What was my session about at Engage? Money and your Job

It was a cathartic, contrarian approach to our current situation, in which we, the admins, developers, and business partners, are supporting our Domino worlds.

I wish this were all in my head. But every single person in the room for my session at Engage was nodding their head at some point and others had very serious faces when confronted with my thoughts. The couple of people that talked with me afterwards were very happy they came to it. After all they gave up the Domino IQ roundtable for my session.

 

How did we get here?

 

The road that got us here is not the road that will get us out of here.

But enough cliché’s let’s be realistic.

We put ourselves in this situation.

Some items to think about:

(Almost) Every time we had a chance to ask for a budget, we failed.

We got what we needed, but this is not what an Enterprise solution desires, deserves, or requires.

We are selling our environments short if we only ask for licensing money, salaries, and some equipment. Way too short.

If your annual budget request does not include enough money that a respected enterprise solution requires, your request will not go up to the budget committee. Each company sets these meetings at various levels. Enterprise ready products have a staggeringly large annual budget, because that is how you know what is important. Or so the executives believe.

Maybe you think this is too much for “your team”.

Here is a little secret: Security budget money usually does not come from your team. It comes from the security budget. Leverage that every year.

Your environment needs to maintain perpetual security, which includes external and internal resources, people, apps, disaster recovery, development architectures, and more.

Everything you do in your Domino environment is for the company's greater good, and extending easier, faster processes for everyone, in a secure and meaningful way, needs to be backed by a secure environment.

I am not talking about 10k, 5k, or even 50k. You probably need to be asking for at least 100/250 or 500K to get to the budget executive committee. These days, maybe starting at a million. This is obviously relative to your situation and industry.

Some of you reading now might think I am out of my mind, but I am just a contrarian who has learned from 30 years of mistakes.

Maybe licensing is handled by a different group, so you didn’t need to ask for a budget. This also happens.

Once you stop asking for a budget, you don’t get invited to ask for one in the future. You mysteriously get left off the group email, or worse, your boss stops asking you about it. It is very hard to get back on the budget list. VERY HARD. 

For those who say, "No, we submit a budget," my question is, do they take it seriously, and do you get funding beyond the licensing basics?

Developers, you fall under this spell as well.

How many times have you said (as an employee), "Oh, I can put something together. Give me a few days or a week or two." Every time you did this but did not chargeback some business units' code or lay out the process and document why the app is needed and what it does for the company, you have also failed your Domino infrastructure.

If you were an outside vendor, you would have a project plan and bill X amount of hours or a total cost.

But you think that as an employee, you can’t do that, and you are wrong.

Everything goes to a cost center somewhere.

The group you are writing this for should be paying your team some of their budget.

But I bet few of you have done this.

While internal cost centers are a BS accounting move, they do work with your budget, so play ball by their rules, not the ones in your head.

Fear of Unemployment

I understand your predicament. You don’t want to lose your job, and I don’t want you to, either. However, no one has ever been fired for asking for budget money. A raise is a different matter.

For some reason, employees started to think they would get punished if they asked for the budget. You don’t get everything, but have you budgeted for the 2-8 various updates (now multiply by how many servers you have) you may need to do all year for your Domino environment? That number gets large fast, especially if you assign a value to it.

Why assign a value?

Because you should be clawing back money from every cost center. Again, internal budget money matters. Think about your budget if you had been "paid back" by the other cost centers.

When Lotusphere/Connect/Connected existed, you had to beg your company to go sometimes. How many of you went to the HCL Factory Tours? I hope you all knew they did these. If not, why not? You should all have been at them.

Did you think you would get fired for asking to go?

No, usually, the fear is to do anything that will get Domino seen inside your company. The CIO may demand someone's head for saying the D word, or your boss gets pushback for the old software. Whatever the reason, I understand, but keep in mind, you are not helping yourself in the long run because you aren't giving your company any reason to stick with Domino. 

I also blame the HCL sales rep at this point because they should be talking to you regularly by phone, email, WhatsApp, SMS, X, TikTok, set up an Ai auto message, whatever, I don't care, but they need to be on your side and not just "we have a webinar" or licensing renewal times. 

To be fair to the HCL rep, they do what makes them money first before anything else, but if they don't want to lose customers, they could be more proactive, so could most of us, that's all I will say here.

Money is everything, and you don’t understand what money means.

Money means one thing to you, but it is totally different to executives. 

You think asking for 10k is too much when the executive deals with million-dollar deals.

I am not saying deals don’t get lost because of price; that does happen. However, when properly laid out and defined, a solution for your company is not a 25k over-the-weekend app. If you want the executives to take it seriously, it is a 500k project or equivalent for your organization.

They will take it even more seriously if you can show that the new app either helps make money or manages some part, if not all, of your company's manufacturing, selling, marketing, or finance. 

Do this, and you can ask for even more money.

I am not talking about fake ROI projections of “time saved,” but real money tied to real work processes.

If you used your budget for licensing, what else would you ask for? I have listed what I expect to be in your budget in the spreadsheet I have uploaded for everyone. I presume you are the budget submitter; otherwise, you must bother your boss more.

Spreadsheet for download.

It includes guideline pricing, multiple items, education, conferences, T&E for these events, and other items that should be clawed back from cost centers.

It is also laid out as though you built an environment properly, and you can understand why, as you start playing with it, how the numbers multiply easily the more servers you have, and some costs also multiply. I aimed to show that all your costs after the Year 1 hardware purchases should be budgeted for you and cover your expenses.

Some of you may find this enlightening, while others may find it far from reality. I will wager that few of you even have something laid out like this, on which you are basing your budget. I hope I am wrong.

UI/UX is NOT HCL's Fault

All the BS talk about a poor UI/UX falls on your developers, now.

