May
31
2012
Internal SugarCRM Project: Browser-Side Password Encryption System

We asked our engineering intern, Jim Rybarski, to contribute to our blog and give some insight to the internal projects he’s been working on while at Epicom. In this week’s mini-series update, Jim discusses the new Browser-Side Password Encryption System he developed for the Secure Password Emailer. If you haven’t read Jim’s post about the Secure Password Emailer, check it out here.

Previously I wrote about our Password Emailer module, which securely sends passwords to clients. What I didn’t discuss was where those passwords come from and how they are stored.

At Epicom, we have to keep track of literally thousands of passwords and it is of utmost importance that those passwords are not compromised.  We also need the ability to control who has visibility to certain passwords.  We have long used SugarCRM to handle our password management and it has always been setup in a very secure manner. However, it was quite cumbersome to interface with because it required that we use a command line interface on our computers that used the REST client to get the data out of Sugar.

Recently I revamped the user interface (UI) of our password management system to work from the web browser.  What makes our system so secure is that the encryption of the passwords is done client side.  The Sugar server itself does not have the ability to encrypt or decrypt the passwords, so the unencrypted version of the password is never sent over the Internet (even though we use SSL).

When we need to create a new password credential, we create the record in Sugar and then there is a javascript encryption library that we trigger from the action menu that asks us to input a key.  This key is memorized by the engineers at Epicom, but not stored anywhere.  It is used to encrypt the password before the record can be saved.

The same thing happens in reverse.  When we want to lookup a password, we open that record in the CRM. The password is unreadable until you trigger the javascript action to decrypt it via the browser.

This encryption/decryption routine can work with any field in any module, so it could be used to encrypt things like passwords or login credentials.  Sugar does have the ability to have encrypted fields out of the box that uses Blowfish and stores the data in the database in an encrypted manner. The problem with using Blowfish is that the key used to encrypt/decrypt is stored in the file system of Sugar, so if someone gets access to the file system then they can also decrypt the field.  Also, the field of data is decrypted server side, so the clear text version of it is only sent over the Internet when you access that record.  With our technique you have to know the key and the data is never sent over the Internet decrypted.

Epicom has a strict policy on protecting client data and the password encryption system was just another way to further improve our security. To help our clients do the same, I’ve made the service into a module-loadable package which can quickly be installed on any of our client’s Sugar instances.

If you have any questions about the Browser-Side Password Encryption System discussed in this post, please contact us at info@epicom.com.

May
25
2012
Survey Forms in SugarCRM

Create and Analyze Surveys in SugarCRM

One method of pushing data into your SugarCRM system is through a web-to-lead form. When someone fills out information on your website’s contact form, that information will push through as a lead in Sugar. Web forms can be used for creating leads, but they can also be used to push additional information into the record of an existing contact. Specifically, I’m talking about survey forms.

Epicom built a survey module in SugarCRM for customers needing to track and measure training evaluations, event surveys, quizzes, and customer feedback. With this customization, users can easily create their own surveys inside of Sugar.

Using the Sugar interface, users can create their own questions and answers. They can determine if they want the answer to be a check box, drop-down, open-ended, etc. In the case of quizzes, the user can designate correct answers for the form.

Once the survey form is built, it is posted to a landing page and the link can be sent out to designated contacts from the SugarCRM system. When the form is submitted, the answers are pushed back through to the survey module in Sugar. This data is related to the contact who completed the form, but can also be made anonymous depending on the purpose of the survey.

Using Sugar’s reporting functionality, the survey responses can be measured and graphically displayed in a chart. Also, these reports can be exported so that users can send out a summary of the feedback or responses.

In addition to having reportable data and feedback, it gives your sales team additional information about that lead or contact. For example, if you surveyed a customer and one of the questions asked them to rate their level of satisfaction, and the customer rated low on that question, you could run a workflow rule to notify the assigned sales rep. The rep could then follow-up with that customer to try to resolve the situation before it’s too late and the customer is lost.

The survey tool is versatile, cost effective and can be used for customer feedback, training evaluations, quizzes, and many other situations. Best of all, it is yet another way to utilize one application so that your data is centralized and accessible within your organization.

For more information on the survey module Epicom built in SugarCRM, email info@epicom.com.

