Gee... David

This week a conversation took an unexpected turn. "Let's put WebSphere Portal on Microsoft's Azure cloud solution." It's a good thing I keep my phone muted because the gasp I made would have been hard to miss. When it came my turn to speak I deferred saying that such a scenario would require further investigation. The fact was that I knew that such a proposition was impossible given the current state of Microsoft's Azure platform. As I gave some thought to the statement I recognized that underlying it was a flawed understanding of how cloud based solutions differ.

The first task for those considering 'a cloud solution' is to understand there are not only multiple vendors offering cloud services, there are different types of clouds and the distinction is not between 'public' and 'private'. This is not to say one cannot obtain services from a private (or public) cloud. Instead it is to say that whether a cloud is public or private there are distinct services offered.

In this regard it helps to look at three well known brands competing for customers affection: Amazon, Google, and Microsoft.  Add to these vendors the involvement of partners such as IBM and Oracle, to name a couple, and it is easy to imagine a whole new competitive landscape rich with opportunities.

Amazon, a provider of cloud based solutions since 2002, has a comprehensive set of solutions. The list of these services can be intimidating.

• AWS "Amazon Associates Web Service" provides access to product data and ecommerce functionality.
• CDN "Amazon CloudFront Content Delivery Network" provides a means for distributing content from S3 (Amazon's Simple Storage Service)
• EBS "Amazon Elastic Block Store" for persistent storage of volumes bound to EC2 (Amazon Elastic Compute Cloud).
• S3 "Simple Storage Service" is a Web Service based storage solution. Older AMIs (Amazon Machine Images) use S3 as the storage location for boot volumes.
• EC2 "Elastic Compute Cloud" is an implementation of Xen for delivery of private virtual machine instances based on AMIs (Amazon Machine Images).
• VPC "Virtual Private Cloud" allows a customer to create an isolated collection of EC2 (Elastic Compute Cloud) instances accessed through a VPN from the customer site.

The effort to understand these and other services offered by Amazon is not trivial. In the case of EC2 and S3 or EBS customers have an opportunity to implement a huge array of solutions deployed to virtual machines. It is through this mechanism that IBM, Oracle, Citrix, and others have created 'shrink wrapped' offerings of some of their flagship products such as IBM WebSphere Portal.

More recently Google entered the cloud based solutions arena.  Compared to Amazon EC2, Google provides seamless access to their infrastructure such that scalability is easy to accomplish but the range of applications is significantly restricted. For example the AppEngine can only respond to HTTP requests or scheduled background tasks. There is support for both Java and Python but there are restrictions here as well. For example the JRE Class White List defines a subset of available classes found in the JRE (Java Runtime Edition - Standard Edition). This does not mean that Google's AppEngine is not a prudent or optimal choice. Customers must understand their present and future needs as completely as possible if they hope to make a wise choice.

Similarly, Microsoft has offered the Azure platform. This environment is bound to evolve rapidly as Microsoft vigorously enters the cloud based service provider market. This offering bears greater resemblance to Google's AppEngine than Amazon's EC2.  The chief benefit is also the chief liability of this platform. That is: customer's will be bound to the Microsoft .NET framework and related tools such as Visual Studio.  One succinct description of Azure is found at Wikipedia:

The Azure Services Platform uses a specialized operating system, called Windows Azure, to run its "fabric layer" — a cluster hosted at Microsoft's data centers that manages computing and storage resources of the computers and provisions the resources (or a subset of them) to applications running on top of Windows Azure. Windows Azure has been described as a "cloud layer" on top of a number of Windows Server systems, which use Windows Server 2008 and a customized version of Hyper-V, known as the Windows Azure Hypervisor to provide virtualization of services.

Understanding the nature and scope of cloud based services should be the task of any technology leader and the sooner that understanding is achieved, the better.

Comments (0)  Permalink
David Wilkerson February 16th, 2010 10:19:17 AM

Working with the IBM Lotus Domino ID Vault: A Cautionary Tale

There are numerous articles describing the basic approach to implementation of the ID Vault facility for management of Notes ID files. This management pertains to both the capacity to securely reset a user’s password as well as recover a user’s lost or corrupted ID file. This article describes a trouble shooting scenario derived from failure to create an ID Vault.



Recently I had an opportunity to demonstrate this facility in during a training session delivered to support staff and administrators employed by a public utility company.  As is often the case in such venues, I chose to work ad hoc. I  to explained to my clients that doing so in a non-production environment presents  a good chance that something will break. To my delight and, perhaps to their satisfaction, the vault creation process failed.

In this article I provide a high level review the process up to the point of the failure.

Then, in more detail, I describe the initial steps taken to resolve the issue. I also describe how next we proceeded when the initial steps failed to resolve the problem.

