IBM_connections-460x250

What not to miss at IBM Connect 2017: Connections Pink

IBM Connect 2017 takes place later this month in San Francisco, and the last-minute push to increase attendance is already underway. I’m a big fan of the new venue, and the shift from Florida to California, and so really hope that the event is a huge success.

One of the interesting aspects of the registration push has been the unveiling of some information that previously being kept relatively quiet – if not under NDA, certainly out of the limelight

IBM Connections Cloud maintenance screenshot

Giving the wrong impression

IBM Connections Cloud maintenance screenshotLike many long-time IBM Connections Cloud users, my muscle memory was to access the site via the lotuslive.com URL (the longest-lasting of the few brands that service has had over the years).

Sadly IBM has now retired this, and so collabserv.com seems to be the way to go (you may remember that my thoughts on that domain have never been particularly positive).  This is what you get when you arrive there – see the screenshot for full context:

Maintenance Window
In order to continue providing you quality service, we will be performing planned maintenance to the IBM Connections Cloud services on the following schedule

Now I’m not arguing that IBM doesn’t need to tell users (or at least organisation administrators) that there will be potential downtime in the near future, but it seems very curious to make this the ‘front and centre’ experience that all users see when going to the most obvious service URL. It appears to accentuate the fact that this isn’t an ‘always on’ service, and is something that I cannot imagine Google or Microsoft doing on their primary customer-facing home page for a paid service.

IBM Connections Cloud untrustedWhat makes this even more odd is that when the user then clicks on ‘Sign In’ to actually access their Connections Cloud account, they get a pop up that reads as follows (again, see the screenshot for context):

Leaving the IBM Web site
You are now leaving the IBM Web site. IBM makes no representations or warranties about any other Web site which you may access through this one. When you access non-IBM Web sites, even though they might contain the IBM logo and content regarding IBM’s products and services, such Web sites are independent of IBM and IBM has no control over the operation of non-IBM Web sites. In addition, a link to a non-IBM Web site does not mean that IBM endorses that Web site or has any responsibility for the use of such Web site.

Yep, you can’t make this up. This message actually suggests that the login to a customer’s paid Connections Cloud account is in some way untrustworthy. Again, hardly inspiring confidence in the service…

Now, I know there might be a better, more specific URL to use to login (Most likely https://apps.na.collabserv.com/), and some larger customers may have vanity URLs for their own Connections Cloud service. However, for the majority of accounts, including those new to the service, this is not a great customer experience.

Am I missing something? Is there a better route into Connections Cloud for the uninitiated?

Either way, I see no reason why this experience shouldn’t be improved for those that hit that collabserv.com URL themselves.

CGate screenshot

CGATE – an easy-to-use front end for IBM Connections

Interesting release from Swedish ISV, EGBS:

CGATE is a delightful and easy to use front end for IBM Connections. It will be customized to your organization and your employees – no need to adapt your processes to the tool, or for your employees to learn a new vocabulary. The users will get started in no time, leveraging the power of collaboration without the need for extensive training or user adoption programs. All content is stored in IBM Connections, so there is no need for an additional system to manage content. You will discover how CGATE will make collaboration a natural part of the work day – powering your intelligent organization.

Look out for more details next week when I get to experience and review the CGate solution in more detail.

More >

POODLE in the repeat

POODLE in the repeat

Lately we have heard a lot of POODLE I have already blogged about it twice here and here at ibmconnections.com. But there is much more to tell about it so that the reason I am creating this article.

Nowadays when we talk about POODLE we have to specify which one (to make things easier 🙂 ). Nowadays we have POODLE SSLv3 and POODLE TLS. The one we call POODLE SSLv3 bites IBM Connections the most but POODLE TLS is easier to exploit. So for environments which are connected to the internet I advise you to be sure that both variants of POODLE are not exploitable at your implementation.

I will try to describe both variants in detail and how it/they can be solved. Lets first start with POODLE SSL v3

POODLE SSLv3

The news about this first POODLE exploit was brought to the world as a major problem while in fact the problem wasn’t that big if you ask me. The problem itself was there where still site’s out there who did support SSLv3. SSLv3 has shown in the past that it isn’t sufficient anymore as a secure protocol. I will try to describe why I think it wasn’t really such big news as it was brought by all news agencies. Normally when a clients connect to a server the clients tells the server the highest secure protocol it supports (this is what is generally is called  the ClientHello package). Within this ClientHello package the clients also send also all cipher suites (these cipher suites are the real data encryption packages) it supports for that version of SSL/TLS. The server then responds with 3 things ServerHello and Certificate and ServerHelloDone messages. Within the ServerHello message the server will send the protocol it is gonna use. This is decided on the protocol version send in the ClientHello message and the highest version the server supports. So for the real world (which is kind of dependent on browser behavior and version) this means in general that TLS1.2 is used. But with the POODLE SSLv3 bug if both parties supported SSLv3 it was possible by the attacking code to force the connection down from TLS1.2 to SSLv3 (with all the intermediate protocols because you can always fall back only one version at a time). So when this happens a user would still see it has a secure connection but it is over SSLv3 (and not the most sucre possible way between server and client as they bot did support TLSv1.2). The cipher suites used in SSLv3 are all general seen as insecure (only RC4 seems to be the most secure one) and fairly easy to decrypt unintentionally. So as you can see POODLE SSLv3 wasn’t the real problem if you ask me ! but that the server (and or client) still supported SSLv3 was the real problem :-). I added a screenshot to show how that traffic flows between the client and the server so you have and idea what happens on the network to build a SSL/TLS connection.

dFU6e

With IBM Connections we always had to enable the HTTP server with SSLv3 because the code within IBM Connections was still making use of SSLv3 calls to itself. The reason for that is that in the code they made use for example with code like this SSLContext.getInstance(“SSL”). Within the IBM JDK JSSE interface this SSL Keyword translated to make use of SSLv3. This was basically a combination of 2 problems , one that they still used a bit of outdated code within IBM Connections binaries , and also of the JSSE implementation in the IBM JDK that the keyword SSL still translated to make use of SSLv3. As said and stated by me, SSLV3 shouldn’t be used already for many years if you ask me 🙂

Well for IBM Connections we have a solution now (luckily) I will talk about that a bit later in the article.

