It’s been a few weeks since I’ve posted here. The end of last year was a juggle of many different pieces of work and learning new technologies but more on that later. I did however take my eye off the ICS (IBM Collaboration Solutions) ball waiting for the HCL deal to firm up and find out more what was going on.
As you may know from my previous post, at the end of October IBM entered a partnership with HCL whereby the latter took development ownership of all Domino products including Verse and Traveler as well as Sametime whilst IBM continued to own the license model, support and most importantly strategy. As part of that announcement we were told of an upcoming series of workshops around the world called Domino Jam 2025 which were to determine the future path of both Domino and Sametime (so not just Domino and nothing to do with the year 2025!).
Last Friday I (along with about 50 other people) attended a London Domino Jam at IBM South Bank which was hosted by the senior development team at HCL (who transferred in from the same roles at IBM) and the product management team at IBM. Up until a week or so ago I would say I was more curious and cautiously optimistic than excited. I had been in coversation with someone in the development team at HCL who I have known from IBM days for 20 years and his introduction to HCL and his enthusiasm for the future sparked my own. Let’s just say the HCL team seem to be people who have been long immersed in these products, believe in them and are now being let off the leash to develop for the future. During the day we were casually told that there would be new product releases guaranteed in 2018 including
Sametime Instant Messaging 10
That was and is very encouraging news and IBM seemed bemused that several of us in the room kept asking for clarification and confirmation of a thing they thought we already knew.
As part of the Domino jam workshop we were split into groups and asked to brainstorm things like “your biggest pain points” and “what features would you like to see in the future” and then prioritise and present them. These workshops are going on around the world right now (there’s one in Geneva I believe today) and you can register for them here https://www.ibm.com/collaboration/announcements/domino-jam2025. In addition if you can’t attend in person IBM are hosting a Domino Jam Forum from Jan 16 – Jan 19 where you can provide your feedback directly online. See this blog for more information https://www.ibm.com/blogs/collaboration-solutions/2018/01/11/announcing-domino2025-online-forum-january-16-18-2018/
“the “#domino2025 Online Forum” will be active for fifty-five hours across the globe to gather your business and technical input and prioritization.” (I prefer “priorities” but I get what they mean :-).
If you are in any way invested in the future of ICS products either mail or instant messaging or conferencing then this is a serious effort to hear what you want and don’t want. I can tell you there was some very honest and harsh feedback as well as some pretty extreme ideas thrown out by the teams last Friday and we were encouraged to do that. I know for some of you it’s asking a lot but dig deep, find that kernel of optimism that’s still left, or just throw in your lot because it does no harm to do so and may do a lot of good.
This is an opportunity to help form the long term strategy and direction of products many of us love and believe in. Take it.
As I went to bed last night I set the alarm early, I have a lot to do this week especially since I’ll be at Icon UK for 2 days of it and I wanted to get started early. So of course today was the day my work went out of the window and I lost 10 hrs debugging one of my own servers. Let’s back up…
This weekend I was prepping my presentations for Icon UK this Thursday. One is called “Domino In The Back, Party In The Front” so I’m going to be talking about all the client options available to you using Domino as a back end.
On Sunday I had the idea of installing IMSMO (IBM Mail Services For Microsoft Outlook) on one of my lab machines. I had a customer wanting to deploy and I wanted to try and mirror their setup, plus it meant I’d have something to demo from. The lab server was already running 9.0.1 FP6 with a SHA2 SSL certificate delivering TLS1.2. I hadn’t used any web services on it in a couple of weeks so I went ahead and added IF3 (required by IMSMO) and installed the application addin service. It actually installs as a variant of Traveler (and I’ll be blogging on that later). I completed the install and Outlook worked fine. Unfortunately it was the only HTTPS service that worked. Everything failed. By failed I mean the browser – any browser – refused to connect.
So off I went to investigate why the browsers wouldn’t connect. I started with testing via SSLLabs and that reported AN F as apparently the server was demanding SSLv3 instead of TLS 1.2 Of course just about every browser will refuse to accept a negotiation of SSLV3. But why was the server suddenly demanding it when it had never done so before?
