Monday, April 24, 2017

Using SharePoint with OneDrive as a File Server (for Ex-Domino Admins and Traditionalists)


Over the past few months, I've been looking at a whole range of options to do with file storage on the basis that Microsoft's OneDrive simply doesn't do what we need. The whole time of course, I've been unable to shake the feeling that Microsoft should be offering something that already covers this space. After all, file sharing is one of the major "tentpoles" in most Windows networks. 

As it turns out, SharePoint is the answer to this - and it works well if it's playing nicely with OneDrive. 

My initial investigation of SharePoint was flawed for a number of reasons. Firstly, it appears that I was looking at an "old version".  The "new" version has really only started to come out over the last few months but it's light years ahead of its predecessor.

The second reason that SharePoint was overlooked was because I really didn't have a great understanding of how (or why) it works. I was trying to compare it to IBM Domino and IBM Connections. There's a lot of similarities, particularly, with connections but they're vastly different beasts.

SharePoint Security differs from Domino Security

The security model of SharePoint is actually the opposite of Domino. In Domino, you start off with reasonably "open" access controls. For example, the server is open to "everyone in the company". From there, you restrict access to specific databases.  Within each of these databases, you further restrict access to views, forms, controls and documents; firstly via roles and then later via reader and editor fields.

SharePoint seems to be the opposite. Systems start out with a specific set of restrictions and then suddenly, even if you're halfway down the file structure tree, you might decide to share a particular folder and all sub-folders with someone who didn't previously have access. In fact, you can take it a step further an share with someone entirely outside of the company.

In SharePoint it is much, much easier to grant access to people however I'd venture to say that the security model it uses is by no means as "safe" as Domino.  

In Domino, if you wanted to suddenly revoke access for someone at a database level, you could simply remove them from the ACL.  In SharePoint, it's potentially a lot more complicated. As administrators, it's important to understand these differences because the SharePoint security model is also "mostly opposite" to the way the standard file server security works in Windows.

The Explorer Interface is Gone

If you talk to the Microsoft support team, they'll tell you how to map a drive from Windows file explorer to SharePoint. It works but in order to do it properly, you need to use Microsoft Internet Explorer ... not Edge ... nope, only the older technology will do.

I asked about the plans for edge but clearly there are no plans. It's not something that Microsoft wants to support. This was quite a shock to me after the amazing level of integration offered by IBM Connections.

I guess the important "take-away" from this is that Microsoft feels that the Windows File Explorer interface needs to "die".  Everything will be web from here on. 

Plan Ahead

In the old days, you created a file server by dumping all of your files into folders and sharing various bits out. It was a fairly forgiving process that enabled you to fiddle about with files until you got them right. SharePoint today is not quite so forgiving and moving things about will generally break links and muck up shared connections. You need to plan ahead.

Logical Ownership First

In the first instance, separate your files via logical ownership, which generally means "departments".  For example, most companies will have files in at least the following business areas;
  • Administration
  • Finance
  • Information Technology
  • Human Resources
  • Sales and Marketing
  • Strategy

Unless your company is a very small one (under about 30 employees), you'd be best off creating a SharePoint site for each of these major areas. This will make overall security a whole lot easier.

Smaller Chunks Second

The other thing to be aware of is that there seem to be some fairly serious limitations on the way that OneDrive syncs SharePoint data. In particular, there's an upper limit on both the number and the total size of the files that can be synched.

I'm not reiterating the limits in this post although I've seen them stated in several other places. There are two reasons for this;

1. They are subject to change
2. I've seen OneDrive behave poorly with much lower limits.

The file limitation would not normally be a problem except that OneDrive is currently incapable of doing a "partial synch".  It tries to synchronise the entire library and will dummy spit if it's too large.

For this reason, you need to add multiple document libraries to your SharePoint site.

Next Time....

I'll discuss this in my next post where I assume that like me, you've already uploaded a lot of files to SharePoint and now need to move them. Moving them is actually pretty easy and once it's done, they Sync problems are fixed. 

Tuesday, April 04, 2017

Migrating Mail from IBM Notes and Verse to Microsoft Outlook on Office 365 - Part 2

Last time on Real World Computing, I talked about migrating mail from IBM Notes and Verse to Microsoft Office 365. Now it's time for Part 2. 

Mail Routing

We did routing in two parts. Initially we had MX records for both IBM and Microsoft with Microsoft having the higher number (which means lower priority). After the cutover date we switched the priorities so that Microsoft Office 365 had the higher priority.

One of the cool things about Microsoft’s setup is that they give you two domains, one is your own and the other is an @mycompany.onmicrosoft.com one.

When we first saw this we thought it was a “bit wanky” but as it turned out, it was very useful indeed.we quickly discovered that we couldn't send mail to our internal colleagues on outlook from notes and that all of the agents in our Domino applications were only delivering internally.


Changing these to point to the onmicrosoft addresses fixed that problem. As far internal mail, we just added a mail rule to forward all new mail from our personal Domino and verse mailboxes to onmicrosoft.

Mail Migration

We tried a few things to get our old mail migrated. We had originally hoped that we could simply have a cutover date with a small amount of overlap but the reality is that other departments use mail quite differently from IT and they rely heavily on foldering and calendaring. They use search and archive very lightly - and it's not something that can be changed in the short term, regardless of how good the technology is.

We first tried putting their Verse mail into outlook and then copying and pasting mail between the mailboxes. This worked very well but we quickly discovered that there was a 90 day limit in terms of mail that Verse makes available to outlook.

The next phase involved taking an unencrypted ACL-free copy of users mail files and using conversion applications. We tried two and they both gave us a lot of trouble.

Stellar NSF to PST Converter

The first product we tried, Stellar NSF to PST Converter, had some very restrictive licensing. It was expensive and we could only run it on one PC. The trial version worked fairly well  but it was limited to only a very small amount of conversion.

The advertising claimed that it worked with Office 2016 but the reality was that we eventually had to run it with Office 2010.

Our initial attempts to get a NSF mail file converted to the 365 cloud took 24 hours for a single user with less than 3 months worth of mail. We complained about the software and after threatening to pursue the issue of a refund, the Stellar technical team worked with us on the problem for a couple of days.

Kernel Lotus Notes to Outlook Conversion

In the meantime, we bought another migration package; Kernel Lotus Notes to Outlook Conversion. This one had much better licensing and could be run on multiple machines at once. It worked out of the box and was able to do the same mail file in an hour.

We were ready to go with Kernel when suddenly the Stellar product started working. It processed our test file in 30 minutes. In the end, we used a mix of the products.

The conversion process produced a PST file which we were able to import into outlook. It was interesting to note that the folders and the calendar entries came over well and we had relatively few complaints from user about the conversion. Most of the complaints were actually outlook usability issues.

