Click on Create.
Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration
You can change Domino Server configuration even when Domino Server is still running. Our goal for discussing these topics is a basis for the discussion of Single Sign-On between Domino and WebSphere in the following section. Authentication involves verifying credentials. It is intended to be a way for the user to prove to the system who the user is, in a way that the system can be confident that the user is really who they say they are.
It does not imply any privileges that allow any action to be performed, but being authenticated means that the system knows who you are, and trusts that you are who you say you are. Generally, authentication means that the user presents some form of identification called credentials to the system, and the system validates those credentials against some authority, such as a directory or SSL keyring.
What credentials are required and what authority is used are dependent on the system, and how it has been set up. The credentials the user presents to the system may take several forms, and many systems allow customization that permits one or more of these to be used.. The first is something you know - like a userid and password. The user presents this information to the system, and the system looks it up in a registry to be sure that what you told it matches its records.
This is generally called "Basic Authentication". The downside is that it can be vulnerable to spying. Also, people forget their password, especially if they have a lot of them, or they write them down and hide them in places where they can be easily found, or they choose easy to remember passwords that can be guessed.
For those of you familiar with Domino, the Notes client uses a system like this - you have a Notres ID which is "unlocked" using a password. This may be less vulnerable to sharing, but can be lost. It also in many cases less convenient to the user, and more difficult to administer, and there's usually a hardware cost involved. Sounds like Star Trek stuff, but using biometrics for authentication is becoming reality for some highly security conscious organizations, and products are starting to become more generally available.
Using a physical characteristic such as a fingerprint or retina scan is much harder to forge, assuming the technology is good enough to prevent outright mistakes, but there are some privacy concerns here - do I really want to share my fingerprint with every system I want to talk to? And if someone needs my thumb to access the system, how desperate are they to get it? You may choose to implement Multiple-Factor Authentication, which is a way to add security by combining the methods above - but be careful it is not subverted.
Once credentials have been validated by the system, they are considered "authenticated credentials", and are then used as identification to the system to determine the ability to perform actions. You should be conscious of how these authenticated credentials flow across a network - if someone can pick them off, they can be used to impersonate one user by another. That is why you may want to use encryption over the network, and many systems allow the process of authentication to initiate an encrypted session.
Without a challenge, you are considered anonymous. Not extremely secure. May be done by facilities in the HTTP protocol or custom. This may be forced at the time authenication happens. If the system trusts whoever created the certificate, you are considered OK. Very secure if properly configured. Once you have authenticated for a realm, you are considered authenticated for everything within that realm.
When you go to another realm, you may have to authenticate again.
Understanding and Deploying LDAP Directory Services
In HTTP, by default, the browser remembers what credentials worked in what realm, and every time it talks to a server in that realm, it sends those credentials again in the header - not under the user's control. The only control is setting up what servers are in what realm. In Domino, you cannot set a realm to be larger than a single server. Before Domino R5, the realm in Domino consisted of the subdirectory and everything below it.
This means that if you first authenticated for a resource below the root, and then went up a level, you were asked to authenticate again. In R5, you can define the realm to be one or more subdirectories, but prior to Domino R5. This can cause problems when doing multiple servers for backup or load balancing and may require reauthentication. Until 5. Slightly more secure than basic authenication since the user name and password are encrypted and not transmitted in clear text. Web browser automatically returns a cookie to specified server or domain. Each Web server or application visited checks the cookie through its APIs.
When the user returns, the Domino server checks validity of the session id. User logout causes the session to be invalidated. The cookie is destroyed when browser closes and is only valid for the issuing server. Single server session authentication formerly "enabled" in Domino server document session id is kept on the server and not known by any other server. Also a Domino server reboot loses sessions. As of Domino R5.
Domino sends a login page may be customized in Domcfg. User enters name and password. User is redirected to page requested. When user requests another page, server checks cookie for validity expired, or max sessions reached , returns resource or requests for new logon. Security in WebSphere must be turned on globally - it's off by default. Because turning it on protects the WebSphere Administrative console, you have the potential of locking your self out, so take a backup before you turn it on - can use this to rebuild your system if needed.
Once you have turned global security on, you can override some defaults like realm and challenge type by application. The third party provides a "stamp of approval" kind of like a user listing , the assumption being that the third party did the research, so you don't have to. This token can be passed to any server that can understand it to prove that the user has been authenticated.
This is used with Single Sign-On. For basic challenge, must contain name and password. Name translation may occur.
- Berthas Big Brother - Karl-Geraet (60 & 54 cm) - The Super Heavy Self-Propelled Mortar;
- AS to LDAP - TechRepublic.
- Set LDAP search filters!
- Guide to Networking Essentials?
- Search Tips.
- Hostages (Barclay Family Adventure Ser., Bk. 5).
The name and password presented are compared to a directory. Name translation may occur - e. Just a reminder that a directory may contain more than one version of a user's name, user may present any of them, but usually a specific one becomes authenticated credential for the Domino Directory, it is the first value in User Name field. It is important to remember that LDAP is not a directory or server. In another words, if you have LDAP capabilities, it does not mean that you have a directory. LDAP was originally developed to be a front-end to the X.