Well 10 hrs later I’d exhausted everything I could think of:
- verified notes.ini had no additional unexpected settings
- forced Disable_SSLV3=1 even though that server had been fine serving TLS 1.2 previously
- disabled internet site documents and reproduced using web configuration
- recreated the internet site and web rule documents
- generated a new keyfile from my wildcard certificates
- uninstalled IF3
- uninstalled IMSMO including all the cleanup
- scanned for anything that could be hijacking HTTPS
- restarted and restarted and restarted http and clear cache upon cache upon cache
- bothered Darren Duke for a sanity check – I believe the words “I don’t know what the hell is going on” came up
- uninstalled Domino (around hour 8) because I couldn’t spend any more time troubleshooting
After uninstalling Domino. Reinstalling up to FP6, copying in the databases and templates and restarting. I was back with TLS 1.2 again and suddenly SSLLabs was giving me an A+.
Of course then I did what I should have done in the first place (saving time is never a time saver), I built a new lab server purely for IMSMO. Installed FP6 and IF3 and the addin and everything worked perfectly including TLS1.2.
I have no idea what part of the IMSMO install , the addin or IF3, conflicted with my existing lab server configuration or what it did to force the server to only serve SSLV3 no matter how I tried to push it otherwise – but an uninstall and clean install ended up being my only fix in the time I had. Someone somewhere knows the setting that made it do that. I’d love to know what.
Now it’s 4.15am and I’m back where I thought I was at 11pm Sunday night. The 4 days work I had to fit in 2 days , I have to fit in 1 day. This week’s lesson. Never start something new when you barely have time to get the existing things completed.
See you at Icon UK
I was delighted to be invited to speak at the ISBG (http://isbg.org) conference in Norway which this year was held in Oslo. I’d like to thank the organisers for being so accommodating to the fact that I could only stay 1 day !
I presented on two topics , Upgrading Connections and Managing Traveler. The content for both is on slideshare and linked below. My upgrading Connections session had a lot of new content about 5.5 and 5.5 CR1 and I hadn’t written a Traveler management session from scratch in several years. I’m not sure how well the audience received them but I am pleased with the content at least. I hope you find them useful.
So you have IBM Connections installed, but now you need to decide what and when to update. It could be a WebSphere fix or a DB2 fixpack, a new application, a database schema or an entirely new version. Some updates are for security, some for performance and some for new features. In this session we’ll discuss how you can decide when and what to upgrade, how to plan for and perform a safe upgrade regardless of its size, and test when it’s complete. We’ll also discuss what things can trip you up along the way.
Traveler is a core component of most companies’ mail infrastructure, but its maintenance and security goes far beyond Domino server management. In this session we’ll look at a Traveler environment from daily tasks to enforcing TLS and starting with understanding how Traveler behaves. We’ll review both standalone and high availability configurations and discuss common problems, as well how best to plan and design a secure and stable infrastructure.
Apple are getting ready to ship both iOS9 (sometime next week is rumoured) and the latest version of OSX called El Capitan. Already people have downloaded and are using beta versions of the software and finding things don’t work – small things like Notes won’t install or run and iOS devices won’t connect to Traveler! So here’s what you need to do (and with thanks to the king of all things Apple OS Rene Winkelmeyer)
Your Traveler server must be upgraded to the latest version which was released last week – 22.214.171.124. That version adds support for iOS9 and without it your devices won’t be able to connect. All those BYOD users with iPhones are sure to be updating the second the OS is released so you really need to stay ahead of the game and get your server upgraded. And whilst you’re at it , make sure you get your SSL certificates updated to SHA2 if you haven’t already.
Amendment: Rene would like me to make it clearer that not having a SHA2 certificate from a public CA will absolutely positively stop Traveler from working as of iOS9 right now. He’s right – I wasn’t clear enough on that. Your Traveler server must have a SHA2 SSL certificate and really must be Domino 9.0.1 FP4
IBM have announced there will be a new 64bit (yay!) version of Notes 9.0.1 for the Mac to be released prior to the shipping of El Capitan. There are no declared dates but I’m hoping that means “September”. More details of that here but basically until the new 64bit client is available, don’t upgrade to OSX 10.11
So. Traveler first. In fact Traveler NOW and then wait… 🙂