TrueCast

A cost forecasting tool that lives inside Excel and pulls live data from Oracle Fusion / PPM and Aconex.

A short, plain-language look at where TrueCast stands today and the decisions ahead to get it ready to offer to multiple vendors. For each one, I have set out the options and where I would lean.

The picture

A working tool, ready to become a product.

TrueCast already does the hard part: it forecasts project cost and talks to Oracle and Aconex in real time. It was first built for a single customer. The work ahead is less about new features and more about a handful of structural choices that decide how secure it is, how easily customers can install it, and how cleanly the same product can ship to many vendors.

Decision 01

Add-in type

Which technology the product is built on.
Decision 02

How users sign in

The login experience and its security.
Decision 03

Delivery & updates

How customers install and stay current.
Decision 04

Per-vendor setup

Configuration and branding for each customer.

Decision 01

What kind of add-in should TrueCast be?

This is the biggest choice. An Excel add-in can be built three different ways. They differ in how secure they are, how easy they are for a customer's IT team to approve and install, and how much reach they have across Windows, Mac, and the browser.

Where we are today

Excel macro add-in

Logic written in Excel's built-in macro language, shipped as one Excel add-in file.

  • Already built and working
  • Cheapest way to keep moving short term
  • Windows only
  • Macros are increasingly blocked by company security policies
  • Hard to protect credentials and hard to license per customer
Strong near term

Compiled add-in (C#)

The tool rebuilt, fully or in part, as a compiled Windows program that plugs into Excel.

  • Real security, including protected credential storage
  • Code-signed and trusted by IT, professional installer
  • Easier to license and configure per vendor
  • Still Windows only
  • A development effort to migrate, and needs a signing certificate
Strategic option

Office web add-in

The tool rebuilt as a small web app that runs inside Excel on Windows, Mac, and the browser.

  • Works everywhere Excel runs, not just Windows
  • Easiest for customer IT to approve, near-zero install
  • Modern secure sign-in, simplest to update for everyone at once
  • The largest rebuild of the three
  • Requires hosting the web side; some deep Oracle interactions need rework
Macro add-inCompiled (C#)Web add-in
Runs onWindowsWindowsWindows, Mac, browser
SecurityWeakStrongStrong
IT approvalHard (macros often blocked)ModerateEasiest
Install experienceCopy a file, trust macrosSigned installerAdd from a catalog
Effort to get thereNone (current)MediumHigh
Long-term outlookDecliningStable (Windows)Microsoft's direction
My lean: a phased path rather than one big bet. Keep the working macro tool running now, move the sensitive parts (sign-in and credentials) onto a signed compiled component first, and treat the web add-in as the longer-term destination once we want the broadest reach. We do not have to commit to the end state to start making it safer and easier to sell.

Decision 02

How should users sign in?

TrueCast signs each user in to Oracle so it can pull their data. How that login works is the single biggest security question, and it shapes whether a customer's IT team will approve the tool at all.

First step: get sign-in working for the first new vendor, Huron — confirm a user can log in end-to-end against their Oracle environment. That proves the connection for the new vendor and is the starting point for the security work below.
Today

Built-in browser popup

A login window opens inside Excel using older browser technology.

  • No extra components to ship
  • Relies on Internet Explorer technology Microsoft is retiring
  • Needs hardening before it is ready to ship to vendors
Good interim

Device-code sign-in

The user gets a short code and approves the login in their normal browser.

  • No dependence on retiring browser technology
  • More secure, and can stay within the current tool
  • One extra step for the user at login
Recommended destination

Signed sign-in helper

A small, trusted, signed component handles the secure login and hands back only what is needed.

  • Most secure: credentials stay protected by Windows, never written out in the clear
  • The professional, IT-friendly approach
  • A component to build and code-sign

Decision 03

How do customers install it and stay current?

For resale, install has to be smooth and trusted. A file a user copies by hand sets off security warnings and is hard to update. The options range from manual to fully managed by the customer's IT.

Today

Manual file

The user copies the add-in file and tells Excel to trust it.

  • Nothing to build
  • Security warnings and friction
  • No clean way to push updates
Recommended

Signed installer

A proper installer with a trusted certificate, the way commercial software ships.

  • Smooth, trusted install, fewer warnings
  • A clear path to deliver updates
  • Requires a code-signing certificate (a known, modest cost)
For larger customers

Centralized deployment

The customer's IT pushes TrueCast to their users through Microsoft 365.

  • Zero effort for end users
  • Best fit for big rollouts
  • Needs the customer's IT involved

Decision 04

How do we ship the same product to many vendors?

Today, customer-specific settings and names are spread through spreadsheet cells and baked into the tool. To resell cleanly, each vendor's details should live in one place so onboarding a vendor is configuration, not a rebuild.

Today

Baked in

Settings live in cells, and one customer's names are written through the code.

  • Every new vendor means editing the product itself
  • Slower to roll out to each new vendor
Direction

One config per vendor

Each vendor's Oracle and Aconex connection details, IDs, and branding live in a single profile.

  • Same product ships to many customers with no code changes
  • Name, logo, and colors swap per vendor
  • Faster, safer onboarding for each new customer

Putting it together

A recommended path

None of this requires a single big rewrite up front. The sensible order tackles the biggest risk first, then makes the product easy and trustworthy to sell, and keeps the broadest-reach option open for later.

1
Start here, biggest risk

Get sign-in working for the first new vendor (Huron), then secure it

The immediate first step is to stand up single sign-on for the first new vendor, Huron, and confirm the end-to-end login works against their Oracle environment. From there, replace the old browser login and stop exposing tokens. This is the change that turns TrueCast from an internal tool into something defensible to sell.

2
Then, ready to sell

Package, sign, and make it configurable

Ship a signed installer customers and their IT trust, and move each vendor's settings and branding into a single profile so onboarding a new customer is configuration, not development.

3
Later, broadest reach

Evaluate the web add-in

When we want TrueCast to run beyond Windows and install with near-zero friction, begin moving toward the Office web add-in as the long-term platform.

The decisions that need your input first: which add-in type we commit to as the destination, and how far we take security and packaging before the first sale. Everything else follows from those two.