You are on page 1of 41

Last Updated: January 27, 2017

TeamMate AM
IT Overview

Product Version:
TeamMate AM 12.0
Table of Contents
Table of Contents ii
About the AM IT Overview 3
Product Workflow 6
Suite Architecture & Physical Tiers 7
System Requirements 8
Database Server Requirements 8
Web Server Requirements 10
Desktop Computer Requirements 12
File Server Requirements (Optional) 14
Terminal / Citrix Server Requirements 14
3rd Party Software Components 16
Installation Overview 17
Frequently Asked Questions (FAQ) 18
Architecture 18
Databases and Storage 20
Multi-user Accessibility 22
Replication 23
Encryption and Security 24
Compression 27
Backup and Disaster Recovery 28
Networking 28
Authentication and Passwords 30
Sending Data to TeamCentral 31
XML and Data Integration 32
MS Office Integration 33
Printing 33
Report Writing and Output Generation 34
Installation 34
Product Upgrades 35
Document Updates 37
Index 40
TeamMate Support 41

About the AM IT Overview
This document is designed to answer pre-implementation questions about the TeamMate
AMproduct suite. It is written for IT departments who are responsible for implementing the
TeamMate suite and need answers to specific questions and a high level overview before beginning
the process. It is recommended to engage the IT Department before installing the TeamMate suite of
applications. The complete implementation and installation guides for the suite are also available
upon request.
TeamMate AM is a suite of products combining both desktop and web-based technologies. The
combined suite allows auditors to identify, schedule, document, report, and track time and expenses
on audits using a modular approach. Each module can be installed and used independently with
individual databases. However, when the modules are used together with the same database, the
applications can interact and automate the entire audit workflow. It is highly recommended that the
entire suite be installed with the assistance of the organization's IT department. The following is a list
of the applications that comprise the TeamMate suite.

TeamMate Electronic Work Papers (TeamEWP)

Desktop application that allows auditors to complete all l Written in C/C++, C# .NET,
phases of the documentation and review processes COM, and WPF
l Integrates with installed ver-
sion of MS Office via COM,
WCF and VBA and VSTO
Office add-ins
l Includes Imaging solution
l Supports replication (internally
developed) between net-
worked and off-site users
Storage in Centralized Database or
locally (file share) in MS Access
Desktop application used in conjunction with TeamEWP l Written in C#(.NET)
allowing maintenance of knowledge base and pull into
Uses the TeamMate Centralized
Database or a stand-alone MS
Access database
Desktop application used in conjunction with TeamEWP to l Written in C/C++, COM
integrate imaging
Storage is within the EWP database
explained above

AM IT Overview 3
Desktop application allowing risk assessment on the audit l Written in C# (.NET) and WPF
universe to determine what to audit based on risk
l Includes ActiveReports report
Uses the TeamMate Centralized
TeamRisk Web
Web application that allows business owners and l Written in ASP.NET and C#
distributed auditors to contribute to the risk assessment
process l Requires web server
l Includes ActiveReports for
report display
Uses the TeamMate Centralized
Desktop application that allows schedulers to schedule l Written in VB.NET
projects and assign resources
l Includes ActiveReports report
Uses the TeamMate Centralized
TeamSchedule Web
Web application that allows users to view scheduled plans l Written in ASP.NET and
l Requires web server
l Includes ActiveReports for
report display
Uses the TeamMate Centralized
TeamMate Time and Expense Capture (TeamTEC)
Web application that allows users to enter time and l Written in ASP.NET and
expenses related to a project VB.NET
l Requires web server
l Includes ActiveReports for
report display
Uses the TeamMate Centralized

AM IT Overview 4
Web application (data-mining) that allows teams and audit l Written in ASP.NET and
management to view reports on the status of projects and VB.NET
exceptions across audits
l Requires web server
l TeamEWP users can send
information via XML over
HTTP to TeamCentral
Uses the TeamMate Centralized
Desktop application that allows TeamMate Administrators l Written in C# (.NET) and WPF
to perform various functions on the centralized database -
Uses the TeamMate Centralized
included in a separate installation

AM IT Overview 5
Product Workflow
The diagram below outlines the recommend auditing workflow that is supported by the suite of

Recommended TeamMate Workflow

NOTE: Applications can be installed and/or used independently, but would

lack data interoperability.

AM IT Overview 6
Suite Architecture & Physical Tiers
The TeamMate AM suite is very configurable and will adapt to most IT environments. The standard
configuration (in black below) is to have client computers, a web server, and a database server.
Optional configurations include distributed MS Access databases (green), regional replication server
(blue), and Citrix XenApp / MS Terminal Services (purple). We recommend the same database be
used by all applications.

AM IT Overview 7
System Requirements
This section lists the minimum hardware and software requirements for each of the tiers listed above.

Database Server Requirements

A database server is required for the TeamMate web applications and is recommended for the
desktop applications. When using a centralized database, the applications can exchange information
between each other and reporting capabilities are enhanced.

NOTE: Access is only supported as a centralized database for clients using

EWP only.

NOTE: Oracle is no longer supported as of TeamMate version 10.4.

Supported versions:

l SQL Server 2016 and 2016 SP1 Standard and Enterprise Editions
l SQL Server 2014, 2014 SP1 and SP2 Standard and Enterprise Editions
l SQL Server 2012, 2012 SP1, SP2, SP3 Standard and Enterprise Editions
l SQL Server 2008 R2 SP2 and SP3
l SQL Server 2008 SP4
l SQL Server Express 2012
l SQL Server Express 2008 R2
o See Section 2.1 for more information

The database server specifications will vary based on the needs and number of users in the
organization. Example database server specifications for three different types of organizations are
provided below.

Mid-sized Audit Teams

Database Server Small Audit (or combined Database / Large Audit
Specification Team Web server) Teams
Estimated Users 1-10 11-100 Over 100
Annual Audits N/A Less than 500 Over 500
Processor 3.0 GHz Xeon 2 x 3.0 GHz Xeon(Quad) or 4 x 3.0 GHz Xeon
(Quad) or Equivalent (Quad) or
Equivalent Equivalent

AM IT Overview 8
Mid-sized Audit Teams
Database Server Small Audit (or combined Database / Large Audit
Specification Team Web server) Teams
CPU Utilization Less than 50% Less than 50% Peak Less than 70% Peak
Memory 4 GB or greater 8 GB or greater * 16 GB or greater *
Hard Drive 100 GB or 150 GB or greater ** 150 GB or greater **
greater **
Dedicated Non dedicated Non dedicated Server Dedicated Server

* These are the minimum recommended values to ensure usable performance.

