knights of columbus investigation report on uknight 2 - kinkade report.pdf · appendix a – sample...

Knights of Columbus 1 - 60

Knights of Columbus

Investigation Report on UKnight.org June 16, 2015

V2.01

Prepared by: Ian Kinkade

Information Design, Inc.

Name Action Version Date

Ian Kinkade Initial Draft Report 0.0 02-23-2014

Ian Kinkade Final Draft Report 1.0 03-04-2014

Ian Kinkade Updated Report 2.0 06-02-2015

Ian Kinkade Finalized Draft 2.0 06-15-2015

Ian Kinkade Updated Draft with changes 2.01 06-16-2015

Case 1:17-cv-00210-RBJ Document 85-2 Filed 10/10/17 USDC Colorado of 60


Table of Contents Overview .................................................................................................................................... 4

Audience ................................................................................................................................. 4

Executive Summary ................................................................................................................... 5

Introduction ...............................................................................................................................11

Description of UKnight.org ........................................................................................................13

Customer Support ..................................................................................................................13

UKnight Goals........................................................................................................................14

Market Center ........................................................................................................................15

Other Services .......................................................................................................................16

UKnight Cost Structure ..........................................................................................................16

UKnight Pages and Navigation ..............................................................................................19

Software ................................................................................................................................19

Operating System ..............................................................................................................20

Web Server & Application Server .......................................................................................20

Database ...........................................................................................................................21

Security..................................................................................................................................21

User Security .....................................................................................................................21

General Security ................................................................................................................22

Infrastructure .........................................................................................................................22

Current Production Environment ........................................................................................22

Hosting Company ..............................................................................................................24

Hardware ...........................................................................................................................24

Monitoring ..........................................................................................................................25

Disaster Recovery Site .......................................................................................................25

Backing up the systems .....................................................................................................25

Suggested Improvements .........................................................................................................27

Staffing ..................................................................................................................................28

Software ................................................................................................................................30

ASP ...................................................................................................................................31

Database ...........................................................................................................................32

Security..................................................................................................................................33

Single Sign On Services ....................................................................................................34

Infrastructure .........................................................................................................................34



Production Environment .....................................................................................................34

Additional Recommendations.............................................................................................36

Staging and/or Testing Environment ..................................................................................37

Development Environment .................................................................................................37

Operating Expenses ..............................................................................................................37

Summary ..................................................................................................................................39

Appendix A – Sample Pages .....................................................................................................41

Review of the Home pages ....................................................................................................41

Home page ........................................................................................................................41

Council Site Feature List ....................................................................................................42

Get Started Now ................................................................................................................43

Excerpts from the Council Presentation .............................................................................44

Excerpts from How to Set up Your Council Site .................................................................45

The six steps necessary to set up your Council site for the first time ..................................46

Excerpts from the General Agents Setup Guide .................................................................48

Excerpts from the Field Agents Setup Guide ......................................................................49

Excerpts from the District Deputy Features & Benefits Guide .............................................50

Excerpts from the UKnight Market Center Guide................................................................51

Header of Home Page ...........................................................................................................52

Top Section of the 9299 Council home page: .....................................................................52

Bottom Section of the 9299 Council home page:................................................................53

Admin Login Page ..............................................................................................................54

Home Page of the Admin Center .......................................................................................55

Council Forms ....................................................................................................................56

Degree Schedule ...............................................................................................................57

Appendix B - UKnight Projected Revenues ...............................................................................59

Appendix c - UKnight Projected Expenses ................................................................................60



Overview To meet the growing needs of the KOFC field operations and the needs to grow membership, The Knights of Columbus have requested Ian Kinkade of Information Design, Inc., to prepare an updated report on www.UKnight.org Web Site and the supporting company operations.

This is the follow-up report that will update the information and status of the UKnight operations.

The scope of the assignment was to provide feedback to the KOFC stakeholders on:

x A technological evaluation of the Web Site x A security evaluation of the Web Site and the supporting operations x The current state of the Web Site including its completion and future plans x Expansion and capabilities of the Web Site and the supporting operations x Sustainability of the Web Site and the supporting operations x Evaluation of the proposed relationship between UKnight and KOFC

Audience This document is focused on those stakeholders that have an interest in knowing the status of the UKnight.org Web Site and the operations of the UKnight Company.



Executive Summary During February 2014, Information Design, Inc., was requested by The Knights of Columbus to conduct an investigation and produce a findings report on the operation of the UKnight organization and the Web Site.

The basic findings indicate that the Web Site is quite well designed as an initial offering and seems quite well suited to the needs of the KOFC Councils and other groups. The Web Site style could be described as a Social Media Site for KOFC Members since it offers almost instant access to the creation of a Web Site specific to the KOFC Council or other group. Customizing the site to the specific needs of that particular group is very easy and simple to master, and therefore, the acceptance has been very good.

This report updates the findings of the original report and provides a view of the operations and progress of the UKnight operations.

The UKnight Web Site has the following customers (numbers provided by UKnight) for UKnight Interactive:

Site Description 2014 03-04

2015 06-02

2016 Projected by

UKnight

Total International Population

Paid Field Agent Sites 134 151 428

1,265 Field Agent Sites awaiting renewal or past due

468 515 1,000

Paid Council Sites 294 675 3,500 10,000

State Council Sites 44 51 Unknown 80

General Agent Site 55 70 100 135

Chapter Site 13 90 NA NA

Assemble Sites (not in original report) 27 254 NA 3,233

Totals 1,035 1,957 5,028 14,713

Of the total Councils, there are now 675 Councils that have adopted the UKnight Web Site. UKnight are planning on making a major push to sign up many more Council’s and other KOFC groups over the course of the next 12 months and are projecting to have 3,500 Paid Council sites by year end 2016. UKnight is also projecting to increase their paid Field Agent Sites from 151 to 428 by year end 2016. These are very ambitious goals as the growth rates will have to increase rapidly in order to meet these goals.

The advantages to the adoption of the UKnight site by the KOFC groups rather than each KOFC group building their own are as follows:

x A fixed style that presents the KOFC Brand in a consistent manner



x The content is controlled by a member or members of that group

x The content is selected to be relevant to that group since they are maintaining the site

x The features of the site have been customized to the needs of each KOFC group

x The site offers the ability for the KOFC groups to have a calendar of events maintained on the site together with details of the event and directions.

x The group can select from a two of three column style. This enables them to select the style best suited to their needs. Slide shows and videos are quite common on the sites.

x The cost for the site is $150.00/year for Councils and $300.00/year for General Agents and Field Agents. This is an extremely low figure and a typical web site would cost much more and the group would have to design, create and maintain it or outsource to a company at a much higher cost.

x UKnight offers the ability for the various groups (Councils, Chapter, Districts, etc.) to show advertising content on their particular site and share the revenue with UKnight. It is expected that the advertising revenue will more than pay the cost of the Web Site. Currently there are some sites that have advertising content but the UKnight procedures need to be established to ensure appropriateness of the advertising content and therefore there are only a few groups that have adopted this feature.

There are some negatives associated with the current UKnight operation as follows:

x The UKnight Financials projected the following income:

o $77k in 2013

o Projected 2014 income of $830k

o Estimated YTD income without advertising is estimated to be approximately $168k as shown in the table below

o An estimated short fall of $662k based upon the previous projections


2015 Projected Income

2016 Projected by UKnight


Paid Field Agent Sites 151 $45,300.00 428 $128,400.00

Paid Council Sites 675 $101,250.00 3,500 $525,000.00

General Agent Site 70 $21,000.00 100 $30,000.00

Totals 896 $167,550.00 4,028 $683,400.00

x The UKnight paid site numbers are as follows:

o Number of paid Council Site in 2013 was 294

o Projected number of Paid Council Sites for 2014 was 2660

o Actual YTD Paid Council Sites at June 2015 is 675

o A short fall of 1985 Council Sites



x The sales growth between 2014 and 2015 shows a significant achievement in most areas. However, the overall penetration of the total market is only 13%.

x Although UKnight state that they had plans, when a request was made for a Business Plan, a Marketing Plan and an Operation Plan they were not available. UKnight then proceeded to create a summary version of these plans which has been completed in approximately one week. This includes a conceptual business plan for cooperation between UKnight and KOFC for the expansion of the UKnight operations.

x In 2015 overall UKnight site consists of approximately 534 User Pages and 1,662 Administration Pages. A re-design and build in a modern platform is required since the ASP (page) has continued to grow as new users are contracted and that together with a growing number of database tables does lead to the potential for future instability.