POODLE TLS

The original attacking method of POODLE was made so that they made use of the padding bytes. Within SSLv3 nobody (wel thats a assumption) did a check on those padding bytes. Within the TLS specification it is specified to check on those padding bytes but most of the implementations out there didn’t do that (which makes the officially incompatible with the TLS’s RFC’s but okay 🙂 ) . So that makes TLS connections which make use of CBC cipher’s also vulnerable when they don’t check those padding bytes (and the funny thing about this is that most of the devs creating these encrypting/decrypting libararies still used the old functions/implementations within their code base which didn’t check those padding bytes). The IBM HTTP Server (IHS) which makes use of gskit for the data encrypting/decrypting part functionality of the SSL/TLS implementation where the rest of the world makes use of OpenSSL. So in the case of the IBM World we need to make sure if the CBC encrypting/decrypting routine checks on those padding bytes. Well I can tell you that older version of those gskit didn’t do that and are vulnerable to those POODLE on TLS attacks also.

But also for that there is a solution where I talk about a bit later in this article.

Solution POODLE SSLv3

Well as explained above there are 2 ways how this could have been solved. IBM did choose to fix it on the IBM JDK side instead of the original problem, the code itself. To solve it on the IBM JDK side we have to install a Interim Fix on top of WebSphere which updates the IBM JDK so that the SSL Keyword doesn’t force a SSLv3 connection anymore but a TLS connection. For the different IBM Connections version I will list the Interim Fixes needed.

For IBM Connections 3.0.1 and 3.0.1.1 and 4 you have to apply iFix PI28934
For IBM Connections 4.5 you have to apply PI29575
For IBM Connections 5.0 you have to apply PI28920 or PI28437

The strange thing is that for IBM Connections 5 (which is running on WebSphere 8.5.5.x) we have 2 iFixes available. Personally I have tried to use PI28920 and couldn’t get that iFix to work but I got some reaction from IBM Connections community (for instance from Klaus Bild) that they where able to use to iFix to get SSLv3 switched off. I personally have used PI28437 several times now with success. PI28437 (SDK6 (J9 2.6) SR8 FP1) also installs a newer version of the JAVA SDK then the PI28920 (SDK6 (J9 2.6) SR7 FP1) so my advice is to make use of the PI28437 iFix instead of the PI28920

After you have installed this iFix you can safely disable SSLv3 on your IHS (IBM HTTP Server). This can be done with the SSLProtocolDisable SSLv3 in your vHost configuration part of the config file(default httpd.conf) for your IHS.

Solution POODLE TLS

As described above also the gskit implementation has some problems regarding the checking of the padding bytes. To tell the gskit implementation that we want a strict checking on those padding bytes we have to add the following setting
SSLAttributeSet 471 1 to the config file (default httpd.conf) to all VHOST sections which have SSLEnable in them. This setting can only be applied to the following IHS versions.

  • 7.0.0.33 or later
  • 8.0.0.9 or later
  • 8.5.5.2 or later

For other release version which can not be upgraded, for whatever reason, to the above specified versions you can install any of the following iFixes as what I understood from this technote to make use of this SSLAttributeSet 471 1 setting.

  • PI17025
  • PI05309
  • PI08502
  • PI09443
  • PI13422
  • PI19700
  • PI26894

So I hope this makes everthing a bit more clear in the POODLE jungle out there 🙂

If you have any addition to this story please let me know so I will update the article.

BBC: New social network aimed at improving education (IBM Connections)

This is terrific – a BBC Click article discussing how IBM is help local education institutions to evaluate the use of social platforms and analytics to assist students to learn:

IT company IBM and Brockenhurst College in the UK have created a private social network to help give staff a better understanding of their students and tailor lessons to them.

Students can use the system to find out more information about their course, watch videos and chat with others at a sister college in China.

The network can also monitor social media – with consent – to see if students might be underperforming or struggling.

The solution features IBM Connections.

Check the BBC article to view a short overview video (hopefully available worldwide), those in the UK can watch the full programme.

Stop sending me attachments!! Part 2: the analysis…

So there are many reasons why people have their habits (part 1), not least in the product they use in their daily work life. So in part 2 I will explore the technology angle and look for causes why tools are the way they are and why a seamless integrated platform is harder then it looks.

The idea of seamless and effortless integration of products…

So while this is happening the quasi religious war is being fought. People are searching for purposeful ways to work. Can we make tools that help them to just be more collaborative? Can we make it so that people don’t need to change habits? That culture can adapt to the new ways? Can the tools facilitate the old habits and ways? And at the same time, create a simple cross over to the new and more efficient ways of working?

So let’s start with some simple facts:

  • People do use documents to “solidify” knowledge.
  • Most people live in their email client and send word/excel documents as attachments.
  • Products are NOT integrated well.
  • Adaptors and plugins are just NOT helping enough.
  • People have habits that work for them and habits are hard to change.

Seamless IntegrationIn case of IBM Connections and IBM Notes this is clearly the case. But that’s not unique in the marketplace, by the way! Products have been dealt with by different groups. Notes is a 25 year old product and on the other hand Connections is just 7 years old (ok, the roots of the products can be traced to internal projects, but still). So it’s not weird that the products have their own ways and create their own habits. And believe me e-mail is not dead, not by a long shot. So over time other mail clients appeared in the marketplace, like Gmail, Yahoo Mail, Hotmail and Apple Mail. All in all THE most common way to collaborate is through e-mail and documents. For both within organizations and beyond, it’s simply the least common denominator in most cases. Collaboration based on e-mail has run into many issues over the years and fixed them. The standards lack precision so there are issues between technology implementations. e-Mail is still not secure from end user to end user after 25 years+.  Attachments get bounced because of size. Calendar items are handled differently by everyone. This causes lots of problems in everyday worklife. Who has not dealt with calendar problems, file size issues (it’s just too big) and security worries (viruses and unencrypted mail traffic)?

