Tuesday, February 21, 2017

How to Set up Rooms Properly in Office 365


You'd think that setting rooms up in Office 365 would be a simple matter of going to the Office 365 Admin console, expanding Resources, clicking on Rooms and Equipment and then using the Add Button


This works but it doesn't do everything. If you want your rooms to appear in the Room List (and to show available times), you'll have to use PowerShell to put them there.


Finding Answers

So... I spent a while trying to find the answers without a whole lot of luck. I think that coming from the Notes/Domino world and not being familiar with the outlook terminology hindered me a bit in this regard. 

In any case, big thanks to IT for Dummies btw whose page called "Create Room List Office 365" made very little sense to me but helped me to explain to Microsoft Support what it was that I was looking for. 

BTW: Microsoft support can be reached via the Support and then Service Requests options in the Admin Center. I've found their support to be excellent. 

How to Set up Your Room
Having done the initial room creation steps (see the top of this post) you need to do the following to get it fully registered;

  1. Start Microsoft PowerShell (with local admin access)
    Note, this is normal PowerShell, not Azure PowerShell
  2. At the PowerShell prompt type:

    Set-ExecutionPolicy RemoteSigned

    This essentially grants you higher privileges for the current session.
    (you'll probably be prompted for a Yes answer).

    The returned wording will be something like this;

    Execution Policy Change
    The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?

    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"):

  3. Next type;

    $UserCredential = Get-Credential

    This logs you in - it will prompt for your Office 365 admin user name & password.

    The returned wording should be something like this;

    cmdlet Get-Credential at command pipeline position 1
    Supply values for the following parameters:
    Credential

  4. The next command sets up an office 365 session connecting to exchange.

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

    The next command apparently imports the commands for exchange into the current session. (ie: makes them available for use).

    The returned wording should be something like this;

    WARNING: The names of some imported commands from the module 'tmp_aipbhxxl.kcz' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

    ModuleType Version    Name                                ExportedCommands
    ---------- -------    ----                                ----------------
    Script     1.0        tmp_aipbhxxl.kcz                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember...


    I have no idea what this means or why it's relevant to me... best to just ignore it.
  5. Our next PowerShell command actually manipulates the rooms, so this is the first command that you'll need to have custom bits on.

    There are two parts to this;

    Part A: The Room List - This can be anything at all, it's just a way of describing the rooms collectively. If you've only got one set of rooms, you might as well call it "Local Rooms" but if you have separate rooms, for example, "Executive Rooms" and "Core Meeting Rooms" or "Building 1 Rooms" versus "Building 2 Rooms" then you'll want to describe this bit more carefully.

    Part B: The Room Names - In our case, we had four rooms, the Board Room, Large Meeting Room, Small Meeting Room and Projects Meeting Room.  You'll need to gather all of the rooms for a given list together and execute the command once -- because you can't add rooms to the list later (more on that afterwards).

    You'll need to use the short names for the rooms (the first part of their email addresses) as the room names in this command aren't supposed to have spaces in them.

    Here's the command you should submit;

    New-DistributionGroup -RoomList -Name 'Local Rooms' -Members BoardRoom, LargeMeetingRoom, SmallMeetingRoom, ProjectsMeetingRoom

    The response is downright weird... and a bit ... advertising..

    New! Office 365 Groups are the next generation of distribution lists.
    Groups give teams shared tools for collaborating using email, files, a calendar, and more.
    You can start right away using the New-UnifiedGroup cmdlet.

    Name        DisplayName GroupType PrimarySmtpAddress
    ----        ----------- --------- ------------------
    Local Rooms Local Rooms Universal LocalRooms@xxxxxxxxx.onmicrosoft.com

  6. To verify that the rooms were adjusted type the following;

    get-recipient -identity localrooms

    It should return and indication that there's now a distibution group called Local Rooms.

    Name        RecipientType
    ----        -------------
    Local Rooms MailUniversalDistributionGroup

  7. Of course, you could just close Outlook and reopen it and create a Meeting to check. 

One last note... the Microsoft team told me that if I needed to add a room to the group, I would be best off deleting the Local Rooms group and running the creation/linking command again. 

Thanks again to the Microsoft support team. I don't know how I would have figured this out without their help. 

Sunday, February 19, 2017

Solving Some Azure Active Directory User Synchronisation Issues on Office 365

We started moving over to Office 365 quite a while before we decided to ditch Notes mail and move to Outlook. It was also my plan to get rid of our internal active directory server and rely solely on the cloud for authentication. 

As it turned out, management wanted to keep the AD server a little longer, so we've had to synchronise our onsite accounts with the Office 365 ones. The synchronisation processes immediately created duplicates (and sometimes triplicates) of users. 

The journey to resolve this issue was time consuming and data destructive, so I thought I'd let everyone know how to fast-track it.


What Causes the Problems

Microsoft's Office 365 users have unique ID's much like the objects in the Active Directory. When you create a user from scratch on Office 365, you create them with a unique ID. While there are tools that will let you change these unique IDs, we've found that they generally do more damage than good.

Deleted people are another part of the problem, If you delete someone and then let the system recreate them, it will happily recreate them but won't set their ID properly. This is because their ID isn't unique. It's still in the person "recycle bin". To truly delete someone, you need to use the PowerShell command line.

Backing Up First

Before I jump into the whole process, you need to make sure that you back up things. Deleting users is fairly data-destructive.


  1. If your users have anything on OneDrive, take a local copy of it all.
  2. If your users have data in Sharepoint or Yammer, backup what you can.
  3. Transfer Ownership of Groups in Yammer and Sharepoint very carefully - don't delete all the Admins at once because you may have trouble getting them back. 
  4. Backup any Outlook mail they may have to a PST file (they'll lose mail)
  5. Make a note of any licences they have. 
  6. Do whatever you need to about OneNote 

Getting into Microsoft Azure Active Directory

You have to have Microsoft Azure Active Directory Module for Windows PowerShell installed.
Note that this is different from PowerShell and it's different from the AD Module for Powershell. It's hard to find the right version of the right software - at the time of writing, you need version 2.

In case you're interested in other Azure AD commands, here's a handy reference.

The first command is to connect to the Azure AD;

Connect-MsolService

You'll be prompted to login (so hopefully you'll use a user who has Global Administrator access).


