More Adventures In *** RHEL Configuration

I know I shouldn’t have blogged on Saturday – as soon as I think I have a problem fixed the universe rises up and slaps me roundly about the head.  So fast forward to the end, it’s Sunday night and I’m installing Connections on RHEL 7 so that’s good.  However to get there I had more hurdles which I’ll note here both for myself and for anyone else

I configured and enabled VNC and SSH for access which worked fine on the same network but not from any other network (“Connection Refused”).  The obvious first guess is that the firewall on the server hasn’t been disabled.  It’s always the first thing I do since I have perimeter firewalls between networks and I don’t like to use OS ones. So Saturday and Saturday night was an adventure in checking, double checking and checking again that I had the firewall disabled.  RHEL 7 has replaced iptables with firewalld but iptables still exists so my worry was that I had something enabled somewhere.  I didn’t think it could be my perimeter firewall since I had built the server with the same ip as an earlier server that already worked. My other guess was VNC being accidentally configured with –nolisten but that wasn’t true either.

By the time I went to bed Sunday morning I had ruled out it being the OS and was going to start fresh a few hours later.  I’d also noticed that although I could connect via VNC it was slow as hell despite having a ton of resources.

Sunday morning I decided to delete all the entries referring to that server’s ip on our Sonicwall perimeter device and recreate them.  That fixed the network access. The one thing I didn’t build from scratch was the one thing that was broken. *sigh*.

At this point I did consider switching to Windows 2016 on a new box but I already planned to use that for another server component and wanted to build with mixed OS. Also #stubborn.

So now I have VNC and SSH access but the GUI is awful. I can’t click on most of the menus and it keeps dropping out.  I’m running GNOME 3 and I can find endless posts about problems with GNOME 3 and Cent OS or Redhat so I bite the bullet and install KDE because all I want is a GUI.  KDE is as bad, slow, menus not clickable.  I make sure SELINUX is set to “Disabled” but still no luck.   I try installing NoMachine as an alternative method but that has the same problem with the GUI – slow, unresponding, menus unclickable and eventually a crash with “Oh no!, Something has gone wrong”.  Which isn’t nearly as entertaining the 100th time you see it.  Along the way I disable IPV6 entirely and found and fixed this bug

https://bugzilla.redhat.com/show_bug.cgi?id=912892

and this one

https://bugzilla.redhat.com/show_bug.cgi?id=730378

oh and this irritating setting

https://access.redhat.com/solutions/195833 “Authentication is required” prompt

Throughout Sunday I’m continually working with /etc/systemd/system/vncserver@:1.0 to modify the settings, create new instances, create new VNC users but no matter what I try it proves unworkable.

I’m using the Red Hat instructions from here which has a configurator you can use to automatically create the file vncserver@ file according to your settings.  I’m suspicious of that file because it has settings I don’t normally use like  -RANDR so eventually I edit the file and change

ExecStart=/sbin/runuser -l turtlevnc -c \”/usr/bin/vncserver %i -extension RANDR -geometry 1024×768\”
PIDFile=~turtlevnc/.vnc/%H%i.pid

To

ExecStart=/sbin/runuser -l turtlevnc -c “/usr/bin/vncserver %i -geometry 1024×768”
PIDFile=~turtlevnc/.vnc/%H%i.pid
Cleared the /tmp/X11.unix/X? directories and restart once more.  Everything including GNOME 3 works and it’s zippy zippy fast.

 

So. Note to self. Next time remove that RANDR setting and win yourself an entire day back.

 

Benefits and Risks of a Single Identity

Below is my presentation from IBM Connect 2017.  I have added some speaker notes to the slides so if you were there in person, this looks slightly different but I wanted to offer some clarity to a few of the pages that were heavy with graphics.  If you were at Connect and saw this presentation I hope you found it useful.

I will next be presenting on the Internet Of Things in the Enterprise @ InterConnect in Las Vegas on March 22nd so a new topic for me and one I hope you’ll find interesting.  Personally I’m nervous – new location, new audience, new topic 🙂

What Kept Me Busy In 2016 and Where Am I Going Now?

I think this post might be just under the wire for 2016 reviews so let’s talk about what I was working on and learning for the past year.  I always need to be learning, if I’m not I feel like I’m standing still and last year most of my learning moved outside of the core IBM products simply because there was little new to learn.

So what kind of projects did I work on?

