IBM Connections – Michael Sampson’s State of Market Whitepaper


I have met Michael Sampson several times in person over the last few years, I have most of his books and actually suggest them as required reading to clients of mine, sometimes even buying them as gifts to make sure they actually get read. I don’t go as far as testing them on content and make them write essays, but I do discuss the books with them.

Michael just posted a VERY interesting new document that I suggest as an absolute required reading to anybody involved in “social in the enterprise”, and whereas the whitepaper (my title for it, not his) deals with IBM Connections, I do believe that you can extrapolate allot of trends to other products in the same general realm.

I have been pondering the content for the last day (he only posted it yesterday) but the one thing that stands out to me is the realization that after the initial sales surge of IBM Connections, it has started to attract a different type of client as of late. Michael mentions this is some of his findings as a possibility and frankly it meshes with what I see. The types of client I encounter now are quite different from the clients I first met when I started to work on IBM Connections 6 years back.

Size does matter and makes an impact, most of my clients now are in general smaller in user size and are more diverse in terms of the industry / business they conduct. I also do see a different attitude in terms of why they decide to purchase the product and what their goals are for adoption and what they want to “get out of it”. I also see some of the older (=previous) clients come back wanting to find if they can’t further improve their somewhat stagnant adoption and find ways to use IBM Connections in more parts of their company.

I really urge everybody to read the document and pick up all the really great insights you can gain from it. And, as always, I also urge you to buy Michael’s books , they are very educating (I don’t make a dime on commissions – ore whatever currency they have in New Zealand). And, if you are not already, follow his blog – good content!

 

SPNEGO: Map SPNs and Create Combined Keytab Files In One Step


I have been wanting to blog about my SPNEGO install guide for a while but have been just a bit busy lately (my usual excuse). However, I just had to help a client setup SPNEGO for their IBM Connections environment so I decided the time for procrastination is over.

 

If you look at the IBM documentation, the process to create the SPNEGO keytab files and mapping the correct URLs and Fully Qualified Hostnames of servers to the AD account is rather onerous. IBM documentation will have you create separate keytab files for each url/FQHN that you want to include in the SPNEGO config and then merge them. For the normal user that is setting up SPNEGO for the fist time that is painful indeed and confusing. My process below does it all in one step (one step per URL/fqhn) and adds all the settings to ONE keytab file. I am usually done in 5 minutes and then create the config file using wsadmin commands and am up and running in SPNEGO in under an hour.

Note: all commands below have to happen ON AN AD DOMAIN CONTROLLER, running them on your workstation will not work.

 

Environment / Variables:

  • SPNEGOAD account: SPNEGOAccount@DOMAIN.COM – domain\SPNEGOAccount
  • Server FQHN: serverfqhn1.example.com, serverfqhn2.example.com, serverfqhn3.example.com, etc.
  • Connections URL (c-record): connections.example.com



Check Current SPN mappings for SPNEGO AD Account:

  • setspn -l SPNEGOAccount
    (review output)


Step 2: Add SPN mapping to SPNEGOAccount
 and create Keytab files

[setspn -s] or [setspn -a] could be used just to add/map the SPNs to the account, but this does not create the keytab files.

  • setspn -s HTTP/servernew.example.com SPNEGOAccount
  • setspn -s HTTP/newsite.example.com SPNEGOAccount

 

Run commands to create a SINGLE keytab file AND map accounts at the same time:

  • ktpass -princ HTTP/servernew.example.com@example.com -ptype KRB5_NT_PRINCIPAL -mapUser SPNEGOAccount -mapOp set -pass password1A -in C:\Temp\KRB\krb5.keytab-out C:\Temp\KRB\krb5.keytab
  • ktpass -princ HTTP/newsite.example.com@example.com -ptype KRB5_NT_PRINCIPAL -mapUser SPNEGOAccount -mapOp add -pass password1A -in C:\Temp\KRB\krb5.keytab -out C:\Temp\KRB\krb5.keytab

 

Note: the first command has the command [set], all the following commands (one for each url/fqhn you want to add) has the command [add]. If you do not use the [add] command, each of your subsequent commands will override your previous one, leaving your AD account with only one fqhn/URL mapped to it. THIS IS IMPORTANT!
Check whether the SPNS are all correct:

  • setspn -l SPNEGOAccount
    (get output and show it has mappings)
  • ldifde -f c:\temp\new-output1.txt -r “(servicePrincipalName=HTTP/ serverfqhn1.example.com)”
  • ldifde -f c:\temp\new-output2.txt -r “(servicePrincipalName=HTTP/connections.example.com)”
    (Get output files and review)

 

 

Some Gotchas

Which  URLs/c-records and server FQHNs to map:

I map EVERYTHING. The main reason is that often your C-record for the site (our example connections.example.com) will point to the fqhn of a server or a load balancing device. In that case you need BOTH of them mapped. I mal all webservers/HIS, WAS servers and (if existing) the LB address (this s usually overkill and not necessary … but paranoia pays off sometimes).

