BP102 - A ray of sunshine through the Cloud!

Sharon James BCC

Who am I?

Sharon Bellamy James

BCC Business Collaboration Company

IBM WebSphere since 1999

– IBM Connections since version 2 / 2008

Many years of experience in:

– Migrations

– Administration and installs

– Integration/Customization

– DOCUMENTATION

Tiny bit of a Starwars and Disney fan

Charity fundraising Cosplayer/Costumer

Part of the team that brings you ICONUK

Agenda

• Overview

• Got Dual entitlement and now?

• IBM Connections Cloud

– Offerings

– What do you need to know?

– Administration Roles for Cloud Administration

– User Provisioning

– Issues / Challenges managing IBM Connections Cloud

• Solution & Demo

Overview

• User on-boarding and management can be a challenge in Connections Cloud, particularly in a hybrid environment, with no opportunity for automation.

– There's no integration with other systems which means any changes in IBM Connections Cloud need to be applied to all other LDAP directories via a cumbersome CSV import/export.

– And there are additional complexities for companies who need to show audit proof of their adherence to compliance guidelines.

• Our AdminTool Connector can remove these challenges.

• Making Cloud user on-boarding and management a ray of sunshine on a cloudy day.

Dual entitlement?

• Do you have the Dual Entitlement?

– Notes/Domino on prem and IBM Connections Cloud licenses

– Are you taking advantage?

• Quick Poll

– How many have Dual Entitlement?

– Do you use it?

Cloud OfferingsPackages, Offerings and what do you get?

Offering Information

• Offering informationMeetings - https://www.ibm.com/marketplace/cloud/online-meetings/us/en-us

Connections Cloud – https://www.ibm.com/marketplace/cloud/enterprise-social-collaboration/us/en-us

Connections Chat - https://www.ibm.com/marketplace/cloud/enterprise-instant-messaging/us/en-us

IBM Verse - https://www.ibm.com/marketplace/cloud/business-email-platform/us/en-us

• Packages

– IBM Connections Social Cloud - Collaboration tools and mobile apps

– IBM Connections S2 - Web meetings, collaboration tools and mobile apps

– IBM Connections S1 - IBM Verse email, calendar, document editors, web meetings, collaboration tools and mobile apps

• Stand alone Services

– IBM Connections Meetings Cloud

– IBM Files / IBM Connections Files

– IBM Verse

Connections Social Cloud

Connections Social Cloud offerings

• Team workspace - including a personal dashboard, file sharing, communities, and instant messaging

• Mobile apps - for accessing files, participating in online meetings, chatting with contacts, and synching email and calendar

• Storage - 1 TB File storage, 50 GB Communities storage, 5GB Wiki storage, and 50 GB Verse and SmartCloud Notes mailbox storage.

• Broad Language Support - Available in 22 languages

IBM Connections Cloud S2

IBM Connections Cloud S2

• Team workspace - including a personal dashboard, file sharing, communities, and instant messaging

• Mobile apps - for accessing files, participating in online meetings, chatting with contacts, and synching email and calendar

• Storage - 1 TB File storage, 50 GB Communities storage, 5GB Wiki storage, and 50 GB Verse and SmartCloud Notes mailbox storage.

• Unlimited guest access - to work with your partners, vendors and customers. (S2)

• Web meetings - for 200 participants with desktop and application sharing, chat, and polling (S2)

IBM Connections Cloud S1

IBM Connections Cloud S1• Team workspace - including a personal dashboard, file sharing, communities, and instant messaging

• Mobile apps - for accessing files, participating in online meetings, chatting with contacts, and synching email and calendar

• Storage - 1 TB File storage, 50 GB Communities storage, 5GB Wiki storage, and 50 GB Verse and SmartCloud Notes mailbox storage.

• Unlimited guest access - to work with your partners, vendors and customers. (S2)

• Web meetings for 200 participants with desktop and application sharing, chat, and polling (S2)

• Email and calendar - for web, desktop, and mobile, with spam and anti-virus protection. Includes IBM Verse and Notes Cloud mail experiences and IBM Notes traveler for mobile access. (S1)

• Document Editor - for collaboratively authoring word processor, spreadsheet, and presentation documents (S1)

OK – we are buying !What do I need to know and how do I deploy?

