SlideShare a Scribd company logo
1 of 59
Download to read offline
DEV-1268: IBM Connections Adminblast
Nico Meisenzahl, panagenda
Christoph Stoettner, panagenda
Notices and disclaimers
• Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form
without written permission from IBM.
• U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
• Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for
accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to
update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO
EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO,
LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted
according to the terms and conditions of the agreements under which they are provided.
• IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously
installed. Regardless, our warranty terms apply.”
• Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
• Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations
of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in
other operating environments may vary.
• References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services
available in all countries in which IBM operates or does business.
• Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views
of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other
guidance or advice to any individual participant or their specific situation.
• It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the
identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the
customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will
ensure that the customer is in compliance with any law
2
Notices and disclaimers continued
• Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly
available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to
interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
• The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights,
trademarks or other intellectual property right.
• IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document
Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®,
IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower,
PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®,
PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®,
Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business
Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at:
www.ibm.com/legal/copytrade.shtml.
3
• Consultant at panagenda
• IBM Connections since version 3.0 / 2010
• IBM Notes / Domino since 2008
• Focusing in ICS
– Deployment & consulting
– Optimization and migration
• “panagendian” since 2016
• First time IBM Champion
Nico Meisenzahl
4
@nmeisenzahl
linkedin.com/in/nicomeisenzahl
meisenzahl.org
nico.meisenzahl
+49 170 7355081
nico.meisenzahl@panagenda.com
• Senior Consultant – panagenda
– IBM Notes / Domino since 1999
– IBM Connections since version 2.5 / 2009
• Experience in:
– Migrations
– Administration and Install
– Performance Analysis
• Focusing in:
– IBM Connections deployment und optimization
– IBM Connections monitoring
• Husband of one & father of two, Bavarian
• Beer or Wine? ... Depends
Christoph Stoettner
5
@stoeps
linkedin.com/in/christophstoettner
www.stoeps.de
christophstoettner
+49 173 8588719
christoph.stoettner@panagenda.com
Let’s get started!
#1 Use custom user for WebSphere services
• Stopping WebSphere requires a user and password
– soap.client.props
– Service definition (/etc/init.d/ or Windows registry)
• Increase security
– Use different passwords
• Plain password on Linux
• Encoded (not encrypted) on Windows
– Create a local WebSphere user with “operator” access level
• WebSphere service user only needs access level to start/stop/restart the
environment
7
#2 globalSenderEmailAddress is not working
completely
• <property
name="globalSenderEmailAddress">mail@mail.com</property>
<property name="alwaysUseGlobalSender">true</property>
<property name="globalSenderName">Connections
Newsletter</property>
• If you use globalSenderEmailAddress (notification-config.xml)
– Mails contain reply-to address “news-admin@example.com”
– So replies of users can’t be delivered
• You need to configure all mail addresses one by one
8
#3 Do not change the Community catalog
seedlist url
• Using https://cnx.pana.local
– Connections will try to access seedlists using HTTPS on host cnx.pana.local
– Does not support TLS 1.2
• Using https://localhost
– This is the default value which will do something complete different
– Connections will use a internal (not HTTPS) request to access the seedlists
– Supports multi-node environments
9
#4 WAS & 4096-bit SSL keys
• Will not work out of the box if using 4096-bit key
• On IBM HTTP Server
• With any third-party integration (iNotes, …)
• You need to copy the unrestricted java policy to every node
– Download here
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source
=jcesdk
– Copy to <was_home>/java/jre/lib/security
– You need to redo this every WebSphere Java update ;-)
• WAS is now able to connect to those hosts
10
#5 Configure Textbox.io using JVM generic
properties
• You can use JVM generic properties instead of the
application.conf file
– -Dephox.allowed-origins.origins.0=https://cnx.pana.local
-Dephox.allowed-origins.origins.1=http://cnx.pana.local
-Dephox.allowed-origins.url=https://cnx.pana.local/ephox-allowed-
origins/cors
– Skip the last line for 5.5 CR2 and later
11
#6 Do not trigger seedlist validation regularly
• Seedlist validation does NOT delete temp files
– New seedlist data will be created every time
– Could cause full disk space
• <localdata>/search/persistence/seedlist*.attempted.xml
• Amount depends on environment
• Happens when
– Accessing /search/serverStatus
– Calling SearchService.validateSeedlist("")
12
#7 Tuning your database
• Heavily increase performance by running DB2 maintenance
tasks
• Scripts available within <cnxroot>/xkit/connections.sql/
• Run in following order:
– Runstat
– Reorg
– Runstat
• Run them regularly
• You need to build own scripts for custom databases
– https://meisenzahl.org/2017/02/25/connections-database-performance-
tuning/
13
#8 You’re using SPNEGO and don’t know
LimitRequestFieldSize?
• If so, some of your users may be unable to use SSO
– Users with many group memberships
– Mostly VIPs ;-)
• SPNEGO authentication header can have up to 12392 bytes
– Default LimitRequestFieldSize size is 8192 bytes
• Add LimitRequestFieldSize 16384 into your httpd.conf
– Will prevent: HTTP 400 - Bad Request (Request header too long)
– The whole group membership is stored within the header
14
#9 “TLS 1.2 only” environments
• Possible, but you need:
– Connections 5.5 CR2 including latest Textbox.io, FEB
– WebSphere 8.5.5.9
• FileNet Config Manager will not work
• Docs/Viewer will need a httpd.conf customization
– RewriteCond %{HTTPS} !=on
RewriteCond %{Request_URI} !/docs
RewriteCond %{Request_URI} !/conversion
RewriteCond %{Request_URI} !/viewer
https://%{SERVER_NAME}/$1 [NE,R,L]
• You need to configure some more stuff
• Please do not try this with a previous Connections version!
– You will find the whole story here
https://meisenzahl.org/2016/10/26/using-tls-1-2-only-configuration-with-
ibm-connections/
15
#10 Tuning search index
• Only use one search dictionary!
– Issues since Connections 2.5
• Enable “Accent-insensitive search”
– You will find “René” when searching for ”Rene”
• Enable “1 to 2 matching”
– You will find “Stoettner” when searching for “Stöttner”
• Include Connections type ahead search (Apache Solr)
• “Ignore Punctuation” setting is not working
– Searching for “IBM” will not display “I.B.M” within results
16
#11 Do not use IBM JRE for Apache Solr