Older apps did have limitations, but this is not 2001 and R5, why haven't you refreshed them? Even just using Restyle would help. NOMAD web can be your friend here to reduce the web overhead to convert an app from Notes only to web, but you probably do need a nicer UI.

There are some gorgeous apps, Notes and web ones, so we know it is possible.

Again, who is to blame for this? Your app's UI/UX is not HCL’s fault.

Your executives see it as IBM/HCL's fault, but that only relates to the mail template. Your apps are your own to be creative.

Speaking of executives.....

New Executives have no idea what Domino does for your company

Because NO ONE has told them.

In this situation, I am talking about apps here. Mail is basically a cost of doing business. While on-premises and keeping your data inside are essential and more secure, email is a cost.

Some of you have been trapped by this “cost” term. Just because email is a cost and you are told to reduce expenses(notice they never drop new applications or revise older ones to save money), you may have been mistaken in thinking you shouldn’t ask for more money. But this, again, is what got us into this mess in the first place.

Servers do not update themselves; they can now under v14.5, but you get my point.

But apps, apps run your world, make you money, reduce paperwork (hopefully), and should be so good that no one is looking to replace them. 

Every time a new executive comes on board —and let’s face it, executives bounce between companies every 2-5 years—how have you briefed them on your Domino apps and what they do for the company, what they make for it, or what they provide that would cripple you if it suddenly stopped?

Have you? Has your HCL rep? Have you even told your rep what your apps do? Your HCL rep can't help you be that internal champion if you don't help them with what exists.

In my session, I used one of my clients as an example. They make millions of dollars a day using their Domino app worldwide inside their company. It handles everything from initial email requests for pricing and online sales to shipping, inventory, and manufacturing, tracking everything along the way. It is typical of Domino and an insanely elaborate application put together over two decades of teams of developers.

And yet, EVERY MEETING that involves leadership, I have to go to bat for my client and their app. Their internal people are too afraid to be connected to the “old server” stuff. See the above section Fear of Unemployment".

Imagine that meeting, discussing when we will move off Domino (I have been managing their environment for over 10 years or so) soon, but hearing this every year from me that it keeps them running.

They back down and then ask what is replacing it, which I suggest nothing, since it is an active and constantly changing environment, why would they replace it. Keep in mind that they only know the app by its internal name, which is how I introduce the topic, because they have zero idea it is a Domino application. But it always comes up from the Microsoft guy.

Of course, the business units say some cloud thing or an app made out of another database or workflow solution. Anything they move to would be a considerable cost, and ALL THEY WILL DO IS REWRITE WHAT THEY ALREADY HAVE, and from experience, end up with less functionality. I offer our help with whatever route they choose.

Like I said, 10 years, same meetings, every year. Many partners have similar stories, because we believe in the product, management believes in their bonus and their next salary when they move on.

This is exactly what one person in the meeting said about his situation. While he isn’t happy about the reduction in physical servers (personally I prefer less, but clustered, even when you have remote locations) he agreed that he will be there until he retires, nothing is moving that fast. 

Management has made the decision in his case, but to be fair, their environment might be faster and perform better with less overhead from the dozens of servers being consolidated.

Details matter, but for every excuse or peculiar circumstance, a completely normal one is ignored or under-budgeted until it becomes too late.

I hope my session and this blog post help you never reach that point of no return.

Conclusion

TL:DR The problem is and has been us.

I hit on other items that we all see or hear when advising clients. But almost everyone should know how to handle those by now.

If not, reach out to me. The lack of integration FUD, the “old software” line, the “lack of knowledge out there” hiring managers, and the perpetual “everyone uses <insert some other company>” lazy man excuse from someone that doesn’t want to be accountable for anything.

But we could turn this around by addressing the money issue and how we handle pricing/budgeting.

If you need help with this discussion, contact me, my fellow HCL Ambassadors, your Business Partner (or dump them for me), your HCL sales Rep/ Customer Success Manager/Customer Success Executive.

We are at a fulcrum. The cycle is coming back to in-house data from Cloud data, and now is the best time to Make Domino Great Again in your company and champion it as a proper Enterprise solution.

SMTP BlackListing, WhiteListing and Log and Reject/Tag

If you rely on your Domino server to handle all your mail, you probably have had numerous attacks on your server over time or even lately, as I did last week.

My personal Domino server is a mix of real code, websites, and active email, with various half-coded things and weird templates or customer testing.

However, I started getting harassed by sites looking for open SMTP accounts recently and figured something was amiss in my configuration document.

The official blacklist servers worked fine, but some of these rogues were missing.

Looking at my log file, I found a few domains/IP addresses and put them into the deny access group known as the Private Blacklist Filter found in the Servers Configuration document, as shown below.

But that wasn't enough to stop them. They kept coming. 

I wondered if 12.02.FP2 had some problems, so I opened a ticket with HCL.

Turns out the problem was on my end, but I still have some questions, but first, what was the problem?

I had a default configuration document, which was fine, but I  also had a separate one for my server explicitly named a relic from a test issue.

The explicit one took over the default one, and so while I thought I was maintaining one list, I was wasting my time.

I deleted the explicit one and just focused on the default document, it is my server after all.

And all was good, sort of.

I wanted to understand why I was still getting a few spam emails.

I had set the server to Log and tag instead of Log and reject. 

Here is where the problems got worse.

I decided to block all spam and set all fields to Log and reject messages. You probably can guess what happened next.

My inbox was very clean. Very few emails came through.

I thought I would whitelist what I needed, like bank mail, and HCL support mail (not so simple, someone at HCL should look into their SMTP issues that have them on a blacklist).

Still not getting lots of mail.

Next, I looked at what else was set in the doc and saw the verify domain lookup option was set, and rightly so as this does a great job.

However, I have learned that many organizations don't have good, clean SMTP/DKIM/SPF entries, and thus, they are getting blocked.

Sadly, I had to revert back to Log and tag to interact with customers and business partners.

