Dear Dr. Theopolis....

Typically the process of developing and testing SecureLogin scripts is done directly on a development user id. When the scripts are complete and tested and ready to be used by the general community they need to be copied to one, or several different objects in the supporting directory. This doc shows a sample of how to script the deployment process to make it quick and consistent.

1. Setup and test the application script(s) in the on a development user ID. This can be a single script or any combination of script types to be deployed.
2. On the client that will be doing the deployment make sure to select “Install Directory Administration Tools” when SecureLogin is installed. This will install the command line utility slaptool.exe in the c:\program files\novell\securelogin directory.
3. Login to the workstation with the administration tools installed with an ID that has rights to all the objects that the new scripts will be deployed (and read rights to the development id).
   
   • If the development ID has rights it can be used to deploy the scripts
4. Use slatptool.exe to export the script from the development id object to a file.
   slaptool -spPcvle -o "cn=DevID.O=corp" export.xml
   • This command line above will read the scripts from cn=DevID.O=corp and write them to a file named export.xml
   • SecureLogin must be running on the workstation that will run slaptool.exe
   • The format of the source object will depend on how SecureLogin is installed on the workstation. This sample is using . (periods) because SecureLogin is running in NDS mode. If SecureLogin was running in ldap mode , (commas) would be used.
   • The switches after slaptool are limiting the export to scripts only. This process can be used to export other SecureLogin properties (password policies, configuration, passphrase questions, etc) with different switches. See slaptool –help for detail.
5. Make a file called target.txt with a list of target objects you wish to deploy the script.

   Sample target.txt
   OU=Bos.O=Corp
   OU=Chi.O=Corp
   OU=LA.O=Corp
   OU=NY.O=Corp

6. Use slaptool.exe to copy the scripts from the just created export.xml to each object in target.txt

   slaptool –spPcvl –r target.txt export.xml

7. To automate the processes with a single command create a .bat file with the export and import commands.

   Sampel copyscript.bat
   slaptool -spPcvle -o "cn=DevID.O=corp" export.xml
   slaptool –spPcvl –r target.txt export.xml

• Cool Solutions

Sometimes I have a need to remigrate or re-sync certain objects through a driver. Sometimes there are only a couple of objects which is easy or maybe it's all objects in a container which is also easy.

But there are those occasions where I may need to re-sync several thousands of objects that match a certain criteria.

In those cases I have several options at my disposal, these are the ones I know about:

1* Use iManager and create an advanced search query when performing a "Migrate from Identity Vault". The problem with using iManager is that the performance drops dramatically if you are trying to add thousands of users to the list, while processing the list you will need to wait quite a long time and be prepared to answer the question if the script should be stopped or allowed to continue. If there was some way to work around the poor performance then iManager would be my choice.

2* Use DA Modifier to perform the re-sync, very nice tool and quite fast if you are on the same LAN as the Identity Vault, running it over VPN isn't recommended. You also need Windows and the Novell Client to run it. The only drawback this solution has is that you can only specify two attributes as the search criteria and from what I have seen, you can't specify auxiliary attributes. Most of the time it works just fine.

3* Use an LDAP tool to export associations, edit them using awk/sed or some other tool and re-import them to trigger a sync. The advantage with this approach is that you can specify any LDAP filter you can think of and just get those objects. The bad side is trying to edit those files and get them the way you want to.

4* Forget the criteria, sync all objects and let the IDM rules veto those that don't fulfill your conditions in a event policy. Works OK, the problem is that you need to edit the rule with the conditions each time, deploy and restart the driver and that you'll get a bunch of objects with a 3 (manual) or 4 (migrate) state in the association attribute.

* Use a dynamic group.
This approach allows you to have all the flexibility of no 1 and no 3.
Create a dynamic group that will be used as the scope for a subscriber channel trigger.
The policy will transform <trigger> events to <sync> events.

My group is named "TriggerSyncOnTrigger".
Since a dynamic group is basically an LDAP filter you can build any search criteria you want.

On the driver where you want to do the re-sync create a job that has the type "Subscriber channel trigger" and associate it with the appropriate server. The schedule should be set to "Run manually".

As the scope point out your dynamic group and select "Apply job to the members of this group.".

On the parameters tab set the options that fit your needs, my settings are:

Submit a trigger document for objects without a driver association? = TRUE
Use Job CN as trigger document identifier? = TRUE
Method for submitting trigger documents = Queue (Use cache)

Now you'll need a policy that will take care of the <trigger> and create a <sync> event.

On the subscriber channel event transformation create a new policy and move it to the top so it runs before all other policies.

My policy looks like this:

sub-etp:SyncOnTrigger

<policy> <rule> <description>Break if not trigger</description> <comment name="author" xml:space="preserve">alekz</comment> <comment name="version" xml:space="preserve">1.0</comment> <comment name="lastchanged" xml:space="preserve">2010-08-29</comment> <conditions> <and> <if-operation mode="case" op="not-equal">trigger</if-operation> </and> </conditions> <actions> <do-break/> </actions> </rule> <rule> <description>Break if not correct trigger</description> <comment name="author" xml:space="preserve">alekz</comment> <comment name="version" xml:space="preserve">1.0</comment> <comment name="lastchanged" xml:space="preserve">2010-08-29</comment> <conditions> <and> <if-op-property mode="nocase" name="source" op="not-equal">TriggerSyncOnTrigger</if-op-property> </and> </conditions> <actions> <do-break/> </actions> </rule> <rule> <description>Create <sync> event for each triggered object</description> <comment name="author" xml:space="preserve">alekz</comment> <comment name="version" xml:space="preserve">1.0</comment> <comment name="lastchanged" xml:space="preserve">2010-08-29</comment> <conditions> <and> <if-src-dn op="available"/> <if-operation mode="case" op="equal">trigger</if-operation> <if-op-property mode="nocase" name="source" op="equal">TriggerSyncOnTrigger</if-op-property> </and> </conditions> <actions> <do-append-xml-element expression=".." name="sync"/> <do-set-xml-attr expression="../sync[last()]" name="class-name"> <arg-string> <token-class-name/> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../sync[last()]" name="src-dn"> <arg-string> <token-src-dn/> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../sync[last()]" name="qualified-src-dn"> <arg-string> <token-xpath expression="@qualified-src-dn"/> </arg-string> </do-set-xml-attr> </actions> </rule> <rule> <description>Veto trigger</description> <comment name="author" xml:space="preserve">alekz</comment> <comment name="version" xml:space="preserve">1.0</comment> <comment name="lastchanged" xml:space="preserve">2010-08-29</comment> <conditions> <and> <if-operation mode="case" op="equal">trigger</if-operation> </and> </conditions> <actions> <do-veto/> </actions> </rule> </policy>

You can add this policy to all your drivers.

