Announcing MWLUG 2014 Sessions and Workshops


Looks like yours truly is speaking at MWLug again. It is always a quality event with good speakers and allot of people to learn from. This year it is in Michigan and I am looking forward to it as i have never visited that state yet. Hopefully the good people of Grand Rapids will let me in and not turn me back at the airport or pro-actively throw me into the slammer.

My presentation is called:

"IBM Connections Migration – Review your WebSphere security and then use all these great tricks for your successful Connections Migration"

I admit it, the title is almost as long as if IBM had come up with it …. but what I want to talk about is how you can take a migration and use it as an opportunity to review – and hopefully – improve your systems security. I do allot of systems reviews and evaluations and the security settings are often just frightening. After the whole security issues I will talk about all those small and large issues with migrations that you are likely to run into. All in all .. it will be fun and I want to keep it hands on with allot of live stuff. Who knows .. maybe I will let the audience try and hack into the system …. ;)

MWLUG 2014 Banner

Announcing MWLUG 2014 Sessions and Speakers

We are please to announce the sessions and workshops for MWLUG 2014. We have 43 sessions and workshops for this event for a total of 47 hours of technical and business sessions covering.

  • Application Development
  • Best Practices and Customer Business Cases
  • Mobility and Web Security
  • Open Source with ICS
  • System Administration

To see the sessions and speakers for MWLUG 2014 go to: http://www.mwlug.com/mwlug/mwlug2014.nsf/Sessions.xsp

This year MWLUG celebrates its 6th anniversary in providing our ICS community a first-class conference to network and share our knowledge in collaboration technology. This year, MWLUG will be held in the heart of downtown Grand Rapids, Michigan at the Amway Grand Plaza Hotel.

MLWUG 2014 is make possible by the generous MWLUG 2014 sponsors whom not only pay for the majority of the cost for MWLUG 2014, but also donate their time in organizing and providing technical sessions on critical topics that are important to our ICS community.

The $50 MWLUG donation provide you:

  • Over 40 technical sessions and workshops
  • Breakfast and Lunch for Thursday and Friday
  • Wednesday Evening Showcase Reception that include drinks and hors d’oeuvres
  • Thursday Evening Social Event
  • Networking with your colleagues in the ICS community
  • And a whole lot more

MWLUG 2014 Registration

Registration Link: http://www.mwlug.com/mwlug/mwlug2014.nsf/Register.xsp

We have made special arrangements with the Amyway Grand Plaza Hotel on a special MWLUG discount rate of $129.00/night.

To register for the Amway Grand Plaza Hotel go to: http://mwlug.com/mwlug/mwlug2014.nsf/Hotel.xsp

So don’t wait and miss this opportunity to attend one of the best ICS user group conferences this year.

Amway Grand Plaza Hotel

Amway Grand Plaza Hotel
Grand Rapids, Michigan

MWLUG 2014 will be held at the historic Amway Grand Plaza on August 27-29, 2014. The Amway Grand Plaza was built in 1913 and in 1925 was rated as "One of the Ten Finest Hotels in America".

Announcing MWLUG 2014 IBM Opening Session Speaker


A new announcement from MWLUG (Aug 27-29, Grand Rapids MI) – I will be attending again this year and it looks like I will also be speaking again – about my favorite topic(s) and (as anybody who knows me personally can attest) I will be talking allot … :)

MWLUG 2014 Banner

Announcing MWLUG 2014 IBM OGS Speaker

As we head towards MWLUG 2014 in August things are picking up steam and we are quickly moving forward in providing you one of the best ICS user group conference of this year. We have many things planned and a few surprises. If you miss this year’s MWLUG, you will be missing something that you may never have a chance to experience again. So don’t miss it. We will be announcing this the near future. The theme of MWLUG 2014 is "Connecting the Human Community" and this is what user group conferences bring to our community. It is an opportunity to network and learn from our colleagues within our community.

I am please to announce that one of the newest member of our community, Kramer Reeves, Director of Product Management for Collaboration Solutions, will be the IBM Opening General Session speaker. Kramer who became the Director of Product Management for ICS last year comes from an area of great interest for me, business process management.