Customers of mine with issues were notified, as was HCL, but if you have been playing with SMTP, something else always pops up. It needs babysitting.

While my mail is more stable now, I know I lost a few entities that got the denied server message and probably will not resend anything in the future. Which is a problem as some are bills and other items of usefulness.

If you are a new Domino administrator be careful with how you edit your Configuration document.

How to Enable, or Disable, TOTP for HCL Traveler and Verse

 After a discussion with fellow HCL Ambassador David Hablewitz, I realized I did not fully explain the HCL Traveler/Verse (will just refer to it as Verse) and TOTP  issue in my blog post the other day, 

I intended to explain the pros and cons of using TOTP and Verse, but I neglected to explain how to enable or disable TOTP and what you do if you have one server or separate servers.

The how-to is what this post is about.

It is pretty easy to do in a proper environment where Verse sits on its own server.

You probably see something similar to this in your Internet Sites for the Verse server (ignore the 404 error page I was testing):

If you double-click on the head item on the Web Site, you will see where you turn TOTP on or off. I am presuming you have set TOTP up already. The option is there because of the names.ntf template changes in R12 and R12.0.1.

If you don't want TOTP, change the selected option to "Yes" instead of "Yes with TOTP."

Simple, right? 

What if you are a smaller organization that relies on one Domino server to do anything and everything? What if you don't want Verse to have TOTP, but access to applications, or mail, should have TOTP?

My suggestion from a security perspective is to create a new URL for Verse. It is easier, under R12, for you to create a unique URL for your domain and get a Let's Encrypt SSL certificate for it for free.

Sidenote: I understand that you could leave it set up as it is above and turn TOTP off for the default website. You may do this because you don't want to field tons of help desk calls from users who can't change a URL, but this route would leave your whole server in a less secure mode.

Decide on the new URL, traveler.company.com.Set it up in your internal and outside DNS.

Create the new Internet Site document for the unique domain. It may look something like this:

Don't forget to edit your Traveler URL section of the server document to accommodate this change.

And now you can restart HTTP and Traveler, and you should get prompted for TOTP at your domain, but not with Verse once outside DNS changes go into effect. So I suggest you set it up and wait till the exterior works, then cutover internally.

You will need to create all the docs, so it looks like this:

And users may have to reinstall Verse to change the URL.

Once set up, you can turn on TOTP for Verse down the road if you wish. This also lets you move the Verse server easier in the future because it is no longer tied to your server, just the URL.

My Slides from my TOTP Collabsphere Session

 Since Slideshare went paywall, I am trying Speaker Deck now.

https://speakerdeck.com/kbmsg/totp-tips-tweaks-and-troubleshooting

Customizing the TOTP Login Form and MFA Pages

Continuing the extension of my TOTP session from Collabpshere, I wanted to expand upon modifying the Login Form and MFA page for those who need it and want to know how to do it.

The truth is I covered this in my 2021 Collabsphere presentation but since learned a few things which I want to pass on to all of you.

In 2021, I created this flowchart explaining how to add your corporate logo to the background logo.

How to add your company logo to the TOTP Backgroud graphic.

Of course, you could use any graphic, just figure out the scaling side, but I found it easier to just add my logo to the existing MFASetup1.png file.

There is a style.css file (Under Resources-Style Sheets) where if you find this section, you can change the graphic to whatever you want by renaming the png file and, of course, adding your graphic to the Resources-Images section: 

Today I found it was not letting me add a company logo to the .png with the 12.0.1 template. I had previously done it with the 12.0 template. So YMMV.

So how do we let people know it is the company's MFA login page?

I edited the form called $$LoginUserFormMFA in the domcfg5.ntf. If you don't do it in the ntf, you will lose your updates when the design task runs.

I replaced the HCL Domino text with the company name and added MFA Login Page.

While editing the text, I added the details below, which is helpful since the default page tells the user nothing.

MFA Instructions / Help

To set up and start using MFA take the following steps:

Step 1: Enter your Username and Password and press the 'Login' button.

Step 2: Follow the prompts to set up Multiple Factor Authentication, our preferred authenticator app is Duo.

Step 3: Once you have set up the MFA, return to the login page. Enter in your username, password, and MFA Token via your authenticator

Step 4: Click the Login button.

Naturally, you can add whatever text you wish and probably add a popup help window, among other things, but I am just a simple admin.

 Don't forget to save your changes.

While still in this form, if you go to the list of objects below the window and look for the "Window Title" object, you can edit the text there, as I have, so it says "The CompanyName MFA Login Page." And don't forget to save your changes.

I like to minimize helpdesk calls, so I want people to realize it is a legitimate site. I know, hokey, but something is better than nothing.

The hard part, and I don't suggest you do this unless you really want to do it, is to edit the MFA Setup page.

You see, it is not a page, or a form, or a view. It is a small java file.

You would have to unarc/zip it or whatever you do to java files, edit it, recompile it, and put it back on your server.

And if you do a server update, it will wipe it out.

And you would have to do it all over again. You might be able to copy the file, but if HCL makes any changes, you are screwed, so I have decided not to mess with it.

The .ntf would also get overwritten on an update, so why do it there?

To me, it is easier to replicate and maintain a local copy of the .ntf than to do it for the java part, but again, YMMV.

My personal server page looks like this now:

If you previously had a custom login form and now want to add TOTP, I strongly suggest you copy your custom form into the $$LoginUserFormMFA and sort it out from there. 

There are too many parts to TOTP and the domcfg database that will make it hard to do it in reverse,

I am sure my developer friends may make fun of me, but this was the easier(less time involved) of the 2 ways we tried to do it to bring it up and make it work. Again YMMV.

I did not touch on the use of the notes redirector, but that is how we are using it, and of course, if you need to edit the iNotes Redirector, I wrote a few posts about it many years ago, you can click on that section from the top of my blog or use this link: https://blog.vanessabrooks.com/p/inotes-redirector.html.