To reduce the amount of code required to run on the user's workstation they could have either taken away functions from the X directory or develop a directory front-end to fit on user's workstations. There choice was to design a directory front-end. The front-end design point was to access 90 percent of the X. They were actually successful at doing this via the LDAP code. It was successful enough that it was decided that they should not require the overhead and complexities of X.
That is when they made the lightweight front-end into its own protocol for accessing multiple kinds of directories instead of a front-end to the X. The protocol defines a standard way to search and manage entries in a directory. There are other directory protocols on the market but one of the key reasons why LDAP is emerging as the internet standard is because it is an open protocol standard developed by the Internet Engineering Task Force IETF.
And they do have some influence because this is not the first protocol the IETF has established standards for. And they are considered to be a vendor neutral group. So it is a well established and respected group. LDAP standards provide for directory information to be queried and updated. This allows the directory to be active and flexible enough to change as the environment changes.
For example, in a banking environment a user's information could be updated if they qualified for a loan or opened an account.
Full text of "IBM iSeries Workshop / Manual"
Flowever, it should always be kept in mind that an LDAP directory is not a data base file that should be updated constantly or used as a file system. It is not a transaction-based service. Even though there are standards in the protocol to allow you to update a directory data base and store large objects in the directory, directories should be looked at more as read and search data base on user information that does not change constantly i.
Nor should it be considered to be a 'Do Everything' protocol. It should still be looked at as a front-end to a directory. The protocol standards are expanding to include more functions but it is not a replacement to X. LDAP standards provide for a rich set of capabilities. There is no need to purchase or install it separate from the Domino server. When you create a Domino server, the LDAP code will be automatically loaded at the same time as the rest of the server code is loaded. Even if you do not indicate that you will be using LDAP.
The Dorn 4. However, Domino 5. So if it is part of the Domino Server code how do you get it to run. LDAP services can be started automatically when the Domino server is started or it can be started manually after the Domino server has been started. However, in most cases the Domino server will has already been installed you can simply edit the Notes.
Plan to spend some time on this Chapter so that you can understand LDAP and make it function the way you want it to. It is easy to start but it takes some time and effort to make it work efficiently. If the Web client is to access a data base that requires more than anonymous access, the user must be in the Domino's directory and given ACL authorization to the data base just like a Lotus Notes user. In an environment where a customer has their users already in the Domino's directory for e-mail purposes it is highly unlikely that they will not want to create another directory with the same data in it.
Even if you promise them an easy way to take information out of a Domino directory to input to the new directory. Nor will they be excited about keeping multiple directories current and in-synch. So being able to use LDAP services on an existing Domino directory to authenticate Web clients would be a major advantage for this customer.
And the customer wants to authenticate the users via user name and password. We are going to also make the assumptions that all the Domino servers are located in one Domain, there are no non-Domino directories being used to authenticate users, and the web users are already in the Domino directory. For your reference purposes, I have created a bulleted description of the steps and then the following foils show you screen captures of the bulleted information. In this environment, there are no real changes to LDAP defaults to make this work.
We do have to make sure that we have a user defined in the Domino directory on the server running LDAP that has a internet password. This id will be used during the set-up of WebSphere. In this scenario we created the userid TOO Web. All directory server configuration tasks are performed using Operations Navigator.
Be sure not to include the Domino server name. By selecting Basic it will prompt the user for their User Name and Password and validate them against a directory entry for the user. To do this initialization, it must use a user that has an entry in the directory. If using Domino, this user must have an internet password.
This screens are shown on the following four pages. What is Single Sign On? Basically, most people are trying to minimize both the number of userids and passwords that need to be remembered, and the number of times that the user is asked for this information, while maintaining an acceptable level of security. And administrators are trying to minimize the amount of work it takes to coordinate and manage the policy. This is accomplished by configuring Domino servers and WebSphere application servers to share authentication information between the servers.
Anda fully qualified server name is only way a Web browser knows what cookies to send. IBM is launching a free limited version as well as a paid professional version. I walked through thr account creation process and it was as easy as filling out 5 lines and then I had a full 30 day trial.
After the 30 days I could pay for pro or keep using the free version I will see how this works in 30 days. You simply grab the widget from the public catalog or download from the below linked posts. You can also expand this even further by grabbing the plug-in Julian, of SNAPPS, created joining his search bar and the widget together. If you don't understand what it offers, here is a quick description: The custom blogger search is based on the Google CSE and now includes over Lotus related blogs, wikis and technical sites. It only searches these sites for speed and web search efficiency.
You can further trim searches down by the categories that are being built such as Sametime and webcasts. This allows you to find information quickly you know you read on some blog at some point. PlanetLotus can handle recent lookups, but going further back in the archives is an issue, mainly if they were around before being added. If you have any questions, please leave a comment. You will get the update as soon as it is posted.