That said, e-mail is still one of the best use cases of product evolution. Some e-mail clients have added features on top of features for many years now. They have become truly amazing information processing products. Integrated with calendaring, task management and contacts databases.

But lets go back a step. In the last 10 or so years we have seen the arrival of new collaboration solutions that augment e-mail and are “more” social. They create places where people can work on documents online, co-create and share knowledge with others. And yet, these new products do not integrate well (not being by the same father or even the same family). At best “notifications” are sent into the old-and-trusted mailbox of the user. The notifications try to get them to come over to the more collaborative space where they can collaborate on a document. But the products are still siloed, each having their own space. It’s the innovator dilemma happening in real life, since the old products still make money and people are used to them. While the new products have not disrupted the marketplace enough to truly replace e-mail at this point. This causes the situation where their is a multitude of solutions to for users to choose from on how to collaborate.

The e-mail client is changing, hopefully for the better. At least that is what the signs in the marketplace is, Microsoft, Google and IBM are all looking for better ways of doing e-mail. IBM has a project called Mail.Next… Google is working on the next generation Inbox. So everyone in the marketplace is trying to reinvent e-mail. No believe me, the future is upon us. So why worry? All the issues will be fixed in the Cloud Service or Startup Innovation or New App or the Next version of the same product…

Somehow we (=enterprise users) feel left behind. The on-premise customers. Even when there is a product release. We work and slave for another 9-12 months before we can help our end users to make a next step. In reality of our workplace it will take another 2 years before we can reap the benefits of the IBM Mail.Next initiative. And even Google is cautious to just replace their old and trusted Gmail product with the new Inbox, so this innovator of cloud is not moving as fast as you might expect.

So what do we as users want? We want to see evolution in small steps and at a faster pace. While the products are being reinvented, we want to see the the gaps closed now in anticipation of the future convergence of products into “collaboration platforms” that can support purposeful collaboration and do actually integrate seamlessly over product and vendor boundaries.

In the last part I will present ideas that try to innovate and iterate the products and platforms use to get our job done. Ideas that make technology help users to change habits in an effortless way.

An update on IBM Connections and the POODLE vulnerability

*** UPDATE: 10:53GMT, 3 November 2014 ***

As reader Oliver Regelmann has commented below, these fixes are sadly not for the POODLE issue at all, but to fix an altogether different vulnerability in Connections, caused by a issue in Apache Commons FileUpload.

My fellow contributor, Sjaak Ursinus, created a detailed post a couple of weeks back detailing the impact that the POODLE vulnerability could have on your IBM Connections platform, and the steps required to code a route around the issue (though Sjaak himself noted that it wasn’t much of a workaround).  If you haven’t heard of POODLE, then I suggest you go read Sjaak’s post now.

Just a few days ago, IBM Connections product manager Luis Benitez added a comment to the post linking to IBMs technote on the topic.

Since then, IBM has released a further update, and this post attempts to bring you the latest news on the issue.

Firstly, the vulnerability itself:

A security vulnerability was reported against Apache Commons FileUpload. IBM Connections uses Apache Commons FileUpload. A version of the package that is vulnerable to these issues is used in several past versions of IBM Connections. To fix this vulnerability apply the fixes as detailed in the Remediation section.

CVE-ID: CVE-2014-0050
Description: MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop’s intended exit conditions.
CVSS Base Score: 5.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90987 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This vulnerability affects all versions of IBM Connections, including all releases under IBM support and maintenance, i.e. 5.0, 4.5, 4.0 and 3.0.1.1.

The good news is that IBM has released fixes for all these versions, including the somewhat ancient 3.0.1.1, which I think is pretty impressive:

Apply the appropriate fix pack or APAR to remediate these issues as per this table. Note, if possible, it is always recommended to upgrade to the most recent release of IBM Connections.

Product Version Remediation
IBM Connections 5.0 Upgrade to IBM Connections 5.0 CR1
IBM Connections 4.5 Upgrade to IBM Connections 4.5 CR5 and apply Interim Fix APAR LO82478
IBM Connections 4.0 Upgrade to IBM Connections 4.0 CR4 and apply Interim Fix APAR LO82478
IBM Connections 3.0.1.1 Upgrade to IBM Connections 3.0.1.1 CR3 and apply Interim Fix APAR LO82478
IBM Connections 3.0.1 and earlier releases Either upgrade to IBM Connections 5.0 CR1 or upgrade to IBM Connections 3.0.1.1 CR3 , apply prerequisites and apply APAR LO82478

Whichever version of IBM Connections you run, my advice is that it really is imperative to get these fixes onto your systems as quickly as is reasonably possible – particularly if your Connections system is available to external access.

Using IBM Connections? Please complete this research survey!

My good friend and esteemed analyst and author, Michael Sampson, is asking for feedback on your usage of IBM Connections:

I am running a research survey on how organizations are using IBM Connections. The survey has 17 questions, spread across four pages:

  • Demographics and Current State of Connections
  • Current and Forecasted Use of IBM Connections
  • Upgrading to Connections 5.0
  • Satisfaction, Value, and Next Steps

If you are decision-maker with reference to IBM Connections at your organization, please take the survey.

If you know people who are using IBM Connections at their organization, could you please forward them the link and ask them to take the survey?

Michael has run similar surveys previously, and the results have been very useful in terms of understanding the take-up of Connections across the world, and also the value derived at both the individual and the organisational level.

