MWLUG - Sessions upon Sessions (Some From Me)

What are you doing this August?  If you’re interested in ICS technology then then you want to make your way to Washington, DC and MWLUG.  The Midwest User Group conference has once more moved to a new location for 2017 and will be held at the Hilton Mark Center, Alexandria from August 8-10.

Sessions have started to be announced and as well as the usual popular topics there are new Watson Work and Innovation tracks to play in.  Take a look at the list of announced sessions here .

I’ve attended and spoken at MWLUG for the past 3 years and it’s an event I look forward to thanks the the number and breadth of sessions and a chance to meet customers and spend time with the ICS community.  This year I’m speaking again and I’m very pleased to have three brand new sessions and one new speaking partner(!).

In the Best Practices track I’ll be showing you how to architect and configure a hybrid cloud solution for Domino

Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud

Are you looking at Cloud options and wondering how and if you can get there from where you are? If you have Domino on premises and are considering Cloud then a good option is a hybrid architecture which maintains all your on premises configuration managed by your own administrators but adds Cloud client access managed by IBM. We will look at how simple it is to create this hybrid solution using Domino passthru servers and review how things like user and directory maintenance, client access and mail routing will then work. From Domino Admin to Domino Hybrid Admin in a few simple steps.

In the Innovation track I’ll be discussing IoT in the Enterprise, security implications and opportunities

IoT In The Enterprise Brings You Industry 4.0

IoT brings us to the beginning of Industry 4.0 and with the opportunities for improved delivery, services and customer relationships comes challenges of data management, creative process re-engineering and most of all security. IoT devices are arriving through the door each day, meanwhile the introduction of GDPR compliance next year brings additional responsibility for data ownership and privacy. . In this session we will investigate the opportunities for IoT in different business sectors alongside the risks of the IoT experience. We will discuss how to defend and protect against today’s IoT’s vulnerabilities and review how security offerings such as blockchain are evolving. We wil also offer a checklist for how your enterprise can plan for and benefit from the emergence of enterprise IoT.

Finally , in the System Administration track I’ll be joining Linux expert Bill Malchisky  to discuss Docker on Linux and what you need to know

Running Docker and Linux Together

The introduction of docker within IBM’s product strategy as well as the popularity of containers as a solution means it’s time to learn some new tools. Join Gab & Bill as they offer architectural insight for both Linux and Docker along with storage and network isolation tips. Curious about good and bad devops processes, deployment, upgrades and backups? You will receive technical explanations with examples. If Linux is the path ahead, Docker is the depolyment conduit. Let’s get you ready for the journey.

Thank you in advance to the NH / Maine convoy that will help get me from NY to VA,  I’m looking forward to sharing these new sessions and learning some new stuff myself.

Sametime Client Update Breaks Single Sign On

I recently built a new Sametime Complete environment for a customer that included an Advanced and Meeting server.  When I had completed the build I tested a new standalone Sametime client in a VM to confirm that I could login to the new Community server and it would log me into the Advanced and Meeting servers.   Having added the necessary lines to plugin_customization.ini to enable  Sametime Advanced* I was able to login to the Community server successfully and be automatically logged into the Meeting and Advanced servers.   However, when I handed over to the customer for testing I was surprised that they couldn’t actually login to the Meeting server at all through the Sametime client. They got a server unreachable error.

So I did further testing

  1. On my client I was configured to use SSL for both the Meeting server and Sametime Advanced. I could login to the Community server and that logged me in securely to Meetings and Advanced.  That same configuration on a test workstation of theirs failed to login to the Meeting server saying server not responding (although it did successfully log in to Advanced)
  2. If I removed the Sametime Advanced servers from the Sametime workstation client it could suddenly log in to the Meeting server
  3. If I changed the Meeting server configuration in the workstation client to use HTTP (80) instead of HTTP (443) I would be logged in to the Meeting and Advanced server
  4. On the test workstation I could always login to the Meeting server securely through a browser and open a tab to the Advanced server and be automatically logged in there even when the Sametime client claimed it couldn’t reach the server.

So why did it fail on every one of their workstations and not for me? It turns out they were using the latest Sametime client I had downloaded from Fix Central (20170402-0344) for them whereas I was using the 2016 build (20160624-0209).  I took a snapshot of my VM and upgraded my Sametime client to the April 2017 one and I immediately was unable to log in to the Meeting server. I rolled the snapshot back to the 2016 client and everything worked again.

One of the major updates in the 2017 client was SAML functionality and it does seem that the single sign on logic has been broken in some way by that 2017 update.  Everything is working with the 2016 client so for the time being (and whilst IBM investigate the PMR) we are rolling that out.  One to watch out for though - newer is not always better and you might want to avoid the latest 20170402-0344 update.

 

*for Sametime Advanced login to work at all in the client you must ensure “remember password” is checked and the following two lines are in the plugin_customization.ini

com.ibm.collaboration.realtime.bcs/useTokens=false
com.ibm.collaboration.realtime/enableAdvanced=true