Deployment models

Deployment Models

• Cloud only

• Hybrid Deployment for existing IBM Domino customers

– IBM Notes/Domino on prem

– Smart Cloud Notes

• Typical scenarios

– IBM Domino / Notes on premises with Connections Cloud S2

– IBM Domino / Notes on premises IBM Connections Meeting (now VoIP enabled)

– Mix of on premises Domino/Notes, office based users with Connections Cloud S2 and mail on prem and remote sales with IBM Connections Meeting and mail in the cloud

• Challenge: On Prem and Cloud integration

– Once users are on-board you still need to manage them

Admin Roles & ManagementIBM Cloud Administration Roles: IBM and “Your Company”

Admin Roles

Admin Roles

http://www-01.ibm.com/support/docview.wss?uid=swg27023836

IBM Cloud Service

Management

Server and Infrastructure Management

User Support

Account Provisioning

& Registration

3 Main Admin Roles

1. Server & Infrastructure Management

2. User Support

3. Account Provisioning & Registration

Server & Infrastructure Management

• IBM Tasks

– Infrastructure and server monitoring

– Manage and maintain service environment

– Manage spam/virus filters

• Customer Task

– Managing spam filter’s white list (only for Messaging)

• Summary:

– Switch to Cloud will remove Administration task for Application Servers

– Service Provider Management to monitor IBM

• Network performance

• Application performance

• Legal requirements / data protection

Server and Infrastructure Management

User Support

Customer Tasks

• Internal First Level Support

• Support for Client based issues

– PC / MAC

– Mobile Devices

– Company Network

User Administration is not taken away

Similar tasks to a standard on premises deployment

User Support

Account provisioning and registration

Account provisioning & registration

• Account Provisioning is a significant part for IBM Cloud Administration

• Standard tasks such as registration, deletionchange of name or subscriptions and passwordresets are all still required to be looked after by the administrator

Account Provisioning

& Registration

User On-boarding & Management

On-boarding is not the end of user management

Onboarding

Onboarding

• Moving mail and directory data to the cloud

• Directory is not one way – has to be to synchronized

• IBM onboarding manager tool assists with this process

– “The Mail Onboarding Manager tool moves your on-premises IBM® Notes® mail data to the cloud and provisions new or existing Connections Cloud accounts with SmartCloud Notes mail”

• In hybrid environments you can have a mix

– As a “Hybrid” customer, the Admin can choose if the mail users mail account exists on-premises or in the SmartCloud Notes service.

– Users / accounts administered centrally – with customer policies, compliance asis expected in an on-prem only environment.

http://www.ibm.com/support/knowledgecenter/SSPS94/hybrid/topics/onboard_intro_c.html

Collaboration User Account

User Life Cycle

Collaboration User Account

IBM Collaboration

Account

IBM Domino Account

IBM ConnectionsCloud Account & Subscription

Additional LDAP(AD etc.)

Multiple accounts to manage

• Domino account (for on premises &

hybrid environments)

• IBM Connections Cloud Account

• Account & Subscription

• Additional LDAP such as AD

Subscription Management

1. Buy Subscriptions

– IBM’s Cloud products require a subscription

– Per User

– 12 month to 36 month

2. Assign Subscriptions to Users

– Users must have a subscription assigned before they can use the software

How to implement in your Organization

• Can Administrators buy Subscriptions ?

• How to integrate procurement ?

https://www.ibm.com/marketplace/cloud/us/en-us?lnk=mp

Onboarding is not the end of Admin

IBM Connections Cloud Administration: User Interface

• BUT does it fit in your organizational procedures?