30.jpg

Kramer Reeves has over 15 years experience in the enterprise software industry, 11 of which at IBM. He is currently Director of Product Management for Collaboration Solutions inside IBM Software Group. In this role, Kramer leads a world-wide team and overall business responsibilities for key product lines including IBM’s messaging and collaboration solutions; unified communications software; and the workforce productivity portfolio.

This year MWLUG celebrates its 6th anniversary in providing our ICS community a first-class conference to network and share our knowledge in collaboration technology. This year, MWLUG will be held in the heart of downtown Grand Rapids, Michigan at the Amway Grand Plaza Hotel.

MLWUG 2014 is make possible by the generous MWLUG 2014 sponsors whom not only pay for the majority of the cost for MWLUG 2014, but also donate their time in organizing and providing technical sessions on critical topics that are important to our ICS community.

The $50 MWLUG donation provide you:

  • Over 40 technical sessions and workshops
  • Breakfast and Lunch for Thursday and Friday
  • Wednesday Evening Showcase Reception that include drinks and hors d’oeuvres
  • Thursday Evening Social Event
  • Networking with your colleagues in the ICS community
  • And a whole lot more

We have made special arrangements with the Amyway Grand Plaza Hotel on a special MWLUG discount rate of $129.00/night.

To register for the Amway Grand Plaza Hotel go to: http://mwlug.com/mwlug/mwlug2014.nsf/Hotel.xsp

Amway Grand Plaza Hotel

Amway Grand Plaza Hotel
Grand Rapids, Michigan

MWLUG 2014 will be held at the historic Amway Grand Plaza on August 27-29, 2014. The Amway Grand Plaza was built in 1913 and in 1925 was rated as "One of the Ten Finest Hotels in America".

Open Mic Webcast : Linux for the IBM Sametime Admin (04/09/2014)


Marlon Machado posted this on the Sametime blog (link below) yesterday. Since there is allot of Linux all over the place, I suggest this as a webcast to listen to. If you still live in a Windows only server world, it is only a amtter of time until your boss tells you that there are maybe some Linux machines coming your way ….

0 people like thisAs you probably know by now IBM’s commitment to the Linux platform is broad and deep. That includes, of course, IBM Sametime. We’re steadily expanding and refining our support for Linux starting with our server components and we have a plan to bring all the goodies we shipped with Sametime 9 to the Linux desktop. It’s a journey and it’s been very satisfying so far.

Our development team has been documenting their experiences with Linux and they’re ready to share it with all of you. If you’re a Sametime administrator living in the Windows world and are interested in learning how Sametime works on Linux you should join us in April 9 for our next Open Mic Webcast. As in all our Open Mic sessions you’ll hear from our developers and then you’ll have a chance to ask questions and share your own experiences with them and your peers.

You can find out more about this event here. Don’t miss it. It’s going to be interesting.

 

Original Link: https://www-304.ibm.com/connections/blogs/SametimeBlog/entry/open_mic_webcast_on_april_9_linux_for_the_sametime_windows_administrator?lang=en_us

 

Webinar Tomorrow: Learn how the Ephox editor works in IBM Connections


If you are working with IBM Connections and you want to know more about the new (and FREE) entitlement of the EPHOX editor EditLive! for IBM Connections V4.5 then you should tune in to this webinar tomorrow ….

In January, IBM announced terrific news for IBM Connections customers — it’s making the Ephox editor, EditLive!, available to all IBM Connections v4.5 clients. Now IBM Connections’ users have access to the industry’s most advanced WYSIWYG editor.In this short, but impactful webinar, we will shareways in which your IBM Connections users can derive the most value out of EditLive!’s advanced editing capabilities.

Join Ephox tomorrow to learn how to get access to EditLive! if you’re using IBM Connections v4.5.