x Investigations of a complete redesign of the site have revealed the following estimates:

o Ranges between 30K and 50K for the redesign

o Ranges between 200K to 320K for coding, testing, documentation and deployment

o Utilizing existing Portal Service Offering, the cost could be dramatically reduced and would really be focused on redesign and styling of the site. There are a number of vendors offering off the shelf portals with customization/configuration tools that would enable rapid deployment at a fraction of the cost of coding. Additional investigation would be required to ensure that this type of service could support the potential number of users and groups. One of the most popular portals is Liferay (www.liferay.com).

x The current Data Base utilizes Microsoft SQL Server and with 256 tables illustrates a lack of understanding of database design. It is admirable to consolidate all of the individual site parameters, data and links to videos and links to pictures in the database but there should not so many tables to define these entities. In addition, the authentication of users is also stored in the same database and the user passwords are not encrypted.

x The current UKnight Web Site is very limited and the staff are as equally limited. If the operation is destined to grow then there are a number of areas that will need to be addressed:

o As more KOFC groups adopt the UKnight site, there will be a need for increased customer support. The current web site offers many “How To” information, but as the number of customers grow so with it the need for direct support. UKnight has added one part time volunteer Customer Support Specialist to the existing Full time Customer Support Specialist working with the KOFC groups to determine their specific needs. This level of part time and full time staffing could support the current growth but not rapid growth should there be widespread adoption of UKnight. The UKnight operation has been functioning with a limited staff and this is reflected in the sales growth of the operation. A comparison of the 2014 to 2015 staffing levels is shown below:

� 2014: Total 3 but a mixture of full time paid and part time volunteer.

x One Full Time Paid Developer

x One Part Time Volunteer Tester



x One Part Time Paid Customer Support & Sales

� 2015: Total 6 but still a mixture of full time paid, part time paid and part time volunteers.

x One Full Time Paid Developer

x One Part Time Volunteer Developer

x Two Part Time Volunteer Testers

x One Part Time Paid Customer Support

x One Full Time Paid Customer Support & Sales

� Summary:

x The staff levels are still limited and consisting of a mixture of part time volunteers and other part time staff.

x The two principals are the only full time paid employees, with one focused on development and the other on customer support and sales.

o The current Full Time Customer Support Specialist also performs the duties of a Sales Specialist together with the Full Time Developer. While the sales are increasing they are only penetrating about 13% of the total KOFC market and UKnight will need to hire additional at least 3 additional sales specialists if it wishes to grow. Aggressive marketing and a corresponding sales effort is required by UKnight to gain additional penetration and profitability.

� Although sales have increased between 2014 and 2015 there is a huge population that are as yet not utilizing UKnight and this points to a lack of sales staff.

� The UKnight projections show that they plan to increase the Sales Staff to two Full Time Sales Specialists but this may not be sufficient to maintain the current sales growth and attain the growth that UKnight projects. The UKnight plan calls for an increase from 675 Paid Councils in 2015 to 3,500 by 2016 year end. This is an almost 5 times increase in 18 months. In addition, UKnight projects the following growth rates:

x 3,500 in 2016

x 5,500 in 2017

x 7,000 in 2018

x Topping out at 8,000 in 2019

� In order to attain the UKnight expected growth rate for 2016, a concerted sales and marketing effort would be needed which will require significant funding, planning, staffing and implementation.



o UKnight plans to move from their current Hosting Company EnterHost to Rackspace in order to enable them to expand the infrastructure and improve the level of support provided by the Hosting Company. They intend to maintain the existing software configuration on Rackspace, increase the storage the number of cores and memory allocated to each server and obtain additional network bandwidth.

o The UKnight plans also call for a migration from Microsoft Active Server Pages (ASP’s) to Java Server Pages (JSP’s) in order to improve the ability for connectivity with the KOFC Infrastructure. However, UKnight is only investigating migration vendors and not considering a redesign since they contend that that will provide them with a new base on which to expand their operations and offerings. It is my opinion that this could be a disaster since they are only moving from one old style technology to a slightly newer technology and this will not considering major changes in the site and database design.

In summary, UKnight have revealed their plans and while they are ambitious they will require a significant increase in staff and a corresponding large increase in sales growth in order to sustain the profitability of UKnight. However, their financial plans do not show significant increases in staffing levels.

The Web Site needs to be reviewed in detail to provide a stable, hardened and professional infrastructure that can support the operation. Migrating from APS’s to JSP’s might make it easier to with the KOFC Infrastructure and might improve the options for security but without a normalized database the prospects of a stable platform that can sustain the growth projected by UKnight is not likely.

The last report concluded that UKnight must change the Login pages from HTTP to HTTPS (Secure Socket Layer and use a Certificate). They did make this change but never changed the manner in which passwords were stored. The method used to store User Credentials needs to be changed to utilize a Directory Server rather than storing them (in plain text) in the same database as all other data and parameters.

UKnight has proposed three options for establishing a relationship with The Knights of Columbus as follows:

x Option 1: An annual fee of $3,000,000 for UKnight to continue to own and operate the service.

This option does not make good business sense unless KOFC had significant ownership and a seat on the board of UKnight since UKnight would have income of $3mm/year plus their own sales and would be able to run their company. Of course it is understood that there would have to be a contract that had performance clauses and other language to cover situations that could cause embarrassment to KOFC and enable KOFC to have some input to the running and programs being offered by UKnight. I am not sure that this option is of value to KOFC as stated.

x Option 2: Dark Site Activation costing $36/Dark Site/Year which would be around $468,000/yr decreasing as the sites become live.



This option might encourage UKnight to expand its sales since the Dark Site income is $36/yr while the activated income to UKnight would increase from $36/yr to $150/yr. However, UKnight’s financials show that they are topping out their Council sales level at 8000 Paid Councils in 2019 but the proposed option in based on 13,000 Councils Dark Sites. Why not base the Dark Sites on the same number as the UKnight goal and then both parties could set mutually accepted targets for closure. As the option is stated, the benefits would all be to UKnight since there is no indication of contractual oversight or even interaction between the parties. As stated this is not a very good option.

x Option 3: KOFC to acknowledge UKnight as an authorized vendor.

This option would cause a direct connection between KOFC and UKnight, while KOFC would not be able to effect or influence the direction of UKnight. There is implied liability and although there could be legal language created to cover most situations, there could be situations that could cause embarrassment to KOFC. As stated not a very good option.

On review of the financials provided by UKnight show an aggressive sales growth in attaining Councils as customers and promoting site advertising while not having any formal relationship with KOFC. There are a number of options that could be proposed by KOFC:

x No change in the relationship since UKnight is projecting total revenue of $684k with a Net Profit of $123k in 2016 with 3,500 paid Councils, 100 General Agents and 428 Field Agents under contract. So, why should KOFC become involved and have implied liability when UKnight seems financially sound (these are their numbers) and does not need KOFC involvement.

x Make a counter offer to buy a majority position in UKnight or buy them out completely and replace the management team with a team selected by KOFC. This would provide:

o A high comfort level for KOFC since the team would be directly responsible for their actions

o It will be easier to attain new customers since the company will be directly connected to KOFC

o It will not be profit driven (although this does not preclude them from making a profit)

o It will be able to maintain a high level of integrity for the materials that are shown on the site(s).



Introduction The purpose of this report is to provide the Stakeholders at Knights Of Columbus (KOFC) an explanation of the UKnight.org site, its capabilities, limitations and gaps.

The UKnight operation was started about six (6) years ago by Steve Michlik (a KOFC Field Agent) and his Son in an effort to create a Web site that would enable Steve’s insurance operation to have a presence in the market place and have a platform from which to communicate with the KOFC members in his area.

About six (6) months later in 2009, Steve Michlik brought Terry Clark on to develop the site, since Steve’s Son was going off to college. Terry Clark is a very experienced programmer, analyst and web developer with many years of computer experience starting with Main Frames and high performance computers.

UKnight was formalized and established in as an LLC in July 2011 with three Managing Partners:

x Steve Michlik x Terry Clark x Leonard Labrola

In March 2014, the partner structure was changed and is still as shown below:

x Jonathan Michlik x Terry Clark x Leonard Labrola

Over the past six (6) years, Terry, Steve and Leonard have had many meeting/discussions with KOFC Agency Members, Councils, Chapters, and Assemblies and were able to determine the specific needs of each group. In addition, they have their own experiences in the insurance market and with the KOFC organization to develop a Web Site that is tailored to the specific needs of the KOFC field organization and its membership. When the original report was compiled I did not have any supporting testament from any of the UKnight users to collaborate the aforementioned claim of the UKnight team, but on the surface the web site seems easy to use and has a great deal of functionality that could be well suited to field operations. A survey was conducted in 2015 and can be referenced to provide greater insight into the success of UKnight.