May
24
2012
Internal SugarCRM Project: Project Status Tracking System

We asked our engineering intern, Jim Rybarski, to contribute to our blog and give some insight to the internal projects he’s been working on while at Epicom. In this week’s mini-series update, Jim discusses the Project Status Tracking System he developed. The beginning stages of taking on a new client can be very tedious and time consuming. We asked Jim to develop a system that would make this a smoother process. Here is what Jim had to say.

Taking on a new client at Epicom requires quite a bit of effort from a lot of different people. Naturally, we coordinate everything on our internal CRM, but a lot of the tasks were still mechanical. Recently, I was asked to build out a project management system to free up time for everyone involved.

The first few introductory emails that we send to new clients are essentially form emails. We figured there was no reason why this process shouldn’t be automated. However, we needed a way for employees to review the automated email before it is sent out. Some situations would dictate that we would want to modify the content or cancel the email completely (like for a simple change order). Our solution to this problem was to build a “Scheduled Email Module” so that the automated form emails get queued into the email scheduler. As soon as an email is put into the scheduler, a copy of the email is sent to whomever will appear to be the sender of the email when it gets sent. This gives that person a chance to review the email and decide if it is good to go or if it should be edited or paused. They have four hours from the time it gets scheduled to either modify it or stop it.

We also wanted to take advantage of Sugar’s built-in Tasks module. Before, we would manually schedule the introductory call, kickoff meeting, project start date, and projected completion date. Now the system calculates those dates based on the date the project was created and the number of hours the client has purchased and creates a task for each one. The system automatically assigns these tasks to the team leader on the project.

Since my start date at Epicom, I’ve noticed an increase in demand for detailed data on engineering activities.  As such, I added an “At Risk” and an “Estimated Projected Completion Date” field to each project, which is recalculated every night by a cron job. This way, a manager can easily be alerted to a project that might not get finished by the estimated deadline and allocates engineering resources accordingly. I also tacked on a “scrumlog”, which engineers fill out every Monday morning with a description of what they did for the project over the last week and what their plans are for the next week. In case the scrumlog is not filled out, the CRM system will send a reminder email to the engineer asking him to complete it. Any employee can easily read the scrumlog for any project and see all of the historical status updates to gauge where we are with any given project.

Because all of this can be easily integrated into our portal, it could potentially provide our clients constant feedback on the progress of their customizations or projects (in additional to the daily worklogs). All-in-all, this will help us spend less time organizing and more time programming, which is what we do best.

If you have any questions about the project status tracking system discussed in this post, please contact us at info@epicom.com.

May
23
2012
SugarCRM User Group: Importing & Exporting

On 5/22/2012, Epicom engineering manager Eric Wikman and Epicom software engineer Aaron Wine hosted a webinar on importing and exporting in SugarCRM. Training topics included importing data to add or update records, mapping fields, exporting from target lists, altering display columns when exporting data and more. The session wrapped up with attendee Q&A. Here are some of the most common questions we received from the session along with  responses from the engineers.

Q. How does creating your unique ID work?
A. You do not need to generate your own ID. Sugar will generate one for you. However it is important to not map any columns to the ID field (unless you have legacy IDs from an old system that you want to preserve).

Q. Is there a way to fix records before importing them?
A. You must fix records before you begin the import process.  We use Google Refine to manipulate the data before we import.

Q. How do I handle a single quote in records when importing?
A. On step 2 of the import process, if you select “View Import File Properties” you can specify if fields are qualified by a single quote or a double quote.  The generally accepted way of creating CSV files (RFC 4180) is to use double-quotes to qualify text. If the text contains a double-quote then you use a double-double-quote.  An example of that from RFC 4180 would be:
“aaa”,”b”"bb”,”ccc”

Q. Is the Excel plugin compatible with older versions of Excel such as 2003?­
A. The current generation Excel plugin only officially supports 2007 and 2010, but we can provide older versions upon request.

Q. Is there a plugin for Lotus Notes to “sync” like the Outlook plugin?­
A. Lotus Notes plugin is included in the Enterprise edition and is available as an add-on to the Professional and Corporate edition.

Q. Can you import files from Quickbooks­?
A. This is not available out of the box. However this is a common customization we have done before. 

Q. Are you considering creating a plugin for mac? ­
A.While this is not currently on the roadmap for us, it has been considered. We will further consider this when demand grows.