One thing that was a little problematic was that we had used an archiving and compliance solution, MailAbility. This software moved some of the older mail to external NSF archives and simply left links in the Notes mail client. Obviously those mails weren't “real” emails and couldn't be imported. We’ll convert the archives later and convert them to a “locked down” compliance-only shared mailbox.

Groups

The final big problem was groups. We currently need to retain the groups in both systems but duplicating them makes no sense. We've looked around for ways to easily synchronise the groups from Domino to Office 365 but apart from one-time migration or some really dangerous scripting, we've found nothing that will do the job.

The other important thing to realise is that Microsoft is redefining groups. There's a new group type called an "Office 365 Group" which everyone should probably be using.  Unfortunately, at the moment, it doesn't support people outside of the organisation...

...apparently that feature is coming "real soon" though.

In the meantime, groups are easily created via outlook or via the admin console or, as is apparently the preference (which doesn't currently support external parties), via Yammer.   As for getting contacts across, there's the solution I discussed back in January.

Saturday, April 01, 2017

Migrating Mail from IBM Notes and Verse to Microsoft Outlook on Office 365 - Part 1


It was always just a matter of time. Eventually we were going to have to make the jump from IBM to Microsoft. It's not that IBMs software isn't good. It's very good. It's simply that IBM is the Beta to Microsoft's VHS. Technically the IBM product line is far superior but on the surface, IBMs poor UI will never match the incredible pull of Microsoft's polished Office 365 offerings.

We're just finishing a mail migration from IBM Notes/Verse to Microsoft Outlook, which we did entirely in-house and I thought it would be worthwhile going over the method we used.

The Before Status

Prior to the migration, all of our users had the IBM Notes client on their desktops. We had three production servers and two test/dev servers. All of our user mailboxes were on the IBM Cloud and we had a split with some users on Verse and some on Notes.

We were also running an extensive extranet with a myriad of centrally controlled expansive security options. Our address books contain in excess of 22,000 groups.

Licensing 

Since we'd decided to use Office 365 for word, excel and powerpoint, the migration was technically already underway with the purchase of Office 365 licensing. It should have been a simple matter of extending the licensing but as we already had a number of 365 licenses, we had to establish the right options.

This meant finding a Microsoft business partner and buying new licenses since there was no upgrade path from Office 365 Pro Plus, which doesn't include outlook to 365 E3 which does. 

We later decided that E5 would have been a better choice but funding wasn't available until later and again, there was no easy upgrade option. That's an upgrade we’ll probably do on the one year anniversary instead.



Active Directory 

Our original plans were to migrate to Microsoft’s fully cloud based active directory service and retire our three AD servers. We might still do this but in the meantime, a decision was made to retain our on-prem AD.

This change had a significant impact as connecting the AD to Azure resulted in duplicate users which took some time to resolve. The solution ended up being to delete all our existing AD users and let them get recreated by the sync process.

Unfortunately deleting them required powershell, a tool we ended up getting a bit too familiar with. It also meant that their OneDrive data and yammer posts and profiles got trashed.



SPF

The next step was to get our users familiar with outlook. To do that, we needed to set up routing.

In setting up our office 365 environment, we had to claim our domain. You do this in the Office 365 admin  portal which is surprisingly full featured.You have to verify your DNS via txt record and you're encouraged to put in a mx record that includes a spf flag.

We hadn't been using SPF prior to this but as soon as the SPF record took hold, it didn't matter that we had dual routing (with mail primarily going to our IBM accounts and a secondary MX record pointing to Office 365).

Our old connection immediately became “untrusted” and we had to quickly modify the SPF record to include our existing servers.


Stay tuned... in part 2, I'll cover how we managed routing, mailbox migration, and groups.

Tuesday, March 21, 2017

How to Set up Rooms Properly in Office 365 - Part 2 (Extending Booking Time)


Following on from Part 1 where I talked about how to get rooms to show up in the room list, here's the next step where we extend the booking time from the default of 180 days.

Why is there a limit?

In most circumstances, a limit makes perfect sense. It stops employees from booking meeting rooms for years in advance and then leaving the company.

In our case, it's actually fairly common to book the meeting schedule up to about 18 months into the future - so the 180 day (6 month) limit is quite restricting for us.

I decided to change the limit to 730 days. Essentially two years. 

The Steps

I'm going to assume that you're familiar with PowerShell by now... I wasn't when I wrote Part 1 but now PowerShell is my friend. If you're unsure about how to execute the steps, please go back and check Part 1 as there's only a couple of commands at the end that are different.

So, without further ado;


  1. Start PowerShell as Administrator (Local Admin Rights).

  2. Set-ExecutionPolicy RemoteSigned
  3. $UserCredential = Get-Credential
  4. Put your Office365 User Name and Password (with Admin rights) in.
  5. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  6. Import-PSSession $Session
  7. Now here comes the commands that you need to change;
  8. Set-CalendarProcessing -Identity "Projects Meeting Room" -BookingWindowInDays 730 
  9. Note that "Projects Meeting Room" is the name of the room and 730 is the number of days to allow bookings in the future.
  10. You may want to add several similar lines after this. I did..

    Set-CalendarProcessing -Identity "Small Meeting Room" -BookingWindowInDays 730
    Set-CalendarProcessing -Identity "Large Meeting Room" -BookingWindowInDays 730
    Set-CalendarProcessing -Identity "Board Room" -BookingWindowInDays 730
    Set-CalendarProcessing -Identity "Projects Meeting Room" -BookingWindowInDays 730
  11. Remove-PSSession $Session
  12. Exit
That's it. You should now be able to book rooms further in the future. 

Saturday, March 11, 2017

How to use PowerShell to Change the Email Address of Office 365 Groups


One of the odd things about Office 365 is how much you have to resort to PowerShell to get things done. That's currently the case with the Office365 Groups, a recently introduced type of group that works particularly well across all of the Office365 applications. 

I've been setting a few things up with Office365 groups lately and I've had two instances where I needed to do some renames. Once was when the people who asked for the group changed their mind about the name and the other was when I wanted to rebuild an existing sharepoint site (and reuse the name).

In both cases, I was able to change the name but the email address itself was greyed out. 

The Solution is to use PowerShell

Start Powershell by clicking Start and typing PowerShell, then Right-click on the icon and run as Administrator.


In the console that appears, type;

Set-ExecutionPolicy RemoteSigned

This elevates some privileges. You'll need to choose Y and press enter. 

Next, you'll want to sign into your Office 365 account as an administrator. Type

$UserCredential = Get-Credential

and press enter.  You'll be prompted for a user name and password.

Next we need to connect a session to Microsoft Exchange in the cloud.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

and you'll want to import that session.

Import-PSSession $Session

Changing the Email Address

This last command is the one that changes the email address but you'll need to know your group name and the new email address first.

Don't type this, you'll want to change the bold bits.