** Hard drive should be large enough to accommodate anticipated database growth.

Further environmental requirements for database servers:

l Database compatibility mode must be set to the level of the server with a minimum of SQL
l Database server operating system can be 32-bit or 64-bit.
l All specifications are based on Windows Server 2008 or higher.
l The installed database will be approximately 30 MB for MS SQL Server. The anticipated
growth will vary greatly based on which modules of the TeamMate suite are used, the number
of files attached to each audit, and the size/quality of scanned images. However, a typical
implementation can range from 25-100 MB per project.
l For small departments, the database and web server components can be shared on the same
l TeamMate AM supports AlwaysOn with SQL Server 2016. This method can be used with syn-
chronous, asynchronous, and Failover Clustering.
l A virtualized database server may differ in performance from a comparable physical imple-
mentation, and the implications of these differences should be considered.
l Native SQL Server Encryption can be used if additional security is needed; however Microsoft
estimates a performance hit when in use (see Section 5.5 for details).
l Oracle is no longer a supported database platform after the release of 10.4. There are tools
available to migrate from Oracle to SQL Server.
l The database and the SQL instance must have the same collation (SQL_Latin1_
General_CP1_CI_AS). Having the database and/or the SQL instance using a different col-
lation than specified is not supported.

AM IT Overview 9
Web Server Requirements
A web server is required for TeamCentral, TeamSchedule Web, TeamTEC, and TeamRisk Web. All
web server applications will work in a load balanced / server farm environment.
Supported versions:

l Microsoft Internet Information Server (IIS) 7, 7.5, 8.0, 8.5, 10

Running on:

l Windows Server 2008 R2 SP1, SP2, SP3

l Windows Server 2012
l Windows Server 2012 R2
l Windows Server 2016

NOTE: Apache or other UNIX / Linux web servers are NOT supported.

Mid-sized Audit Teams

Small Audit (or combined Database / Large Audit
Requirement Team Web server) Teams
Estimated Users 1-10 11 - 100 Over 100
Annual Audits Less than 500 Over 500
Processor 2.0 GHz Xeon or 2 x 3.0 GHz Xeon or Equivalent 4 x 3.0 GHz Xeon or
Equivalent Equivalent
CPU Utilization Less than 80% Less than 80% Peak Less than 80% Peak
Memory 4 GB or greater 8 GB or greater 8 GB or greater
Hard Drive 10 GB or greater 20 GB or greater 20 GB or greater
Dedicated Non dedicated Dedicated Server Dedicated Server or
Server server farm

Further environmental requirements for web servers:

l The TeamMate web applications will run on 32-bit and 64-bit operating systems.
l The application will run in the bit mode native to the operating system bit level. Example: In a
32-bit installation TeamCentral will run as a 32-bit application. In a 64-bit installation TeamCen-
tral will run in the IIS native mode so if IIS is set to 32-bit TeamCentral will run in 32-bit mode.
Otherwise TeamCentral would run as a 64-bit application.

IT Overview 10
l The TeamMate web applications CANNOT be installed on a domain controller. See Section
15.5 for more information.
l The application will take about 1 GB installed on the web server. As this is static program files,
no additional space on the web server would be required.
l For small departments, the database and web server components can be shared on the same
machine; however, it is recommended to split these items across different machines.
l Unless noted, it is assumed that the server has the latest patches and updates from Microsoft.
l The following items are required to be on the web server:
o MDAC 2.8.1 (will be installed during suite installation if not previously installed)
o Windows Installer 3.0 or higher
o .NET Framework 4.6.1 and 4.6.2 (the EXE will download and install 4.6.1, if not present)
o Microsoft Access Database Engine 32-bit/64-bit (the EXE will install the version based on
the bit-level of the OS)

IT Overview 11
Desktop Computer Requirements
Applications installed on the desktop include: TeamEWP, TeamRisk, TeamSchedule, TeamStore,
and TeamAdmin. Standard business class computers are sufficient to run all the applications within
the suite.

Requirement Description
Processor 1.6 GHz Pentium 4 or higher
Memory 4 GB RAM or more
Hard Drive 2 GB or more recommended

AM IT Overview 12
Requirement Description
Software Microsoft Windows (32-bit or 64-bit environments):
l Windows 7 SP1
l Windows 8.1
l Windows 10
l Windows Server 2008 R2 SP1
l Windows Server 2012
l Windows Server 2012 R2
l Windows Server 2016

NOTE: Windows RT is not supported.

Microsoft Office (for deep integration with TeamEWP):

l Office 2010 SP1 and SP2 (32 and 64-bit)
l Office 2013 (32 and 64-bit)
l Office 2016 (32 and 64-bit )

NOTE: Office 365 Cloud is not supported.

Other Requirements:
l .NET Framework 4.6.1 (minimum) and 4.6.2 supported
l MDAC 2.8.1*
l Microsoft VSTO*
l Windows Installer 3.0 or higher
l DirectX v9 or higher
* Included in the TeamMate EXE installations if not previously installed. See
What does the installation include for a complete list of software included with
the installation.
Web Browser l Internet Explorer 11, Chrome, Edge
Other l The TeamMate suite can run from an application server like Citrix
Considerations XenApp or Microsoft Windows RemoteApp (MS Terminal Services). This
scenario is optional. VDI is also supported in scenarios presenting an
entire desktop to users including the TeamMate applications.

AM IT Overview 13
File Server Requirements (Optional)
A file server is an optional component and not recommended for most environments; however, it can
be used to store TeamEWP audit projects when using the distributed model. The recommended
environment is to have all projects stored in the database server (centralized model). This does not
need to be a dedicated server.

Processor 1 x 2.0 GHz or greater

Memory 512 MB Ram
Hard drive 20 GB or greater (refer to Section 2.10 for project sizing requirements)
Software MS Windows 2008 Server or higher is recommended. However, some other
operating systems that allow file sharing (for example, workgroups and samba) are
supported. Distributed File Systems (DFS) are NOT supported.

