Bp102 a ray of sunshine through the cloud -mwlug
-
Upload
sharon-bellamy-james -
Category
Technology
-
view
168 -
download
2
Transcript of Bp102 a ray of sunshine through the cloud -mwlug
BP102 - A ray of sunshine through the Cloud!
Sharon James BCC
Who am I?
Sharon Bellamy James
BCC Business Collaboration Company
IBM WebSphere since 1999
– IBM Connections since version 2 / 2008
Many years of experience in:
– Migrations
– Administration and installs
– Integration/Customization
– DOCUMENTATION
Tiny bit of a Starwars and Disney fan
Charity fundraising Cosplayer/Costumer
Part of the team that brings you ICONUK
Agenda
• Overview
• Got Dual entitlement and now?
• IBM Connections Cloud
– Offerings
– What do you need to know?
– Administration Roles for Cloud Administration
– User Provisioning
– Issues / Challenges managing IBM Connections Cloud
• Solution & Demo
Overview
• User on-boarding and management can be a challenge in Connections Cloud, particularly in a hybrid environment, with no opportunity for automation.
– There's no integration with other systems which means any changes in IBM Connections Cloud need to be applied to all other LDAP directories via a cumbersome CSV import/export.
– And there are additional complexities for companies who need to show audit proof of their adherence to compliance guidelines.
• Our AdminTool Connector can remove these challenges.
• Making Cloud user on-boarding and management a ray of sunshine on a cloudy day.
Dual entitlement?
• Do you have the Dual Entitlement?
– Notes/Domino on prem and IBM Connections Cloud licenses
– Are you taking advantage?
• Quick Poll
– How many have Dual Entitlement?
– Do you use it?
Cloud OfferingsPackages, Offerings and what do you get?
Offering Information
• Offering informationMeetings - https://www.ibm.com/marketplace/cloud/online-meetings/us/en-us
Connections Cloud – https://www.ibm.com/marketplace/cloud/enterprise-social-collaboration/us/en-us
Connections Chat - https://www.ibm.com/marketplace/cloud/enterprise-instant-messaging/us/en-us
IBM Verse - https://www.ibm.com/marketplace/cloud/business-email-platform/us/en-us
• Packages
– IBM Connections Social Cloud - Collaboration tools and mobile apps
– IBM Connections S2 - Web meetings, collaboration tools and mobile apps
– IBM Connections S1 - IBM Verse email, calendar, document editors, web meetings, collaboration tools and mobile apps
• Stand alone Services
– IBM Connections Meetings Cloud
– IBM Files / IBM Connections Files
– IBM Verse
Connections Social Cloud
Connections Social Cloud offerings
• Team workspace - including a personal dashboard, file sharing, communities, and instant messaging
• Mobile apps - for accessing files, participating in online meetings, chatting with contacts, and synching email and calendar
• Storage - 1 TB File storage, 50 GB Communities storage, 5GB Wiki storage, and 50 GB Verse and SmartCloud Notes mailbox storage.
• Broad Language Support - Available in 22 languages
IBM Connections Cloud S2
IBM Connections Cloud S2
• Team workspace - including a personal dashboard, file sharing, communities, and instant messaging
• Mobile apps - for accessing files, participating in online meetings, chatting with contacts, and synching email and calendar
• Storage - 1 TB File storage, 50 GB Communities storage, 5GB Wiki storage, and 50 GB Verse and SmartCloud Notes mailbox storage.
• Unlimited guest access - to work with your partners, vendors and customers. (S2)
• Web meetings - for 200 participants with desktop and application sharing, chat, and polling (S2)
IBM Connections Cloud S1
IBM Connections Cloud S1• Team workspace - including a personal dashboard, file sharing, communities, and instant messaging
• Mobile apps - for accessing files, participating in online meetings, chatting with contacts, and synching email and calendar
• Storage - 1 TB File storage, 50 GB Communities storage, 5GB Wiki storage, and 50 GB Verse and SmartCloud Notes mailbox storage.