Set-UnifiedGroup -Identity "GroupName" -PrimarySmtpAddress GroupEmailAddress -RequireSenderAuthenticationEnabled $false

So, in our case, we want to change InformationTechnology1@mycompany.com.au to InformationTechnology@mycompany.com.au.  The group name is Information Technology. This means that the command to use would be;

Set-UnifiedGroup -Identity "Information Technology" -PrimarySmtpAddress informationtechnology@mycompany.com.au -RequireSenderAuthenticationEnabled $false

That's it. If you switch back to the admin screen and refresh, you'll see that the group now has the correct email address.

If you want to change more groups, you can simply run that last command line again with different parameters (all the earlier lines were just set up lines).  If you've finished, you can simply close PowerShell.

Tuesday, February 21, 2017

How to Set up Rooms Properly in Office 365


You'd think that setting rooms up in Office 365 would be a simple matter of going to the Office 365 Admin console, expanding Resources, clicking on Rooms and Equipment and then using the Add Button


This works but it doesn't do everything. If you want your rooms to appear in the Room List (and to show available times), you'll have to use PowerShell to put them there.


Finding Answers

So... I spent a while trying to find the answers without a whole lot of luck. I think that coming from the Notes/Domino world and not being familiar with the outlook terminology hindered me a bit in this regard. 

In any case, big thanks to IT for Dummies btw whose page called "Create Room List Office 365" made very little sense to me but helped me to explain to Microsoft Support what it was that I was looking for. 

BTW: Microsoft support can be reached via the Support and then Service Requests options in the Admin Center. I've found their support to be excellent. 

How to Set up Your Room
Having done the initial room creation steps (see the top of this post) you need to do the following to get it fully registered;

  1. Start Microsoft PowerShell (with local admin access)
    Note, this is normal PowerShell, not Azure PowerShell
  2. At the PowerShell prompt type:

    Set-ExecutionPolicy RemoteSigned

    This essentially grants you higher privileges for the current session.
    (you'll probably be prompted for a Yes answer).

    The returned wording will be something like this;

    Execution Policy Change
    The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?

    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"):

  3. Next type;

    $UserCredential = Get-Credential

    This logs you in - it will prompt for your Office 365 admin user name & password.

    The returned wording should be something like this;

    cmdlet Get-Credential at command pipeline position 1
    Supply values for the following parameters:
    Credential

  4. The next command sets up an office 365 session connecting to exchange.

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

    The next command apparently imports the commands for exchange into the current session. (ie: makes them available for use).

    The returned wording should be something like this;

    WARNING: The names of some imported commands from the module 'tmp_aipbhxxl.kcz' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

    ModuleType Version    Name                                ExportedCommands
    ---------- -------    ----                                ----------------
    Script     1.0        tmp_aipbhxxl.kcz                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember...


    I have no idea what this means or why it's relevant to me... best to just ignore it.
  5. Our next PowerShell command actually manipulates the rooms, so this is the first command that you'll need to have custom bits on.

    There are two parts to this;

    Part A: The Room List - This can be anything at all, it's just a way of describing the rooms collectively. If you've only got one set of rooms, you might as well call it "Local Rooms" but if you have separate rooms, for example, "Executive Rooms" and "Core Meeting Rooms" or "Building 1 Rooms" versus "Building 2 Rooms" then you'll want to describe this bit more carefully.

    Part B: The Room Names - In our case, we had four rooms, the Board Room, Large Meeting Room, Small Meeting Room and Projects Meeting Room.  You'll need to gather all of the rooms for a given list together and execute the command once -- because you can't add rooms to the list later (more on that afterwards).

    You'll need to use the short names for the rooms (the first part of their email addresses) as the room names in this command aren't supposed to have spaces in them.

    Here's the command you should submit;

    New-DistributionGroup -RoomList -Name 'Local Rooms' -Members BoardRoom, LargeMeetingRoom, SmallMeetingRoom, ProjectsMeetingRoom

    The response is downright weird... and a bit ... advertising..

    New! Office 365 Groups are the next generation of distribution lists.
    Groups give teams shared tools for collaborating using email, files, a calendar, and more.
    You can start right away using the New-UnifiedGroup cmdlet.

    Name        DisplayName GroupType PrimarySmtpAddress
    ----        ----------- --------- ------------------
    Local Rooms Local Rooms Universal LocalRooms@xxxxxxxxx.onmicrosoft.com

  6. To verify that the rooms were adjusted type the following;

    get-recipient -identity localrooms

    It should return and indication that there's now a distibution group called Local Rooms.

    Name        RecipientType
    ----        -------------
    Local Rooms MailUniversalDistributionGroup

  7. Of course, you could just close Outlook and reopen it and create a Meeting to check. 

One last note... the Microsoft team told me that if I needed to add a room to the group, I would be best off deleting the Local Rooms group and running the creation/linking command again. 

Thanks again to the Microsoft support team. I don't know how I would have figured this out without their help. 

Sunday, February 19, 2017

Solving Some Azure Active Directory User Synchronisation Issues on Office 365

We started moving over to Office 365 quite a while before we decided to ditch Notes mail and move to Outlook. It was also my plan to get rid of our internal active directory server and rely solely on the cloud for authentication. 

As it turned out, management wanted to keep the AD server a little longer, so we've had to synchronise our onsite accounts with the Office 365 ones. The synchronisation processes immediately created duplicates (and sometimes triplicates) of users. 

The journey to resolve this issue was time consuming and data destructive, so I thought I'd let everyone know how to fast-track it.


What Causes the Problems

Microsoft's Office 365 users have unique ID's much like the objects in the Active Directory. When you create a user from scratch on Office 365, you create them with a unique ID. While there are tools that will let you change these unique IDs, we've found that they generally do more damage than good.

Deleted people are another part of the problem, If you delete someone and then let the system recreate them, it will happily recreate them but won't set their ID properly. This is because their ID isn't unique. It's still in the person "recycle bin". To truly delete someone, you need to use the PowerShell command line.

Backing Up First

Before I jump into the whole process, you need to make sure that you back up things. Deleting users is fairly data-destructive.


  1. If your users have anything on OneDrive, take a local copy of it all.
  2. If your users have data in Sharepoint or Yammer, backup what you can.
  3. Transfer Ownership of Groups in Yammer and Sharepoint very carefully - don't delete all the Admins at once because you may have trouble getting them back. 
  4. Backup any Outlook mail they may have to a PST file (they'll lose mail)
  5. Make a note of any licences they have. 
  6. Do whatever you need to about OneNote 

Getting into Microsoft Azure Active Directory

You have to have Microsoft Azure Active Directory Module for Windows PowerShell installed.
Note that this is different from PowerShell and it's different from the AD Module for Powershell. It's hard to find the right version of the right software - at the time of writing, you need version 2.

In case you're interested in other Azure AD commands, here's a handy reference.

The first command is to connect to the Azure AD;

Connect-MsolService

You'll be prompted to login (so hopefully you'll use a user who has Global Administrator access).