Next, you will want look at the records of users...

get-msoluser -UserPrincipalName jsmith@mycompany.com |fl

This command line will show you jsmith's record.  Things to look for in the text include;

ProxyAddresses        : {SMTP:jsmith@mycompany.com
ImmutableId           : Pjo+HQRGtXm9GsUXzYYRqQ==
DisplayName           : John Smith
SignInName            : jsmith@mycompany.com
UserPrincipalName     : jsmith@mycompany.com

We found that our Proxy Addresses didn't start with SMTP: and that our Immutable IDs often had people's names (eg: jsmith) in them, instead of the ID.

The SMTP thing can be fixed but if your immutable ID is wrong, you really need to look at destroying the profile record and recreating. We've found that all of the records we destroyed have recreated properly but that the ones where we've just changed the proxy still have some glitches. I'd personally recommend removing everything.

Deleting People from the AD

You'll find that you simply can't delete a person in the Office 365 AD, particularly if they're synched from a local server. The GUI just won't work. You need to delete via command line.

Make sure that you check which licences they have been assigned because you'll want to reallocate them back.

remove-msoluser -UserPrincipalName jsmith@mycompany.com

Deleting a user is not enough though. You have to knock them out of the trash, otherwise they'll reside there for 60 days and prevent recreation via the AD synch process.

Even if your user wasn't having issues with their immutableID, they could still be having problems with Synch and email because of similarly named deleted people.

Before you delete, make sure that you've backed everything up. Emptying the trash is permanent and there's no recovery.The empty trash command is more or less the same as the delete command but with an extra switch (-RemoveFromRecycleBin)

remove-msoluser -UserPrincipalName jsmith@mycompany.com -RemoveFromRecycleBin

Wait for AD Synchronisation

In our case, AD synchronisation is set to 30 minutes. You can check via the front page of the admin centre. You might have to click More and then Refresh to get things to display properly because Office 365 doesn't always automatically refresh person lists or time displayed on the screen.

Once the next synchronisation has run, you should see the record appearing.

Some Fixes on the Local AD Record

We also had to do a couple of fixes on our local AD record, particularly making sure that the ProxyAddresses start with SMTP.

To do this;

  1. Go to your local Active Directory Server.
  2. Open users and Groups and get to our users.
  3. Edit the User Record.
  4. Go to the Attribute Editor Tab
  5. Find ProxyAddresses and double-click on it.
  6. If the address is something like: jsmith@mycompany.com then click on it and click REMOVE
  7. Then type  SMTP:jsmith@mycompany.com and click Add.
  8. If you need two, you might also want to type smtp:jsmith@mycompany.onmicrosoft.com
  9. (note the first/main SMTP is capitalised and the second is lowercase ... yes, seriously).


Reassigning Licensing and Finishing Up

Back in the Office 365 GUI, you'll want to go back into the person's user record when they appear.
Reselect their country
Re-add their licences.

You'll probably want to re-check their outlook settings but you can't because you have to wait for it to be finished being setup.

Repeat the process for all other users. Note that there are options for wildcard deletions and mass trash emptying. I haven't covered them here because the command line was fast enough for me and I don't really want to be responsible for someone trashing their entire Azure AD.

A big thanks to the amazing Microsoft support team in Shanghai who figured out some of the more technical parts of this process and walked me through them. 

Monday, February 06, 2017

OneDrive to Rule them all ... or perhaps not.

Microsoft OneDrive is great! It's easy to use too and has some really great integration into Office 2016 - which means that when you go to save or open files, instead of displaying a file dialog, it renders the folder names right into the panel. Sadly the sharepoint integration in Office 2016 is still dialog-based. 

On the surface, it looks like a great files storage solution but as it turns out, just like Tolkien's OneRing, beneath that shiny surface, OneDrive is mostly evil. 

At work, we're still using an old file server which allows people in the company to save files into public, personal or restricted access areas.

It's a great browsable structure with the main drawbacks being that it's on a local file server (which means ageing infrastructure and semi-manual backup procedures) and security because it needs a VPN to get to our internal systems. Many of our users still find a VPN too complex to set up and it's hard to get a VPN that runs on all flavours of devices (various versions of iOs, Windows, Android and Linux) without compromising security.

The file server also has shadowing, which is a great feature -- and sadly, something that Windows finally "copied" from the old Novell Netwoare 3.12  (1991) - after more than a decade of broken promises. Shadowing is awesome and adds a layer of recovery to your systems, especially when it comes to attacks like Cryptolocker.

Having seen OneDrive personal in action, I was keen to get OneDrive for Business. It seemed obvious to me that this was the solution - A cloud version of the file server that was tighty integrated into Office 365.

As it turns out, it's not. 

OneDrive For Business is Still Personal!

OneDrive for Business is basically OneDrive personal with some more space.

  • Neither sharing or rights management works properly on it.
  • All files on all versions of OneDrive are owned by a single owner, rather than the business.
  • It's not easy to copy files to OneDrive from a server, so I tried copying them locally, letting them synch and then removing the local copies. It doesn't do anything immediately but after a little while, it replicates the removal of those files over to OneDrive (yes, it deletes your files).

    I think there's a way to stop synching before doing this but I didn't bother giving it a try because it was pretty obvious that for all its beauty, OneDrive doesn't work.  


I talked to Microsoft about the problem and they made it very clear.

"Do not use OneDrive if the intention is to Share Files"

There's a very good blog post that explains this -- and it includes a flowchart too!
https://en.share-gate.com/blog/you-should-not-be-migrating-to-onedrive-for-business

Apparently Sharepoint - team sites is the tool for this.

SharePoint is not the Answer 

I looked at SharePoint and ran some tests to see how easily I could migrate our many years and many gigabytes of files shares.

Not easily at all.


  • We had to change the default settings on Sharepoint 365 just to allow us to upload more files. The default restrictions are all wrong (and the settings changes are buried quite deeply).
  • The file structure isn't properly browsable and it simply doesn't give us what we wanted.
  • The integration with Office 2016 is terrible compared to OneDrive.
  • There's a copy feature in OneDrive that allows you to copy OneDrive data to a team site. It's a copy though, so you still have to delete the files off OneDrive later.  It worked very well for small numbers of small files but whenever I tried to do anything useful with it, it failed. 


Looking for Answers Elsewhere

With reluctance, we began looking elsewhere and stumbled upon Citrix Sharefile.

We've had a demonstration and thus far, this looks like it's the right answer. I'll post my findings once I've had a proper chance to play.

In the meantime, there's some great videos for Sharefile on YouTube and it looks like OneDrive is reduced to being an option for HOME drives only. For data that the company doesn't mind losing.

I'm very concerned that Microsoft doesn't seem to have an answer to the file sharing problem. Particularly when people will be expecting to move from On-Prem Microsoft file servers to their Office 365 cloud.