Q. When I import, I only go through a 3 step procedure. On what Sugar version can we see start checking for duplicates?­
A. The version we used in this webinar was Sugar 6.4.4, but the import wizard was re-written in Sugar 6.3. Any version of Sugar 6.3.x and 6.4.x works the way we demonstrated. 

Q. What about importing for our website? We have clients that register into our website, is there a way to import my contacts or clients to Sugar?­
A. You can use the Web2Lead form that is part of the campaigns module, or you can use the REST Web Service API to push the data.  

Q. When you export, do you have to save the Excel sheet as a CSV to be able to import back into Sugar at another time?­
A. Yes, you must save the Excel sheet as a CSV. 

Q. The batch file system isn’t part of Sugar – is that an Epicom module?­
A. That is an Epicom original that we offer. You can read more about that here

Q. If you do a web to lead form, how do you know the lead came from the website­?
A. There is a hidden field on the form that represents which campaign ID to associate the lead record with.

For further information on any of these topics, email info@epicom.com. Register for our next Online User Group here

May
17
2012
Internal SugarCRM Project: Secure Password Emailer

We asked our engineering internJim Rybarskito contribute to our blog and give some insight to the internal projects he’s been working on here at Epicom. In this week’s mini-series update, Jim goes over the new browser-side password encryption program (or Secure Password Emailer for short). Handling client passwords is a delicate task but we trusted Jim to do the job well and he did. Here is what Jim had to say.

Epicom is very serious about protecting client credentials, and while we have a very secure way of storing and accessing this information locally, sending passwords to clients makes one susceptible to all sorts of security hazards. Our previous standard practice was to call a client and verbally communicate their login information over the phone. It’s a reasonably safe method, but giving someone a random sequence of mixed-case alphanumeric and special characters is something best done by computer. Email is out of the question, as it can be easily read by an attacker.

A recent project of mine has been to create a Password Emailer module in Sugar to enable a convenient and safe way to communicate password and login information. When an engineer wants to send a password to an individual, he will open up the Password Emailer module, enter the password in the plaintext field and choose a client from our Contact list.

Then he will save the record, and he’s done! Behind the scenes, Sugar generates a random key, encrypts the password with it, and sends the client an email with a link to an entrypoint, with the ID and key as GET parameters. The record is then saved (minus the key), so the only information that ever gets stored in our database is the encrypted version of the password. Since the key isn’t stored anywhere, we cannot decrypt the password.

On the client end, they will receive an automated email from the engineer who created the record (we do this using the SugarPHPmailer class). This email will ask them to open up a link to read their message which is delivered over a secure SSL connection. Once the link is opened, Sugar decrypts the password with the key in the link and displays it for the client. It then deletes the encrypted password and records the IP address of the person who opened the link along with the time that they viewed it.

If a second attempt is made to open that link (or if an invalid ID is used, or the record is more than 72 hours old), the engineering department at Epicom will receive an email, notifying of a possible intrusion attempt.

The secure password emailer was built for Epicom to use internally, but is versatile enough to use in other situations. Because any message can be sent through the encryption process, secure data and information other than just passwords can travel safely to a contact. If you are sending confidential information such as passwords, bank information, SSN, financial data, etc. via email, we encourage you to consider a more secure method. If you have any questions about the projects discussed in this mini series, please contact us at info@epicom.com.

May
16
2012
Telecom Campaign Manager

During SugarCon 2012, BACO Realty, Epicom, and Twilio participated in a panel discussion about an innovative app Epicom built to better manage advertising campaigns in SugarCRM. The benefit of online advertising has always been its ability to measure effectiveness through click through rates and impressions. With traditional advertising, it’s difficult to measure the impact it has on sales…. except for now. Epicom has developed a Telecom Campaign Manager for SugarCRM which tracks campaigns via a unique phone number, records and stores inbound calls, and reports the effectiveness of each advertising campaign.

The Telecom Campaign Manager is built using an integration to Twilio, a cloud communications platform used for voice, conference and SMS applications. Epicom has completed several integrations between SugarCRM and Twilio such as Click-to-Call, SMS text message alerts, screen pops, conference bridging, and more. Epicom initially built the Telecom Campaign Manager for customer BACO Realty, a self storage company with facilities nationwide. BACO’s main source for leads is its advertising campaigns including traditional media such as billboards, newspapers, magazines, and radio. They also do online advertising on websites like Facebook and Craigslist.