• Apache Solr is needed for Connections type ahead search
• IBM JRE will break some Solr Dashboard Widgets
• More information (thanks Ben!)
– https://collaborationben.com/2016/06/22/which-jre-to-use-with-ibm-
connections-solr/
17
#12 How-to: Set EMPLOYEE_EXTENED role for
all users
• Export all user mail addresses using a SQL export
• Change role using a wsadmin call
– ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, "mail.txt")
• More information
– http://www.stoeps.de/adding-employee_extended-to-all-users/
• Changing role directly within the database is not supported!
18
#13 Using Textbox.io spellchecking service with Chrome
• You need to import your SSL chain into the WebSphere cacerts
store
– cacerts store is located in <was_home>/java/jre/lib/security
– You need to redo this every WebSphere Java update
• If not, you will get a HTTP 500 for https://<url>/ephox-
spelling/1/correction
• More information (thanks Michael!)
– https://www.urspringer.de/2016/02/16/ssl-certificate-issue-with-ephox-
textbox-io-editor-in-ibm-connections-5-5/
19
#14 Read-only and read-write profile fields
• Synced profile fields should be read-only!
• Please recheck your configuration
– We have seen this too many times!
• Customize profiles-type.xml as needed
– readwrite
– read
20
#15 Old URL preview thumbnails are missing after a
migration
• Thumbnail file path is stored within database
– Hard coded, no variables are used
• You need to manually adjust them after changing the
Connections shared directory path
• More Information
– https://meisenzahl.org/2016/06/28/url-preview-pictures-not-displayed-
migration/
21
#16 ACCE (FileNet Admin Interface) login isn’t
working
• Exclude /acce from mod_deflate (httpd.conf)
– SetEnvIf Request_URI ^/acce(.*) no-gzip dont-vary
• Use English as browser language
22
#17 Extend SPNEGO exclusion filter
• Prevent issues with some widgets
– request-url!=/profiles/widget-catalog/;request-
url!=/Calendar.xml;request-url!=/Recomm.xml
• When using Docs or/and Viewer
– request-url!=/docs/;request-url!=/conversion/;request-url!=/viewer
• When using Mac Connections Plugin
– request-url!=/files/serviceconfigs
• Tip: Save krb5.conf and keytab outsize the WebSphere java
folder
23
#18 FEB browser setup isn’t working
• Launches on new installation or upgrade when access /forms
• Will not work with non-English browser languages
– UI is only available in English
• Tip: Use portable Firefox
24
#19 Post-upgrade task: Connections fixes
• Delete temp directories after every iFix or CR update
– <appsrv-profile>/temp/*
– <appsrv-profile>/wstemp/*
• If not, you will get nice UI bugs ;-)
25
#20 Wiki images are missing after 5.5 GA
upgrade
• Short mod_rewrite rule will fix this issue
– RewriteRule "^/library/(.*)" "/wikis/form/api/library/$1" [R,L]
• Do not use the fix IBM provided
– Insecure mod_proxy configuration!
• Fixed with 5.5 CR1
• More information
– http://www.stoeps.de/missing-images-in-wikis-after-migration-to-ibm-
connections-5-5/
26
#21 Debug FileNet without ACCE
• Why? You have issues on startup or you are unable to access
/acce
• Add debug settings using JVM generic properties
– -DskipTLC=true -Dlog4j.configuration=file://log4j.xml
• More information
– https://meisenzahl.org/2015/12/13/debugging-filenet-issues-without-
using-acce/
27
#22 Enable HTTP compression on IHS
• LoadModule deflate_module modules/mod_deflate.so
• DeflateCompressionLevel 6
• AddOutputFilterByType DEFLATE application/atom+xml
AddOutputFilterByType DEFLATE application/atomcat+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/octet-stream
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/xsl
• SetEnvIf Request_URI ^/acce(.*) no-gzip dont-vary
SetEnvIfNoCase Request_URI .(zip|exe|jar|gz|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
28
#23 When doing a FileNet or Docs upgrade…
• …do not forget to remap applications
– FileNet & Navigator
– Docs, Viewer & Conversion
• Without they will not be accessible through IHS
29
#24 Recheck /docs and /viewer interservice URL
• There were some issues in previous versions
– Missing interservice URLs
– Double entries
• Some stuff isn’t working properly without
– CCM integration
– Access file preview via Activity Stream
30
#25 How-to: Delete Communities using REST
• First REST call will put the Community into the trash
• Second call will purge the Community completely
• Tip: When creating Communities within monitoring checks you
should execute the REST call twice!
• More information
– https://www-
10.lotus.com/ldd/lcwiki.nsf/xpAPIViewer.xsp?lookupName=IBM+Connectio
ns+5.5+API+Documentation#action=openDocument&res_title=Deleting_
communities_programmatically_ic55&content=apicontent
31
#26 Post-upgrade task: Connections database scripts
(DB2)
• Recheck NUMDB value after every Connections database
upgrade
– db2 get dbm cfg | grep NUMDB
• SQL update scripts sometimes include NUMDB settings
• If not, you will get issues when using integrations like Docs, FEB
or third-party
32
#27 Oracle: Check user password expiration
• Oracle database users are created through the Connections
Wizard SQL scripts
• Oracle default user password expiration value is 365 days
– ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED
33
#28 Debug user synchronization
• Profile & user synchronization
(<tdisol>/etc/profiles_tdi.properties)
– source_ldap_debug=true
– debug_update_profile=true
– debug_collect=true
• TDI issues (<tdisol>/etc/log4j.properties)
– log4j.rootCategory=DEBUG, Default
• sync_updates_clean_temp_files=false
– This will force TDI not to delete the temp files
• LDAP export
• Database export
34
#29 Connections and Docs with UNC share
access
• Recheck your configuration after installing Connections or Docs
UNC share access
– WebSphere variables - Slashes have to be forward slashes
– sib-engine.xml - Slashes have to be backward slashes
• Alternatively use ${MESSAGE_STORE_PATH}
• More information (Thanks Victor!)
– https://notesbusters.com/2016/02/22/connections-5-5-install-problem-
for-websphere-cluster-settings-with-unc-shares/
35
#30 Don’t miss the DB2 license import
• DB2 will work 90 days without a license
• You can check your license status using db2licm –l
– Expiry date: "Permanent“
• Tip: You will need a new TSAMP license when using DB2 HADR
with TSAMP after upgrading to DB2 10.5 FP8
36
#31 Debug Windows Connections plugin
• Launch DITrace.exe (<installpath>/Connections Desktop
Plugins)
• Reproduce issues
• Save traces using DITrace.exe
• More information
– https://www-01.ibm.com/support/docview.wss?uid=swg21681420
37
#32 Strong ciphers configuration (SSL LABS A)
• SSLCipherSpec ALL NONE
• SSLCipherSpec ALL
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSLCipherSpec ALL
+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSLCipherSpec ALL
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
SSLCipherSpec ALL
+TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSLCipherSpec ALL +TLS_RSA_WITH_AES_128_GCM_SHA256
SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_GCM_SHA384
SSLCipherSpec ALL +TLS_RSA_WITH_AES_128_CBC_SHA256
SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_CBC_SHA256
• Notes 8.5.x and < TLS 1.2 support (SSL LABS A-)
– SSLCipherSpec ALL +TLS_RSA_WITH_AES_128_CBC_SHA38
#33 Enable Viewer to preview .xlsm
• Required versions
– Connections 5.5 CR2
– Docs 2 CR1
• You need to customize viewer-config.json and include some
MIME types
• Editing macro enabled files will work out of the box
• More information
– https://meisenzahl.org/2017/01/01/preview-xlsm-files-within-ibm-
connections/
39
#34 Reimport Highway settings after 5.5
migration