Sunday, January 22, 2017

Getting Contacts (Not Users) out of Your Notes/Domino NAB and into Office 365 Contacts

Recently we've been undertaking a task to move from IBM Domino to Office 365 with particular emphasis on the mail system. One of the first big tasks is to move all of our corporate contacts from the Domino NAB over to the Contacts area of office 365.

Corporate Contacts

Corporate contacts, in this sense are contacts which are shared by the entire organisation. I'm not talking about actual users who will have an Office 365 licence with your company or about personal contacts, who would normally reside in the personal address book.

In our case, we had about 6500 corporate contacts who needed to be migrated.

There's a contacts screen in Office 365 which is accessible from the Admin portal. It's under users, then contacts.

Exporting from Domino

In IBM Notes, open your company's address book and press Ctrl+A on people. If you have your staff and non-staff in the same address book, you'll probably want to sort by company and deselect all the staff.

Next, click File, Export Contacts. You'll want to choose either "All contacts in this view" or "only the contacts you selected" depending upon your circumstances.

I'd recommend exporting all fields. It's a little messier but it means that you get your contacts address information (if you have it in Domino already).

Choose a place to save the file and make sure that you've used CSV.

Excel Stuff in the Middle

Open the file in EXCEL,
Create a new file in excel with these fields as specified in this document.
  • ExternalEmailAddress
  • Name
  • FirstName
  • LastName
  • StreetAddress
  • City
  • StateorProvince
  • PostalCode
  • Phone
  • MobilePhone
  • Pager
  • HomePhone
  • Company
  • Title
  • OtherTelephone
  • Department
  • CountryOrRegion
  • Fax
  • Initials
  • Notes
  • Office
  • Manager
Search and Replace commas. Commas (and rabbit ears "" aka inverted commas) can really upset CSV imports. I just replaced all ours with nothing.

You may have to create the Name column out of formula ... ie: Assuming that first name is in cell C2 and last name is in cell D2, you'd use =CONCATENATE(C2, " ", D2). Then Autofill the column and then copy and paste it into another blank column (so you could paste (special) as values.

Importing to Office 365

The import to Office 365 is an entirely command line driven via PowerShell and these instructions helped enormously.  Make sure that you connect to your exchange online service first.  There's a link in step 1 but in case you can't find it, it's here.

I wish I could say that I completely understood the process I ran but I didn't.

It worked though, so I'm happy about that.

Now I just have to figure out groups.

Monday, January 09, 2017

New Year, New Directions

2017 marks the beginning of a massive shift in technology at work. We’re re-branding,  we’re moving office and we're changing our technology from IBM to Microsoft. It's going to be a wild ride and I hope that you’ll stay with the blog as I delve into the new world and try to figure out what works and what doesn't. 




I've been on Notes/Domino since version 3.0 and I haven't used outlook at all, apart from a week in 1995 when I decided that I hated it (plus of course, the regular interactions with outlook die-hards where I've had to fix their computers). My personal favourite mail client is Gmail though I've been forcing myself to use Google’s inbox for the past three years. Of course I've used a lot of other web based mail systems over the years.

IBM Connections

Last year our company made the leap to IBM Verse and Connections.  It was a disaster. IBM connections is a very powerful and capable product marred by a terrible and inconsistent interface. The choices that IBM have made regarding security are very protective but unfortunately affect usability to such a degree that we were unable to use even the most rudimentary collaborative features. It didn't help that we got a new management team who are determined to “get rid of IBM and replace it with Microsoft”.

IBM Verse

Verse is where we really hit the wall.  On the surface,  it feels like a great new way to work but because we already had an archiving solution in place, we didn't opt for IBMs one. For various reasons, we experienced a very high bounce rate and frequently got bounce reports from mail that actually made it through. We also discovered that we couldn't find mail that was more than a few months old. Additionally,  we discovered that our address book groups were not being updated and in many cases were missing altogether.  This created a lot of addressing issues. Finally, we discovered that if a user leaves the company and you remove their email address, it also deletes their mail, Permanently. IBM’s support teams can’t recover it. For a company like ours who are used to being able to restore from backup months and even years down the track, the loss of an overnight restore is a pretty big deal.

We spent a lot of time with IBMs technical support team who were excellent and did their best with a product that wasn't performing well. Unfortunately the support teams were also struggling with the English language and communication was difficult at the best of times.

IBM Domino

Our domino environment is extensive and it really was really the star of last year.  We threaded bootstrap and FontAwesome throughout our sites and demonstrated that there is a lot of life left in the system.  The facelifts we did on our systems left them barely recognisable and indistinguishable from modern apps. I'm eagerly looking forward to seeing if there is anything that Microsoft has that can match it for versatility.  That's going to be a really interesting journey.

IBM

Unfortunately for Domino,  I can't blame my company for its failings.  That's entirely on IBM. They've spent the last decade downplaying Domino and trying to replace it with various things (websphere, workplace, connections and verse). They had a brilliant product but they've done so much irreparable damage to it with their mismanagement that I don't think it can recover.

I  think that one of the most telling examples of this was during a meeting with the IBM sales team where we were investigating a migration to bluemix in the hope of better utilising our domino services.  We asked about “domino in the cloud” only to be told that there was no option for this  - and that there was little likelihood of one in the future due to a lack of interest in Domino. I  exchanged glances with my team at that point and we collectively acknowledged this as the point where IBMs softlayer and bluemix services had failed to offer us any significant advantages over AWS or Microsoft Azure.

I'm sad to be leaving the IBM world, though I'm sure that we’ll be retaining our Domino servers for a while yet. We can't do too many changes at once and we still need to find and learn appropriate replacement technologies.

Whatever we do, 2017 looks to be a very challenging and interesting year. 

Friday, November 18, 2016

Microsoft - Clear Leaders in the Race for Digital Identity

One of the less obvious trends of the last five years has been the race to own people's "digital identities". It started in earnest with Facebook and Gmail and it soon spread to Apple and LinkedIn.

More recently, we've seen Microsoft and IBM jumping on the bandwagon and I think that's when I started to realise that there was much more to this than simply "targeted advertising".

Quiet Beginnings 

At this point, I'm not sure that all of the founding companies in this revolution fully understand what is going on - and indeed, there are many companies out there today who are still using digital identities simply as a means of easily logging people onto their systems, storing user preferences and targeting advertising.

Certainly that was the original plan on our own systems.

Taking it to the next level 

Digital identity is the cornerstone in any form of electronic ledger system. It's one of the key foundations of commerce.

People don't make significant investments with untrustworthy partners. If you don't personally trust them, then at least your bank trusts their bank.

