SharePoint - the First Commandment

I - Thou shalt use SSL for all SharePoint sites

Like a I said a couple of posts ago, I've been spending a lot of time with SharePoint lately. One of the things that I have decided is important is that all SharePoint sites should start out at the very beginning with SSL encryption. SharePoint suffers from a couple of irritations and one of the big ones is that sites don't want to be renamed much. There are too many things that default to hard coded links so you need to pick the right URL to use from the start. And, since you are logging on with your network credentials, why pass them in plain text? At least make a malicious user work for it.

So, what is the best way to set this up? When you run the MOSS 2007 installer, you are really just installing the basic SharePoint infrastructure and you are not installing a specific site. Once you install the software, it sets up the Central Administration website (and no other site) and from there you configure things like e-mail settings, search settings, and so on. After all of that is done, you then create a Web Application that will actually host the site. The terminology in v3.0 and MOSS 2007 is different than previous versions but a web application was referred to as virtual server in previos versions. You create a new web application and the options are there to use SSL for and port 443.

You can create this web application before you install a certificate. Once IIS is restarted, you can go to the IIS console, select the new SharePoint website, and walk through the SSL certification steps to get the certificate installed.

There will be no site to see on the Web Application until after you create a Site Collection on the new web application. You can't test your site, certificate, or anything like that until after you create the site collection.

For once, the MOSS 2007 / SharePoint installer does not overwrite the Default Website so after you create a new web application, it will sit next to the Default Website instead of overwriting it. This will be really, really useful. From the IIS console, open the default website. Go to the Home Directory tab. Change the radio button to redirect traffic and enter in the full URL of the SSL site you created. If you do that, IIS will redirect all traffic from the default, port 80, non SSL site to the new SSL site you created so that when people forget to put in HTTPS, they still go to the right place.

which are the one thing that an attacker really wants, you should make them work for it.

For anyone who's lived in Japan...

You have to see this site: http://www.engrish.com. It's a collection of odd signs, t-shirts, and more that have odd, not quite right, English slogans written on them. Normally by a marketing person and probably by someone without a lot of language skill.

DevConnection conference in November

It look slike I'm going to be able to attend a Microsoft-centric seminar/trade show in Vegas in November. The DevConnection company is hosting a triple-combo seminar on Windows 2008, Exchange 2007, and SharePoint. When you register for one conference, you can attend sessions in any of the other conferences freely - kind of a mix and match thing. I'm going to try and tack on some vacation at the end of it, too, but not that many. I want to horde my vacation days a bit since I haven't racked up that many, yet.

I don't know the company much but there are reviews of past events floating around on the Internet that sound pretty positive. I'll try to blog about it while I'm there.

WebEx and SharePoint

WebEx offers corporations a free Active Directory plug in that uses Active Directory Application Mode (ADAM) to allow your active directory to talk to WebEx. When you look at the WebEx site, it looks pretty easy. Install the SharePoint system, add some web parts, configure ADAM, run the batch import, and all of your users are ready to go with WebEx accounts.

This is totally, completely, and utterly FALSE. The WebEx integration tools are UTTER CRAP.

The ADAM component will not read any user account that is not the in default "user" container. So, if you use any intelligent Active Directory design, then the WebEx components will not import users.

The ADAM component and built in batch import have different restrictions than the WebEx site. There are different user name requirements, password requirements, and e-mail address requirements are different from the WebEx site.

If WebEx tries to sell you this as solution, tell them to take a hike.

MOSS 2007 - You REALLY want the Enterprise version

Like I mentioned before, I've started a project that is pretty SharePoint heavy. Since we have a very flexible license with Microsoft, I could pretty much run whatever version I thought was best, a luxury that a smaller company doesn't have. However, if you are a Microsoft partner, you do have access to both version of MOSS as part of your partner benefit.

There is no reason to purchase and install the standard version, in my opinion. The additional search features, site publishing features, InfoPath support, Business Intelligence (BI) web parts, and default site types in the Enterprise version are extremely useful. If you have access to both, pick the Enterprise version.