When you need to do a re-sync just edit the dynamic group search filter to get those objects you need and then run the job using iManager and you're done.

• Cool Solutions

GWAVACon EMEA, to be held October 23-25 in Berlin, is shaping up to be the most interesting GWAVACon yet. Dave Wilkes, Novell Vice President of Collaboration Engineering, will deliver the keynote address. Novell will have a strong presence at GWAVACon offering sessions such as:

• Novell GroupWise Futures and Roadmap
• The Novell Collaboration Strategy
• Novell Data Synchronizer – Mobility Solution for GroupWise
• Novell Conferencing – What’s Next
• Introduction to Novell Pulse

GWAVA will also be there in full force offering courses on its major product offerings as well:

• How to use GWAVA in non-GroupWise Environments
• Migration from M+Archive to GWAVA Retain
• Reload – Customer Case: Migration and Disaster Recovery
• Plus Hands-on Training and Certification for GWAVA, Retain, Reload, etc.

GWAVACon EMEA will also offer a variety of partner and industry expert breakout sessions.

For more information and to register for GWAVACon EMEA, go to www.gwavacon.com

• Collaboration Cool Solutions

Join Novell to hear about what's on the horizon for GroupWise users. We will discuss the current state of GroupWise, as well as what's coming in the next release (code-named Ascot). We'll also discuss hot topics such as mobility (including BlackBerry), application integration and Novell product integration. Finally, we'll introduce you to the upcoming versions of Novell Teaming and Novell Conferencing.

GWAVA is providing hands-on technical training on GroupWise backup and disaster recovery with Reload. Come find out why GroupWise administrators call Reload, “the holy grail of GroupWise.” In addition, learn how GroupWise archiving and retention with Retain can be a vital tool for your organization.

You can expect very technical and useful information designed for current users or for those who are interested in learning more about the products' technical capabilities.

Breakfast begins at 7:30 AM. Sessions begin at 8:00 AM and will go until noon with a break in between.

Grab your laptop and come join us for FREE technical training! Register HERE.

September 14 – Los Angeles Marriott Downtown
September 15 – Torrance Marriott South Bay
September 16 – San Diego Marriott Del Mar

• Teaming Cool Solutions

About Training

Schools and training centers use a variety of standard processes,
procedures and learning material that needs to change from time
to time. They also have information that needs to be disseminated
to students, trainees and employees in an organized simple to understand,
and readily available format. Training programs are tasked to provided
the tools necessary to present these materials at the touch of a
finger.

Challenge

Successful training programs require a platform that is accessible
to students, trainees and employees at any time of day. Many training
programs rely on paper handouts, which can easily be lost and are
difficult to keep up-to-date with the most current information.
And when updates do occur, it can be difficult to ensure that the
paper materials at all the different participating schools and organizations consistently
have their documents updated. Additionally, printing and providing
updated materials creates added expenses for the participating organizations.

Many modern training programs have embraced “Blended Learning”
where traditional classroom settings have been combined with self-guided
e-learning. One of the challenges associated with blended learning
is the geographical seption between instructors and students. The
difficulties of geographic seption become further compounded
when instructors and students live in different time zones or have
differing work schedules that make it even more difficult to connect.

Instructors and students also need to be able to maintain
a consistent exchange of information. Trainees must be able to post
questions in a format that allows the instructor and peers to easily
assist and make available the most current and correct information.

Students must also be free to develop their own learning styles
while maintaining accountability for completing the training schedule.
Some students learn best from reading material, others from hands
on experience, while some prefer visual learning. Training programs
should be able to accommodate these preferred learning styles or
even a combination of all three at the students' own pace.

Novell Solution

Novell Teaming allows organizations to create a central, unified
platform for learning. It enables instructors and students to create
and leverage an environment that can be accessed anytime, from any
location with easily managed access controls.

Novell Teaming can accommodate multiple learning styles through
the different ways that the product stores and displays information.
It provides wikis for quick written communication. Its discussion
folders and blogs provide a great medium for connecting students
with instructors and peers, facilitating question posting, idea
exchange and follow-up instruction. File folders in Novell Teaming
provide storage space for supplementary training material and hands
on activity instructions. Novell Teaming also facilitates the creation
of Web landing pages that can present supporting training material,
such as training schedules, updates and embedded YouTube videos.

Novell Teaming folders and workspaces used for training can
be tracked from instructors and students' individual Teaming dashboards
so they can know immediately when changes occur. Teaming can also
provide email notifications to instructors and students when such
changes occur.

Novell Teaming provides customizable forms and workflows to
further streamline an organization's training efforts, which can
be particularly helpful for organizations with multiple training
programs. Custom forms can be used to show completion of a training
program or post questionnaires for students to fill out once they
finish a training course. Workflows can automate a variety of training
related processes, such as to send notifications to instructors
when a student completes a certain training phase. Workflows can
also be use to send automatic reminders when a training phase has
not been completed after a certain period of time.

Results

Novell Teaming can significantly reduce travel and learning material
distribution expenses normally associated with training programs.
By providing a centralized storage location for all training materials,
Novell Teaming lowers costs associated with maintaining those materials.
It's through this same central storage that Novell Teaming facilitates
easy, any time access to all training related materials for both
instructors and students.

Novell Teaming creates a flexible learning environment through
discussion folders, blogs, wikis and embedded video. These training
information sources and materials can be easily accessed as needed
whenever and wherever users have Internet access. As a result, students
can enjoy the convenience of learning at the time, place and speed that
suits their needs, in a richer more flexible learning environment.

Click here to view our full list of use cases.

• Collaboration Cool Solutions

About Virtual Teams

Most projects require the contribution of people with a variety
of different skill sets. Quite often this means that projects will span
multiple departments. At minimum, a typical project team will consist
of a team manager to oversee the project, as well as others to plan
and execute the project. Whatever the make up of the project team
and from whatever areas within the organization they come from,
the major goal of any virtual team is to make sure that all of its
team members can effectively collaborate together.

Challenge

When a virtual team comprises members from different department
in an organization, geographic and organizational divides can create
barriers to needed communication. Mobility is another barrier to communication
for virtual teams. Regardless of whether team members are working
at a branch office, at the airport, in a hotel room, at a client
site, or at home, they need to able to collaborate with other team
members. All of these barriers to communication need to be overcome
so team members can effectively collaborate and move the project forward,
as well as to keep all team members apprised of project status and
progress.