Please do take a few minutes to complete the survey – your input will be much appreciated!

Ovum Research publishes ‘SWOT Assessment: IBM Connections Version 5.0 and IBM SmartCloud Connections’

Ovum Research ‘create tangible business advantage for our customers by providing actionable intelligence that can be relied upon in evaluating opportunities, benchmarking performance, and making better business-critical decisions.

In short, they research and analyse the IT industry, thus providing insight to their customers – usually commercial organisations looking to take strategic decisions on IT investments.

They’ve just published a new paper, entitled ‘SWOT Assessment: IBM Connections Version 5.0 and IBM SmartCloud Connections‘.  In it they analyse IBM’s solutions in the Social Business area – Connections and SmartCloudConnections, covering the following:

[titled_box title = “Report contents”]

Features and Benefits

  • Understand the business issues that IBM is trying to address with its file sync and share offering.
  • Learn about the strengths, weaknesses, opportunities, and threats pertaining to IBM Connections from an enterprise file sync and share perspective.

Key Questions Answered

  • Why consider IBM Connections / IBM SmartCloud Connections?
  • What are the key strengths and weaknesses of IBM Connections?
[/titled_box]

Sadly (though understandably) the report is only available to Ovum’s paying customers.  However, if your organisation is currently evaluating whether to deploy either of these products, I have no doubt that this research piece could be very useful purchase…

IBM Connections 4.5 CR5 is now available

When IBM Connections was first released, all patches to the on-premises code were released as iFixes – individual fix packages that could be installed and deinstalled individually. This was really flexible and allowed issues to be patched very quickly but also lead to very time-consuming patching processes and almost every system I visited had a different set of code updates installed. Not ideal!

For the past few versions, IBM has managed updates to Connections using Cumulative Refreshes (CRs). These packages consist of a set of cumulative fixes for each of IBM Connections applications.  This is a much more manageable approach, with approximately one CR released each quarter to be installed, and single fixes available from IBM support should an issue be particularly serious.

The latest CR for IBM Connections 4.5 has just been released:

[titled_box title = “Cumulative Refresh 5 summary”]CR5 is a set of 20 fix packages, which update each application entirely. Please apply all 20 fix packages together. The CCM (Connections Content Management) package should only be installed on Connections environments which have Content Management configured. In addition to these 20 fix packages, there is a new TDISOL version released along with CR5, which can be installed on any 4.5 Connections environment. Please download TDISOL 4.5 2014-07-10 from Fix Central.

CR5 uses the same version of the Update Installer as CR4, which is published in Fix Central under this link: 4.5.0.0-IC-Multi-UPDI-20131020

CR5 includes all fixes in CR1, CR2CR3, and CR4, plus fixes LO74499 and LO74629, listed in this document. It also includes LO74571 for Connections Mail support. It is not necessary to apply these previous fixes if you are installing CR5. CR5 can also be applied on environments that have those fixes already applied.[/titled_box]

You can download IBM Connections 4.5 CR5 from Fix Central.

Experiences with IBM Connections 5

GIS blog logoI just wanted to quickly recommend a couple of posts from Julius Schwarzweller at German IBM business partner, GIS AG.

He was quick to get hold of the new IBM Connections 5.0 release and has been working with it for the past few weeks. He’s been kind enough to document his findings on a couple of blog posts, My experiences with IBM Connections 5 and My Experiences with IBM Connections 5 – Part 2.

In part 1, Julius discusses some of the details of installation and of configuring the new External Communities functionality.

In part 2,  he goes onto outline more of the features that have been added to the new release.

Well worth digesting if you’ll be looking to deploy Connections 5 in the near future!

Apache Struts security issues ‐ time to patch your IBM Connections install

I’ve just come across an IBM technote from May 2014 that has been updated over the last few days, listing details of a number of vulnerabilities in Apache Struts:

[titled_box title=”Vulnerability Details”]Several security vulnerabilities have been reported against Apache Struts through April 2014. IBM Connections uses Struts. A version of the package that is vulnerable to these issues is used in several past versions of IBM Connections. To fix these vulnerabilities apply the fixes as detailed in the Remediation section.

The following versions of IBM Connections are impacted:

IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0
IBM Connections 3.0.1.1 and earlier releases[/titled_box]

There are fixes for all the above mentioned versions of Connections.  Here are the two most recent:

IBM Connections 5.0 Apply APAR LO80688
IBM Connections 4.5 Upgrade to IBM Connections 4.5 CR4 and apply Interim Fix APAR LO81215

I would definitely recommend getting these security fixes on ASAP, particularly if your IBM Connections platform is public-facing…

Ephox EditLive for IBM Connections updated

The powerful enhanced rich text editor for IBM Connections, Ephox EditLive, has just been updated to version 2.5.2.45 and is available from IBM FixCentral:

1.

interim fix: 

Ephox EditLive 2.5.2.45 for IBM Connections 4.5.

Platforms: AIX, Linux, Windows
Applies to versions: 4.5.0.0
Upgrades to:
Severity: 30 – Moderate Impact/High Probability of Occurrence
Categories: Function
Abstract: This is the Ephox EditLive editor, version 2.5.2.45, for use with IBM Connections 4.5.
Restrictions: entitled, license
Jul 19, 2014

Now bundled with IBM Connections for all organisations under active maintenance, Ephox adds significant value for users of the platform.

This video shows the solution in action:

[youtube url=”http://www.youtube.com/watch?v=iwXfYX79e_M” width=”600″]

Whilst this power doesn’t come free of some administrative complexity, deployment of EditLive should definitely be a consideration in most Connections environments.

IBM Connections QuickSearch for Chrome updated

I first blogged about the IBM Connections QuickSearch plugin for Google Chrome three weeks ago. Back then it was at version 1.8.

