Post on 10-Jan-2017
Akademia IBM Social Business 2016
16 -18 maja Hotel Fabryka Wełny http://www.fabrykawelny.pl/
IBM Connections Cloud AdministrationOlaf Boerner, BCC Ltd.
© 2016 IBM Corporation 1
Agenda
• Introduction IBM Connections Cloud Offering • Administration Roles for Cloud Administration • User Provisioning • Issues / Challenges managing IBM
Connections Cloud
About me• Studied Business Administration and
Computer Science • Processional Notes Consulting since 1994• CEO and Founder of BCC in 1996
• Working as project manager senior architect with large enterprise customers– Securing IBM Social Business infrastructures
– reducing Total cost of Ownership of IBM Social Business Infrastructures thru automating Administration
• IBM Champion in 2014 & 2015 • Twitter: @OlafBoerner
IBM Connections Cloud - Offerings • Offerings
– https://www.ibm.com/marketplace/cloud/business-social-networking-on-ibm-cloud/purchase/pl/en-pl
• Packages – IBM Connections Social Cloud – IBM Connections S2: – IBM Connections S1 > Full Package – Connections
• Web Meetings • Docs • E Mail Services (IBM SmartCloud Notes / IBM Verse)
• Stand alone Services – IBM Connections Meetings Cloud – IBM Files / IBM Connections Files – IBM Verse
IBM Connections Social Cloud
Team workspace including a personal dashboard, file sharing, communities, and instant messagingMobile apps for accessing files, participating in online meetings, chatting with contacts, and synching email and calendarStorage: 1 TB File storage, 50 GB Communities storage, 5GB Wiki storage, and 50 GB Verse and SmartCloud Notes mailbox storage.Broad Language Support: Available in 22 languages
IBM Connections Cloud S1 Team workspace including a personal dashboard, file sharing, communities, and instant messagingMobile apps for accessing files, participating in online meetings, chatting with contacts, and synching email and calendarStorage: 1 TB File storage, 50 GB Communities storage, 5GB Wiki storage, and 50 GB Verse and SmartCloud Notes mailbox storage.Unlimited guest access to work with your partners, vendors and customers. (S2)Web meetings for 200 participants with desktop and application sharing, chat, and polling (S2) Email and calendar for web, desktop, and mobile, with spam and anti-virus protection. Includes IBM Verse and Notes Cloud mail experiences and IBM Notes Traveler for mobile access. (S1) Document Editor for collaboratively authoring word processor, spreadsheet, and presentation documents (S1) Broad Language Support: Available in 22 languages
http://www.ibm.com/software/interactivedemo/us/en/?p=ibm_connections_cloud_s1
IBM Connections CloudPricing per User/Month
• Packages – IBM Connections Social Cloud: 5,79 EUR– IBM Connections S2: 7,72 EUR – IBM Connections S1 9,65 EUR
• Stand alone Services – IBM Connections Meetings Cloud 4.82 EUR – IBM Files / IBM Connections Files 3.86 EUR – IBM Verse 4.82 EUR
Deployment models
• Cloud only • Hybrid Deployment for existing Domino
customers – Smart Cloud Notes
• Typical scenario in EU – IBM Domino / Notes on premise – IBM Connections Cloud S2 or – IBM Connections Meeting (now VoIP enabled)
• Challenge: On Premise and Cloud integration
IBM Cloud Administration Roles: IBM and „Your Company “
IBM Cloud Service
Management
Server and Infrastructure Management
User Support
Account Provisioning
& Registration
http://www-01.ibm.com/support/docview.wss?uid=swg27023836
IBM Connections Cloud: Server and Infrastructure Management
• IBM Tasks – Infrastructure and server monitoring– Manage and maintain service environment– Manage spam/virus filters
• Customer Task – Managing spam filter’s white list (only for Messaging)
• Summary: – Switch to Cloud will remove Administration task for Application Servers – Service Provider Management to monitor IBM
• Network performance • Application performance • Legal requirements / data protection
IBM Connections Cloud: Support
• Internal First Level Support
• Support for Client based issues – PC / MAC– Mobile Devices – Company Network
IBM Connections Cloud: Account Provisioning & Registration
• Account Provisioning is a significant part for IBM Cloud Administration
Subscription Management
1. Buy Subscriptions – IBM‘s Cloud Products – Per User – 12 month to 36 month
2. Assign Subscriptions to Users
How to implement in your Organization • Can Administrators buy Subscriptions ? • How to integrate procurement ?
