I went ahead and posted my notes on this since I had answers (posted in each one with italics) to some of the questions they were asking.  Maybe some of the callers will find this posting.  These were quick notes to myself, and I only slightly cleaned them up.  So bear with me.  (I am headed to vacation)

• Asia Pacific area looking for a proof of concept install for their business and need NAT and public CA documentation.  Caller said they got the wrong certificate purchased, that it didn't support TLS.  Lotus is working hard in 8 to simplify install and config.  As for NAT, they list the restrictions for NAT due to SIP.  Certain NAT providers are becoming SIP aware due to VOIP and other real-time collaboration.  As I posted about the morning call, I will shoot out some diagrams for everyone since this seems to be a main focus.
• Caller is implementing Sametime 7.5.1 and having client issues, even with CF1, of getting layout and pre-population to clients.  Preference controls like auto-status changes, for example.  Lotus suggested utilizing the   plugin_customization.ini file to change and set some of the settings.  They have no policy control with the 6.5.1 server and Sametime Connect 7.5.1 CF1.  The issue is that they must then match the new policies when going live with the server on 7.5.1 or 8 to make sure they do not change everything back.  This is a big part of rolling out the advanced client and wanting particular features enabled or set a certain way before the server policies are deployed.
• Another caller emphasizes the issues with SSL config from Premium Server as first caller.  Thawte server worked fine.  Yes, I am seeing in installs that you need to import root certificates in many instances to get it to work.
• Australia - IBMUS and Australia connectivity problems.  Customer is using dual network cards trying to route public and private address.  asking if the OS will do the routing.  Part 2 - Wants to talk his SIP to their SIP.  Asked about port 443, which is not right.  He needs port 5061 for encrypted, not 5060 which is unencrypted.  No 443 need.  1516 and 1533 open for internal connectivity on 7.5.1.  Then 1516 for 7.5.1 CF1.   Also asked about LDAP server connectivity over 636.  DB2 server, is it encrypted by default and does Express C handle it?  Not by default, and maybe not in Express version, have to verify that.  IBM SIP gateway connectivity actually needs port 5060 for the first connection then 5061 to finish.  LDAP SSL relies only on the LDAP server having a public certificate.  What data is stored in the DB2 database, a security concern question.  Lotus answers that in the DB2 database you can find the gateway configuration data, user id and group id in UNID form.  Last question, checkpoint firewall in front to cover NAT issue?  Lotus has customers with it.  Multiple NIC cards not an issue as long as its config'd correctly.  I say why not use NAT and routing with a single NAT instead of trying the dual-NIC approach.
• What kind of arrangement does IBM have with the chat vendors in terms of IP address changes?  same question as this am, same answer.  Then MSN connectivity question.  no official statement yet from Lotus.  I see the IP address changes a hard part for firewall teams that are trying to set the port to only allow certain addresses to talk to the gateway.  That is a tough move when you are relying on a 3rd party (IBM) to tell you when they are changing their IP addresses.  How about just moving to a DNS range for the provider and then everyone is happy.
• SIP phone as PBX install.  Asking for connectivity options as general PBX integration.  Good question but no comment was provided to direct them to the vendors writing plug-ins and softphones.
• Customer wants an  easy way to find out what other corps are using the gateway?  Lotus does not keep or publish that.  Creating a Sametime Gateway group in Facebook or a posting in the Sametime forum was a recommendation.  There is a Facebook group for the Sametime Gateway already with a good couple handfuls of members

We are happy to announce that we already have our first server live with today's Lotus release of the pilot install option, which is basically up to 100 users in a single server installation.  There are some caveats with it, but Connectria is offering a hosting package around it for all of your enterprises wishing to test deployment without the headaches.

IM me (upper right corner of blog), email me or carrier pigeon.

I attended the Open Mic call on the Sametime Gateway this morning to see what everyone had concerns about. (Do not worry, this call goes live again one more time tomorrow I think, see the website or Partner Forum for details).  Well I came away with concerns myself as I see how this is getting implemented at the larger enterprises.

There were at least 15 calls taken, and I managed to capture and write down the main point of each one.  The majority revolved around a couple key areas, and that is where the concern is.  Participants were asking for network diagrams, port settings and allowable IP addresses and better clustering support.  While some of the questions did receive direct answers, in my opinion some did not.  Now someone there will say it was not official support inquiries, no official statements, yada, yada.  But when you have large enterprises trying to deploy a clustered solution in large deployments with too many network security teams in the mix, well you get confusion.