• Unlimited guest access - to work with your partners, vendors and customers. (S2)
• Web meetings for 200 participants with desktop and application sharing, chat, and polling (S2)
• Email and calendar - for web, desktop, and mobile, with spam and anti-virus protection. Includes IBM Verse and Notes Cloud mail experiences and IBM Notes traveler for mobile access. (S1)
• Document Editor - for collaboratively authoring word processor, spreadsheet, and presentation documents (S1)
OK – we are buying !What do I need to know and how do I deploy?
Deployment models
Deployment Models
• Cloud only
• Hybrid Deployment for existing IBM Domino customers
– IBM Notes/Domino on prem
– Smart Cloud Notes
• Typical scenarios
– IBM Domino / Notes on premises with Connections Cloud S2
– IBM Domino / Notes on premises IBM Connections Meeting (now VoIP enabled)
– Mix of on premises Domino/Notes, office based users with Connections Cloud S2 and mail on prem and remote sales with IBM Connections Meeting and mail in the cloud
• Challenge: On Prem and Cloud integration
– Once users are on-board you still need to manage them
Admin Roles & ManagementIBM Cloud Administration Roles: IBM and “Your Company”
Admin Roles
Admin Roles
http://www-01.ibm.com/support/docview.wss?uid=swg27023836
IBM Cloud Service
Management
Server and Infrastructure Management
User Support
Account Provisioning
& Registration
3 Main Admin Roles
1. Server & Infrastructure Management
2. User Support
3. Account Provisioning & Registration
Server & Infrastructure Management
• IBM Tasks
– Infrastructure and server monitoring
– Manage and maintain service environment
– Manage spam/virus filters
• Customer Task
– Managing spam filter’s white list (only for Messaging)
• Summary:
– Switch to Cloud will remove Administration task for Application Servers
– Service Provider Management to monitor IBM
• Network performance
• Application performance
• Legal requirements / data protection
Server and Infrastructure Management
User Support
Customer Tasks
• Internal First Level Support
• Support for Client based issues
– PC / MAC
– Mobile Devices
– Company Network
User Administration is not taken away
Similar tasks to a standard on premises deployment
User Support
Account provisioning and registration
Account provisioning & registration
• Account Provisioning is a significant part for IBM Cloud Administration
• Standard tasks such as registration, deletionchange of name or subscriptions and passwordresets are all still required to be looked after by the administrator
Account Provisioning
& Registration
User On-boarding & Management
On-boarding is not the end of user management
Onboarding
Onboarding
• Moving mail and directory data to the cloud
• Directory is not one way – has to be to synchronized
• IBM onboarding manager tool assists with this process
– “The Mail Onboarding Manager tool moves your on-premises IBM® Notes® mail data to the cloud and provisions new or existing Connections Cloud accounts with SmartCloud Notes mail”
• In hybrid environments you can have a mix
– As a “Hybrid” customer, the Admin can choose if the mail users mail account exists on-premises or in the SmartCloud Notes service.
– Users / accounts administered centrally – with customer policies, compliance asis expected in an on-prem only environment.
http://www.ibm.com/support/knowledgecenter/SSPS94/hybrid/topics/onboard_intro_c.html
Collaboration User Account
User Life Cycle
Collaboration User Account
IBM Collaboration
Account
IBM Domino Account
IBM ConnectionsCloud Account & Subscription
Additional LDAP(AD etc.)
Multiple accounts to manage
• Domino account (for on premises &
hybrid environments)
• IBM Connections Cloud Account
• Account & Subscription
• Additional LDAP such as AD
Subscription Management
1. Buy Subscriptions
– IBM’s Cloud products require a subscription
– Per User
– 12 month to 36 month
2. Assign Subscriptions to Users
– Users must have a subscription assigned before they can use the software
How to implement in your Organization
• Can Administrators buy Subscriptions ?
• How to integrate procurement ?
https://www.ibm.com/marketplace/cloud/us/en-us?lnk=mp
Onboarding is not the end of Admin
IBM Connections Cloud Administration: User Interface
• BUT does it fit in your organizational procedures?