Next, you will want look at the records of users...

get-msoluser -UserPrincipalName jsmith@mycompany.com |fl

This command line will show you jsmith's record.  Things to look for in the text include;

ProxyAddresses        : {SMTP:jsmith@mycompany.com
ImmutableId           : Pjo+HQRGtXm9GsUXzYYRqQ==
DisplayName           : John Smith
SignInName            : jsmith@mycompany.com
UserPrincipalName     : jsmith@mycompany.com

We found that our Proxy Addresses didn't start with SMTP: and that our Immutable IDs often had people's names (eg: jsmith) in them, instead of the ID.

The SMTP thing can be fixed but if your immutable ID is wrong, you really need to look at destroying the profile record and recreating. We've found that all of the records we destroyed have recreated properly but that the ones where we've just changed the proxy still have some glitches. I'd personally recommend removing everything.

Deleting People from the AD

You'll find that you simply can't delete a person in the Office 365 AD, particularly if they're synched from a local server. The GUI just won't work. You need to delete via command line.

Make sure that you check which licences they have been assigned because you'll want to reallocate them back.

remove-msoluser -UserPrincipalName jsmith@mycompany.com

Deleting a user is not enough though. You have to knock them out of the trash, otherwise they'll reside there for 60 days and prevent recreation via the AD synch process.

Even if your user wasn't having issues with their immutableID, they could still be having problems with Synch and email because of similarly named deleted people.

Before you delete, make sure that you've backed everything up. Emptying the trash is permanent and there's no recovery.The empty trash command is more or less the same as the delete command but with an extra switch (-RemoveFromRecycleBin)

remove-msoluser -UserPrincipalName jsmith@mycompany.com -RemoveFromRecycleBin

Wait for AD Synchronisation

In our case, AD synchronisation is set to 30 minutes. You can check via the front page of the admin centre. You might have to click More and then Refresh to get things to display properly because Office 365 doesn't always automatically refresh person lists or time displayed on the screen.

Once the next synchronisation has run, you should see the record appearing.

Some Fixes on the Local AD Record

We also had to do a couple of fixes on our local AD record, particularly making sure that the ProxyAddresses start with SMTP.

To do this;

  1. Go to your local Active Directory Server.
  2. Open users and Groups and get to our users.
  3. Edit the User Record.
  4. Go to the Attribute Editor Tab
  5. Find ProxyAddresses and double-click on it.
  6. If the address is something like: jsmith@mycompany.com then click on it and click REMOVE
  7. Then type  SMTP:jsmith@mycompany.com and click Add.
  8. If you need two, you might also want to type smtp:jsmith@mycompany.onmicrosoft.com
  9. (note the first/main SMTP is capitalised and the second is lowercase ... yes, seriously).


Reassigning Licensing and Finishing Up

Back in the Office 365 GUI, you'll want to go back into the person's user record when they appear.
Reselect their country
Re-add their licences.

You'll probably want to re-check their outlook settings but you can't because you have to wait for it to be finished being setup.

Repeat the process for all other users. Note that there are options for wildcard deletions and mass trash emptying. I haven't covered them here because the command line was fast enough for me and I don't really want to be responsible for someone trashing their entire Azure AD.

A big thanks to the amazing Microsoft support team in Shanghai who figured out some of the more technical parts of this process and walked me through them. 

Monday, February 06, 2017

OneDrive to Rule them all ... or perhaps not.

Microsoft OneDrive is great! It's easy to use too and has some really great integration into Office 2016 - which means that when you go to save or open files, instead of displaying a file dialog, it renders the folder names right into the panel. Sadly the sharepoint integration in Office 2016 is still dialog-based. 

On the surface, it looks like a great files storage solution but as it turns out, just like Tolkien's OneRing, beneath that shiny surface, OneDrive is mostly evil. 

At work, we're still using an old file server which allows people in the company to save files into public, personal or restricted access areas.

It's a great browsable structure with the main drawbacks being that it's on a local file server (which means ageing infrastructure and semi-manual backup procedures) and security because it needs a VPN to get to our internal systems. Many of our users still find a VPN too complex to set up and it's hard to get a VPN that runs on all flavours of devices (various versions of iOs, Windows, Android and Linux) without compromising security.

The file server also has shadowing, which is a great feature -- and sadly, something that Windows finally "copied" from the old Novell Netwoare 3.12  (1991) - after more than a decade of broken promises. Shadowing is awesome and adds a layer of recovery to your systems, especially when it comes to attacks like Cryptolocker.

Having seen OneDrive personal in action, I was keen to get OneDrive for Business. It seemed obvious to me that this was the solution - A cloud version of the file server that was tighty integrated into Office 365.

As it turns out, it's not. 

OneDrive For Business is Still Personal!

OneDrive for Business is basically OneDrive personal with some more space.

  • Neither sharing or rights management works properly on it.
  • All files on all versions of OneDrive are owned by a single owner, rather than the business.
  • It's not easy to copy files to OneDrive from a server, so I tried copying them locally, letting them synch and then removing the local copies. It doesn't do anything immediately but after a little while, it replicates the removal of those files over to OneDrive (yes, it deletes your files).

    I think there's a way to stop synching before doing this but I didn't bother giving it a try because it was pretty obvious that for all its beauty, OneDrive doesn't work.  


I talked to Microsoft about the problem and they made it very clear.

"Do not use OneDrive if the intention is to Share Files"

There's a very good blog post that explains this -- and it includes a flowchart too!
https://en.share-gate.com/blog/you-should-not-be-migrating-to-onedrive-for-business

Apparently Sharepoint - team sites is the tool for this.

SharePoint is not the Answer 

I looked at SharePoint and ran some tests to see how easily I could migrate our many years and many gigabytes of files shares.

Not easily at all.


  • We had to change the default settings on Sharepoint 365 just to allow us to upload more files. The default restrictions are all wrong (and the settings changes are buried quite deeply).
  • The file structure isn't properly browsable and it simply doesn't give us what we wanted.
  • The integration with Office 2016 is terrible compared to OneDrive.
  • There's a copy feature in OneDrive that allows you to copy OneDrive data to a team site. It's a copy though, so you still have to delete the files off OneDrive later.  It worked very well for small numbers of small files but whenever I tried to do anything useful with it, it failed. 


Looking for Answers Elsewhere

With reluctance, we began looking elsewhere and stumbled upon Citrix Sharefile.

We've had a demonstration and thus far, this looks like it's the right answer. I'll post my findings once I've had a proper chance to play.

In the meantime, there's some great videos for Sharefile on YouTube and it looks like OneDrive is reduced to being an option for HOME drives only. For data that the company doesn't mind losing.

I'm very concerned that Microsoft doesn't seem to have an answer to the file sharing problem. Particularly when people will be expecting to move from On-Prem Microsoft file servers to their Office 365 cloud.

Sunday, January 22, 2017

Getting Contacts (Not Users) out of Your Notes/Domino NAB and into Office 365 Contacts

Recently we've been undertaking a task to move from IBM Domino to Office 365 with particular emphasis on the mail system. One of the first big tasks is to move all of our corporate contacts from the Domino NAB over to the Contacts area of office 365.