Then watch it on the road, your iPad and more. There is always the simple RSS feed as well. The paper simplifies the following areas: History Functionality Troubleshooting So how do you get your hands on this right away? Subscribe to the IdoNotes newsletter make sure you select that group as one of your choices in the upper right corner of this blog.
Within 24 hours you get a welcome email with the link to the whitepaper and notices on the upcoming ones as well. From then on stay subscribed to keep up to date with the latest commentary only newsletter readers get to see. With an impressive fixes to date in the database, this proves to be an incredible feature and fix release for the Domino codestream. That can be fine for simple applications in uncomplicated environments, but what happens when the feature requests get more and more complex?
Come hear about different techniques for managing Lotus and Domino application deployment and how to get beyond deploy-and-pray! With the pending launch of their upcoming book on this very topic, follow along as they take you down the path of what a user sees in your environment and how to better think like them when deploying features and functions. You can always watch the replay online after the event, but then you only get to see virtual "Bag O' Schwag". There are a few slots left to attend really just a few for some of the best tips to utilize TDI in your dev planning..
Join Marie Scott and Thomas Duff as they introduce you to the fundamentals of Tivoli Directory Integrator and then show you how you can set up your own TDI jobs to take your data synchronization requirements to the next level. It is now updated with all the Lotus blogs I could find. I built a Google Custom Search Engine to weed out sites that try to use keywords to draw some of the search focus away. This way we can quickly sort through all of the blogger and technical Lotus content with a narrow focus of a half a thousand sites.
You will always find this engine in the search section on the right side of my IdoNotes blog homepage. I went ahead an embedded it in this posting as well for you to start using and sharing. If you or any site is missing, the index is building still. If by Monday you do not show, ping or email me and I can quickly verify with some filtering. This is great for admins and managers alike to see how to compare and what the differences are.
It also has it's own RSS feed for you to keep up to date with all the new dates. Too many to list. I did not see a view for the overall top postings, so I wanted to see the top from each of the below. Also, it seems it did not go all the way back in for each blogger based on how much they post, not sure oh what the history retention is. Peter Presnell Notes 8. It's not who you think. Here is a presentation that covers most of what is new Arne Nielsen Lotus knows where to find a good screensaver for you!
John Head Notes 8. You can ask sales, strategy and technical questions. Once the question is answered, you are promptly notified by e-mail. You must search first befire you can submit any question, which actually make sense. Acronym lookups are available to help in understanding what you are searching for or what they are requiring. I hope I didn't forget to mention: Some eligibility criteria apply. It works, right out of the box folks. Set up transaction logging make the ODS in 8. Here is the good news many people are missing. It is not shared mail in any way.
DId I say any database? Yes, discussions, and soon I would think Quickr. While it is strictly a command line interface, it only took them a couple days of downtime to create this. There are images of it in action on the website. Basically manipulate the buddylist how you see fit. I would like to see this with a pretty UI wrapped around by someone, but I will take this awesome toolset as is for now.
The install was simple. I chose to place it on my Sametime server directly for testing. You can install on another machine, but then you need to trust the IP of that machine in stconfig. I skipped that for testing. Large amounts of processing will take time, of course. But i was quite fast and the results are immediate. Here is the real kicker to the whole thing. The tool can run while the server is up and the user is logged in.
No downtime Carl and his team at Epilio went as far as to create an actual manual with screenshots that can be found right here. Amazing job and a welcome toolset for my team. Before I list them, here is the issue and warning: I need you to create these in one of two ways: 1. One of the below sites I visited today gives specific instructions on how to change the client to allow remote site updates.
Unfortunately, policies will revert and disable this for all the users. By providing me with one of the 2 options above, I can guarantee my users will get the plug-in and I can control distribution, security and resigning. I also do not allow them to go to outside update sites from those that I specifically list in my configurations.
I really want them to use your apps, but it has to be controlled on this end. If you need help in building a site, let me know. I can easily assist. Unfortunately that is now a requirement for your site to work, Lotus broke plug-in control and I won't allow foreign widgets that pull sites either and no one else should. Good comment John. What you find is amazing sometimes. Here is some excerpts. I have my scans set to email me daily.. Oh Joy There is something worse than Outlook. Lotus Notes! So what you find is people that have either bad installs or badly managed environments.
You could go on for days reading these as they come across but I thought others might find it interesting. You can also expand this and make more scans for your company name, product or even yourself. The process is broken. I was prompted to write this after the article on DominoBlog. I love the template and the guy that write it hey to TG on amazing work as usual. I am only talking about the process by which the client uses this template.
Instead of using policies in Notes 8 to force clients to see an update site, they chose server configuration documents. Let me break down what is bad about that in a moment. Currently, most every admin will want to make sure the ability for clients to install their own stuff is turned off. Ok, that works. However, you must then place an update site link in the server configuration doc that the user never seems to see.
Why the heck didn't you use policies? The server configuration document has the global setting for both Smart Upgrade and then Provisioning, but the Desktop settings policy only has Smart Upgrade as shown here: So what is expected is that each user will hit the server and see the server configuration document. This in turn will somehow get them the provisioning database or site. Well this opens another can of worms.