Take away the banks and you take away the trust - unless you can find another party with trusted connections to both sides in the commercial arrangement.

Having an agreement that a transaction actually took place is important but provided that both sides of the transaction have an "unalterable ledger" it’s not too big a leap.


The real trick, particularly in the identity theft minefield of today’s electronic world, comes in proving that the parties involved were really who they said they were.

The Race is on

So, how do you prove identity on a global scale? Well, the banks certainly have their checklists of Category A and B documents but these only serve to prove your identity to them. Their identity information is not shared and it's certainly not publicly available.

You can’t lean on the bank’s trust and/or authentication for non-banking systems. 

You’d think that a government agency would step in and take ownership of identity but obviously that’s not going to happen on a global scale. What could happen is that governments could agree on a common API to allow the verification of identity. If that’s going to happen, it’s still a long way off.

True, shared global identity is clearly going to come from the private sector.

The real question is, who will become the predominant player in that space? While the global digitial identities will need to be shared, having the lion's share of the identities means that you have unprecedented control over the nature and structure of the APIs, plus of course, any additional services, such as advertising.

At one point, I would have thought that Google was in the best spot but at the moment, seeing how the Windows, XBox, Office 365 and OneDrive logins are all starting to drift towards a single digital identity with biometrics provided by the Cortana AI. My bet is in Microsoft.

... and given that Microsoft is starting to offer blockchain development services via Azure, how long will it be before we can build our blockchains using Microsoft's digital identity as a "Category A" document?

Wednesday, November 16, 2016

Fixing Word 2016 Crashes when Opening Older Documents with Macros on Windows 7

We have a lot of documents and they go back several decades. Many of them  are still relevant today, even if they're only background to current projects. The problem is that Word doesn't like its own file formats.

It won't open documents created with versions of Word earlier than 1997 and it crashes with anything saved as .DOC which contains macros. 

There's some solutions to these problems though;

Opening Older Documents

It's possible to change Word 2016's settings to allow you to open old documents;


  1. Click File, 
  2. Then Options
  3. Then Trust Center
  4. Click on the button marked Trust Center Settings
  5. Click on File Block settings.
  6. Tick the document types that you want to be able to open and click Ok
Of course, just because you CAN, doesn't mean that you should. Word is less stable with these settings turned on, and it's able to open documents which could be potentially dangerous. 

If you're looking at your company's archives though, it should be fine but you might want to consider installing LibreOffice or using Google Docs (both of which are free) for older documents instead.


Crashes on Macro Enabled Documents

In our case, we were experiencing regular crashes on documents created with specific templates. The templates contained Macros (but those macros only run on document creation, not when they're opened). 

Nevertheless, we were able to demonstrate that simply opening a file resulted in an immediate crash. These documents were okay on Word 2003, 2010 and 2013 but as soon as we upgraded to 2016, the crashes started happening everywhere. 

We turned to Microsoft for help but didn't get much direction there....

Then yesterday, I did an upgrade of a couple of our PCs from Windows 7 to Windows 10. 
... and the crashes stopped. 

Clearly there's something different about Windows 10 that makes Word 2016 much happier. 

Embracing Microsoft while keeping Domino

When I first started this blog, my aim was to stay with mainly IBM (Lotus) Notes and Domino, hence the URL of DominoGavin. 

Things changed over the years and I've found myself wanting to talk about all manner of technology brands from Symantec to Blackberry, Google, Windows and Linux. (Hence the renaming of the blog to "Real World Computing'. 

Many of my most recent posts were on IBM connections. I've also tried to cover a few business IT concepts.

Things are changing again and we've reached the point where it makes sense to swap out some of our IBM technology solutions for Microsoft ones.

We're not leaving Domino, it's still an important part of our strategy but we are planning to move our mail from Verse to Outlook and our collaboration from Connections to the Microsoft jumble of OneDrive, Yammer, SharePoint and Delve.

All of this while rebranding and moving office in a typical “office-politics” hands-tied scenario. It's going to be a fun ride.

I’ll still be keeping a foot in the IBM camp as we currently have another company still in Verse/Connections and in the Google camp too, as we have a company on the amusingly named G-Suite.

Stay tuned…

In the meantime, I'm off to my first Microsoft event in years (since Steve Ballmer took over - I'm glad I missed that era). Today I'm heading out to a Microsoft developer conference in Sydney to hear Satya Nadella speak.

So long as there are no “monkey dances”, I think I'll be okay.


Monday, October 10, 2016

How to Use Microsoft Outlook with Your IBM Verse (in the cloud) Mail

So, all the newcomers in your company want to use outlook? IBM have put a lot of work into making the Notes client look and feel like outlook and they've given us Verse which is an acquired taste but if you like Google's inbox, it's good. 

Unfortunately, there's just just no pleasing some people. 

If you don't have Notes and Domino apps, then there's nothing at all holding you back. Nobody without Notes/Domino applications (or perhaps a huge investment in IBM Connections) should be using IBM's mail offerings.

On the other hand, if you do have apps for which there's no equivalent in the Microsoft world, here's another option that you might want to try...

Give your users Outlook but point it to their Verse Mail. That way, you can concentrate on either migrating your apps to another environment or webifying them to the extent that there's no reason to use the notes client. 

In this post, I want to discuss how to access Outlook mail - Note, this isn't a migration and you can seamlessly switch between Verse and Outlook whenever you want.

This is Cloud - You Can't Do it Alone

First of all, it's important to remember that since we're dealing with Cloud systems, you can't do anything significant without raising an IBM Support Request. Our mistake was to read the instructions online and assume that we could do the steps - we even added a quick script to add the required extra data to the person records in the address book. 

Unfortunately, you can't do this one by yourself. You have to get the cloud team on it. 

So, logon to the support portal and raise a request for them to add the IBM Mail Support for MS Outlook (IMSMO) entitlement. You'll have to specifically mention the users that you want to give access to. 

When IBM gets back to you and says it's done, you'll need to go into the Admin area on your IBM Connections portal;

  1. Login to IBM Connections
  2. Click on Admin, then Manage Organisation (Top right corner)
  3. Click User Accounts on the left hand side.
  4. Locate your user and open their record.
  5. Click past the first page to your user's subscriptions page.
  6. You'll find a new option called MS Outlook Access. Click it.
  7. Click Next and then finish to make your changes permanent.