The actual act of creating virtual teams between departments
can be an administrative challenge as well. All team members must
have access to project information and collaboration tools, which
can be difficult depending on how the IT infrastructure handles
access rights across departmental and geographic divisions. The
challenge of access can become even more complicated when virtual teams
include people external to the organization, such as partners, clients,
and contractors. While these external users need to be able to collaborate
and share information with other members of the virtual team, secure
controls need to be in place to ensure that these external users
can only access information appropriate for their roles on the team
and no more.

Once virtual teams are created, team leaders need to be able
to add or remove team members as needed. If IT must be involved
in such tasks, the delays caused by waiting for IT to act can have
serious consequences on the team's ability to operate effectively,
move the project forward, and meet deadlines. Ideally, team leaders
should have the ability to create and manage team members and team project
areas without the involvement of the IT department.

Novell Solution

Novell Teaming makes it easy to bring together virtual teams
with the right people and the right skills in secure online workspaces
where they can easily interact. The centralized workspaces in Novell
Teaming serve as digital “offices” where team members, working locally
or dispersed geographically, can gather to coordinate their efforts, information,
resources and skill sets toward the completion or maintenance of
a project, purpose or topic of interest.

Without requiring IT assistance, individuals can easily create
their own ad hoc virtual teams and workspaces, as well as managing
the addition or removal of team members as needed. Novell Teaming
also makes it easy to identify the specific talents, expertise and
knowledge of different individuals that can contribute to the success
of the team, making it easy to build powerful virtual teams tailored
to tackle whatever problems, goals or tasks the project or organization
requires.

Virtual teams can be created to undertake small projects that
last only a few days and involve a handful of members, or they can
be for multi-year ventures that span continents and require thousands
of team members. Novell Teaming makes it easy to create teams comprised
of individuals within an organization from different departments
and geographical locations, as well as external individuals, groups
and organizations. Its built-in identity and security controls ensure
that internal and external team members only have access to the
information they need to do their jobs, keeping an organization's
sensitive information safe and secure. Novell Teaming even allows
for Guest User access, which allows anonymous users to have limited access
to designated areas within a team workspace but does not require
a log in.

In addition to centralized workspaces, Novell Teaming consolidates
into a single flexible, browser based environment file sharing,
wikis, micro-blogs, blogs, workflow, landing pages, e-mail notifications,
user following, project tracking, Teaming feeds and other tools
to facilitate productive and efficient communication among all virtual team
members no matter where they're located, or whether they're internal
or external to the organization. The tools in Teaming let team leaders
stay on top of what their people and projects are doing. They also
facilitate team members' ability to ask questions about and understand
their role in projects. Novell Teaming also allows tasks to be assigned to
individual users, groups or the entire team. Assigned tasks display
on individual's personal workspaces, as well as their calendar events.
Novell Teaming also includes a secure, lightweight mobile user interface
that gives virtual team members easy anywhere, anytime access to
the collaboration tools and team information they need.

Novell Teaming also consolidates into one place – individual's
personal workspace – the most important and relevant information
users need. This lets individual team members consolidate the teams
and projects they participate in, then track everything from that
workspace to stay informed. This lets team members know what's new immediately,
and lets them see at a glance task and calendar summaries as well
as view recent entries. It keeps them abreast of everything that
is going on in the organization, teams, and locations that are of
interest. Even when they're not logged into Novell Teaming, it allow
them to track in real-time changes and new items that appear on their
Teaming Feeds.

Results

The centralized workspaces in Novell Teaming combine with
its array of team management and collaboration tools to overcome
geographic, time, departmental, and organizational barriers. It
facilitates the creation of virtual teams based on the match between
expertise, skills, availability and business need, rather than proximity
or organizational charts. It facilitates collaboration among all team
members and makes sure that everybody on the team is on the same
page. All team members – including new members – can quickly
see the status of the project, and have secure access to only the
information they need to perform their role on the team.

Novell Teaming enables organization with distributed workforces
and virtual teams to foster better collaboration between project
teams and stakeholders, improve knowledge management and retention,
cut down on travel costs, and increase the efficiency of all operations.
Novell Teaming enables the realization of substantial production savings
by facilitating improved global information sharing and problem
solving through more efficient communications and information management,
enhanced information gathering and sharing, improved project management, accelerated
progress on project issues, and easier and secure access to project
information.

Click here to view our full list of use cases.

• Teaming Cool Solutions

KH wrote: Just the other day a gentleman comes over to our desk with a rather large amount of papers stapled together.

It seems that one of our divisional drives (almost 2 TB in size with about 14 million files and countless thousands of directories that are nested) was the victim of an unfortunate accident.

Mr. User had somehow managed to "accidentally" delete almost half the data and also somehow managed to get a directory listing of all the files beforehand. Then he highlighted each file that he accidentally deleted and presented them to us on the bundle of papers and asked if we could restore the highlighted ones.

As much as we wanted to say "No" we ended up attempting the restore and brought back the data.

I guess it's one method of job security.

• File Management Suite

KG wrote: It was my 15th anniversary of working for my company. My manager/director at the time organized a lunch in my honor for his management group (about 10 people). I was asked where I wanted to go -- I picked a very good local (expensive) restaurant. A date and time was settled on and a meeting place designated to gather and travel to car pool to the restaurant.

About 15 minutes before the appointed meeting time, I had a question for my manager and walked to his office. He wasn't there and I noticed that members of his management team that sit next to him were absent as well. I thought it probable they were in a meeting so decided to talk to him during the lunch instead. I went to the meeting place at the appointed time and was the first one there. I waited. 5 minutes. 10 minutes. I figured their meeting must have gone overtime (a usual occurrence) so I left a note to call me when they were ready and went back to my desk to work.

Another 10 minutes passed and I decided to call my manager to see when he would be ready. To my surprise, he and the rest of the folks were at the restaurant eating! After some humming and hawing he told me they had been in a meeting that got out early and had decided to go to lunch early. He hadn't noticed I wasn't there. He took my order and I drove myself and joined them just as they were about to finish lunch. They decided to hang around, get dessert, and let me finish my lunch.

Granted I had only reported to him for a couple of months, but it certainly let me know where I stood in that team.

• File Management Suite

The VM World Conference was held this week in San Francisco where as you would expect, it was all cloud all the time. It’s hard to gauge any technology based on the discussions of the true believers, especially when it’s wrapped in the context of a huge marketing party, but if you listen to VMware CEO Paul Martiz, you can begin to see some broad themes.

Maritz, not surprisingly was touting the idea of 'IT as Service.' Those of you who don’t like the term ‘private cloud,’ may like this even less, but it goes a long way toward defining the idea of setting up a private cloud environment inside a company that works in a very similar fashion to the way we are used to interacting with consumer public cloud services. Google is a good example of this.