First thing to the companies.  Too many companies are trying to reverse proxy, put servers in front of server even in the DMZ, build SIP clusters with load balancers/IP sprayers.  I agree with one thing for sure, everyone needs the cluster support to deploy this is an enterprise solution.  As for all this worry over this server in the DMZ, why the stress?  No data sits on the gateway server, it connects over SSL to your internal LDAP (further restricted by port and hosts is needed), it uses the encrypted VP protocol to the Sametime clusters in the back.  DB/2 can sit behind the firewall restricted by host/port access also.  So you basically have a shell running a program that acts as the gatekeeper.  Or gateway as it is named.  Get the security team to understand this.  There is no data to be protected, if the gateway gets bombed or hijacked, then they get an empty shell that you cut off.

Second thing is to Lotus.  Come prepared.  Half answering chat logging questions, diagram requests, proxy support and numerous clustering questions won't fly for long if this is truly an enterprise solution.  Yes you did answer some areas of what is coming, things that are verified in support and even how to map multiple O's through LDAP queries to Domino.  But the lack of testing of clustering and the network outline support is frustrating to most of the callers if my current pings I am getting are right.

This article just talks more about the deal with IBM to closely tie OpenScape into Sametime.

Chris Miller, director of messaging and collaboration at Connectria Corp., a managed IT services company in St. Louis, said the added support for VoIP technology could cut costs significantly for corporate users. Connectria sells and supports Sametime and is also a Sametime user.

The rest of the article is basically another user comment and some base info that everyone read last week.

Yes I did it during the day.  Yes I did it in a hurry.  No I did not want to worry about the old server and disk space anymore so the opportunity was there with some freetime maneuvering of other items to make it all happen.  I tried to reach as many as I could at the last minute but figured they knew what was coming since I had the machine sitting in a rack ready for weeks now.

Full text indexes will take a few to rebuild as I did not move those to save time.  So let's see how it settles in tonight after everything gets caught up.

Chris

Jump over and watch the video and see for yourself..

he has a higher quality version here too

I came across this and decided to go full force with the idea.  It has embedded video streams from a collection of public videos as well as embedded ones.  it also gives the ability to go live onthe channel and have technical talks and such.    The currently featured set is all Lotus Connections

You can find the page right here

.............. for now until the full URL goes live in DNS shortly

Today, IBM announced it has acquired WebDialogs, a privately held, leading provider of Web conferencing services and a partner of choice for the Conferencing Service Provider market with over 70 relationships and 200 brands in the market today

Unyte already has plug-ins for Skype and Yahoo, the Lite version is free.
So besides some new plug-ins for the Lotus suite, here is the interesting piece, Lotus basically says that Sametime is not made for extranet meeting in this section of the press release... not the second sentence in the overlap question....

You get the added value that IBM plans to bring by developing plug-ins for WebDialogs to seamlessly integrate with products in the IBM portfolio such as:

• IBM Lotus Sametime
• IBM Lotus Notes
• IBM Lotus Quickr
• IBM Websphere Portal

Q: Are there overlaps between the IBM and WebDialogs product portfolios?
The IBM and WebDialogs portfolios are complimentary.  While both companies offer products in the real-time collaboration space, the Lotus Sametime offerings are primarily used on premise and by all company sizes.  WebDialogs' Web conferencing service has seen wide adoption with small and meduim-sized businesses as well as 3rd party service providers.

So I hit their webpage to see what the company full offers and see an image on the homepage..


So I go and read and it looks like IBM/Lotus will offer a choice and support online meeting services to go after that WebEx marketspace with the Sametime name.

Many of you know Andy Pedisich of Technotics from speaking at Admin and all the Upgrade Seminars and Admin Bootcamps.  well he finally decided to get the arthritis medicine and start a real blog.  Jump on over and say hi, well you can say hi when he gets his comments working right with the standard blog template from Domino 8

2nd Quarter for Connections saw over XX companies jumping into the fray of deploying Lotus Connections with over XXX Lotus Connections pilots currently in play

As we sit here with Jeff, this article hits the web talking about a couple other companies rolling out enterprise social network software

SelectMinds pitches itself as a corporate social network that can give business and IT managers a bit more control over how employees connect on the Web, compared with something like Facebook. The networks are designed to let business professionals exchange information such as business leads, job candidate referrals, and new product ideas, or develop networks for groups of people with similar interests and concerns, such as women. Participants in a network complete a profile and can search directories for friends, former colleagues, or other people of interest.