...And you'll need to download the IMSMO Client

To do this, go to the IBM Connections portal;

  1. Click on your profile picture (top left corner)
  2. Choose Downloads and Setup.
  3. This takes you to a long and uncomfortably unexplained screen.
  4. The option to look for is called Software Download for IBM Notes Client and Other Entitled On-Premises Software (that wasn't obvious until you eliminated all the other choices - Who writes these titles?).
  5. In the "Find by Search Text" part of the downloads screen, type IMSMO and choose the option that appears.


  6. The one you want is the Client, so choose this and Agree to the licensing and click download.
  7. Then ... if you're like me, do the whole thing again because IBM defaults to the unsupported (I use Chrome) Java-based IBM Download director instead of http ... grrr IBM.
  8. Your download should start.


Install the IMSMO Client

So, once you've got your executable downloaded, it's simply a matter of running the executable to install it. It's just a standard install, with mostly, "next, next, next" options. The installer will need to pause and install the Visual Studio 2010 Tools for Office Runtime but it's a quick 38MB download and just a matter of clicking install 

Once it's all installed, you can start Microsoft Outlook. 

Configuring Microsoft Outlook

This bit needs to be done on the target person's computer. 

Start Microsoft Outlook. In my case, I'm using Outlook 2016 because we have an Office 365 entitlement. Presumably you can use other options though. 

  1. At the Welcome to Microsoft Outlook dialog box, click Next.
  2. At "Do you want to setup outlook to connect to an email account?", choose Yes and click next.
  3. At the next screen, ignore the detail and choose Manual Setup or Additional Server types and click next.
  4. Choose Other, then IBM Mail Sync (if this option isn't visible, you didn't install the software properly), then click Next.


  5. On the next screen, you need to put in your name and email address.
  6. Then choose the server type of IBM Connections Cloud and click Next.


  7. The IBM Mail/Connections login page will appear in a window. It's not pretty but it works. Type your email and password.
  8. If all goes well, you should see a screen of green buttons.  If these buttons are red, there's probably a problem with the cloud configuration (you get red buttons if you try to use the connector without having set up the entitlement).


And now you upgrade...

For some reason, IBM doesn't provide you with the latest version of IBM Mail Sync, so you'll be prompted to upgrade as soon as you're connected. You need to do this because your users probably won't have a clue ... and they'll keep getting prompted. 

The order of these next steps is important; 

  1. Click Yes on the IBM download prompt (you want it to fetch the software).
  2. In the meantime, outlook will prompt you to restart it and there's a finish button that needs to be clicked there too.
  3. The IBM Message will float above everything else. DON'T CLICK IT - It will fail if you just go clicking because it can't touch outlook while it's open.
  4. Move the IBM message out of the way and switch to Outlook.
  5. Click Close on the What's New Message
  6. Your computer will start to Synch.
  7. Close Microsoft Outlook.
  8. Now Click YES on the IBM Installation - it will walk you through another setup. Luckily again this is a Next, Next, Finish type install and it only takes a minute.
  9. Now you can start outlook again. 

Caveats

So far, it all seems to work well. I've noticed a couple of things though;

  • It takes slightly longer for mail to reach outlook (or to come from outlook) than it does for Notes (and much longer than Verse).
  • When composing a mail ONLY the local address book is available - other ones cannot be selected from.
  • Only local email addresses and groups will work - It's not just that they don't display. You can't use them.  Of course, there are lots of ways to import existing contacts via CSV etc.  It's simply that if you have a central contacts system, it's not going to work properly in outlook. 

That's it. 
You've now moved over to outlook.... enjoy the "new world" where of course the grass is greener. 


Tuesday, September 20, 2016

The Difference Between IBM and Microsoft's Social Systems - An Analogy

We're currently in the process of trying to set up a Microsoft cloud environment. No, we're not giving up on Connections. We're straddling a couple of environments.

The Microsoft experience hasn't been overwhelming so far but that's for another post. Right now, I want to talk about some of the fundamental differences between IBM and Microsoft’s attempts to conquer the social business market.

...and what better way to tell it than an allegorical tale?

Two houses

So let's assume that instead of cloud collaboration platforms, we're talking about “houses”.

Both fulfill the same basic functions; being a "house" for your data and a place where the people that live there (and invited guests) can access that data.

The real difference is in the way that the two companies have gone about preparing their homes.

The Engineer's House


One company, let's call them the engineers, have focused on infrastructure. They've added rooms, strengthened foundations and rewired the building. Sure, not everything works and they're forever fixing things but it's a pretty capable house with lots and lots of rooms.

Unfortunately, while the foundations are excellent, the general look of the house leaves a lot to be desired. It's not comfortable to live in because there's been very little work on the visible parts of the house.

The Designer House


The other house is being built by designers. They've found a nice “square tile” theme to go with and they've been spreading it to every room.

Living in this house is easy and comfortable. Once you get used to the look, it's pretty easy to get around.

Of course, there's not enough bedrooms for everyone and there are plenty of things that look like doors but turn out to be just paintings of doors in places where future rooms might one day be.

Two Different Approaches

These two approaches are both valid in today's software world. After all, nobody can build everything at once.

Modern software operates on the principle of partial deployment followed by constant incremental upgrades (thanks for that Google!!)

It's now considered okay to ship incomplete and/or buggy software and keep patching and upgrading it as you find time to work on it.

The question is, if your software is going to be incomplete, what bits would you prefer to be incomplete (and constantly changing)? The foundations or the user interface?

IT and Shadow IT.

In our house analogy, the IT department are like the surveyors who go into the house and hammer at the walls testing the strength of the house. They also have to test the appliances to determine what works and what doesn't.

Most IT departments are trained to see the big picture, so they'll especially be looking out for stability, versatility, security and recovery. Usability is important too but it's traditionally an area where IT, partly because it's staffed by techies, tends to be less diligent.

Shadow IT are the other departments who want to make IT decisions without involving the proper IT resources.  Shadow IT aren’t qualified and they aren't experienced in these matters. As a result, they are more concerned with appearances and apparent functionality than they are with safety, security and stability.

It's fine to let shadow IT help look for new systems but it's important to make sure that no major business decisions are made without proper qualified IT involvement. The best houses are not always the prettiest ones. 

Friday, September 09, 2016

Making IBM Verse Easier to get to...


One of the most frustrating things about the whole IBM Verse experience is the difficulty in getting to the application. If you go through connections, you have to go through normal mail first. This ruins the experience because it isn't “seamless” to the users.

The obvious answer is to bookmark the verse site but there's a few other things that we can do to really  smarten the experience up.

