IBM Connections, Exchange, Kerberos and the Tale of External Non-Collaboration


It is a longer tale, so to make keep it short I decided to busy the lead and give you the synopsis right here:

If you are running IBM Connections integrated with Exchange as your ICMail setup you are using Kerberos. If you want to enable external collaboration by adding another LDAP source for your external users – it will not work.

You can create the repository, add it to WebSphere, you can do all the TDI settings to import the users in it as external users .. but they will not be able to authenticate. The reason is that WebSphere has the authentication mechanism at it’s top level of security (global) and not at the repository level. That means, once you use Kerberos you have to use Kerberos for ALL authentication that happens. Trust me, I have tested. I had PMRs open (with both Connections and WebSphere support). I talked to the IBM Connections Product team and verified that this specific scenario was never actually tested so nobody appears to have known of this, which is also why it never made it’s way into any documentation.

I don’t think there are many clients for whom this might be an issue currently, but I do see many environments wanting more security and wanting to tie in other back-end systems and if that client environment is running AD as their LDAP source , then KERBEROS will be right there as a feature request – or a necessity.

Is External Collaboration Dead when Using Kerberos?

That is an easy answer – No.

But you are now forced to add those external users to your AD forest and either add them to some branch/OU that you can treat as external users or add some AD/LDAP attribute to identify them as external users.

Feature Enhancement Request for WebSphere – PLEASE VOTE!

I entered a feature enhancement request to move the authentication method from a global setting to the repository level – either in general or as art of a security domain setup in WebSphere, thereby allowing non-Kerberos repositories to be used for authentication alongside a KERBEROS enabled repository.

Here is the link to the feature request – the more people look at it, follow it and vote for it the more likely it is to make it’s wat into a future release. you will need to have an IBM website ID to even just look at it but I’d appreciate the effort!

Social Connections – Toronto Jun 6-7, 2016 – I am attending!


The next Social Connections Conference has been announced: June 6-7, 2016 in wonderful and clean TORONTO CANADA

http://socialconnections.info/

 

I already signed up and a submission for an abstract is already in ….

Anybody in the social media/social networking sphere should really attend this conference. Technical and Strategy without the marketing hype, that is why I really like to attend.

 

Go forth and attendeth!

Connections 5.5 – Install Problem for WebSphere Cluster Settings with UNC Shares


I just installed a new Connections V5.5 environment for a new client and came across this issue that I had encountered once before in previous versions when installing the IBM File viewer (look at my presentation from last year at MWLug 2015) .

Scenareo:

  • Connections 5.5,
  • Clustered Windows WebSphere servers (2 nodes on separate Windows server)
  • Windows File Share for shared file services (accessed using a UNC link i.e.: \\[fqhn of server]\[share name])

The Installer will go through and work without a problem, all apps are installed and the clusters in WebSphere created. When you run the WebSphere servers/JVMs for the first time you might notice a new folder created on the same drive as your WebSphere install, the name follows the above UNC naming for the shared file services location. In my case the folder created was [D:\FILESERVER\CnxData\messagestores\xxx).

Messagestores are the way that messaging engines running on WebSphere clustered servers communicate with each other by reading/writing log files (there is much more to it, but let’s keep this lite here …). Both Windows server will create the same folders and you will probably not see a whole lot of errors in the systemout.log files of the WebSphere servers because … those servers can access the files they expect, that they are not getting any inputs from other cluster members is not going to raise any errors inside of WebSphere.

In V5.0 what happens is that the installer creates a WebSphere variable and uses that variable in the cluster settings and then the system works and the UNC drive is read correctly. The V5.5 installer does not do this, it writes the location directly into the sib-engines.xml file of the cluster created and then things fall apart ….