Tim Thatcher and Michael Fromin of Ephox will present the following:

  • The capabilities of Ephox’s editor, EditLive!
  • How Ephox’s editor can deliver value to users of IBM Connections
  • Ways other IBM customers are reaping benefits using EditLive! for IBM Connections while increasing user adoption and engagement

Date: Thursday, March 27
Time: 10 a.m. PDT, noon CDT, 1 p.m. EDT, 5 p.m. GMT

Who should attend:

  • IBM Sales Team Members and Leaders
  • IBM Client Technical Professionals
  • IBM Business Partners
  • IBM Connections Customers (IT, end users, content contributor, social media contributors)

Presenters:

Tim Thatcher, chief operating officer, Ephox
Michael Fromin, director of client services, Ephox

Register for the Ephox webinar today.

Look forward to seeing you there.

Dave Dabbah
Vice President, Marketing
dave.dabbah

Connect with Ephox at:
blankTweet This blankSend to Linkedin blankSend to Facebookblankblank

1.650.292.9659
contact@ephox.com | support@ephox.com
© Ephox Corporation; All rights reserved. Unsubscribe from email communications
darkspacer20.gif

WebSphere – The Basics on Security, Directories and Federated Repositories


I had promised earlier this year to post more content (other than opinion and news) so I am now catching up on my promise. This post was inspired by a combined WebSphere – IBM Connections review review I did for a client earlier this year, along with some content from my IBM Connections admin training that I offer and that the same client asked me to give after they read my review of their environment. This is the first in a small series of blog-posts on security and configuration in WebSphere, look forward to some more in the next few weeks.

My Shameless Plug: You can get all of this in one big gulp if you hire me for some admin training for your support staff. I also do really kick-ass reviews of IBM Connections environments and performance tuning . . . .

WebSphere – LDAP / Security / Admin rights … the open door policy

I wrote an article on this webpage back in 2012 – WebSphere: wasadmin – how to recover a lost password – that also has something to do with this topic. This posting is in addition to that and will give you some more background info on how WebSphere keeps it’s security info and LDAP settings. If you read below you can find an even easier way to get that info …

XML – The Language of WebSphere

If you have not yet heard about it, here is the story: just about everything (regarding settings and configuration)in WebSphere is XML based. Yes, there are properties files and basic text files but the most files you will be dealing with are all XML files.

This results in Dr Vic’s first two rules:

Rule#1 – Always use a REAL XML editor program – and notepad.exe or wordpad.exe do not count. I personally have two favorites: Notepad++ on Windows and Geany on Linux (or Bluefish Editor – also awesome).

Rule#2 – Never putz (this is a technical term, I swear) in WebSphere XML files without having a back-up of each and every version of your change. If it gets really bad, you will have to re-install WebSphere and loose allot of work.

Shameless plug: I have more rules … hire me to learn more.

Federated Repository

The majority of my clients set up their LDAP settings in WebSphere by going to [Security – Global Security – Federated Repositories] and then never look at it again after that. They don’t really understand what the back-end is – well, here is a crash course:

Federated – The definition:

From late Latin foederatus, based on foedus, foeder- ‘league, covenant.’

Adj. 1. federated – united under a central government. Federate / united – characterized by unity; being or joined into a single entity; “presented a united front”

OK, what does this mean? When you installed WebSphere you were asked about an admin account and a password to assign to it – by default that account is called [wasadmin] though you can change it to anything you want. That user name and password is saved in a FILE BASED directory structure in the Deployment manager and replicated out to all federated nodes. When you add an LDAP directory then the Files based (the thing you see defined as [defaultWIMFilesBasedRealm] are federated meaning that now they are BOTH together part of a SINGLE directory entity that all WebSphere applications will utilize as a single unit for the purpose of user account look-ups and authentication.

The Files Involved:

wimconfig.xml

Is located in the [deployment manage profile]\config\cells\[cellname]\wim\config folder. This file contains the federated directory setting definitions. So the files based directory (more details below) and the LDAP directory/directories are all defined and configured in this file. As this file is an XML file, each directory is defined inside the <config:repositories and the </comfig:repositoes> items.

