Finally I get around to summing up day 2 of the Norwegian IBM User Group’s spring meeting that took place 21st and 22nd of May this year. This was also the day that I would give my presentation about my company’s introduction of IBM Connections, so read on to know about that.
It was a late night for some of us, but thankfully I turned down the invitation for nachspiel, which the German’s from Panagenda finds amusing since the word means something entirely different in their language (and don’t get me started on the German meaning of vorspiel…) so I managed to get up at a reasonable hour. Here’s a short summary of each session during day 2:
Become a Connections Administrator
Gabriella Davis, The Turtle Partnership
Let’s face it: IBM Connections is a bitch to deploy and administer. It takes days to install and it’s very hard to control. At least it’s hard when you have several other assignments at work and can’t devote your full attention to it. So Gabriella Davis’ presentation on how to become a Connections administrator was something I was really looking forward to. Her main points where:
- Fight for your resources, IBM Connections demands a lot!
- Have a deployment server
- You can then choose to have one server for each application in Connections, or not
- A Connections installation is only as good as its LDAP source, be sure to have a good one
- People needed in a setup: Network admins, server admins, firewall admins, designers and the marketing department
- Make sure you have all fix packs and files needed before starting a setup
- Always install a test-server that mirrors your production server
A short summary on how you perform an installation and how to administer Connections:
- Download the software
- Install in this order: Websphere, Connections and then Internet HTTP Server (it will work without the latter but that’s not recommended) where the SSL certificate will be
- Your database source can be Oracle, SQL or DB2. Choose the latter if you do not have your own database administrators
- Remember Connections consist of at least 20 databases, so make sure you have plenty of memory
- File attachments should be available for all servers. This is achieved via Connections Shared Data, use UNC paths
- There’s a lot of shared data: Custom JSPs, customisation strings, profile types, language translation files and file attachments
- If you move servers, make sure to always copy shared data beforehand
- If you delete the search index, it will be rebuilt, so don’t panic
- Make sure that the language for Connections is set to the same language as the the one you tag content with
- If you delete a community you lose everything belonging to it, so you will need to do a complete rollback
- Plugin-cfg.xml maps all applications. This file can be modified in Websphere but it does not validate so make sure you are in control
- There’s no super admin user that will give you administration rights for everything
- WSADMIN is used for sending commands
After the presentation I had a much clearer understanding on how Connections work, but I can see that it will not be easy to administer without taking a class and then work with it every day.
Modernizing, Mobilizing and Socializing your XPages apps using 9.0.1 plus extensions
Martin Donnelly, Software Architect at IBM
XPages is a technology used for easily adapting your IBM Notes (formerly Lotus Notes) applications to web browsers on all platforms, as well as making them available on mobile platforms. The programming model is based on web development languages and standards (Javascript, Ajax, Java, CSS and so on). It was launched with huge fanfare 7-8 years ago and was hailed as the thing that would save Notes/Domino. The problem is that this has not happened.
I know that Donnelly is a clever guy who is very good with Xpages, but even though he works for the company, IBM themselves shows no interest in Xpages. The only ones keeping Xpages alive these days are the people behind OpenNTF. If you think this means I’ve no belief in Xpages, you are quite right. There are some people in the Domino community still going on about how wonderful Xpages is and that a lot of people use it. The latter is false. The number of Xpages projects in OpenNTF and the number of downloads (a few thousand) is a clear sign of that. Also: Compare the number of classes given or projects done with other (and much easier) web technologies than Xpages, and you will see that Xpages doesn’t even have a percentage of the market.
Also: Almost every single company using Notes/Domino that I am in contact with, and that’s quite a few, don’t use Xpages, and have no plans for it either. The same goes for every single company I talked with at the conference. TINE, who presented their new Ipad Solutions for their Domino sales databases, used absolutely no Xpages in their project. They used HTML5, Javascript, Ajax and REST. And that’s what we are going for in our company as well. So far we’ve done no development in Xpages.
But I still went to this presentation with an open mind. Unfortunately Donnelly didn’t say much more than what I already knew about Xpages, so after a while I stopped paying attention and did the final preparations for my own lecture. He did introduce me to the Single application wizard, which I will try out a bit, as I might have a few Notes solutions that could benefit for a very quick mobile conversion. But I’m not sure.
Configuring a Single Sign On Experience For Your Notes Clients
Gabriella Davis, The Turtle Partnership
Gabriella again! The presentation was a bit similar to her presentation given the day before. A short summary:
- Notes shared logon:
- Removes the password from the id-file
- You log on to Windows and then start Notes. Notes downloads from the id-vault (which means the first time you log on you have to write the password), removes the password from the ID file and stores it encrypted on the PC
- For every logon the password will be decrypted and read
- You must have an ID-vault.