Remarkably since then the author, Romain Lienard, has released four updated versions:

[titled_box title=”Changelog for IBM Connections QuickSearch”]

V.2.2:
– New group feature !!!
– Can now post a message to the user’s board with @mention (using the new group feature)
– Can now share a File to a group of users. To unlock the “share this file” feature you have to be first on a webpage which is an IBM Connections File URL

V2.1:
– “share this URL” now works with communities (with typeahead)

V2.0:
– new “share this URL” feature
– UI bug fixes

V1.9:
– a context menu is now available. Just select some piece of text within any webpage, then right-click and select a service to fire the search !

V1.8.1:
– can now set a default scope (in the options page)[/titled_box]

I’m so impressed by this development effort, and by the rate that new features are being added.

For example, the context-sensitive search:

QuickSearch menu

and ‘Share this URL’:

QuickSearch share

If you access IBM Connections on a regular basis and use Google Chrome as your main browser, you really would benefit from this plugin.

Grab it from the Chrome Store (it’s free), and say a big thank you to Romain (@lienardr)!

IBM Sanity Validation Tool for IBM Connections 4.5

A new and very neat IBM tool has been added to the IBM Collaboration Solutions Catalog in the last week or so:
[titled_box title = “The Sanity Validation Tool for IBM Connections 4.5”]The Sanity Validation Tool for IBM Connections 4.5 release was developed to help developers, system administrators, support engineers and eventually customers during their deployment of Connections. The tool was designed with the ability to run Pre-install, During and Post installation to verify a handful of common configuration requirements and settings. Refer to the Read Me file for list of System, Websphere, Database, IHS configuration settings the tool validates. The tool supports installation on Linux/DB2 LDAP.[/titled_box] You can download by clicking through from the Catalog, or by going direct to the ‘Lotus Business Solutions IBM Download site‘, logging in with your IBM ID and then searching for ‘Sanity’ to find the download in the very long list of tools on that site (there’s all sorts of interesting stuff on that list, something to investigate on a rainy day!).  You then need to fill in the obligatory IBM survey (‘Select which best describes your plans to use this software’ etc.), agree to the license and then you get to download the 176KB zip file.

Unpacking the zip file gives a folder named ‘sanity as of 9 16 2013’ (so this code has obviously been kicking around inside IBM for a while now!). This folder contains the code to be installed on your Linux server, plus a rudimentary README.txt file:

Sanity Tool unzipped

This is the first I’ve seen of this tool, so these are my comments as I go.

  1. Put the ‘sanity’ folder from inside the unpacked zip file somewhere memorable on your Connections 4.5 server (I used /opt/IBM/sanity).
  2. Check you have Python 2.6.x installed by running ‘python’ as root, e.g.
    [root@myserver sanity]# python
    Python 2.6.6 (r266:84292, Aug 28 2012, 10:55:56)
    [GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
    Type “help”, “copyright”, “credits” or “license” for more information.
  3. Make a backup and then edit conf.json using your favourite text editor, correcting these default values: [titled_box title = “Default configuration values”]”params”:{
    “connections.pathCon”:”/opt/IBM/Connections”,
    “connections.pathShare”:”/opt/IBM/Connections/data/shared”,
    “connections.pathConInst”:”/root/IBM_Connections_Install_Linux”,
    “db2.servers”:[
    {
    “name”:”activities”,
    “location”:”ictools2.swg.usma.ibm.com”,
    “username”:”db2inst1″,
    “password”:”password”,
    “path”:”/opt/ibm/db2/V10.1″,
    “dedicatedUser”:”lcuser”,
    “wizardsLocation”:”/Wizards”,
    “port”:”50000″
    }
    ],
    “driver.saveResults”:1,
    “driver.saveResultsPath”:”testResults.json”,
    “driver.quietDependencyCheck”:0,
    “IHS.pathIHS”:”/opt/IBM/HTTPServer”,
    “IHS.pathKey”:”/opt/IBM/HTTPServer/keys/ihskey.kdb”,
    “IHS.pathStash”:”/opt/IBM/HTTPServer/keys/ihskey.sth”,
    “ldap.java”:”/home/lcuser/jre1.7.0/bin/java”,
    “ldap.server”:”ilyavm.swg.usma.ibm.com”,
    “ldap.port”:”389″,
    “ldap.user”:”cn=root”,
    “ldap.password”:”lcsecret”,
    “ldap.base”:”o=renovations”,
    “ldap.filter”:”(&(objectClass=inetOrgPerson))”,
    “system.pathDB2″:”/opt/ibm/db2/V10.1”,
    “system.pathInstMan”:”/opt/IBM/InstallationManager”,
    “tdi.location”:”local”,
    “tdi.username”:”db2inst1″,
    “tdi.password”:”lcsecret”,
    “tdi.path”:”/opt/IBM/TDI/V7.1″,
    “websphere.pathWAS”:”/opt/IBM/WebSphere”,
    “websphere.server”:”ictools2.swg.usma.ibm.com”,
    “websphere.srvName”:”server1″,
    “websphere.profile”:”AppSrv01″,
    “websphere.cell”:”ictools2Cell01″,
    “wsadmin.user”:”Dmgr01″,
    “wsadmin.pass”:”passw0rd”[/titled_box] This is a little bit of a faff to get right initially, but once done can stay static for all future testing, and most likely can be used as a template for future installs of the tool on other systems.
  4. Run ‘python cmd_frontend.py’ as root (or as the user you use to run Websphere and Connections).  This kicks off a whole series of tests, e.g.: [titled_box title = “Running Sanity Check from the command line”][root@myserver sanity]# python cmd_frontend.py
    Welcome to the Sanity installation validation tool.
    Configuration File Location (default is conf.json):
    Loading config file at /opt/IBM/sanity/conf.json
    Loading test modules in the folder /opt/IBM/sanity/tests
    Loading test groups
    Verifying tests dependencies
    Starting tests…
    Starting test group: System Pre-install Check…
    Starting test: Determine if all required Linux libraries have been installed
    Searching for library packages…
    Found: compat-libstdc++-33.x86_64
    Found: compat-libstdc++-33.i686
    Found: compat-libstdc++-296-2.96
    Found: libcanberra-gtk2.i686
    Found: PackageKit-gtk-module.i686
    Found: gtk2.i686
    Found: libXtst.i686
    Test finished with result: LIBRARY ERROR: Missing library ‘libpam.so.0’Starting test: Determine if enough disk space exists to install Connections (114GB recommended)
    Getting disk space…
    Total free disk space: 14GB
    Test finished with result: Warning: Free space is less than 114GB; problems may occur when installing ConnectionsStarting test: Determine if enough memory exists to fulfill the recommended amount (8GB recommended)
    Getting total memory…
    Total memory: 7GB
    Test finished with result: Warning: Total memory is less than 8GB; problems may occur when running ConnectionsStarting test: Determine if permissions to required directories are set properly
    Checking if path exists: /opt/IBM/InstallationManager
    Path exists
    Checking access rights for /opt/IBM/InstallationManager…
    Checking admin permissions for /opt/IBM/InstallationManager…
    Admin permissions enabled
    Checking group permissions for /opt/IBM/InstallationManager…
    Test finished with result: PERMISSION ERROR: Nonroot user denied write permission for ‘Installation Manager’Starting test: Determine if uLimit is set to at least the recommended value 8200
    Getting uLimit…
    uLimit: 10240
    Total memory is greater than recommended amount (8200)
    Test successful
    Test finished with result: PASSFinished running test group: System Pre-install Check