Instead of opening Google, your users will open a web page where they will find a menu of pre-defined services. The idea is to create a set of easily repeatable services with little or no customization options. (If a user requires something outside the normal set of services, that would require IT to provide additional consulting/programming/implementation services.)

Of course part of the equation is automation,which allows for fast, efficient service delivery. When you provide these services, they have to be simple and automatic and provide what the user needs quickly. This means the systems have to be automated to deal with these requests. We are talking about having results in minutes instead of days, weeks or even months.

This needs to operate like a consumer service. You go on the site, you expect it to work (at least, most of the time). Your internal consumers are going to demand the same type of responsiveness. VMware believes it has the tools and platform to help you deliver these types of services.

Maritz also spoke of a hybrid cloud. That means you’ll share services insides and outside the organization. For instance, you might use Salesforce.com for your CRM and Amazon S3 for some storage, but you might have other data and applications you prefer to keep behind the firewall. In Maritz’s dreams of course, everyone uses VMware tools.

The sheer number of people attending this conference this year suggest a growing interest in the cloud. According to Network World, 17,021 people visited this year, a leap of over 4500 new attendees including 4000 who were attending for the first time.

These numbers truly tell a tale of growing interest in the Cloud that’s more than a passing curiosity. Of course, when you’re preaching to the converted, it’s a fairly easy sell. From what I’ve seen from some of the comments on this blog, some of you may be a bit harder to convince, but if you can truly achieve the economies of scale, elasticity and service response time that’s promised by the hype, it has be at least worth a look to even the most curmudgeonly of you.

• Cloud Computing Cool Solutions

A new version of our hosted Novell Conferencing product was rolled out to existing customers late last week. A summary of new features is provided below. If you are involved in active sales conversations for this product, please communicate the value of these additional features to help close deals and drive business. For additional information, you can visit the following links:

Product Web Site: http://www.novell.com/conferencing
Flash Demo: http://www.novell.com/products/conferencing/demo/
Cool Solutions Article: http://www.novell.com/communities/node/11773/whats...

ENHANCEMENTS IN LATEST VERSION OF NOVELL CONFERENCING*

> Application Sharing - Now presenters can not only share their entire desktop, but a particular region of their desktop or a specific application.

> Resource Manager - Provides presenters with the ability to upload, store and manage up to 2 GB of content before a meeting starts.

> Polling - Create customized polls that allow meeting attendees to answer questions during the web conference and see real-time results.

> Audio-Video Enhancements – The previous two-way video and audio capabilities have been increased to four cameras and four microphones. In addition, the audio management tools available to moderators have been simplified.

> Media Streaming – Enables moderators to embed URLs in a web conference and stream video or other rich media directly to attendees' browsers.

> Expanded Document Sharing (Word/Excel) - Expands the current document-sharing capabilities beyond PowerPoint and PDF formats to include Excel and Word documents.

*The product is fully localized in French and German. Spanish, Portuguese and Chinese Simplified will be provided over the next few weeks.

• Teaming Cool Solutions

Nominations for 2011 Novell Knowledge Partners are now open! Wouldn't it be a shame if someone helpful in the forums, in the beta program, in Cool Solutions was denied an opportunity to become a Novell Knowledge Partner because nobody they helped took the time to nominate them? Is there someone you have seen that loves to share their knowledge and experience and takes the time out of THEIR busy day to help you? Do YOU take time out of your busy day to help others in the Novell communities? Nominations are being taken until the end of October for next year's Novell Knowledge Partners. If you have a favorite NKP that you feel should continue in the program, or know someone that would make a good candidate for admission to the program, please take a few minutes and nominate them. It would be appreciated. Go to http://support.novell.com/community/nkp.html to read more and submit a nomination. Thanks for taking the time to help us identify the people that help you the most.

• Chameleon - NUI Israel

MM wrote: I had implemented a quota system for my departmental server at a hospital. One of the social workers was continually running up against the quota and continued to complain about the lack of space. I explained that non-work related items should not be stored on the server as a it was a misuse of resources and perhaps she should consider storing those items off to a floppy or CD. (This was a while ago after all). One day said social worker comes into my office with a familiar cardboard box in hand.

SW: Here. (Shoves box at me). I went out and bought an extra drive. Now you can give me more space.

Me: That won't work.

SW: Why not? It's a bigger drive and the guy at the store told me it would work fine.

Me: Yeah, the drive will work, in the right equipment. This won't work in our server.

SW: Why not?

Me: Because it's for a Mac computer.

SW: Right, that's what we use.

Me: No, that's what YOU use - at home.

• Collaboration Cool Solutions

DZ wrote: I had a customer who was drive map crazed. They mapped a different letter for EVERYTHING, even though most of the mappings pointed essentially to the same locations.

For example, F: mapped to \\server\vol1, U: mapped to \\server\vol1\users, and h: was a map root of \\server\vol1\users\userhome (where userhome was the actual home directory of the user in question).

While most users did not map to U: and only saw their own home directory in "H", IT managers had access to all user home directories under U: So, PHB could see u:\users\phb, and h: as the same directory.

One day, while "tidying up", PHB deleted his entire home directory from u:\users\phb, because it was an exact duplicate of h:

All I can say is thank goodness for salvage!

A similar issue happened many years ago for a small site that was doing Windows networking. UserA had shared out her C: drive from the root to other users in the office as H:, and she managed to map her own C: drive as H: She then phoned me when her Windows workstation stopped working after she deleted all of the duplicate stuff on the H: drive! Alas, that time there was no salvage!

• File Management Suite

Business going to the Cloud can be the Catalyst for IT to Measure and Communicate Value!

How many of us have heard what a road block IT is, how costly / what a mystery IT is and IT cannot communicate value to the business leaving frustration in the organization. It's sort of like the Mars and Venus thing and "if they only understood me better" debate. It's OK to laugh, we all suffer these discussions, I too am guilt - the makings of a good Dilbert cartoon no doubt ending with Catbert reigning down his wrath of mandates. However, with all sourcing decisions, it is about creating change in an environment where change is difficult and should be embraced. IT has the opportunity to do just that and be the hero in the end. This is a good sourcing option as it creates the change that will drive down costs that are difficult for in-house IT to drive.

Moving from technology silos to managing and communicating in terms of services is easier than one thinks. It does require different management approaches and technology, measuring in terms of service and yes, sometimes the right investment can save money in the end while creating value. A recent Network World Article (http://bit.ly/aTL0Gy) has a good quote from a good friend of mine and Forrester analyst, Glenn O'Donnell, "invest in analysis, not monitoring". The monitoring data is required, but means nothing when not related to other bits of techno data and turned into information by which to perform useful analysis about services and the value delivered to the business. This becomes ever more challenging when in a mixed environment, physical, virtual, cloud, and when many management tools exist as well.