We teach and implement multiple places to reduce the extreme number of server configuration documents and to simplify. But if I want users on different home servers to hit alternate update sites only, then I have to go back and create multiple server configuration documents.
Conflicts terribly. The site update database was built with replication in mind. I can create it once, push it out all over and have users hit sites local to their area for performance. With a policy I would be all set. The real kicker here is that the client never seems to see this new setting and never gets the provision on a consistent basis. I have had one or two magically work, and others never work. All at the same server with the same version of client.
Today the Windows guys decide to upgrade to 8. With the machine it runs on being a dual processor with 3. So after everyone came on day shift and logged in as usual, the machine started grinding. Unfortunately, they want all the bells and whistles, but back to basic mode they have to do. The downside was that many of the Lotus Notes postings were negative. How about some more positive tweets?
If they happen to be able to know what to do when they see green, yellow and red, then this should be simple. From the words of one of our customers Lotus could not have made seeing quota limits any easier and for training users on new features in 8. Did both run Notes? That would have been easy with sharing of public keys and letting them encrypt until they couldn't breathe.
This was a Notes to another email package. So the theory was creating X. Then it hit me. Why are we going through so much work here? Their whole point was encrypting data between the Internet flow, not necessarily once it was received since multiple people may need access to the data. We set Domino 8 to force the TLS conversation and stop if it could not make one. We made sure the other server understood to start a TLS conversation when asked and off we went. Secure Internet mail flow between disparate sites at will.
Some examination shows that line in the installer file refers to a directory with an Uppercase while the actual install file creates it with a lowercase. So I edited the installer for the ApplianceWare version and the install went off just fine. Chalk one more up on the wall. We got every reaction possible. Andy and myself fended off countless questions from a fully packed house. The extra seats we planned open were taken by some last minute drop-ins that registered. So what did we learn this city? Did I mention Productivity Tools?
Companies in size from users to 40, all really use Domino Some admins are lucky when they get to go to Brazil for 9 days to install one Domino server Lotus Foundations is a cool product if you don't already have a Domino domain, which they all did of course Integration of Sametime is awesome Integration of Activities is confusing The Sametime Gateway is of interest to them Coffee breaks are not often enough, mainly after huge lunches Attendees love free tools that we give away Expanded policy control for desktops and security will be implemented right away People are tired of Smart Upgrade and want full provisioning I am sure there is a few other I will add in.
To summarize, the love Domino 8 and wish there was few more things that had made it into the product at the same time. Social networking over here is not popular, while internal chat is. They always have very specific and unique questions that we love getting answers to for them. So excuse me while I collapse, eat a final dinner here and then head home tomorrow. Check my "Where am I headed" tab to see the cities I have booked up. One spam provider says so Our customers have forwarded a blog posting from Mayflower Software that suggests you remove DNS blacklists and then let their software handle everything for spam.
While there is one valid point, adding an immeasurable load to your Domino server is not something I suggest. So then jump down to the comments and see what others have to say: Blacklist can produce false positives but really have positive impact on load. Then disabling DNS blacklist does mean that our load on line will be 10 times bigger which is of course unacceptable. So to our customers that saw this, I write my opinion here.
While someone may be blocked accidentally for whatever reason, there is the phone. The load that could come from this on your server is not worth letting a Domino based spam solution solve. Another interesting bout with unknown causes of server setup failures on an additional Domino server. We were setting up a hosted server, that was to get the necessary data through a private connection with an address supplied by the IT team at said company.
We could hit that IP address over port successfully, so all was good there. Yet even a simple telnet showed that it connected fine. So as we were about to cheat and have them zip and send names. Allowing wild card connection documents Enabling name service requests and probes Checking for XXX.
The server you connected to has a different name from the one requested. Checking low and normal priority connection documents No default passthru server defined So NotesPing showed us that the server they gave us as an IP address and name, was not the right one for one of the two variables for the setup.
Well I started getting emails and pings asking what it all meant. So to honor everyone's requests, I did some digging around with AOL people to get some answers: The rate limit numbers are not linear The rate limit numbers are built dynamically with an algorithm, meaning each company will be different If you run a bot that does heavy traffic, like an automated helpdesk or query bot, through your Sametime Gateway into the Clearinghouse, you may contact AOL to have it provisioned So as you see there is no hard numbers per customer, per connected Sametime Gateway.
It is a dynamically changing rate based upon your normal usage. Now I know they do not have 40 guys that are there doing simple math charts. Which means that if you suddenly spike the amount of traffic you are sending through the gateway into the AOL Clearinghouse, you might get limited down until they figure out what is going on. Meaning you might end up calling them. So if you are implementing a new bot, I would get in touch with them and get it provisioned first Make sense?
If not let me know. Get yours today hot off the presses! So Google Talk becomes a consolidated IM client. So here is what we found out. We had to manually go in and start it to clear the alert. This was on all the servers 7. But as I sat here writing the March edition, I realized you may not. So get over and catch up darnit. There was a Blackberry series last year and right now is the middle of a monitoring series. What are you waiting for? It is lighter than Trillian Astra, at this point, which is a nice touch also.
