The enhancement of Lehman Brothers' LehmanLive portal to enable the delivery of Windows-based applications, all started with an Italian client who was unable to access one over the Internet. The site was originally launched to deliver research and analytics to such clients, but, in this instance, a firewall needed to be altered so Lehman could deliver the application.
However, because the client was in a foreign country and Lehman could not locate an English-speaking firewall administrator, the business was lost. With that frustration, Lehman's Bridget O'Connor set out to find an easier, more efficient way to deliver such Window's-based applications to customers and, ultimately, to employees.
Flash forward about a year to Sept. 11, 2001. O'Connor's desire to deliver applications through a secure Web portal -- now accessible to both internal and external Lehman-enabled users -- has been taken to the next level and proven to be a key disaster-recovery and business-continuity tool.
By extending the portal to employees, the securities firm was able to create a reliable vehicle to exchange information in the event of a disaster. In addition, it was used to distribute applications to employees working from alternative locations -- allowing them to work productively with the necessary tools.
Delivering on her vision to leverage Lehman's e-commerce goals for BCP and DR purposes, O'Connor, who was previously senior vice president and global head of e-commerce technology, has been granted a unique new role. She is now senior vice president global architecture and engineering technology and head of global business-continuity planning. In this role she will continue to leverage the synergies of the e-commerce and DR/BCP groups.
How It all Began
LehmanLive was first developed as a means of consolidating Lehman's numerous Web sites. The goal was to create one central location where clients could access all applications in a uniform way -- whether they were research, analytics, trading, risk management, etc.
In the past, clients had to access several different sites, using different standards and protocols, which all had a different look and feel. "Lehman talks about being one firm, so we decided to have a single Web site for all clients -- equity clients, fixed-income clients, banking clients and private clients," says Bill Pertusi, global head of content in corporate e-commerce at Lehman, who oversees the business side of LehmanLive.
Of course, the task of bringing together the different applications presented a challenge to Pertusi and O'Connor, his technology partner. For one, the sites were very different depending on the financial area -- investment banking, private-client services, equities, etc.
In addition, the applications for research and analytics were housed on various legacy systems and were not easy to consolidate and deliver uniformly.
The challenge for Lehman was figuring out how to deliver existing legacy applications over the Internet, with the fundamental end-user requirements being simple access through a desktop browser, but enough security to ensure the applications did not get into the wrong hands. Hari Gopalkrishnan, vice president of architecture and strategy at Lehman, explains that in order to accomplish this, the highly secure LehmanLive site employs both authorization and authentication technology. Such technology verifies and entitles the user to access specific applications, according to Lehman administrators.
LehmanLive also relies on a secure socket layer 128-bit-encrypted connection for delivery via the Internet.
LehmanLive security extends to "time-outs," which will log off a user in 15 minutes, in case he or she leaves their desk or is not using the site. But the time-outs are also important for managing server resources.
"We were a little aggressive in terms of implementing the time-outs," says O'Connor. "The reason being that at some point (you must weigh) the reality of a little bit of inconvenience versus how much hardware you actually have to implement." In other words, the time-outs are for security purposes, but also allow Lehman to utilize less server equipment by monitoring usage.
Lehman worked with its existing Citrix-server technologies and augmented them with custom internal development to create a technology it calls Tocket, which enables Lehman to deliver Windows and Unix applications over the Web. Gopalkrishnan says that after looking into virtual-private-networking technologies and other ways to deliver applications via the Internet, Lehman decided to enhance LehmanLive by incorporating the Tocket technology internally. He describes what the firm has developed as similar to a virtual-private network "without the heavy desktop footprint," as you don't have to load anything on the PC.
"The basic gist of our first prototype was a facility whereby we could take any arbitrary-legacy protocol, in this case Citrix, and then tunnel it and wrap it in an HTTPS connection so that it could be delivered to any browser," says Gopalkrishnan.
The Tocket environment was built to deliver application information to the end user in a uniform format. The Tocket component acts as the "middleman" and consists of four servers that are connected to about 40 Citrix servers, which centrally configure, manage and deliver the applications.
"The Tocket component is almost like a routing point," explains Gopalkrishnan. "The applications actually sit on the Citrix servers and Tocket talks to the browser using all of the standard Web protocols so the browser thinks it's talking to yet another Web site.
"The Tocket servers take all the requests that are coming in, opens them up and translates them into the form that Citrix likes. It then sends them to the Citrix server and the application sends its response back to the Tocket server, which packages it in a format that's Web friendly and sends it back to the client for use."
Springing into Action
Lehman had been planning to use the LehmanLive site to allow its client's remote access, but the Sept. 11 tragedy struck and the newly enhanced site -- which was not yet in full production -- was quickly transformed into a BCP tool.
Prior to September, LehmanLive had about 50 entitled users, but that number quickly grew into the thousands after the terrorist attacks when Lehman was faced with 6,000 displaced employees and the daunting task of not only contacting them but getting them back to work wherever possible in the following weeks.
"And what we found was that the most ubiquitous connection was the Internet and the universal client was the browser," says O'Connor. "In the days following Sept. 11 we were asking how do you connect 6,000 employees who don't have the same phone number? And better, how do our clients contact us?"
The LehmanLive site was immediately put to the test, with fields added to the site for employees to update information and send messages back.
Once employees were back to work at multiple sites in and around the Manhattan area, the LehmanLive site was once again vital for delivering critical business applications to keep employees productive and the firm on track.
"So what Tocket allowed us to do in a matter of days," says Gopalkrishnan, "was enable those employees to immediately gain access back to their files, gain access to their CRM applications and trading applications and continue working as if nothing had happened."
Down the Road
Moving forward, O'Connor plans to continue her drive toward "business connectivity," by leveraging LehmanLive more closely with business continuity. One area that O'Connor hopes to improve is the LehmanLive contact-information application and the task of gathering and updating that information on a regular basis.
More specifically, she envisions using the LehmanLive portal to allow employees to update profile information as a regular business practice.
"My thoughts are to make it a mandatory part of LehmanLive, on a monthly basis, to present certain information to every employee across the firm," says O'Connor.
She says this information could include home phone numbers, emergency contacts and alternate e-mails. And if an employee doesn't log onto LehmanLive as often or doesn't see the update information, O'Connor would like to present the information when employees log onto their desktops so they can change it. In terms of business-continuity planning, LehmanLive will also have a fully-redundant environment, with the information mirrored to the firm's London location.
Also, as Lehman has been moving back into its buildings, the firm is using the LehmanLive portal to enable employees to access legacy applications rather than re-install those applications on the user desktop. While this was originally a disaster-recovery response, it is now also tied to the business process, enabling employees to work from any location, not solely in the event of a disaster. Gopalkrishnan adds, "All of these things that we're doing or we're laying the foundation for serve multiple purposes, which is where the synergy comes in from proper engineering to deliver business-continuity planning."