Websphere Terminology for newcomers

Found this very good document describing the terminology from Websphere Application Server for people new to the platform. So if you’re unsure of the exact difference between a cell, node, profile and a cluster I suggest you peruse this document. I also recommend printing the graphics on page 4 and keeping it nearby.

Overview of IBM WebSphere Application Terminology for IBM
Lotus Connections Administrators

Solving a Lotus Connections 2.5 login performance issue

During the last week I have been diagnosing a login performance issue at a Lotus Connections 2.5 customer. The issue manifested itself by it taking around a minute for some users to login. It was only an issue for the initial login hence it was caused by something that the Websphere server cached on subsequent login attempts.

After diagnosing and making sure the install was at the latest fixpack and fixlevel from Fix Central, I finally found out what was going on. By using the Websphere Application Server trace functionality it became apparent that it was the Waltz / Directory Service Extension (DSX) component of Lotus Connections that was causing the problem. The issue was that Waltz took a very long time to resolve the groups the user belonged to and hence login took forever.

Waltz is using the federated repository LDAP setup from Websphere so for starters I found a workaround. The workaround was to disable group support in the Integrated Solutions Console (ISC) by setting a custom group search filter (e.g. objectClass=dummy). This works but also means you’re turning of group support completely.

A better solution which also works is to modify the Waltz setup in the directory.services.xml file in the LotusConnections-config directory. By default the top section looked like this:

<!-- *************************** -->
<!--   Waltz Profile Provider    -->
<!-- *************************** -->
      services.provider.WaltzServiceProvider" />

Reading through the file and using the schema as a guideline I could add an option to disable the group expansion i Waltz by embedding a property-tag beneath the profileProvider-tag as shown below.

<!-- *************************** -->
<!--   Waltz Profile Provider    -->
<!-- *************************** -->
   <property name="com.ibm.connections.directory.

Lotus Connections seems to be working just fine despite this option being set though I’m not completely sure of all side effects. I’ll post more if/when I learn more.

Policy control over business card retrieval settings and retrieval order

Disclaimer: The following is from the release notes of Notes 8.5.2 so I don’t take credit for writing this. Lotus Notes 8.5.2 is in beta and there are no guarantees that the features described here will be in the final product that IBM ships.

You can access a person’s business card to find out more about the person and retrieve their contact information. The following products can potentially provide the data that is displayed in the business card:

  • Lotus Connections
  • Lotus Notes
  • Lotus Sametime

If you have more than two of these products installed and enabled, you might want to specify which product should serve as the primary source of the business card data or you might want to prevent one of the products from contributing to the business card altogether. This is not a required task.

To prioritize the source of the business card data, complete the following steps:

  1. Find the plugin_customization.ini file in the following directory: <Notes>/framework/rcp
  2. Open the plugin_customization.ini file in a text editor
  3. Do one of the following:
    • To prevent one of the products from being the source of the business card data, add the following property to the file:
      where <provider_name> is one of the following values:

      • Lotus Connections: profiles
      • Lotus Notes: NotesContacts
      • Lotus Sametime: com.ibm.lconn.client.bizcard.livename
    • To change the order of products from which to retrieve the business card data, add a com.ibm.rcp.bizcard/change.priority.for.<provider_name>=<priority> property for each of the supported products where is one of the following values:
      • Lotus Connections: profiles
      • Lotus Notes: NotesContacts
      • Lotus Sametime: com.ibm.lconn.client.bizcard.livename
        and <priority> is a relevant alphabetic character. Use letters that come later in the alphabet to specify higher priority products and letters that come earlier in the alphabet to specify products with a lower priority. For example, a priority of A is lower than a priority of B.

      By default, the business card is populated with data from the products in the following order:

      • Lotus Connections
      • Lotus Sametime
      • Lotus Notes

      You can change the order and have the business card retrieve data from Notes first, then Lotus Connections, then Sametime, for example:

  4. Save the changes to the file.
  5. Restart Notes.

Installing Lotus Connections 2.5 on Windows 2008 Server

The last two weeks I have had the honor of installing Lotus Connections 2.5 on Windows 2008 Server 64 bit with Microsoft SQL Server 2005. Twice. And what a change from my normal Windows 2003 Server. In this blog post I’ll outline some of the issues I ran into and what I had to pay special attention to.

