IBM Connections – Michael Sampson’s State of Market Whitepaper


I have met Michael Sampson several times in person over the last few years, I have most of his books and actually suggest them as required reading to clients of mine, sometimes even buying them as gifts to make sure they actually get read. I don’t go as far as testing them on content and make them write essays, but I do discuss the books with them.

Michael just posted a VERY interesting new document that I suggest as an absolute required reading to anybody involved in “social in the enterprise”, and whereas the whitepaper (my title for it, not his) deals with IBM Connections, I do believe that you can extrapolate allot of trends to other products in the same general realm.

I have been pondering the content for the last day (he only posted it yesterday) but the one thing that stands out to me is the realization that after the initial sales surge of IBM Connections, it has started to attract a different type of client as of late. Michael mentions this is some of his findings as a possibility and frankly it meshes with what I see. The types of client I encounter now are quite different from the clients I first met when I started to work on IBM Connections 6 years back.

Size does matter and makes an impact, most of my clients now are in general smaller in user size and are more diverse in terms of the industry / business they conduct. I also do see a different attitude in terms of why they decide to purchase the product and what their goals are for adoption and what they want to “get out of it”. I also see some of the older (=previous) clients come back wanting to find if they can’t further improve their somewhat stagnant adoption and find ways to use IBM Connections in more parts of their company.

I really urge everybody to read the document and pick up all the really great insights you can gain from it. And, as always, I also urge you to buy Michael’s books , they are very educating (I don’t make a dime on commissions – ore whatever currency they have in New Zealand). And, if you are not already, follow his blog – good content!

 

SPNEGO: Map SPNs and Create Combined Keytab Files In One Step


I have been wanting to blog about my SPNEGO install guide for a while but have been just a bit busy lately (my usual excuse). However, I just had to help a client setup SPNEGO for their IBM Connections environment so I decided the time for procrastination is over.

 

If you look at the IBM documentation, the process to create the SPNEGO keytab files and mapping the correct URLs and Fully Qualified Hostnames of servers to the AD account is rather onerous. IBM documentation will have you create separate keytab files for each url/FQHN that you want to include in the SPNEGO config and then merge them. For the normal user that is setting up SPNEGO for the fist time that is painful indeed and confusing. My process below does it all in one step (one step per URL/fqhn) and adds all the settings to ONE keytab file. I am usually done in 5 minutes and then create the config file using wsadmin commands and am up and running in SPNEGO in under an hour.

Note: all commands below have to happen ON AN AD DOMAIN CONTROLLER, running them on your workstation will not work.

 

Environment / Variables:

  • SPNEGOAD account: SPNEGOAccount@DOMAIN.COM – domain\SPNEGOAccount
  • Server FQHN: serverfqhn1.example.com, serverfqhn2.example.com, serverfqhn3.example.com, etc.
  • Connections URL (c-record): connections.example.com



Check Current SPN mappings for SPNEGO AD Account:

  • setspn -l SPNEGOAccount
    (review output)


Step 2: Add SPN mapping to SPNEGOAccount
 and create Keytab files

[setspn -s] or [setspn -a] could be used just to add/map the SPNs to the account, but this does not create the keytab files.

  • setspn -s HTTP/servernew.example.com SPNEGOAccount
  • setspn -s HTTP/newsite.example.com SPNEGOAccount

 

Run commands to create a SINGLE keytab file AND map accounts at the same time:

  • ktpass -princ HTTP/servernew.example.com@example.com -ptype KRB5_NT_PRINCIPAL -mapUser SPNEGOAccount -mapOp set -pass password1A -in C:\Temp\KRB\krb5.keytab-out C:\Temp\KRB\krb5.keytab
  • ktpass -princ HTTP/newsite.example.com@example.com -ptype KRB5_NT_PRINCIPAL -mapUser SPNEGOAccount -mapOp add -pass password1A -in C:\Temp\KRB\krb5.keytab -out C:\Temp\KRB\krb5.keytab

 

Note: the first command has the command [set], all the following commands (one for each url/fqhn you want to add) has the command [add]. If you do not use the [add] command, each of your subsequent commands will override your previous one, leaving your AD account with only one fqhn/URL mapped to it. THIS IS IMPORTANT!
Check whether the SPNS are all correct:

  • setspn -l SPNEGOAccount
    (get output and show it has mappings)
  • ldifde -f c:\temp\new-output1.txt -r “(servicePrincipalName=HTTP/ serverfqhn1.example.com)”
  • ldifde -f c:\temp\new-output2.txt -r “(servicePrincipalName=HTTP/connections.example.com)”
    (Get output files and review)

 

 

Some Gotchas

Which  URLs/c-records and server FQHNs to map:

I map EVERYTHING. The main reason is that often your C-record for the site (our example connections.example.com) will point to the fqhn of a server or a load balancing device. In that case you need BOTH of them mapped. I mal all webservers/HIS, WAS servers and (if existing) the LB address (this s usually overkill and not necessary … but paranoia pays off sometimes).