I would strongly recommend that you look long and hard at the Publishing feature that is included with MOSS 2007. Rather than using the SharePoint site as a web-enabled file share, the publishing features lets you create documents as webpages directly. Since web pages are smaller, load quicker, and can be displayed on a wide variety of devices (cell phones, Macs, etc.) without special plug ins, it really simplifies the long-term life of the documents you are creating.

And, you get a multi-lingual option called Variations that can be quite useful... and amazingly irritating at the same time...

Temperature is improving

Tokyo is starting to move into fall and is finally starting to cool down. Unlike back in July, the temperature has moved below 30 C and is sitting at around 27C (77-78 F). The humidity is still up a bit (especially compared to Seattle) but it is pretty livable. Right now, there a typhoon sitting to the southeast that sending a fair amout of rain our way. It might be the source of the humidity, too.

So, other than the occasional rain, late September and early October seems to be the best time to come to Tokyo.

Microsoft Office SharePoint Server 2007 - the saga begins

I've started working on project that is in a lot more of a rush the previous project. It's actually a worldwide deployment of WebEx to a 7500 person company but the real fun is the WebEx portions that tie into SharePoint. I've had to set up the SharePoint server in a very specific way to get the WebEx web parts to work correctly and I've actually learned a lot about MOSS 2007 in the process. As time permits I'm going to post as much as I can about it. Especially since the included Microsoft documentation stops at the initial point and skips so much stuff...

Cirque du Soleil in Tokyo - ZED

On Monday, we went to see the new Cirque du Soleil show that is being staged at Tokyo Disneyland. The show, called ZED, was absolutely amazing. It is a little expensive, just like every other show, but it is completely worth it. This show is not one of the traveling shows but is permanently housed in a new theater. If you get a chance to go, you do not need to pay extra for the VIP seats. The regular seats in the second section are still excellent seats. I would go for the sections that are not on the absolute outside but one or two sections in from the edge. Any of of the seats there are going to be really good.

Boy, I am behind

It's been a month and half since I posted an update. I have to be more organized than that. I'll see what I can do over the next couple of days.

The Gaijin Effect

Now that I've been here for about 6 months, I've confirmed several "Gaijin Effects" - behaviors that I notice that occur around me just because I look like a foriegner. There are many that I've known before:

• When I sit on a train in Japan, the seat next to me will almost always stay empty. I hope it's not my B.O.
• When I try to speak Japanese, most people will assume I'm talking English. I wrote about that a while back.
• Little kids (less than 3) will stare a lot - sort of "wow, he looks different..."

But I noticed a new one recently. When people line up for a train in Japan, it always a two lines side by side because the doors can let two people enter at the same time without bumping. However, when I am the first person to stand in the line, no one actually stands next to me. The double line starts right behind me. I still don:t understand that one...

InfoPath 2007 - odd piece of software

We just installed Office 2007 Enterprise across the 7,000+ workstations at work and that included InfoPath 2007, Microsoft free-format, ultra-flexible, form based front end for entering structured data into a database. I've only just started messing around with the software (creating a daily checklist form) and I'm a bit confused, really. It kind of reminds me of Excel - it can do anything but trying to figure out how to do the one thing you really want is damn near impossible.

I find myself dipping into the help menus constantly for almost everything I'm doing. For example, let's say you create a table, setup a couple fields and radio buttons, and get all of the formatting the way you want it.

Now, you wan to duplicate a couple of the rows and make it 5 or 6 row table instead of three you just copy and paste. Since the fields are bound to a data source, the new rows are all tied to the original fields.

So, after you publish the form, when you type something in to the fourth row, that same information is then displayed in four differently fields. The process to associate these new fields with new data fields is by right-clicking, selected "Change Binding". each process of assigning a new field is about a 9-click process and it has to be repeated for every field. In this simple table, I actually have 5 fields per line - each radio button has to be modified individually. This three-row copy and past is going to be a 135 click process to create new fields that look like the fields I already created. Since there is no "format paint" button, I can't use the insert field tools to simplify the process.

There might be a faster way to do this but I can't find it in the InfoPath documentation. That's why it reminds me of Excel. It feels like a software that requires you take a class or read a big thing text book to understand it.

Summer vacation

We have an office holiday coming up next week which is our company's scheduled Obon holiday. Unlike most national holidays, obon occurs "sometime in August" rather than on a specific day and each company picks its own window for time off. For us, it is Wednesday through Friday of next week. A lot of people are taking the full week off but I decided I'd stockpile my vacation instead so I'll be at work.