CIO also published an article yesterday "Why IT Costs Must Come Out of the Black Box -- Now" (http://bit.ly/b62xpA) describing similar requirements for service measuring and service transparency. The lack of transparency drives the business to seek alternatives where they contract for a service and know the cost. What is often left out is the definition of good service levels, which is a topic for a separate blog. The new service appears cheaper and why is that? Economies of scale is one piece, shared service, ......the second piece is they are very standard, non custom, no configuration, minimal choices, if any, services. Standardization that is difficult to impose from in-house without the cost transparency, service measurements and links to business priorities. This is not a fair apples to apples comparison of services, however, a standardization many IT organizations have difficulty implementing as an in-house provider without the measuring of services and transparency, but possible moving forward.

Instead of challenging the business in moving to a cloud provider, I suggest embracing it and offer that history will repeat itself with many of these start up providers bringing the service back in-house and providing the opportunity to be the hero, improve service quality, reduce costs and communicate value. Many will fail due to lack of good service level agreements, lack of the business asking for them and collapse or dissatisfaction of the business with a single costly service impacting event.

Embrace the opportunity to do a few things in the meantime:

1. Standardize, drive down costs for services and technologies that do not require customization
2. Measure the provider, start to deliver service levels and views of transparency of in and outsourced services
3. Develop and Implement the service view and transparency into the "black box" of IT
4. Invest in the analytic measuring and viewing technology, less on the commodity monitoring - explore open source

When Outsourcing Creates Good Change - Embrace the Cloud Providers - Consolidate Tools and Invest in becoming a Service Measuring Organization Communicating Value!

Check out Novell's unique approach with WorkloadIQ and Measuring! (http://bit.ly/bJ0bJh) and Novell Operations Center

Novell Announces WorkloadIQ (http://bit.ly/9O7KqK) - Measuring with Novell Operations Center

• Data Center

SecureLogin DAS Fast User switching using Smart Card in Active Directory mode

Table of Contents:

1. Introduction
2. Prerequisite
3. Configure Novell SecureLogin to launch separately using smart card user credentials
4. Configure DAS actions.xml to hide and unhide the desktop using the smart card
5. Conclusion

Introduction

In the earlier version of Novell SecureLogin, Active Directory authentication of the workstation (either using password or smart card) were used to login to SecureLogin. The SecureLogin DAS Fast User Switching feature was not available in Active Directory mode.

With Novell SecureLogin 7.0 Sp1 Hot Fix 2 and later DAS Fast User Switching feature is available in Active Directory Mode.

To use this functionality, you must configure

1. Novell SecureLogin to launch separately using smart card user credentials (instead of workstation logged-in credentials).
2. DAS actions.xml to hide and unhide the desktop using the smart card.

The procedures explained in the document apply to:

• Novell SecureLogin 7.0 Sp1 Hot Fix 2 or later.
• Windows XP SP3 or later.

Prerequisites

While installing Novell SecureLogin you must enable the following options:

• Select Active Directory as the platform where Novell SecureLogin stores its data.

Click to view.

• Select YES to use Smart Card.

Click to view.

• In the installation features dialog box, select Install Desktop Automation Services.

Click to view.

Configure Novell SecureLogin to launch separately using smart card user credentials

After SecureLogin with DAS is successfully installed, it initializes some registry keys. You must edit the registry keys to configure the system for your workstation.

To view and edit the registry keys:

1. Click Start > Run, type RegEdit, then click OK.
   The Registry Editor is displayed
2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\
3. Create DWORD NSLADAuth and set the value of NSLADAuth to 1.
4. Exit the Registry Editor.
5. Log out from the workstation and log in again.
6. Launch the Novell SecureLogin.

Now SecureLogin prompts for Smart card PIN instead of getting launched using workstation logged-in credentials

Configure DAS actions.xml to hide and unhide the desktop using the smart card

1. Log in to the workstation where you want to launch the Novell SecureLogin.
2. Configure actions.xml to hide and unhide the desktop using the smart card fast user switch

   Sample XML script:

   <?xml version="1.0"?> <application-runner-script> <action name="Removal"> <kill-app application="slproto.exe" /> <kill-app application="slbroker.exe" /> <pause interval="1000"/> <hide-desktop /> </action> <action name="unHideMe"> <unhide-desktop/> </action> <action name="Insertion"> <kill-app application="slproto.exe" /> <pause interval="1000"/> <hide-desktop /> <run-application application="slproto.exe" parameters="" serial="true" interval="500"/> </action> <action-triggers> <on-cardmon action-name="Removal" card-insert="Insertion" LoginAction = "unHideMe"/> </action-triggers> </application-runner-script>
3. Run ARScontol.exe to start DAS and to hide the desktop.
4. Insert the smart card in the card reader.
   The NSL PinPrompt dialog box is displayed prompting you to enter a valid PIN.
5. Enter the valid PIN.

The Novell SecureLogin is launched successfully for the smart card user and the user’s desktop is displayed.

Note: To switch to another user remove the inserted Smart Card from the card reader and insert a new smart card.

Conclusion

With the help of the above configuration “SecureLogin DAS fast user switching” is achieved using Smart Card in Active Directory mode.

AttachmentSize SecureLogin_DAS_Fast_User_switching_using_Smart_Card_in_Active_Directory_mode.doc71.5 KB

• Cool Solutions

Migration from Novell NetWare to Novell Open Enterprise Server 2. By installing SEP sesam or SEP sesam SBA you can easily migrate your Novell NetWare files to Novell Open Enterprise Server 2 by performing a simple backup and restore to the similar file structure on your Novell Open Enterprise Server 2 platform.

SEP sesam allows fast and easy access to data for all Novell products. There are highly effective modules for Novell including Open Enterprise Server, SUSE LINUX Enterprise Server, Open Workgroup Suite, GroupWise, NetWare and eDirectory.

SEP sesam delivers media protection and data availability. Using SEP sesam’s patented algorithm’s users can multiplex several data streams assuring fast, accurate and time saving backup of enterprise data. Data can be directly stored to media (Client Free). Restores of required or needed data can be easily accomplished also in a very short time window. SEP sesam increases data availability in the LAN using Direct Access. Direct Access allows the intelligent access to backed up data and searches storage media rapidly to find the required data in the shortest possible time. This allows the data to be selectively restored, directories, files, etc. without requiring more data than necessary.