    Starting test group: WebSphere Pre-install tests…
    Starting test: Determine if security is enabled
    Checking WebSphere for wsadmin.sh…
    Found wsadmin.sh
    Getting WebSphere security status…
    Test finished with result: SECURITY ERROR: Security is not enabled[/titled_box]This was run on a server that has been successfully running Connections 4.5 for a year or so.  As you can see from the snippet of output above, it has already picked out some things that can be improved.  The script took about 30 seconds to run in all.

  5. The tool can also be accessed via a web page which is rather cool.  Simply run ‘python web_frontend.py’: [titled_box title = “Enabling Sanity Check via a browser”][root@ssconnus sanity]# python web_frontend.py
    Starting Server
    Press ctrl+c to stop the server[/titled_box] And then access the Connections server on port 8000, e.g. http://connections.myorg.com:8000:

    Sanity Check via web browser

    This allows the administrator to add parameters to be applied to the test, and also to select the tests to be executed:

    Sanity via web - options

    Once the tests have been run, the output is displayed in the browser, and is then stored for review later.

As I mentioned above, getting the config file correct took a little while initially, but once this is done, the tool produces some excellent output and has already proved to be very useful.  I can imagine running it on all my servers (most Connections platforms I’ve worked on are Linux/DB2 so this fits the bill for me), and using it on a regular basis – particularly during upgrades and migrations.

Whilst this is a ‘USE AS IS’ tool and is not supported, I can imagine it becoming part of most Connections admin toolkits…  It only supports Connections 4.5 today, but should in theory work on Connections 5.0 as well, perhaps with a few minor tweaks to deal with the newer version of WAS involved. I haven’t had a chance to test this yet though.  It obviously isn’t supported on Windows, AIX or System i either.

I’m not sure who in IBM is responsible for the tool, but kudos to them!  I’d love to see it included in the default Connections install for Linux, then many of the parameters could be set automatically during the install.  Till then, download it and install ASAP.  Recommended!

TemboSocial Ideas for IBM Connections

I’ve long felt that ideation is a prime use case for IBM Connections and other social collaboration platforms.

Others clearly feel the same way, and whilst standalone tools such as Yambla, BrightIdea and even Elguji’s IdeaJam have been very successful, in my experience it is when ideation is at the centre of a well-designed ESN (Enterprise Social Network) that it becomes not just a one-off task for a particular ideas generation campaign but instead core to the way that an organisation operates day-in and day-out. Of course, the orgnisational culture has to be aligned in that direction too – as you might expect, ideation is not simply a technology play!

That’s why IBM adding Ideation Blogs to Connections a few versions ago was such a good step forward – users could now publish their ideas and gather feedback in the form of comments and votes in favour of the idea.

However, whilst Ideation Blogs cover some of the principal requirements, there are a number of areas in which other platforms have gone further… For example, voting down as well as up (a very important aspect for me personally), analysis and trending of key ideas, grading of comments as well as the ideas themselves and so on.

TemboSocial logoTherefore I am delighted to see TemboSocial fully integrate their cross-platform ideation technology, Ideas, with IBM Connections.

Supporting Connections 3, 4 and 4.5 (support for the just released version 5 is coming soon), plus WebSphere Portal, TemboSocial Ideas is the ideation platform that Connections has been calling for!

[TemboSocial Ideas is now listed in our Solutions catalog]

Watch out for quotes!

Just a reminder to be watchful of non-standard characters in IBM Connections user names, and also to thoroughly review your IBM Connections TDI logs on a regular basis.  This is a current APAR (IBM ID required):

[titled_box title = “IBM APAR LO81076”]LO81076: USERS WHO ARE REGISTED WITH QUOTATION MARKS IN THEIR NAMES CANNOT USE CONNECTIONS PROPERLY
APAR status 
OPEN
Error description
Users who are registered using identifiers that are in quotation marks (Jennifer “Jen” Doe) cannot use most of the functions of profiles.

Internet Explorer displays many errors after the user logs in and the Profiles home page is displayed. Firefox simply doesn’t show certain features such as the search entry box[/titled_box]

I’m sure that this particular APAR will get resolved in an upcoming fix for Connections 4.5 (I’m not sure if 5.0 is similarly afflicted?), however these types of issue do crop up every so often, so be ready for them!