The UKnight Web Site could be described as a Face Book style site since a Council or Chapter, etc., can create a Web Presence or Web Site without having to develop code. It only requires some basic decisions on which layout (2 or 3 columns) and then adding content (text, pdf’s, video links) to input templates.

The Web Site is based on the Microsoft Active Server Pages (ASP) Framework which provides dynamic web pages enabling the same pages and embedded code to be used by many users who have the same needs but different data or content. All of the pages are ASP and not ASP.NET since the majority of the pages were created before stable releases of Microsoft ASP.NET. The site could be described as a highly data driven site since the basic framework is constant but the content is dynamic. Originally the expansion of the site was to use ASP.NET but this has been tabled in consideration of a modern framework that will natively support additional security features and Responsive Design in their desire to add mobile services.



The data for this site resides on a Microsoft SQL Server database while the dynamic content (images, videos, pdf’s, etc.) resides on disc storage of the MS Web Server with filename pointers stored within the MS SQL Server. The decision was made to store the dynamic content, as disc files rather than directly within the database and this was a good decision since it is more efficient due to the size of these files. Storing them in the database might cause some performance and efficiency issues since the files can be quite large.

There are basically two types of users for a site created on UKnight:

x Normal members of the Council or other organizational group that wish to view the site.

x Administrative Users that have been appointed by the Council to update their site content.

UKnight has prepared documents that are available on the site for those members that wish to establish a site those that wish to maintain the content of the site. In addition, there are Frequently Asked Question (FAQ) documents, help pages, Webinars and call in support currently offered by UKnight.

Appendix A, contains a selection of sample pages from the web site that illustrate the pages that a user would see and those used by the Council members responsible for site content.



Description of UKnight.org The UKnight operation consists of an office location at 1220 Coit Road, Suite 106, Plano Texas, with three staff members, the UKnight.org Web Site which is hosted by EnterHost.

The current staffing at UKnight consists of:

x Development *** Terry Clark

x Development * Jim Goode

x Testing * Jonathon Michlik

x Testing * Jerry Mishork

x Customer Support ** Adan Fernandez

x Customer Support *** Leonard Labrola

x Sales*** Leonard Labrola

Notation Key: (*) Part Time Volunteer (**) Part Time Paid (***) Full Time Paid The majority of the UKnight staff is involved in development and testing with only two in Customer Support and one split between Support and Sales. Although the staff members might have a specific assignment, they all participate in efficiently solving any customer issues that arise. The only issue with the current staffing is the mixture of paid and unpaid that does not provide a high level of continuity.

Discussions and plans are underway to hire additional staff but UKnight contends that there is sufficient staffing to meet the needs of the operation since 75% of the sites are activated without assistance from UKnight. History shows that Knights that need assistance contact the Help Desk a few weeks after activation to gain an understanding of how particular parts of the system function. UKnight has over 1000 sites activated and the current Help Desk volume is 250 contacts per month with 75% contacting by email.

Customer Support UKnight is in process of implementing the ManageEngine ServiceDesk help center solution to provide a modern and sophisticated Incident Management, Problem Management, Change Management and detailed reports that will maintain a high level of customer satisfaction for issues raised and closed efficiently.

The Help Desk support staff physically write tickets but this will change with the introduction of ManageEngine to a more streamlined method that can provide immediate tracking status and service level impact analysis. The current response window for all reported issues is 24 hours.



The projected UKnight Help Desk contact volume has been doubled to allow for peak volumes and rapid growth. The table shown below was extracted from the UKnight Interactive Plan 2015 and shows the anticipated demand can be handled by the current staff level:

The current Help Desk and support materials are in English, but UKnight plans to product them in multiple languages and UKnight will hire multi-lingual support staff.

UKnight has sponsored live webinars and plans to offer them on a regular schedule of weekly webinars specifically for Council Officers, District Deputies, Assemblies and Field Agents. Additional webinars are planned for Councils to assist them in utilizing the tools and site to improve membership participation, recruiting, fundraising, etc.

UKnight Goals UKnight has been in operation as a LLC since 2011 and has been able to create a Web Site mechanism that enables the Councils and other groups to have a Web Presence very quickly, easily and a very low operating price. Over the years UKnight has tuned there site and marketing position to be tightly focused on the needs of the Councils and other groups to assist them with getting their specific message out to their membership.

The UKnight goals are as follows;

x Increase the Number of Members with an emphasis on younger Members

x Increase Member participation and Retention

x Improve Fund Raising Effectiveness

x Increase Administrative and Reporting efficiencies

x Increase Sales of Financial Products.

In addition, with the approval of KOFC, UKnight would like to offer the following marketing promotions:



x Provide feature articles to Columbia Magazine and other Fraternal Publications

x A UKnight Newsletter featuring success stories, Tech Tips, “Knights helping Knights: Tips from Bothers in the Field”

x UKnight would like to participate in Conventions and Conferences to promote the UKnight Web Site Service.

Market Center UKnight offers the ability to include advertising on the individual sites and share the income with the particular site. This service is called “Market Center” and provides the Councils with a source of income that they can use to pay for the site or utilize with the promotion of the order.

UKnight has commenced this service and plan to staff a Market Center to assist with contracts, clear the Ads for appropriateness (posting guidelines are stated in the K of C By-laws) before they are posted and to ensure that they are being posted to a schedule. Support materials have been produced to explain the program and how it is implements.



Other Services As part of setting up any Web Site, there is a need to obtain a Domain Name that enables users can find the site by simply entering the Domain Name into their browser or using it for the address of the email. A Domain Name and is offered by Internet Authorities and large web site vendors such as GoDaddy (www.godaddy.com) or Network Solutions Inc. (www.networksolutions.com) for a small annual fee. Many Council’s want to have their own Domain Name and they had to work with a selection of vendors in order to obtain one. UKnight has made an arrangement with GoDaddy to provide the Council’s with domain Names and Forwarding email addresses at a reasonable price point.

Typically, the special price from GoDaddy is between $10 and $12/year and includes one (1) free forwarding email addresses.

There is also a special price for eMail Forwarding with the Domain Name of five (5) emails for $10/year.

UKnight currently receives a commission from GoDaddy of $200-$300/month on the Domain Registrations and email addresses.

UKnight Cost Structure The cost structure for the UKnight Service to the KOFC member organizations is:

Councils: $150.00/Year

Field Agents: $300.00/Year

The organization model of the KOFC is shown below:


http://www.godaddy.com/

http://www.networksolutions.com/


The base number of entities in each organizational unit (Internationally) is shown below:

The following table was constructed using the data supplied by UKnight and the 2015 Total Population from the illustration above.


2015 06-02

2016 Projected by

UKnight

2015 Total International Population

Paid Field Agent Sites 134 151 428

1,265 Field Agent Sites awaiting renewal or past due

468 515 1,000



Paid Council Sites 294 675 3,500 14,000

State Council Sites 44 51 Unknown 80

General Agent Site 55 70 100 135

Chapter Site 13 90 NA NA

Assemble Sites (not in original report) 27 254 NA 3,233

Totals 1,035 1,957 5,028 18,713

It should be mentioned that UKnight has only penetrated 675 paid Council sites out of 14,000 possible sites (or ~5%), 151 Field Agent Sites and 70 General Agent.

The Web Site is based on the Microsoft Active Server Pages (ASP) Framework which provides dynamic web pages enabling the same pages and embedded code to be used by many users who have the same needs but different data or content.

The data for this site resides on a Microsoft SQL Server database while the dynamic content (images, videos, pdf’s, etc.) resides on disc storage of the MS Web Server with filename pointers stored within the MS SQL Server. The decision to store the dynamic content as disc files rather than directly within the database was a good decision and is more efficient since some of these files can be quite large and could cause issues with the database maintenance and performance.

The UKnight Web Site is open to the general public for viewing and is basically a vehicle for providing information about the local KOFC group and publication of their events. It is also a vehicle for encouraging new membership.

The UKnight structure contains nine (9) specific sites plus a UKnight Mobile Service and Site Control as shown in the illustration below.