First off Tivoli Directory Integrator 6.1.1 (the component that move data from LDAP to the Profiles SQL database) isn’t supported and doesn’t run on Windows 2008 Server. The TDI scripts provided with Lotus Connections 2.5 doesn’t work with TDI 7 which leaves you at a dead stop. Only solution as of now is to find a Windows 2003 Server or other Windows platform to run TDI. Hopefully Lotus Connections NEXT will use TDI 7.

Next issue I had to address was that Websphere Applicaton Server (WAS) 6.1 should be at fixlevel 19 before you create any profiles on a Windows 2008 Server. This meant that the profile couldn’t be created as part of the WAS installer. This wasn’t too big of an issue as it’s a best practice not create the profile during setup anyway. A benefit of doing it this way is that it allows you to create the profile in another location than between your WAS binary directory.

So all was well and good? Not really as the GUI tool to manage profiles isn’t supported on Windows 2008 Server either. There is however a manageprofiles command to manage profiles which may be used. The command looks rather convoluted but it goes something like this (I ran it was admin):

manageprofiles.bat -create -profileName AppSrv01
   -profilePath d:WASProfilesAppSrv01
   -templatePath c:ibmwebsphereappserverprofileTemplatesdefault
   -nodeName LotusConnectionsNode01
   -cellName LotusConnectionsCell01
   -hostName lc.example.com
   -winserviceCheck true
   -winserviceAccountType specifieduser
   -winserviceUserName username
   -winservicePassword password
   -winserviceStartupType manual

The last few arguments create the Windows service. I have had some success doing this but most times I leave the “winservice”-arguments out and use WASService.exe to create the service instead.

wasservice -add LotusConnections
   -serverName server1
   -profilePath d:wasprofilesappsrv01
   -startupType automatic

When I installed Lotus Connection I had to run install.bat as admin to avoid having the SQL connection check fail.

Generally in Windows 2008 Server I found that paying special attention to drive and folder security made my life a lot easier. That goes for both WAS and IBM HTTP Server IHS). Additionally on one IHS server I had to manually install GSKit to enable SSL as it wasn’t installed by the installer. I also had to put GSKit (C:IBMGSK7lib) on the PATH in Windows. To symptom was that IHS couldn’t access the SSL keystore.

I hope this will help someone.

Speed up WAS restart when configuring with Lotus Connections

When installing and configuring Lotus Connections or any other Websphere Application Server based application you’ll probably find it beneficial to speed up restarting WAS. I found that disabling auto-start of some of the Lotus Connections applications was an easy way to do this. I simply followed the steps in “Websphere Experience: Startup behavior of an application” to do it.

For the people not afraid of XML-files you might as well simply edit the deployment.xml file(s) in <profile path>configcells<cell name>applications<application name>.eardeployments<application name> and set enabled=”false” for the <targetMappings>-tags at the top. As always with editing files directly – proceed at your own risk… 🙂

Want to learn how to write administrative scripts for Lotus Connections?

While reading my developerWorks newsletter for today I saw this nifty article (Scripting from scratch: Creating a Jython administrative script for IBM WebSphere Application Server) that teaches you how to write Jython administration scripts for Websphere Application Server. Now remember that Lotus Connections and Lotus Sametime 8.5 runs on Websphere so it might be worth checking out. Now I don’t know too much yet about Sametime 8.5 but Lotus Connections has a lot of so-called wasadmin commands that lets you issue administrative commands and these commands are written in Jython. Using this article I could probably get started learning how to automate some of the administration work in a Lotus Connections environment. Nice isn’t it?!

Is there a need for a login-feature in Lotus Connections?

Let me start of by fending you off by saying no I do not mean that we need a way to log into Lotus Connections… 🙂 We have a fair number of those and all are actually well documented and are working just fine. What I mean is that I have been wondering whether we need a specific feature (like Profiles, Bookmarks, Search) to handle the login into Lotus Connections. So why do we need that when we have a working product today?