Corporate Contacts

Corporate contacts, in this sense are contacts which are shared by the entire organisation. I'm not talking about actual users who will have an Office 365 licence with your company or about personal contacts, who would normally reside in the personal address book.

In our case, we had about 6500 corporate contacts who needed to be migrated.

There's a contacts screen in Office 365 which is accessible from the Admin portal. It's under users, then contacts.

Exporting from Domino

In IBM Notes, open your company's address book and press Ctrl+A on people. If you have your staff and non-staff in the same address book, you'll probably want to sort by company and deselect all the staff.

Next, click File, Export Contacts. You'll want to choose either "All contacts in this view" or "only the contacts you selected" depending upon your circumstances.

I'd recommend exporting all fields. It's a little messier but it means that you get your contacts address information (if you have it in Domino already).

Choose a place to save the file and make sure that you've used CSV.

Excel Stuff in the Middle

Open the file in EXCEL,
Create a new file in excel with these fields as specified in this document.
  • ExternalEmailAddress
  • Name
  • FirstName
  • LastName
  • StreetAddress
  • City
  • StateorProvince
  • PostalCode
  • Phone
  • MobilePhone
  • Pager
  • HomePhone
  • Company
  • Title
  • OtherTelephone
  • Department
  • CountryOrRegion
  • Fax
  • Initials
  • Notes
  • Office
  • Manager
Search and Replace commas. Commas (and rabbit ears "" aka inverted commas) can really upset CSV imports. I just replaced all ours with nothing.

You may have to create the Name column out of formula ... ie: Assuming that first name is in cell C2 and last name is in cell D2, you'd use =CONCATENATE(C2, " ", D2). Then Autofill the column and then copy and paste it into another blank column (so you could paste (special) as values.

Importing to Office 365

The import to Office 365 is an entirely command line driven via PowerShell and these instructions helped enormously.  Make sure that you connect to your exchange online service first.  There's a link in step 1 but in case you can't find it, it's here.

I wish I could say that I completely understood the process I ran but I didn't.

It worked though, so I'm happy about that.

Now I just have to figure out groups.

Monday, January 09, 2017

New Year, New Directions

2017 marks the beginning of a massive shift in technology at work. We’re re-branding,  we’re moving office and we're changing our technology from IBM to Microsoft. It's going to be a wild ride and I hope that you’ll stay with the blog as I delve into the new world and try to figure out what works and what doesn't. 




I've been on Notes/Domino since version 3.0 and I haven't used outlook at all, apart from a week in 1995 when I decided that I hated it (plus of course, the regular interactions with outlook die-hards where I've had to fix their computers). My personal favourite mail client is Gmail though I've been forcing myself to use Google’s inbox for the past three years. Of course I've used a lot of other web based mail systems over the years.

IBM Connections

Last year our company made the leap to IBM Verse and Connections.  It was a disaster. IBM connections is a very powerful and capable product marred by a terrible and inconsistent interface. The choices that IBM have made regarding security are very protective but unfortunately affect usability to such a degree that we were unable to use even the most rudimentary collaborative features. It didn't help that we got a new management team who are determined to “get rid of IBM and replace it with Microsoft”.

IBM Verse

Verse is where we really hit the wall.  On the surface,  it feels like a great new way to work but because we already had an archiving solution in place, we didn't opt for IBMs one. For various reasons, we experienced a very high bounce rate and frequently got bounce reports from mail that actually made it through. We also discovered that we couldn't find mail that was more than a few months old. Additionally,  we discovered that our address book groups were not being updated and in many cases were missing altogether.  This created a lot of addressing issues. Finally, we discovered that if a user leaves the company and you remove their email address, it also deletes their mail, Permanently. IBM’s support teams can’t recover it. For a company like ours who are used to being able to restore from backup months and even years down the track, the loss of an overnight restore is a pretty big deal.

We spent a lot of time with IBMs technical support team who were excellent and did their best with a product that wasn't performing well. Unfortunately the support teams were also struggling with the English language and communication was difficult at the best of times.

IBM Domino

Our domino environment is extensive and it really was really the star of last year.  We threaded bootstrap and FontAwesome throughout our sites and demonstrated that there is a lot of life left in the system.  The facelifts we did on our systems left them barely recognisable and indistinguishable from modern apps. I'm eagerly looking forward to seeing if there is anything that Microsoft has that can match it for versatility.  That's going to be a really interesting journey.

IBM

Unfortunately for Domino,  I can't blame my company for its failings.  That's entirely on IBM. They've spent the last decade downplaying Domino and trying to replace it with various things (websphere, workplace, connections and verse). They had a brilliant product but they've done so much irreparable damage to it with their mismanagement that I don't think it can recover.

I  think that one of the most telling examples of this was during a meeting with the IBM sales team where we were investigating a migration to bluemix in the hope of better utilising our domino services.  We asked about “domino in the cloud” only to be told that there was no option for this  - and that there was little likelihood of one in the future due to a lack of interest in Domino. I  exchanged glances with my team at that point and we collectively acknowledged this as the point where IBMs softlayer and bluemix services had failed to offer us any significant advantages over AWS or Microsoft Azure.

I'm sad to be leaving the IBM world, though I'm sure that we’ll be retaining our Domino servers for a while yet. We can't do too many changes at once and we still need to find and learn appropriate replacement technologies.

Whatever we do, 2017 looks to be a very challenging and interesting year. 

Friday, November 18, 2016

Microsoft - Clear Leaders in the Race for Digital Identity

One of the less obvious trends of the last five years has been the race to own people's "digital identities". It started in earnest with Facebook and Gmail and it soon spread to Apple and LinkedIn.

More recently, we've seen Microsoft and IBM jumping on the bandwagon and I think that's when I started to realise that there was much more to this than simply "targeted advertising".

Quiet Beginnings 

At this point, I'm not sure that all of the founding companies in this revolution fully understand what is going on - and indeed, there are many companies out there today who are still using digital identities simply as a means of easily logging people onto their systems, storing user preferences and targeting advertising.

Certainly that was the original plan on our own systems.

Taking it to the next level 

Digital identity is the cornerstone in any form of electronic ledger system. It's one of the key foundations of commerce.

People don't make significant investments with untrustworthy partners. If you don't personally trust them, then at least your bank trusts their bank.

Take away the banks and you take away the trust - unless you can find another party with trusted connections to both sides in the commercial arrangement.

Having an agreement that a transaction actually took place is important but provided that both sides of the transaction have an "unalterable ledger" it’s not too big a leap.


The real trick, particularly in the identity theft minefield of today’s electronic world, comes in proving that the parties involved were really who they said they were.

The Race is on

So, how do you prove identity on a global scale? Well, the banks certainly have their checklists of Category A and B documents but these only serve to prove your identity to them. Their identity information is not shared and it's certainly not publicly available.