Crazy 2021 Ending, The Streak Continues as an HCL Ambassador

The last 2 years have been brutal in many ways, and honestly, after my efforts with #HCLAmbassadorTips in 2020, 2021 for me was relatively quiet.

But HCL has deemed me worthy of continuing as an HCL Ambassador, now going on 9 years in a row, including the prior years as an IBM Champion.

Maybe I did something right for my clients, or I did something wrong, and no one complained. Yeah, I did blow some stuff up by accident at a client, but not like what I did in my first real IT gig. 

Maybe my sessions at the various events in 2021 were so awesome they had to make me an ambassador again. Then again, I doubt the 10-50 of you that showed up are on the voting committee. The rest of you that did not appear, that's ok, I was zoomed out already in 2020. Beers for all of us at Engage, I hope.

The long tail of those sessions, however, is massive.

And that is what HCL expects from its Ambassadors. To provide content, help, support others and find ways to assist the community and worldwide customer base.

Some of my slides posted this year have over 500 views. I wish I knew why so I could repeat it again in 2022.

Likewise, some blog posts about the topics I presented this past year are over 3,000 hits which for my blog, given how often I write these days, is pretty impressive.

So what will I do in 2022?

I have no idea. My post from last year did not promise much in 2021 because I really was worn out from the 366 tips I posted.

But, for those who want to understand this Ambassador thing better, I point you to my post last year around this time of the year for how you can join in the fun. 

https://blog.vanessabrooks.com/2020/12/what-does-it-mean-to-be-hcl-ambassador.html

I told my oldest daughter that I may start a TikTok Tips thing.

She is still laughing hours later.

I had some other ideas but nothing concrete enough to commit to writing.

Until then, congratulations to all of the HCL Ambassadors wherever you are in the world, and I hope to see you in 2022 someplace, some time.

My Collabsphere Session on TOTP/MFA and HCL Domino R12

Great to be speaking again at Collabsphere. 

This was the first of my 2 sessions, feel free to download it and ask any questions about it.

Yes, It's Number One it's TOTP! from Keith Brooks

SnTT - When you need OS Acces, but DON'T Have it, OPENNTF to the Rescue

 

I should tag this as #HCLAmbassadorTips, but that is so #2020.

Picked up a new client from my home state with a small but necessary business, which they run on their HCL Domino application.

The problem started when I realized I needed to scrape their old website from a hosting provider and then put it under HCL Domino.

Simple enough to get the site files and fodlers, but when I went to add the site to Domino realized I did not have RDP/VPN/FTP access to their server at the OS level.

What do I do?

As it turns out, there have been a few tools that existed that do this, but being an Admin and not a Developer, I never needed them and never looked into it.

I ended up finding a solution at Openntf.org with a project called Remote File Browser.

It was posted in 2010, still works, and I am using an R12 beta client to work with it on my end and the R11 server on the customer side.

It does just what I needed:

• Create a folder
• Delete files
• Move Files
• Upload file
• Download files

Did you note an extra letter between the last 2 items? It seems you can download multiple files, but you can only upload 1 file at a time.

Okay, a bit tedious. I had about 40 files, but if I needed to edit the notes.ini or to change the SSL keys(if you are not using LE4D) and did not have access at the time, this does the trick.

Follow the instructions for it, copy it to the server, sign it, assign an ACL and then start browsing the server files.

Created a folder under domino\data\domino\html and then moved all the files.

Edit the Internet Site Document, so it knows which directory to read from and which HTML file to use as the primary page and restart HTTP, and it works.

If you know of anything similar and is available, free or for a fee, include it in the comments or message me to include the other options for everyone.

The best part is I get to cancel a meeting for later today that was about access.

SnTT - Adding a 3rd party Task to the Domino Admin Client Monitoring Dashboard

 

This has bugged me for a while. I may have just been a bit lazy as well.

But that's what friends are for, and Ted Hardenburgh came to my rescue in our Openntf slack channel.

You can join the slack channel here: https://openntf.slack.com if you have FOMO or just want to ask us your crazy questions.

Anyway, back to Ted's help with my situation.

We have a client running a task that is not a native Domino task, and I wanted to monitor it from the Admin client's Server-Monitoring tab that acts as a Dashboard.

You did know you have a dashboard built into the Admin client, right?

I will presume you know how to add your servers to the dashboard.

But when you want to add a task, you select a server and right-click and select Monitor New Task from the list shown. The default only includes the native Domino tasks.

Naturally, I figured there must be a way to add the 3rd party task, I was hoping without too much under the cover messing around, and that is when Ted helped me out.

My thought was there is a subform someplace to edit, and Ted pointed me to it.

Open the domadmin.nsf file in the Designer client.

Look at the Forms, and you will see a long list of Task\names.

The easiest way to start on this journey is to copy one of the tasks and paste it back in and begin editing it.

In this case, I am creating a task for bccdbt, I already renamed the task.

The name has to match the task name you would run when at a server console.

The fields you will need to edit from the above screen are the following:

Task name, Task filename, and Task Monitor Name and Description.

Task name field = Name as you want it to be seen in the Add Monitor Task pop-up window.

Task filename = the task name as you would enter it in the server console to run it.

Task Monitor Name = Should be how the task is described when you run a sh ta command. Like Router, Schedule Manager, etc...

Description = Edit according to what you need to tell your fellow admins.

Save it and then test it.

The task should show up within a few minutes, the dashboard updates automatically.

That's it. Many thanks again to Ted.

SnTT - Hear Ye, Hear Ye, Something new at Openntf for ADMINS

That's right, I resurrected Show n Tell Tuesday for this post because I can, it's my blog, and why wait for Thursday anyway?

A few months ago, my friend Roberto had the luck to join the Openntf Board. 

If you don't know what Openntf is, click on the link and check it out. NOW! 