- You do not need to configure anything in the client, but you must create a security policy
- What it doesn’t do: It does not synchronize with the http password
- Can’t be used for Citrix or roaming profiles
- LDAP authentication:
- You only need one password and no synch tools
- The user logs on to Notes/iNotes, Domino then checks if the password is the same as the http password stored in the person’s document in the Domino address book
- Even if it doesn’t recognise the password, it will still check on the LDAP server and the LDAP server will determine if you are allowed to log on
- Use Tivoli to change username, it can write directly to AD or Domino from there
- SPNEGO:
- A user logs on to Windows and AD generates a token
- When a user tries to access Domino or a Domino web-site, a SPNEGO token is sent to Domino, Domino then checks with AD if the credentials are ok
- AD is needed and this will only work in Windows and Internet Explorer (or in Firefox with a plugin)
- You have to set up SSO or MSSO on Domino
- The clocks on the servers must be synchronised
- Run Domino with a specified service account and not the local system account
- SAML:
- Supports multiple OS-es and clients
- Needs and ID-file in an ID-vault
- User logs on and the logon attempt is sent to ID-provider. After confirmation you are sent the the original site via SAML Service Provider to decide if the user should be granted access
- The user will not have to enter a password at any time
- You must have ID-provider. IBM supports ADFS and TFIM. Others can be used, but check with IBM first
- Requirements:
- ADFS 2.0
- IIS-server with SSL-certificate
- ID-vault
- Security policy in Domino
- IDPCAT-database based on the idpcat.ntf template
- Domino 9.0.1
- Time and patience
- Other:
- Most complicated setup so far. Not in complexity but this involves 150 steps!
- Remember to check that the ID-vault template is upgraded when the server is ugpraded
- Unfortunately Traveler, Sametime and Connections are still not supported
- No passwords are sent between the systems, so nobody can snap it up on unsecured connections
- NO MORE VPN!
- You still have the ID-file, so there’s no problem with being offline in the Notes client, however: Notes will ask for a password, it’s not recommended to combine with shared login
How Brunvoll learned how to be connected
Hogne Bø Pettersen, ICT Teaching Manager, Brunvoll AS
Then it was my turn! I was invited to do a talk about Brunvoll’s (my employer) introduction of IBM Connections, or bConnect as we have decided to call it (be connected or Brunvoll connect, take your pick). I’m responsible for integrating and adapting bConnect into our infrastructure. While I’m partly doing that on the technical side, my main job is to train ours users to integrate Connections in to the regular working day. The goal is that bConnect should be the starting point every morning instead of your mailbox. Here are the main points:
- I struggled with adapting our company to using the intranet or other collaboration solutions instead of email until new CEO arrived in 2011
- I talked about partnering up with IBM for installation, and then later Item
- I talked about the huge technical problems we had, and not all of them are solved yet
- I mentioned that the integration og FileNet (CCM) and the use of libraries had made it impossible for us to move to a new installation
- I talked about the complexity of administering Connections
- I talked about user adoption and how it’s not a race, but more like an orienteering marathon
- The importance of having the CEO and management group onboard
- I emphasized that this is not an IT tool, and that the IT department really should not be the ones doing the user adaption, but in Brunvoll that was a necessity since I’m also the firm’s instructor when it comes to IT-based systems
- You have to improve your users work day, this sometimes makes it necessary to do things a little bit more heavy handed than before, but in the long run it’s worth it
- Train your users. Then train them again. And train them some more!
- Have super users as your allies and as a second line of support between you and the users
- Visit the users to get a feel of their working day and hold workshops
- Use the plugins for Office, Notes and Explorer!
You can read the rest in my presentation, but I was very adamant to point out that this is a long, long process, and that sometimes it’s easy to lose hope. There’s also an age gap when it comes to who adopts very easily to this way of working instead of relying on email and network drives. The younger crowd grew up with systems like these, they didn’t learn about them long after their education.
My talk was very well received. I was a bit apprehensive about meeting with some of the IBM folks afterwards, since I had made some negative (but true) remarks, especially about FileNet. Even if I had emphasized that bConnect so far has been a success for us the negative things often sticks out. Thankfully Louis Richardson came up to me afterwards and thanked me, said it was a great presentation and that they needed to hear about problems like that.
And with that my part of the ISBG spring meeting was over. I had a train to catch, so I didn’t get to see the last session about Sharepoint. Looking forward to the autumn meeting!