Each site is accessed by selecting the site type and then the site number. In the case of a Council site, the Council Number would be entered. There are specific pages are really templates that become specific to the site type, when the appropriate reference number is entered.

The page count for each site is as follows:

Site Description 2015 Potential # Sites

2014 Approximate

# Pages

2015 Approximate

# Pages

2015 Administration

Pages +

General Agents 135 3 39 155

Field Agents 1265 16 26 113

Council 14,000 Unknown 213 394

State Council and College Council 80 38 129 384

State Convention Unknown 10 Unknown Unknown



Site Description 2015 Potential # Sites

2014 Approximate

# Pages

2015 Approximate

# Pages

2015 Administration

Pages +

District Deputy * 3269 4 2 42

Assembly 3233 22 72 208

Chapter Unknown 18 32 182

Degree Schedule Unknown 3 Unknown Unknown

UKnight Mobile NA 7 21 0

Site Controls NA 2 2 184

Total 21,982 123 536 1,662

This is basically a good design in principal since it keeps the look and feel throughout the UKnight site and makes it easy for the Administrators to enter new content. The major problem with the site is the growing number of undocumented pages

The Degree Schedule site has a number of very unique features which will be covered later, but this is a good example of just using a template that is dynamically filled from information contained in the database.

UKnight Pages and Navigation Originally this section contained a number of sample pages taken from the site. They were quite detailed, self-explanatory and consumed considerable space so they have been moved to the rear of the report in Appendix A.

Software The site was designed using Microsoft Active Server Pages (ASP’s) and supported using Microsoft Internet Information Server (IIS) and Microsoft SQl Server. There is a substantial volume of ASP code in the pages that needs to be maintained but it is relatively easy to add new features since most of the functionality have already been coded and the database has a very large amount of information on the structural units such as Councils, Assemblies, etc.

The use of this version of Microsoft ASP is now quite obsolete and has been replaced by Microsoft .NET and ASP.NET. However, the path to upgrade form the standard ASP technology to ASP.NET or .NET is not a simple or easy migration path and would require a rewrite of most of the pages and possibly changes in the logic and page flows. So, UKnight is basically locked into this version of Microsoft ASP or facing a rewrite to .NET or a rewrite to some other platform. They could continue to operate with the existing code base for years but eventually this technology will not be supported on the OS and Servers (IIS and SQL) and therefore they will have to change. So, there is no immediate need to change unless sufficient funds are available to sustain the redesign and coding of the site on a new technology.



Operating System The Operating System (OS) is Windows 2008 R2 Server running on Virtual Machine host hardware. This is a very popular OS but does not offer the best security protection for applications. However, this site does not have credit card or financial information that would encourage malicious or unscrupulous activities.

Denial Of Service (DOS) attacks will be addressed with the Hosting Company, the possibility of SQL Injection has been addressed by parameterizing and code changes, Login pages have been changed to HTTPS but there are still other types of attack that could still perpetrated on the site and therefore the site needs to be hardened.

The Application Server and Database Server are running on Microsoft Windows 2008 R2. This version of the OS reached its End Date for Service Pack Support on April 9, 2013 and has an End Of Service Date of Jan 13, 2015.

UKnight are aware of the above but cannot upgrade to the latest version of the OS due to some deprecated features that MS SQL Server needs and are not supported in the upgraded OS.

Web Server & Application Server The Web and Application Server is the Microsoft Internet Information Server (IIS) version 7. All of the existing ASP pages are codes in the original ASP language and not ASP.NET. There is only one instance of the IIS V7 running on a single VM and should this fail for any reason the site will not be available until it can be repaired. The single server seems to be capable of providing sufficient performance for the current user load (in 2014 there were 30k visits per week and in 2015 it increased to 82k visits per week) but they may reach a limit on simultaneous connections/sessions very soon and fail. If the UKnight site is more widely accepted then there is a risk that the site will not be able to maintain the additional load.

In the second quarter of 2014 additional 10GB of storage was added and in the fourth quarter of 2014:

x The Windows IIS7 Server was upgraded from 2 vCPU’s to four vCPU’s.

x The Windows IIS7 Server was upgraded from 2GB or RAM to 4GB Ram.

x The SQL Server was upgraded from 1 vCPU to 2 vCPU’s.

x The SQL Server was upgraded form 2GB of Ram to 4GB of Ram.

The increased vCPU’s and Ram are a good indicator that doubling the traffic has required doubling the number of vCPU’s on each server. If the sales growth continues as projected the existing configuration will reach maximum very quickly and additional VM Servers will need to be deployed.

There have been reports of session failures by the field that could be attributed to a number of conditions and situations. I have asked UKnight to investigate the Log files for the IIS7 Server and Web Server to determine the cause. Based on the comments it could be something quite minor but it could be resource exhaustion and this would require additional memory or additional VM’s. Another cause could be simply the length of the session time out value. I recommend checking the session timeout for regular users and Administrative User’s and applying Best Practices timeouts.



Database The database being deployed in a VM with Microsoft Windows Server 2008 R2 and Microsoft SQL Server 2008 R2 with 194 tables in 2014 but 256 tables in 2015.

The database is used as a reference repository for dynamic content and as repository for the User Credentials.

Two main issues exist with this design: x There is only one instance of the database running to support the site with its database

on the database host.

x The dynamic content files are currently stored on Web Server Host.

x Should the database Server (MS SQL Server) fail of any reason, then the site would be inoperative until the MS SQL Server could be repaired or a new instance of the VM containing the MS SQL Server was restarted.

The database is backed up nightly as a scheduled SQL Agent Backup event and an additional task in the Windows scheduler will execute a Ctera Cloud operation to store the backup file in an external cloud. In summary, the backup files stored locally and on an external cloud. This provides a high level for timely recovery of the data and VM’s.

Security The hardware and Internet security is currently under the control of the hosting company (Enterhost) and is the norm for basic hosting companies. The hosting company provides administration services for IP addresses and port number control on their firewalls. The IIS Server and Database are supported on two VM’s with just basic firewall security.

The Site has its own Certificate (not able to verify the actual certificate) and it seems HTPPS is now being used when account information is being passed to the web. This is a major improvement from the last report as all user credentials were passed in the clear without encryption.

UKnight is considering changing the Hosting Service Company to Rackspace in order to improve service uptime, expanded bandwidth and disk storage expansion. At the present time EnterHost is limiting the expansion capabilities and the cost of upgrades is higher than that of RackSpace.

User Security User Authentication is now performed using HTTPS pages and the User Credentials are still being stored in the MS SQL Database in clear text. At the time of the original report it was observed that none of the Login screens utilized HTPPS. This has been changed and now all Login requests utilize HTTPS.



The current site does not require its membership to login to the site since the site is basically public facing. However, when membership maintenance (such as email addresses, telephone numbers, postal addressor membership details, etc.) or dynamic content updating is required then the User is expected to login to gain access to the Administrative functions. The login to a particular Council requires Membership Number (assigned by KOFC), plus the Members Council Number and a password or in some cases the Members Date of Birth. The authentication process requires the member’s Council number is picked up from the Login page of the Members Council together with their Membership Number and Password

The use of the Date of Birth as a password or password guessing is not Best Practice and can lead be relatively easily broken since there are no limits on the number of Login failures or even tracking of the login failure events. This is a major failure and will make it easy for hackers to break the passwords. This is being considered as task for implementation this year.

General Security During the original investigation there were discussions with the hosting company and they informed me that they have Redundant Cisco 7600 Routers, Redundant Tipping Point Intrusion Detection, Redundant 6500 Core Switches, Redundant VLAN Switches and Microsoft Virtual Machine technology.

This is still in operation and UKnight are planning to move their operations to RackSpace Managed Cloud the third quarter of 2015. The reason for considering this move is based on limitations on bandwidth, storage and cost of hosting by the EnterHost when compared to Rackspace services and cost structure.

Infrastructure The current infrastructure is provided by a Hosting Company called EnterHost which is located in Ft Worth Texas. The hosting Company provides the Internet Services, Virtual Machines, Software Licensing, operating procedures, eMail Services, patch management for the Operating System and primary software components and monitoring of the machines and network.