With SEP sesam and a well thought out data availability strategy you can assure data security, the product meets all US, Canadian and European regulations. SEP sesam was developed for complex IT Environments and guarantees investment returns. The data can be restored to the same data location or restored to a new directory, disk, or
server. Point-in-Time recovery for online backups is available. Disaster recovery for Linux and Microsoft to unlike environments is also possible, assuring a rapid recovery for an operating environment.

For optimal results in a Novell environment our online GroupWise module provides a simple and reliable backup and restore alternative for all data. The backup of the GroupWise server occurs without interruption to the working system. The restore of single emails is accomplished using the GroupWise interface.
SEP sesam is a valuable tool, as well, for backing up and restoring Cluster environments. Novell Storage Services (NSS) Cluster is fully supported for OES Linux and OES Netware. SEP sesam Dynamic Drive Sharing optimized the utilization of storage media in a SAN. Conversion from disk-to-disk-to-tape is also easily
performed with SEP sesam for the LAN, WAN or SAN.

Version of SEP sesam 3.6 allows the migration from NetWare to OES Linux System in both the 32- bit and 64-bit versions, simply by backing up the data and restoring it to the new target system. It has never been easier to transfer the complete data tree from NetWare to OES Linux.

For more information on Novell NetWare Migration. Simply Click on http://sepusa.com or contact us at info@sepusa.com

• Cool Solutions

Novell Open Enterprise Server 2 Cluster Ready. SEP sesam has the only software today that allows for full cluster support in both Novell Open Enterprise Server 2 Linux and Novell Open Enterprise Server 2 Novell Netware environments. Fail-over capability and recognition allows for the backup to continue in the event of node loss or failure. The backup completes from point of interruption. There is no additional charge for clustering technology but clustered resources (IP Addresses) require separate licenses.

"We worked SEP sesam to set up and backup our Novell (NetWare and later OES2) cluster. They had us up and running in an amazingly short time. Our previous vendor was unable to do anything they promised. They never got clustering working on any platform." Don Shrum, Spectrum Technologies - San Antonio, TX

About SEP Software Inc.
SEP Software, Inc., of Boulder, CO and Weyarn, Germany, provides industry leading backup and recovery software for Enterprise as well as Small to Medium sized businesses. SEP sesam is designed for multi-Operating Systems, multi-Database, multi-Groupware IT environments. SEP makes complex backup tasks easy. To learn more simply click on http://sepusa.com or contact us at info@sepusa.com

• Collaboration Cool Solutions

In part 1 of this series, Getting Started Building a SOAP Driver for IDM - Part 1 I discussed some of the things you need to get started building a SOAP driver. I was using the example of Salesforce.com (henceforth known as SFDC, since typing the full name is too much of a pain each time).

Anyway, I left off after explaining how to generate a <login> document for SFDC, and finally with a sample rule to parse the results of a SOAP <loginResponse> document into a useful <instance> document.

I thought it would be interesting to pick that rule apart, since it takes a somewhat different approach than the usual. Usually for this issue you would use XSLT to rebuild the document. But I wanted to do it in DirXML Script policy. This kind of policy is a little hard to read and understand so a walk through ought to be useful.

I think the trick is you need three things. First the input document to the rule, then the output you are trying to get to, and finally the rule to get from point A to point B.

What I have been doing on this project is actually pasting sample events into the Comments field of the rules. At one level that seems like overkill, but for the specific case of Input or Output Transform rules that are taking one XML document and converting it to another, it is really important. I agree this would be kind of silly overkill in say the Create rule of a driver.

Also, there is a great secondary benefit to having the sample document in the Comments field, is that when it comes time to test or debug later, you have a sample document you can copy and paste into the Simulator in Designer and work with. Otherwise you have to go track down an event to work from in fixing the issue. This came in very handy in the case of support for <query> documents since there are a lot of details to be managed in that case, and lots of exceptions and edge cases. It was very useful to have a sample document to start working from and to test with.

Here is what the <loginResponse> might look like after you succeed in connecting in your driver. (Or actually in soapUI as well).

<nds dtdversion="2.0"> <source> <product build="201006032211 Internal Novell build. Not for production use." instance="SOAP-SPML" version="3.5.5">Identity Manager Driver for SOAP</product> <contact>Novell, Inc.</contact> </source> <output> <soapenv:Envelope xmlns="urn:enterprise.soap.sforce.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <loginResponse> <result> <metadataServerUrl>https://tapp0-api.salesforce.com/services/Soap/m/18.0/00DT0000000GV1Q</metadataServerUrl> <passwordExpired>false</passwordExpired> <sandbox>true</sandbox> <serverUrl>https://tapp0-api.salesforce.com/services/Soap/c/18.0/00DT0000000GV1Q</serverUrl> <sessionId>LongSessionIDStringGoesHere</sessionId> <userId>005T0000000opANCDCDE</userId> <userInfo> <accessibilityMode>false</accessibilityMode> <currencySymbol xsi:nil="true"/> <orgDefaultCurrencyIsoCode xsi:nil="true"/> <orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments> <orgHasPersonAccounts>false</orgHasPersonAccounts> <organizationId>00DT0000000GV1QMAW</organizationId> <organizationMultiCurrency>true</organizationMultiCurrency> <organizationName>ACME Kitten Wrangling</organizationName> <profileId>00e20000000h1j0AAA</profileId> <roleId>00E20000000hxc5EAA</roleId> <userDefaultCurrencyIsoCode>USD</userDefaultCurrencyIsoCode> <userEmail>ishkabibble@kittens.com</userEmail> <userFullName>IDM</userFullName> <userId>005T000000ABCDEFG</userId> <userLanguage>en_US</userLanguage> <userLocale>en_GB</userLocale> <userName>idm@ikittenscom</userName> <userTimeZone>America/New_York</userTimeZone> <userType>Standard</userType> <userUiSkin>Theme3</userUiSkin> </userInfo> </result> </loginResponse> </soapenv:Body> </soapenv:Envelope> </output> </nds>

Now since we only really care about two values out of that entire document, the sessionId and the URL for the endpoint, we do not have to convert the entire thing into an <instance> doc, rather we just need two specific values. This is thus not the most general solution to the problem, but you should be able to see how you might do that from this more limited example.

The output document after our rule is finished processing, should look something like this:

<nds dtdversion="2.0"> <source> <product build="201006032211 Internal Novell build. Not for production use." instance="SOAP-SPML" version="3.5.5">Identity Manager Driver for SOAP</product> <contact>Novell, Inc.</contact> </source> <output> <instance class-name="login" src-dn="sfdc"> <attr attr-name="sessionId"> <value>LongSessionIDStringGoesHere</value> </attr> <attr attr-name="serverUrl"> <value>https://tapp0-api.salesforce.com/services/Soap/c/18.0/00DT0000000GV1Q</value> </attr> </instance> </output> </nds>

Finally we get to the piece that connects us from point A to point B, the DirXML Script policy that takes the <loginResponse> document, and converts it to the <instance> XDS compliant document that Identity Manager knows how to handle with no extra work.