Making Verse the Default

The first thing to do is to make Verse the default mail view. To do this;

  1. Go into Connections.
  2. On the top Right, click your profile picture
  3. In the drop down menu, choose "Mail and Calendar Settings"


  4. On the next screen, click Mail (on the left) - Actually, it should already be selected.
  5. Tick the box marked - [x] Make IBM Verse my default mail experience.
  6. You should see a highlight telling you that your changes were saved. 


Setting up a Decent Shortcut/Favourite Link

So, you could of course, add a favourite to the bookmark bar or drag it out to the desktop. I tend to do that anyway with all the PCs I set up. 

I recently realised that there's a much better way to do things. 

Since Chrome is my default browser, I'll cover it there; 

In Chrome

  1. Go to the IBM Verse Site
  2. Click on the Hamburger Icon (three bars on the top right)
  3. Click More Tools
  4. Click Add to Desktop


  5.  A dialog box will appear. - You Might want to change it from IBM Verse to IBM Verse Email depending upon how your users recognise verse.
  6. Click Add.

That's it.  You should now see a VERSE icon on your desktop.  This is much better than a dragging a shortcut out of the taskbar because you get a proper icon.


Getting Your Desktop Icons into the Start Menu and Taskbar

So now you should have a nice little Verse icon on your desktop. 
To really improve access though, you need to get it into the start menu and onto the taskbar. 


To do this simply;
  1. Right click on the desktop icon.
  2. Choose Pin to taskbar
  3. Right click on the desktop icon again
  4. Choose Pin to Star Menu. 
Here's a shot showing Verse in both those places.



For IE Users

However dirty it makes me feel, I guess I have to at least acknowledge that some people out there are still using Internet Explorer ... so this tip is for them. 

If you want to bookmark using IE, click on the cog in the top right corner and choose Add Site to Start Menu


You'll be prompted with a dialog box... just click Add. 


Once you've got your icon in the start menu, you can right-click on it and choose to pin it to the taskbar. (or you could copy/paste the icon to the desktop). 

One thing that is interesting is that the Chrome Verse icon looks a whole lot better than the IE one. 


Changing the Default Email Links

In order to really sell the Verse experience, you need to make sure that when your users click email links, they open Verse, not Notes.  I've already covered this in an earlier post  (see: here).

Monday, August 29, 2016

Looking at Cloud Licensing - Microsoft, IBM and Google

We live in interesting times and while I haven't changed jobs in years, I now do IT for several companies.  What makes this even more interesting is that some are on the IBM infrastructure, some are on Google and some are on Microsoft...   ...and of course, there's a bit of change from one to the other.

I tend to get a lot of licensing-based invoices across my desk nowadays. 


Recently, we shifted our IBM licensing to the new IBM Mail Dual Entitlement plan. It's basically a combined Notes and Connections licence. Since I've been doing a lot of Microsoft work for another company, I thought I might do a comparison... especially since numbers are so hard to find on the web.

Note that these figures are in Australian dollars and they're probably not entirely "apples to apples" (or entirely perfect -- I've rounded) but they still make for interesting comparisons.  They're not intended to be proper comparisons.... more for interest sake.

IBM $150pp pa. 

IBM Mail Dual Entitlement works out at about $150 per person, per year. For that you get mail in the cloud, plus instant messaging, cloud storage, IBM Notes (which is a great App platform -- but if you're not already using it, it's probably too late to spend time on it).  You also get access to IBM Connections which is the most "full featured" of the social platforms I've seen.  Connections has lots of different kinds of plug-ins, such as Surveys & Wikis.  The interface is terribly clunky though.

IBM's entitlement also comes with a pretty impressive meetings package and IBM Docs, which is a web-based "office" suite. It would have been good once but it's not as good as google docs -- and the web versions of Microsoft Office completely blow it out of the water.

Archiving is extra. I'm not entirely sure of the cost.

Microsoft $330pp pa.

Microsoft works out at about $210 per user, but for that you get the entire Microsoft Office suite, Word, Excel, Powerpoint (and I think Access and Publisher, though what you'd do with those two nowadays is beyond me). More importantly, you use the software on the web or you can can install the software on various PCs, Mobiles and Tablets. It's a very impressive licencing plan and at only $60 more than IBM, it's clearly the better value option.

Of course, what's missing is Sharepoint and Yammer which are required to at least "equal" IBM Connections. They don't quite manage the functionality and security that IBM provides but they're a good example of how to do an interface right.

If you're heading down the Microsoft route, you need to go for the full thing... Office and Sharepoint/Yammer (which will come with a few other bonuses, like Corporate Skype). This bumps the Microsoft price up to about $330 per user, per year, making it clearly the most expensive of the three -- but it's well worth it.

Google $120

Google is undoubtedly the cheapest option, at $60 per user per year or $120 if you want archiving. Google has easily the best mail package of the three (in my opinion) and while the Google Docs suite is nowhere near as full featured as Microsoft's, it's still a lot better than IBM's.

Google also has some pretty good mobile applications, including the google docs suite, hangouts, duo and plethora of other apps (arguably more third party apps that Microsoft or IBM in this space).

Of course, Google really doesn't have much more to offer in terms of social computing. They have no platform... well, they have Google plus but the less said about that, the better.


The Round-up

So, which is the best?  I can't really answer that. If money is more important than Microsoft Office, then you really should consider Google.  If you still have an existing IBM Notes environment to support, then IBM is the one (but you'll probably find yourself paying for Microsoft Office licensing too) and for everything else... there's Microsoft Office 365.

Wednesday, August 24, 2016

IBM's Cloud takes the Pain out of Updates

I’ll admit that I'm generally not very kind to IBM on this blog. It's not that they're doing a worse job than their competitors, I'm still very impressed with some of the things they're doing. 

It's just that after using Notes/Domino for over 20 years, I hold them, sometimes impossibly, to very high standards…. and, of course, any goofs on their part affect my systems a little too directly.

The Quiet Migration to 24x7

One of our biggest frustrations in recent years has been the understated migration of our systems from a business hours model to a 24x7 one. It's not so much that our business became so critical that it needed to go 24 hour but more that changes in mobility and connectivity mean that people now expect to be able to connect to our systems at any time, anywhere.

Almost imperceptibly, we quietly moved to a "zero tolerance for downtime" model.

IT changed to suit the business needs in this regard but the change itself and the implications have been largely overlooked.

We're not alone. This seems to be a recurring theme across businesses of all sizes.


Moving to the Cloud Solves Infrastructure Problems 

Like many businesses, we moved to the cloud in two phases. The first was moving our production systems offsite into a hosted environment where they continued to run as servers, albeit virtual ones.

