Domino, Notes and videotape
Header
External users in IBM Connections

External users in IBM Connections are easy to spot

One of the main reasons for using tools like IBM Connections is that you can share information with a lot of people at the same time, without having to use email. This means that the information is open for everybody who has access to it. This instead of being hidden in someone’s inbox, upon which you have to ask them to forward you a message, a file, a task and so on via an email.

This works very well internally in your organization. It does not help you minimizing email contact with your customers, business partners, suppliers and other people outside your organization. In turn, this often forces you to use email instead of Connections also inside your organization since projects with external partners mostly also involves several internal people.

In IBM Connections 5.0 you can get around this by inviting external users into communities on your IBM Connections server. If you do this, you can share information also with external people, without having to resort to email. Garbriella Davis from The Turtle Partnership gave a very good presentation of this during the ISBG meeting in Larvik.

The first thing on any administrator’s mind is security. What is it that an external user can and cannot do? An external user cannot:

  • See public content
  • Create communities
  • Follow people or add them to their network
  • Search for users
  • See anything under Recommended
  • See the menu selection Profiles
  • See @-mentions
  • See already existing tags (but can add new ones)

An external user can:

  • Only access the community he is invited to
  • Use, edit and share files in the community
  • Post and reply in forums inside the community
  • Comment and like content inside the community
  • Only share files directly with the community, or with users inside the community if he knows the exact email address

Only selected people can create external users and communities for such users. It’s not open for anyone to do this. There are also other issues that must be addressed:

  • How should external users be registered
  • Who should be given the rights to do this
  • What sort of password policy should you enforce
  • Where should the users be registered
    • It’s recommended that you use a separate LDAP-server or a separate branch
  • You should turn off Anonymous user access on all IBM Connections applications
  • Make sure reader is not set to Everyone on any IBM Connections applications
  • Turn off public caching in LotusConnections-config.xml (you should do this anyway!)

You can also set up self registration. This means that you can create a community for external users and then send out invitations to join it. When the external user clicks on the link in the invitation, he’s asked to register. Domino is very good for self registration and there are Xpages based solutions for this.

Other security information:

  • All communities with external users are clearly marked with a huge yellow sign
  • If you share a file with a community with external users via the web version of Connections, you are given a warning
  • If you share a file with a community with external users via one of the plugins you are not given a warning. This means that one should have well established routines around this
  • A community with external users can be converted into an internal community where no external users have access.
  • You cannot take an existing internal community and convert it to an external community, not even if the community is a former external community that was converted to an internal one

Sharing information with external people does have its pitfalls, but I think these pitfalls are far outweighed by all the benefits.

The annual spring meeting in the Norwegian IBM User Group (ISBG) took place in Larvik, at Farris Bad, last week. I will in the coming days present my experiences and thoughts about

Hugutette RancHuguette Ranc, Social Business & Smarter Workforce Unit for Europe – IBM, talked about the strategic cooperation that IBM has with Apple, Facebook, SAP, Weather Channel, Twitter and other media outlets. IBM’s part of this is using Watson as a tool for analyzing the data. This is in turn used to create a better experience for the users, as well as gathering data that the companies use to decide on their future strategies with their tools.

Christopher Crummey, Executive Director of Customer Experience and Evangelism – IBM Enterprise Solutions, then took the stage. He has been working at IBM for over 25 years, and he discussed the soChristopher Crummey called New Way of Working.

He gave us some data about IBM:

  • 80% of IBM-ers do not have their own office
  • IBM has done 110 acquisitions in the past deacde
  • All users can bring their own devices to work, no matter what operating systems they are running
  • IBM has their own app-store and apps are pushed down to your device and computer
  • IBM automatically configures their employees phones, with one click and 6,5 minutes of waiting
  • They do not have phone support. All support is gathered in a community in IBM Connections where people can easily gather it

The fact that the users have a huge influence and control over how they want to work, where they want to work and with what tools, had increased user satisfaction.

Christopher admitted that IBM has never been good at design, and that’s why they partnered up with Apple. They’ve already launched a long list of apps for services like the police, health care and others for the Ipad. Here IBM provides the data and everything working in the background, while Apple provides the user interface. He compared this to building a bathroom:

IBM is the plumber and electrician, while Apple is the decorator.