– Admin

• Manage users and accounts

– Admin Assistant

• reset passwords for other users (not Notes IDs)

• Resend Invite Mail

• Manual process is a pain for creating a large number of accounts

On-boarding is not the end of Admin

• Users still need to be managed

– Renames

– Password changes

– Subscription changes

– Updating details

IBM Connections Cloud Administration: User Interface

• “Simple” browser based Interface

• Two steps provisioning

– Create user account

– Assign a subscription

IBM Admin Interface

IBM Connections Cloud Admin Interface

IBM Admin Interface

• Adding a user

– Create with limited info

– Roles are limited

• AppDev

• Admin

• User

• Admin Assistant

– Assign a subscription

– Account login

• Assign email

• Info is sent forcing user to set a password on login

Common Use Cases

Use cases - MessagingIB

M S

mar

tClo

ud

No

tes

(H

ybri

d)

IBM

Do

min

o o

n P

rem

ise

s

IBM

Co

nn

ecti

on

s C

lou

d

File

s

IBM

Mee

tin

g C

lou

d

IBM

Co

nn

ecti

on

s So

cial

C

lou

d

IBM

Co

nn

ecti

on

s C

lou

d S

2

Use cases - Collaboration

IBM options to “automate” account provisioning and

registrationIBM Integration Server

Integration server

• “Integrate user provisioning and Web Mail directory integration information from your on-premises administrative environment to cloud-based management” (IBM)

• Provides an interface for

– User provisioning and identity management

– Directory integration

– User profile management: change profile attributes

– Chat policy assignments: chat history & file transfer settings

• Integration Server is an file based interface to the “Business Support System” (BSS)

• BSS includes a set of subsystems for provisioning and administering services

Intergration Server

Integration Server must be enabled by mail request to IBM Cloud Support

• Based on “change files” in csv format (csv will stay forever in IT )

• Uploading change file to Integration Server via Secure FTP

– ftp.ce.collabserv.com (EU) , ftp.NA.collabserv.com (US)

– Implicit SSL mode port 990

– Firewall need to open port 60000-61000

• After processing change file

– Integration server creates server report files

– Subdirectory _processed or _error

Integration Server

csv change File: naming convention

• IBM Connection Customer ID

• SourceID: differentiate data source (optional)

• Type -> describe change request scope

– prv for user provisioning

– di for directory integration

• Sequence Number

– 0 - 4294967295

– Each File must have a higher sequence number than the last processed file

• Ext – file extension(csv or ldif)

• Example: Provisioning File Name

– 000000815_BCC-DD_prv_1367246866.csv

csv change file : Available Fields

• emailAddress,

• action,

• subscriptionId,

• givenName,

• familyName,

• language, timeZone,

• password,

• altEmailAddress,

• notesTemplate, notesDN, assignTo,

• department, jobTitle, country, telephone, mobile, fax, address, suppressInvitation, federationType, CollabExtraStorage, MailExtraStorage, Activation

csv change file field: Actions

• Actions: following provision actions are available

– Add, Update, Suspend, Resume, Remove,

– AssignSeat, ChangeSeat, RevokeSeat,

– Rename,

– ResendInvitation,

– ChangeStorage

• AssignTo

– To remove collaboration services and

– to assign the resources belonging to the old account to a new account

Subscription IDs for bundles

Email (EMAIL-BNDLPART) 69052

Traveler (TRAVELER-BNDLPRT 69053

CONNECTIONS (CONNECTIONS-BNLDPRT)

69054

Meetings (MEETINGS-BNLDPRT): 69055

DOCS (DOCS-BNDLPRT 69056

CSV update file example

csv sample: Add user to messaging & assign traveler

emailAddress,action,subscriptionId,givenName,familyName,password,altEmailAddress

1. Step – Add User

Sharon_James@bcc.biz,Add,69052,Sharon,James,passw0rd,sjames@bcc.biz

2. Step – Assign Traveler

Sharon_James@bcc.biz,AssignSeat,69053,,,,,

Both steps can be added to a single file and processed

Integration Server logs and trace

Integration Server Logs

• Server Report file

– report file for each batch of change files that are processed

– Reports are generated in the _report directory.

– Report file name includes date & time

– _report\LLIS_Report_20120820_121003.txt

• Report File Example

– *** Processing file: bcc/acme/20049989_PRV_00000001.csv

– 11/6/15 11:12 AM - CSV entries read: 3; BSS entries written: 3; No errors!

– Processing file: bcc/acme/20049989_PRV_00000002.csv

– 11/6/15 11:13 AM - CSV entries read: 1; BSS entries written: 1; No errors!