This solution made 24 hour operations easier as it meant that there was always a team available onsite to deal with infrastructure. We no longer had to worry about power failures, air conditioning failures or just "being onsite to push the button".

It didn't solve our downtime problems entirely though, there's always patches to be applied.

The second phase of migration was to cloud services and we moved to various vendors including IBM - Of course, we couldn't move everything. We're still waiting for true “Domino as a service”.

Our mail is now a proper 24 hour service thanks to the cloud failover model and now, instead of dreading the patch cycle, I actually look forward to it. 

The What's New option on the help menu is my new best friend.

Each cycle brings with it a bunch of necessary fixes but it also brings exciting new functionality.


Keep on those PMRs

The best part about this? IBM has become much more responsive on PMRs (fixes).

We recently discovered an issue with address books; turned out that if you removed the last member of a group, it didn't get updated on the cloud.

You'd think that an “empty group” wouldn't matter but in our case, since we need them for nesting, they're important.

For example We might send a mail to the “xyz committee” and we might have a subgroup called “xyz committee.chairman”. In this scenario, even though the chairman had been removed, the cloud wouldn't update and they'd still be on the mailing list. To make matters worse, the lack of an “expand groups” function in verse meant that the problem would only be detected in iNotes or when a bounce occurred.

It took a bit of bouncing to and fro in IBM’s PMR system (a few weeks) before the problem was understood - and then a few more conversations before it was recognised as an important issue and added to the “fix list”.

Although this problem was significant, we were expecting to have to wait a while until the next patch cycle. Imagine our surprise when it was fixed in under a week.

Well done IBM, clearly this is a key benefit of cloud services.

Monday, August 08, 2016

What's Wrong with the IBM Connections.Cloud Welcome Message (and what IBM Needs to do to fix it)

One of the interesting things about being in IT is that you're responsible for hundreds of "automated" messages each day but... as an IT person, who was already set up on the system from day one, you never actually get to see them - at least, not until someone complains.

One of the things we do at work is provide an area on IBM Connections.Cloud for parties external to our own organisation to collaborate. The collaboration in this space is with some pretty important people. 

Recently we had our "communications" staff member express unhappiness about the IBM Connections welcome message which went to the CEO of a large institution.

I've been sitting on it for a while wondering how to explain this to IBM but today I read a great article on welcome messages.  I figured that blogging might be the best way to explain the problem.

The Message

So, without further ado, here is the message (which apart from 5 words) is entirely created by IBM. See if you can spot the issues. Remember: This was sent on our behalf by IBM to the CEO of another company....


What's Wrong?

....and here's what's wrong with it....

  • Hi: This is a bit overly friendly for a CEO don't you think?  (Dear is more appropriate)

  • First and Last Name: This is just wrong. I think that if you were sending an email to Ginni Rometty at IBM, you'd either address it as "Dear Ms Rometty" or "Dear Ginni" - certainly not "Hi Ginni Rometty"

  • Be a Guest in IBM Connections Cloud! If you assume that my company, for example ABC Finances Incorporated is inviting someone from a fellow Financial Institution to connect, then it makes absolutely no sense at all to start talking about IBM Connections.  That would be like sending a quote for a building project to someone and then talking about Adobe's PDF cloud because your quote is a PDF file. It's irrelevant. 

  • Admin: This is technically one of our words... because we've used the "Admin" user to do the invitations. There's a good reason for this. If you want to be able to centrally track how many users have responded to your invitation, you need to use a single user for the invites. Of course, our invited users don't know anyone called "Admin".  To them, it just sounds like spam. 

  • No Obligation to buy: This is stunning. It's basically a sales pitch in the middle of the "welcome email".  If your clients have managed to read this far through their welcome letter, they'll be abandoning in droves now. Especially if they're CEO material. 

  • IBM Connections Cloud (Advert): While it's informative, it's still an advert. It doesn't belong in the Welcome Message. You'd be better off having this as an animated (or otherwise exciting looking link) available on the Connections site as the user completes their registration...
    eg: "Learn more about connections!"

  • Finally, we Apologise: This is an amazing paragraph.  There's absolutely nothing right with it at all. You have to wonder whether this is a product of the Watson tone analyser.  Essentially this paragraph says it all.
    .
    Finally = Whew, we're going to stop talking soon.
    We apologise if you received this email by mistake = What it says...
    This email was generated automatically. = It's not our fault, blame the robot instead.
    Do not reply = Don't bother emailing, we're not listening. 

  • If you have questions: This bit is pretty amazing too.  Essentially it says to contact your own company's helpdesk. So... in my example, even though the email was sent by ABC Finances Incorporated, the recipient at MyPiggyBank Ltd is being directed to their own internal helpdesk to ask questions -- what are they going to know?


The Welcome is Everything

You may think that I'm being a little harsh here but the Welcome is everything. If you fail to get people to register after the welcome message, then your system will fail. 

It's the equivalent of having closed doors, a complex puzzle lock and no branding on the outside of your office building. Refer to my example below for a donut shop. 


Getting the Welcome Right

I could take a little time and discuss how to get the welcome right but in reality, the solution is pretty simple; 

IBM needs to allow Connections.Cloud administrators to write their ENTIRE welcome message in HTML and save it as a template.  There should be an out-of-the-box message which adheres to good practice but it should be able to be previewed and completely changed.

... and in case you forgot that I mentioned a "great article on Welcome Messages", here's a link; 

Tuesday, August 02, 2016

Good Resources for Support with IBM Connections and Verse 2: Official Channel Web Sites

A couple of posts ago, I provided a list of LinkedIn Groups which I've found to be good sources of IBM Connections Information.  In this post, I aim to provide some "Official" web sites.  Needless to say, the majority of these will be IBM resources. 

Of course, there are lots of great personal blogs out there too but I'll cover them in a different post.


The Three Big Questions for "Developing Products & Services"

IBM Connections (and specifically Connections.cloud) is a "developing product/service". As such there are always new holes, new fixes and new ideas.  There's always just that little bit of functionality which either doesn't work as expected or doesn't go as far as it could. 

That's not to say that IBM Connections is a bad product, simply that like all "developing products/services" (indeed, like all Modern Products & Services) the ground is constantly moving and sometimes you need to stop and figure out where you are.

The three big questions we're always asking about Connections are; 

  • How does it work?
  • Why can't it do this?
  • Why is isn't it working?
Note: Many of these sites require a login however if you're a paid connections user, all of the resources here are available to you. If you don't have a login for these sites, fill out the registration forms on the sites and get connected .

How does it Work?



  • If you find that Video is more aligned with the way you learn, check out the IBM Social Business Youtube page. Don't just rely on what you can see on the front page, click on Videos and "load more" to see the rest.  