Command errors:

Depending you your AD forest, the above ktpass command might need the AD account your are mapping to either in the [ACCOUNTNAME@DOMAIN.COM] format or [DOMAIN\ACCOUNTNAME] format. You will see the error right away when you run it for the first time.

SPNEGO setting in WebSphere:

If you go by the IBM documentation (there is allot flying around) you will see they generally tell you to add the fqhn of the Deployment Manager as the HOSTNAME in SPNEGO. Keep in mind that works for them because generally they testers tend to work with single server test installs where ALL the systems run on one server and the Dmgr is also the HIS server and often they don’t bother to change the URL for the Connections setup. What you need in there is the C-Record your users will be putting into their browsers to get to Connections in in our example connections.example.com. Should the C-record point to the FQHN of a web server then you could input that address as well. That is why I generally map EVERYTHING, that way you have maximum flexibility should you need to finagle with your architecture and move functionality around.

Oops, you forgot something …

If you suddenly notice you have to add servers to the SPNEGO setup (maybe you are migrating) – DO NOT ADD MORE MAPPINGS TO THE SPNEGO AD ACCOUNT. That will invalidate the existing keytab files and you will have a n SSO outage. To add additional files you have to stop all WebSphere servers involved , add the mappings with the ktpass command using the [ADD] variable and use the existing keytab file from one of your WebSphere servers. Then recreate the config file using wsdmin and replace the old keytab files with the new one.

Announcing the MWLUG 2014 Outreach Program Recipient – Kid’s Food Basket


MWLUG 2014 Banner

Announcing the MWLUG 2014 Outreach Program Recipient – Kid’s Food Basket

As many of you know MWLUG is not just about building knowledge of IBM solutions and networking with our fellow ICS community members, it is about being part of the community. This is one of the reason we move MWLUG from city to city. It is about getting to know your local community whether it is in your town or a different town.

Each year we have a fundraising drive for a local community organization in particular a local food bank. This year with the help of Devin Olson our boots on the ground, we have selected Kid’s Food Basket as our MWLUG 2014 Community Outreach Program Recipient. We will be raffling off a weekend stay at the Amway Grand Plaza Hotel as the grand prize along with signed copies of Virgil Westdale’s book.

Please take the opportunity to help feed the needy kids in Western Michigan. Each raffle ticket is $10 and you can buy them at the registration desk starting Thursday morning. We will announce the winners on just after the Speed Sponsoring on Thursday afternoon. We can no longer use Eventbrite for the raffle so please bring exact change. For ever $1 we raise we will provide 5 meals to kids.

Kid’s Food Basket

One in four children experience hunger in West Michigan. Kids’ Food Basket is a force for attacking childhood hunger, ensuring that lunch is not the last meal of the day for over 6,000 kids at 32 schools in Grand Rapids and Muskegon. Sack Suppers are well-rounded evening meals that provide nutrition critical to the development of the brain and body.

To learn more go to: http://kidsfoodbasket.org

MWLUG 2014 will be one of the best conferences that we have ever had and marks the sixth year in providing one of the best ICS user group conference. This year, MWLUG will be held in the heart of downtown Grand Rapids, Michigan at the Amway Grand Plaza Hotel. Here are the highlights of this year’s conference:

  • 44 sessions and workshops in 5 topics areas:
    • Application Development
    • Best Practices and Customer Business Cases
    • Mobility and Web Security
    • Open Source with ICS
    • System Administration
  • 3 BOF user group sessions
  • Wednesday visit to the Gerald Ford Library and Museum
  • Thursday Evening Social Event at Founders Brewing Co
  • Wednesday Evening Exhibitor Showcase Reception
  • OGS Guest Speaker, Virgil Westdale
  • OGS IBM Speaker, Kramer Reeves
  • Book Signing withVirgil Westdale
  • For Cyclist, Saturday MWLUG 2014 Bike Ride
  • Breakfast and Lunch for two days

The Amway Grand Plaza Hotel has been gracious enough to extend the discount to all attendees as long as there are still rooms available in the hotel.

To see the sessions and speakers for MWLUG 2014 go to: http://www.mwlug.com/mwlug/mwlug2014.nsf/Sessions.xsp

MWLUG 2014 is make possible by the generous MWLUG 2014 sponsors whom not only pay for the majority of the cost for MWLUG 2014, but also donate their time in organizing and providing technical sessions on critical topics that are important to our ICS community.

The $50 MWLUG donation provide you:

  • Over 40 technical sessions and workshops
  • Breakfast and Lunch for Thursday and Friday
  • Wednesday Evening Showcase Reception that include drinks and hors d’oeuvres
  • Thursday Evening Social Event
  • Networking with your colleagues in the ICS community
  • And a whole lot more

MWLUG 2014 Registration

Registration Link: http://www.mwlug.com/mwlug/mwlug2014.nsf/Register.xsp

We have made special arrangements with the Amyway Grand Plaza Hotel on a special MWLUG discount rate of $129.00/night.