<rule> <description>[icap] Handle loginResponse documents, with soapenv: header left behind</description> <comment xml:space="preserve">Lets see if we can do this in Policy instead of XSLT. Well yes, yes we can! Because the SOAP doc comes back with a namespace definition, this causes us pain, so the test is for self::urn:loginResponse. This works because we use the urn: namespace to ask for it. Next we build the instance doc, with the two values we care about, serverUrl and sessionId. Step by step, element by element we build it. Note: Append XML Element adds a <node> Append XML text sticks a text string between <node>text</node> Set XML attribute sets the class-name='User' in the <node class-name='User'> Rinse and repeat for each attr. Set the driver scoped variables that we need to prove we are logged in. Finally remove the SOAP doc from the XDS doc with a strip XPATH. </comment> <comment name="author" xml:space="preserve">Geoffrey Carman</comment> <comment name="version" xml:space="preserve">2</comment> <comment name="lastchanged" xml:space="preserve">Apr 27, 2010</comment> <conditions> <or> <if-xpath op="true">self::soapenv:Envelope/soapenv:Body/urn:loginResponse</if-xpath> </or> </conditions> <actions> <do-append-xml-element expression=".." name="instance"/> <do-set-xml-attr expression="../instance" name="class-name"> <arg-string> <token-text xml:space="preserve">login</token-text> </arg-string> </do-set-xml-attr> <do-set-xml-attr expression="../instance" name="src-dn"> <arg-string> <token-text xml:space="preserve">sfdc</token-text> </arg-string> </do-set-xml-attr> <do-append-xml-element expression="../instance" name="attr"/> <do-set-xml-attr expression="../instance/attr[last()]" name="attr-name"> <arg-string> <token-text xml:space="preserve">sessionId</token-text> </arg-string> </do-set-xml-attr> <do-append-xml-element expression="../instance/attr[@attr-name='sessionId']" name="value"/> <do-append-xml-text expression='../instance[@class-name="login"]/attr[@attr-name="sessionId"]/value'> <arg-string> <token-xpath expression="*//*[local-name()='sessionId']/text()"/> </arg-string> </do-append-xml-text> <do-append-xml-element expression="../instance" name="attr"/> <do-set-xml-attr expression="../instance/attr[last()]" name="attr-name"> <arg-string> <token-text xml:space="preserve">serverUrl</token-text> </arg-string> </do-set-xml-attr> <do-append-xml-element expression="../instance/attr[@attr-name='serverUrl']" name="value"/> <do-append-xml-text expression='../instance[@class-name="login"]/attr[@attr-name="serverUrl"]/value'> <arg-string> <token-xpath expression="*//*[local-name()='serverUrl']/text()"/> </arg-string> </do-append-xml-text> <do-set-local-variable name="SfdcTargetURL" scope="driver"> <arg-string> <token-xpath expression="*//*[local-name()='serverUrl']/text()"/> </arg-string> </do-set-local-variable> <do-set-local-variable name="SessionID" scope="driver"> <arg-string> <token-xpath expression="*//*[local-name()='sessionId']/text()"/> </arg-string> </do-set-local-variable> <do-strip-xpath expression="self::soapenv:Envelope"/> <do-break/> </actions> </rule>

Well that is quite the mouthful, so lets take that apart line by line.

So what we are doing is basically building a new XDS event document element by element from mostly scratch. Well not from total scratch. We keep the <nds> node, and the <input> or <output> node that came in with the SOAP XML doc from the driver. But everything else we need to build, and finally we remove the original document that we no longer need.

We use four DirXML Script tokens to do this. Three to add stuff, one to take away.

Append XML Element
Set XML attribute
Append XML Text
Strip by XPATH

In an XML document there are really only three components. Elements (what I keep calling nodes), like the <nds> element, or an <attr> node.

There are XML Attributes, which you might recognize more by how you select them... In the <attr> node you often see things you pick out with XPATH like @attr-name to get the value from a node like this:

<attr attr-name='nspmDistributionPassword'>

Finally, in between an open and close node, you might have text, which is what Add XML Text does.

So your <instance> doc, might have the above <attr> node, with a value set of nodes and some values.

<attr attr-name='nspmDistributionPassword'> <value>SomePasswordValue</value> </attr>

So to build that above snippet, you would
Add XML Element: attr
Set XML Attribute: name of attr-name, with a value of nspmdDistributionPassword
Add XML Element: value
Add XML Text: SomePasswordValue

You can see why that gets a little hard to read, and I skipped the detail of having to provide the XPATH to tell the token WHERE to Add/set these XML thingies.

As usual, the devil is in the details.

So with that basic overview, lets work through the rules above. Note, I am going to use the XML view of the tokens, since getting this many little screen shots of all the tokens in Designer would be a total pain. (And you guys just aren't worth it! Kidding of course, but it would really be a LOT of screen shots to take and clean up!)

First off we look for a loginResponse document in the Condition block with an IF XPATH test of:

self::soapenv:Envelope/soapenv:Body/urn:loginResponse

The current context of XPATH in Identity Manager is the operation node level (usually <add>, <modify>, <query>, etc) so in this case, it is actually the <soapenv:Envelope> node.

I do not fully understand why the self:: axis needs to be used here in selecting/specifying this node, but it does seem to be needed. Because the SOAP stuff has several namespaces defined (soapenv:, urn:, sf:, and others) you need to address the nodes including the namespace names.

You could use the local-name() function to work with the local name (part after the namespace), but I try to avoid it as the XPATH gets really unwieldy!

Anyway this test means we only fire on the case of a loginResponse event in the urn: namespace.

First we add an <instance> node into the event:

<do-append-xml-element expression=".." name="instance"/>

Now the expression="" part of this token means, the XPATH that defines where to stick this node. There is a selector at the bottom of the token that says, Append to the end of XPATH expression, or else Insert before XPATH expression. I chose to do all mine as the default of Append to the end of XPATH expression.

Therefore an XPATH of ".." means just what you would think from the directory in a file system perspective, go up one level. That is an interesting twist on English. When did .. start to mean back up one level? I see that and almost treat it like a word in my head. Funny things you notice, eh?

That means, since the current context is the <soapenv:Envelope> node which is under an <output> node, it means insert this element after ".." which is right below the <output> node, and thus a sibling of the current context node.