Terminal / Citrix Server Requirements

For Terminal / Citrix server sizing, it is recommended to follow Microsofts Guidelines for resource
allocation according to normal business applications.
The memory usage will be larger than the Microsoft recommendations. TeamEWP is the most used
application and typically allocates between 100 and 200 MB of ram per instance. The processor
usage will vary based on hardware and usage scenarios.
The table below can be used as a reference to calculate the required resources.

1. Have a user login and test the application (single user only). Obtain the processor and memory
utilization for this user.
2. Enter the values in the table below to determine the required resources for the server.

Note Resources Values

A 1 User Memory Utilization Check Perf Mon - %
B 1 User Processor Utilization Check Perf Mon - %
C Total Number of Simultaneous Users From Client
D Total Memory Utilization A * C (should be between 60 and 80)
E Total Processor Utilization B * C (should be between 60 and 80)

AM IT Overview 14
Additional Notes:

l Memory is easier to determine how much needs to be added. Just change the total memory in
the system to get the memory utilization (D) below the 80 percent mark.
l Processor Utilization is more difficult to determine as the other hardware in the system (system
board, disk speed, etc.) affect processor utilization.
l If working entirely from the application server, the same version of Microsoft Office and Adobe
Reader must also be installed.
l The Terminal/Citrix Server CANNOT also be the Web Server. See Section 15.7 for more

AM IT Overview 15
3rd Party Software Components
This table lists the 3rd party software components licensed for distribution and are installed with the
TeamMate suite. It should be noted that often these vendors will use software components licensed
from other companies.

Software Company
Component Information Used by module
Active Reports Data Dynamics Reporting engine used by TeamSchedule, TeamRisk, TeamCentral, TeamTEC
LeadTools LeadTools TeamImage TeamEWP's imaging engine
Document Imaging
MSHTML Microsoft All Applications
Internet Explorer Required for HTML editing within the products
Infragistics Infragistics User Interface components used by TeamSchedule, TeamRisk, TeamCentral,
TeamTEC, TeamAdmin
MDAC 2.8.1 Microsoft All applications
Data Access
MFC and C++ Microsoft TeamEWP
Runtime Visual Studio sub-
Components system
.NET 4.6 Microsoft All applications
.NET Framework (not included in suite installation, but it will be
downloaded during the installation if needed)
MSXML 6.0 SP2 Microsoft All applications
XML Processing Engine
Xceed Zip Xceed Software Inc. TeamEWP Used to compress and encrypt projects and
transport files
dReveal InfoArch TeamCentral
Used for reporting engine
Telerik Editor Telerik TeamEWP, TeamAdmin, TeamStore Used for editing text

AM IT Overview 16
Installation Overview
This section outlines the recommended steps to install the TeamMate Suite for a new organization.
Further details can be found in the AM Installation and Technical Configuration Guide. These
installation steps will require coordination between the IT web server administrators, IT database
administrators, and the audit team leaders responsible for the implementation of the TeamMate

To install the TeamMate Suite for a new organization:

1. Create and configure a Test Environment. As an industry best practice, it is recommended to

first create an environment where a few select users can test both the desktop and server
applications. This will provide an opportunity to ensure the applications work within the envir-
onment and will give a few users an opportunity to get familiar with the various features of the
product. This environment should be maintained for future testing of upgrades and patches,
and can also be used to train end users. The various options required within the suite can also
be set up and evaluated for future use in the Production environment.
2. Create Templates, TeamStores, reports and global options. This step will be performed by
the audit team leader and the TeamMate Implementation Services team. Having these tem-
plates and stores available to the team before the product is rolled out completely will ensure a
successful implementation.
3. Create a Production Environment. Create a new Production Environment that duplicates the
Test Environment created earlier.
4. Develop a client rollout strategy. There are several options to roll out the client portion of the
suite to all of the users. Most large organizations use 'push' technologies that will simply push
down and launch the MSI. Other options for installation include setting up batch files or using
scripts. Be sure to refer to the AM Installation and Technical Configuration Guide, which con-
tains information on how to install the desktop modules of the suite. Make sure to include con-
figuration files (i.e. DBConnect.tmc, Service.config, and TMReg.ini) with the rollout. Also
consider any other files necessary to work offline if that is a requirement.
5. Rollout the client software. Implement the rollout strategy defined above and allow users
access to the software.
6. Provide training and best practices. Finally, proper training and best practices should be
provided so the users can get the most from the software.

NOTE: Users on TeamMate AM 8.2 must first convert the global database
and any distributed projects using 10.2, and then to the current version.
Conversion from 9.0.1 and higher is built into the current release.

AM IT Overview 17
Frequently Asked Questions (FAQ)
The following are the most commonly asked questions from IT organizations. Any question not
answered below can be addressed by contacting TeamMate Support.

Ref # Question Answer
1.1 Is TeamMate a TeamEWP is designed to take advantage of both a relational
document database and tight integration with Office documents. It is unique in
management the marketplace in its ability to have this hybrid approach. File
system for Office document references are stored in the database and the end-user
documents or a is unaware of the automatic check-out and check-in of documents.
database The other products within the suite are database management
application tools but also have the ability to store documents as attachments.
1.2 What portion of the TeamEWP, TeamRisk, TeamSchedule, TeamStore, and
product suite is TeamAdmin are client-server applications that are installed on an
client vs. web- end users workstation. Optionally, these applications can be
based? accessed via MS Terminal Server, MS RemoteApp, or Citrix
TeamCentral, TeamTEC, TeamSchedule Web, and TeamRisk
Web are web-based applications. They require Internet Explorer
on the desktop, TeamMate Web Server installed on the web
server, and access to the database server.
1.3 What network TCP/IP is needed for MS SQL Server.
protocols are The web applications use HTTP or HTTPS (TLS/SSL).
required? Optionally, TeamEWP can store projects on a file share and any
standard protocol used to connect to file servers is supported.
1.4 Can the application Yes, the desktop applications can run on application servers like
be used on thin Citrix XenApp Server, Microsoft Terminal Services, and Microsoft
client networks or RemoteApp. This can be done exclusively on the application server
application or in conjunction with the replication engine.
1.5 Is the system a All desktop and web applications require .NET Framework 4.6
J2EE or .NET There are no plans to provide a J2EE version.
architecture and
what are the
projected future