 

What to do:

Basically you have to manually do what the installer should have done:

Create a WebSphere variable

  • I created the same one as V5.0 would have [MESSAGE_STORE_PATH] and gave it the value of the UNC folder location in WINDOWS format (using “\” slashes): i.e. [\\servername\share\messagestores]

Update the sib-engines.xml

  • Search for the sib-engine.cml files  on the Dmgr profile under: ..\WebSphere\AppServer\profiles\Dmgr01\config\cells\[cell name]\clusters\[Cluster Name]
  • Edit the last line in the file for each cluster to look something like this:
<fileStore xmi:id="SIBFilestore_1456105865384" uuid="5976E93BC88E6CB1" logSize="100" minPermanentStoreSize="200" maxPermanentStoreSize="500" minTemporaryStoreSize="200" maxTemporaryStoreSize="500" logDirectory="${MESSAGE_STORE_PATH}/UtilCluster/log" permanentStoreDirectory="${MESSAGE_STORE_PATH}/UtilCluster/store" temporaryStoreDirectory="${MESSAGE_STORE_PATH}/UtilCluster/store"/>

Note the use of “/” in this entry, do it that way!

Do the WAS Thing:

  • You need to then sync the nodes and restart all servers/clusters and then WebSphere will create the folders and subfolders is needs and all will be well ….

 

After a restart you can delete the incorrectly created folders, they do not contain any data you need, the data written into there is transactions and will be re-created when the servers restart.

Engage 2016 in Eindhoven, NL – Here I Come!


Just got this happy little email in my in-box:

 

Dear Victor,

More than 140 session proposals came in, and we had to make VERY tough decisions to get them reduced to 58.
We even added an extra track, to allow for 10 additional slots!
We are extremely happy to inform you that we accepted the following session:

Adm09. IBM Connections – Managing Growth and Expansion.

We look forward to seeing you soon at our 2-day event on WednesdayThursday, March 23-24, 2016, in Eindhoven, the Netherlands.
We picked out an awesome venue.

Now I have to book fights and get myself over there …..

If you are in Europe … if you are anywhere in the world, you will want to attend this user group!

 

For more info, go to this link HERE 

 

Who Said You Can’t Have Fun At Work?


I have been quite for a while. ALLOT of client work, the Connect2016 conference, family, Christmas, cookies .. allot of cookies. A new year, a new work-out plan and new projects!

This was one of those days – in a good way. Major client of mine who has been successfully running IBM Connections for several years and is fairly vested in the platform. They have dedicated company resources that look into adoption and training and how they can use the platform for the business and make it work. Not everything is rosy-sunshine-and-cloudless-days but overall this client as a whole just gets it.

This client uses Outlook as their email platform, but they have a very large Domino application presence which runs a major part of their company business and is thriving. Again, not everything is all sunshine but overall things go in the right direction – the client listens, tries hard and improves constantly. The discussions generally evolve around how to get “it” done and not why not to do “it”.

I come onsite regularly to have face-to-face meetings and do some staff training and mentoring and I found this one inconspicuous meeting invite in my calendar for today to talk about a new business venture they want to automate and have custom development done for. This is where things get exciting for me. It is not every day that you participate in these kinds of talks and do not have to wade through preconceived notions about wanting to re-invent the wheel and “using the latest in technology” and the “newest development platform” because it sounds good n marketing material. Instead, the meeting first evolves around educating me on their business (much to learn, young Paduan …), the client(s) and their future plans so I can help them to achieve their goals by using ( no, it’s time for a buzz-word) “leveraging” existing technologies along with some outside assistance/expertise that might not yet be available in-house. There are slides prepared with business processes and decision trees that need to be translated into program code and automated processes, wishlists about capabilities and the question “Victor, how do we best make this work”…one of those priceless Mastercard moments for any IT guy, really. “Tell me how to make it work” – the words we all want to hear – empowering, challenging, exciting – all wrapped up into one short sentence.

So now I find myself up in the middle of the night, thinking through the two new potentials (yes, hey have TWO new processes hey want to do) and how to best realize them. What partners in code/crime to assemble and how to best architect this solution using the best of the capabilities that Domino and Connections has to offer – I am so excited I can’t sleep – blogging helps categorize the process and organize my thoughts.