Connectbeam lets employees share bookmarks and tag articles, pages, and documents with descriptive words.

Ok, so the rest fell under things we can't talk about, sorry.  Had to remove a bunch

Paxos statistics

• Lotus Connections with Partners was announced at Lotusphere and started with 30 people.  There are now 1084 people across hundreds of partners
• There are 71 communities
• There are about 100 blogs with 561 people logged into blogs
• There are 546 dogear users
• There are 1710 tags in system
• There are 1020 profiles

Until Mike Rhodin actually announced the name about the upcoming Sametime changes, it was all hush hush as always.  I said this earlier to IBM'ers...  do not name them Advanced and whatever (looking back it is Entry).

Advanced means that what you have now is not one of the best corporate instant messaging and web conferencing solutions.  It suggests that you have some basic model and there is something better.  I think a much better choice would have been Expansion Pack for example.  They made this same naming mistake with Basic and Standard in Notes 8.  You don't go to market with updated products naming making the older versions inferior to not new functionality, but the core itself.

Sametime Entry takes the IM capabilities already embedded in some IBM products and turns them into a stand-alone offering. The aim is to seed the market and encourage corporate users new to IM to use Entry and later move up to the Standard and Advanced flavors, Morse said

Sametime Advanced builds on the Standard version and adds in features like the ability to share one's desktop with others and ways to store and reuse geographic information. The software also includes persistent chat so that a person can log onto their company's group chat and be able to browse what was discussed earlier, particularly useful in the financial services business where staff in different time zones are continually tracking the markets.

Persistent chat?  Carl, didn't you have that a while ago?

Ok, I am done, back to Lotus Connections

Sample ways Lotus Connections Activities can assist;

• Track path through multiple processs and store results
• combine informal knowledge with formal guidance
• refer to previous Activities for guidance

Templates are a way to take Activities for copy and reuse

• remove specific references possibly
• you might want to leave tips for example
• over time there begins a library of templates
• templates can be taken from other templates

Activities really has no or simple workflow, with no application builder or program logic.  The focus is content.

Access points include many of the following:

• Browsers
• Lotus Notes
• Lotus Sametime
• Websphere Portal
• Web applications
• Feed readers
• Other rich clients

Interesting approaches in thought on deployments

• default allows read access to all of Lotus Connections except Activities
• posting comments, blog posts and to participate in Communities requires authentication
• Paxos pushes the authentication farther out to require authentication for all facets

Atom is the API for Lotus Connections

• Pushing data out from Lotus Connections is the means
• Syndication of your data for subscription
• RIM made some excellent statemetns about the overhead of RSS feeds and parsing with mobile devices
• important to remember: this is also for pulling information inbound into Connections, like the new RSS enabled mailfiles in Domino 8
• HTTP protocol is the transport mechanism
• common HTTP command, GET, PUT, POST, DELETE all apply when working with resources
• Atom Publishing Protocol is still an Internet draft, in the queue to be a RFC

It seems IBM has snuck out a software catalog for Connections.  I am sure it was announced somewhere but I found some cool tools

• Activities template pack for a handful of pre-built Activities templates
• Lotus Connections plug-in for Sametime Connect (please note the 8 client has embedded Sametime and Activities plug-ins for the install)
• Lotus Connections Multi-service portlet to integrate Websphere Portal

I was going to use TinyURL but IBM got smart and made short links, nice.

There is a slew of things I will need to blog while here... catch up

• eGA on August 30 for version 1.0.1
• Activities plug-n
• Pilot install for 100 users
• Integration for Notes 7 and 8 classic and Microsoft office

Connections v 1.0.2 soon with platform expansions

• Domino 7.0.2 and 8.0  LDAP support plus Sun One 5
• Intel SLES 10
• Firefox 2 on Mac
• IE 7 on Vista
• SQL server
• TAM / Siteminder Integration

This was after doing the suggested Ctrl-Shift-L to see shortcuts



All was better after a restart however and it now works fine

I didn't say it was for today, I was planning ahead for October in case I didn't remember Carl.