The TL;DR is Openntf is THE place to go when you need a template for an HCL Domino or Notes application to help your company. It is also where you can go for tutorials on various development topics and all kinds of developer code snippets.

Admittedly, few admins ever add to the site, because, well, historically there is not much for admins there and often what we see/know is proprietary to our clients and companies. This has been my perspective for many years. However, a new world, a new time, and progress is being made, thanks to Roberto.

Openntf was not ignorant of the issue, many of my friends and fellow IBM Champions, and HCL Ambassadors, have worked hard over the years to make Openntf as useful as it is today by their incremental changes and awesome templates and code bits, even if I don't understand all of them. 

We have come a long way.

Maybe we just got older and complained more, maybe they finally realized without Admins there is no server running, or maybe we do bring some benefit. 

After all, as we rise like an HCL Phoenix from the ashes of the IBM years we are seeing new people ask questions and post requests, young and old, and they need guidance from us old, er, wizened people.

Roberto asked many of us what we would like to see as Admins in Openntf and I said I would like to see Lotusscripts, Formulas, and other code bits that help make our lives better, easier, and faster. 

I was worried that as some of us move along or retire or cross the Golden Firewall, we will lose knowledge and that would be pretty sad, given how many years of managing Notes and Domino networks we represent.

I am sure other admins also gave him input and I hope they will look into it further after reading this post or you reach out to Roberto with more ideas.

In December I was asked to test something on the Openntf website and that is what this news is about.

NEWS! NEWS! NEWS!

In addition to the existing benefits of the Openntf site, there is now a dedicated section for snippets of code, which is what EVERY admin needs. Here is a link to it: https://openntf.org/XSnippets.nsf/home.xsp

Now when you add a code snippet, the option to select the Language for it can be called "Admin Scripts".

There is a tag field so you can put whatever else you need in it to help your fellow admins find it when they need it.

I have posted 3 snippets which I use frequently, no doubt most of you will recognize the need for these as well.

1. Create a Forwarding Address in a Person Doc based on Email Address
2. Looking up and Converting a List of Notes Names into their Email Address
3. Converting Regular Common Name Lists into Notes Hierarchical Names

The first one is a simple script to grab an existing email and edit it for another field. Helpful when updating domains or in merger situations. Edit it, select all, done. 

The second one is really good for your AAs or Marketing people who need to extract email addresses of employees or clients, and upload those into bulk email sending services like MailChimp or into Salesforce. I have set those users up so they never bother me again. Okay, I lose some billing time but honestly, who wants to look up a few hundred or thousand people's emails anyway? This takes seconds to do it.

The third, a similar request to the second one, is because I was receiving very long lists of names to create ACL groups and mail groups. Names should be listed properly in these groups and this script helps you out. Again, in seconds.

Could these snippets be coded better? 

Could they be used differently?

Will I be adding more over time?

Can any Admin, or Developer, use them?

Should you use these?

The answer to all these questions is YES!

I tried to explain the code and how to use it, so if I need to edit it or you have problems let me know and I will try to help you best I can.

Looking forward to seeing more snippets up there and that we can say 2021 is the year of the Admin.

Have things you need or like to see, let me know, I might have them and get them posted.

The Resiliency of HCL Domino and how to get Multiple SSL Certs to work with it

First, thanks go to Daniel Nashed who told me it could be done and that in R12 it will be even easier! I asked him because I thought the HCL documentation was a bit vague about if it would work as I needed.

Second thanks go to Detlev Poettgen and Ulrich Krause of the midpoints LE4D (Let's Encrypt 4 Domino) team for support while I set it up and providing the community an awesome SSL certificate tool that keeps you rolling SSL certs for free. The link includes the request form to get it.

Lots have been posted about the LE4D and for whatever reason, I had not gotten around to it.

Part of the reason is the resiliency of Domino, will get to that in a minute. But there was a technical limitation since removed in Domino 11 related to how Domino handled the SNI(Server Name Indication). Prior to R11 you can only use one SSL certificate per IP address in Domino. Since I run about a dozen domains on my server, this was not helpful, but now, it works quite well.

What I found along the way was, if HTTP is turned on, it is pretty hard to screw up a website. IP, name, old name, odd folder, missing file, Domino will still publish something. You start working backward to figure out what is going on and along the way end up with a stronger configuration. SSL troubleshooting is a little harder since we do not get specific error messages out of the server.

And this is what happened to me, but perseverance won out.

I requested the LE4D tool (link above), which is really a Domino application and I added it to my Domino 11.0FP1 Windows server.

Did I mention it is Free! As in beer, well when we are at evening events at conferences.

Before you get started, you need the ENABLE_SNI=1 added to your notes.ini on your server as explained in the HCL doc at the top of this post. The document explains that your configuration may need to be tweaked, mine did, and that you need a default web site configured or at least one web site with an IP address configured to use as a starting point. More on this later.

NOTE: On IBM i, SNI is supported natively on IBM i enabled for SSL Plus for HTTP and not for System SSL API.

You can follow directions in their PDF so I won't waste time on those, but the guide provided expects you to know a  few things which I will itemize below in case the LE4D teams want to update their help doc. 

NOTE: Domino 901FP8 or newer is required due to a reliance on JVM 1.8. Also, if not running on R10 or R11 you will need the KYRTOOL file and the pdf helps you to get it.

Almost everything is built into the application, even a run and sign button so you can do everything from within the LE4D application.

While it is possible to create one settings document for all your domains, I found it better to create one for each domain. It makes troubleshooting easier, but more importantly, because I leverage separate folders for each domain, it allows me to customize the HTML HOME DIRECTORY field which became a problem.

The Let's Encrypt hash codes and certificates need a place to go under the domain so it can be updated automatically, but also to preserve each domain's specific certificates. Otherwise, as I saw, all my domains ended up using the same cert which would not work in the real world, although fine in testing/staging servers.