The process began with the Domino Administrator client. After selecting the Configuration tab I chose the ID Vault task section, expanded it, and selected “Create”.


This launched the ID Vault creation wizard.

The initial screen is a summary of the steps executed during creation and initial configuration of the ID Vault.After choosing “Next”, the wizard prompts for a vault name.


The vault name should be meaningfully related to the organization(s) contained in the vault but it cannot be the same as the name of a Domino Organization (O) or organizational Unit (OU).

Next I provided a password for the vault ID.  I made no changes to the default Vault ID replica server of the vault administrator. Additionally I made ‘typical’ changes to the organization / organizational unit selection of users whose IDs would be stored in the new vault and also selected users to be responsible for resetting passwords for IDs stored in the vault.

I chose the option to create a new policy for assignment to an organization and selected the target organization. Once the summary was presented I proceeded to attempt vault creation.  

The attempt failed with an error, “THE CREATION OF THE NOTES ID VAULT ’CORP’ FAILED WITH ERRORS” An examination of security events in the local (to the administrator’s client) log file showed, “Error: File not found: Entry not found in index on remote server”


My first thought was that there might be a problem with a view index. I first did a manual rebuild of all views using Ctrl+Shift+F9. The error persisted. Next I attempted to resolve the problem with Fixup and Compact. This was equally unsuccessful.

Realizing that some research needed to be applied to the effort I deferred additional attempts.  My research took me to two resources.  The first is a wonderful article in the Lotus Notes and Domino Wiki. The article,  http://www-10.lotus.com/ldd/dominowiki.nsf/dx/id-vault-logging-for-8.5-faq , was initially created by Bastian Wieczorek.  It is a great compendium of log entries on both the client and server side as they relate to ID Vault interaction. This gave me some thought as to what else I might learn from the log. Sadly, there was not a smoking gun but the article helped me to eliminate other possible causes and focus better on other plausible causes.  

Next I visited the forums, http://www-10.lotus.com/ldd/nd85forum.nsf/4d33daaa03bb930385256a0700727b3b/c35d9a943ae831b98525757c005b1049?OpenDocument, where Brian P. Ahearn posted the exact  message I encountered.  As I read the thread I recalled that prior to a similar demo earlier this week I had run the design task on my server prior to any attempt to create a vault. The reason for running the task was related to this issue in this sense: I was using ’canned databases’ from Lotus Education for construction of the 8.5 environment in which the mail files, person documents, and IDs for a sample user population had already been created. The problem was that those files were created in an 8.0.x environment.

The problem was crystal clear. I could not create an ID Vault when the Domino Directory lacks the design elements to support the ID Vault documents, thus the ’truth’ of the error message that “the entry was not found in the index”.  Indeed!

What this scenario establishes for users are the following points:
1.        Domino specific Wikis offer significant resources for understanding the working environment of various components.
2.        Forums offer invaluable insight on a recurring basis by capturing the experience of some for the benefit of many and the collaboration inherent in the threads is helpful even when the exact problem or its resolution are not reflected in the content.
3.        The log files of both the client and server are indispensable for identifying root cause and resolution of feature failures.


Once the root cause had been identified and resolved, I loaded the design task and refreshed the design of the Domino directory, the effort to create the vault was simple and straightforward.

Comments (0)  Permalink
David Wilkerson February 10th, 2010 10:00:25 PM

Stuart McIntyre's tweet couldn't have come too soon. http://quickrblog.com  I just installed SnappFiles, from Snapps, on my iPhone and I am more than a little pleased with it. Mobile collaboration took another large step forward. This tool is also, in my view, a great fit for the looming delivery of the iPad. Gadget geeks aren't the only ones who will find this little application useful.

Having said that, the UI/UX could learn a lot from apps like FlickIt Pro ($) and FlickIt (Free). These marvelous Flickr clients use the capabilities of the iPhone / iPod Touch to a far greater degree. More business implementers need to take a look at the accelerometer capabilities for navigation. Also a means of selecting 'favorite' folders would be helpful.

Comments (0)  Permalink
David Wilkerson January 28th, 2010 02:00:22 PM

This week I have continued with a search related project and was tossing a lot of ideas through my head on how best to design a solution that simplifies interaction with a search engine for a JSP developer.  In my ruminations I considered a Factory pattern, among others, but realized late last week that in my case a Builder pattern fits beautifully.  

My queries are not SQL queries but may contain search strings, filters, sorting preferences, etc. The number of plausible scenarios is lengthy and the parameters needed to create a 'right sized' query object are numerous (from a minimum of four to as many as a dozen.)  In addition the combination of parameters, as viewed from the perspective of the scenarios, is significant and some kind of test needs to be applied in order to ensure that the query is valid before it is shipped off to a search engine.