AM IT Overview 18
Ref # Question Answer
1.6 Are there any While there are no ActiveX controls used in the TeamMate Suite,
ActiveX controls or Active X controls must be enabled for TeamEWP to be used. For
COM components example, the link code uses a technology called Object Linking and
utilized? Embedding (OLE). That technology is one of a list of technologies
that Microsoft grouped together under the name of ActiveX.
The more specific term ActiveX Control defines a control that is
dynamically loaded by IE from the Internet on demand when it is
found in a webpage.
Since the IE settings do not separate the ActiveX technologies (i.e.
OLE) from the ActiveX controls, this setting must be turned on.
The primary security reason for blocking ActiveX Controls is that
anything that is dynamically loaded from the Internet could pose a
risk, but the TeamMate code is not dynamically downloaded; it is
installed by the EWP install process.
WCF utilizes COM to communicate with Microsoft Office and some
other internal utilities.
There are no desktop ActiveX controls (or installation) required to
use any of the web applications.
1.7 For COM The web software does not include or install COM components.
components on the
web server, what
general operations
do they perform?
1.8 Are there any 3rd The 3rd party tools are listed in 3rd Party Software Components.
party tools or All run-time distribution rights are provided by TeamMate.
1.9 Is there any If using the distributed model for TeamEWP, it is highly
hardware required recommended that a backup device such as a USB drive be used
other than a to maintain proper backups.
standard business
class computer?
1.10 Are 64-bit versions The 64-bit versions of Windows desktop and server operating
of software systems are supported.
1.11 Is there any type of Yes, there is an automated email notification system, which allows
automated email for system generated emails to be sent out based on user
functionality? preferences. This process utilizes a scheduled task to query the
database then the Unattended Console application generates the
email to the end user.

AM IT Overview 19
Ref # Question Answer
1.12 Are temporary files Yes, TeamMate uses temporary files both on the desktop as well as
used? on the web server. An example of how they are used on the
desktop is in the creation of temporary XML files used to create
reports for TeamEWP (360 Reporting). An example of how they
are used on the web server includes the reports generated for
1.13 Are web services Yes, TeamEWP requires web services in areas where there is a
utilized and if so large quantity of data being exchanged with the TeamEWP project
where? file. Those areas include:
l Replication and synchronization
l Get and Send Processing
l Create Project and Create Project Template
These web services are automatically installed when the web
server installation is completed.

Databases and Storage

Ref # Question Answer
2.1 What database All TeamMate applications work with MS SQL Server; see Database
platforms are Server Requirements for supported versions. MS SQL Server
supported? Express is also supported; however, it is not recommended for most
situations because of restrictions (i.e. memory and database size)
placed on it by Microsoft. See link below for details.
MS Access is also supported when TeamEWP Projects are stored
on a local computer with either the replication or the distributed
2.2 Which The recommended configuration is to have all data for all modules
applications use stored on a centralized database server (MS SQL). An optional
a physical file or configuration is to have TeamEWP data stored on a local computer
shared file for or file share using MS Access databases. This option is typically used
data storage as with some legacy implementations and is very rare for a new
opposed to a implementation.
2.3 When using If using the optional distributed model, TeamEWP projects are stored
physical as separate databases on a file share or local machine. Each
database files, TeamEWP project is stored in its own directory which is displayed to
where can the the user via the TeamMate Explorer.
database files

AM IT Overview 20
Ref # Question Answer
2.4 How are All the applications connect to the centralized database using
connections TeamMate connection files (.tmc). These XML-based files contain
made to the all the required database location and connection information. The
database? authentication information is encrypted.
A utility is provided to create these connection files. They can also be
created within TeamRisk, TeamSchedule, TeamStore, and
In the optional distributed model, TeamEWP connects to the MS
Access databases through a .TM information file. The .TM files
contain the connection information necessary to access the
databases located in subfolders within the parent folder. This
process is done via TeamMate Explorer.
2.5 How many user None, if using integrated authentication (MS SQL Server only). If
accounts need to using standard authentication, a single database user account is
be created for created on the database server. This user / password combination is
MS SQL Server? encrypted and saved in the .TMC file, which can be distributed to any
user in the organization that requires access to the database and has
the desktop application(s) installed.
2.6 Is Windows NT Yes. SQL Server can be configured for either Integrated Windows
Authentication Authentication or mixed mode.
supported to
connect to SQL
2.7 Where are In the centralized model, workpaper documents are stored within the
documents or MS SQL database as a blob (binary large object).
work papers In the optional distributed model, TeamEWP workpaper documents
stored? are stored on the file system outside the MS Access database. This is
done to avoid the MS Access database limitations.
2.8 How are Database administrators create the shell database and then use the
databases tool TMDBAdmin to initialize the database. Appropriate
created? documentation is provided.
Additionally, TeamEWP has the ability to create MS Access
databases under the distributed model.
2.9 Can we have the Licensed users can request the database schema by sending an
data schema? email to

AM IT Overview 21
Ref # Question Answer
2.10 How much The installed database will be approximately 30 MB for MS SQL
space is Server. The anticipated growth will vary greatly based on which
required? modules of the TeamMate suite are used, the number of files
attached to each audit, and the size/quality of scanned images.
Photo quality images (300+ dpi, color) can be many times larger than
evidence quality images (150 dpi, black & white).
A typical implementation can be 25-100 MB per project; however,
projects can range from 5 MB to over 500 MB. Another estimate is 1
GB per user; this could be used for an initial estimate for capacity
2.11 Can database At this time, only SQL Always On with SQL 2016 is supported as an
clusters be Active/Active failover clustering method. Any other clustering must be
used? an active/passive failover without SQL Replication.

Multi-user Accessibility
Ref # Question Answer
3.1 How does the TeamEWP will create logical locks for each view opened.
system ensure Subsequent users will be notified with a warning and the schedule
there are not will be opened as read-only should they want to proceed.
simultaneous edits The other products in the suite do not support database locks;
to the same however, transactions are used to ensure that groups of changes
information? go into the database at the same time.
3.2 How many The limit when using a server based database for TeamStore,
simultaneous TeamCentral, TeamRisk, TeamSchedule, and TeamTEC is largely
users can the based on the size of the hardware. See Desktop Computer
system support? Requirements for recommended hardware specifications based on
the number of users to support.