I received an email wannouncing it but I see some people already found it.  They have been soliciting comments on help menus and other items.  You can view and participate right here.  They do have a RSS content and comment feed for your RSS readers.  I will add it to the Particls package too.

I am trying to gather some more podcast traffic data on demographics.  So if anyone one of you had like 2 minutes to click a few buttons (I walked through it myself so it is just like that) please do so right here on this link.  This is the short version of the two they had.

It covers more demographic data and don't answer anything you do not wish to.  It is all anonymous anyway, but I keep getting requests for more stats data on the podcast itself so I am trying this out.

No pressure people and no biggie if no one does it

The next Virtual User Group Meeting features an online presentation on Justifying ND8 Within the Organization on Sep 5 from 12-1pm EST (GMT -5).  The presentation is free to LotusUserGroup.org members, but pre-registration is required.  Register at http://www.LotusUserGroup.org/vug

As usual, there will be a moderated forum that week where you can ask questions, suggest topics for the online event and get any other info.    Then on that Wednesday join the virtual meeting.

Click to see more on the content!

Continue Reading here" LotusUserGroup has an online meeting Sep 5th on "Justifying the ND8 Upgrade"" »

This was one of the better technical discussions in the podcast series. Susan Bulloch, IBM Technical Enablement Engineer, talk in depth about her recently published article on Developerworks covering the new Message Recall feature in Notes and Domino 8. I managed to stump her a couple times with things of the top of our heads as we crawled through the new feature.

We have a couple answers to the stumps in the podcast. If you disable the user via policy from message recall then the action ability in the mailfile is hidden. The portion on personal veruses public groups is a lot longer answer that Susan will post or link to the reference. The fix for the Standard Notes 8 client is not pretty is my eyes. You be the judge.

Here are the links for this show:

• Blog posting from Mary Beth Raven in Jun 2007 asking the default on or off quesiton for the feature
• Blog posting from Nathan Freeman responding to Mary Beth Raven
• Blog posting from Richard Schwartz points out the finer parts of compliancy and how this doesn't matter
• Blog posting from DominoBlog.com answering if the features works with DAMO/POP/IMAP
• Blog posting from Charles Robinson on comparing Domino 8 recall with Outlook 2003, see who wins

I will update more information when I get it. Make sure you check out Susan's blog to catch her at one of the conferences.

Music from the Drop Trio via Magnatune

I was sent this link today by a former Loti which made it all the more fun.  It was interesting to scroll down towards the now bottom and see Jim Bernardo, former Lotus Warroom Manager I worked with quite a few times, himself doing some slamming of Lotus in there.  Well then he is at Microsoft the past 7 years in various forms of product management and technical evangelist.

Here are some excerpts and random answers to get you moving over there to post your thoughts:

My impression is that companies are slowly but definitely leaving Lotus Notes. (I think Gartner said more or less the same in one of their reports).

Then:

The main problem with Notes (and I'm talking e-mail here) is that it is an incredibly ugly and counterintuitive client on top of an excellent, scalable, enterprise-grade server that runs on just about any OS.

From Jim himself:

I spent 10 years at Lotus, pre- and post-IBM...the vast majority of the people who had the gray matter around Lotus Notes...the people who built that product...left. They left not because they didn't want to work at IBM, but because IBM didn't want to continue Notes. All the hype notwithstanding, Notes 8 is not your grandfather's Notes, and moreover, is not becoming more "open". It's an Eclipse plug-in that runs atop Lotus Expeditor, the technology formerly known as the IBM Workplace Managed Client. That's either good or bad, depending on your perspective, but it's done absolutely nothing to make Notes more "open". Look where IBM spends their money...is the Notes PKI the default PKI for WebSphere and the rest of the IBM Software platform? Is the NSF the new database for IBM software? Or have they even tried to model the NSF in DB2? Is the Domino Directory IBM's strategic directory product?

So here is the big issue.  The documentation indicated you can set a policy for multiple groups of users and then update the users with different settings, plug-ins and pushed updates.  Some of this is quite true.  UNtil we get to site update parts.

I would have sent you here on Notes Net, but apparently the published info for CF1 is not complete.  See line 21 for some humor.

So what happens is that you can set an update site in the default policy, but it then overrides all the new group or explicit policies.  You can not set alternate update sites for different users.  They are grayed out with the provided default site.