Telecom Campaign Manager

After deploying the Telecom Campaign Manager, BACO Realty can now track all of its advertising campaigns inside its SugarCRM system.

Unique Phone Number Creation: For each campaign created in SugarCRM, BACO generates a unique phone number for that ad group. This is done by choosing the desired area code or zipcode and then selecting from a list of available local numbers to buy. The unique phone number is generated using Twilio and enables the phone number to be tracked and recorded. After this, BACO chooses the local storage facility it wishes to bridge the new phone number to. By using phone numbers and having the flexibility to bridge them, BACO can place ads in local markets and have callers or prospects automatically routed to the correct storage facility in their area.

Call Logging: When a call comes in from the phone number generated by your Sugar campaign, the call is automatically logged in SugarCRM. Additionally, the phone number, caller name, ad campaign, and lead source are automatically stored in the new lead record. The status of the logged call is also automatically updated to reflect a missed, in progress, or completed phone call.

Call Recording and Storage: Each inbound call, that comes into Sugar from the unique phone number, is recorded. A recording of the call is instantly stored inside of Sugar and can be played back for quality assurance or training purposes for new phone operators. Up to 10,000 minutes per month of recording storage is included with each license of the Telecom Campaign Manager.

Call Script: When an operator answers an inbound call from one of the telecom campaigns, the call and lead record are automatically created. In addition to this, Epicom designed a call script which is automatically generated for the operator. This was built custom for BACO and made to work seamlessly with the Telecom Campaign Manager by auto populating known information such as ad campaign, caller ID, and area code and phone number. The operator can then walk through the call script and qualify the lead and simultaneously update that lead record.

In the case of BACO Realty, the operator asks questions such as storage unit size needed, moving date, items needed to be stored, etc. The script includes drop down fields and check boxes to enable the operator to complete the form while on the phone. Once the call is complete, this information can be used to fulfill quotes for rental requests.

Reports and Metrics: Because each ad group has a unique phone number generated through the Twilio integration, the Telecom Campaign Manager can accurately track the effectiveness of each campaign. Users can determine which ad source brings in the most leads, the most qualified leads, and the largest won opportunities. Additionally, companies can determine which local store is more successful with advertising and can drill-down on which medium works better in certain markets.

The Telecom Campaign Manager works well for tracking advertising campaigns as well as any promotion that involves a phone number. The product eliminates the need for operators to ask “how did you hear about us.” It saves time by automatically creating call and lead records and prefilling known information. Most importantly, it enables managers to run reports on the effectiveness of marketing and advertising campaigns and stores a complete recording of the call to ensure excellent customer service is provided.

For more information on the Telecom Campaign Manager, email info@epicom.com.

May
11
2012
SugarCon 2012 Highlights

It’s been about two weeks since SugarCon 2012 wrapped-up in San Francisco. This year’s conference sent me back to Austin with an overwhelming amount of optimism and motivation. With more than 1,000 attendees, inspiring keynotes, informative breakout sessions, and tons of networking opportunities, Epicom can officially chalk this one up as a success!

From my perspective, SugarCon was more than just a two-day users conference. It began with our customers’ participation and advocacy, our partners’ support, our engineers’ creativity, and of course the great relationship we’ve developed with the Sugar team and other Sugar channel partners.

My top five highlights of SugarCon 2012 are Epicom’s customers, our partnerships, the presentations, the Sugar App Throwdown, and the Sugar team.

Customers

Not just customers… but advocates. When we ask our customers why they choose Epicom, we consistently hear that we are easy to work with, have smart and creative engineers, and we are priced right. Two of the three things reflect on the outstanding Engineering team we’ve built and are proof that it all starts with great work.

Several of our customers attended SugarCon for the sessions and training, but a few went above and beyond by presenting their case study in sessions and doing video testimonials.

I want to thank Steven Ford from BACO Realty and Matt Davidson from USAFact for being amazing customer advocates for Epicom and for presenting during SugarCon 2012. In addition to the breakout session, Matt was also included in SugarCon’s closing keynote as one of two featured customers.