https://www-112.ibm.com/software/howtobuy/softwareandservices/buynow/configurator/swc/configurator/configure.action
IBM Connections Cloud Administration: User Interface
• “simple” browser based Interface• Two steps provisioning
– Create user account – Assign a subscription
• BUT does it fit in your organizational procedures ? – Admin
• Manage users and accounts – Admin Assistant
• reset passwords for other users (not Notes IDs)• Resend Invite Mail
• Manual process is a pain for creating > n accounts
IBM Options to „Automate “ Account Provisioning & Registration
Integration Server
• „Integrate user provisioning and Web Mail directory integration information from your on-premises administrative environment to cloud-based management“ (IBM)
• Provides an interface for – User provisioning and identity management – Directory integration– User profile management: change profile attributes – Chat policy assignments: chat history & file transfer settings
Integration Server - Architecture Integration Server must be enabled by mail request to IBM Cloud Support • Based on „change files“ in csv format
(csv will stay forever in IT ) • Uploading change file to Integration Server via Secure FTP
– ftp.ce.collabserv.com (EU) , ftp.NA.collabserv.com (US) – Implicit SSL mode which port990 – Firewall need to open port 60000-61000
• After processing change file – Integration server creates server report files – Subdirectory _processed or _error
csv change File: naming convention
• IBM Connection Customer ID • SourceID: differentiate data source (optional)• Typ -> describe change request scope
– prv for user provisoning – di for directory integration s
• Sequence Number – 0 - 4294967295 – Each File must have a higher sequence number than the last processed
file • Ext – file extension(csv or ldif) • Example: Provisioning File Name
– 000000815_BCC-DD_prv_1367246866.csv
csv change file field: Actions
• Actions: following provision actions are available – Add, Update, Suspend, Resume, Remove, – AssignSeat, ChangeSeat, RevokeSeat, – Rename, – ResendInvitation, – ChangeStorage
• AssignTo– To remove collaboration services and – to assign the resources belonging to the old account to a new
account
csv sample: Add user to messaing & assign traveler
emailAddress,action,subscriptionId,givenName,familyName,password,altEmailAddress
1. Step – Add User Olaf.Boerner@bcc.biz,Add,69052,Olaf,usr20,passw0rd,oboerner@bcc.biz
2. Step – Assign Traveler Olaf.Boerner@bcc.biz,AssignSeat,69053,,,,,
Both steps can be done in a single file
Integration Server report file • Server Report file
– report file for each batch of change files that are processed– Reports are generated in the _report directory.– Report file name includes date & time – _report\LLIS_Report_20120820_121003.txt
• Report File Example – *** Processing file: bcc/acme/20049989_PRV_00000001.csv– 11/6/15 11:12 AM - CSV entries read: 3; BSS entries written: 3; No errors!– Processing file: bcc/acme/20049989_PRV_00000002.csv– 11/6/15 11:13 AM - CSV entries read: 1; BSS entries written: 1; No errors!
• Error Handling – change file is moved to the _err subdirectory – Server trace file is only stored in that directory
Directory integration • Synchronize your on premise directory with IBM Web Mail Cloud
contact directory • Do not confuse this with user accounts ! • Syncronize using LDIF Files - > example
– DN: cn=Olaf Boerner,ou=Development,o=BCC– changeType: add– objectClass: inetOrgPerson– displayName: Olaf Boerner– mail: olaf.boerner@bcc.biz– givenName: Olaf– sn: Boerner– telephoneNumber: +49 123-45678
Example: 000000815_BCC-DD_id_1367246866.ldif
Current „limitations“ with Integration Server
200 operations per file750 User transaction per hour 10.000 User changes per day
Policy Administration
Controlling your IBM Connections Cloud Settings
Security Management
• Password policies– Expiration: 30, 60, 90, 180, 360, None – Passwort Reset:
• Send Email to Users to confirm identity • Support via: Phone URL
• IP Adress Range: Restrict Login to approved IP Adresses – Start IP – End IP
Mobile App Management• Enable mobile Access to Communites, Activities, Blogs, Files • Display on Home Page • Files
– Control up- and downloads – Allow import and export – Enable Sync
• Security – Enable App Password– Define Password Quality – Mobile Device Management required
Issues / Challenges
• Service Provider Management must be established
• SPR Management to IBM Support– Bug Reporting – Feature Enhancements
• Manual IBM ID Vault upload in hybrid environments– Upload each ID File manually – Admin need to provide password
• Integration with OnPremise Enterprise Directories (Active Directory / LDAP etc)
Issues / Challenges: „All Mighty“ Admin“ Role
• Only simple delegation model available (Admin Assistant)
• All or nothing approach • Integration in your Organization / Helpdesk ?
– Different UI / Interface – Manage Access
• Audit Trail / Compliance Report
Solution proposal
Administrative Interface for IBM Connections Cloud
Administrative Interface for Cloud Administration
• Service Portal for internal Administration / Helpdesk – Integrate in existing Intranet – adapt Corporate Design
• Ensure internal standards thru policies • Allow granular delegation models
– User Management for different regions – Self Services – Approval Workflows
• Log / Audit Trails
BCC Service Portal – out of the box
BCC Service Portal – out of the box
BCC Service Portal – CSS Customizing
BCC Service Portal – CSS Customizing
Summary
IBM Connections Cloud Administration: Lessons learned
• Moving to IBM Cloud still requires Administration
• Add the responsibility role to your organization to manage “IBM” as a ServiceProvider
• Current Administrator Interface – does not fit to enterprises – Does not scale to large size of transactions
IBM Connections Cloud Administration: Lessons learned
• Shortcomings – only Admin roles will not be compliant with typical
organizational structures – no “support” for organizational policies – detailed loging / Audit trail is missing – FTP based Integration Server is a clumsy solution
• Solution – Internal Service Portal for Task Delegation – Integration for Directory Synchronisation
BCC Olaf Boerner
Questions ?