Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Lessons Learned from a major IBM Collaboration Solutions Deployment

524 views

Published on

In 2015 IBM deployed the entire IBM Collaboration Suite at a large customer in the financial sector. Both me and my co-speaker were closely involved in this deployment. We presented the lessons learned from this major deployment during the Engage conference in Eindhoven March 2016. This presentation contains lessons learned both from a strategic viewpoint as lessons learned and tips from a technical viewpoint.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Lessons Learned from a major IBM Collaboration Solutions Deployment

  1. 1. #engageug Lessons learned from a Major IBM Collaboration Solutions Deployment Martijn de Jong (ilionx) & Frank Visser (IBM) Str. 06
  2. 2. #engageug 2 • M.Sc. Electrical Engineering at the University of Delft, The Netherlands • Psychology & Ergonomics at the University of Stellenbosch, South Africa • Advanced Certified IBM Lotus® Notes® & Domino® 9 Application Developer & System Administrator and a Certified Lotus Instructor Who Am I Martijn de Jong mdejong@ilionx.com twitter.com/martdj nl.linkedin.com/in/martdj
  3. 3. #engageug 3 • Master East European Studies (focus on Russia), University of Amsterdam, The Netherlands • Advanced Certified IBM Lotus Notes & Domino 8.5 System Administrator and Certified IBM Lotus Notes & Domino 9 System Administrator Who Am I Frank Visser frank.onno.visser@nl.ibm.com
  4. 4. #engageug 4 • The opinions expressed in this presentation are the personal opinions of the speakers. They don’t necessarily reflect the official opinions of their employers nor of the customer on which case the information in this presentation was based • Our opinions are based on our experiences with the products in 2015. Some challenges we encountered might be solved in your situation • You may thank us for that ;-) Disclaimer
  5. 5. #engageug 5 • Customer Case • Architecture • Strategy • Division of Responsibilities • Corporate Directory • It’s supported, but should you do it • Deployment • Connections • Sametime Complete • Mobile / Verse • Domino / Notes Agenda
  6. 6. #engageug 6 • Customer in financial services • ±30K Employees and ±11K Employees in subsidiaries • Customer was using Notes / Domino 8.5 and Sametime chat • Customer decided in 2014 for IBM Collaboration Solutions portfolio: • IBM Connections 5 • Notes / Domino 9 (internal organisation) • Sametime 9 Complete • IBM Notes Traveler / MaaS360 / IBM Mobile Connect / Verse Customer Case
  7. 7. Architecture - Connections 7
  8. 8. Architecture - Sametime 8
  9. 9. Architecture - Sametime A/V 9
  10. 10. Architecture - Mobile 10
  11. 11. Strategy 11
  12. 12. #engageug 12 Division of Responsibilities
  13. 13. Responsibility Matrix 13 Connections Mobile Domino Sametime Domino / Collaboration Wintel RDBMs WebSphere Unix / Linux Network Storage VMWare HR Security Netherlands Poland Netherlands India Netherlands India Netherlands India Netherlands India Netherlands India Netherlands India Netherlands India Netherlands Netherlands Enterprise Directory
  14. 14. #engageug 14 Bystander effect
  15. 15. #engageug 15 • Departments focus on specific versions of products • Connections / Sametime / Mobile / Domino have their own rules regarding versions, fixpacks, fixes etc • This often clashes • Better to have knowledge of WebSphere & RDBMS in department supporting Connections/Sametime/etc • Concatenate Support Responsibilities Lesson learned
  16. 16. Concatenate Responsibilities 16 Domino / Collaboration Wintel RDBMs WebSphere Unix / Linux Network Storage VMWare HR Security Collaboration • Domino • WebSphere • TDI • DB2 • Windows • Linux Network Storage VMWare HR Security
  17. 17. #engageug 17 • Don’t try to make COTS (Commercial Off The Shelf) software comply to a strict set of standards made for running WebSphere enterprise applications • The same holds for standards regarding Operating Systems • Make sure this is clear in the architecture phase and if applicable the contract with the customer Lesson Learned
  18. 18. #engageug 18 • When implementing new products, you’re bound to miss some expertise • Try to get the right experts involved in the architecture phase and early deployment phase • Hire them if necessary • Might save you a lot of extra work during deployment Lesson learned : Expertise involvement
  19. 19. #engageug 19 Corporate Directory Or
  20. 20. #engageug 20 • Who do you want to use Connections / Sametime / Mobile / Domino Mail? • Are they all in one directory? • Is this an LDAP directory? • Can you add data to this directory that you need for Connections / Sametime / Mobile? • Do you want SSO? Is data that you need for SSO in your LDAP directory? • What information should users be able to edit themselves? • What about groups? • Who owns the content of groups? Corporate Directory
  21. 21. #engageug 21 Carefully plan and prepare your Corporate Directory before deployment of Connections / Sametime / Mobile Lesson learned
  22. 22. #engageug 22 • The fact that something is supported, means if it doesn’t work, IBM will create a fix for you. It doesn’t necessarily mean it works out of the box! • It also doesn’t mean no extra costs are involved in using this solution! It’s supported, but should you do it?