• Otherwise, Activity Streams (Homepage, Profiles) will not work
– Access issues caused by missing permissions
• Copy “00000000-0000-0000-0000-000000000000.json“
– From <cnxshared>/configuration/
– To <cnxshared>/configuration/update
• execfile("highwayAdmin.py")
HighwayService.updateSettingsFromFile()
• More information (Thanks Michele!)
– https://www.ibm.com/developerworks/community/blogs/4021cbfe-
77ed-4a39-89de-
59b2fd63adb5/entry/IBM_Connections_5_5_403_error_for_the_Activity_S
tream_in_Profiles_after_migration?lang=en
40
#35 Connections 5.5 browser push notification
• New App: PushNotification
• Based on long-polling requests
– Client sends POST request to /push/form/comet/connect
– Server holds the request open and waits until response information
becomes available
– Server responses or timeout kills the request
– Client sends new POST request...
• Recheck your threads configuration on IHS and WAS
– ThreadLimit in httpd.conf
– Web Container Thread Pool for every App-Server
41
#36 Customize log language
• WAS: Customize JVM generic properties for all JVMs
– -Duser.language=en -Duser.region=US
– Non-English logs are causing issues
• TDI: Customize ibmdisrv.sh/bat
– LOG_4J="-Dlog4j.configuration=file:etc/log4j.properties” -
Duser.language=en -Duser.region=US
42
#37 Secure your mod_proxy configuration
• LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
• ProxyRequests Off
• <Proxy *>
Order deny,allow
Allow from all
</Proxy>
• ProxyPass /abc http://<fqdn>/abc
ProxyPassReverse /abc http://<fqdn>/abc
43
#38 Monitoring WAS
• Using PMI
– Analyze WebSphere related stuff (Connections pool size, Heap size)
– Included
– More information
• http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.webs
phere.nd.multiplatform.doc/ae/cprf_pmidata.html
• Using Health Center
– Full stack (CPU, I/O, Java runtime, Threads)
– Eclipse IDE Plugin
– More information
• http://www.ibm.com/support/knowledgecenter/SS3KLZ/com.ibm.java.diagno
stics.healthcenter.doc/topics/introduction.html
44
#39 Configure log rotation
• WAS
– Within JVM settings
– Don't forget to configure all JVMs
– Issues within Connections installer
• Recheck settings after installation!
• DB2
– db2 update dbm cfg using diagsize 256
– Delete logs after X days (crontab, scheduled task)
• TDI
– Customize <tdisol>/etc/log4j.properties
• log4j.appender.Default=org.apache.log4j.RollingFileAppender
log4j.appender.Default.MaxFileSize=10MB
log4j.appender.Default.MaxBackupIndex=10
• IHS
– Customize httpd.conf
• ErrorLog "|/<ihsroot>/bin/rotatelog –l /opt/IBM/HTTPServer/log/error_log.%Y.%m.%d 10M"
• CustomLog"|/<ihsroot>/bin/rotatelog –l /opt/IBM/HTTPServer/log/access_log.%Y.%m.%d
10M" common
– Delete logs after X days (crontab, scheduled task)
45
#40 How-to: Add customized profile types
• Why?
– Customize displayed/available profile fields
– Enable or disable profile widgets
• Configure “profileType” within
map_dbrepos_from_source.properties
• Customize profiles-types.xml
• Customize widgets-config.xml
– <layout resourceSubType=”<customprofile>”>
…
</layout>
– profileType default needs to be the last one
46
#41 How-to: Configure mobile push using forward proxy
• Connections environment is unable to connect to Apple/Google
push gateway directly
• Customize mobile-config.xml
– <ProxyHost> </ProxyHost>
<ProxyPort> </ProxyPort>
• Configure authentication alias if needed
– proxyMobilePushNotificationJAASAuth
47
#42 WebSphere & DH key size
• WAS supports only 2048 bit or less
• Enforce a specific DH key size
– <washome>/java/jre/lib/security/java.security
• jdk.tls.disabledAlgorithms=DH keySize <768
• Define DH key size on Domino
– Default DH key size was increased to 4096 bit with Domino 9.0.1 FP4 IF2
– SSL_DH_KEYSIZE=2048 (notes.ini)
• Requires at least Domino 9.0.1 FP3 IF2
– Mail integration!
• More information (Thanks Ben!)
– https://collaborationben.com/2016/07/12/ibm-connections-mail-and-
ephemeral-diffie-hellman-key-size-error/
48
#43 Post-upgrade task: CR2 Surveys
• Rewrite /forms to prevent broken links/bookmarks
– RewriteRule ^/forms/(.*)$ https://%{SERVER_NAME}/surveys/$1
[NE,L,R]
49
#44 Extend wsadmin on Linux
• rlwrap will allow you to use command history and arrow keys
within wsadmin
– https://github.com/hanslub42/rlwrap
• rlwrap ./wsadmin –lang jython
• This is also working for other command line based tools
– db2
– SQLPLUS
50
#45 Include mobile links in notification mails
• Allows users to access content using Connections mobile apps
• notification-config.xml
– <includeMobileLinksInNotifications>true</includeMobileLinksInNotification
s>
51
#46 Monitoring IHS
• Customize httpd.conf
– LoadModule status_module modules/mod_status.so
– <IfModule mod_status.c>
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Order deny, allow
Allow from 127.0.0.1
</Location>
</IfModule>
• Access using /server-status
52
#47 Enable LDAP groups with two or more Domino
directories
• Enable your Connections environment to use more than one
Domino directory
– Internal and external users
– Special directory topology
• Define your repositories with their Base DN
• You need to edit the wimconfig.xml
– These changes are not supported within ISC
• Customize following lines (one line for every repository)
– OLD: <config:baseEntries name="o=pana"
nameInRepository="o=pana"/>
NEW: <config:baseEntries name="o=pana" nameInRepository=""/>
– No need to customize other lines!
53
#48 connectionsAdmin J2C role
• Do not use a local WebSphere repository user
• Many problems are related to this
– Thumbnail generation in Gallery (3.0)
– CCM and Docs stop working after some time (5.5)
– Easier CCM migration (side-by-side)
• Changing the connectionsAdmin user is possible
– https://www-
10.lotus.com/ldd/lcwiki.nsf/dx/Change_password_of_connectionsAdmin
54
#49 Mail Integration with external users
• Mail Integration should be deactivated for all external users by
default
– header.jsp script is not working correctly
– ROLE_mail-user Cookie is set to true
• Use LDAP group instead of “All authenticated in Application's
Realm” to prevent errors
– mail-user role needs to be changed in following Apps
• Common
• WidgetContainer
55
#50: Use variables in widgets-config.xml
• Widget documentations often show path names in widgets-
config.xml
• Or even worse copies files to application ear
• Better move the files to
{CONNECTIONS_CUSTOMIZATION_PATH}/communities
• Use {communitiesSvcRef} as a replacement in widgets-
config.xml
• If you want to change the PATH, just change the WebSphere
variable
56
57
Questions?
@nmeisenzahl
linkedin.com/in/nicomeisenzahl
meisenzahl.org
nico.meisenzahl
+49 170 7355081
nico.meisenzahl@panagenda.com
@stoeps
linkedin.com/in/christophstoettner
www.stoeps.de
christophstoettner
+49 173 8588719
christoph.stoettner@panagenda.com
Presentation download:
https://goo.gl/xJlwX2
Headquarters, Austria:
panagenda GmbH (Ltd.)
Schreyvogelgasse 3/10
AT 1010 Vienna
Phone: +43 1 89 012 89
Fax: +43 1 89 012 89-15
E-Mail: info@panagenda.com
Headquarters, Germany:
panagenda GmbH (Ltd.)
Lahnstraße 17
DE 64646 Heppenheim
Phone: +49 6252 67 939-00
Fax: +49 6252 67 939-16
E-Mail: info@panagenda.com
USA:
panagenda Inc.
60 State Street, Suite 700
MA 02109 Boston
Phone: +1 617 855 5961
Fax: +1 617 488 2292
E-Mail: info@panagenda.com
Germany:
panagenda Consulting GmbH (Ltd.)
Donnersbergstraße 1
DE 64646 Heppenheim
Phone: +49 6252 67 939-86
Fax: +49 6252 67 939-16
E-Mail: info@panagenda.com
The Netherlands:
Trust Factory B.V.
11th Floor,
Koningin Julianaplein 10
NL 2595 AA The Hague
Phone: +31 70 80 801 96
E-Mail: info@trust-factory.com
© 2007-2015 panagenda
Make Your Data Work for
Thank you
59 10.03.2017