Current Production Environment The Production environment is limited to two VM’s running Windows 2008 Server R2 and distributed as shown in the diagram below. UKnight considered adding redundant Active Directory Servers and fully load balanced IIS7, Web Servers and SQL Servers but this option was never implemented



Cisco 7600

Cisco Firewall Services

Module for 7600

Core Switch Cluster

TippingPoint IPS

Cisco Firewall Services

Module for 7600

Cisco 6500-E

TippingPoint IPS

Cisco 7600

Internet

Cisco 6500-E

Internap FCP“route control”

Cisco Virtual Switching System (VSS)

Hosting Environment

IIS V7Server

Legend

Private NetworkBackup NetworkPublic Network

BackupNetwork

MS SQL Server

x The first VM is running the Microsoft IIS Server, which includes the Web Server and Application Server.

x The second VM is running the Microsoft SQL Server and in addition has the content files on the same disc drive.

x A shared disk array is partitioned to provide the storage needs of the various primary software components.



Hosting Company The Hosting Company, EnterHost has its Data Center in the basement of a high rise building in Ft Worth, Texas. In the event of a flood or some other catastrophe, this location could be destroyed and since the backups are stored locally then there is little that could be recovered. The author expects that the hosting company may store monthly backup to another site but the representatives of the company did not confirm this as a fact. The original cost of the hosting service was approximately $500.00/month and due to expansion plus added backup services has increased to approximately $950.00/month.

EnterHost site is located at:

801 Cherry Street

Ste. LLG50, Unit 3

Ft. Worth, TX 76102

EnterHost’s direct providers are:

x ST&T (SBC)

x Alpheus Communications

x Grande Networks.

EnterHost has chosen as mix of carriers that offer direct connections to Level3:

x Sprint

x AT&T

x Time Warner

x Global Crossing

x Quest

x Savvis

x AboveNet.

In addition, EnterHost employs BGP flow control devices, which perform outbound load balancing and route optimization.

Emergency Standby Power is supplied by a Caterpillar 1.25 megawatt generator is located on site to provide emergency power.

Hardware There are two Virtual Machines used to provide the UKnight.org Web Site services. The VM’s are running on a DELL Blade Server Cluster with DELL Shared Storage Servers.

These machines are configured as follows:

Description 2014 Virtual Machine 1

2015 Virtual Machine 1



Purpose Microsoft Internet Information Server

Microsoft Internet Information Server

Microsoft SQl Server – Web

Microsoft SQl Server – Standard



Description 2014 Virtual Machine 1




(IIS) (IIS) Edition Edition

Processor 2 vCPU’s 4 vCPU’s 2 vCPU’s 3 vCPU’s

Machine Memory 2 GB Ram 4 GB Ram 2 GB Ram 4 GB Ram

Primary Disc Partition 100 GB 100 GB 50 GB 70 GB

Additional Disc partition

50 GB 50 GB - -

Operating System Windows 2008 R2 Standard

Windows 2008 R2 Standard



Anti-Virus Software Sophos Sophos Sophos Sophos

Firewall template Cisco Firewall Service Template

Cisco Firewall Service Template



Monitoring The only monitoring of the web site is provided by the EnterHost (hosting company) and it uses IPMonitor, which basically provides Up/Down monitoring of machines and major application services such as MS SQL Server and only sends an email alert should a failure occur. This does not provide detail statistics of disc usage, vCPU usage by application or network throughput and is therefore not very useful to UKnight for maintaining their services.

EnterHost client support staff is only available 06:00 until 24:00 during weekdays and on call service with a 2 hour response time during weekends. UKnight is dissatisfied with the lack of around the clock services to provide software updates (OS and operating software) during low demand periods, which has been determined to be after midnight and before 06:00.

Disaster Recovery Site The deployment of a Development Site, Staging/Testing Site, Disaster Recovery Site and a Production Site type of Infrastructure have not been considered by UKnight at this time. They only have a development machine with remote backup and the production environment supported by EnterHost. There is no disaster recovery site available and UKnight do not plan to provide this service at this time due to the added costs of duplicate hardware.

Backing up the systems The hosting company (Enterhost) provides daily (seven circular backups) backups of the virtual machines on to a network drive. The backup process currently used for backing up the machines is quite satisfactory for the Operating System and static files.



However, it was determined that EnterHost was utilizing the same technique for the database. The database uses many files and file systems that are in various stages of being updated and therefore, the backup created would not be capable of restoring the database to its original running condition. This condition was presented to UKnight in the last report and they have changed their procedures as follows:

x The database is backed up nightly as a scheduled SQL Agent Backup event x An additional task in the Windows scheduler will execute a Ctera Cloud operation to

store the backup file in an external cloud. In summary, the backup files stored locally and on an external cloud. Thus providing a high level of timely recovery.



Suggested Improvements During the original investigation, it was the authors opinion that the current UKnight site could operate for another six (6) months without a high risk of load failure. The projections have proven to be accurate and UKnight has taken the initiative to increase the storage and number of vCPU’s assigned to their servers. These actions have enabled them to continue operations with a minimal risk of failure. However, it could fail for many other reasons and the only saving grace are the following facts:

x The UKnight site was developed by basically one developer and one tester.

x It is supporting only a small proportion of the total KOFC groups.

x The current growth rate of Councils has not stressed the system but there has been a need to increase the vCPU’s, memory and storage. However, a large increase in the customer base could cause the failure rate to increase.

x The small number of sites that need direct help is not alarmingly high and therefore, the current staff is capable of providing support, but a large increase in the customer base could cause serious support issues.

As the number of sites increase the load on the system and staff will also increase and could result in many types of failures including:

x Unhappy KOFC members whose information is not current.

x Unhappy Council, District Deputies, etc., not being able to obtain support on a timely basis.

x Unhappy users who cannot access the site since it has failed.

The expected failures could be a result of:

x The number of Virtual Servers available to handle the load

x Insufficient staff levels

x Limited Environments to support the loads

x A lack of a Development, Staging and Test Environments

x No code release control facility

x A lack of standard operating procedures

There are a number of immediate improvements that could be made to reduce the possibility of failures and generally improve the practicality of the site:

x There are very few Database Tables, that contain an Index and the most obvious and pressing are the *Event* tables, since they will grow quickly and Indexing the date will reduce the search time. This has not been implemented since there are no known performance issues that have been identified.



x Upon reviewing the Database tables it seems that each ASP page has a database table and in some cases more than one. The database needs to be normalized to reduce the number of tables that are opened and to reduce the duplication of data. It has been determined that there is very little duplication of data and therefore there has not been an immediate need for normalization at this stage. When the database is moved to the proposed hosting company the database should be reviewed for indexing, normalization and refreshed.

x The overall design of the Pages could be improved to offer more flexibility for layout of the dynamic content. This has not been a priority since UKnight has been focused on adding functionality and there have been very few requests for changes.

x The Administrative Login should be changed to use a password instead of the members Date of Birth (DOB). It is the recommendation for UKnight to use a password strength meter on the password change page.

x While the UKnight site contains very explicit instructions for Admin’s to update their specific site, a quick review of the sites shows that there is very little dynamic material being displayed. It was originally recommended that a training course should be offered on a monthly basis. In the fourth quarter of 2014 UKnight offered WebEx sessions to the District Deputies with one session per week for three weeks District Deputy Portal operations. This included some minimal council admin functionality. Plans are in process for July 2015 to provide WebEx sessions for District Deputies and to have additional sessions to address Council Admin operations. These services will be offered to assist in the reduction of potential support calls.

x The whole site needs to be documented together with the links to the database tables to reduce the overall complexity. This lack of documentation will cause the migration to another platform to be more difficult since the interpretation of the existing code base will be at assigned to the developer.

NB: In the previous report the author requested a survey of the KOFC Membership and Field Staff to determine the suitability of the site for all KOFC Members and Field Staff. It is the authors understanding that such a survey has been completed.

Staffing The original report stated that the limited staff at UKnight could lead to lost sales and unhappy customers due to all of the responsibility for Development, Customer Support and Operations relying on a very small staff of full time staff, part time staff and volunteers.

It was proposed that the staff should be increased to at least the following minimum level for Technology Support:

x (1) Site and Release Control Manager

x (1) Microsoft Certified Database Administrator

x (1) Microsoft Certified Developer with Security experience

x (1) Website Graphics Designer

The report outlined the expected budget for the additional Technology staff listed above is approximately $270k/year excluding any company benefits.



The report also recommended that the staff should be increased to at least the following minimum level for Customer Support:

x (3) Training and Site Support

x (3) Help Desk Administrators

x (1) Market Center Manager

The expected budget for the additional Customer Support staff listed above is approximately $115k/year to $315k/year excluding any company benefits.