 

Partnerships

Over the past two years, Epicom has dedicated a quarter of its SugarCon booth to highlighting our amazing technology partners. Companies like Twilio, Pardot, Adobe EchoSign, Entrinsik, Omni, and Transverse are all creating robust products that fit nicely into the Sugar ecosystem. Epicom has recommended and integrated dozens of our partners’ applications with SugarCRM. At SugarCon, we collaborated with several of our partners to drive traffic to our booth, highlight our integrations, and share success stories of customers using our partner’s products with their SugarCRM system.

Epicom worked closely with Transverse, the makers of the Tract billing system, to show-off the integration between the all-in-one activity-based rating, billing and subscription platform and SugarCRM. To creatively show this integration in action, Epicom and Transverse used a remote control slot car racing game as a real life example. The race track came with software to measure lap and race times, driver history, and number of wins. Epicom integrated the race track software into SugarCRM, so that each driver/SugarCon attendee could be recorded and reported on inside of Sugar. Epicom and Transverse took this a step further and integrated the Tract billing system with the Sugar race scores and “billed” the drivers per lap using the billing software. The race track was setup outside of Transverse’s booth for attendees to play and see the integration first hand.

Other partners such as Twilio, a cloud-based application used for voice, conference, and SMS communications, had their own booth or kiosk at SugarCon to show-off the products. Twilio used Epicom’s SugarCon DEMO system to demonstrate several integrations Epicom built between SugarCRM and Twilio such as Click-to-Call, SMS text message alerts, screen pops, conference bridging, and more.

Having a booth at SugarCon has been great for Epicom, but the best part is sharing an entire exhibit hall with great partners and products, and seeing that ecosystem grow each year.

Great Keynotes & Presentations

Larry Augustine’s opening keynote set the stage for SugarCon and the official announcement of IBM’s move from Siebel to SugarCRM. Larry painted the picture of the CRM marketplace and discussed the opportunity for SugarCRM to increase market share. His presentation was just what Sugar users, partners, and analysts wanted and needed to hear.

Guy Kawasaki, the award-winning author of Enchantment: The Art of Changing Hearts, Minds and Actions, gave an excellent presentation that was engaging, motivational, and funny. His theme was how to be enchanting. In his presentation, Guy outlined concepts from his book and explained how to put those ideas into action to create happier and more loyal customers. Plus… they gave out free books, which Guy autographed afterwards.

Epicom’s customers also had their place in the conference schedule (BACO Realty’s Telecom Campaign Manager session and USAFact’s session on its use of Mobile CRM to drive sales and operations). In addition to those sessions, Epicom CEO & Founder, Bill Harrison foreshadowed and presented his ideas on CRM mobile apps. Bill discussed how Mobile CRM will reshape the CRM industry and even prototyped department specific apps for smart phones. Unfortunately, the presentation was not recorded, but the slides are posted and include excellent research on the evolution of social media, mobile devices, and how it all relates to the CRM industry.

App Throwdown

Epicom engineer Danny Mulvihill presented his virtual whiteboard app for SugarCRM during the SugarCon App Throwdown. Danny was among the six finalists chosen to DEMO their app on stage. Each finalist had three minutes to impress the audience, and more importantly, a panel of top industry experts including Paul Greenberg, Brent Leary, Esteban Kolsky and Denis Pombriant, and Clint Oram from SugarCRM.

Danny represented Epicom extremely well and impressed the judges with his confident stage presence, his explanation of unique use cases for the app, and the app’s innovative interface. Congrats Danny!

The “Sugas”

The “Sugas”, SugarCRM’s nickname for its team, are my final highlight of my SugarCon experience. I’ve been working closely with SugarCRM’s marketing team for two years. Because of the relationships we’ve built with the Sugar team, we are more in sync from a marketing, customer service, and engineering standpoint. The people at Sugar are not only motivated to take SugarCRM to the next level, but they are creative, fun, and are representative of a great working relationship and partnership.

During the SugarCRM Partner Awards dinner, I was recognized among Sugar’s channel partners as the Most Creative Marketer in 2011. This came as a surprise to me and I was extremely honored to receive this award. I have a lot of respect for the Sugar team and look forward to working closely with them as both SugarCRM and Epicom continue to grow.

