Skip to main content

Explaining the Limitations of IBM Connections.Cloud Global Signon

I've mentioned this in passing before but it's important enough to be worth reiterating in a post of its own. In my opinion, it is the single technical failing of IBM connections.Cloud and the one technical issue I want to see resolved ASAP.



There are currently two sites that you can choose to host your IBM Connections.Cloud data in; the United States and Japan (there might be a third site but I'm not sure, so I'll be sticking with the two for now). You can only use your email address for connections once in the world and it limits the people that you can invite to your communities.

For example, say you didn't know about the two sites and you (Bill) just went through the default setup, your data would end up in the American data centre. Then say, Fred, who works at a more legally minded company decides that his data can’t be on American servers 



The Problem
In any case, Bill is now set up on the American server and he has a nice little community going. He decides to invite his friends, Bob, Jane and Fred. 

  • Bob is already set up on the American server because he’s part of another community there, so his existing password just lets him access Bill’s shared content.


  • Jane has never used connections, so she’s now invited to set up a FREE new account. She does this and then suddenly she’s got access..


  • Fred however, can’t be invited. He’s already a member of connections. You’d think that he could login using his existing credentials and access Bill’s systems but he can’t.  People on the Japanese server can’t see data on the American… and vice versa.



This also means that if Fred creates a community then he can’t invite Bill, Bob or Jane. Unless they use a different email address.


Moving
In our case, being in Australia, you'd think that the solution would be for the newer communities to move to our region. We asked IBM about this but it turns out that moving is not a simple matter. In fact, the recommendation was to set up again instead.

The reason for this is fairly obvious if you think about it. If the connections server farms are closed environments then moving would break any comments, shares and discussions that you've had with other people in your "previous" region.

Moving is clearly not an option.

Setting up Two Sites
Setting up two sites is a much better option, so let's presume that Bill is an Australian who wants to engage Australian businesses. Bill wants to set up a second site.

Then there's the hurdles of setting up a second site where IBM expects a different domain name (more on that in another post), for simplicity, let's assume that Bill creates a new second site with a different email address.

Bill can now recreate his community on the Japanese server and engage Australian Businesses. Of course, while he can now engage Fred, he's no longer able to engage Bob and Jane because they're on the US server.

Bill now has a problem where he has two communities and no way to replicate data between them, other than manual intervention.

Where to from here?
I was going to go into detail and explain why simply moving users by letting them expire would still not fix the problem but I think it's fairly obvious (and tedious). Even if you let the licensing expire in the US and then tried to create the users on the Japanese server, you'd still face the problem of not being able to use the same email address and the loss of "historical data", such as likes, comments and even Verse emails.

I can see why IBM have done made the choices that they have. It’s a way of getting around the "fear factor" of the patriot act but unfortunately, it breaks connections. What connections needs more than anything else is a "connection" between their data centers... and with the Australian data center (and presumably a few others) looming on the horizon, it's clear that they need to resolve this problem quickly.

Google has perfected global single sign-on so I don’t see any reason why IBM shouldn't too. 
Labels:

Comments

Anonymous said…
There are more datacenters.

At least Europe has ce (https://apps.ce.collabserv.com), North Ameria has na (https://apps.na.collabserv.com)

7:07 pm
Anonymous said…
European data center has same problem as others.
10:47 am
Post a Comment

Popular posts from this blog

How to Change Your Notification Options for New Lotus Notes Mail in version 8.x

Don't worry, I'm not patronizing you (my readers), I just decided to re-document this for one of our internal users and thought you might want to be able to use it in your own user documentation. WHAT IS THIS DOCUMENT ABOUT? Some people who don't get a lot of mail, like to be notified when such an event occurs. Notification can be; via a sound via a pop-up box via the system tray (where the computer clock is) The pop up box looks like this; Other people, who like myself, get too much mail would rather not be notified. The aim of this document is to tell you how (and where) to turn these options on and off. CHANGING YOUR SETTINGS To change your settings from the Notes 8.x client; On the Menu, click File , then Preferences... On the left hand side , click on the little plus sign to the left of Mail to expand the options. Click on the option marked Sending and Receiving . In the middle section, under receiving, you can control your notifications. If you untick the box mark...
12 comments
Read more

How to Create a Bootable DVD Using Nero Burning ROM 9

I often need to create bootable CDs and DVDs but it's weird because I frequently end up buring myself a new coaster instead. It's not that the process is difficult, just that nero has a few too many options and I forget which ones to choose and end up picking the wrong one. I figured that the best way to avoid this mistake in future would be to write the steps down. Procedure Insert CD or DVD into your DVD Burner. Start Nero Burning ROM 9 Choose DVD-ROM (Boot) or CD-ROM (Boot) depending on what you're creating You'll be prompted for a disk image source. Choose a Nero Source - you'll usually find them somewhere like this... C:\Program Files\Nero\Nero9\Nero Burning Rom\DOSBootImage.ima Leave the Boot Locale as English - unless you really need a different keyboard layout Tick the box marked [X] Enable Expert Settings Choose Hard Drive Emulation and leave any other settings as they are. Click the button marked New Add any files you want but don't try to add operati...
11 comments
Read more

How to Create an Auto-Response Mail Message in Lotus Notes 8.5.3+

Why would you do this? Suppose that you have an externally accessible generic email address for your company; support@mycompany.com or info@mycompany.com. You might expose this to the web and allow people to send messages to you. Setting up an auto-response email will tell the senders that their message reached its destination and that it will be dealt with accordingly.  It's also good practice to include links to FAQs or other useful information. Why 8.5.3 The techniques we'll be using here work in older versions of Notes but some of the options seem to have moved around in 8.5.3.  I figured it was a good time to show you where they've moved to. The Procedure Start Domino Designer and open the Mail file to be modified.  A really quick way to do this is to right-click on the application tab and choose "Open in Designer". In the Left hand panel of designer, expand Code and then double-click Agents.  A new window should appear. Click the action ...
22 comments
Read more