The above proposal was based on growth rates presented at the time of preparing the report and shown in the Pro-Forma Financial Operating Forecast below. The growth rate at that time was projected to be:

Projected

Description 2013 Actual 2014 2015 2016

Total KofC Councils in USA & Canada & Involved in Insurance

10,000 10,000 10,000 10,000

Rate of Participation 2.9% 26.6% 40.0% 60.0%

Total Participating Councils 294 2,660 4,000 6,000

Council Web Site Revenue $150 $44,100 $399,000 $600,000 $900,000

Total General Agents 130 130 130 130


Total Participating General Agents 55 98 104 111

General Agents Website Revenue $300 $16,500 $29,250 $31,200 $33,150

Total Field Agents 1,200 1,200 1,200 1,200

Total Field Agents in Participating Agencies 110 900 960 1,020


Total Participating Field Agents 55 675 768 816

Field Agent Web Site Revenue $300 $16,500 $202,500 $230,400 $244,800

Total Gross Revenue $77,100 $630,750 $861,600 $1,177,950

Based on the current sales numbers at June 2015 the table shown below has a projection of UKnight income. It may not be 100% accurate but it does reflect the projected income based on the 2015 numbers presented to the author during the investigation and the 2016 numbers were taken from the UKnight proposal dated June 12, 2015:





2016 Projected by UKnight





Totals 896 $167,550.00 4,028 $683,400.00

It can be seen from a comparison of the above tables that the UKnight projections are not being attained and there is not sufficient revenue to support the increases in staffing levels that are really needed to support the operation.

The major focus of UKnight should be to increase the sales by a concentrated effort to encourage the Council’s to use UKnight and only after a level of around $700k can the UKnight operation sustain the increased staffing.

The UKnight Financial Projections are shown in Appendix B & UKnight Expense Projections are shown in Appendix C.

Software The current software is very limited and consists of basically three components:

x Microsoft IIS Application Server

x Microsoft IIS Web Server

x Microsoft SQL Server

The UKnight site is totally reliant on EnterHost to provide security and maintenance support such as backups and Operating System updates.

Additional software needs to be added as follows:

x Monitoring Software for performance and status of the Web, Application and Database Servers is required to ensure that they are functioning at their optimal levels and to alert when there is software code issues or increased CPU usage or server failure, etc. In addition, the monitoring system should be capable of gathering statistics about the running system/services and prepare a daily report. Email notification should be provided to the UKnight Staff and the EnterHost NOC. ManageEngine also provides professional level monitoring software that is cost effective and will provide all of the features that are needed to operate the Web Site efficiently.

x System monitoring software is required to monitor the Operating Systems for such things as disc usage and server performance. The only monitoring software available currently is from EnterHost and it only provides a basic Application/System Up or Down. It does not provide detailed performance statistics that a running site needs to ensure that it is in compliance with its ELA. Email notification should be provided to the UKnight Staff and the EnterHost NOC. The ManageEngine software mentioned above can also monitor the OS.



x Secure FTP or a Secure Web Service should be established between KOFC and UKnight for the transfer of all Member Management updates.

x A database loading process needs to be created to control the updates from KOFC to the UKnight database. This process should be capable of providing a list of the updates that were applied by Council, Chapter, etc., to ensure that the Admin’s responsible for their group is notified of the updates for verification.

x The Administrator credentials are currently stored in the MS SQL database and ideally they should be storing in Microsoft Active Directory or OpenLDAP to provide a higher level of security. This implies that a MS Active Directory Server or OpenLDAP Server is required. The EnterHost diagram (provided by EnterHost) shows two Active Directory Servers but the Web Site code in the ASP’s have not been changed to utilize that service.

x A content management system is required to control the release of Web Page and code updates. The current method is to make the changes to the live Production Site.

x The last report requested that MS SQL Server should be updated to the current version in order to maintain the latest security patches, improved performance enhancements, maintain support for current versions from Microsoft and have access to the latest development tools. However, some features were deprecated in the upgraded version that the ASP’s require and therefore UKnight cannot upgrade without code changes.

x The last report suggested that a Media server is required to provide Flash, video and audio content that is under the control of UKnight. The current policy of UKnight is to provide only a link to the location (YouTube or some other video site) of the video source and therefore they do not require additional servers to support video streaming.

ASP The UKnight site consists of many code pages written in Microsoft ASP (the original limited language for designing and developing web pages) and is therefore limited in scope and capabilities.

UKnight agrees that the current Web Site implementation in Microsoft ASP’s will not be sufficient to enable them to expand the offerings and scale to higher levels.

They are considering either a migration (using a vendor) to JAVA Server Pages (JSP’s) or a complete redesign and rewrite in a Java based development platform. UKnight is currently investigating the cost to migrate and should have some answers by the end of June.

The author, worked with the IDI Team to review the UKnight Web Site and develop an estimate for a redesign, rewrite in a modern development platform, testing and deployment to the infrastructure. In addition, another vendor was approached and given the same parameters provided estimates as follows:

x Ranges between 30K and 50K for the redesign

x Ranges between 200K to 320K for coding, testing, documentation and deployment



x Utilizing existing Portal Service Offering, the cost could be dramatically reduced and would really be focused on redesign and styling of the site. There are a number of vendors offering off the shelf portals with customization/configuration tools that would enable rapid deployment at a fraction of the cost of coding. Additional investigation would be required to ensure that this type of service could support the potential number of users and groups. One of the most popular portals is Liferay (www.liferay.com).

Moving to a modern Java Development Platform also implies that there will be a need to changes in the hardware and supporting software infrastructure to suite the selected platform. There are multiple options when considering implementation that are not dependent upon Microsoft and vendors such as IBM and Red Hat are professional organizations with solid track records of delivering OS’s and Supporting Software (Web Servers, Application Servers, Database Servers, Security Servers, Monitoring Software, etc.).

The IBM route offers solid and reliable software and services that are proven in their field but are on the high side with a focus on Large Enterprises where a licensing and then support pricing model is offered.

The Red Hat offering is a subscription model for Software Support only and is at a much lower pricing model. This is not to say that the products are any less suitable for the Enterprise but the pricing model is just different. Red Hat takes the Community produced software, evaluates it, tests it in their own laboratories and packages it with patches ready for customers to install and deploy.

The Red Hat offerings are originally produced by a Community of developers that provide their services free. This is an alternative route and the software is free to use but it will require skilled user staff to build the kits and monitor the community for patches as they become available.

UKnight has indicated a desire to pursue the Red Hat route for future implementations and will probably use the Community versions for their initial development and testing. This is a reasonable strategy but they should switch to the Red Hat service when they go into to production in order to get the OS and software patches quickly.

It should also be noted that EnterHost is primarily Microsoft product based and they may have limited offering for a Linux based OS. UKnight are considering RackSpace as there preferred vendor and RackSpace has multiple OS offering and are a National Service company.

Database The current database schema consists of 194 tables that in some cases have a single Index. There are approximately 121 ASP web pages (there are probably additional pages that I have not discovered) which indicates an almost one ASP per database table. While this approach may be satisfactory during the initial development phase it cannot be continued as the number of open tables will eventually have a major impact on the performance of the database and memory utilization of the server. During one of the meeting, it was disclosed that the developer was adding another five (5) tables to provide support for a new feature. There are a number of other areas where the database needs improvement as follows:

x There are very few Database Tables that contain an Index and the most obvious and pressing are the *Event* tables, since they will grow quickly and Indexing the date will reduce the search time.


http://www.liferay.com/


x Upon reviewing the Database tables, it seems that each ASP page has a database table and in some cases more than one. The database needs to be normalized to reduce the number of tables that are opened for better memory utilization, faster response and to reduce the duplication of data.

x The Admin User credentials should be removed from the database and implemented using Microsoft Active Directory Server or OpenLDAP.

x The dynamic content that are files (videos, pdf’s, etc.) are stored on the same disc drive as the database and this need to be separated to reduce the disc spindle usage for access. A disc should be uniquely allocated to the database for optimal performance.

x The dynamic content that refers to video files normally contains a link to an external media server such as www.youtube.com. While the current method avoids the need for UKnight to support a media server there are some risks associated with this decision. Since the content is external, UKnight does not have any control over this actual content and the content could easily be changed by the media provider without notice. Even, worse the content could be dramatically changed to be material unsuitable for the UKnight site. UKnight need to obtain a media server for their own specific usage and to provide control over the content.

x The overall design of the Pages could be improved to offer more flexibility for layout of the dynamic content.

x The whole site needs to be documented together with the referential links to the database tables.

x The overall complexity of the database design needs to be reviewed to reduce the number of tables, consolidate the information and provide additional features.

x A procedure is required to compress and re-index the database on a weekly basis.

x A database Administrator is required to review the database integrity, performance and logged errors on a daily basis.