Command errors:

Depending you your AD forest, the above ktpass command might need the AD account your are mapping to either in the [ACCOUNTNAME@DOMAIN.COM] format or [DOMAIN\ACCOUNTNAME] format. You will see the error right away when you run it for the first time.

SPNEGO setting in WebSphere:

If you go by the IBM documentation (there is allot flying around) you will see they generally tell you to add the fqhn of the Deployment Manager as the HOSTNAME in SPNEGO. Keep in mind that works for them because generally they testers tend to work with single server test installs where ALL the systems run on one server and the Dmgr is also the HIS server and often they don’t bother to change the URL for the Connections setup. What you need in there is the C-Record your users will be putting into their browsers to get to Connections in in our example connections.example.com. Should the C-record point to the FQHN of a web server then you could input that address as well. That is why I generally map EVERYTHING, that way you have maximum flexibility should you need to finagle with your architecture and move functionality around.

Oops, you forgot something …

If you suddenly notice you have to add servers to the SPNEGO setup (maybe you are migrating) – DO NOT ADD MORE MAPPINGS TO THE SPNEGO AD ACCOUNT. That will invalidate the existing keytab files and you will have a n SSO outage. To add additional files you have to stop all WebSphere servers involved , add the mappings with the ktpass command using the [ADD] variable and use the existing keytab file from one of your WebSphere servers. Then recreate the config file using wsdmin and replace the old keytab files with the new one.

Connections Certified – Finally!


As if yesterday I am now finally IBM Connections certified:

cert

I had had just no time previously but here at Connect the certification tests are all free for participants so I went for it – and past! It was about time too, having worked with Connections for the last 6 years not having a certification just seemed strange. I do not test well (my dyslexia makes it hard for me) but I guess doing all these crazy IBM Connections projects finally paid off.

Yippie!

2014 – What is waiting at the starting line for this year?


Since I finally got back to my bog and wrote a short / brief “2013-in-a-nutshell” post, I thought it might be time to also look ahead. There is allot hat I am working on, here the short list:

 

Connect2014

Yes, I mentioned I am going and what my (not very short) list of must-see presentations are. The other reason I like to go is that is a great time to talk to vendors and colleagues to see where the market and technology is going and what clients are (likely/maybe/hopefully) looking for for the future. It is not just fun and golf – even if my wife thinks otherwise.

Connections Training

I speak frequently at LUGS and seminars on IBM Connections administration, that goes hand-in-hand with the Connections training that I offer as part of my business. This last year has seen allot of one-on-one / one-on-many training where I make the whole Connections install a training seminar for the client where they learn not only how to install but how to document, what decisions they need to think of ahead of time and then how to think ahead to production / operations. I also do class-room hands-on training where I bring in a VM environment and the participants get hands-on and get to break it and repair it. When necessary I actually created “broken” snapshots that I have them fix. Hands-on is the only way to go really

For 2014 I am thinking slightly larger …. I am partnering with a good friend of mine to munch off his good reputation and experience … ;) there will be some more detailed announcements on this later in the 1st quarter. for right now it is still  “Pssssst .. it’s a secret

Technology Trends

Over the last few years I have seen a big uptick in my IBM Connections business and a decline in Domino work. Not because I think Domino itself is declining but because the base knowledge in the market place out there is good and clients see less need in bringing in outside talent – upgrades and migrations yes – or integration work with other systems but not really for basic Domino operations.

Recently I also see a large uptick in Sametime inquiries – ST9 is making allot of clients thinking of upgrades and they want help. Also, they want ST to integrate with more – video, telephony, awareness in every other system they can get it to work in … ST9 looks good for me and I like the changes and (some of) the simplifications in the product – and I think that the licensing changes that IBM put into place will drive allot more adoption.

International Work

I also see an uptick in my “international” work. Whereas my focus used to be 99% North America I do get more inquiries for Europe and Asia … I speak several languages which helps but that is not the real reason, I just guess this internet thing really makes the world smaller and brings us closer in many different ways. Now, if I could just somehow get an app that does something about time zones and jet lag …..

 

 

I am curious to talk to my colleagues out there and see what the technology barometer is showing them – that is one of the reasons I always try to attend Connect (LotusPhere) – but for now all I can say is that 2014 looks good!