More Related Content

What's hot

Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”
Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”
Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”panagenda
 
Engage / Belsoft Collaboration - Using IBM Domino data in IBM Connections – a...
Engage / Belsoft Collaboration - Using IBM Domino data in IBM Connections – a...Engage / Belsoft Collaboration - Using IBM Domino data in IBM Connections – a...
Engage / Belsoft Collaboration - Using IBM Domino data in IBM Connections – a...Belsoft
 
What We Wish We Had Known: Becoming an IBM Connections Administrator
What We Wish We Had Known: Becoming an IBM Connections AdministratorWhat We Wish We Had Known: Becoming an IBM Connections Administrator
What We Wish We Had Known: Becoming an IBM Connections AdministratorGabriella Davis
 
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Nico Meisenzahl
 
Planning & Completing An IBM Connections Upgrade
Planning & Completing An IBM Connections UpgradePlanning & Completing An IBM Connections Upgrade
Planning & Completing An IBM Connections UpgradeGabriella Davis
 
Our take on Domino 10 - a Ytria webinar
Our take on Domino 10 - a Ytria webinarOur take on Domino 10 - a Ytria webinar
Our take on Domino 10 - a Ytria webinarBenedek Menesi
 
IBM Connections Adminblast
IBM Connections AdminblastIBM Connections Adminblast
IBM Connections AdminblastLetsConnect
 
Best and worst practices deploying IBM Connections
Best and worst practices deploying IBM ConnectionsBest and worst practices deploying IBM Connections
Best and worst practices deploying IBM ConnectionsLetsConnect
 
IBM Connections Troubleshooting or “Get the Cow off the Ice”
IBM Connections Troubleshooting or “Get the Cow off the Ice” IBM Connections Troubleshooting or “Get the Cow off the Ice”
IBM Connections Troubleshooting or “Get the Cow off the Ice” LetsConnect
 
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith BrooksIBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith BrooksKeith Brooks
 
Webinar: IBM Connections Adminblast
Webinar: IBM Connections AdminblastWebinar: IBM Connections Adminblast
Webinar: IBM Connections AdminblastNico Meisenzahl
 
Connect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping dominoConnect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping dominoMatteo Bisi
 
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...Heiko Voigt
 
Logging Wars: A Cross-Product Tech Clash Between Experts
Logging Wars: A Cross-Product Tech Clash Between Experts Logging Wars: A Cross-Product Tech Clash Between Experts
Logging Wars: A Cross-Product Tech Clash Between Experts Benedek Menesi
 
Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!Keith Brooks
 
1050: TDI Solutions Best Practises with IBM Connections Deployments - IBM Con...
1050: TDI Solutions Best Practises with IBM Connections Deployments - IBM Con...1050: TDI Solutions Best Practises with IBM Connections Deployments - IBM Con...
1050: TDI Solutions Best Practises with IBM Connections Deployments - IBM Con...panagenda
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerTeamstudio
 
The Sametime Mobile Experience
The Sametime Mobile ExperienceThe Sametime Mobile Experience
The Sametime Mobile ExperienceGabriella Davis
 

What's hot (19)

Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”
Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”
Soccnx10: IBM Connections Troubleshooting or “Get the Cow off the Ice”
 
Engage / Belsoft Collaboration - Using IBM Domino data in IBM Connections – a...
Engage / Belsoft Collaboration - Using IBM Domino data in IBM Connections – a...Engage / Belsoft Collaboration - Using IBM Domino data in IBM Connections – a...
Engage / Belsoft Collaboration - Using IBM Domino data in IBM Connections – a...
 
What We Wish We Had Known: Becoming an IBM Connections Administrator
What We Wish We Had Known: Becoming an IBM Connections AdministratorWhat We Wish We Had Known: Becoming an IBM Connections Administrator
What We Wish We Had Known: Becoming an IBM Connections Administrator
 
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
Soccnx11 Two wrongs don't make a right - Troubleshooting Connections
 
Planning & Completing An IBM Connections Upgrade
Planning & Completing An IBM Connections UpgradePlanning & Completing An IBM Connections Upgrade
Planning & Completing An IBM Connections Upgrade
 
Our take on Domino 10 - a Ytria webinar
Our take on Domino 10 - a Ytria webinarOur take on Domino 10 - a Ytria webinar
Our take on Domino 10 - a Ytria webinar
 
Migration:Impossible ... Not so
Migration:Impossible ... Not soMigration:Impossible ... Not so
Migration:Impossible ... Not so
 
IBM Connections Adminblast
IBM Connections AdminblastIBM Connections Adminblast
IBM Connections Adminblast
 
Best and worst practices deploying IBM Connections
Best and worst practices deploying IBM ConnectionsBest and worst practices deploying IBM Connections
Best and worst practices deploying IBM Connections
 
IBM Connections Troubleshooting or “Get the Cow off the Ice”
IBM Connections Troubleshooting or “Get the Cow off the Ice” IBM Connections Troubleshooting or “Get the Cow off the Ice”
IBM Connections Troubleshooting or “Get the Cow off the Ice”
 
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith BrooksIBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
 
Webinar: IBM Connections Adminblast
Webinar: IBM Connections AdminblastWebinar: IBM Connections Adminblast
Webinar: IBM Connections Adminblast
 
Connect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping dominoConnect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping domino
 
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
 
Logging Wars: A Cross-Product Tech Clash Between Experts
Logging Wars: A Cross-Product Tech Clash Between Experts Logging Wars: A Cross-Product Tech Clash Between Experts
Logging Wars: A Cross-Product Tech Clash Between Experts
 
Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!
 
1050: TDI Solutions Best Practises with IBM Connections Deployments - IBM Con...
1050: TDI Solutions Best Practises with IBM Connections Deployments - IBM Con...1050: TDI Solutions Best Practises with IBM Connections Deployments - IBM Con...
1050: TDI Solutions Best Practises with IBM Connections Deployments - IBM Con...
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good Server
 
The Sametime Mobile Experience
The Sametime Mobile ExperienceThe Sametime Mobile Experience
The Sametime Mobile Experience
 

Similar to IBM Connections Adminblast - Connect17 (DEV 1268)

DEV-1268: IBM Connections Adminblast – IBM Connect 2017
DEV-1268: IBM Connections Adminblast – IBM Connect 2017DEV-1268: IBM Connections Adminblast – IBM Connect 2017
DEV-1268: IBM Connections Adminblast – IBM Connect 2017panagenda
 
DEV-1269: Best and Worst Practices for Deploying IBM Connections – IBM Conne...
DEV-1269: Best and Worst Practices for Deploying IBM Connections  – IBM Conne...DEV-1269: Best and Worst Practices for Deploying IBM Connections  – IBM Conne...
DEV-1269: Best and Worst Practices for Deploying IBM Connections – IBM Conne...panagenda
 
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016:  DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016:  DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsRob Convery
 
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017panagenda
 
IBM Notes Performance Boost - Reloaded (DEV-1185)
IBM Notes Performance Boost - Reloaded (DEV-1185)IBM Notes Performance Boost - Reloaded (DEV-1185)
IBM Notes Performance Boost - Reloaded (DEV-1185)Christoph Adler
 
Integrating BigInsights and Puredata system for analytics with query federati...
Integrating BigInsights and Puredata system for analytics with query federati...Integrating BigInsights and Puredata system for analytics with query federati...
Integrating BigInsights and Puredata system for analytics with query federati...Seeling Cheung
 