As mentioned earlier, UKnight is considering moving from Microsoft ASP to a JAVA based development platform and while the Microsoft SQL Server could be used as the database for the new platform, its organization and structure will probably not be suitable. It would be much better to design the database structure in concert with the new site and utilize a modern scalable and fast database like MySQL (owned and supported by Oracle) or MariaBD which is part of the Red Hat Enterprise Linux Operating System.

Security Securing the UKnight site consists of a number of areas including network security at the Hosting Company for Intrusion Detection, Firewall port protection and virus protection. However, there are a number of additional areas that need to be addressed as follows:

x The Administrator Logins should be implemented using HTPPS which will avoid having the members credentials sent to the site in clear text. It is the authors understanding that UKnight has a server Certificate that could be used for this service.

x The Administrator Logins should use the same KOFC Member credentials as required by the KOFC site to reduce the need for additional member ID’s and passwords.


http://www.youtube.com/


x Single Sign On is not required for the majority of the users of the site since they only browse the site. It would be useful to have a SSO service for the users that are Administrators to the UKnight site to reduce the number of credentials that they have to maintain. Otherwise, the SSO service does not offer any additional benefit.

x The Members credentials should be stored in a Microsoft Active Directory Server of OpenLDAP Server to ensure maximum security. They are currently stored in clear text in the MS SQL Server.

x Denial Of Service (DOS) attacks or SQL Injection or other types of attack could still be perpetrated on the site and therefore, the site needs to be hardened.

x The session timeout for regular users and Administrative User’s needs to be reviewed and Best Practices timeouts applied since these could lead to limiting the number of simultaneous users that can be supported by the site.

Single Sign On Services The current UKnight Web Site only requires the Administrative Users to login since the site is not specific to a user. The Administrators log into the site using their KOFC Membership number and in some cases a password while in other cases a password and their Date of Birth.

It would be a great feature to enable a Single Sign On capability for the Administrative Users to login using their KOFC credentials, but that could be the only advantage. This is a decision for the KOFC management.

Infrastructure Currently, there is only one environment, which is used for Production. There is no real Development or Staging or Testing Environments. The lack of the other environments and standard operating procedures presents a large risk for site failure that could cause the site to be out for an extended period.

The author has identified a number of issues that need to be addressed if the site is to be expanded and promoted:

x The current Web Site does not have any capability for load balancing or failover in the event of excessive loads or system failure.

x Backup of the MS SQL Server database were not true backups of the data but simply open file backups that cannot be restored. The author suggested using the Microsoft SQL Server Backup Tools to provide a backup that could be restored and UKnight has adopted and implemented this method.

Production Environment The current site has only two machines with limited disc storage and it does not have the capability for failover or load balancing. A number of proposed implementations were suggested by the author to UKnight and EnterHost.



The redundant Server Proposal from EnterHost was never implemented due to cost, the work required to set up two SQL Servers and the ability to integrate the Authentication Services into the Microsoft ASP’s and interface with the Active Directory Server.

UKnight is considering expanding the Production Environment in line with new sales projections and also considering another Hosting Company due to increased costs, an uncompetitive support program, higher costs for upgrades, supporting Microsoft OS’s and a uncompetitive pricing structure, UKnight is considering switching to RackSpace which is a National Hosting company. RackSpace offers improved services and is very competitive in all areas plus they are not limited to supporting only Microsoft OS’s.

No specific date has been set for a move from EnterHost to RackSpace but UKnight is very anxious to move in order to obtain a higher service level.

RackSpace estimated the hardware and software required for four strata’s of Council sales levels is as follows:

1,500 Councils: Managed Cloud – Approximately $1,741/Month x 1 x 15 GB RAM SQL DataBase Server with 4 vCPUs and 150GB storage

x SQL Server 2008 R2 on Windows Server 2008 R2

x 3 x 4 GB Webservers, each with 80GB Storage and 4vCPUs

x Windows Server 2008 R2 running IIS7

x 1 x Cloud Load Balancer

x Back-up agents; as much storage as necessary

x 100 GB Additional Block Storage; expanded as demand requires

x Level 2 Full Management

3,000 Councils: Managed Cloud – Approximately $2,000/Month x 1 x 15 GB RAM Database server with 4 vCPUs and 150GB storage

x Red Hat Linux running MariaDB

x 3 x 4 GB Webserver each with 4vCPUs and 80GB Storage

x Red Hat Linux running Jboss EAP


x Back-up agents with 100GB storage (can add more)

x 700 GB of additional block storage.

5,000 Councils: Managed Cloud – Approximately $2,500/Month x 1 x 30 GB RAM Database server with 4 vCPUs and 150GB storage


x 5 x 4 GB Webserver each with 4vCPUs and 80GB Storage





x Back-up agents with 100GB storage (can add more)

x 2TB of additional block storage.

10,000 Councils: Managed Cloud – Approximately $5,600/Month x 1 x 60GB RAM Database Server with 4 vCPUs and 150GB storage


x 10 x 4 GB Webservers each with 80GB Storage and 4vCPUs



x Back-up agents; as much storage as necessary

x 10TB of Additional Block Storage; expanded as demand requires

x Level 2 Full Management

Additional Recommendations During the investigation, there were a number of procedures and upgrades were identified that will need to be implemented irrespective of the site design or hosting company selected:

x A procedure for validating the dynamic content prior to release to the Production Environment needs to be implemented.

x Advertising content including videos, images and text needs to be pre-screened prior to release to the Web Site. This will require a UKnight Staff member to undertake this task.

x A repository of Advertising content needs to be created to enable the UKnight staff to monitor and control the release plus account for the income from the advertisers. It is planned that 50% of the advertising income will be shared with the UKnight groups that participate.

x The technology staff will need to be employed prior to the roll out of the New Production Environment to ensure that they are fully trained on how to maintain and manage the site.

x The Customer support staff will need to be employed and trained prior to the roll out of the New Production Environment to ensure that they have the knowledge to answer questions and provide advice to the UKnight customers.

x The Knight site is in need of being documented for:

o Backup & Recovery procedures

o Startup and Shutdown Procedures

o User Acceptance Test Plan needs to be created



o Site Certificate Management

o Release Control Procedures

o Development Methodology

o All aspects of Security and deployment methods including Web Site Hardening

o Download and Upload Procedures

o ASP code page documentation

o Database Schema and normalized tables

o Advertising Guidelines for Advertiser, UKnight Staff and customers to ensure that fairness, quality and appropriateness to the organization is maintained.

o The procedures and accounting practices need to be defined and documented with the appropriate contracts to ensure that the participating customers are remunerated accordingly.

o A contract between KOFC and UKnight is signed to ensure that UKnight can grow and expand the business with the quality that is expected from KOFC.

System Backup The diagram shown above has a Network Backup capability and that will enable the whole environment to be backed up to a network storage device. The database is located on a SAN and shred between the two MS SQL Servers. The author has requested that UKnight provide a daily procedure for a standard MS SQL Database Backup that will be data stamped and stored on separate storage area.

Staging and/or Testing Environment Currently, UKnight topography does not include a Staging or Testing Environment and this need to be corrected in concert with the creation of the new production environment.

Development Environment Currently Development is conducted on the live production site. This offers a high risk of site failure and accidental release of unapproved enhancements or features.

A Development Environment together with a Code Management or Release Control system needs to be implemented ASAP since the OS and supporting products are being updated without consideration and testing to the code under development.

Operating Expenses The UKnight Pro-forma Financials Operating Expenses shown below reflect a total income of approximately $77k in 2013 and with support is expected to be $830k in 2014. The majority of the expected growth and income is derived from increasing the number of signed Councils from 294 in 2013 to 2,660 in 2014.



It may not be possible to reach a 25% signup in 2014, but this is more likely to be achieved in 2015 based on the current signup rate. It will also take some time to implement the staffing and support services required and therefore 2015 is a more realistic date.

However, adoption and support from the KOFC Supreme Council would go a long way in encouraging the Council’s and other groups to sign up for this service.



2016 Projected by

UKnight





Totals 896 $167,550.00 4,028 $683,400.00

The current Web Site Environment is very limited and will be able to support the current growth rate for another six to nine (6-9) months without a serious or noticeable drop in performance and availability. A new environment needs to be implemented that will support the expected growth and provide additional services. The current site costs UKnight approximately $6k per year and the new site is expected to cost $72k per year. This is a good indicator of the limited nature of the current site and the risk that it represents.