Also, if you have multiple domains, you need to name the KEYFILE NAME field something different for each, or else all your certs will get written over and that helps no one.

Once you have filled in the setting document, they provide an example in the PDF, save the document. Then enable it so it can run.

I did not have to do the IKEYMAN part on page 7 of the PDF which may be for prior to R10 servers or Linux, not sure.

Set up the automated process to run the program document to keep your server automatically SSL up to date.

You can manually run the agent from their database from the button in the top right corner.

There is an agent log at the bottom of each setting document which helps to troubleshoot it as well.

I found that when I clicked on Run the client would hang for about 2 minutes while it ran and then would come back and either had worked or failed.

Now, this is where Domino was stubborn or resilient, depends on how you view it.

I could not get SSL to work at all. The log showed the cert was downloaded so what was wrong?

This is when I asked Daniel what I was missing and he pointed out that my DEFAULT SITE needed an IP Address. BUT when I set a default site, there was no way to add the IP Address. Seemed odd to me, so I worked backward. 

In my case, the default site is Traveler as it is not going away, even if some other domains get retired.

A second auto-generated internet site document is created and that one gets the IP address. You also need to add the correct SSL to this 2nd document so your Traveler devices can connect.

The next thing I had to do was manually add the correct Key File Name SSLFILE.KYR file in the security tab under each domain's Internet Sites document. And then run HTTP Refresh at the server console. 

And then it worked. Prior to fixing it all, HTTP worked fine and SSL thought it worked but really just errored out or said I was using a different domains certificate. Domino is pretty resilient to keep going even though parts were wrong.

2 domains I had to try a few times, maybe it was network issues, but eventually, all got done and updated. I had some typos and used the wrong http folder name in one case, but if you have patience you can find all your mistakes and fix them like I did.

Our Collabsphere Session about O365 from the viewpoint of an Admin and a User

Hogne Pettersen and I gave this session today at Collabpshere.

It is a mix of good, bad, bewildering, and impressive views about the whole O365 story, solution, and parts within it.

We could spend all day discussing this and are happy to do so if anyone wishes to ask for our help.

For more details, follow us on our Twitter accounts at @LotusEvangelist and @NordicCUG

Shoot me NOW! The Life and Death of an O365 Admin and User from Keith Brooks

My Collabsphere Session on More Efficiently Working From Home with HCL Products

 

While my session had a small group of attendees given the great sessions I was up against, the beauty of an online conference is everyone can catch other sessions afterward.

It was great to be a part of MWLUG again now known as Collabpshere.

To Home, To Work, To Home, To Collabsphere! from Keith Brooks

Domino Administration Wizardry - Dark Arts Edition

Here are the slides to my session I just completed at the Engage conference.

This session was and is aimed at junior admins that need to find better, faster ways to do some redundant tasks.

If you have any questions just ask me. The code used is not perfect and alternative options do exist but for an admin with little to no development knowledge, I hope this saves you time and provides reasons for your users, and manager, to love you even more.

Domino Administration Wizardry - Dark Arts Edition from Keith Brooks

One HCL Master's Plans for 2020

I was not kidding when I said I was surprised to be named an HCL Master.
I am very honored to be part of the 1st full class of Masters.

For me, it was a slow/low year especially the last quarter due to losing my grandfather and having to back out of Soccnx/Let'sConnect Munich at the last minute. I know, I say this every year, but I wonder, with 100s of people out there being nominated, was I really deserving? Why were the others  not more deserving? Surely some of them deserved it too. If you were nominated and did not make it, I am happy to try to help you get it next year. Once, we were all in your shoes but we all took that giant leap.

Without knowing the judging committee, I can presume some brand awareness for me for all these years, and maybe I was #101, but like the old joke, what do you call a person that finishes last of his class? A graduate, maybe that was me this time, #101.

So, for 2020, I am doing something substantive, so at least I can feel like I am repaying HCL's belief in me, from my past, to help the future. This plan involves quite an effort upfront, but I think, if others joined me in doing it as well, we could gather some serious awareness back to the products we love, even the one they refuse to mention as if it was Voldemort reborn.

Remember when we used to blog every day? Yeah, me too. But we float in and out of various social worlds, crowds, friends and time is accelerating as we get older.

With this in mind, I am in the process of setting myself up to be able to push out a new tip, hint, idea, download or benefit for users, admins, and if it is possible in such small textual epistles, devs.

Every day of the week.

Every day of this year, all 366 days of it.

Yeah, I may be off my rocker a bit, but this was one of the ideas I pushed to Richard, Andrew and a few others, and figured I should see what I can do with it.

Each day of the week has their own topic as shown below, posting times will vary so I can gauge interest and traction plus different social media places require different formats so I will start with Twitter and then Linkedin, from there will see which way to go:

• Monday - Domino
• Tuesday - Sametime
• Wednesday - Clients
• Thursday - Traveler
• Friday - Fonts (UI/UX but that doesn't start with an F), Folders and Files tips
• Saturday - Weekend tips for admins and users
• Sunday - Fun stuff day. Why post on Sundays? Because in the Pacific Rim it is a work day already, as it is in Israel where I reside these last 5 years. 

I admit to not being a Connections guru so I will let someone else provide those tips.

Verse, Nomad, Volt, the unnamed N client and some other item may pop up at one time or another.

Business Partners that want to sponsor posts or have some interest in a similar series for your own products, let's talk, after all 366 days is a lot of things to post, and I can't talk about Engage or Let's Connect every day. (User Group events I am happy to post for anyone that reminds me about them)

Most tips will be obvious to my fellow HCL Masters, but to all of the new and old admins/users/devs  out there, hopefully you will pick up something new that spur you to think out of the box about how to help your users and company. Then again, I have a treasure trove of history .ntf's, graphics and other things to let people download because how else do we give back to the next group behind us?