They use Watson to analyse the big data. This can in turn be used to find out about user behaviour. For instance did a huge analysis of customer data for a phone company find out that it was the weather that was the biggest catalyst for whether a customer switched cell phone provider or not.

How could the weather influence such a decision? Further data analysis would be needed, but it could be down to the fact that a storm cut people from a certain provider off, while another provider was still online. The user would then change provider because of this.

This underlines the importance of staying on top of traffic, user habits, purchases and other activities that generate data.

Using this inside your own company is also a good idea. Make it easy for people to start working, to share ideas and to communicate. It’s especially important that the leaders in an organization leads the way here and invite everybody to start communicating. This will fuel engagement and drive innovation for your employees and users.

Then it was lunch time. Stay tuned for more blog postings about ISBG in the coming days. I will also continue my Whither IBM-series.

Finally I get around to summing up day 2 of the Norwegian IBM User Group’s spring meeting that took place 21st and 22nd of May this year. This was also the day that I would give my presentation about my company’s introduction of IBM Connections, so read on to know about that.

It was a late night for some of us, but thankfully I turned down the invitation for nachspiel, which the German’s from Panagenda finds amusing since the word means something entirely different in their language (and don’t get me started on the German meaning of vorspiel…) so I managed to get up at a reasonable hour. Here’s a short summary of each session during day 2:

Become a Connections Administrator
Gabriella Davis, The Turtle Partnership

Gabriella Davis

Gabriella Davis

Let’s face it: IBM Connections is a bitch to deploy and administer. It takes days to install and it’s very hard to control. At least it’s hard when you have several other assignments at work and can’t devote your full attention to it. So Gabriella Davis’ presentation on how to become a Connections administrator was something I was really looking forward to. Her main points where:

  • Fight for your resources, IBM Connections demands a lot!
  • Have a deployment server
  • You can then choose to have one server for each application in Connections, or not
  • A Connections installation is only as good as its LDAP source, be sure to have a good one
  • People needed in a setup: Network admins, server admins, firewall admins, designers and the marketing department
  • Make sure you have all fix packs and files needed before starting a setup
  • Always install a test-server that mirrors your production server

A short summary on how you perform an installation and how to administer Connections:

  • Download the software
  • Install in this order: Websphere, Connections and then Internet HTTP Server (it will work without the latter but that’s not recommended) where the SSL certificate will be
  • Your database source can be Oracle, SQL or DB2. Choose the latter if you do not have your own database administrators
  • Remember Connections consist of at least 20 databases, so make sure you have plenty of memory
  • File attachments should be available for all servers. This is achieved via Connections Shared Data, use UNC paths
  • There’s a lot of shared data: Custom JSPs, customisation strings, profile types, language translation files and file attachments
  • If you move servers, make sure to always copy shared data beforehand
  • If you delete the search index, it will be rebuilt, so don’t panic
  • Make sure that the language for Connections is set to the same language as the the one you tag content with
  • If you delete a community you lose everything belonging to it, so you will need to do a complete rollback
  • Plugin-cfg.xml maps all applications. This file can be modified in Websphere but it does not validate so make sure you are in control
  • There’s no super admin user that will give you administration rights for everything
  • WSADMIN is used for sending commands

After the presentation I had a much clearer understanding on how Connections work, but I can see that it will not be easy to administer without taking a class and then work with it every day.

Download presentation

Modernizing, Mobilizing and Socializing your XPages apps using 9.0.1 plus extensions
Martin Donnelly, Software Architect at IBM

MartinDonnelly

MartinDonnelly

XPages is a technology used for easily adapting your IBM Notes (formerly Lotus Notes) applications to web browsers on all platforms, as well as making them available on mobile platforms. The programming model is based on web development languages and standards (Javascript, Ajax, Java, CSS and so on). It was launched with huge fanfare 7-8 years ago and was hailed as the thing that would save Notes/Domino. The problem is that this has not happened.