You can’t lean on the bank’s trust and/or authentication for non-banking systems. 

You’d think that a government agency would step in and take ownership of identity but obviously that’s not going to happen on a global scale. What could happen is that governments could agree on a common API to allow the verification of identity. If that’s going to happen, it’s still a long way off.

True, shared global identity is clearly going to come from the private sector.

The real question is, who will become the predominant player in that space? While the global digitial identities will need to be shared, having the lion's share of the identities means that you have unprecedented control over the nature and structure of the APIs, plus of course, any additional services, such as advertising.

At one point, I would have thought that Google was in the best spot but at the moment, seeing how the Windows, XBox, Office 365 and OneDrive logins are all starting to drift towards a single digital identity with biometrics provided by the Cortana AI. My bet is in Microsoft.

... and given that Microsoft is starting to offer blockchain development services via Azure, how long will it be before we can build our blockchains using Microsoft's digital identity as a "Category A" document?

Wednesday, November 16, 2016

Fixing Word 2016 Crashes when Opening Older Documents with Macros on Windows 7

We have a lot of documents and they go back several decades. Many of them  are still relevant today, even if they're only background to current projects. The problem is that Word doesn't like its own file formats.

It won't open documents created with versions of Word earlier than 1997 and it crashes with anything saved as .DOC which contains macros. 

There's some solutions to these problems though;

Opening Older Documents

It's possible to change Word 2016's settings to allow you to open old documents;


  1. Click File, 
  2. Then Options
  3. Then Trust Center
  4. Click on the button marked Trust Center Settings
  5. Click on File Block settings.
  6. UNTick the document types that you want to be able to open and click Ok
Of course, just because you CAN, doesn't mean that you should. Word is less stable with these settings turned on, and it's able to open documents which could be potentially dangerous. 

If you're looking at your company's archives though, it should be fine but you might want to consider installing LibreOffice or using Google Docs (both of which are free) for older documents instead.


Crashes on Macro Enabled Documents

In our case, we were experiencing regular crashes on documents created with specific templates. The templates contained Macros (but those macros only run on document creation, not when they're opened). 

Nevertheless, we were able to demonstrate that simply opening a file resulted in an immediate crash. These documents were okay on Word 2003, 2010 and 2013 but as soon as we upgraded to 2016, the crashes started happening everywhere. 

We turned to Microsoft for help but didn't get much direction there....

Then yesterday, I did an upgrade of a couple of our PCs from Windows 7 to Windows 10. 
... and the crashes stopped. 

Clearly there's something different about Windows 10 that makes Word 2016 much happier. 

Embracing Microsoft while keeping Domino

When I first started this blog, my aim was to stay with mainly IBM (Lotus) Notes and Domino, hence the URL of DominoGavin. 

Things changed over the years and I've found myself wanting to talk about all manner of technology brands from Symantec to Blackberry, Google, Windows and Linux. (Hence the renaming of the blog to "Real World Computing'. 

Many of my most recent posts were on IBM connections. I've also tried to cover a few business IT concepts.

Things are changing again and we've reached the point where it makes sense to swap out some of our IBM technology solutions for Microsoft ones.

We're not leaving Domino, it's still an important part of our strategy but we are planning to move our mail from Verse to Outlook and our collaboration from Connections to the Microsoft jumble of OneDrive, Yammer, SharePoint and Delve.

All of this while rebranding and moving office in a typical “office-politics” hands-tied scenario. It's going to be a fun ride.

I’ll still be keeping a foot in the IBM camp as we currently have another company still in Verse/Connections and in the Google camp too, as we have a company on the amusingly named G-Suite.

Stay tuned…

In the meantime, I'm off to my first Microsoft event in years (since Steve Ballmer took over - I'm glad I missed that era). Today I'm heading out to a Microsoft developer conference in Sydney to hear Satya Nadella speak.

So long as there are no “monkey dances”, I think I'll be okay.


Monday, October 10, 2016

How to Use Microsoft Outlook with Your IBM Verse (in the cloud) Mail

So, all the newcomers in your company want to use outlook? IBM have put a lot of work into making the Notes client look and feel like outlook and they've given us Verse which is an acquired taste but if you like Google's inbox, it's good. 

Unfortunately, there's just just no pleasing some people. 

If you don't have Notes and Domino apps, then there's nothing at all holding you back. Nobody without Notes/Domino applications (or perhaps a huge investment in IBM Connections) should be using IBM's mail offerings.

On the other hand, if you do have apps for which there's no equivalent in the Microsoft world, here's another option that you might want to try...

Give your users Outlook but point it to their Verse Mail. That way, you can concentrate on either migrating your apps to another environment or webifying them to the extent that there's no reason to use the notes client. 

In this post, I want to discuss how to access Outlook mail - Note, this isn't a migration and you can seamlessly switch between Verse and Outlook whenever you want.

This is Cloud - You Can't Do it Alone

First of all, it's important to remember that since we're dealing with Cloud systems, you can't do anything significant without raising an IBM Support Request. Our mistake was to read the instructions online and assume that we could do the steps - we even added a quick script to add the required extra data to the person records in the address book. 

Unfortunately, you can't do this one by yourself. You have to get the cloud team on it. 

So, logon to the support portal and raise a request for them to add the IBM Mail Support for MS Outlook (IMSMO) entitlement. You'll have to specifically mention the users that you want to give access to. 

When IBM gets back to you and says it's done, you'll need to go into the Admin area on your IBM Connections portal;

  1. Login to IBM Connections
  2. Click on Admin, then Manage Organisation (Top right corner)
  3. Click User Accounts on the left hand side.
  4. Locate your user and open their record.
  5. Click past the first page to your user's subscriptions page.
  6. You'll find a new option called MS Outlook Access. Click it.
  7. Click Next and then finish to make your changes permanent.

...And you'll need to download the IMSMO Client

To do this, go to the IBM Connections portal;

  1. Click on your profile picture (top left corner)
  2. Choose Downloads and Setup.
  3. This takes you to a long and uncomfortably unexplained screen.
  4. The option to look for is called Software Download for IBM Notes Client and Other Entitled On-Premises Software (that wasn't obvious until you eliminated all the other choices - Who writes these titles?).
  5. In the "Find by Search Text" part of the downloads screen, type IMSMO and choose the option that appears.


  6. The one you want is the Client, so choose this and Agree to the licensing and click download.
  7. Then ... if you're like me, do the whole thing again because IBM defaults to the unsupported (I use Chrome) Java-based IBM Download director instead of http ... grrr IBM.
  8. Your download should start.


Install the IMSMO Client

So, once you've got your executable downloaded, it's simply a matter of running the executable to install it. It's just a standard install, with mostly, "next, next, next" options. The installer will need to pause and install the Visual Studio 2010 Tools for Office Runtime but it's a quick 38MB download and just a matter of clicking install 

Once it's all installed, you can start Microsoft Outlook. 