  • Security reviews of Domino, Connections, HTTP environments
  • Single Sign On projects including deploying SAML using ADFS and TFIM as well as lots of Kerberos / IWA integration projects
  • Designing hybrid environments for customers moving mail to the cloud
  • Lots of TLS configurations on lots of different products
  • IBM Connections upgrades to 5.5
  • IBM Sametime deployments from sites that had 8.5.2
  • Domino consolidation, maintenance and hardware migrations
  • High Availability for Traveler, Domino HTTP and Sametime

What was I learning?  I’m always looking for interesting and challenging technologies that can make a difference to those smaller customers who need to stretch a tight budget.  It’s how I got involved with Notes originally in the early 90s – It allowed me to make big changes quickly for smaller customers.  This year that has meant staying on top of cloud and hybrid security issues and single sign on products and technologies.  Beyond that I have become really interested in data visualisation and have been working with products like Tableau and some of its cheaper competitors to see what they can offer.

Then in December I signed up for a Lynda.com subscription to ensure I have a good grounding in wider technologies and how they can work together.  Of course signing up and actually making time to learn are two different things so that takes us to 2017.

Goals for 2017

  • More data visualisation tools / learning cool things to do with Tableau
  • Building myself a Lynda training plan
  • Deploying Verse on Premise for existing Domino customers and introducing those without Connections to that integration piece
  • More work with database technologies around performance and security
  • Identify ways to deploy docker solutions with better stability and security
  • Improving my languages (I’ve been working on Italian and want to learn Spanish)
  • Working on interesting projects or ones that make a difference

As you can see my “goals” are fairly loose, I am always open to new ideas for technologies to learn (except development languages – blech).  It may be my review of 2017 will be nothing like my goals list and I won’t consider that a failure.

 

 

So THAT’S what it’s about

“A New Way To Work” – all of us in the IBM mail space have heard the phrase and seen presentations but does it actually mean anything to me – a set in her ways mail and calendar user who just wants mail to work and be fast?

In the past few months I have been using Verse On Premise in its beta form as well as the beta versions of Verse for iOS.  I had previously played around with Verse in the cloud but since my 20 year old mail file is on our Domino servers, the majority of my mail and searching activity was done via Notes and Traveler.  iNotes was never a client of choice for me.  I don’t archive mail very often (alright never) and so there’s a lot of history there.

So what have I found? I absolutely love Verse.  It’s fast and the layout is clean but as promised there are features that are so ridiculously useful** they have literally changed how I work for example

  1. Flagging for “needs action”  via a single click which then lets me set an action date for today, tomorrow, a week or other
  2. At the same time I can add a  personal note to the  message that travels with it,  and is visible when reading it in Verse.
  3. I can then remove the  message from my inbox by clicking on it.
  4. Viewing just those messages that need action which are automatically categorised by “today”, “tomorrow” etc.
  5. All of that, the action, the date, even the private notes transfer to Verse for iOS on my phone and iPad.

Add to all of this is the fact that it’s my same mail file on my same Domino servers. I could and can still open using the Notes client, using iNotes, even using Outlook if I want.  There are lots of things to enjoy about Verse and everyone works differently, but this is one group of features that live up to the hype of having tricked me without noticing into a new way of working 🙂

** no screenshots in here as it’s advanced beta still under NDA but the features have been shown publicly and hopefully will be in final product

Introducing Penumbra Briefings

On today’s Community Call we were able to share a new initiative being started by The Penumbra Group called Penumbra Briefings.  Penumbra is a worldwide networking group of Business Partners that we have been part of for over 20 years and has as its members many partner companies and people you already know very well.

So what’s a Penumbra briefing?  At our regular meetings one of the things we all enjoy are the open discussions about IBM news and technologies as well as what we are individually working on.  Our idea was to bring that approach to a wider audience in the hopes that others will find it useful and interesting too. These are intended to take two formats:

  1. Monthly webcasts with published topics and with an audience Q&A at the end.
  2. Daily briefings during Connect 2017 in  San Francisco.  Independently from IBM (and not part of any official agenda) we will be holding briefings about the days’ events, sessions and news which will be both live for people attending and broadcast for those not.

If you have 2 minutes to give your feedback on today’s briefing or even the briefing idea,  it would help us identify topics of interest and the best format moving forwards.  We have a very brief survey here http://bit.ly/PenumbraBriefing

Thank you to Tony Holder, Mike Smith, Lance Spellman, Nigel Cheshire, Wannes Rams and Julian Robichaux for being panelists and moderators today.

More information about the briefings in the presentation below and here is a REPLAY of today’s call.  Details of our next briefing in November will be available soon and we hope you can attend.