I know that Donnelly is a clever guy who is very good with Xpages, but even though he works for the company, IBM themselves shows no interest in Xpages. The only ones keeping Xpages alive these days are the people behind OpenNTF. If you think this means I’ve no belief in Xpages, you are quite right. There are some people in the Domino community still going on about how wonderful Xpages is and that a lot of people use it. The latter is false. The number of Xpages projects in OpenNTF and the number of downloads (a few thousand) is a clear sign of that. Also: Compare the number of classes given or projects done with other (and much easier) web technologies than Xpages, and you will see that Xpages doesn’t even have a percentage of the market.

Also: Almost every single company using Notes/Domino that I am in contact with, and that’s quite a few, don’t use Xpages, and have no plans for it either. The same goes for every single company I talked with at the conference. TINE, who presented their new Ipad Solutions for their Domino sales databases, used absolutely no Xpages in their project. They used HTML5, Javascript, Ajax and REST. And that’s what we are going for in our company as well. So far we’ve done no development in Xpages.

But I still went to this presentation with an open mind. Unfortunately Donnelly didn’t say much more than what I already knew about Xpages, so after a while I stopped paying attention and did the final preparations for my own lecture. He did introduce me to the Single application wizard, which I will try out a bit, as I might have a few Notes solutions that could benefit for a very quick mobile conversion. But I’m not sure.

Download presentation

Configuring a Single Sign On Experience For Your Notes Clients
Gabriella Davis, The Turtle Partnership

Gabriella Davis

Gabriella Davis

Gabriella again! The presentation was a bit similar to her presentation given the day before. A short summary:

  • Notes shared logon:
    • Removes the password from the id-file
    • You log on to Windows and then start Notes. Notes downloads from the id-vault (which means the first time you log on you have to write the password), removes the password from the ID file and stores it encrypted on the PC
    • For every logon the password will be decrypted and read
    • You must have an ID-vault.
    • You do not need to configure anything in the client, but you must create a security policy
    • What it doesn’t do: It does not synchronize with the http password
    • Can’t be used for Citrix or roaming profiles
  • LDAP authentication:
    • You only need one password and no synch tools
    • The user logs on to Notes/iNotes, Domino then checks if the password is the same as the http password stored in the person’s document in the Domino address book
    • Even if it doesn’t recognise the password, it will still check on the LDAP server and the LDAP server will determine if you are allowed to log on
    • Use Tivoli to change username, it can write directly to AD or Domino from there
  • SPNEGO:
    • A user logs on to Windows and AD generates a token
    • When a user tries to access Domino or a Domino web-site, a SPNEGO token is sent to Domino, Domino then checks with AD if the credentials are ok
    • AD is needed and this will only work in Windows and Internet Explorer (or in Firefox with a plugin)
    • You have to set up SSO or MSSO on Domino
    • The clocks on the servers must be synchronised
    • Run Domino with a specified service account and not the local system account
  • SAML:
    • Supports multiple OS-es and clients
    • Needs and ID-file in an ID-vault
    • User logs on and the logon attempt is sent to ID-provider. After confirmation you are sent the the original site via SAML Service Provider to decide if the user should be granted access
    • The user will not have to enter a password at any time
    • You must have ID-provider. IBM supports ADFS and TFIM. Others can be used, but check with IBM first
    • Requirements:
      • ADFS 2.0
      • IIS-server with SSL-certificate
      • ID-vault
      • Security policy in Domino
      • IDPCAT-database based on the idpcat.ntf template
      • Domino 9.0.1
      • Time and patience
    • Other:
      • Most complicated setup so far. Not in complexity but this involves 150 steps!
      • Remember to check that the ID-vault template is upgraded when the server is ugpraded
      • Unfortunately Traveler, Sametime and Connections are still not supported
      • No passwords are sent between the systems, so nobody can snap it up on unsecured connections
      • NO MORE VPN!
      • You still have the ID-file, so there’s no problem with being offline in the Notes client, however: Notes will ask for a password, it’s not recommended to combine with shared login

Download presentation

How Brunvoll learned how to be connected
Hogne Bø Pettersen, ICT Teaching Manager, Brunvoll AS