Of course I will also blog erratically when the muse visits me.

To the haters, deserters, friends that wonder why I bother, what can I say, hire me, and show me something better to champion. If I do this for free, imagine what I can do for your brands with a budget. My list I gave Richard had 30 other ideas.

My hashtag for these is #HCLMasterTips and like my FudBuster Friday posts a few years back, feel free to hit me with any ideas or things to cover and I will give credit to you for it.

Happy New Year Everyone

Can We Get To Work Now?

As you may have heard, the divorce from IBM of the Lotus Portfolio of products has come to a conclusion and HCL has come out the winner,

The value of the deal ensures a decent rate of return to HCL within 3 years(maybe earlier) based solely on Support and Services, otherwise known as renewals.

The efforts to stop the leaving and increase the renewals only adds gravy to the deal for HCL.

But many of us want to see a new land, we want to not just see people hang on, but new customers come out of the cold. This could be the start of a renewal for the product line, sure, few companies have done it, Apple being the biggest turn around, and we have to do it without Steve Jobs. Not sure if that is the vision, but it is a goal which I think should be on everyone's mind.

We have to see the world, not like it was, not like we wish it was, but as it is and how we can once again be useful to people. Yet, once again, daily, we will have to prove that a venerable product, it  never went away in 30 years while so many disappeared, still runs and can run many companies worlds.

Sure, Salesforce now does workflow and automation, taking our niche potentially, or at least trying to if you believe a $200 million software project in Salesforce is required to replace, and not fully, a Domino application. The limitations and costs of Salesforce are not enough to convince someone to drop Salesforce, to push on those is working the competitive tactics of old.

Embrace and extend maybe is the answer, but that would end up a Business Partner play, aside from HCL getting the APIs to place nicely.

Microsoft of course still worries about us, funny how old flames die hard but the old ways, do not work the same and a better play in the competitive space is needed.

Google/Alphabet still sucks at calendaring and while the focus from HCL may not be messaging, messaging still is what runs a lot of businesses.

Workflow and automation demand a solid, stable, secure platform that can be relied upon to work no matter what you throw at it and no matter how little you babysit it. Do you ever hear Exchange admins say they love Exchange? No, not really, but there are 100s if not 1,000s of people out there that will say they love Domino.

It.is.THAT.Good

Back to HCL Software and the future, while the dust settles and this 3 Billion dollar(Lotus bits)  startup creates logic where there was none, have some patience.

We would all like to see new commercials and marketing, but in a modern world, that doesn't cut it enough. If we really want this to succeed, we need to embrace the social media side, not just pay lip service to it.

We need to ingrain into people that MongoDB is only decades behind Domino in getting field level encryption in a NoSQL flat database.

And people treat that like news?

IBM would never let us go after this, but my hope is HCL will because if we don't bring the issues to the front, there is no press and no customers begging to come back.

Do we need new templates? Yes, and we need to find a way to make them flexible enough so customers can adopt them easily enough. I have some ideas in this space for another blog post.

Do we need to revise old ones? It wouldn't hurt, and these will help keep customers renewing. I gave my input already on the Rooms and Resources.

I have argued that to try to convince people to code with Domino is a hard sell, kids in college have never seen or heard of it. More importantly, the workforce is not what it was in the dawn of the PC industry.

Many employees are niche driven and not code happy, or even interested.

In the earlier days, those of us that wanted to find a better way or figure something out had to read anything we can find, play with everything, dig into stuff that even now I think about some of it was amazing.

But I don't see that spark in employees. The need to know more is gone, maybe because love of company went away over the last 20 years. If HCL can figure out how to light that spark again, we may be on top something.

I mentor startups and they listen to me explain long dead products that did what they plan to do and what went wrong so they can try to make a better way...while scratching their head why they never heard of these solutions.

HCL has the chance to do everything we have been begging IBM to do with the products for years. Now we just need to get on with it and be aware that the future is being built literally every minute as of officially 17 hours ago Grenwich Mean Time.

NCUG Wrap Up and NOMAD for Android Beta information

NCUG is over,  and it was a very good event run by Hogne and the NCUG team here in Stockholm.

They changed the name from ISBG, which was LSBG, in an effort to jump start the regional user group again. They also let us know next year it will be in Copenhagen in September 2020.

The customers that came out for the event were almost all on R10, or will be, and most of them run Connections as well.

A truly great feeling to be surrounded by them all and talk with them about what they have done and are looking to accomplish in the future.

My sessions were both filled and everyone, including myself, left them with new knowledge and that is what these events are all about, meeting people and sharing information.

Sharing with each other, not being in fear of people hearing what you have done but trying to encourage and help each other, is what separates us from the Microsoft minds of the world.

Just like what made me fall in love with Notes way back when in R2.

For me it was never about the applications or even the mail, it was about the freedom if information.

The freedom to share information with people.

At a time when green screens still ran your world and anything you wanted was 6 levels of authority just to get a file, Notes was what I thought corporate worlds would be like when I finally got to work in a real business.

Thank God for Ray, Mitch,and Jim for bringing it out.

Richard Jefts spoke at length about the future, the vision of more applications, why Sametime is so important and how R11 will be the first HCL Notes/Domino/Sametime version. Once the divorce is final with IBM we will learn more details about the future which will be Simple, Secure and Intuitive.

We received word of the imminent arrival of Sametime 10,Limited Use Edition and what is part of it all.

Uffe Sorensen made it clear R11 will not be out on 11/11 in case you wondered.

Opening up Domino further to other vendors like Cisco, Salesforce and ServiceNow will help us extend workflow applications to a new world and a new time.

The recent NOMAD(not  to be confused with the R7/8 Nomad of Notes on a USB) for running your applications on an iPad or iPhone was shown off and discussed by Theo Heselmans (IBM Lifetime Champion) of the great Engage.ug conference using his wine application. We also had the opportunity to get in on the beta for Android of ti which would make me happy as I am an Android user.