Let’s look at the example from my training WebSphere environment:

<config:repositories xsi:type=”config:FileRepositoryType” adapterClassName=”com.ibm.ws.wim.adapter.file.was.FileAdapter” id=”InternalFileRepository” supportPaging=”false” messageDigestAlgorithm=”SHA-1″>

<config:baseEntries name=”o=defaultWIMFileBasedRealm”/>

</config:repositories>

<config:repositories xsi:type=”config:LdapRepositoryType” adapterClassName=”com.ibm.ws.wim.adapter.ldap.LdapAdapter” id=”TTrainDom01″ isExtIdUnique=”true” supportAsyncMode=”false” supportExternalName=”false” supportPaging=”false” supportSorting=”false” supportTransactions=”false” supportChangeLog=”none”certificateFilter=”” certificateMapMode=”exactdn” ldapServerType=”DOMINO” translateRDN=”false”>

<config:baseEntries name=””/>

<config:loginProperties>uid</config:loginProperties>

<config:loginProperties>mail</config:loginProperties>

<config:loginProperties>cn</config:loginProperties>

<config:ldapServerConfiguration primaryServerQueryTimeInterval=”15″ returnToPrimaryServer=”true” sslConfiguration=””>

<config:ldapServers authentication=”simple” bindDN=”ldapaccess” bindPassword=”{xor}Dz4sLCgwLTtubWx+”

connectionPool=”false” connectTimeout=”20″ derefAliases=”always” referal=”ignore” sslEnabled=”false”>

<config:connections host=”ldap.intranet.toalsys.com” port=”389″/>

</config:ldapServers>

</config:ldapServerConfiguration>

This shows the two entries I have in my environment:

  • The default file based repository identified by the ID <id=”InternalFileRepository”>
  • My Domino based LDAP repository identified by the ID <id=”TTrainDom01″>

Gotcha #1: User Name and Password is Open

This wimconfig.xml contains the user name and encoded password for the LDAP bind account. Note the choice of words … ENCODED, not ENCRYPTED.

If you want to know the password for my training LDAP account copy the encoded password above and go to this link by Andrew Jones: http://www.poweredbywebsphere.com/decoder.html (thanks Andrew, I send all my clients to your site for further info and learning!)

If his is a production environment I have now gained access to an account in your environment, possibly an account that has update/write rights to the LDAP directory ….. all by looking at one file. If you are like 99.9% of my clients you are compromised:

  1. SECURE YOUR SERVER, LOCK DOWN YOUR FILE SYSTEM
  2. DON’T USE ADMIN OR PERSONAL ACCOUNTS TO BIND TO LDAP
  3. DON’T RE-USE THE SAME PASSWORD FOR ALL YOUR ACCOUNTS

Sound obvious, doesn’t it?

 Gotcha #2: Rogue LDAP entries

If you have ever tried to change an LDAP directory, replace and entry in WebSphere you might have run into the issue that you suddenly can’t log into WebSphere anymore after you made the changes. Why? Well, you need to understand that sometimes when you make changes, those old entries don’t disappear totally – they are left behind and impact you.

Remember the part about FEDERATED above? If not ALL directory entries here (in this file, not what shows in the IBM Console) are accessible and functioning, then the federated directory that you are trying to access will not work and you cannot authenticate. It is the Three Musketeer principle: “All for One, One for All”

Gotcha #3:

Some changes can’t be made in the interface. I had a client that mistakenly entered an LDAP directory as Microsoft AD but it was Domino. They tries to clean it up in this file but it still was not working and they could not log in ….. well, the wimconfig.xml contains allot of directory type specific settings which are set by the type: <ldapServerType=”DOMINO” > .. My advice is to remove the incorrect entry and enter a NEW entry at the same time and then make sure the old incorrect one is gone from the wimconfig.xml. DO NOT manually try to clean this up (other than remove the entry) as you might end up destroying the wimconfig.xml and making your environment unusable.

Remember Dr. Vic’s rule #2 above? Make back-ups before any changes to WebSphere security settings.