– Admin
• Manage users and accounts
– Admin Assistant
• reset passwords for other users (not Notes IDs)
• Resend Invite Mail
• Manual process is a pain for creating a large number of accounts
On-boarding is not the end of Admin
• Users still need to be managed
– Renames
– Password changes
– Subscription changes
– Updating details
IBM Connections Cloud Administration: User Interface
• “Simple” browser based Interface
• Two steps provisioning
– Create user account
– Assign a subscription
IBM Admin Interface
IBM Connections Cloud Admin Interface
IBM Admin Interface
• Adding a user
– Create with limited info
– Roles are limited
• AppDev
• Admin
• User
• Admin Assistant
– Assign a subscription
– Account login
• Assign email
• Info is sent forcing user to set a password on login
Common Use Cases
Use cases - MessagingIB
M S
mar
tClo
ud
No
tes
(H
ybri
d)
IBM
Do
min
o o
n P
rem
ise
s
IBM
Co
nn
ecti
on
s C
lou
d
File
s
IBM
Mee
tin
g C
lou
d
IBM
Co
nn
ecti
on
s So
cial
C
lou
d
IBM
Co
nn
ecti
on
s C
lou
d S
2
Use cases - Collaboration
IBM options to “automate” account provisioning and
registrationIBM Integration Server
Integration server
• “Integrate user provisioning and Web Mail directory integration information from your on-premises administrative environment to cloud-based management” (IBM)
• Provides an interface for
– User provisioning and identity management
– Directory integration
– User profile management: change profile attributes
– Chat policy assignments: chat history & file transfer settings
• Integration Server is an file based interface to the “Business Support System” (BSS)
• BSS includes a set of subsystems for provisioning and administering services
Intergration Server
Integration Server must be enabled by mail request to IBM Cloud Support
• Based on “change files” in csv format (csv will stay forever in IT )
• Uploading change file to Integration Server via Secure FTP
– ftp.ce.collabserv.com (EU) , ftp.NA.collabserv.com (US)
– Implicit SSL mode port 990
– Firewall need to open port 60000-61000
• After processing change file
– Integration server creates server report files
– Subdirectory _processed or _error
Integration Server
csv change File: naming convention
• IBM Connection Customer ID
• SourceID: differentiate data source (optional)
• Type -> describe change request scope
– prv for user provisioning
– di for directory integration
• Sequence Number
– 0 - 4294967295
– Each File must have a higher sequence number than the last processed file
• Ext – file extension(csv or ldif)
• Example: Provisioning File Name
– 000000815_BCC-DD_prv_1367246866.csv
csv change file : Available Fields
• emailAddress,
• action,
• subscriptionId,
• givenName,
• familyName,
• language, timeZone,
• password,
• altEmailAddress,
• notesTemplate, notesDN, assignTo,
• department, jobTitle, country, telephone, mobile, fax, address, suppressInvitation, federationType, CollabExtraStorage, MailExtraStorage, Activation
csv change file field: Actions
• Actions: following provision actions are available
– Add, Update, Suspend, Resume, Remove,
– AssignSeat, ChangeSeat, RevokeSeat,
– Rename,
– ResendInvitation,
– ChangeStorage
• AssignTo
– To remove collaboration services and
– to assign the resources belonging to the old account to a new account
Subscription IDs for bundles
Email (EMAIL-BNDLPART) 69052
Traveler (TRAVELER-BNDLPRT 69053
CONNECTIONS (CONNECTIONS-BNLDPRT)
69054
Meetings (MEETINGS-BNLDPRT): 69055
DOCS (DOCS-BNDLPRT 69056
CSV update file example
csv sample: Add user to messaging & assign traveler
emailAddress,action,subscriptionId,givenName,familyName,password,altEmailAddress
1. Step – Add User
[email protected],Add,69052,Sharon,James,passw0rd,[email protected]
2. Step – Assign Traveler
[email protected],AssignSeat,69053,,,,,
Both steps can be added to a single file and processed
Integration Server logs and trace
Integration Server Logs
• Server Report file
– report file for each batch of change files that are processed
– Reports are generated in the _report directory.
– Report file name includes date & time
– _report\LLIS_Report_20120820_121003.txt
• Report File Example
– *** Processing file: bcc/acme/20049989_PRV_00000001.csv
– 11/6/15 11:12 AM - CSV entries read: 3; BSS entries written: 3; No errors!
– Processing file: bcc/acme/20049989_PRV_00000002.csv
– 11/6/15 11:13 AM - CSV entries read: 1; BSS entries written: 1; No errors!