Why Can't it do this?

  • The IBM Connections Forum (http://www-10.lotus.com/ldd/lcforum.nsf) is very similar to the old Notes.Net forum and it's a great place to trawl through old discussions (and add a few new topics yourself).  If you're having any problems with connections, this is a great place to post an exploratory question. 

  • I don't think that anyone is entirely sure what connections is and where the boundaries of the product lie.  It's very like Notes/Domino in that respect.  If you have an idea for a new feature or a great enhancement for an old feature (or even a tiny "fix") then be sure to let IBM know about it. The best way to float your ideas is via the IBM Connections Idea Jam (https://greenhouse.lotus.com/blogs/login?lang=en_us) on IBM Greenhouse.

    While you're in the Idea Jam, have a look through other people's ideas and be sure to "vote up" the ones that are important to you too. 

  • What's new in IBM Connections. As previously mentioned, IBM Connections is a developing product and the connections you're using this week could well have a few features which weren't available last week. Be sure to keep up by reading What's new in IBM Connections

Why isn't it Working?



  • Speaking of PMRs or Problem Management Reports, IBM seems to have renamed them Service Requests (https://www-947.ibm.com/support/servicerequest/Home.action).  These are a great way of getting IBM support on something that is broken or at least "not working for you". IBM have put a bit of effort into making these service requests easier to submit and update and you can now access them online. The key to a good service request is to keep on top of them and always read the last line which says where exactly the next action is coming from.   If it's pointing at you, be sure to provide IBM with what they need because without your action, nothing will get done.

    Finally, on PMRs, don't simply accept "No" for an answer.

    All helpdesks exist to ultimately "close" calls - and IBM is no exception.  If you discover something  in connections which simply doesn't work, their helpdesk will often try to close it with a "working as intended" or "feature not available" message.

    If you really think that connections should be doing something that it isn't, ask for your request to be submitted for consideration (or use the Idea Jam mentioned earlier). 


Monday, July 25, 2016

The Importance of Email Retention, Journaling and Recoverability (and why Cloud Solutions Fail)

For most of us, email is simply a means of communicating work.  It's a glorified, bi-directional to-do list with comments. Emails come in, we read, do and delete. Once the work is done, there's usually no need to find the email again. 

That's all very true except for when something goes wrong and your company gets taken to court. Suddenly then, all those deleted emails are very, very important. 

How Email Discovery could work under Litigation

So, assuming that there's a legal case, such as a lawsuit, that involves your company. You could be asked to produce all the emails within a given period (say, six months) which include certain key phrases -- or perhaps all emails from a now-terminated employee.

In the event that email cannot be produced, you could be fined or worse, you could lose the ability to defend your company in court. 

...and it doesn't stop there, your company might not even be directly involved in the court case but could be dragged in as a third party via a subpoena.

No matter how lawfully YOU run your business, not having adequate email retention is a business risk that you simply can't afford to take.

Why A Restore is Not Enough

From an IT point of view, we don't usually talk about legal things.  We're all about Backups and Restores (and recoverability) as if it's simply a matter of getting missing data back.

The theory, for example being that if a user loses their file today and they've not worked on it for a couple of weeks, then any backup from the last few weeks is sufficient.

In this case, the intention is simply to recover the lost data.

What we're finding though is that recoverability is much more than simple data restoration. What if, instead of simply recovering the data, we had to prove that no changes had occurred in it between the recovered date and the date it was deleted.  The only way to do that would be to recover all versions of this (or to have unquestioned data tracking enabled).

Email is very much a dynamic kind of "file".  For example, you might be able to recover a mail from July 7 which was deleted on July 20, via the Backup from July 15, but that doesn't mean that someone didn't reply to that message on July 16 and then delete the reply along with the original message on July 20.

Mail Journaling

There's only one sure way to demonstrate that you've effectively captured all email;

Have a copy of every single inbound, outbound and internal mail copied to mail storage which does not permit deletion - and retain that mail for the appropriate legal period (not necessarily 7 years) - even if the employee in question has left the company. 

and...

Have auditing facilities in place to protect the mail stores from administrator intervention or unauthorised access and, have a monitoring process watching the store-process to ensure that it doesn't stop.

In our case, we've been using the Veritas solution... but now we've discovered that moving to IBM Verse will prevent us from being able to journal purely internal mail.

Why the Cloud Systems are failing us

In the past, when we had our own mail servers on-site, we could direct outbound SMTP traffic to go via our external archiving partners, our inbound mail could be captured via redirected MX records and our purely internal mail could be captured via Journaling.

With the cloud services, attempting to provide a one-size-fits-all solution, these options are not necessarily available to us. In our case, with IBM Verse, we've been able to sort out inbound and outbound mail mail via the traditional means (after a bit of fiddling) but it turns out that there's no way to journal purely internal mail to an external system (so much for open systems).

We have to abandon our archive solution and go for IBM's offering -- except, of course, that we can't really abandon our old solution because we need to keep it going, possibly indefinitely... unless we migrate it elsewhere (See the Chart at the end of this post).

I've looked at Microsoft and Google and they seem to have the same problems. Their products don't seem to support external journaling any more (or they're in the process of depreciating them).

I've also noticed that since we're using cloud services, it's no longer possible to restore mail (after the trash has been emptied).  This too is a feature of the three cloud services I looked at.

One thing is certain - If you're looking to put your email in the cloud you MUST subscribe to the cloud mail retention service from the SAME vendor.... and, the choices you make today could be the choices you continue to pay for well after you've migrated to a competitor's system. 

Recommended Reading and thinking

The whole Email Retention thing pretty much kicked off in 2002 with the Sarbanes-Oxley Act in the US.  Most of the western world now has an equivalent act in place. If you're not up on that, it's good reading.

The whole Hillary Clinton thing is worth reading too - it's a bit wider than simply mail preservation but it's a good example of the rules around email in action.

There are lots of free whitepapers around on Email Retention. Just do a google search and click on some of the PDFs that come up.

Thinking more widely, we need to be prepared for the next leap in litigation; At some point, the courts are going to start asking people to produce records of instant messaging, posts and comments on collaboration platforms.

Do your staff leaving processes leave their collaborative data intact and allocated to the original owner?  How do you handle "deleted comments"?


How Long do we need to Retain Email?

This excellent chart is from Contural Inc's excellent 2007 Whitepaper: How Long Should Email be Saved?  It was sponsored by Symantec who have since moved the business to Veritas.  The chart shows that different types of emails have different retention times.