Take a peek and grab the beta. If not The following document contains important resources to assist you with your upgrade to Lotus Notes and Domino 8. I created a Google gadget of this also but I am piping my LotusChannels Jaiku feed into Dapper to make some widgets and gadgets. Then we can toss this into the Notes 8. One part of me really doesn't want to know this much all the time. The new age parent says this is a great ideas. See the image.. Seems to me the old idea of be home by dark is gone.
If you already have 8, you have to get the patch out there. If you are just staring to deploy Sametime 8 clients, then get this in place first. This technote goes into full detail on the fix and what is being changed. Without implementing this fix, administrators will not be able to successfully maintain Sametime Connect clients and keep them up-to-date with the latest maintenance releases. If the Sametime 8. This issue impacts both the stand-alone client installation package as well as the Network Client Install NCI package. While I was doing a site review for the other blog , I figured it might well fit into this one as well.
This site actually has a hidden social networking hook, allowing you to create custom pages and send them to others to use as their desktop. The iconic type desktop works well overall. While some of the icons actually utilize the main center window to show the results of what you click, others open new tabs or browser windows found in settings. You actually get the most function by making your own pages and adding content that you want. There is more than a handful of built in widgets and feeds, from there you can also add your own site or feed.
There was 2 Gmail links. One took you to the actual Gmail login page in a new tab, the other was a functioning widget. I would suggest they blow the new tab one away and stick with the widget to keep you in their page. I also found I could not drag the icons between pages, which is something we are used to in Notes for sure. What I didn't like is how most of their icons they provide of them simply took you to the site. You cannot enter your credentials and have it log in and bring you some form of miniapp window.
Symbaloo is a visualization of your bookmarks. But there is no way to take my existing bookmarks and make them a visual page!! That bites. I also could not find a way to import an OPML stream to have it populate pages with existing feeds I watch. I found places to manually enter single bookmarks and manually enter a single RSS feed, both labeled beta at this time.
You can create links for audio streams and use widgets for Last. But the widget area has a lot of room to grow before it is very useful.
Northern Collaborative Technologies, NCT Search
So this is not a Microsoft or Lotus bashing post. It is a posting directed towards social networking in the enterprise. Many of you know I run an alter-ego blog at TheSocialNetworker. I am starting to get more site review requests that I can run through in a timely manner, so I take the ones that look the most interesting and go from there. So I ran across a slide set found here that was co-presented by Peter de Haas at the end of November I see he and Stuart had some comments back and forth when I went looking in his archives.
In the set there was the following slide towards the end: If you take the second line that says Microsoft Office System, you could go with either Lotus or Microsoft on this one. So without reading what Stuart had to say on the topic, I have my own thoughts. Both of the companies are fighting for what the consumer public space already has in abundance. The question are: how to relate it to business usage secure the data get people to utilize it allow outside data to be referenced and pulled in give the users the Ohh's and Ahh's they find on the consumer side provide presence both for internal and external awareness open the system to pull in external feeds in a structured and loose manner ie: Attensa and user defined feeds The approach on the underlying purple, blue and green colored areas above fit into both vendors.
IBM's Metaverse virtual reality software Though still a bit rough around the edges-it won't be mistaken for Second Life-some 2, IBM staffers are testing ways to collaborate with colleagues in the Metaverse, according to Mike Ackerbauer, innovation manager for collaboration development at IBM. This approach is a boon for IBM employes, who are spread out all over the world.
The meeting room Ackerbauer showed eWeek was sparsely furnished, but serviceable, with a screen on the wall to simulate the typical conference room. What interested me was the statement in the article that they are looking for VOIP solutions inside of it, including hooking it to Lotus Sametime. Forget making profiles in Lotus Connections, get ready to make avatars. Well I finally got some updates from same avid readers to the blog across timezones I love the Internet : The demo that was shown at Lotusphere used the Ascendant to bridge all the Sametime users into a conference call.
Then another update showed from someone else putting it all together Today, you are "linking" a Sametime user to an entry in your address book so that you get the added menu items of "Email, Call, SMS, MMS. It highlighted the new "Convert to Call" and "Click to Map" that would be possible. The "Click to Map" feature will launch Blackberry Maps from within the Sametime client software and generate a map that illustrates a colleague's location based on presence information retrieved from Lotus Sametime.
This is a cool feature I would love to see in place. I know the "Convert to Call" is kind of there, but that seems to not be in place either. Maybe I missed something in implementation or does this need the Sametime 8 Advanced Server that is not due out till next year some time?
Also, does the map render from the location they type into the client? I am not sure how that would work either looking at the preferences in the Sametime Connect client for the Blackberry as shown in this screen capture: I can't seem to find a menu item for mapping the user in the Business Card or main screen. Sametime normally would create the required Directory Assistance on the fly and keep right on rolling. Weirdly it now saw the install as the ability to: Install a new instance of Sametime?!?!?