Move on to leaving the update site blank and then the sub ones are forced to be blank.  Same scenario as above in reverse.  So in essence you have to provide only 1 update site at this time for your user population.  That doesn't help if you want users to get alternate updates or plug-ins at this time.

I bet it is on the list for the future though..

Well here we sit at the next step.  First of all, the update itself requires 2 restarts of the Sametime client.  While a full installation would only require 1.  Yes, they are updating components that need other updated first.  Just a warning for users.



So the updates do fire down the changes, and they do leave the other files locally, just one of those things to deal with.

After some gracious time on the phone with Lotus following Friday's posting, we found a few things to make this next screenshot work.  I had the site update listed in stconfig.nsf as the

URL for UIM provisioning:

This never seemed to work.  Updates were not coming down as I talked about on Friday.  We then placed the site update in the default policy.  Unfortunately we also had to do a reboot.  So I am not sure if the reboot or using the policy instead of stconfig did the trick.  We are testing that again one step at a time to let you know.

You can find it right here on his new Connectria hosted blog.

I already had the site specified for all the users in stconfig.nsf.  It was the same one I used before for the patches for the Sametime Gateway in 7.5 CF1 world.  Unfortunately it is not updating the clients now with the changes.  I am doing this in stages, meaning I have not rebooted the Sametime server since changing the site.xml file.  It shouldn't need to be done, so I didn't.  I simply updated the xml and waited for today.  Nada, nothing.

So looking at the local files in the plug-in directory you already have for Sametime Connect 7.5.1 compared to the new site update, none of them seem to match from the first 10 iI checked.  Either they had

com.ibm.collaboration.realtime.feature.version

listed instead of the new ones that did

com.ibm.collaboration.realtime.751.CF1.feature

or they were entire new features that did not exit before.  So the new ones should come right down.  But how about the ones that do the same thing but compete?  Shouldn't they simple update the date at the end of the feature line.  Instead of

com.ibm.collaboration.realtime.sprite_7.5.1.20070416

They go and toss some oddity name of

com.ibm.collaboration.realtime.sprite.feature._7.5.1.20070723-1402

How does that update the existing one or how does it know which to use unless called from somewhere else?  How can we clean up these older ones with the updates?

First let's cover the files.  There is a CF1 for the Sametime Gateway out there, just not Windows yet.  Amazingly the Sametime 7.5.1 server only gets a mere 69MB of update download while the Sametime Connect client gets a whopping 204MB file download

The Readme for the CF1 update can be found right here.

Server
So I compressed the installer and let it fire off for the server.  It says the total update size is 79.9MB and goes on quite willingly.

Client
So you have choices to either run the installer in it's entirety on the local machine or push out updates via the update site.

CAUTION(S): Not all updates are applied when using the update site method.  Read the release notes carefully to know if your issue is covered band by which method.  Also, you may not want the automatic update if you have not aplied at least CF1 to 7.5.  There is an admin update that must be done as shown below in the image.

There is quite a few packages as shown in this image:


Also, the Single Sign-on with the operating system is now available, as well as additional dictionaries.  Those are added plug-ins that need to be deployed. Each comes with it's own site.xml that you can merge centrally or push into siteupdate.nsf from a Domino 8 server.  Then you get the user policies in place.

Let me run the update and full installer and let you know those results next

So I read this article based on the topic of touchscreen stuff and came across this little gem.  The tags that get put on devices so they can be 'seen' by the Microsoft Surface are called Domino tags.  I am sure IBM will not pursue and trademark infringements against anyone right?

Surface computing isn't only for playing around.  The system supports object recognition using a technology dubbed Domino, which works like a bar code.  A Domino tag - basically a small sticker with a black and white pattern - allows the Surface computer to recognize another electronic device instantly

From reading the web advisory and then the IBM technote, it seems to be all versions of Sametime, including 7.5.1 with an availble hotfix for all versions.  Future updates and fixes will contain the fix also.

Problem In very specific scenarios, there is a possibility that a Sametime® server could be exploited by a Cross Site Scripting vulnerability.   Solution In a specific instance, it was found that a precisely crafted Sametime meeting could potentially contain text that would expose a Cross Site Script vulnerability.

This can be addressed in Sametime 7.5.1 by applying an available hotfix. All future releases will contain this fix within the shipping version. Additionally, the same issue was not seen using the EMS server.