• Error Handling
– change file is moved to the _err subdirectory
– Server trace file is only stored in that directory
Integration Server Tracing
• a trace file for each processed change file
• entryNum,lineNum,resultCode,”original_line_from_change_file”
– entryNum is the sequential count of the change entry.
– lineNum is the line number on which the change entry begins.
– Result code 0 > OK, 99 for not processed
– Original > Copy from processed change
• Example
– 1,5,0,[email protected],Add,85180,Olaf,B,en_DE
– 2,7,0,[email protected],Add,,O,Boerner,en_US
– 99,97,1,bad input line
Directory Integration
• Synchronize your on premise directory with IBM Web Mail Cloud contact directory
• Do not confuse this with user accounts !
• Syncronize using LDIF Files - > example
– DN: cn=Olaf Boerner,ou=Development,o=BCC
– changeType: add
– objectClass: inetOrgPerson
– displayName: Olaf Boerner
– mail: [email protected]
– givenName: Olaf
– sn: Boerner
– telephoneNumber: +49 123-45678
Example: 000000815_BCC-DD_id_1367246866.ldif
Integration Server
Current Limitations
200 operations
per file
750 User transaction per
hour
10.000 User changes per
day
• 10,000 user changes a day
• Each line in the csv / ldif is a
change
• 200 operations per file
• Multiple files required for initial
onboarding
• 750 transactions an hour
• Can be very time consuming
Controlling your IBM Connections Cloud Settings
Policies, Security and Application Management
Security and Mobile Apps
• Enable mobile Access to Communities, Activities, Blogs, Files
• Display on Home Page
• Files
– Control up and downloads
– Allow import and export
– Enable Sync
• Security
– Enable App Password
– Define Password Quality
– Mobile Device Management required
• Password policies
– Expiration: 30, 60, 90, 180, 360, None
– Password Reset:
• Send Email to Users to confirm identity
• Support via: Phone URL
• IP Address Range: Restrict Login to approved IP Addresses
– Start IP – End IP
Issues and Challanges
The “Almighty” admin role
• Only simple delegation model available (Admin Assistant)
• All or nothing approach
• Integration in your Organization / Helpdesk ?
– Different UI / Interface
– Manage Access
• Audit Trail / Compliance Report
• Service Provider Management must be established
• SPR Management to IBM Support
– Bug Reporting
– Feature Enhancements
• Manual IBM ID Vault upload in hybrid environments
– Upload each ID File manually
– Admin need to provide password
• Integration with OnPremise Enterprise Directories (Active Directory / LDAP etc)
Solutions?BCC Admin Tool for Cloud
Administrative Interface for Cloud Administration
• Service Portal for internal Administration / Helpdesk
– Integrate in existing Intranet
– adapt Corporate Design
• Notes/Domino interface
– For traditional user admin
• Ensure internal standards thru policies
• Allow granular delegation models
– User Management for different regions
– Self Services
– Approval Workflows
• Log / Audit Trails
Technical solution
Technical Solution
• IBM Domino Server with XPages Application
– On Premises IBM Domino Server
– Application Access and Role Management based on Domino Directory Groups
– CSS Style sheets / responsive design
• Customized forms to create requests
– Provide field sensitive help information
– Use internal policies to provide technical information
– Check potential errors and typos
• Server Task / Background Agents running with system rights
• Detailed Log in Domino Log Database > Audit trail
DEMOBCC Admin Tool for Cloud
Summary & Questions
Summary & Questions
Summary• Moving to IBM Cloud still requires
Administration
• BCC Admin Tool for Cloud can help with that admin
– Admin tool is customizable
– Security is granular
– Easily integrated
– Simple interface
Future Plans• Support for IBM Connections OnPremise & Cloud (for
example: Manage Communities and Members)
• Support for IBM Connections Cloud (User Profiles)
• Support for IBM Connections Cloud (Groups)
• Seamless Integration of BCC Service Portal with IBM Cloud Portal (Browser)
• Provide new Web Service Interface for BCC AdminToolRequests for 3rd Party Integration (REST)
Any Questions
Contact me
dilftechnical
@socialshazza
http://www.bcchub.com or follow us on twitter
Come see us at the booth or visit the website @
@BCC_Ltd
http://www.bcchub.com/bcc-blog