Upgrade an instance of Sametime?!?!? I took upgrade as fix the install that is there please. And away it went. Now let's see how it did. Sametime 8 gets closer to an actual provisioned installation. Much better indeed. I praise Lotus for listening to my rants on provisioning and deployment management. However, this became a noticeable problem here and after consideration and some talks with those deep in the bowels of Lotus Sametime development we as in they and I confirmed my fears upon first testing.
Here is what happens. Sametime 8 does not see the previous install path as shown yesterday since it is not upgrading your Sametime 7. It is installing Sametime 8 and then uninstalling 7. It reads your settings and places them into a lookaside database to move them across during provisioning of the new 8. What this means to you is that you then cannot install into the same directory you had 7. If you install 8. Quite the conundrum isn't it? I know I want mine in the same path all the time.
With this scenario, I cannot hit the site and have it upgrade what I have in place. So if you have company standards on how the client is installed, you may be looking at uninstalling the old version from everywhere, then running the install for 8 afterwards into that same directory. Lotus also changed the folder structure and naming of the Sametime Connect files. This adds a new level of change for the plug-ins.
We will cover more on plug-ins on the next posting. This was the network install attempt and then the locally saved attempt at a Sametime 8 client install on the same laptop. The first thing to arise was that it did not see my previous installation path. I installed the Sametime 8 server and also placed the network-install package on the server.
For those of you not familiar with it, I suggest you go read how this is done over here. I then started the download. I forgot to specify the base URL inside the download properties though and when the install attempted to complete, it came up with errors. Lots of errors. I then went back and placed the correct URL in the download properties file and tried again. I noticed that the install seemed to download incredibly quick. Halfway through, it then stopped and just sat there for a long time.
I killed the install and tried again. Same thing. It then hit me. The original download was still in my cache for the browser so it was still reading the bad data. Here is a screenshot: So I went in and removed that bottom file from the cache to see what the result would be. As expected a much longer download started again. You need to know the original part is 29MB and then more is pulled from the server.
The client code itself is still MB when it is on the machine. So I am off to delete the file and redo the install. I picked this up from the following blogger John Resig.. Gmail has a hidden feature: Atom feeds for Labels! The technique is simple: 1. Setup a filter to catch all email from a specific mailing list.
Apply a label to all of that mail e. So if you take this and then flip it to Domino, you could create a rule to tag or sort your mail-in databases and then push this out to the feed readers with the RSS capabilities of Domino. This would solve an alert issue for numerous people that share part in a mail-in database. Go to the archives tab above and look at the different pre-categorized feeds you can get form one single database. Same idea, just move it to other data stores in your Domino architecture.
I get asked this question often and there are factors around total usage, number of chats and the rest of the usual suspects. One question came in that needed a definite answer. Some of you were trying to update the certificate and could not find the location. Well from Chris O himself who did the majority of making Premier talk through submission holds, here you go: Location of keystore for Premier - Tell him to look in the notes.
That is the location of the file it is using. We have a Sametime server that runs the 7. It also has the Premier Audio Adapter for holding the audio bridge conference portion. Well it suddenly stopped working and communicating with Premier to begin the bridge. IBM seemed to be stumped and pushed us to Premier. Premier says they don't totally "really" support it either since it was developed by IBM and handed to them. So we get stuck in the middle. Alas, never mind that portion we found the culprit of why it stopped working. Premier updated their SSL certificate on October 4th of this year.
The local keyfile had the expired previous certificate. So it just never connected. No warning, no alert, no log. No connection. We could get no debug variables to place in for the adapter so after a clean install and replace some files I copy in below, all was well once again after a week of running in circles. Good job to Chris O at my office for sticking this through and beating out of them that they changed their SSL after we told them that was an issue a ton of times before we got confirmation.
The AA install program installs a stkeys. So after a re-install i delete the stkeys. It does, however, manage its network so that a few subscribers using bandwidth-hogging programs don't slow everyone else's Web surfing. A simple request to Lotus.. I previously did posts and podcasts on this topic I even took a humorous slant after upgrading countless servers. Listen to Episode 28 with Scott of Lotus that not only got downloaded an amazing number of times, but had tons of info.
A lot of people have been doing upgrades, changes and deploying applications since the last DST time change. Yet everyone has the same question. What version has what fix and if I upgrade is it done? So Lotus, we need a simple scenario listing in a whitepaper or technote that shows the outcome of where they are now and what steps are needed.
Do I have to repatch? Bill McAnn was the call moderator. Yes, point to a home Sametime server. I have installed Sametime 7. But when upgrading to FP1 it came back. This will possibly be fixed in a later version, but not 7. But I wont call him out. He wants to build a silent install package to dump out with SMS. There is some issues with this. There is a new client with the proper fixes, including CF1. It comes with the installer and since it is a full client you have to open a PMR to get the updated installer package. Provisioning the preferences in the Sametime client.