There are a variety of local holidays, festivals, and fireworks shows that are scattered throughout August because of variability of obon. You can actually plan on attending one almost every weekend in August if you wanted to. A lot of people use the August festivals as a good excuse to dress in traditional yukata. In the past, I remember only women wearing the traditional dress for summer festivals but this year, I've noticed a lot of 20-something and 30-something guys wearing traditional clothes, too. I guess the fashion cycle has come back around. It looks like colors and fabrics are bit different than the true traditional patterns, though. The ones in the stores are a bit more colorful or a bit more creative.

Chiho has a couple of yukata in the closet but she's not 100% sure that she knows how to wear one correctly. The couple of times she's worn them, she's had help putting it on and tying the obi. Overall, the yukata is relatively simple but you need to tie it correctly so that the yukata doesn't come loose or bunch funny as you walk around. Maybe I should talk her in to giving it a try this year and see if she can figure it out.

Of course, going outside in August in Japan is kind of difficult - it's so damn hot...

Build vs. Buy

Since my current company is a software development company, we seem to have one big problem: they always want to build a custom system instead of buying something off of the shelf. That is one additional difference in my current position compared to all of my clients back in Seattle. Most of them would be completely uninterested in building something - they probably wouldn't even know where to start.

"So what?" you might say. After all, the same people who create such nice, incredibly expensive, and incredibly popular software should be able to make internal tools that work well. Seems logical, but that does not reflect reality. After all, an internal tool is "overhead" so the large teams of people and careful QA testing are not available. Instead, you get this mess of home-brewed parts that no one really understands and can't update well. Our IT ticketing system runs this way, unfortunately, and has been offline 5 or six times in July and August. Since it is only maintained at the HQ, we have to wait for their business hours to get it fixed. And, if the one or two people that understand the system is on vacation....

From my current standpoint, the build vs. buy call goes like this:

• Payroll and Accounting Systems: Buy. Too many really good solutions available and making your own offers no advantage
• HR systems: Buy. You'll have to do a lot of customization with a large company but start with a real package
• Document Management: Buy.
• CRM/ERM: 1/2 and 1/2. there is so much customization that you're really doing both
• IT Management: Buy. Save yourself some pain and suffering

I think you should only build systems that actually give you competitive advantage. If you know that a SQL driven, distributed CRM system with offline synchronization will give you an advantage, then build one. If your 99.999% uptime is your main sales point, build a custom monitoring solution. Otherwise, buy it - you are buying someone else's QA, testing, and customer feedback experience instead of slogging through all the details yourself.

VMWare is the way to go

At my current company, about 80% of the servers are virtualized into VMWare's ESX system which has a ton of flexibility. We have Dell 2850s and 2950s with fiber channel cards connected to SAN and they live as clusters in the VSX infrastructure. As long as the SAN storage is visible to each server that makes up the cluster, virtual servers can be moved around at will. The management software can do it automatically or you can do it manually. That means if you have a hardware problem on one machine in the cluster, you can move all of the virtual servers to the other hosts, take the host off line, fix it, and bring it back up without any of the servers going down.

The ESX system does need at least one physical server to act as the control and management server and you need an available SQL server. After that, you can add and cluster hardware to hearts content. We have a pricey EMC SAN but you can get the same cluster support with iSCSI devices. As long as each host can see the shared storage, you're good.

There are a couple of servers types that just don't virualize well. Maybe I'm not spending enough effort to find out how to do this, but I would recommend against virtualizing:

• Active Directory domain controllers
• SQL servers
• Firewall / Routing devices (ISA or m0n0wall)
• Any server product that needs IPSEC support
• Servers that need really, really fast hard drive I/O

Almost all other servers are easy to virtualize. This way, you can actually have one dedicated web server per application, too.

Cost is a bit of a problem, I suppose. The VMWare pricing is fairly cheap compared to the feature set but the costs of the Windows licensing is not included. You have to do a lot of research and digging to make sure you are really buying what you need.