• Error Handling

– change file is moved to the _err subdirectory

– Server trace file is only stored in that directory

Integration Server Tracing

• a trace file for each processed change file

• entryNum,lineNum,resultCode,”original_line_from_change_file”

– entryNum is the sequential count of the change entry.

– lineNum is the line number on which the change entry begins.

– Result code 0 > OK, 99 for not processed

– Original > Copy from processed change

• Example

– 1,5,0,ob@bcc.biz,Add,85180,Olaf,B,en_DE

– 2,7,0,Olaaff@bcc.biz,Add,,O,Boerner,en_US

– 99,97,1,bad input line

Directory Integration

• Synchronize your on premise directory with IBM Web Mail Cloud contact directory

• Do not confuse this with user accounts !

• Syncronize using LDIF Files - > example

– DN: cn=Olaf Boerner,ou=Development,o=BCC

– changeType: add

– objectClass: inetOrgPerson

– displayName: Olaf Boerner

– mail: olaf.boerner@bcc.biz

– givenName: Olaf

– sn: Boerner

– telephoneNumber: +49 123-45678

Example: 000000815_BCC-DD_id_1367246866.ldif

Integration Server

Current Limitations

200 operations

per file

750 User transaction per

hour

10.000 User changes per

day

• 10,000 user changes a day

• Each line in the csv / ldif is a

change

• 200 operations per file

• Multiple files required for initial

onboarding

• 750 transactions an hour

• Can be very time consuming

Controlling your IBM Connections Cloud Settings

Policies, Security and Application Management

Security and Mobile Apps

• Enable mobile Access to Communities, Activities, Blogs, Files

• Display on Home Page

• Files

– Control up and downloads

– Allow import and export

– Enable Sync

• Security

– Enable App Password

– Define Password Quality

– Mobile Device Management required

• Password policies

– Expiration: 30, 60, 90, 180, 360, None

– Password Reset:

• Send Email to Users to confirm identity

• Support via: Phone URL

• IP Address Range: Restrict Login to approved IP Addresses

– Start IP – End IP

Issues and Challanges

The “Almighty” admin role

• Only simple delegation model available (Admin Assistant)

• All or nothing approach

• Integration in your Organization / Helpdesk ?

– Different UI / Interface

– Manage Access

• Audit Trail / Compliance Report

• Service Provider Management must be established

• SPR Management to IBM Support

– Bug Reporting

– Feature Enhancements

• Manual IBM ID Vault upload in hybrid environments

– Upload each ID File manually

– Admin need to provide password

• Integration with OnPremise Enterprise Directories (Active Directory / LDAP etc)

Solutions?BCC Admin Tool for Cloud

Administrative Interface for Cloud Administration

• Service Portal for internal Administration / Helpdesk

– Integrate in existing Intranet

– adapt Corporate Design

• Notes/Domino interface

– For traditional user admin

• Ensure internal standards thru policies

• Allow granular delegation models

– User Management for different regions

– Self Services

– Approval Workflows

• Log / Audit Trails

Technical solution

Technical Solution

• IBM Domino Server with XPages Application

– On Premises IBM Domino Server

– Application Access and Role Management based on Domino Directory Groups

– CSS Style sheets / responsive design

• Customized forms to create requests

– Provide field sensitive help information

– Use internal policies to provide technical information

– Check potential errors and typos

• Server Task / Background Agents running with system rights

• Detailed Log in Domino Log Database > Audit trail

DEMOBCC Admin Tool for Cloud

Summary & Questions

Summary & Questions

Summary• Moving to IBM Cloud still requires

Administration

• BCC Admin Tool for Cloud can help with that admin

– Admin tool is customizable

– Security is granular

– Easily integrated

– Simple interface

Future Plans• Support for IBM Connections OnPremise & Cloud (for

example: Manage Communities and Members)

• Support for IBM Connections Cloud (User Profiles)

• Support for IBM Connections Cloud (Groups)

• Seamless Integration of BCC Service Portal with IBM Cloud Portal (Browser)

• Provide new Web Service Interface for BCC AdminToolRequests for 3rd Party Integration (REST)

Any Questions

Contact me

dilftechnical

@socialshazza

http://www.bcchub.com or follow us on twitter

Come see us at the booth or visit the website @

@BCC_Ltd

http://www.bcchub.com/bcc-blog