AM IT Overview 22
Ref # Question Answer
4.1 Is replication TeamEWP has an internally managed check-out and check-in
supported? process allowing the user to select and replicate specific areas of a
project or an entire project. These replicas can be downloaded
directly to the local machine or a transport file can be created and
saved to a temporary device (e.g., USB drive) or emailed to another
user. Another option is to replicate to a regional replica server (MS
While working on a replica, the system maintains a transaction log
which is processed during the merge with the master. There is one
unique master project with any number of replicas created by the
users. There is a limit of 3 levels for multi-tier replication scenario.
TeamEWP also has a feature where data is synchronized between
the database server and the local machine.
See "Suite Architecture & Physical Tiers" on page 7 for more
4.2 How long can a Replicas can be used as long as required by the user, until it is
replica be used? merged into the master project, or until the master is finalized.
4.3 How are conflicts TeamEWP has a sophisticated conflict detection and resolution
managed? capability that detects conflicts (edits on master and replica
simultaneously), notifies the user and allows the user to determine
which version should be retained.
4.4 Can native See "Database Server Requirements" on page 8 for more
database information.
replication be
4.5 Can databases A utility named TMDBAdmin will allow migration from one database
be migrated from platform to another. Supported migration paths include MS Access |
one platform to MS SQL and Oracle | MS SQL.
4.6 What two-tier SQL | SQL
replication SQL | Access
options (replica of
a replica) are

AM IT Overview 23
Encryption and Security
Ref # Question Answer
5.1 What is the TeamEWP security prevents users from bypassing the system and
purpose of the editing procedures, issues, work papers, and other audit information
security after they have been signed off. It is not designed to protect the data
mechanisms for if the computer is stolen. The only true mechanism for that concern is
TeamEWP? to use a hard disk encryption tool and standard network security
5.2 What type of AES-256 (Advanced Encryption Standard) is used to encrypt work
encryption is used papers and passwords stored inside the SQL database.
for workpaper and
transport files?
5.3 How are TeamMate utilizes the SHA-1 cryptographic hash function to create
passwords a 160-bit hashed value used for the storage and transmittal of user
protected within passwords. The actual password is first seeded and then converted
the TeamMate to the resulting SHA-1 hash value and stored in the database. The
Suite? additional seed provides additional protection vs. using SHA-1 only.
When the user enters their password to login to the application, that
password is run through the SHA-1 algorithm (again with an
additional seed) and then the application compares this value with
the value in the database without the application knowing the actual
password. If the hashed values match, the user is granted access.
If there are concerns then it is recommended to use the Windows
Authentication model, available for all modules, in which user
passwords are not stored in the database.
SHA-256 cryptographic hash functions are used for passwords for
the four compressed file types associated with TeamEWP (backups,
replica transport, update transport, and work papers)*.
Database passwords are encrypted using AES encryption stored in
the XML connection files.
5.4 Are the TeamMate When using a MS Access database for TeamEWP or TeamStore,
suite databases encryption is provided through the standard password protection
encrypted? functionality provided by MS Access.
When using MS SQL Server for the suite of applications, the
databases are deliberately not encrypted in order to allow
organizations to integrate with their own systems or import/export
data as needed.

AM IT Overview 24
Ref # Question Answer
5.5 What additional There are two main types of data stored in the TeamMate suite file
encryption options based and server based databases.
should be File based databases either reside on an end-users computer or on
considered? a file share in the organizations data center. TeamMate protects this
data by applying database level password protection. In addition,
many organizations have a standard policy of encrypting a
computers entire hard drive with third party software. When file
based databases reside on an end-users computer, this protection
extends to the TeamMate data.
Server based databases (MS SQL Server) are typically centralized
within an organizations data center and access to these databases
are restricted to the minimum number of people needed to
administer the database. TeamMate utilizes the authentication and
authorization models of these databases to control access to the
database. However, if additional security is needed, TeamMate
supports native SQL Server encryption.
5.6 Is it possible for Yes, it is theoretically possible for a malicious person to crack the
someone to crack encryption used on MS Access databases and obtain access to the
the encryption and encrypted work papers and data. This is part of the reason why it is
obtain access to recommended to use MS SQL Server and keep the data protected
TeamMate files? in a data center. Other security mechanisms, such as VPN,
TLS/SSL, SQL Encryption, and hard drive encryption, should be
considered to mitigate any further security concerns.
5.7 How can we There are several ways in which data can be secured while in
ensure our data is transit, either between servers or from a web server to the client
securely browser. For the desktop applications accessing data on the
transmitted across network, TeamMate recommends the use of "Enhanced Services
a WAN for both the Security", which provides additional encryption on data between the
web and client client and TeamMate web services so that any data transmitted
applications? between servers (or between a server and a client) would be
Another option for database traffic over the network is to establish a
trusted connection. For the web server, it is recommended that
TLS/SSL be used so that all web traffic is encrypted.
5.8 How are database Database connections to the central application data is via a
connections TeamMate connection file. The database username and password
including database are encrypted using AES 256-bit (Advanced Encryption System)
password and saved in an XML-based connection file. Typically these are
encrypted? created by the DBA using the product and distributed to the end-
TeamMate also supports an enhanced level of security for
connecting to the database, in which Windows manages all of the
encryption on behalf of the user, using the Windows Data Protection

AM IT Overview 25
Ref # Question Answer
5.9 Do users need No, end users can use the desktop applications with user or
administrative power user permissions. However, administrative permissions
rights to use the are needed to install the desktop applications. Administrative
system? permissions are not needed to use the web applications either; see
installation guide for NTFS requirements.
5.10 What network or The TeamMate web applications use the local IIS_IUSRS group.
service accounts Also, a service account is needed to run a scheduled task on the
are needed? web server. This account needs minimal permissions.
A service account would be required to act as the application pool
identities if Integrated Security is used for SQL Server.
5.11 Are there any U.S. The encryption techniques used within the database and work
export restrictions papers have cleared export regulations required by the U.S.
due to the Department of Commerce in accordance with Export Control
encryption Classification Number (ECCN) '5D002' and mass market TSU. The
techniques? Commodity Classification Automated Tracking System (CCATS)
number for TeamMate is G065170. In accordance with these
regulations, this software (with a valid TeamMate license
agreement) can be exported to countries outside of the United
States with the following exceptions: Iran, Cuba, Syria, Sudan and
North Korea.
5.12 Is TeamMate FIPS TeamMates encryption has been tested and runs and works
compliant? properly with the windows settings for FIPS cryptography 140-2, in
the standard configuration for the US Government Configuration
Baseline (USGCB).
The drive behind the United States Government Configuration
Baseline (USGCB) is to develop security configuration baselines for
products derived from Information Technology that are deployed to
the various federal agencies. This baseline arrived from the Federal
Desktop Core Configuration (FDCC) mandate. This process of
developing, vetting, and providing baseline configurations settings
was first described in a March 2007 memorandum from OMB to the
various Federal agencies and department leaders, as well as a
corresponding memorandum from OMB to the various Federal
agencies and department Chief Information Officers (CIO).
TeamMate Web applications are FIPS compliant using the FIPS
compliant IIS configuration.
5.13 What precautions TeamMate uses a combination of best-of-breed automated testing
are taken to detect (IBM/Rational AppScan) as well as manual tools to identify security
security vulnerabilities. TeamMate also performs penetration testing and
vulnerabilities? includes security awareness into the standard development