If you want to be a part of it as well, go to https://www.surveymonkey.com/r/XXBFP6N.
EDIT: Fixed URL, sorry about the typo

Adam Gartenberg from IBM, but soon to be HCL discussed Connections, the future is bright, the future is different and it all goes back to redesigning the UX and UI along with numerous other ideas from the jams and aha requests.

HCL is listening, and they are doing or will be doing. Not everything can be done all at once.

There were some partner sessions, there was a session on setting up Docker, Connections sessions, a user adoption strategy session, case studies and live code examples. In short, a little bit of everything for everyone. And all sessions were well attended.

Congrats again to the NCUG team and hope to see you again soon.

ISBG now NCUG My Session "Why Didn't Anyone Tell Me Notes Could Do That"

ISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do That from Keith Brooks

This session was about how to make your case to get changes pushed through to end users.

How to talk to management and other teams to give users a better experience and in turn provide happier customers and fewer support tickets.

At THINK, Therefore I was

55+ kilometers I walked last week.

For a conference.

The IBM THINK conference.

In Las Vegas.

30,000 people at an IBM Lovefest for 5 days of 3,000+ sessions.

I can only imagine this is what Woodstock was like, awesome speakers and musicians, great amounts of love and imagination and when you left you were worn out beyond belief.

My bad knee needs a vacation.

I was busy almost every day with sessions I gave, sessions I attended and various hall way meetings with IBMers.

Some sessions ran, some in mythical rooms (lacking maps it was hard to find some rooms), others never ran for unknown reasons. I missed more sessions because of the app that synched incorrectly dates and times. I hope they fix that for next year, and give us access to it much earlier.

HCL

My discussions about the HCL deal were interesting, the ICS teams strongly believe this is going to be the best thing yet. The fact Quickr was even mentioned made me pause to think maybe they were really looking at ways to rebuild everything. But dreams aside, the deal will run its course and this year, well really 2019 (presuming R10 comes out in Q4 2018) will be the make or break it year. Barry, don’t worry, I will let you know our top 10 webadmin needs.

THINK Academy

The IBM THINK Academy was a great place to spend time. The life size BattleShip game, professional head shots, Watson, labs galore, Soft Skills sessions where I and many other IBM Champions gave our time to help the next generation and most importantly…food and drinks all day long.

I attended one lab and it was run by a developer advocate Erin McKean, her avatar is a pink robot, that was great, sadly it was the only one I got to be a part of at the show. But it was run quite well and easy tutorial to follow. For more details about it, see the lab on git hub here.

I had more people at my soft skills presentation on speaking, Monday, than my microservices session on Thursday. To be fair, the latter was near the end of the show and attendance was way down by Thursday. I will post about the Q/A from my Soft Skills talks because that was enlightening.

Notes and Domino

Yes we will finally get to use .xls instead of .123 for import and exports. And a few things we have been asking about for years but the HCL team is listening and if you have enough information on why you want/need something, they will seriously think about it. Go to Gabriella Davis's blog post which includes her presentation on what is new, I can't do it justice.

Sametime is NOT Watson Workspace (WW)

Yeah, that is obvious but not to everyone yet. Sametime is staying on premises. WW is web/cloud based.

Sametime was Mentioned but nothing pronounced other than some licensing changes and a possible return to "just chat". Rumors of all kinds of things from a streamlined full stack to a completely microserviced architecture were tossed around. Of course it was dwarfed by the WW information. The new shiny in everyone's eyes. Helps it has Zoom built into it and its infancy is growing so stay tuned.

Connections

Dwarfed by the HCL stuff, Connections had sessions and I went to the troubleshooting one from Roberto and Sharon. Great stuff if you need to dig in deep. Grid looks good but I don't spend much of my time on Connections, although I will be in 2018.

Before I forget , I send my apologies to Heather Graham for cornering her about some things, but knowing each other for 10+ years it happens that some frustrations some with the discussion.

Thank Yous

Thank you to all the IBM Champions that I met for the first time and the usual cast of characters that I call my friends for helping me out or just talking through ideas or just spending time together which in some cases has been years apart.

Huge thank you to Alan Hamilton and Libby Ingrassia and their staff of IBM Champion wranglers. We are not an easy group to please and can be rather vocal when we want to be and they handled all of us quite well. They also supplied us with swag of the best kind and even got the front row tickets fort the concerts for everyone. They also helped get us some speaking options and other meetings of the secret kind so for all they do, thank you!

Thanks also to the team in THINK Academy that engaged us and let us have some fun in their areas to help people who wanted something other than tech details.

Parties
A great shout out goes to Ephox for the never miss Aussie Party, the many Business Partners or Vendors that invited me and everyone to imbibe and enjoy ourselves. For the ones I missed, or could not connect with, my apologies, I tried, but there are always plans and misses at the shows. There are also serendipity occurrences you can only put down to being at the right place at the right moment in time.

Skateboards

Thank you to IBM for the speaker gift certificate for the Logo and Book store. But $40 was not enough to get the skateboard. Libby, can we get IBM Champion ones? J

Next Year

Next year in San Francisco, in February is the next time this will happen, will see what the future brings before I commit to do this again.

A Sad Note

Lastly, I may not have been as much fun this year as usual. I found out on Monday that my best friend’s father passed away and I could not be there for him in Florida, or home in Israel for the burial. No doubt this influenced my time at the show and the nightly activities. RIP, BDE Rabbi, as I always called him even after I was old enough to call him by his first name.

As I head home finally, been away for 12 days, and I write this at 10,000 feet above the ocean I wonder if anything I saw will keep me busy for another 20 years like Domino has for so long. I don’t know. Time will tell. Then again I doubt Ray Ozzie thought Notes and Domino would still be alive.