Greenhouse now running IBM Connections 5.0

This was a pleasant surprise this morning:

Greenhouse at Connections 5.0

Yes, the IBM Greenhouse has been upgraded to IBM Connections 5.0.0.0.

New features including External Collaboration (which isn’t strictly relevant to the Greenhouse), improvements to Files and file-sync (using the new mobile apps and desktop plugins), plus significant significant enhancements to the activity stream and @mentions should all now be visible on the community test/demo platform.

Check it out!

PS. As the Greenhouse was already running the NextGen theme there aren’t too many changes visually…

PPS. The Greenhouse has over 100,000 members… Pretty amazing:

IBM Greenhouse members

Social Business App Dev Workshop: access IBM Connections development course materials at no cost

On occasion, IBM runs an excellent two day Social Business Application Development workshop, which takes users through the Social Business Toolkit SDK, and how it can be used to create applications that leverage IBM Connections content.

Sadly these workshops have not been scheduled yet in 2014. However, the course materials are available for free download from the IBM Greenhouse to be used on a self-paced basis:

SBT WorkshopThe Social Business Toolkit (SBT) SDK is a set of extensible tools and resources for developers who want to incorporate social capabilities into their applications and business processes. Social capabilities include features and functionality that tap into the power of social interactions, business networks, community-based problem solving, and more.

This two day workshop will demonstrate how to use the capabilities of the SBT SDK to integrate social data (from IBM Connections) into existing applications. In this workshop, you will learn how to install, configure, and begin using the SBT SDK. The development exercises in this workshop will cover topics such as the SBT SDK JavaScript and Java APIs, and how to build and deploy a SBT SDK J2EE application on WebSphere Application Server. You will also learn how to integrate into the IBM Connections Activity Stream and develop iWidgets.

Event highlights

  • Learn how to create your own social application development sandbox
  • Learn how to build socially enabled applications using the SBT SDK JavaScript and Java APIs
  • Learn how to build and deploy iWidgets
  • Learn how to integrate into the IBM Connections Activity Stream using OpenSocial and Embedded Experiences
  • Learn how to leverage existing IBM resources to build and promote your applications to clients

Materials: Social Business Application Development

This course is recommended for any developers that wish to utilise the SBT or bring social content into their own applications. Kudos to IBM for making this available to all…

IBM Connections 5.0 has shipped! Here’s what you need to download…

connections_bulletAs promised by Luis Benitez at Social Connections VI in Prague, IBM Connections 5.0 shipped on Thursday 26th June 2014.  Congratulations to all the team for getting it out of the door on schedule!

On that day, it became available for download from Passport Advantage (for customers with an entitlement to install it, plus current maintenance) and Partnerworld (for partners that have purchased either the Value Package or Software Access Option).  Through trial and error on Partnerworld, the best search string I’ve found is “ibm connections v5.0”. This gets  matched to “IBM Connections V5.0 for IBM Connections Suite V5.0 Multiplatform Multilingual eAssembly” – however, cancel that and just let the search operate on the string you’ve added.  These are the eAssemblies that come back:

IBM Connections 5.0 eAssemblies

(If you are searching through Passport Advantage, you will only see the eAssemblies you are entitled to download).

In most situations you will need:

IBM Connections V5.0 Multiplatform Multilingual eAssembly (CRS4IML)

IBM Connections 5.0 eAssembly

This includes the following images:

IBM Connections V5.0 Quick Start Guide for AIX, Windows, Linux, IBMi Multilingual (CIYQ4ML) – 1Mb
IBM Connections V5.0 for Windows Multilingual (CIYQ5ML) – 1,495Mb
IBM Connections V5.0 for AIX Multilingual (CIYQ6ML) – 1,613Mb
IBM Connections V5.0 for Linux Multilingual (CIYQ7ML) – 1,576Mb
IBM Connections V5.0 Linux for System z Multilingual (CIYQ8ML) – 1,520Mb
IBM Connections V5.0 Wizard for Windows Multilingual (CIYQ9ML) – 338Mb
IBM Connections V5.0 Wizard for Linux, AIX Multilingual (CIYR0ML) – 560Mb
IBM Connections V5.0 Cognos Wizard for Windows Multilingual (CIYR3ML) – 1,579Mb
IBM Connections V5.0 Cognos Wizard for AIX Multilingual (CIYR4ML) – 1,200Mb
IBM Connections V5.0 Cognos Wizard for Linux Multilingual (CIYR6ML) – 1,039Mb
IBM Connections V5.0 Cognos Wizard for System z Multilingual (CIYR5ML) – 951Mb

As usual with IBM Connections downloads, this eAssembly contains the bare minimum of downloads for each server type – though as you can see, the “bare minimum” is 3.3GB+ for Windows for example!

To be able to install IBM Connections 5.0, you’ll also need these elements as discussed in the System Requirements document:

Sadly there is no eAssembly that contains all of these component parts (at least on Partnerworld) for those that are solely licensed for Connections (and not Connections Suite or Domino for example) so you’ll need to seek them out individually. For the two most common platforms (Windows and Linux 64), here are the part numbers:

Windows 64-bit:

IBM DB2 Enterprise Server Edition V10.1 for Windows on AMD64 and EM64T systems (x64) Multilingual (CI6WEML) – 933Mb (if using DB2)
IBM DB2 10.1 Enterprise Server Edition – Restricted Use Quick Start and Activation Multiplatform Multilingual (CI71NML)– 2Mb (ditto)
IBM WebSphere Application Server Network Deployment V8.5.5 (1 of 3) for Multiplatform Multilingual (CIK2HML) – 1,005Mb
IBM WebSphere Application Server Network Deployment V8.5.5 (2 of 3) for Multiplatform Multilingual (CIK2IML) – 975Mb
IBM WebSphere Application Server Network Deployment V8.5.5 (3 of 3) for Multiplatform Multilingual (CIK2JML) – 860Mb
IBM WebSphere Application Server Network Deployment V8.5.5-Liberty Profile Multiplatform, Multilingual (CIMU2ML) – 107Mb
IBM WebSphere Application Server V8.5.5 Supplements (1 of 3) for Multiplatform Multilingual (CIK1VML) – 931Mb
IBM WebSphere Application Server V8.5.5 Supplements (2 of 3) for Multiplatform Multilingual (CIK1WML) – 1,007Mb
IBM WebSphere Application Server V8.5.5 Supplements (3 of 3) for Multiplatform Multilingual (CIK1XML) – 952Mb
IBM Tivoli Directory Integrator Identity Edition V7.1 for Windows x86-64, Multilingual (CZ9MKML) – 521Mb

Linux 64-bit:

IBM DB2 Enterprise Server Edition V10.1 for Linux on AMD64 and Intel® EM64T systems (x64) Multilingual (CI6W6ML) – 1,188Mb (if using DB2)
IBM DB2 10.1 Enterprise Server Edition – Restricted Use Quick Start and Activation Multiplatform Multilingual (CI71NML)– 2Mb (ditto)
IBM WebSphere Application Server Network Deployment V8.5.5 (1 of 3) for Multiplatform Multilingual (CIK2HML) 
– 1,005Mb
IBM WebSphere Application Server Network Deployment V8.5.5 (2 of 3) for Multiplatform Multilingual (CIK2IML) – 975Mb
IBM WebSphere Application Server Network Deployment V8.5.5 (3 of 3) for Multiplatform Multilingual (CIK2JML) – 860Mb
IBM WebSphere Application Server Network Deployment V8.5.5-Liberty Profile Multiplatform, Multilingual (CIMU2ML) – 107Mb
IBM WebSphere Application Server V8.5.5 Supplements (1 of 3) for Multiplatform Multilingual (CIK1VML) – 931Mb
IBM WebSphere Application Server V8.5.5 Supplements (2 of 3) for Multiplatform Multilingual (CIK1WML) – 1,007Mb
IBM WebSphere Application Server V8.5.5 Supplements (3 of 3) for Multiplatform Multilingual (CIK1XML) – 952Mb
IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Linux – x86-64, Multilingual (CZUF3ML) – 554Mb

Depending on your installation infrastructure, you may also need downloads for:

IBM Forms Experience Builder v8.5.0.1 (various)
EditLive! v5.0 for Connections Multiplatform Multilingual (CIZP3ML) – 15Mb
IBM Data Server Client V10.1 (various)
IBM Data Server Runtime Client V10.1 (various)
IBM DB2 Support Files for SSL Functionality V10.1 (various)
IBM Tivoli Directory Server 6.3 (various)
IBM DMZ Secure Proxy Server (1 of 2) (WebSphere Application Server Network Deployment V8.5.5) Multiplatform Multilingual (CIK2LML) – 888Mb
IBM DMZ Secure Proxy Server (2 of 2) (WebSphere Application Server Network Deployment V8.5.5) Multiplatform Multilingual (CIK2MML) – 818Mb
IBM WebSphere Edge Components: Load Balancer for IPv4 and IPv6 (for WebSphere Application Server Network Deployment V8.5.5) Multiplatform Multilingual (CIK2NML) – 1,559Mb
IBM Cognos Business Intelligence  (various)

As a tip, if you do have other entitlements in Passport Advantage or else have access to the entire Partnerworld Software Access catalog, then searching for the ‘IBM Connections V5.0 for Notes and Domino V9.0.1 Multiplatform Multilingual eAssembly (CRSU5ML)‘ eAssembly is probably your best bet as this contains 57 images including all of the key elements I’ve listed above:

IBM Connections 5.0 for Domino eAssembly

Once you’ve selected the images you need, kick off the download.  My advice is always to download directly to one of the servers you’ll be installing onto if possible, particularly if they are remote to your location.

It’s important to note that this is not the entire list of software you’ll need.  I haven’t covered mandatory fixes for the components listed above (e.g. WebSphere Application Server 8.5.5.1 or Tivoli Directory Integrator 7.1.1) or fixes for Connections itself.  I’ll be posting details of these later today.

[Also, please note that IBM Connections for IBM i is not currently available for download.  Speaking to Luis, it is ‘in the works’ :-)]

If you’re in the process of downloading and installing Connections 5.0, please do leave a comment letting us know how you’re getting on – particularly if there are any packages that I’ve missed!

IBM Connections 5.0 Reviewer’s Guide published

To aid understanding of the features and abilities of the Connections product, IBM offers a Reviewer’s Guide – a document that details all the new features available in the latest release plus a comprehensive review of all the existing features.

Compiled by the IBM Connections product management team, this guide is a fantastic resource for existing and prospective customers, partners and anyone that is looking to learn more about the Connections solution.

The Reviewer’s Guide for IBM Connections 5.0 was published by IBM today:

With IBM Connections, IBM continues to provide flexibility for our customers and additional capabilities to provide a comprehensive comprehensive enterprise social software solution. In IBM Connections 5.0 we introduce major updates to features that allow for collaboration with external users, better attention management tools, and features allowing for easier management and viewing of files; all in addition to various update for all applications within connections.

This document will highlight all the new features available in this release as well as as comprehensive review of all the existing features.

This guide provides a summary of the applications that are included in IBM Connections 5.0. It is important to note that these applications can be used within an organization as needed—all together or as individual applications. Capitalizing on a flexible and modular architecture, organizations may start with a single application and add other applications when they choose. As in previous releases of IBM Connections, applications can be installed easily and naturally fit into the user experience, so it is easy to expand as needed.

It is available for download from Scribd or can be viewed below: