AIR SUPERIORITY

Experience the Advantage

Web Services Best Practices

System Integrity & Security Update
August 1, 2011

OBJECTIVE
Monthly update on web application & platform services hardware & software infrastructure
Whats been done in the month What new issues have been identified Whats left to be done Timeframe

2 | 2011 CalAmp | Company Confidential

HARDWARE INFRASTRUCTURE
Best Practices Co-lo Facility Redundant Power Redundant Network Connection Redundant, Load Balanced Servers Clustered Database Storage PULS ABE 1 COLT

Whats Been Done This Month

COLT Load Balanced Web and COMM servers in test. COLT updated to utilize Clustered Read Only Servers(6/15). Beta version of COLT migration tools are ready for test. Working with sales team to pick 1st customers to migrate. PULS proxy server devices that can be migrated have been migrated. Working with customers on their units that talk to the proxy server but Calamp cant reach. Still have 30-50K units checking in daily through the PULS proxy server.

Newly Identified Issues

None

Whats Left to Be Done

Green - In Place Yellow - Scheduled, < 90 Days Away Red - Scheduled,> 90 Days Away Black Not Planned

Test and re-configure to optimize COLT Load Balanced Web and COMM servers. Migrate ABE 1 customers to COLT Implement redundant PULS server & clustered database in the upcoming PULS 2 system

3 | 2011 CalAmp | Company Confidential

PERFORMANCE & SCALABILITY

Whats Been Done This Month
Best Practices Built on Web Server Stack that is Supported by Cloud Computing Virtualized Servers Multi-Server Architecture with Load Balancing Database Replication to Distribute Queries Automatic DB Table Thinning when DB Table Size Monitor goes above its limit Scalable Architecture to Support Planned User Growth PULS ABE 1 COLT

Manually thinning ABE 1 database on a regular basis to maintain performance Active Monitor for ABE 1 device command performance
PULS 2.0 is in active development. PULS is using Virtualized Servers for the PULS 2.0 project.

Newly Identified Issues

None.

Whats Left to Be Done

Implement auto thinning for COLT DB tables that grow too large (oldest data archived off the server) Migrate ABE 1 customers to COLT Move PULS to virtualized servers (PULS 2.0) Replicate the PULS databases (after PULS 2.0 release)

Green - In Place Yellow - Scheduled, < 90 Days Away Red - Scheduled,> 90 Days Away Black Not Planned

4 | 2011 CalAmp | Company Confidential

SYSTEM RELIABILITY
Best Practices Documented 99% Service Level Agreements (SLAs) Monitor Server CPU Usage Monitor Server Memory Usage Monitor Disk Usage Monitor Network Throughput Monitor Each Application Function Monitor Log Files Monitor Web Traffic for Excessive Requests from IP Ranges Monitor Database Growth Web Analytics to Monitor Usage Behaviors LMU Communication PULS ABE 1 COLT

Whats Been Done This Month

SLA completed. PULs functional and log file monitoring in place.

Newly Identified Issues

None

Whats Left to Be Done

Upgrade automated reporting to include the metrics agreed to in the COLT SLAs. Design LMU Communication Monitoring and Reporting Automate the analysis of LMU network status on COLT Add Google Analytics to COLT; not required for PULS

Green - In Place Yellow - Scheduled, < 90 Days Away Red - Scheduled,> 90 Days Away Black Not Planned

5 | 2011 CalAmp | Company Confidential

UNPLANNED SYSTEM OUTAGES JUNE & JULY 2011

COLT 6/24/11 : 45 minute outage during a Denial of Service (DOS) attack PULS None Reported ABE 1.0 None Reported

6 | 2011 CalAmp | Company Confidential

SECURITY
Whats Been Done This Month
Best Practices Firewalls SSL used for all logins User Account & Login Management Detect Machine/Computer Attempts at Login Captcha (computer detect) Security Scanning Regular Operating System Security Patches Regular Application Security Upgrades PULS ABE 1 COLT Security Audit by Neohapsis completed for the COLT environment. DEI validated their handset upgrades with COLTs repeated-failed=loginlocking, Sesstion Timeout and mandatory SSL. Features will be released by 8/1.

Newly Identified Issues

12 COLT security vulnerabilities identified by Neohapsis. These vulnerabilities will be closed in COLT v4.0 (due early Sept). Secure the communication traffic between LMU and servers.