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM ConnectionsTip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM ConnectionsSocialBiz UserGroup
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 -  Solving Performance Problems in CICS using CICS Performance A...Session 2546 -  Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...nick_garrod
 
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...SocialBiz UserGroup
 
Aligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed ITAligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed ITDevOps for Enterprise Systems
 
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...SocialBiz UserGroup
 
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...Chris Miller
 
DESY's new data taking and analysis infrastructure for PETRA III
DESY's new data taking and analysis infrastructure for PETRA IIIDESY's new data taking and analysis infrastructure for PETRA III
DESY's new data taking and analysis infrastructure for PETRA IIIUlf Troppens
 
IC6284A - The Art of Choosing the Best Cloud Solution
IC6284A - The Art of Choosing the Best Cloud SolutionIC6284A - The Art of Choosing the Best Cloud Solution
IC6284A - The Art of Choosing the Best Cloud SolutionHendrik van Run
 
TI 1641 - delivering enterprise software at the speed of cloud
TI 1641 - delivering enterprise software at the speed of cloudTI 1641 - delivering enterprise software at the speed of cloud
TI 1641 - delivering enterprise software at the speed of cloudVincent Burckhardt
 
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsComplete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsPyramid Solutions, Inc.
 
What's new in notes domino 901 feature pack 9
What's new in notes domino 901 feature pack 9What's new in notes domino 901 feature pack 9
What's new in notes domino 901 feature pack 9sreeJk
 
2449 rapid prototyping of innovative io t solutions
2449   rapid prototyping of innovative io t solutions2449   rapid prototyping of innovative io t solutions
2449 rapid prototyping of innovative io t solutionsEric Cattoir
 

Similar to IBM Connections Adminblast - Connect17 (DEV 1268) (20)

DEV-1268: IBM Connections Adminblast – IBM Connect 2017
DEV-1268: IBM Connections Adminblast – IBM Connect 2017DEV-1268: IBM Connections Adminblast – IBM Connect 2017
DEV-1268: IBM Connections Adminblast – IBM Connect 2017
 
DEV-1269: Best and Worst Practices for Deploying IBM Connections – IBM Conne...
DEV-1269: Best and Worst Practices for Deploying IBM Connections  – IBM Conne...DEV-1269: Best and Worst Practices for Deploying IBM Connections  – IBM Conne...
DEV-1269: Best and Worst Practices for Deploying IBM Connections – IBM Conne...
 
Session 6050
Session 6050Session 6050
Session 6050
 
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016:  DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016:  DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
 
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
 
IBM Notes Performance Boost - Reloaded (DEV-1185)
IBM Notes Performance Boost - Reloaded (DEV-1185)IBM Notes Performance Boost - Reloaded (DEV-1185)
IBM Notes Performance Boost - Reloaded (DEV-1185)
 
Integrating BigInsights and Puredata system for analytics with query federati...
Integrating BigInsights and Puredata system for analytics with query federati...Integrating BigInsights and Puredata system for analytics with query federati...
Integrating BigInsights and Puredata system for analytics with query federati...
 
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM ConnectionsTip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
 
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
Session 2546 -  Solving Performance Problems in CICS using CICS Performance A...Session 2546 -  Solving Performance Problems in CICS using CICS Performance A...
Session 2546 - Solving Performance Problems in CICS using CICS Performance A...
 
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
 
Aligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed ITAligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed IT
 
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
 
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
 
2829 liberty
2829 liberty2829 liberty
2829 liberty
 
DESY's new data taking and analysis infrastructure for PETRA III
DESY's new data taking and analysis infrastructure for PETRA IIIDESY's new data taking and analysis infrastructure for PETRA III
DESY's new data taking and analysis infrastructure for PETRA III
 
IC6284A - The Art of Choosing the Best Cloud Solution
IC6284A - The Art of Choosing the Best Cloud SolutionIC6284A - The Art of Choosing the Best Cloud Solution
IC6284A - The Art of Choosing the Best Cloud Solution
 
TI 1641 - delivering enterprise software at the speed of cloud
TI 1641 - delivering enterprise software at the speed of cloudTI 1641 - delivering enterprise software at the speed of cloud
TI 1641 - delivering enterprise software at the speed of cloud
 
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom ComponentsComplete Solutions in ECM using IBM, Internal and Third Party, Custom Components
Complete Solutions in ECM using IBM, Internal and Third Party, Custom Components
 
What's new in notes domino 901 feature pack 9
What's new in notes domino 901 feature pack 9What's new in notes domino 901 feature pack 9
What's new in notes domino 901 feature pack 9
 
2449 rapid prototyping of innovative io t solutions
2449   rapid prototyping of innovative io t solutions2449   rapid prototyping of innovative io t solutions
2449 rapid prototyping of innovative io t solutions
 

More from Nico Meisenzahl

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsNico Meisenzahl
 
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being HackedContainer Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being HackedNico Meisenzahl
 
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingFestive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingNico Meisenzahl
 
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesNico Meisenzahl
 
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...Nico Meisenzahl
 
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being HackedKCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being HackedNico Meisenzahl
 
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughKCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...Nico Meisenzahl
 
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedHow to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedNico Meisenzahl
 
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a WalkthroughContainer Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Clusterazdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes ClusterNico Meisenzahl
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Nico Meisenzahl
 
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesContinuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesNico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughNico Meisenzahl
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureAzure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureNico Meisenzahl
 
Microsoft DevOps Forum 2021 – DevOps & Security
 Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 

More from Nico Meisenzahl (20)

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
 
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being HackedContainer Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
 
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networkingFestive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
 
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack KubernetesContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
 
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
 
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being HackedKCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
 
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a WalkthroughKCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
 
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
 
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being HackedHow to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
 
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a WalkthroughContainer Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Clusterazdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
 
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack KubernetesContinuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
 
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a WalkthroughHijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
 
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on AzureAzure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
 
Microsoft DevOps Forum 2021 – DevOps & Security
 Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
 

Recently uploaded

Bitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactiveBitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactivestartupro
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Dublin_mulesoft_meetup_API_specifications.pptx
Dublin_mulesoft_meetup_API_specifications.pptxDublin_mulesoft_meetup_API_specifications.pptx
Dublin_mulesoft_meetup_API_specifications.pptxKunal Gupta
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2DianaGray10
 
HCI Lesson 1 - Introduction to Human-Computer Interaction.pdf
HCI Lesson 1 - Introduction to Human-Computer Interaction.pdfHCI Lesson 1 - Introduction to Human-Computer Interaction.pdf
HCI Lesson 1 - Introduction to Human-Computer Interaction.pdfROWELL MARQUINA
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxmprakaash5
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Transcript: Green paths: Learning from publishers’ sustainability journeys - ...
Transcript: Green paths: Learning from publishers’ sustainability journeys - ...Transcript: Green paths: Learning from publishers’ sustainability journeys - ...
Transcript: Green paths: Learning from publishers’ sustainability journeys - ...BookNet Canada
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
A PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxA PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxatharvdev2010
 
Deliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceDeliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceOpsTree solutions
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationBuild Intuit
 
full stack practical assignment msc cs.pdf
full stack practical assignment msc cs.pdffull stack practical assignment msc cs.pdf
full stack practical assignment msc cs.pdfHulkTheDevil
 

Recently uploaded (20)

Bitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactiveBitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactive
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Dublin_mulesoft_meetup_API_specifications.pptx
Dublin_mulesoft_meetup_API_specifications.pptxDublin_mulesoft_meetup_API_specifications.pptx
Dublin_mulesoft_meetup_API_specifications.pptx
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
 
HCI Lesson 1 - Introduction to Human-Computer Interaction.pdf
HCI Lesson 1 - Introduction to Human-Computer Interaction.pdfHCI Lesson 1 - Introduction to Human-Computer Interaction.pdf
HCI Lesson 1 - Introduction to Human-Computer Interaction.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptx
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Transcript: Green paths: Learning from publishers’ sustainability journeys - ...
Transcript: Green paths: Learning from publishers’ sustainability journeys - ...Transcript: Green paths: Learning from publishers’ sustainability journeys - ...
Transcript: Green paths: Learning from publishers’ sustainability journeys - ...
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
A PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptxA PowerPoint Presentation on Vikram Lander pptx
A PowerPoint Presentation on Vikram Lander pptx
 
Deliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceDeliver Latency Free Customer Experience
Deliver Latency Free Customer Experience
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientation
 
full stack practical assignment msc cs.pdf
full stack practical assignment msc cs.pdffull stack practical assignment msc cs.pdf
full stack practical assignment msc cs.pdf
 

IBM Connections Adminblast - Connect17 (DEV 1268)