The Lotus Connections product today have one sore point which is really a hazzle and it’s something that most customers would love to do and that’s customizing the UI. Today customizing the UI can be done albeit it’s a bit tedious and a lot of steps are necessary. It is however relatively easy to centralize the UI files and customize it in one location. All but for one thing. The login page. You can make Lotus Connections look the way you want except for the login page.

To customize the login page today you have to touch 15 files across all features. 15 files!! Are you kidding me?! The main issue is that every single feature has it’s own login page located deep within each feature code base (as a JSP which is somewhat readily editable). Also editing this login page means you have to hand-carry the customizing across upgrades.

So that’s when I thought about having an extra feature that handles the logging in. So instead of having a login page per feature you’d have a single login page in a single feature. Customizing that one would be trivial as it’s just a single JSP and it could maybe be sourced as an include from the HTTP server where all the CSS and image files are already stashed. I know there are stuff to consider such that SSO would have to be enabled among features (plus probably a host of other things I didn’t think of) but I think it’s an interesting idea. From my limited knowledge of the Lotus Connections innards it looks reatively easy to implement.

  1. Check that the user has been authenticated (maybe in a Filter)
  2. If yes – super!! Allow into content
  3. If no – bummer!! Make a note of the url the user was trying to access in a session variable and forward to the login feature
  4. Once authentication has been completed do a forward back to the url

Simplified I know but interesting. Comments?!

SSL certificates and the WAS plugin

Had some issues yesterday morning with the SSL certificate used between the WAS IHS plugin and WAS for a Lotus Connections installation (Dannotes in case you were wondering why you couldn’t log in this morning). Again it turned out to be the all to well known “ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)” issue where the SSL certificate from WAS isn’t trusted by the IHS WAS plugin.

The issue were “easily” solved by help of Technote 1264477 (GSK_ERROR_BAD_CERT error configuring SSL between Plug-in and Application Server V6.1). The solution is of course to extract the certificate from WAS and import it into the IHS WAS plugin keystore.

Configured the LinkedIn iWidget for Lotus Connections

Based on a blog post by Luis Benitez I configured the Linkedin iWidget for Lotus Connections yesterday. So if you’re a Dannotes Lotus Connections user you can now configure your profile page to show your Linkedin data as well (my profile).

The widget works by showing LinkedIn data alongside the profile page if the profile owner chooses to. Each user has to authorize the LinkedIn API to show the data. If he/she doesn’t it simply shows a message to that effect.

The documentation on how to install the iWidget leaves something to be desired but I managed and have it working now. I’m still IM’ing with a fellow yellow bleeder who is also trying to do the install. For him however it’s not working and we cannot seem to figure out why. My best guess is that the widget cannot figure out that he’s on his own profile but we’re not sure yet. Maybe it simply worked for me because I also did it on my MyDeveloperWorks page.

Changing the way I approach selling the value of social software

Yesterday I spoke at Lotusphere Comes To You in Copenhagen (and will be again tomorrow in Århus) on Lotus Connections and how companies should consider implementing Lotus Connections. As part of the discussions we have been having at the office in preparation for these talks I realized that my take on social software has changed significantly. I have spent a great deal of time the last year(s) evangelizing, installing and talking about Lotus Connections but I never really took the time to stop and think about whether I was doing it the right way.

While preparing for the talks I realized that the discussion has changed from a “isn’t this cool technology” and “you got to have this to be forward thinking” discussion to a “how can you live without it” and “you need this to be current” discussion. And I think that’s where the ball dropped. You need this kind of technology to be current. Not forward thinking. Current.

From the discussions I’m having it still seems like many people think of social software as something related to their private lives. Social software is Facebook – it’s not something for use on the job – at the office we use e-mail. For some reason many consider it an either/or and that the two doesn’t complement one another. It’s also becoming clear that many are so used to using specific applications that the concept of having multiple interfaces for the same data/functionality and that social capabilities may surface in many locations is foreign to them.

Another interesting thing I realized is that I need to stop talking about Lotus Connections as a product but instead talk about social software services. If we start discussing Lotus Connections as a product we quickly get into a technology discussion which it really isn’t. We need to discuss the need for social capabilities. The customer may obtain these social services from other sources than Lotus Connections – they may come from LotusLive. I see this as an interesting way to approach the problem of getting social software into business.