AM IT Overview 26
Ref # Question Answer
5.14 Where are the The encryption keys are not stored anywhere; they are dynamically
keys stored? generated based on the client data.
5.15 Are the keys the The keys are not the same per installation as they are dynamically
same for each generated from the clients data.
installation (i.e. will
the keys in our test
environment be
the same as the
keys in the
5.16 Can [the client] The keys cannot be changed as it would necessitate re-encrypting
change the keys? all existing encrypted data.
5.17 What additional l TeamMate implements a secure development lifecycle based
security best prac- on the Microsoft Secure SDLC.
tices does l Static code analysis for security concerns using HP Fortify.
TeamMate adhere
to? l Dynamic penetration testing using IBM AppScan, in addition to
manual testing.
l Focus on OWASP top 10 and CWE Top 25.
l Security response and mitigation process with dedicated team
to investigating and responding to security concerns.
l TeamMate hosting performs regular security testing and SOC

Ref # Question Answer
6.1 Are the The databases are not compressed; however, the TeamEWP work
databases or papers are compressed. This also optimizes the speed that it takes
contents of for the work papers as they travel from the database server to the
databases application where they are then uncompressed.
6.2 Are the Yes, backup files (.tmb), replica files (.tmr), and update files (.tmu)
transport files are all compressed and additionally encrypted using AES-256.

AM IT Overview 27
Backup and Disaster Recovery
Ref # Question Answer
7.1 Is there an When using a distributed model, TeamEWP has several backup
automatic options including automatic, frequency setting, and revolving backup
backup options. The location of this backup file is customizable.
mechanism? When using a centralized model, the central database would be
backed up by the DBA using the clients policies and procedures.
7.2 Is there a For the central database, the organization's DBA should address
disaster database issues based on internal policies and procedures.

Ref # Question Answer
8.1 What network All of the products are written using standard windows libraries to take
protocols are advantage of any network protocol supported by MS Windows.
8.2 What ports are TCP Ports 80 or 443 are used by the TeamMate web applications.
used by the TCP Ports 1433 and 1434 are used by the TeamMate desktop
system? applications for MS SQL Server.

NOTE: The defaults can be changed if


TCP Port 25 is used by the Unattended Console utility, which sends

out automatic email messages. This port needs to be open for
outbound traffic from the web server since this utility is part of the
TeamMate Server.

AM IT Overview 28
Ref # Question Answer
8.3 Does The TeamMate suite of applications has been tested using VMware
TeamMate Virtual Appliances (machines). No additional issues that would be
work in a virtual directly related to a virtualized environment should occur as long as
machine the virtual machine meets System Requirements.
environment? If using a virtual environment, it is assumed that the TeamMate
products will be running in a virtual machine that resides on a Host
machine of VMware or Microsoft recommended requirements. This
includes requirements stating what hardware level is necessary to
support our recommendations on the VM multiplied by the number of
virtual machines running on the VM Host.
Additionally, if TeamMate will be in production in a virtual machine, it
needs to be in a standard IT production environment, e.g., continued
uptime, failover support, backups, etc. Desktop computers running
virtual machines for server applications are not supported.
VDI technologies are also supported provided that a desktop with
TeamMate applications are presented to the user. It is the
responsibility of the customer to provide the correct licensing model of
Microsoft Office to support the VDI environment.

NOTE: While not tested with Microsoft Virtual

Server / Microsoft Hyper-V, the suite of
applications should function in the same

8.4 Are wireless It is fine to access the TeamMate web applications over a wireless
connections connection; however, it is not recommended to use the desktop
recommended applications over this type of connection. This is because poor
or supported? performance and possible data problems may occur as a result of the
instability and inconsistency of wireless connections.
The replication model or an application server is recommended for
this environment.

AM IT Overview 29
Authentication and Passwords
Ref # Question Answer
9.1 What All modules support Windows Authentication, which acts as a single
authentication sign-on. The application compares the users Windows domain login
model is used? to the account name stored in the TeamMate database. If
authenticated, the user is allowed into the application or TeamEWP
audit project. Windows Authentication also works with cached
domain accounts.
If Windows Authentication is not used, all modules also support
"basic" or "forms" authentication, which stores the username and
password in the database in an encrypted format. If for any reason a
user cannot authenticate via Windows Authentication (e.g., working
on a TeamEWP replica on a home computer), the desktop
applications will revert back to basic authentication requiring the user
to manually login with their username and password.
In addition, all the web applications support LDAP.
9.2 What are the If Windows Authentication is not used, by default passwords must be
password at least 6 characters. Users may set custom rules to govern
restrictions or password complexity in TeamAdmin. These rules may include a
guidelines? minimum number of total characters, capital letters, numeric
characters, and special or punctuation characters.
9.3 How are See "Encryption and Security" on page 24 for more information.
within the
9.4 Is single sign- Yes, using Windows Authentication. All modules support Windows
on (SSO) Authentication, which means a user can login to all applications in the
available? TeamMate suite based on their Windows domain account. In
addition, Single Sign On can be set with basic authentication in
TeamAdmin policies for desktop applications.
9.5 What happens If Windows Authentication is used, there is no need for password
if a user forgets resets. If Basic Authentication is used, the organizations application
their administrator (a.k.a. Champion) can reset the password using
password? TeamAdmin.