  • 1. DEV-1268: IBM Connections Adminblast Nico Meisenzahl, panagenda Christoph Stoettner, panagenda
  • 2. Notices and disclaimers • Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. • U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. • Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. • IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” • Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. • Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. • References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. • Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. • It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law 2
  • 3. Notices and disclaimers continued • Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. • The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. • IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml. 3
  • 4. • Consultant at panagenda • IBM Connections since version 3.0 / 2010 • IBM Notes / Domino since 2008 • Focusing in ICS – Deployment & consulting – Optimization and migration • “panagendian” since 2016 • First time IBM Champion Nico Meisenzahl 4 @nmeisenzahl linkedin.com/in/nicomeisenzahl meisenzahl.org nico.meisenzahl +49 170 7355081 nico.meisenzahl@panagenda.com
  • 5. • Senior Consultant – panagenda – IBM Notes / Domino since 1999 – IBM Connections since version 2.5 / 2009 • Experience in: – Migrations – Administration and Install – Performance Analysis • Focusing in: – IBM Connections deployment und optimization – IBM Connections monitoring • Husband of one & father of two, Bavarian • Beer or Wine? ... Depends Christoph Stoettner 5 @stoeps linkedin.com/in/christophstoettner www.stoeps.de christophstoettner +49 173 8588719 christoph.stoettner@panagenda.com
  • 7. #1 Use custom user for WebSphere services • Stopping WebSphere requires a user and password – soap.client.props – Service definition (/etc/init.d/ or Windows registry) • Increase security – Use different passwords • Plain password on Linux • Encoded (not encrypted) on Windows – Create a local WebSphere user with “operator” access level • WebSphere service user only needs access level to start/stop/restart the environment 7
  • 8. #2 globalSenderEmailAddress is not working completely • <property name="globalSenderEmailAddress">mail@mail.com</property> <property name="alwaysUseGlobalSender">true</property> <property name="globalSenderName">Connections Newsletter</property> • If you use globalSenderEmailAddress (notification-config.xml) – Mails contain reply-to address “news-admin@example.com” – So replies of users can’t be delivered • You need to configure all mail addresses one by one 8
  • 9. #3 Do not change the Community catalog seedlist url • Using https://cnx.pana.local – Connections will try to access seedlists using HTTPS on host cnx.pana.local – Does not support TLS 1.2 • Using https://localhost – This is the default value which will do something complete different – Connections will use a internal (not HTTPS) request to access the seedlists – Supports multi-node environments 9
  • 10. #4 WAS & 4096-bit SSL keys • Will not work out of the box if using 4096-bit key • On IBM HTTP Server • With any third-party integration (iNotes, …) • You need to copy the unrestricted java policy to every node – Download here https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source =jcesdk – Copy to <was_home>/java/jre/lib/security – You need to redo this every WebSphere Java update ;-) • WAS is now able to connect to those hosts 10
  • 11. #5 Configure Textbox.io using JVM generic properties • You can use JVM generic properties instead of the application.conf file – -Dephox.allowed-origins.origins.0=https://cnx.pana.local -Dephox.allowed-origins.origins.1=http://cnx.pana.local -Dephox.allowed-origins.url=https://cnx.pana.local/ephox-allowed- origins/cors – Skip the last line for 5.5 CR2 and later 11
  • 12. #6 Do not trigger seedlist validation regularly • Seedlist validation does NOT delete temp files – New seedlist data will be created every time – Could cause full disk space • <localdata>/search/persistence/seedlist*.attempted.xml • Amount depends on environment • Happens when – Accessing /search/serverStatus – Calling SearchService.validateSeedlist("") 12
  • 13. #7 Tuning your database • Heavily increase performance by running DB2 maintenance tasks • Scripts available within <cnxroot>/xkit/connections.sql/ • Run in following order: – Runstat – Reorg – Runstat • Run them regularly • You need to build own scripts for custom databases – https://meisenzahl.org/2017/02/25/connections-database-performance- tuning/ 13
  • 14. #8 You’re using SPNEGO and don’t know LimitRequestFieldSize? • If so, some of your users may be unable to use SSO – Users with many group memberships – Mostly VIPs ;-) • SPNEGO authentication header can have up to 12392 bytes – Default LimitRequestFieldSize size is 8192 bytes • Add LimitRequestFieldSize 16384 into your httpd.conf – Will prevent: HTTP 400 - Bad Request (Request header too long) – The whole group membership is stored within the header 14
  • 15. #9 “TLS 1.2 only” environments • Possible, but you need: – Connections 5.5 CR2 including latest Textbox.io, FEB – WebSphere 8.5.5.9 • FileNet Config Manager will not work • Docs/Viewer will need a httpd.conf customization – RewriteCond %{HTTPS} !=on RewriteCond %{Request_URI} !/docs RewriteCond %{Request_URI} !/conversion RewriteCond %{Request_URI} !/viewer https://%{SERVER_NAME}/$1 [NE,R,L] • You need to configure some more stuff • Please do not try this with a previous Connections version! – You will find the whole story here https://meisenzahl.org/2016/10/26/using-tls-1-2-only-configuration-with- ibm-connections/ 15
  • 16. #10 Tuning search index • Only use one search dictionary! – Issues since Connections 2.5 • Enable “Accent-insensitive search” – You will find “René” when searching for ”Rene” • Enable “1 to 2 matching” – You will find “Stoettner” when searching for “Stöttner” • Include Connections type ahead search (Apache Solr) • “Ignore Punctuation” setting is not working – Searching for “IBM” will not display “I.B.M” within results 16
  • 17. #11 Do not use IBM JRE for Apache Solr • Apache Solr is needed for Connections type ahead search • IBM JRE will break some Solr Dashboard Widgets • More information (thanks Ben!) – https://collaborationben.com/2016/06/22/which-jre-to-use-with-ibm- connections-solr/ 17
  • 18. #12 How-to: Set EMPLOYEE_EXTENED role for all users • Export all user mail addresses using a SQL export • Change role using a wsadmin call – ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, "mail.txt") • More information – http://www.stoeps.de/adding-employee_extended-to-all-users/ • Changing role directly within the database is not supported! 18
  • 19. #13 Using Textbox.io spellchecking service with Chrome • You need to import your SSL chain into the WebSphere cacerts store – cacerts store is located in <was_home>/java/jre/lib/security – You need to redo this every WebSphere Java update • If not, you will get a HTTP 500 for https://<url>/ephox- spelling/1/correction • More information (thanks Michael!) – https://www.urspringer.de/2016/02/16/ssl-certificate-issue-with-ephox- textbox-io-editor-in-ibm-connections-5-5/ 19
  • 20. #14 Read-only and read-write profile fields • Synced profile fields should be read-only! • Please recheck your configuration – We have seen this too many times! • Customize profiles-type.xml as needed – readwrite – read 20
  • 21. #15 Old URL preview thumbnails are missing after a migration • Thumbnail file path is stored within database – Hard coded, no variables are used • You need to manually adjust them after changing the Connections shared directory path • More Information – https://meisenzahl.org/2016/06/28/url-preview-pictures-not-displayed- migration/ 21
  • 22. #16 ACCE (FileNet Admin Interface) login isn’t working • Exclude /acce from mod_deflate (httpd.conf) – SetEnvIf Request_URI ^/acce(.*) no-gzip dont-vary • Use English as browser language 22
  • 23. #17 Extend SPNEGO exclusion filter • Prevent issues with some widgets – request-url!=/profiles/widget-catalog/;request- url!=/Calendar.xml;request-url!=/Recomm.xml • When using Docs or/and Viewer – request-url!=/docs/;request-url!=/conversion/;request-url!=/viewer • When using Mac Connections Plugin – request-url!=/files/serviceconfigs • Tip: Save krb5.conf and keytab outsize the WebSphere java folder 23
  • 24. #18 FEB browser setup isn’t working • Launches on new installation or upgrade when access /forms • Will not work with non-English browser languages – UI is only available in English • Tip: Use portable Firefox 24
  • 25. #19 Post-upgrade task: Connections fixes • Delete temp directories after every iFix or CR update – <appsrv-profile>/temp/* – <appsrv-profile>/wstemp/* • If not, you will get nice UI bugs ;-) 25
  • 26. #20 Wiki images are missing after 5.5 GA upgrade • Short mod_rewrite rule will fix this issue – RewriteRule "^/library/(.*)" "/wikis/form/api/library/$1" [R,L] • Do not use the fix IBM provided – Insecure mod_proxy configuration! • Fixed with 5.5 CR1 • More information – http://www.stoeps.de/missing-images-in-wikis-after-migration-to-ibm- connections-5-5/ 26
  • 27. #21 Debug FileNet without ACCE • Why? You have issues on startup or you are unable to access /acce • Add debug settings using JVM generic properties – -DskipTLC=true -Dlog4j.configuration=file://log4j.xml • More information – https://meisenzahl.org/2015/12/13/debugging-filenet-issues-without- using-acce/ 27
  • 28. #22 Enable HTTP compression on IHS • LoadModule deflate_module modules/mod_deflate.so • DeflateCompressionLevel 6 • AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE application/atomcat+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/octet-stream AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/xsl • SetEnvIf Request_URI ^/acce(.*) no-gzip dont-vary SetEnvIfNoCase Request_URI .(zip|exe|jar|gz|jpe?g|png)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary 28
  • 29. #23 When doing a FileNet or Docs upgrade… • …do not forget to remap applications – FileNet & Navigator – Docs, Viewer & Conversion • Without they will not be accessible through IHS 29
  • 30. #24 Recheck /docs and /viewer interservice URL • There were some issues in previous versions – Missing interservice URLs – Double entries • Some stuff isn’t working properly without – CCM integration – Access file preview via Activity Stream 30