Hmmm, a complex object that is created with 'exactly' the right parameters and no more? What we need here is a builder.  Thanks to "Effective Java" by Joshua Bloch I have a workable solution.  

Here are some points to consider:

• The builder encapsulates object creation


• Objects can be created through a series of steps (I think of this as a buffet - choose a salad, an entree, and a side)
• 
  
• The client is unconcerned with how I represent this object internally


• It is an extraordinarily flexible (object oriented) solution.


• However, (yep, there is a downside to anything) the client will need more 'domain' knowledge than if a Factory pattern is used and there may be some overhead associated with the 'director' and 'builder' aspect of the pattern.

This is a 'sweet' solution that appeals to me almost as much as a weekend in the mountains. . . almost.

Comments (0)  Permalink
David Wilkerson September 16th, 2009 01:33:38 PM

Better security and more flexibility in security configuration are key benefits to WebSphere Version 7.  Security is effectively improved with the incorporation of audit improvements. Flexibility is achieved by a new capability that allows a cell to incorporate several security domains. The benefit of this feature is realized by separating the administrative domain from an application domain. That is, the application domain(s) can employ it's/their own user population(s). The scope of the application domain can be cell, cluster, node / node group, or server. This is a incredible and greatly beneficial feature.

This eliminates the need to establish multiple cells purely for the purpose of obtaining application user populations from diverse registries. One cell <> many domains. Pretty cool!

Comments (0)  Permalink
David Wilkerson September 14th, 2009 11:50:39 AM

Beginning with version 6.1 the command line tool wasprofile.sh (wasprofile.bat) was deprecated by manageprofiles.sh (manageprofiles.bat).  

Quoting the IBM InfoCenter:

Use the manageprofiles command to create, delete, augment, back up, and restore profiles, which define runtime environments. Using profiles instead of multiple product installations saves disk space and simplifies updating the product because a single set of core product files is maintained.

The manageprofiles command and its graphical user interface, the Profile Management tool, are the only ways to create runtime environments.

Keep in mind that the only means of deleting a profile is with the manageprofiles tool.

Comments (0)  Permalink
David Wilkerson September 8th, 2009 03:55:37 PM

One of the newest features to the WebSphere application server family is centralized installation management. The centralized installation manager (CIM) simplifies the effort to manage application server environments. Administrators can remotely install or un-install product components as well as apply maintenance tasks to specific nodes directly from the deployment manager administrative console.

According to the InfoCenter the centralized installation manager supports administrators by allowing them to:

Download interim fixes and fix packs from the IBM support site directly to the CIM repository.

Install interim fixes and fix packs for WebSphere Application Server Network Deployment, Version 7.0 on target nodes that are within the Network Deployment cell.

Install interim fixes and fix packs for WebSphere Application Server Network Deployment, Version 6.1 on target nodes that are within the Network Deployment cell. This is a mixed-version cell where the deployment manager node is a Version 7.0 node.

Monitor download and installation status of packages through the administrative console.

These features are a significant enhancement, among others, to the updated platform and represent real value for managers of large scale deployments by reducing administrative effort and costs.

Comments (0)  Permalink
David Wilkerson September 2nd, 2009 11:16:48 AM

Perhaps you feel like the lucky winner of the prize behind door number three only you aren't feeling so lucky.  You know, someone has told you that WebSphere Portlet Factory is so simple even a cave dweller could do it. (Notice the politically correct way I avoid infringement on an insurance company's tag line.)

Well, there is a learning curve and the operative word is 'curve'. It is not a flat linear progression from computer illiterate to portlet guru. I would go so far to say that it can be a fairly steep curve at times.  Likewise you may have heard that 'no java expertise or experience is required.'  Well, that is true to a point but it takes some experience to know where (or when) that point is achieved.

Finally, among the many who have poked their noses into the world of WebSphere Portlet Factory development it seems that the audience most frustrated by the tool are the experienced Java software engineers who just don't like the idea that 'some tool' is going to generate code for them.  After all, they muse, 'how can software write code that is more elegant than mine?'  Frankly, most employers are unimpressed with the supposed elegance of someone's code and they don't care whether the portlet is written by a novice or a prince of programmers. What they care about are whether the portlet achieves a business purpose on time and on budget. and does so efficiently.