Now I will have to scratch together time between all the other work I have (NOT COMPLAINING, work is good and pays the bills – thank you customers!) to translate all my notes and the documentation they gave me into something I can put out to bid to a few partners I already have on mind and see what comes back. Knowing the people I plan to talk to, there are bound to be some ideas and improvements that I might never had considered.

The power of marrying IBM Domino and IBM Connections and using the best capabilities of both platforms. Sometimes it is just plain fun to be an IBM Champion …..

Connections 5.5 – The first fixes are already out …


The download for the latest version of IBM Connections just became available on Dec. 18 (this last Friday) and with it ..a bunch of fixes as well. so, if you are one of those willing to jump into the fray and download and install Connections 5.5, head over to FixCentral and get these fixes as well:

 

IBM Connections: Fixes
Updated IBM Cognos installation wizard for IBM Connections 5.5 for Windows
This package is a required update for the IBM Cognos installation wizard for IBM Connections 5.5 for Windows. Refer to the document Update Strategy for IBM Connections 5.5 for additional information on downloading the required software and installation information
Updated Database and population wizard for IBM Connections 5.5 Day1 iFix for AIX
This package is a required update for the Database and Population Wizard for IBM Connections 5.5 for AIX and Linux. Refer to the document Update Strategy for IBM Connections 5.5 for additional information on downloading the required software and installation information
Updated Database and Population Wizard for IBM Connections 5.5 for Windows
This package is a required update for the Database and Population wizard for IBM Connections 5.5 for Windows. Refer to the document Update Strategy for IBM Connections 5.5 for additional information on downloading the required software and installation information
IBM Connections 5.5 Migration Tool
This package contains the Migration Tool for IBM Connections 5.5. Refer to the document Update Strategy for IBM Connections 5.5 for additional information on downloading the required software and installation information
5.5.0.0-IC-Multi-IFLO87330
This is a required interim fix for IBM Connections 5.5. This iFix must be applied using the new Update Installer for IBM Connections 5.5 on Fix Central. Refer to the document Update Strategy for IBM Connections 5.5 for additional information on downloading the required software and installation information
IBM Connections 5.5 Smart Type-ahead
This package contains IBM Connections v5.5 Type-ahead Search
Updated IBM Cognos installation wizard for IBM Connections 5.5 for Linux
This package is a required update for the IBM Cognos installation wizard for IBM Connections 5.5 for Linux. Refer to the document Update Strategy for IBM Connections 5.5 for additional information on downloading the required software and installation information
Updated IBM Cognos installation wizard for IBM Connections 5.5 for AIX
This package is a required update for the IBM Cognos installation wizard for IBM Connections 5.5 for AIX. Refer to the document Update Strategy for IBM Connections 5.5 for additional information on downloading the required software and installation information
IBM Connections 5.5 Update Installer (20151218)
This package contains the Update Installer for IBM Connections 5.5

My New Secondary Workstation – Take a look


I just added this one to my collection of machines running in my home:

InFocus Kangaroo

I always try to keep my home footprint small: energy usage, space, noise (fans can add up) and just usability. I have a few mini servers that I use for utilities machines that I run, I have my main laptop that at home turns into my communication machine and I have my main workstation/desktop that hosts several virtual machines.

Now I can have a small machine that I can run all the time to make it available as a remote machine and then also be small enough to just unplug and throw into a bag and take it to a client when a laptop is not what I need or want … and now I have it – it can use a tablet as a touchscreen display. I can also use it to just make it a media server and put behind my TV if I want and hook it up to the network directly.  Of, if we need something to hook up to the main TV (55 inches, we ain’t talking dinkie screens here) and I want to be able to do something that requires a PC now I can … Bluetooth mouse and keyboard make it easy …. The opportunities are limitless. go and see if this is something for you!