To register for the Amway Grand Plaza Hotel go to: http://mwlug.com/mwlug/mwlug2014.nsf/Hotel.xsp

So don’t wait and miss this opportunity to attend one of the best ICS user group conferences this year.

Amway Grand Plaza Hotel

 

Amway Grand Plaza Hotel
Grand Rapids, Michigan

MWLUG 2014 will be held at the historic Amway Grand Plaza on August 27-29, 2014. The Amway Grand Plaza was built in 1913 and in 1925 was rated as “One of the Ten Finest Hotels in America”.

Got my latest Certification: IBM Certified Associate – Social Software and Unified Communications


Just got my latest certification … I will probably do a few more soon. Nice to get this email in your in-box:

 

From: “IBM Certification Program” <ibmcert>

Date: Aug 5, 2014 7:06 PM
Subject: IBM Certified Associate – Social Software and Unified Communications
To: <victor>
Cc:

Dear Victor Toal,

Certification: IBM Certified Associate – Social Software and Unified Communications
CandidateTesting ID: xxxxxxx

Congratulations on achieving your certification and welcome to the world of IBM Collaboration Solutions certifications! Your commitment to increasing your expertise and knowledge with IBM Collaboration Solutions technology is an asset to you and your customers. The Professional Certification Program from IBM distinguishes professionals in the IT community as experts in leading-edge technology.

Your certificate is attached below, in .PDF file format. You can view your certificate, using Adobe Acrobat Reader V6.0 or higher, and print it on any high quality color printer.

Please remember to access services at the IBM Certification Member Site Information:
– select “Request e-Certificate ” to request all your certificates
– select “Account Services” to update demographics, email address, and request transcripts
– select “Member eStore” to order premium certificates and wallet cards
– select “Entitled Resources” to obtain your certification marks

 

IBM_COLLABORATION_SOLUTIONS__119

Announcing MWLUG 2014 Sessions and Workshops


Looks like yours truly is speaking at MWLug again. It is always a quality event with good speakers and allot of people to learn from. This year it is in Michigan and I am looking forward to it as i have never visited that state yet. Hopefully the good people of Grand Rapids will let me in and not turn me back at the airport or pro-actively throw me into the slammer.

My presentation is called:

"IBM Connections Migration – Review your WebSphere security and then use all these great tricks for your successful Connections Migration"

I admit it, the title is almost as long as if IBM had come up with it …. but what I want to talk about is how you can take a migration and use it as an opportunity to review – and hopefully – improve your systems security. I do allot of systems reviews and evaluations and the security settings are often just frightening. After the whole security issues I will talk about all those small and large issues with migrations that you are likely to run into. All in all .. it will be fun and I want to keep it hands on with allot of live stuff. Who knows .. maybe I will let the audience try and hack into the system …. ;)

MWLUG 2014 Banner

Announcing MWLUG 2014 Sessions and Speakers

We are please to announce the sessions and workshops for MWLUG 2014. We have 43 sessions and workshops for this event for a total of 47 hours of technical and business sessions covering.

  • Application Development
  • Best Practices and Customer Business Cases
  • Mobility and Web Security
  • Open Source with ICS
  • System Administration

To see the sessions and speakers for MWLUG 2014 go to: http://www.mwlug.com/mwlug/mwlug2014.nsf/Sessions.xsp

This year MWLUG celebrates its 6th anniversary in providing our ICS community a first-class conference to network and share our knowledge in collaboration technology. This year, MWLUG will be held in the heart of downtown Grand Rapids, Michigan at the Amway Grand Plaza Hotel.

MLWUG 2014 is make possible by the generous MWLUG 2014 sponsors whom not only pay for the majority of the cost for MWLUG 2014, but also donate their time in organizing and providing technical sessions on critical topics that are important to our ICS community.

The $50 MWLUG donation provide you:

  • Over 40 technical sessions and workshops
  • Breakfast and Lunch for Thursday and Friday
  • Wednesday Evening Showcase Reception that include drinks and hors d’oeuvres
  • Thursday Evening Social Event
  • Networking with your colleagues in the ICS community
  • And a whole lot more

MWLUG 2014 Registration

Registration Link: http://www.mwlug.com/mwlug/mwlug2014.nsf/Register.xsp

We have made special arrangements with the Amyway Grand Plaza Hotel on a special MWLUG discount rate of $129.00/night.

To register for the Amway Grand Plaza Hotel go to: http://mwlug.com/mwlug/mwlug2014.nsf/Hotel.xsp

So don’t wait and miss this opportunity to attend one of the best ICS user group conferences this year.

Amway Grand Plaza Hotel

Amway Grand Plaza Hotel
Grand Rapids, Michigan

MWLUG 2014 will be held at the historic Amway Grand Plaza on August 27-29, 2014. The Amway Grand Plaza was built in 1913 and in 1925 was rated as "One of the Ten Finest Hotels in America".