Whats Left to Be Done

Implement long term security maintenance processes (security is a moving target due to continuous software development by CalAmp, our software providers & the hacker community) Implement license agreements for COLT & PULS that restrict decompiling communications Developer coding-for-security training. Analyze LMU SMS and Server communication encryption. Implement processes for on-going security upgrades: COLT/PULS security patches, O/S upgrades

Physical Data Center Security

Green - In Place Yellow - Scheduled, < 90 Days Away Red - Scheduled,> 90 Days Away Black Not Planned

7 | 2011 CalAmp | Company Confidential

DISASTER RECOVERY
Whats Been Done This Month
Best Practices Load Balanced Server Failover Geographically Distributed Co-Lo Facilities (Facility Backup) Daily Server Backups Offsite Storage for Server Backups Own the IPs used in MRM Device Communication (for re-pointing to new facility) PULS ABE 1 COLT IS worked with offshore Co-Lo facilities to architect mandatory Carrier VPN tunnels In test on Load Balanced Failover servers All MRM units under Calamp control have been migrated to new PULs DNS. Working with customers to migrate their individual units.

Newly Identified Issues

None

Whats Left to Be Done

Load balance COLT servers to support failover Continuous monitoring of MRM units that phone-home to the old PULs server. Contact each customer as these units are detected.

Green - In Place Yellow - Scheduled, < 90 Days Away Red - Scheduled,> 90 Days Away Black Not Planned

8 | 2011 CalAmp | Company Confidential

SOFTWARE ENGINEERING BEST PRACTICES

Design & Documentation
CTS is moving onto a single Agile SCRUM toolset that will encapsulate our current ECR, Bugzilla, Microsoft Project and QA Spreadsheets. All Design and Requirements documents stored on Sharepoint. CTS SQA lead is on board and setting up our SQA processes. See note above regarding migration to new Agile SCRUM toolset. Both CTS, Chaska and MRM are now using SVN for source control. Development, Staging & Production systems in place for COLT All COLT releases documented & stored on SharePoint PULS Development system is setup. PULs Staging system set up in process. Attending security tradeshows to gain knowledge of latest security threats & coding techniques Establish design practices, on-going developer training , code reviews, test processes

Software Quality Assurance (SQA)

Source Control
Software Release Process Secure Coding

9 | 2011 CalAmp | Company Confidential

VERSIONONE
VersionOne is a cutting edge web-based Project Management tool that supports all phases of software development lifecycle and latest development methodologies such as Scrum, XP, Kanban, AgileUP, and DSDM

10 | 2011 CalAmp | Company Confidential

10

KEY FEATURES IN VERSIONONE

Product Planning - Plan and manage requirements, epics, stories, and goals across multiple projects, products and teams Release Planning - Plan, forecast, and report progress on releases and teams in a simple, drag-and-drop environment. Sprint Planning - Iteratively plan stories, defects, tasks, tests, and impediments in a single, easy-to-use environment Tracking - Track progress painlessly using our interactive Storyboard, Taskboard, Testboard and Burndown charts. Review - Quickly close-out iterations and capture issues and action items from retrospectives in one place. Reporting & Analytics - 50+ pre-packaged agile metrics and reports plus a new custom analytics platform for unparalleled visibility. Test Management - Plan and track acceptance and regression testing activities in the same tool as stories and defects. Open-Source Integration - Open, web services API, Java and .NET SDKs, and free, open-source integration connectors. Product Roadmapping - Create, collaborate and visually communicate product strategy using VersionOnes flexible roadmapping capability.

11 | 2011 CalAmp | Company Confidential

11

12 | 2011 CalAmp | Company Confidential

12

13 | 2011 CalAmp | Company Confidential

13

14 | 2011 CalAmp | Company Confidential

14

SUMMARY
COLT: Focus on continuous performance & security monitoring
Neohapsis audit of COLT is complete. 12 vulnerabilities were indentified and the development team is working to close them in the next COLT release (v4.0). Migrate COLT project management and SQA management onto new Agile toolset (RallyDev or VersionOne). Complete configuration and testing of Web and COMM servers load balancing to support the migrated ABE 1.0 customers Continuously monitor performance & security. Implement upgrades to close issues.

ABE 1: Focus on migration of customers to COLT

Identify ABE 1.0 customers as Beta testers for ABE 1 to COLT migration. ABE 1 health check in place. Health check shows that the average command failure rate is > 30%. Migration to COLT will dramatically improve customer perception with COLTs average command failure rate of 6%.

PULS: Focus is on PULS 2

All PULS performance and reliability efforts are focused on PULS 2 . Completion timeline is Fiscal Q3. PULS1 is in pure maintenance mode. Recommendations from COLT & DEI Security audit will be provided to PULS 2 development team to incorporate into the PULS 2 system.

15 | 2011 CalAmp | Company Confidential

15