stop by his speaker’s site at or his EPM Guidance blog at or contact us here at HMS Software at