  23. 23. #engageug 23 Supported RDBMS Product RDBMS Version Connections 5.0 DB2 Enterprise Server Edition Microsoft SQL Server Oracle Database 11g Enterprise Edition Oracle Database 11g Standard Edition 10.1 2012 Rel. 2 Rel. 2 Sametime 9 DB2 Workgroup Server Edition 9.7 & 10.1 Traveler 9 HA DB2 Enterprise/Workgroup Server Edition Microsoft SQL Server Enterprise Edition 9.7 & 10.1 2008 (R2) SP1 CU1+ IBM Mobile Connect 6.1 DB2 Universal Database or Express Microsoft SQL Server Standard / Express Oracle 11g with Data Direct Connect ODBC 7.1 9.1 or 10.X 2008+
  24. 24. #engageug 24 • If something is supported, but hardly anyone uses it you’re prone to encounter bugs • It might be wisest to use DB2 as RDBMS for all ICS products even when it’s not your strategic platform Lesson learned
  25. 25. Deployment 25
  26. 26. Connections Deployment 26
  27. 27. #engageug 27 • Like most other products also Connections has security vulnerabilities. Finding and fixing them is an ongoing process • Users could create special pages to abuse these • Many other settings to enforce stricter security • Lesson learned: Define beforehand what should be considered a security risk and what not Security vulnerabilities
  28. 28. #engageug 28 • Single Sign-on was configured using SPNEGO • Not all users could use SSO and needed username/pw • Lesson Learned: Design and implement a fallback mechanism for authentication Authentication
  29. 29. #engageug 29 • You’ll want to restrict access to some parts of Connections • Metrics, Connections administrative roles, WebSphere Admin • You’ll probably want to use groups for these • Lesson Learned: You need a mechanism to create/ modify/delete your LDAP groups Authorisation
  30. 30. #engageug 30 • Cognos loves it’s database • It gets really upset if the database is not there • By default, it will try to find it multiple times a second • Databases don’t like this. This creates a lot of log entries. Our Oracle grid went down because of this behaviour Database hunger
  31. 31. #engageug 31 • Beware of Cognos DB Hunger. If you plan to take your RDBMS down for whatever reason, stop Cognos first • If your RDBMS went down unexpectedly, stop Cognos ASAP • Consider creating a separate DB instance for Cognos Lesson learned
  32. 32. #engageug 32 • Connections integrates with Notes very nicely via 3 plugins (Files - Activities - Status Updates), but why do they load so slow? • The plugins load by default via UDP. Check if all your network components are configured to support this • If not check the krb5.ini (krb5.conf on linux) and configure it to use the TCP protocol (udp_preference_limit=1) Connections plugin in Notes
  33. 33. Sametime Deployment 33
  34. 34. #engageug 34 • Since the latest Domino versions, you should use TLS for secure LDAP connections. Much of the Sametime documentation still assumes you’ll use SSL (don’t do that!). You need to create a keystore for TLS for secure connections to LDAP • [Config]
 STLDAP_TLS_TRUST_STORE_TYPE=p12
 STLDAP_TLS_TRUST_STORE_FILE=trust.p12
 ST_TLS_TRUST_STORE_PASSWORD_STASH_FILE=trust.sth • http://ibm.co/1M6WAXi for more info Sametime IM
  35. 35. #engageug 35 What do you want to show in your Sametime business cards? • Email address • Phone number • Address • Etc… And: do you want to give users the the possibility to change their own data? Based on that you can retrieve your business card information from: • your (Domino) LDAP directory • HR system • Connections profile (easy to manage, users can upload their own photo when they create their Connections profile). • … Sametime business cards
  36. 36. #engageug 36 • Plan your Sametime data sources carefully before implementing. • Plan whether or not you will allow users to modify their own data. Lesson learned
  37. 37. #engageug 37 In Sametime you can show a photo in your business card. There are multiple ways of achieving this. • From the Domino Directory (bad idea as it will explode the size of you Domino Directory database) • From your (Domino) LDAP directory (bad idea, same as previous) • Custom Notes database • Connections profile (easy to manage, users can upload their own photo when they create their Connections profile). Sametime photo
  38. 38. #engageug 38 • Plan your Sametime data sources carefully before implementing. • Be careful storing photo’s in a Domino or LDAP Directory. • Best practise would be to use the Connections Profiles to retrieve the photo’s from. This will encourage users to use Connections as well. Lesson learned
  39. 39. #engageug 39 • Sametime can update your Sametime availability according to your calendar entries • This is called the Auto-status check • Sounds good? • Some Sametime client versions had a bug, causing the client to connect to the Domino server 20 times a second instead of once per 10 minutes (like the version without bug) • Our Domino servers slowly died Auto-status check
  40. 40. #engageug 40 • When enabling a new feature, do thorough research for potential problems with this feature • Make sure all your (embedded) sametime clients are updated to the latest version before implementing the Autostatus check setting. • http://ibm.co/1S3y88t Lesson learned
  41. 41. #engageug 41 • A Sametime migration means Contact list migration • This can be tricky, easy to get double contacts in Sametime clients • Even more when you migrate from Domino authentication to LDAP • Force a one-way sync from server to local for contact lists Contact list migration