Configuring Microsoft Outlook

This bit needs to be done on the target person's computer. 

Start Microsoft Outlook. In my case, I'm using Outlook 2016 because we have an Office 365 entitlement. Presumably you can use other options though. 

  1. At the Welcome to Microsoft Outlook dialog box, click Next.
  2. At "Do you want to setup outlook to connect to an email account?", choose Yes and click next.
  3. At the next screen, ignore the detail and choose Manual Setup or Additional Server types and click next.
  4. Choose Other, then IBM Mail Sync (if this option isn't visible, you didn't install the software properly), then click Next.


  5. On the next screen, you need to put in your name and email address.
  6. Then choose the server type of IBM Connections Cloud and click Next.


  7. The IBM Mail/Connections login page will appear in a window. It's not pretty but it works. Type your email and password.
  8. If all goes well, you should see a screen of green buttons.  If these buttons are red, there's probably a problem with the cloud configuration (you get red buttons if you try to use the connector without having set up the entitlement).


And now you upgrade...

For some reason, IBM doesn't provide you with the latest version of IBM Mail Sync, so you'll be prompted to upgrade as soon as you're connected. You need to do this because your users probably won't have a clue ... and they'll keep getting prompted. 

The order of these next steps is important; 

  1. Click Yes on the IBM download prompt (you want it to fetch the software).
  2. In the meantime, outlook will prompt you to restart it and there's a finish button that needs to be clicked there too.
  3. The IBM Message will float above everything else. DON'T CLICK IT - It will fail if you just go clicking because it can't touch outlook while it's open.
  4. Move the IBM message out of the way and switch to Outlook.
  5. Click Close on the What's New Message
  6. Your computer will start to Synch.
  7. Close Microsoft Outlook.
  8. Now Click YES on the IBM Installation - it will walk you through another setup. Luckily again this is a Next, Next, Finish type install and it only takes a minute.
  9. Now you can start outlook again. 

Caveats

So far, it all seems to work well. I've noticed a couple of things though;

  • It takes slightly longer for mail to reach outlook (or to come from outlook) than it does for Notes (and much longer than Verse).
  • When composing a mail ONLY the local address book is available - other ones cannot be selected from.
  • Only local email addresses and groups will work - It's not just that they don't display. You can't use them.  Of course, there are lots of ways to import existing contacts via CSV etc.  It's simply that if you have a central contacts system, it's not going to work properly in outlook. 

That's it. 
You've now moved over to outlook.... enjoy the "new world" where of course the grass is greener. 


Tuesday, September 20, 2016

The Difference Between IBM and Microsoft's Social Systems - An Analogy

We're currently in the process of trying to set up a Microsoft cloud environment. No, we're not giving up on Connections. We're straddling a couple of environments.

The Microsoft experience hasn't been overwhelming so far but that's for another post. Right now, I want to talk about some of the fundamental differences between IBM and Microsoft’s attempts to conquer the social business market.

...and what better way to tell it than an allegorical tale?

Two houses

So let's assume that instead of cloud collaboration platforms, we're talking about “houses”.

Both fulfill the same basic functions; being a "house" for your data and a place where the people that live there (and invited guests) can access that data.

The real difference is in the way that the two companies have gone about preparing their homes.

The Engineer's House


One company, let's call them the engineers, have focused on infrastructure. They've added rooms, strengthened foundations and rewired the building. Sure, not everything works and they're forever fixing things but it's a pretty capable house with lots and lots of rooms.

Unfortunately, while the foundations are excellent, the general look of the house leaves a lot to be desired. It's not comfortable to live in because there's been very little work on the visible parts of the house.

The Designer House


The other house is being built by designers. They've found a nice “square tile” theme to go with and they've been spreading it to every room.

Living in this house is easy and comfortable. Once you get used to the look, it's pretty easy to get around.

Of course, there's not enough bedrooms for everyone and there are plenty of things that look like doors but turn out to be just paintings of doors in places where future rooms might one day be.

Two Different Approaches

These two approaches are both valid in today's software world. After all, nobody can build everything at once.

Modern software operates on the principle of partial deployment followed by constant incremental upgrades (thanks for that Google!!)

It's now considered okay to ship incomplete and/or buggy software and keep patching and upgrading it as you find time to work on it.

The question is, if your software is going to be incomplete, what bits would you prefer to be incomplete (and constantly changing)? The foundations or the user interface?

IT and Shadow IT.

In our house analogy, the IT department are like the surveyors who go into the house and hammer at the walls testing the strength of the house. They also have to test the appliances to determine what works and what doesn't.

Most IT departments are trained to see the big picture, so they'll especially be looking out for stability, versatility, security and recovery. Usability is important too but it's traditionally an area where IT, partly because it's staffed by techies, tends to be less diligent.

Shadow IT are the other departments who want to make IT decisions without involving the proper IT resources.  Shadow IT aren’t qualified and they aren't experienced in these matters. As a result, they are more concerned with appearances and apparent functionality than they are with safety, security and stability.

It's fine to let shadow IT help look for new systems but it's important to make sure that no major business decisions are made without proper qualified IT involvement. The best houses are not always the prettiest ones. 

Friday, September 09, 2016

Making IBM Verse Easier to get to...


One of the most frustrating things about the whole IBM Verse experience is the difficulty in getting to the application. If you go through connections, you have to go through normal mail first. This ruins the experience because it isn't “seamless” to the users.

The obvious answer is to bookmark the verse site but there's a few other things that we can do to really  smarten the experience up.

Making Verse the Default

The first thing to do is to make Verse the default mail view. To do this;

  1. Go into Connections.
  2. On the top Right, click your profile picture
  3. In the drop down menu, choose "Mail and Calendar Settings"


  4. On the next screen, click Mail (on the left) - Actually, it should already be selected.
  5. Tick the box marked - [x] Make IBM Verse my default mail experience.
  6. You should see a highlight telling you that your changes were saved. 


Setting up a Decent Shortcut/Favourite Link

So, you could of course, add a favourite to the bookmark bar or drag it out to the desktop. I tend to do that anyway with all the PCs I set up. 

I recently realised that there's a much better way to do things. 

Since Chrome is my default browser, I'll cover it there; 

In Chrome

  1. Go to the IBM Verse Site
  2. Click on the Hamburger Icon (three bars on the top right)
  3. Click More Tools
  4. Click Add to Desktop


  5.  A dialog box will appear. - You Might want to change it from IBM Verse to IBM Verse Email depending upon how your users recognise verse.
  6. Click Add.

That's it.  You should now see a VERSE icon on your desktop.  This is much better than a dragging a shortcut out of the taskbar because you get a proper icon.


Getting Your Desktop Icons into the Start Menu and Taskbar

So now you should have a nice little Verse icon on your desktop. 
To really improve access though, you need to get it into the start menu and onto the taskbar. 