One is the site update. One is the plug-in customization. Does the site update have to be a feature jar file? This file is read each time the client is started. The ini provides the default settings preferences. End user overrides in the client preferences will still overtake what is set in the ini file. You cannot swap it out at install time.
An update site must be a jar file Policies regarding chat recording, with the value set to save or not save. If you uncheck this does it force down to users not saving chats. Lotus says unchecking this does not set auto-save in the client. Checking this forces the user to save chats. There is actually two policies. One allows them to save at all and the other allows auto-saving. When was the silent install that includes the msi, when was it released?
Sep 21st or so was the release date. Also, they want to fill in the community name and pre-configure TLS? Craig jumped in to say he belive it is possible now. They have multiple servers, a web portal with stlinks, web conference server and chat servers. People get logged off when the move around servers, why? Jennifer at Lotus says Portal was giving a new IP address coming in so it was being seen as another user.
She gave the example to ignore when you come in twice that goes in the config section. The user must also be homed to a Sametime server or cluster. The CF1 version of 7. When you install and launch the client the Terminal Services application continues to run? Harry, dev manager at IBM, asked to clarify operating system and client. It was OSX When you launch the Sametime client it also launches Terminal Services. They do not quit and continue to stay launched.
The client works fine, but you must manually quit the Terminal Services. The Sametime 8. The next caller wishes to turn off the resert button in the client. Craig said there is no policy or previous request to turn this feature off. The caller saysd for compliance reasons they muyst lock the user from being able to change communities. Craig says 7. He referred to the policy to force the default community.
Unless you have multiple communities, then this policy would apply. The caller has Facetime in the middle to capture for compliancy. Lotus suggests hiding the Sametime MUX so no user can directly connect to it. I missed one call for a person coming in, sorry The next caller asked about the StReflector being set up. If you are doing many audio or video chats then moving it to another box will assist in performance. The reflector will let each clients see the others IP address.
Point to point will always be first, then the reflector. With exxternal users with symmetric NAT you put the reflector outside the organiuzation. A normal or non-NAT firewall, the clients will still try to do point to point. The reflector must be able to go through the firewall. Prudential wants to deploy a basic client and send out the features, yet they cant lock them down. They want a list of what cnd cannot be locked down. The only settings available for lockdown are those in the policies on the server Can you secure audio and video to a particular group?
Well low and behold a decent one existed.. Here is the page This web log is a joint effort by the key technical architects and user experience professionals to open a direct line of communication with developers about the capabilities of user facing composite applications. I also had the link up on how to move a Sametime plug-in to Notes 8 client. Here was that link. We learned some time ago that message recall would be on by default when you either install or upgrade the server to Domino 8.
Here came the comments. The issue is that if you wish to have it on in the server configuration document, policies must then be used to turn it off. Instead of enabling it further for certain users, which one would expect. When I relayed info from the podcast that Susan and I did weeks ago about how the Domino 7 server will send the recall requests to the Internet by default and you can even recall mail sent in the past before the upgrade, eyes went wide.
The final straw was that no indication is left in the recipient mailfile that a message was even there. This discussion and slide review covered about minutes of the session itself. Without giving away all the parts, just because it is a new feature doesn't mean it should be on was the general consensus.
In the Gateway configuration you specify a local Sametime Community. Which of course is where your users reside. Well you only specify one server in this listing or I should say one DNS name for connectivity. The Gateway then goes about it's business and starts serving presence awareness and chat services for the public providers. Well unknown to me, if you do not run in a central clustered environment and have users spread across servers that may be geographical or just in the same place , but not clustered, the gateway needs and wants a port connection to each and every server, which it then holds in a local file.
This does not worry me as much as it appears some company security groups. The Gateway is just what the name applies, a gateway. Just how you deploy external SMTP servers and then only allow them in through the firewall, via trusted IP's usually, this acts the same. So have no fear, the Gateway is doing it's job by not storing data and only offering a direct connection to the public providers and then 'proxying' the traffic to Sametime.
Your user directory is not affected as well as you can control which providers come into the Gateway and then how just the Gateway communicates to Sametime. So do not freak out, it is all in how you present it to the team in most places. Those that still don't get it, probably never will. Of course I check my flight status, get last minute emails and other weird things people do to waste time on the Blackberry. I land in New York and check the next flight as I walk across the terminal, looking with half an eye so I do not run into anyone.
Or anyone else checking their Blackberry or smartphone that happens to be walking towards me. We don't look anyone in the eye anymore, we stare at tiny few inch screens. Or we walk with the Borg attachments in our ears in circles in the airline lounge talking to seemingly no one. Quite loudly. In circles. Talking to no one. We have cords strung from our ears to our waists and can type 40 words per minute without looking and with one hand. We can re-book a flight while everyone else stands in line, but we can't remember how to communicate with people verbally.
Heck, half the people try to mimic smiley faces with gestures now just to act like they are sending chats I shut down all electronic devices as required and prepare to get some rest on the flight. Which does not go as planned, but not as bad as getting no sleep at all. Once off the plane it is time to turn the Blackberry back on to check if the car service is there and if any other plans had changed. All is well and on schedule. I arrive at the customer site and get straight to work.