For more information about SugarCon 2012, email info@epicom.com

May
10
2012
Internal SugarCRM Project: Time Tracking System

Epicom’s engineering intern, Jim Rybarski, is winding down his Spring semester with Epicom. He has completed several internal projects including a project status tracking system, the launch of our customer portal, and a new browser-side password encryption program. We asked Jim to contribute as a guest blogger on our site to share some insight to the work he has done for Epicom. We are breaking his posts up into a weekly mini-series where he will go into detail about the internal projects he completed. Let’s see what Jim had to say.

Until recently, engineers at Epicom kept track of billable time using Klok – a time tracking software to measure billable hours. The process was pretty clunky – engineers would have to create cases and keep track of time with that program; and then at the end of the day , they would manually input their totals into Epicom’s internal SugarCRM instance for each individual client.

When I came to Epicom as an Engineering Intern my first assignment was to create a time tracking system in Sugar. This would make things simpler and more efficient – engineers would just open up a case in our CRM and press the “Start Clock” button, work on it, and click the “Stop Clock” button. The time would be automatically summed for each client, and the nightly cron job would then determine how many billable hours to charge. We also decided to add a popup that asked the engineer to describe what they worked on every time they clicked the Stop Clock button.

With the time tracking system in place we can leverage all of Sugar’s functionality to do other things with this data. For example, we are thinking about creating a portal for clients so they can receive live updates on their project (which is why we added the description box), and they could see exactly how much time was spent on each aspect of their customization. This level of transparency would allow clients to know exactly what adding that extra button or creating some logic hook really cost them, and since we’re programmers this will be a good thing.

I had assumed when I was first hired that I was going to do this just in PHP and MySQL, and that it would take me a few hours at most. I couldn’t have been more wrong. I was pretty good at PHP when I started, and my SQL wasn’t terrible, but knowing nothing about Sugar presented a serious challenge. I went through developer training and read the developer manual, but it still took about a month of trying things out and looking at custom code written by other engineers before I really understood how everything fit together in Sugar. But now, if I had to do the entire customization from scratch, I’m very confident I could get the entire thing built in less than a day.

If you have any questions about the projects discussed in this post, please contact us at info@epicom.com.

May
9
2012
New Features in Sugar 6.5

In this concise Tips & Tricks video, our software engineer, Aaron Wine, walks us through some of the differentiators of SugarCRM’s newest version, Sugar 6.5. He begins by going through some of the visual differences in the user interface, which include the positioning of the Module Tabs and the location of the admin tab.


The admin tab now has a drop down feature, which saves screen space. He also goes over the features of the new Plus control, which allows a user to quickly create modules.

In Sugar 6.5, users now have a full functioning calendar which supports recurring meetings, allows to drag-and-drop events, as well as an “invite” option to include others in an event.

He also explains the usefulness of the new Text Search and demonstrates its functionality. For more information on Sugar 6.5, email info@epicom.com.

May
4
2012
Customizing Dashlets and Tabs in SugarCRM

In this short training session, Epicom’s software engineer Tommy Wiebell discusses dashlets and dashlet tabs in SugarCRM. Because dashlets are the first visual users are exposed to when logging into the system, it is important that they are customized accordingly.

Layout is the first step in customizing your dashlet tabs. You are given three layout options, which Tommy goes over in detail. “Everything is customizable per user, so whatever you select here will not be pushed out to any other user.”

You are then walked through the process of adding a new dashlet to a specific tab. He explains the ease of adding a notepad dashlet to keep “pen and paper” style notes. If you wish to add a report dashlet that you have created, that is also possible. In this case, Tommy, shows us how he adds a website to a dashlet. This allows an outside webpage to be navigated from within your dashlet screen.

He then explains the process of altering the display columns in the dashlet. “You can have multiple account dashlets, and break them out into different categories and set different filters based off of the type of data you want listed.”  There is even an auto-refresh option, making sure you are always shown the latest data.

Now that you know how to change the dashlet display columns, you might be aesthetically inclined and want to alter the positioning of the dashlets as well. “It’s just a simple drag and drop,” Tommy explains.

The last topic covered in this video are dashlet pages and how to add a custom page. For more information on dashlets and tabs in Sugar, email info@epicom.com.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

Subscribe

RSS

Sign-up for our monthly newsletter.

Find Us Elsewhere

twitter youtube vimeo flickr
Epicom Corporation © 2013
info@epicom.com   |   (512) 481-9000