The UKnight operation has been functioning with one developer to provide design, development, coding new features, maintaining the operations of the site with the Hosting Company, working with the KOFC groups to determine their specific needs and generally running the operations on a part time basis. The developer has done a very good job but now we need to bring in staff that can assist him to bring the site to a high level of availability and professionalism. The cost of the additional technical staff is forecast to be approximately $270k/year.

As the number of KOFC groups increases their adoption of the UKnight site, there will be a need for customer support. The current web site offers many “How To” information but as the number of adopters grows so with it the need for direct support. The projection for customer support staff is expected to be approximately $155k/year to $315k/year in 2016.

It is the authors recommendation that the KOFC provide financial support to UKnight for a period of one to two (1-2) years based on the adoption of Councils and other groups. The support could be defined to be fixed sum or linked to sliding scale related to unsigned Councils.



Summary UKnight have revealed their plans and while they are ambitious they will require a significant increase in staff and a corresponding large increase in sales growth in order to sustain the profitability of UKnight. However, their financial plans do not show significant increases in staffing levels.

The Web Site needs to be reviewed in detail to provide a stable, hardened and professional infrastructure that can support the operation. Migrating from APS’s to JSP’s might make it easier to with the KOFC Infrastructure and might improve the options for security but without a normalized database the prospects of a stable platform that can sustain the growth projected by UKnight is not likely.

The last report concluded that UKnight must change the Login pages from HTTP to HTTPS (Secure Socket Layer and use a Certificate). They did make this change but never changed the manner in which passwords were stored. The method used to store User Credentials needs to be changed to utilize a Directory Server rather than storing them (in plain text) in the same database as all other data and parameters.

UKnight has proposed three options for establishing a relationship with The Knights of Columbus as follows:

x Option 1: An annual fee of $3,000,000 for UKnight to continue to own and operate the service.

This option does not make good business sense unless KOFC had significant ownership and a seat on the board of UKnight since UKnight would have income of $3mm/year plus their own sales and would be able to run their company. Of course it is understood that there would have to be a contract that had performance clauses and other language to cover situations that could cause embarrassment to KOFC and enable KOFC to have some input to the running and programs being offered by UKnight. I am not sure that this option is of value to KOFC as stated.

x Option 2: Dark Site Activation costing $36/Dark Site/Year which would be around $468,000/yr decreasing as the sites become live.

x Option 3: KOFC to acknowledge UKnight as an authorized vendor.

This option would cause a direct connection between KOFC and UKnight, while KOFC would not be able to effect or influence the direction of UKnight. There is implied liability and although there could be legal language created to cover most situations, there could be situations that could cause embarrassment to KOFC. As stated not a very good option.

On review of the financials provided by UKnight show an aggressive sales growth in attaining Councils as customers and promoting site advertising while not having any formal relationship with KOFC. There are a number of options that could be proposed by KOFC:

x No change in the relationship since UKnight is projecting total revenue of $684k with a Net Profit of $123k in 2016 with 3,500 paid Councils, 100 General Agents and 428 Field Agents under contract. So, why should KOFC become involved and have implied liability when UKnight seems financially sound (these are their numbers) and does not need KOFC involvement.



x Make a counter offer to buy a majority position in UKnight or buy them out completely and replace the management team with a team selected by KOFC. This would provide:

o A high comfort level for KOFC since the team would be directly responsible for their actions

o It will be easier to attain new customers since the company will be directly connected to KOFC

o It will not be profit driven (although this does not preclude them from making a profit)

o It will be able to maintain a high level of integrity for the materials that are shown on the site(s).



Appendix A – Sample Pages

Review of the Home pages When a visitor connects to the UKnight.org site with their browser they are greeted with a Home page that is promoting the UKnight site.

Home page



The upper center section of the Home page contains a video on Father McGivney, a brief history of how KOFC was founded, how it has grown over the years, how UKnight might be able to assist the various KOFC groups to promote their organization and communication to their members.

Council Site Feature List Just below the video pane is a dark blue button titled, “UKnight Council Site Features List”. This button will create a popup window that has 11 pages of why a Council should use UKnight and how it can benefit them.



Get Started Now Immediately below the dark blue button is a cyan colored button titled, “GET STARTED NOW Click here to activate your UKnight Council”. This activates a popup illustrated below:

To the right of the video column is a column that contains a list of the KOFC groups with each group name selectable and providing information on how the UKnight site can assist each KOFC Membership group, such as; Councils, Assemblies, Chapter, State Councils, District Deputies, General Agents and Field Agents to:

x Attract New Members x Improve Membership Retention x Streamline Reports & Communications x Support Council Members and Events x Maximize Council Fundraising

Below are a number of sample pages to assisting the various areas with training materials:

x How to Build your UKnight Interactive “Council” - First Steps. x How to Build your UKnight Interactive “Assemblies” - First Steps. x How to Build your UKnight Interactive “District Deputies” - First Steps. x How to Build your UKnight Interactive “General Agents” - First Steps. x How to Build your UKnight Interactive “Field Agents” - First Steps.



Excerpts from the Council Presentation This Council Presentation document contains 243 pages that present a look into the workings of the UKnight Council site.



Excerpts from How to Set up Your Council Site Once the payment process for a Council site is complete, the first site administrator is assigned and logs in to the Council Admin Center. There is a button that pops up a pdf file with instructions about how to set up your Council site for the first time.



The six steps necessary to set up your Council site for the first time



Excerpts from the General Agents Setup Guide



Excerpts from the Field Agents Setup Guide



Excerpts from the District Deputy Features & Benefits Guide



Excerpts from the UKnight Market Center Guide



Header of Home Page There are many other useful features that are available to the Councils which can be explored by visiting the site. The author wishes to highlight a few to provide a summary of the capabilities of the UKnight site.

In the top section of the home page there is an entry box titled, “GO DIRECTLY TO YOU COUNCIL’S UKNIGHT SITE” and requesting a Council # as shown below:

Entering a Council number (i.e. 9299) displays the Home Page for Council # 9299, Father James J Gillespie, Arlington, TX, as shown below:

Top Section of the 9299 Council home page:



This page is quite large and therefore it has been split into two sections to enable viewing. The first thing to notice is header section which contains the basic Council information and a small area titled; “Featured Council Merchants”. This is an advertising area where the Council can sell space and obtain some revenue.

Immediately below the advertising section is a button titled; “ALL OUR COUNCIL MERCHANTS” which in some cases provided a more detailed list of the merchants that are advertising on the Council site.

Bottom Section of the 9299 Council home page:



Visitors to the site are not required to login with the exception of the Administrative users for the purpose of adding new members, updating member contact information and site maintenance (such as; adding dynamic content such as pictures, videos, articles, etc.).

In the illustration above, there is a button on the lower right of the page with the title “ADMIN”. This button enables Member that is authorized to maintain the site, access to the tools that provide the loading of specific content into the site.

The Admin User is required to enter their Membership Number and a Password as illustrated below:

Admin Login Page



In the event that a Member has forgotten their password they can have if automatically emailed to them by entering their Membership Number.

Home Page of the Admin Center



Council Forms There is also a Council Forms button that provides the capability for downloading selected forms as shown below:



Degree Schedule Another very important feature of the Council sites is the “DEGREE SCHEDULE” which can be accessed from the yellow colored bar below the main heading on the Council Home Page. The following is an illustration from the 9299 Council Degree Schedule page.

One of the many extremely useful features of the Degree Schedule page is the capability to obtain more detail on the event including date, time location, purpose and even a Google Map showing the location (see below):


Kni

ghts

of C

olum

bus

59 -

60

Appe

ndix

B -

UK

nigh

t Pro

ject

ed R

even

ues

Cas

e 1:

17-c

v-00

210-

RB

J D

ocum

ent 8

5-2

File

d 10

/10/

17

US

DC

Col

orad

o P

age

59 o

f 60

Kni

ghts

of C

olum

bus

60 -

60

Appe

ndix

c -

UK

nigh

t Pro

ject

ed E

xpen

ses

Cas

e 1:

17-c

v-00

210-

RB

J D

ocum

ent 8

5-2

File

d 10

/10/

17

US

DC

Col

orad

o P

age

60 o

f 60

knights of columbus investigation report on uknight 2 - kinkade report.pdf · appendix a – sample...

Documents