They don't have an extra network line ready for me in the conference room and I accept that I cannot get on the wireless. No lines in the rooms, no wireless. I can live with that. Until I discover that the PC line there only accesses their Intranet and you need a username and password for the proxy.
I send a quick email with the Blackberry to the team I worked with. Some answers from their Nokia phones. We can check tomorrow. Time to relax for a night. More on that later. I like it though. I also have the office set me on tether modem on the Blackberry but overseas it gives me some weird error. Maybe because you dial that weird , who knows.
I work on that later. Word comes from the security team that they are very unfriendly and do not have or will issue a temporary proxy account so I can use the network there or at the housing. So I am full fledged Blackberry and accept my fate. Their website is not Blackberry friendly at all and really needs a WAP interface.
All the darn scripts drove me nuts using the Blackberry browser So where do I sit now? Thumbs really do hurt some, the battery goes faster when you constantly use it, I expect no less. Could I make it my lifeline, sure. Do I need some of the Domino apps, sure.
That is how we do business. The Blackberry stepped up when it needed to and covered all the basics. It does have me on the hunt for even more and better applications for it too. Vendors that they listed included Lotus and a slew of others I did not know offered such solutions. The suites are what Lotus Connections offers with some added parts like Business Intelligence They then have specialists that work on each part of the software itself The market drivers were just what you know now.
Make some teams and share some info then find people around them The market barriers are what you expect but easily overcome. Pushing for the MySpace generation and use of social networking is growing and businesses are banning such site access to MySpace. The Huddle tools are aimed at business users. The low cost of Huddle was their other point of their offering Mike Walsh - They are trying to making it easier for the business person to make and find relationships.
Taking some of the Web 2. What was the initial pain point that caused them to look for a social networking solution for their enterprise? Janine Popick - They have 30K small business customers with only a small number 50 of employees. So they are the customer experience side. They let the customer 3. How has business social software changed how employees share information between themselves and with customers? Janine Popick - They have an award winning blog. Employees post more content to give them exposure. They use Leverage as their social software choice it was said.
They also started a Facebook group with about members giving product feedback. There is a wiki in place to post documents and share information. What are some of the key factors when vendors go up against Microsoft Sharepoint in this space? Mike Walsh - Everything is based on the needs of the users. It varies across prospects. He said Sharepoint, which is a great product, and Lotus Connections, which he was not familiar with, helps them find the right people for a specific person to assist with a project or prospect.
Jon Landau - They are often compared to Sharepoint. The perception he finds is that is a free tool but the TCO is incredibly high for a business. It does well for internal collaboration. But the idea is to bring external clients together with the inside groups and becomes costly with Sharepoint. Kingfield is a customer of theirs, and they were looking at Sharepoint until he brought Huddle to them. What were some of the critical features that your business looked for in a social software package? Janine Popick - They found that their customers that used their service needed different feedback.
So small groups of customer types are forming. They are also able to push focused product release information. Finding users "like me" on a people map and then reaching out is helping the company since they already compile a large amount of data from each customer. Live chats are helping get feedback on what features of their product are most important. Questions from the audience What are the real benefits, like ROI.
These seem like a solution looking for a problem. Janine Popick - One of the things they did when deploying was hire someone to manage the deployment. Without someone to drive and manage this can fail. This person also participates in the social network by watching and even generating conversations. On a hard ROI front they know they are saving time on email and feedback processing.
Vocal people in the communities help promote what is needed without them sending out constant user surveys. John Landau - Huddle offers the ability to share documents and work together internally and with external partners gives a tangible ROI. If that was done by email instead, You end with multiple people looking at different versions and chasing information. Huddle has the centralized upload, sharing and work area to set approvals and tasks, etc.
Mike Walsh - They were out as a social network platform before Facebook caught on and now everyone is clamoring for this type of application. They work with companies with different goals and needs. ROI might be decreasing support, increasing upsell, increasing customer loyalty, getting products to market faster by getting feedback.
Some need projects done faster and others are using it to find hidden talent in the company. Mike Walsh - They do work with smaller companies to share best practices. Relationship building through the social network is a huge benefit. John Landau - You are able to bring all these partners and resellers into one social network so you can all chat, talk working group and share information with branding and customization.
How does voice and real-time collaboration overlap with services such as the social networking vendors? Will you follow? John Landau - Huddle is in a position in the next few weeks to offer integrate single sign-on ability. Web conferencing tools are also being built into the product offering.
Mike Walsh - Open architecture through widgets allows you to add features and functions even without their help. They are partnering with companies like Webex and SalesForce, or even pulling in a Skype or Webex widget. Also a GoToMeeting widget as they used in this conference. Is there a listing comparing what these vendors offer in their social network offerings? How do you deal with issues around compliance.
Janine Popick - She does have compliance issue it seems. They use a wiki for a lot of collaboration but will be tightening up how the information is controlled. John Walsh - needed the question repeated. The data can be exported so it depends on the requirements of the organization.