AM IT Overview 30
Ref # Question Answer
9.6 How are the Each application has a specific set of pre-defined roles. TeamAdmin
roles defined is used by the application administrator to establish the security
and can settings for each role.
security be In addition, TeamCentral and TeamEWP have a concept of security
customized for groups (similar to Windows groups) that can be established solely to
these roles? determine which group of users can have read-only access to
particular projects.
9.7 How does TeamMate integrates with Active Directory in two ways. TeamMate
TeamMate web applications support LDAP authentication using Active
integrate with Directory as a provider.
Active In addition, TeamMate has the ability to import user information
Directory? (excluding passwords) from Active Directory when adding users to a
project or centralized database. This information is not synchronized,
and all information remains independent in both data stores.

Sending Data to TeamCentral

Ref # Question Answer
10.1 How is data sent This is not needed if using the recommended centralized database
from TeamEWP to model.
the TeamCentral If using the distributed model, there are 3 methods for sending
application? data:
1. Sending directly to a web service running on the web server.
This method sends a stream of XML data and is then pro-
cessed on the web server and then inserted into the data-
base using a transaction. This is the recommended method.
2. Sending directly to a database via a local database con-
nection. This utilizes the applications Data Access Layer
(DAL) based on ADO.NET technology. This is essentially the
same processing as the web service but the processing is
occurring on the desktop machine.
3. Sending indirectly via a persistent XML file that can then be
imported into TeamCentral via the administration section.
Again, this is very similar to step 1, just done in two distinct
10.2 Is the data Yes, when using "Enhanced Services Security" or if Secure
encrypted during Sockets Layer (TLS/SSL) is installed. The data cannot be
the send? extracted on the wire and the XML data sent is never persisted on
the web server since it is sent as a stream.

AM IT Overview 31
XML and Data Integration
Ref # Question Answer
11.1 Does the system The XML specification is the recommended API to exchange data
support XML or into the system, out of the system, and in between the applications.
an API to import This can be made available upon request and includes the ability to
or export data? populate TeamStores, exchange procedures and exceptions
between TeamEWP projects, and import data into TeamCentral.
11.2 What are the TeamAdmin provides the ability to import the following items using an
methods Excel or XML file:
available to
import data? l Auditors
l Contacts
l Projects
l Issues
l Work Programs (procedures)
l Risk Universe (objectives, risks, and controls)
l Audit Universe (global organization hierarchy)
Templates are included in the installation.
11.3 Does TeamMate There is no direct integration between TeamMate and 3rd party
integrate or work document management systems since work papers are tightly
with SharePoint, integrated into the audit process and since the documents are
Documentum, or encrypted.
other document However, UNC and URL links can be added to the audit projects and
management opened outside of the system. With this approach, the documents
systems? would lose functionality like two-way hyperlinks, signoffs, and
tickmarks. The files would also not be included in a replica, which
means they cannot be accessed offline. If this functionality is needed,
a copy of the document would need to be imported into the audit

AM IT Overview 32
MS Office Integration
Ref # Question Answer
12.1 What versions of MS TeamEWP has very tight integration with MS Office 2010, 2013,
Office are supported and 2016. The primary modules that are supported are Word and
and which modules? Excel. Other Office documents such as Visio, PowerPoint,
Outlook, and Access databases can be attached using drag and
drop functionality.
TeamMate supports the 32-bit and 64-bit editions of MS-Office
2010, 2013, and 2016. This is in line with Microsofts
recommendation (
See "Desktop Computer Requirements" on page 12 for more
12.2 How is MS Office A Microsoft Office add-in written using VSTO (Visual Studio
Integration Tools for Office) technology is provided for both Word and Excel.
accomplished? The add-ins are always loaded and only become active when
TeamEWP launches the document. The communication
between TeamEWP and the add-ins utilizes Microsofts
Windows Communication Foundation (WCF).
12.3 Do we have full MS The full power of Word and Excel are available when launched
Office functionality from TeamMate. The two exceptions are that the File-Save As
when accessed from and Close options are removed from Word and Excel, but re-
TeamMate? enabled if the network connection to the centralized database is
lost. This is done to allow TeamMate to correctly store (and
optionally encrypt) the document. TeamMate does allow the user
to export a document.
12.4 Will I have the ability To use Office Integration Word and Excel trust center settings
to utilize macros with must be set to allow Macros with Digital Signatures to be run.
Office Integration?

Ref # Question Answer
13.1 Is there the ability to print Currently, there is not a "print all" button; however all of the
all of the forms and data data in the applications can be printed through a variety of
from the application? reporting and export options.
13.2 Are there any printer or No, TeamMate relies on the operating system.
printer driver

AM IT Overview 33
Report Writing and Output Generation
Ref # Question Answer
14.1 What is the report writer TeamEWP uses an internally developed MS Word add-in
or software used to called the 360 Report Authoring Tool to design reports. This
generate reports? tool allows users to create and export custom MS Word
reports based on information captured in TeamEWP. It also
allows users to import changes to those reports back into
TeamEWP. This allows an organization to provide reports
exactly as they are accustomed, as well as update the
source documentation.
TeamRisk, TeamSchedule, and TeamTEC utilize
ActiveReports product from DataDynamics. TeamRisk
includes the report designer.
TeamCentral utilizes a tool called dReveal that allows users
to generate reports, view data in a grid, or graph the data.
14.2 What is the generated TeamEWP reports are native MS Word documents.
output of these reports? TeamCentral, TeamRisk, and TeamSchedule allow
generation of reports in HTML, PDF, and Excel formats.
14.3 Can we use our own Yes, any report writer can be used against the TeamMate
report engine? suite database. The database schema can be provided to
licensed users.
Additionally, the TeamMate Report Services Team can
create or customize a TeamEWP or TeamCentral report for
a fee.
teammate-reports for more information.

Ref # Question Answer
15.1 What technology The installation of the TeamMate suite is based on Windows Installer
is used for the 3.0 technology with MSI and MSP files provided to the customer.
product The MSIs can be provided in EXE format.
15.2 How long does it The desktop applications take about 10 minutes to install.
take to install the The TeamMate server applications take longer as they require
products? installations on both the web and database tiers. IT Professionals
can install the web components and set up the database within about
a half day.
15.3 Can the Yes, a document is provided that details this process and also how to
installation be create a data file to set default preferences for each of the users
customized? automatically.