Preparing for Connect2014 – My preliminary list of must-attend sessions


Going to LotusPhere Connect2014 again, and really looking forward to it. I just went onto the Connect2014 website and made a listing of all the sessions I am interested in … turns out that I have to find a way to clone myself so I can see all 37 of them ….

As to be expected most of the sessions i am trying to cram in are around IBM Connections and Sametime – though I admit that I put more emphasis on Connections since I do allot of Connections work. I am really interested in some of the sessions that deal with Connections administration since a large part of my business is actually not just to install and configure but admin training for individuals and groups. I am always interested in what others do or how they approach problems – there is yet so much for me to learn, no matter how long I have been doing this already!

Here a highlight of a few sessions I really am looking forward to:

  • AD305 : IBM Sametime iWidgets: Extending Connections’ Use of Sametime
  • ID404 : Pushing the Borders – Extending and Customizing IBM Connections
  • ID403 : Social and Content – Better Together with IBM Connections Content Manager
  • ID605 : Make Your Microsoft Stack Social with IBM Connections
  • BP307 : Practical Solutions for Connections Administrators – Tips and Scripts for Your Daily Business (you really need to see this one!)
  • BP304 : What We Wish We Had Known: Becoming an IBM Connections Administrator (The British/Irish Invasion …. should be good!)
  • JMP201 : What’s New in IBM Connections Administration and Configuration
  • ID301 : IBM Sametime 9 Voice and Video: The Value Today and the Roadmap for Tomorrow
  • JMP204 : IBM Sametime 9 Deployment Workshop (this will be good, Wes Morgan is always a good for an interesting session) 
  • SHOW400 : IBM Sametime 9.0 Media Components on Linux for the Windows Administrator

All these great Jumpstart sessions will really screw my weekend up … but I guess there is no way past them! There are many more sessions, I just can’t list them all right now. I hope they don’t clash to badly schedule-wise or force me to do sprint from one side of the place to the other in 5 minutes ….

What sessions will you guys be attending?

 

 

 

 

 

Social Connections V – StarWars all over again?


If you are reading this you are social and somehow are involved with the whole IBM software stack relationship social thingamajig or another …. So, unless you live under a rock you have heard of the – very successful – SOCIAL CONNECTIONS shindig that happens on a regular basis and is instigated (among several other, very hardworking individuals) Stuart McIntyre.

In spite of being the model of British reserve and gentleman-ship, Stuart is well know and renowned for his strength in the “the Social Stuff”, or as we like to say – the FORCE is strong in him . . .

Social Connections V is coming up this June and somehow I managed to weasel my way into it and am speaking this year. Thank God Stuart chose the neutral country of Switzerland to host it, that way my antics are unlikely to break up the European Union (it is not a member), set off a minor border conflict (nobody messes with the Swiss) or cause a rise in sea levels (no ocean, but they do have part of the Alps).

Here is a link that the very kindhearted and capable Femke Goedhart tweeted earlier today with a sneak peek of what is in store. Personally, I think most people will come of the Swiss chocolate, the alphorn blues band that will be playing in the lobby and lederhosen that Stuart is planning to wear in celebration of his newly discovered Swiss ancestor who is distantly related to Wilhelm Tell. It is a fascinating story that he is sure to recant to you if you just prod his modesty enough – he is quite shy about his fame as we all know. I also surmise that Tim Clark might have an interesting tidbit or two to share and with Gab “No Problem” Davis around there will be enough interesting content to cover for the fact that my session will be dealing with the finer points of Swiss Cheese Fondue . . .

So, if you think you are interested …. and have the time to watch all the amazed/shocked Swiss who will be gather around the hotel to stare at us in wonder – you should attend … even if it is only to hear hear Gab say “Not a Problem!” in that droll accent of her’s ….

PS: if you are wondering why I mentioned StarWars in the title – no reason other than the big Roman Numeral “V” in the title and that I turn green and shriveled like Yoda when I drink green beer on St. Paddy’s day . . . Switzerland will never be the same after this. I pity the Swiss, really . .

Technote: Connections iFix / CR installation problems


Just a quick one:

IBM Failed to perform extraction error when applying CR or iFixes to IBM Connections 4.0 – United States.

 

This technote just came through and I thought it was rather timely since I was battling this very scenario with one off the test/DEV environments at my current client a short while ago.

If you read the document you will see that it mentions “if the shared files space has changed” but there is another scenario under which this can happen (though related) and deinstal and subsequent re-install of features or the whole application – especially if you switch between a root and non-root install in AIX/Linux.

The details on what files to review/update are in the technote above and I suggest to anybody who has ever had an iFix or CR not go quite as they wanted to review the settings and file this nifty technote away in their little “I know this” storage space for future reference.