Hogne B. Pettersen

Hogne B. Pettersen

Then it was my turn! I was invited to do a talk about Brunvoll’s (my employer) introduction of IBM Connections, or bConnect as we have decided to call it (be connected or Brunvoll connect, take your pick). I’m responsible for integrating and adapting bConnect into our infrastructure. While I’m partly doing that on the technical side, my main job is to train ours users to integrate Connections in to the regular working day. The goal is that bConnect should be the starting point every morning instead of your mailbox. Here are the main points:

  • I struggled with adapting our company to using the intranet or other collaboration solutions instead of email until new CEO arrived in 2011
  • I talked about partnering up with IBM for installation, and then later Item
  • I talked about the huge technical problems we had, and not all of them are solved yet
  • I mentioned that the integration og FileNet (CCM) and the use of libraries had made it impossible for us to move to a new installation
  • I talked about the complexity of administering Connections
  • I talked about user adoption and how it’s not a race, but more like an orienteering marathon
  • The importance of having the CEO and management group onboard
  • I emphasized that this is not an IT tool, and that the IT department really should not be the ones doing the user adaption, but in Brunvoll that was a necessity since I’m also the firm’s instructor when it comes to IT-based systems
  • You have to improve your users work day, this sometimes makes it necessary to do things a little bit more heavy handed than before, but in the long run it’s worth it
  • Train your users. Then train them again. And train them some more!
  • Have super users as your allies and as a second line of support between you and the users
  • Visit the users to get a feel of their working day and hold workshops
  • Use the plugins for Office, Notes and Explorer!

You can read the rest in my presentation, but I was very adamant to point out that this is a long, long process, and that sometimes it’s easy to lose hope. There’s also an age gap when it comes to who adopts very easily to this way of working instead of relying on email and network drives. The younger crowd grew up with systems like these, they didn’t learn about them long after their education.

My talk was very well received. I was a bit apprehensive about meeting with some of the IBM folks afterwards, since I had made some negative (but true) remarks, especially about FileNet. Even if I had emphasized that bConnect so far has been a success for us the negative things often sticks out. Thankfully Louis Richardson came up to me afterwards and thanked me, said it was a great presentation and that they needed to hear about problems like that.

Download presentation

And with that my part of the ISBG spring meeting was over. I had a train to catch, so I didn’t get to see the last session about Sharepoint. Looking forward to the autumn meeting!

I attended the Norwegian IBM User Group (ISBG) spring meeting from on the 21st and 22nd of May. Just like last year, it was held in the city of Larvik, in a spa resort called Farris Bad. Farris is a very famous brand of mineral water that is bottled in this city.

My arrival was one day before, and thankfully other people were there, and I spent an enjoyable evening, being treated with beers from the Panagenda guys. This, while I really should have been preparing my own presentation for the last day of the conference…

I will here give you a short summary of each session I attended on day 1:

Keynote: How Smart are You?

Louis Richardson

Louis Richardson

Louis Richards, Storyteller & Enthusiast, Social Smarter Work – IBM
Richardson’s talk was about how conventional we become with age, and how divergent thought is less and less encouraged as you grow older.

He referred to a Dutch study showing that children, when asked where they wanted a third eye, always said “on one of my fingers,” whilst adults wanted to have it in the back of their head. People who don’t go by the book shouldn’t always be held back. Let the rebels be rebels. They aren’t always trouble makers.

Download presentation

It’s not Social Business, it’s Just Good Business
Louis Richards, Storyteller & Enthusiast, Social Smarter Work – IBM
Richards also held the next presentation. He is not fond of the word social. – It’s not social, it’s just good business, was his mantra. – We have always built relationships at work and we communicate. It’s just that we are now able to do it digitally, and preserve it.

He encourages everyone to start sharing their knowledge:

  • Do not frown upon people sharing things via blogs or other media
  • Share your knowledge and encourage others to do the same. If you die, your knowledge and skills should be easy for others to get hold of
  • Don’t ask people for the information, search for it in the blogs, wikis, files and forum postings (if you have such tools)
  • Do not force people to report all the time. Let them do their jobs and then share their information with you

Like me he abhors meetings. – Too much time is wasted on meetings. The way to go about it is this: Share a file. Invite people to a meeting and refer to the shared file. If a very few, or nobody downloads the file, cancel the meeting.