To do this simply;
  1. Right click on the desktop icon.
  2. Choose Pin to taskbar
  3. Right click on the desktop icon again
  4. Choose Pin to Star Menu. 
Here's a shot showing Verse in both those places.



For IE Users

However dirty it makes me feel, I guess I have to at least acknowledge that some people out there are still using Internet Explorer ... so this tip is for them. 

If you want to bookmark using IE, click on the cog in the top right corner and choose Add Site to Start Menu


You'll be prompted with a dialog box... just click Add. 


Once you've got your icon in the start menu, you can right-click on it and choose to pin it to the taskbar. (or you could copy/paste the icon to the desktop). 

One thing that is interesting is that the Chrome Verse icon looks a whole lot better than the IE one. 


Changing the Default Email Links

In order to really sell the Verse experience, you need to make sure that when your users click email links, they open Verse, not Notes.  I've already covered this in an earlier post  (see: here).

Monday, August 29, 2016

Looking at Cloud Licensing - Microsoft, IBM and Google

We live in interesting times and while I haven't changed jobs in years, I now do IT for several companies.  What makes this even more interesting is that some are on the IBM infrastructure, some are on Google and some are on Microsoft...   ...and of course, there's a bit of change from one to the other.

I tend to get a lot of licensing-based invoices across my desk nowadays. 


Recently, we shifted our IBM licensing to the new IBM Mail Dual Entitlement plan. It's basically a combined Notes and Connections licence. Since I've been doing a lot of Microsoft work for another company, I thought I might do a comparison... especially since numbers are so hard to find on the web.

Note that these figures are in Australian dollars and they're probably not entirely "apples to apples" (or entirely perfect -- I've rounded) but they still make for interesting comparisons.  They're not intended to be proper comparisons.... more for interest sake.

IBM $150pp pa. 

IBM Mail Dual Entitlement works out at about $150 per person, per year. For that you get mail in the cloud, plus instant messaging, cloud storage, IBM Notes (which is a great App platform -- but if you're not already using it, it's probably too late to spend time on it).  You also get access to IBM Connections which is the most "full featured" of the social platforms I've seen.  Connections has lots of different kinds of plug-ins, such as Surveys & Wikis.  The interface is terribly clunky though.

IBM's entitlement also comes with a pretty impressive meetings package and IBM Docs, which is a web-based "office" suite. It would have been good once but it's not as good as google docs -- and the web versions of Microsoft Office completely blow it out of the water.

Archiving is extra. I'm not entirely sure of the cost.

Microsoft $330pp pa.

Microsoft works out at about $210 per user, but for that you get the entire Microsoft Office suite, Word, Excel, Powerpoint (and I think Access and Publisher, though what you'd do with those two nowadays is beyond me). More importantly, you use the software on the web or you can can install the software on various PCs, Mobiles and Tablets. It's a very impressive licencing plan and at only $60 more than IBM, it's clearly the better value option.

Of course, what's missing is Sharepoint and Yammer which are required to at least "equal" IBM Connections. They don't quite manage the functionality and security that IBM provides but they're a good example of how to do an interface right.

If you're heading down the Microsoft route, you need to go for the full thing... Office and Sharepoint/Yammer (which will come with a few other bonuses, like Corporate Skype). This bumps the Microsoft price up to about $330 per user, per year, making it clearly the most expensive of the three -- but it's well worth it.

Google $120

Google is undoubtedly the cheapest option, at $60 per user per year or $120 if you want archiving. Google has easily the best mail package of the three (in my opinion) and while the Google Docs suite is nowhere near as full featured as Microsoft's, it's still a lot better than IBM's.

Google also has some pretty good mobile applications, including the google docs suite, hangouts, duo and plethora of other apps (arguably more third party apps that Microsoft or IBM in this space).

Of course, Google really doesn't have much more to offer in terms of social computing. They have no platform... well, they have Google plus but the less said about that, the better.


The Round-up

So, which is the best?  I can't really answer that. If money is more important than Microsoft Office, then you really should consider Google.  If you still have an existing IBM Notes environment to support, then IBM is the one (but you'll probably find yourself paying for Microsoft Office licensing too) and for everything else... there's Microsoft Office 365.

Wednesday, August 24, 2016

IBM's Cloud takes the Pain out of Updates

I’ll admit that I'm generally not very kind to IBM on this blog. It's not that they're doing a worse job than their competitors, I'm still very impressed with some of the things they're doing. 

It's just that after using Notes/Domino for over 20 years, I hold them, sometimes impossibly, to very high standards…. and, of course, any goofs on their part affect my systems a little too directly.

The Quiet Migration to 24x7

One of our biggest frustrations in recent years has been the understated migration of our systems from a business hours model to a 24x7 one. It's not so much that our business became so critical that it needed to go 24 hour but more that changes in mobility and connectivity mean that people now expect to be able to connect to our systems at any time, anywhere.

Almost imperceptibly, we quietly moved to a "zero tolerance for downtime" model.

IT changed to suit the business needs in this regard but the change itself and the implications have been largely overlooked.

We're not alone. This seems to be a recurring theme across businesses of all sizes.


Moving to the Cloud Solves Infrastructure Problems 

Like many businesses, we moved to the cloud in two phases. The first was moving our production systems offsite into a hosted environment where they continued to run as servers, albeit virtual ones.

This solution made 24 hour operations easier as it meant that there was always a team available onsite to deal with infrastructure. We no longer had to worry about power failures, air conditioning failures or just "being onsite to push the button".

It didn't solve our downtime problems entirely though, there's always patches to be applied.

The second phase of migration was to cloud services and we moved to various vendors including IBM - Of course, we couldn't move everything. We're still waiting for true “Domino as a service”.

Our mail is now a proper 24 hour service thanks to the cloud failover model and now, instead of dreading the patch cycle, I actually look forward to it. 

The What's New option on the help menu is my new best friend.

Each cycle brings with it a bunch of necessary fixes but it also brings exciting new functionality.


Keep on those PMRs

The best part about this? IBM has become much more responsive on PMRs (fixes).

We recently discovered an issue with address books; turned out that if you removed the last member of a group, it didn't get updated on the cloud.

You'd think that an “empty group” wouldn't matter but in our case, since we need them for nesting, they're important.

For example We might send a mail to the “xyz committee” and we might have a subgroup called “xyz committee.chairman”. In this scenario, even though the chairman had been removed, the cloud wouldn't update and they'd still be on the mailing list. To make matters worse, the lack of an “expand groups” function in verse meant that the problem would only be detected in iNotes or when a bounce occurred.

It took a bit of bouncing to and fro in IBM’s PMR system (a few weeks) before the problem was understood - and then a few more conversations before it was recognised as an important issue and added to the “fix list”.

Although this problem was significant, we were expecting to have to wait a while until the next patch cycle. Imagine our surprise when it was fixed in under a week.

Well done IBM, clearly this is a key benefit of cloud services.