AM IT Overview 34
Ref # Question Answer
15.4 What does the The MSI installation files include all internally developed and licensed
installation components needed to run the application as well as user manuals.
include? The EXE installation files bundle the MSI file and will install the
following if not previously installed:
l MDAC 2.8.1
l .NET Framework 4.6 (added via download from Microsoft)
l MSXML Version 6 SP2
l Visual C++ 2015
l Visual Studio Tools for Office (VSTO) 2010 - for Desktop
l Microsoft Access Database Engine
15.5 Can the web No, the TeamMate Server software was developed and tested to be
applications be used with Microsoft Internet Information Server (IIS). Microsoft does
installed on a NOT recommend installing IIS on a domain controller. For more
Domain information, go to:
15.6 Are there logs There are a variety of logging options in the TeamMate suite,
created that can including file based and event-log based options.
be used for Please contact TeamMate Support for further details.
15.7 Can the web No, the TeamMate Web software was developed and tested to be
applications be used on a separate machine from where the Desktop software is
installed on the installed. There are shared components between the Microsoft
Terminal Server? Access Database Engine and Microsoft Office. As a result, different
versions or bit levels of these applications may conflict and result in
an unstable environment.

Product Upgrades
Ref # Question Answer
16.1 How often are Generally, a major suite release is made every 6 months. Minor
product updates and hot fixes are also created to address specific issues.
updates Wolters Kluwer reserves the right to vary this without notice.

AM IT Overview 35
Ref # Question Answer
16.2 How is TeamEWP distributed data will be converted automatically when the
database project is opened. For the centralized database, tools are provided for
conversion the DBA to perform the conversion.
l TeamEWP Distributed Projects can be converted from R9.0 to
the current version.
l Centralized MS SQL Databases can be converted from R8.2 to
any version up to the current version and from R9.0 to any higher
version; older versions need to be first converted to R8.2.
l Centralized MS Access Databases can be converted from R7.0
up to R10.3 and from R9.0 to any higher version.

AM IT Overview 36
Document Updates
This table lists the recent changes made to this document:
Date Release Change
January 2017 12.0 Added support for:
l MS Office 64-bit
l .NET 4.6
l Added support for Chrome, Edge, and Internet Explorer 11
l Added Enhanced Services Security option
l SQL Server 2016
l Windows Server 2016
Dropped support for:
l SQL Server 2008 SP3
l Windows Vista
l Office 2007
l .NET Framework 4.5.2
l Windows Server 2008
l Internet Explorer 9 and 10
March 2016 11.2 Added support for:
l Windows 10
l Office 2016 (32-bit only)
Dropped support for:
l Windows 8.0
l SQL Server 2008 SP1, SP2
l SQL Server Express 2008
l .NET Framework 4.0
August 2015 11.1 Added support for:
l SQL Server 2014, 2014 SP1, Standard and Enterprise Edi-
Dropped support for:
l SQL Server 2005 and SQL Express 2005
l Internet Explorer 9

AM IT Overview 37
Date Release Change
June 2015 11.0.2 Added content to this IT Overview in the Encryption and Security:
l Section 5.2 AES-256 (Advanced Encryption Standard)
l Section 5.17 Additional security best practices that
TeamMate follows
January 2015 11.0.1 Added support for:
l Visual C++ 2013
November 2014 11.0 Upgraded the Text Editor
Added support for SQL Server 2012 SP2
Dropped support for Internet Explorer 8
August 2014 10.4.3 Added support for:
l Windows 8.1
l Windows Server 2012 R2
l SQL Server 2012 and 2012 SP1, Standard and Enterprise
l Internet Explorer 11
l .NET 4.5.1 and 4.5.2
May 2014 10.4 Updated information on TeamMates compliance with FIPS 140-2
December 2013 10.4 Added support for:
l Windows 8
l Windows Server 2012
l Internet Explorer 10
Remove Borland Database Engine for legacy migrations
Dropped support for:
l Oracle
l Windows XP
l Windows Server 2003
There is a database conversion between 10.4 and any other
previous release. Users on 8.2 must convert first using the 10.3
release and then convert to 10.4. The conversions for R9.0 and
later are built into the 10.4 release.
November 2013 10.3.1 Added support for Office 2013

AM IT Overview 38
Date Release Change
May 2013 10.3 Added support for:
l SQL Server Encryption
l SQL Server 2012
Dropped support for:
l Internet Explorer 7
l Office 2003

AM IT Overview 39
Index I Windows Server 10, 13

Installation 34 X
Installation Overview 17 XML and Data Integration 32
.NET Framework 13
Internet Explorer 13
3 M
32-bit 13
Microsoft Internet Information
3rd Party Software Com- Server 10
ponents 16
MS Office Integration 33
6 Multi-user Accessibility 22
64-bit 13 N
A Networking 28
Architecture 18 O
Authentication and Pass-
Office 2016 13
words 30
Printing 33
Backup and Disaster Recov-
ery 28 Product Upgrades 35
Product Workflow 6
Compression 27
Replication 23
Report Writing and Output
Database Clustering 9 Generation 34
Database Server Require-
ments 8

Databases and Storage 20 Sending Data to

TeamCentral 31
Desktop Computer Require-
ments 12 SQL Server 8-9

Document Updates 37 Suite Architecture 7

Support 41
System Requirements 8
Encryption and Security 24
Technical Support 41
FAQ 18
Terminal / Citrix Server 14
File Server Requirements 14
Web Server Requirements 10
Help 41

IT Overview 40
TeamMate Support
If you are experiencing any technical difficulties, contact TeamMate Support using the appropriate
contact information below.

Region Support Numbers Email Address

North America [1] 800-449-8112
Central & South America [1] 773-866-3180
Europe, Middle East & +44 (0) 203 197 6555
Asia Pacific Support
Australia 1 300 728 236
All Other Asia-Pac [+] 800 224 00 224

NOTE: If the information in the table above is different than the website
below, the information on the website is the most up-to-date.

Also, on TeamMate Connect:

In addition to support services, all TeamMate user documentation is located in the Professional and
Technical Services Group on TeamMate Connect:

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, no part of this document may be reproduced, stored in or introduced into a
retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of Wolters

2017 TeamMate Licensing B.V. All rights reserved.

IT Overview 41