Download presentation

Sales Tool on Ipad/Iphone, Based on IBM Domino

Einar Ellingsen

Einar Ellingsen

Einar Ellingsen, ICT System Consultant, TINE SA
Tine is Norway’s biggest producer of dairy products and the company is owned by the biggest farming organizations. They have been running Notes/Domino for years, and on the very same day that we attended the conference, they launched their brand new intranet, running on IBM Connections.

Einar showed us a very impressive solution running both on Ipad and Iphone. It could also run on other solutions since it’s 100% web based. Before 2008, TINE had loads of paper forms that needed to be filled out for each order. In 2007 they started a project where Lotus Notes databases where used. These were replicated locally to each sales person’s computer.

The entire solution was developed by Einar, and I was very impressed. Here are some key elements:

  • Every sellers has their own calendar for appointments
  • There’s a built in chat function so that sellers within a region can communicate easily
  • You could snap a photo of an exhibition in a store and upload it directly
  • You could use a scanner to read the barcode for any product
  • You could generate KPI’s for a region, for a store, for a certain product within a store and so on
  • Orders are generated and sent to a mailin database. From here they are generated to XML files and sent to the EDI-server
  • There are help files and movies that the users can look at for assistance

Technology used:

  • SQL
  • HTML5 (no framework, just best practice)
  • Lotusscript and Java agents
  • Google Chart Grid
  • Google Maps
  • REST
  • Cumulus
  • FTP for transferring of orders to the EDI server
  • Ajax
  • Pic2Shop for reading barcodes
  • A-PDF Text Extractor
  • ImageMagick
  • The API in IBM Connections

Einar finished his talk by showing us the new Tine intranet, which is 100% IBM Connections.

Download presentation

Simplifying the S’s: Single Sign-On, SPNEGO and SAML
Gabriella Davis, The Turtle Partnership

Gabriella Davis

Gabriella Davis

Let’s face it: IBM Notes and related products is a nightmare when it comes to having one username and one password. We all know this, and we have fought with this limitation for years. And the users hate having to log on several times after logging on to their computer.

Gabriella described the three techniques that we can use:

Single Sign-On: The Notes client is using the Windows AD credentials.
SPNEGO: The user logs on in Windows and AD generates a SPNEGO-token. When a user tries to access a Doino web site the web browser will send this token to Domino, which in turn contacts AD for validation of the token. If the token is valid, the user name will be returned, and since it found the user’s name, the system knows that access should be granted.
SAML: This is the future. It works on all platforms, not just windows, and it’s a standard. A user logs on to Notes. The user will then be sent to an Identity Provider which will ask for credentials (if the user is already logged on the credentials will be returned). The user is then sent back to Notes with all the SAML information. Notes will then use the SAML-service provider to check this information, and whether access should be granted.

The drawback with SAML is that it’s still not supported by IBM Sametime or IBM Notes Traveler. A solution can be to combine SAML with SPNEGO, because SPNEGO is supported by both Sametime and Traveler.

She also described using OAuth to let IBM Connections communicate with third parties like Facebook, LinkedIn and so on.

Download presentation

Quo Vadis – Where Do You Want to Go Tomorrow With IBM Notes/Domino

Christoph Adler

Christoph Adler

Christopher Adler, Panagenda
Panagenda has a great product called the Marvel Client, which we unfortunately don’t use at my company. However, Christopher’s talk was on more general topics. He talked about a company’s attitude towards Notes.

He also touched upon the fact that in the past you were a Notes/Domino administrator. Today you are responsible for a whole bunch of collaborative solutions. And all of them communicate with Notes!

He also talked about the importance of continuous upgrades and that whenever someone talked about changing email systems, you had to be aware of the fact that a lot of solutions in Notes are tightly integrated with the Notes mail template. Quite a few companies have burnt themselves on that fact.

And with that, the first day was over, for me anyway. I couldn’t partake in this year’s competition or murder mystery. I had to finally prepare next day’s presentation and I therefore also missed the spa bit. I did go down to dinner, and it was magnificent!

Download presentation

Stay tuned for day 2!