Ichikawa Citizens’ Fireworks Display

Over the weekend, we went to see the fireworks near Ichikawa (市川) station. It was about an hour or so from our condo by train and it was really, really, good. I found a clip on YouTube from the 2007 display http://jp.youtube.com/watch?v=_RoQOU0ksqk that is pretty similar to what we saw over the weekend. The show was about an hour long and launched thousands of fireworks. I have no idea how much it would cost.

The fireworks are shot from a park that is along a river so you can watch it from either side. The river has pretty tall flood-control levees so you get pretty good seats from a lot of places. We didn't plan our trip out there quite so well and really didn't bring enough snacks and drinks for the couple of hours we waited for the show. We also forgot our camera... We'll just have to plan better next time.

They announced that the crowd was about 500,000 right at the start of the show. If that was accurate, then it was actually quite a bit smaller than previous years. Most of the websites said that crowds topped 1 million.

Found a good one

This blog: http://lovelylisting.blogspot.com/ posts "less than ideal" pictures from real estate listings. Some of the past history is pretty hilarious.

More Japanese Convenience

A couple of weeks back, I had posted about how things in Japan are designed at a better level for people. I found another good example in the plain, humble, everyday egg. When you buy a dozen eggs in America, the date of expiration is printed on the box. However, if you use the handy egg-basket tray that comes with the fridge, you probably through the box away, right? So, how do you know when the egg is past it's due date.

Most of the farms in Japan have come up with a simple solution: they print the expiration date right on the bottom of the egg. I am not really sure how they do this and the font looks like a dot matix style ink jet of some sort. Clever, isn't it?

Project management in IT companies

I've moved from a consulting company targeting smaller companies to a fairly large global company and it's interesting to watch the differences in IT management. There are a lot of similarities, too.

On the differences:

• Budget: Most of my clients in Seattle had to be convinced, cajoled, or outright pushed to by high quality hardware. In my current company, they are so paranoid about downtime that they through money at redudant hardware that they really, really don't need.
• Schedule: Right now, I was working on an "accelerated" project - I only had three months to plan and deploy it. I don't think I had three months to plan anything with my Seattle clients.
• Turf: There arent't enough people in a small company to really generate big turf wars whereas larger companies can't seem to function without them. There were definately some "I built it, you can't touch it" moments with my Seattle clients but the amount of time spent manging that was quite small compared to now.

Similarities:

• Dithering: When it comes to tech related issues, there are always "what if" dicussions - "what if we build a custom app instead of buying it?", "what if we outsource it", "what if they have a new version?", "what if we using an open source product?", and so on. The amount of time that it takes to explore options, discuss things with leadership, and get approvals for things seem to take the same amount time. Even though my current company is 700 times bigger than my largest Seattle client, they don't actually move noticably slower. I'm actually kind of suprised by that.
• Managing change: It seems that both small and large companies don't do a good job of actually preparing thier employees for major changes. Very few of my clients would send employees to training before pushing a new software (Office, timesheet tracking, or whatever was being deployed). I tried very hard to push for end-user training in my Groove project but it was delegated to local offices instead of being pushed from HQ. And that has devolved to "go read this website" rather than any structured training. And now, I am not surprised that most of the questions I get are "what is this thing and what can I do with it".
• ROI: Both my Seattle clients and current company seems to suffer from an odd approach to new technologies. They seem to start with some big plan that will have some big benefit (new communciation tool, smoother operations, time savings). Then, about half way through the planning process, the technical details take center stage. Whenever there is a hiccup, the project shifts towards ease-of-implementation rather than maxium-user-benefit. It seems that the big picture goal gets forgotten slightly - it's subtle but very noticable.

It's only been a short time, though, so I'll keep an eye on other interesting things as it develops.

Yup, it's hot

89-degree F and 79% humidity today and likely to stay that way all week: http://www.intellicast.com/local/weather.aspx?location=JAXX0085

Ouch...

It's pretty dang hot

We've had four or five days of over 30-degrees (Celisius) weather here in Tokyo. That means at or above 90-degrees Fahrenheit. Humidity is up in the tropical levels (~80%), too. Chiho and I haven't quite gotten used to that.

It's likely to get hotter over the next week or two. Kyoto and other cities south of Tokyo have been at 36 or 37 C (96-99 F) and the warmth is moving north. Oh well...... at least we have air conditioning.