  42. 42. #engageug 42 • Copy vpuserinfo.nsf and convert contacts to LDAP style • Make sure that local contact lists are overwritten by the server contact list to prevent loss of data on the server side • Use a policy for this Lesson learned
  43. 43. #engageug 43 Desktop policy versus Update Site Sametime policies can be pushed via a Desktop policy (Managed Settings tab) or an Update site. Sametime Policies Desktop Policy Update Site Only for embedded Sametime Works for Embedded and Stand alone ST. Easy to manage (differentiate) Differentiation possible, but difficult to manage. Works for all Client version May not work for Notes 8.5.2 and below. Settings can be set, but not enforced. Settings can be set AND enforced.
  44. 44. #engageug 44 • Plan how you want to deploy Sametime policies. There are pro’s and con’s for both • If you have standalone clients, you must use an update site • If you need to differentiate between countries or groups, it may be easier to use a Desktop policy • If you want to enforce settings, you must use an Update site Lesson learned
  45. 45. #engageug 45 • IBM recommends to deploy Sametime A/V in close collaboration with the network supplier • Take this recommendation serious! • You’ll need many open ports between different network segments • This changes as the product evolves • Luckily usually the number of open ports becomes less Sametime A/V
  46. 46. Mobile Deployment 46
  47. 47. #engageug 47 • Many companies have a BYOD (Bring Your Own Device) Strategy • To secure company resources on a device that’s owned by the user there are 2 possibilities: • Mobile Device Management (MDM) • Mobile Application Management (MAM) • MDM solutions with Traveler / MaaS360 have a higher installed base Who do you trust?
  48. 48. #engageug 48 • MAM has lower impact on the devices of the employees • MAM containers depend on the supplier of the container. New OS versions (Android, iOS) might be incompatible with these containers • If MAM containers need to talk to other containers of different suppliers you might have challenges MDM vs MAM
  49. 49. #engageug 49 • Cloud solutions might save you a lot of hassle. Discuss early with Legal department what can be in the cloud and what can't • The chosen solution was cutting edge. Many fixes needed (and received in a timely manner) • IBM Mobile Connect is a good solution to distribute load evenly over Traveler pools Lessons learned
  50. 50. #engageug 50 • Strategy of enabling everything through mobile, might have been overambitious • Give people a choice. As little company influence as possible -> you get basic functionality • The MaaS360 apps provide this and work fine as MAM solution • People who want/need more -> accept an MDM solution Lessons learned (2)
  51. 51. Notes / Domino Deployment 51
  52. 52. #engageug 52 (Centralized) deployment of the Notes Client: • Manual • Smart Upgrade • Microsoft System Center Configuration Manager (SCCM) • Other Third-party tooling Keep in mind that a Notes upgrade takes quite a while (up-to 45 minutes) and users are not patient. Client Deployment
  53. 53. #engageug 53 • Communication, communication, communication! • If possible, make sure users CANNOT break the Notes installation (lock the Notes processes) Lesson learned
  54. 54. #engageug 54 A Company specific Welcome Page in Notes. Very nice! But how? • Create a template and deploy via the Client package? -> causes problems when upgrading the Notes Client. No go! Lesson learned: Create Welcome pages the proper way: • Create a Welcome Page database • Deploy via a Desktop policy. Corporate Homepage
  55. 55. #engageug 55 • Problem: Our Custom Welcome Page was overruled by the standard Discovery Page • Cause: Desktop Settings Form in Domino 9 contains a “bug” which enforces the Discovery Page as the Default Homepage • Solution: We fixed the bug ourselves: http://ibm.co/1RNF4nw • Lesson learned: If you don’t want your Custom Welcome Page to be overruled by the Discovery Page, fix the Desktop Settings Form Discovery Page
  56. 56. #engageug 56 Great feature! Very useful for offline working on Laptops. • It can be configure for Laptop Users only • Don’t forget to set the “Use local mail.box to send messages” option! (set via managed settings to have laptop only) Managed Replica’s
  57. 57. #engageug 57 • Managed Replica is useful, but implement it properly Lesson learned
  58. 58. #engageug 58 There are multiple “Roaming” solutions. • Store Notes data on a File Share (NO GO! Not supported and can cause performance issues) • Notes Roaming (on File Share or Domino Server) • Third Party tooling Roaming
  59. 59. #engageug 59 • Consider your Roaming strategy • Arrange access to both Server and Client side • Get help from an expert if you have no Roaming experience Lesson learned
  60. 60. #engageug 60 Notes supports multiple languages. Nice, but there are complications. • Support from non-local helpdesks is complicated • MUI mail template can cause issues with customised or old mail files (created with version 4.5) • Not supported with Traveler / Verse • Not supported in the Cloud Notes Multilingual
  61. 61. #engageug 61 • Multilingual Notes Client: Nice. But do you really want it? It makes things more complicated Lesson learned
  62. 62. #engageug 62 Questions?

×