So, there you are, trying to figure out where to start.  The starting point must be the IBM tutorials.  They offer a wealth of opportunity to get comfortable with the tool and to begin understanding how the tool supports developers seeking to achieve true rapidity in the development of their portal assignments.  Here is "the" place to start:http://www.ibm.com/developerworks/websphere/library/tutorials/0606_coqueiro/0606_coqueiro.html . On this site you will find information for the following tasks:

Create and configure a Portlet Factory project
Create a new Portlet Factory model
Add specialized database Builders to the model
Use Builders to externalize the data
Deploy the portlet to the portal

In addition to this very basic tutorial there are a plethora of others and, if you are not already aware, the WebSphere Portlet Factory Wiki should be one of your primary sources at: http://www-10.lotus.com/ldd/pfwiki.nsf/

Now, let's have that moment where I impart the 'facts of life' in WPF land.  As with most tools and platforms there is more to creating an industrial strength solution than knowing about some widgets, gadgets, and features (or in our case, plug-ins and builders). There is a huge need to understand patterns. In my experience (and I have been through several hard won WebSphere Portlet Factory campaigns - I am a vetted veteran) the tutorials are sufficient for getting a sense of how the moving parts of the tool interoperate but they are woefully inadequate for guiding the uninitiated through the process of creating durable and bug resistant solutions.  Where, you ask, do I go for this?

The single best solution is a combination of training and mentoring.  For either one check this site:http://www.davalen.com/websphereportletfactory.php . The WebSphere Portlet Factory Top Gun curriculum is a best in class solution for guiding would be WebSphere Portlet Factory developers of all levels (emphatically including frustrated Java software engineers) to a deeper understanding of best practices and design patterns that permit creation of genuinely impressive solutions that will delight your users and your boss. By all means you should work through the tutorials. They are excellent primers for gaining a rudimentary sense of how the tool works and how to get started but do not be deceived into thinking that is all you need to know.

If you head down the road of project design before you have an accurate understanding of the WebSphere Portlet Factory landscape you will find your self standing in front of a very big, very blank, and very very dense brick wall. In which case you may feel the need to revert to 'cave dweller' status yourself. Oh, and just so you know, you can register for the TopGun curriculum through a variety of mechanisms including IBM's training finder.  The course code is: WPC41 and can be found here:  http://www-304.ibm.com/jct03001c/services/learning/ites.wss/us/en?pageType=course_description&courseCode=WPC41

I hope this helps get you started. Let me know if you have comments or questions on how I could be more helpful to you and good luck!

Comments (0)  Permalink
David Wilkerson July 8th, 2009 08:36:58 AM

Exam Objective: Creating Dynamic Policies

A new feature to the administrative capabilities of Domino is the dynamic policy. This option allows administrators to assign policy settings to individual users and groups by entering a particular user or group name in a policy document.

By way of review, an explicit policy document allows assignment of default settings to users and groups such as

With dynamic policies administrators are able to "set it and forget it" the assignment by using updates the group document as needed. This way, if a user moves to a new  position in the company, the administrator does not need to figure out which policies are involved.
When is the change 'effective'. According to the InfoCenter, “The updated group information is applied the next time the effective policy is calculated for any users in that group.”

How do I do that?
There are four ways to assign explicit policies:

•        Use the Policy Assignment tab of the policy document (explicit policy)
•        When registering a user.
•        Edits to the user's Person document.
•        Use the policy assignment tool in the Domino Administrator client.


I have decided to provide an example of the process when registering a user as the InfoCenter has plenty of information for the other approaches. Additionally, this example shows the 'magical' consequence of removing a user from a group to which the policy is applied.

First, the environment. We have created a settings document and a policy with which it is associated:




We have also defined a group named “Contractors” and have assigned the policy to that group.



When Registering a user:

The user is configured in the usual way including membership in the group, “Contractors”




Now for the 'big reveal'. First:
But, when we perform a policy synopsis we see the effective policy.


Now, for the magic. We will remove Sue Synergy from the “Contractors” group and repeat the synopsis.



And, here's the result:


Things to keep in mind include the latency of updates to the group membership cache. By default this will occur once per minute but is configurable. Also, keep in mind how different settings are achieved. An excellent resource is the Wiki article at

http://www-10.lotus.com/ldd/dominowiki.nsf/dx/domino-policies-faq

Comments (0)  Permalink
David Wilkerson January 21st, 2009 01:36:51 PM

Don't Envy the iPhone, Hug Your Blackberry

Lotusphere 2009. Today IBM announced a major expansion of tools for collaboration on the Blackberry platform.

IBM (NYSE:IBM) and Research In Motion (RIM) (NASDAQ: RIMM) (TSX: RIM) today unveiled new Lotus collaboration software and developer tools on the BlackBerry(R) platform that will bring collective intelligence to BlackBerry smartphones. The new features will help customers find expertise, form teams, share information, and stay in touch in real time making them more effective and productive while on the move.

Imagine accessing document management, file sharing (photos, videos, etc) on your Blackberry device!

The key to this relies upon two initiatives: an eclipse plugin and XPage support. I can hardly wait to play with these toys!

To read the full story go here.

Comments (0)  Permalink
David Wilkerson January 19th, 2009 02:24:43 PM