  • 31. #25 How-to: Delete Communities using REST • First REST call will put the Community into the trash • Second call will purge the Community completely • Tip: When creating Communities within monitoring checks you should execute the REST call twice! • More information – https://www- 10.lotus.com/ldd/lcwiki.nsf/xpAPIViewer.xsp?lookupName=IBM+Connectio ns+5.5+API+Documentation#action=openDocument&res_title=Deleting_ communities_programmatically_ic55&content=apicontent 31
  • 32. #26 Post-upgrade task: Connections database scripts (DB2) • Recheck NUMDB value after every Connections database upgrade – db2 get dbm cfg | grep NUMDB • SQL update scripts sometimes include NUMDB settings • If not, you will get issues when using integrations like Docs, FEB or third-party 32
  • 33. #27 Oracle: Check user password expiration • Oracle database users are created through the Connections Wizard SQL scripts • Oracle default user password expiration value is 365 days – ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED 33
  • 34. #28 Debug user synchronization • Profile & user synchronization (<tdisol>/etc/profiles_tdi.properties) – source_ldap_debug=true – debug_update_profile=true – debug_collect=true • TDI issues (<tdisol>/etc/log4j.properties) – log4j.rootCategory=DEBUG, Default • sync_updates_clean_temp_files=false – This will force TDI not to delete the temp files • LDAP export • Database export 34
  • 35. #29 Connections and Docs with UNC share access • Recheck your configuration after installing Connections or Docs UNC share access – WebSphere variables - Slashes have to be forward slashes – sib-engine.xml - Slashes have to be backward slashes • Alternatively use ${MESSAGE_STORE_PATH} • More information (Thanks Victor!) – https://notesbusters.com/2016/02/22/connections-5-5-install-problem- for-websphere-cluster-settings-with-unc-shares/ 35
  • 36. #30 Don’t miss the DB2 license import • DB2 will work 90 days without a license • You can check your license status using db2licm –l – Expiry date: "Permanent“ • Tip: You will need a new TSAMP license when using DB2 HADR with TSAMP after upgrading to DB2 10.5 FP8 36
  • 37. #31 Debug Windows Connections plugin • Launch DITrace.exe (<installpath>/Connections Desktop Plugins) • Reproduce issues • Save traces using DITrace.exe • More information – https://www-01.ibm.com/support/docview.wss?uid=swg21681420 37
  • 38. #32 Strong ciphers configuration (SSL LABS A) • SSLCipherSpec ALL NONE • SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL +TLS_RSA_WITH_AES_128_GCM_SHA256 SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_GCM_SHA384 SSLCipherSpec ALL +TLS_RSA_WITH_AES_128_CBC_SHA256 SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_CBC_SHA256 • Notes 8.5.x and < TLS 1.2 support (SSL LABS A-) – SSLCipherSpec ALL +TLS_RSA_WITH_AES_128_CBC_SHA38
  • 39. #33 Enable Viewer to preview .xlsm • Required versions – Connections 5.5 CR2 – Docs 2 CR1 • You need to customize viewer-config.json and include some MIME types • Editing macro enabled files will work out of the box • More information – https://meisenzahl.org/2017/01/01/preview-xlsm-files-within-ibm- connections/ 39
  • 40. #34 Reimport Highway settings after 5.5 migration • Otherwise, Activity Streams (Homepage, Profiles) will not work – Access issues caused by missing permissions • Copy “00000000-0000-0000-0000-000000000000.json“ – From <cnxshared>/configuration/ – To <cnxshared>/configuration/update • execfile("highwayAdmin.py") HighwayService.updateSettingsFromFile() • More information (Thanks Michele!) – https://www.ibm.com/developerworks/community/blogs/4021cbfe- 77ed-4a39-89de- 59b2fd63adb5/entry/IBM_Connections_5_5_403_error_for_the_Activity_S tream_in_Profiles_after_migration?lang=en 40
  • 41. #35 Connections 5.5 browser push notification • New App: PushNotification • Based on long-polling requests – Client sends POST request to /push/form/comet/connect – Server holds the request open and waits until response information becomes available – Server responses or timeout kills the request – Client sends new POST request... • Recheck your threads configuration on IHS and WAS – ThreadLimit in httpd.conf – Web Container Thread Pool for every App-Server 41
  • 42. #36 Customize log language • WAS: Customize JVM generic properties for all JVMs – -Duser.language=en -Duser.region=US – Non-English logs are causing issues • TDI: Customize ibmdisrv.sh/bat – LOG_4J="-Dlog4j.configuration=file:etc/log4j.properties” - Duser.language=en -Duser.region=US 42
  • 43. #37 Secure your mod_proxy configuration • LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so • ProxyRequests Off • <Proxy *> Order deny,allow Allow from all </Proxy> • ProxyPass /abc http://<fqdn>/abc ProxyPassReverse /abc http://<fqdn>/abc 43
  • 44. #38 Monitoring WAS • Using PMI – Analyze WebSphere related stuff (Connections pool size, Heap size) – Included – More information • http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.webs phere.nd.multiplatform.doc/ae/cprf_pmidata.html • Using Health Center – Full stack (CPU, I/O, Java runtime, Threads) – Eclipse IDE Plugin – More information • http://www.ibm.com/support/knowledgecenter/SS3KLZ/com.ibm.java.diagno stics.healthcenter.doc/topics/introduction.html 44
  • 45. #39 Configure log rotation • WAS – Within JVM settings – Don't forget to configure all JVMs – Issues within Connections installer • Recheck settings after installation! • DB2 – db2 update dbm cfg using diagsize 256 – Delete logs after X days (crontab, scheduled task) • TDI – Customize <tdisol>/etc/log4j.properties • log4j.appender.Default=org.apache.log4j.RollingFileAppender log4j.appender.Default.MaxFileSize=10MB log4j.appender.Default.MaxBackupIndex=10 • IHS – Customize httpd.conf • ErrorLog "|/<ihsroot>/bin/rotatelog –l /opt/IBM/HTTPServer/log/error_log.%Y.%m.%d 10M" • CustomLog"|/<ihsroot>/bin/rotatelog –l /opt/IBM/HTTPServer/log/access_log.%Y.%m.%d 10M" common – Delete logs after X days (crontab, scheduled task) 45
  • 46. #40 How-to: Add customized profile types • Why? – Customize displayed/available profile fields – Enable or disable profile widgets • Configure “profileType” within map_dbrepos_from_source.properties • Customize profiles-types.xml • Customize widgets-config.xml – <layout resourceSubType=”<customprofile>”> … </layout> – profileType default needs to be the last one 46
  • 47. #41 How-to: Configure mobile push using forward proxy • Connections environment is unable to connect to Apple/Google push gateway directly • Customize mobile-config.xml – <ProxyHost> </ProxyHost> <ProxyPort> </ProxyPort> • Configure authentication alias if needed – proxyMobilePushNotificationJAASAuth 47
  • 48. #42 WebSphere & DH key size • WAS supports only 2048 bit or less • Enforce a specific DH key size – <washome>/java/jre/lib/security/java.security • jdk.tls.disabledAlgorithms=DH keySize <768 • Define DH key size on Domino – Default DH key size was increased to 4096 bit with Domino 9.0.1 FP4 IF2 – SSL_DH_KEYSIZE=2048 (notes.ini) • Requires at least Domino 9.0.1 FP3 IF2 – Mail integration! • More information (Thanks Ben!) – https://collaborationben.com/2016/07/12/ibm-connections-mail-and- ephemeral-diffie-hellman-key-size-error/ 48
  • 49. #43 Post-upgrade task: CR2 Surveys • Rewrite /forms to prevent broken links/bookmarks – RewriteRule ^/forms/(.*)$ https://%{SERVER_NAME}/surveys/$1 [NE,L,R] 49
  • 50. #44 Extend wsadmin on Linux • rlwrap will allow you to use command history and arrow keys within wsadmin – https://github.com/hanslub42/rlwrap • rlwrap ./wsadmin –lang jython • This is also working for other command line based tools – db2 – SQLPLUS 50
  • 51. #45 Include mobile links in notification mails • Allows users to access content using Connections mobile apps • notification-config.xml – <includeMobileLinksInNotifications>true</includeMobileLinksInNotification s> 51
  • 52. #46 Monitoring IHS • Customize httpd.conf – LoadModule status_module modules/mod_status.so – <IfModule mod_status.c> ExtendedStatus On <Location /server-status> SetHandler server-status Order deny, allow Allow from 127.0.0.1 </Location> </IfModule> • Access using /server-status 52
  • 53. #47 Enable LDAP groups with two or more Domino directories • Enable your Connections environment to use more than one Domino directory – Internal and external users – Special directory topology • Define your repositories with their Base DN • You need to edit the wimconfig.xml – These changes are not supported within ISC • Customize following lines (one line for every repository) – OLD: <config:baseEntries name="o=pana" nameInRepository="o=pana"/> NEW: <config:baseEntries name="o=pana" nameInRepository=""/> – No need to customize other lines! 53
  • 54. #48 connectionsAdmin J2C role • Do not use a local WebSphere repository user • Many problems are related to this – Thumbnail generation in Gallery (3.0) – CCM and Docs stop working after some time (5.5) – Easier CCM migration (side-by-side) • Changing the connectionsAdmin user is possible – https://www- 10.lotus.com/ldd/lcwiki.nsf/dx/Change_password_of_connectionsAdmin 54
  • 55. #49 Mail Integration with external users • Mail Integration should be deactivated for all external users by default – header.jsp script is not working correctly – ROLE_mail-user Cookie is set to true • Use LDAP group instead of “All authenticated in Application's Realm” to prevent errors – mail-user role needs to be changed in following Apps • Common • WidgetContainer 55
  • 56. #50: Use variables in widgets-config.xml • Widget documentations often show path names in widgets- config.xml • Or even worse copies files to application ear • Better move the files to {CONNECTIONS_CUSTOMIZATION_PATH}/communities • Use {communitiesSvcRef} as a replacement in widgets- config.xml • If you want to change the PATH, just change the WebSphere variable 56
  • 58. Headquarters, Austria: panagenda GmbH (Ltd.) Schreyvogelgasse 3/10 AT 1010 Vienna Phone: +43 1 89 012 89 Fax: +43 1 89 012 89-15 E-Mail: info@panagenda.com Headquarters, Germany: panagenda GmbH (Ltd.) Lahnstraße 17 DE 64646 Heppenheim Phone: +49 6252 67 939-00 Fax: +49 6252 67 939-16 E-Mail: info@panagenda.com USA: panagenda Inc. 60 State Street, Suite 700 MA 02109 Boston Phone: +1 617 855 5961 Fax: +1 617 488 2292 E-Mail: info@panagenda.com Germany: panagenda Consulting GmbH (Ltd.) Donnersbergstraße 1 DE 64646 Heppenheim Phone: +49 6252 67 939-86 Fax: +49 6252 67 939-16 E-Mail: info@panagenda.com The Netherlands: Trust Factory B.V. 11th Floor, Koningin Julianaplein 10 NL 2595 AA The Hague Phone: +31 70 80 801 96 E-Mail: info@trust-factory.com © 2007-2015 panagenda Make Your Data Work for

Editor's Notes

  1. Wo broken links? Evtl info hinzufügen dass das in cr2 geändeert wurde