Thus our current document looks something like this now (simplified to save space)

<nds> <output> <soapenv:Envelope> (namespaces and everything collapsed for simplicity) </soapenv:Envelope> <instance/> </output> </nds>

Well that was easy. Next we need to build up that <instance node with some XML attributes so we can use it in policy.

Lets set the class-name attribute to "login" so I can have a policy later that watches for Class Name = login events.

<do-set-xml-attr expression="../instance" name="class-name"> <arg-string> <token-text xml:space="preserve">login</token-text> </arg-string> </do-set-xml-attr>

In this token we specify the name of the XML attribute as class-name, set the value to login, and insert it via the XPATH expression of ../instance which is referencing our instance node we just added.

Our simplified view of the output doc now looks more like:

<nds> <output> <soapenv:Envelope> </soapenv:Envelope> <instance class-name='login'/> </output> </nds>

Better add a src-dn XML attribute, so we thus we do this token:

<do-set-xml-attr expression="../instance" name="src-dn"> <arg-string> <token-text xml:space="preserve">sfdc</token-text> </arg-string> </do-set-xml-attr>

I chose to use sfdc since there is no real meaningful value to indicate the actual source DN in the case of a login response event, but this way I could select the event by using this value as well, if I needed to.

Our simplified view of the output doc now looks more like:

<nds> <output> <soapenv:Envelope> </soapenv:Envelope> <instance class-name='login' src-dn='sfdc'/> </output> </nds>

Now we need an <attr> node for the first of our two values of interest.

<do-append-xml-element expression="../instance" name="attr"/>

Our simplified view of the output doc now looks more like:

<nds> <output> <soapenv:Envelope> </soapenv:Envelope> <instance class-name='login' src-dn='sfdc'> <attr/> </instance> </output> </nds>

Lets add an attr-name XML attribute, with the value sessionId.

<do-set-xml-attr expression="../instance/attr[last()]" name="attr-name"> <arg-string> <token-text xml:space="preserve">sessionId</token-text> </arg-string> </do-set-xml-attr>

Now we start to see something a little bit different. Note the XPATH expression we had to use to insert this looks different. Based on the previous examples you would think XPATH of ../instance/attr would have been enough. But in fact we used ../instance/attr[last()] so why the predicate of last()?

Well it turns out, for this first occasion, it would probably not matter, but when we do this for the next attr node, it would make a huge difference.

If you used the simpler XPATH of ../instance/attr it would set the XML element on ALL nodes in the document that match. So when we only have one attr node, not a big deal, but as the second and third are added, you would stick this XML attribute into each of those attr nodes, and it gets ugly fast. By using the predicate (I.e. the use of [] to set a condition, so that only when the stuff in the [] (square brackets) evaluates to true, do we do this) you limit it to the last attr node in the document. Thus you do need to do this in sequence, and be sure you complete a node in policy before coming back to it. Otherwise you would need to be specific enough in your XPATH expression to only affect that one node, because if you were not, you could append or set something on every node that matches.

Our simplified view of the output doc now looks more like:

<nds> <output> <soapenv:Envelope> </soapenv:Envelope> <instance class-name='login' src-dn='sfdc'> <attr attr-name='sessionId'/> </instance> </output> </nds>

Next up lets add a value node, so we can then add some XML text into the value node, with the following two tokens.

<do-append-xml-element expression="../instance/attr[@attr-name='sessionId']" name="value"/>

Now when I added the <value> node, I probably could have used the predicate of [last()] here, but since I knew I could be more specific as this was a special case, I used the XPATH of:
../instance/attr[@attr-name='sessionId']

which uses a predicate of @attr-name='sessionId' to be sure I get the right node.

This is worth discussing for a moment. Why not use this approach all the time?

Well in a later article (if I get around to continuing this series that far, still not sure how far I will take this process) I might discuss how you might handle a query response, where you do not know in advance how many or which nodes need to be handled, so you might want to loop through all the nodes returned, and do something for each. In that case, it is much easier to just specify [last()] inside the loop and know it is going to work.

However, one of the side benefits of writing these sort of articles, is they make me explain my thinking after the fact, and a second review of something often reveals things I did not think of at the time. What this has made me realize, that if inside a for each loop, I append an <attr> node, set XML attribute a attr-name, I am probably calculating the value of attr-name by reading it out of the SOAP XML document. In which case, I do not have to use the last() predicate, I could just use the actual name I just set a line above to be most specific.

I would be interested in timing this to see which is more efficient XPATH, using the last() function as in:

../instance/attr[last()]

Or using a more specific predicate of:

../instance/attr[attr-name=$current-node/loacal-name()

Hmm... I do have a rule I wrote that was so slow, I stopped using it, that I could test this in. It was designed to read out schema from SFDC, and try and build the DirXML-ApplicatioSchema attribute for the driver object. I.e. I implemented the driver shim function getSchema() in policy.

Our simplified view of the output doc now looks more like:

<nds> <output> <soapenv:Envelope> </soapenv:Envelope> <instance class-name='login' src-dn='sfdc'> <attr attr-name='sessionId'> <value/> </attr> </instance> </output> </nds>

So now we have our value node, and the second token will stuff some text into it.

<do-append-xml-text expression='../instance[@class-name="login"]/attr[@attr-name="sessionId"]/value'> <arg-string> <token-xpath expression="*//*[local-name()='sessionId']/text()"/> </arg-string> </do-append-xml-text>

Here I got a little neater, and specified which <instance> node by the predicate [@class-name="login"] and which attr node by the predicate [@attr-name="sessionId"] which is a little bit of overkill, but this was the first rule of this type I worked on, and I was experimenting on possible solutions. As usual I never really went back and cleaned up, since it was working, and I had more pressing concerns on things that were NOT working.

After all, why fiddle with something that works, that is the most basic function required by everything else in the driver, when there is no need to, except for elegance. What am I saying, of course I need to go back and clean it up. He he.

Now the XPATH to select the text string is finally something different in this token. Previously I knew what value I was going to shove in, usually a static bit of text. This time I want to look at the <loginResponse> doc that SFDC sent back and get some values out of there. Here I needed to get a specific node, called sessionId, and I was having trouble selecting it correctly due to namespace info in the node, and ended up with this XPATH, which I am sure I could simplify.

*//*[local-name()='sessionId']/text()

* means all nodes below the current context, then // (slash slash) means find any occurrence of the next predicate [local-name()='sessionId'] the node whose local name (i.e. without namespace definition) is sessionId. Now the // is like a dir /s, a recursive search, which in XPATH land is considered a no no, since it is expensive as it traverses the entire document tree. However in this case, the document is fairly short so I was not too worried about it.

Finally, I wanted to return the text() value of that selected node.

I think (but do not have time to test) that a much traditional XPATH that is more direct and longer, should work for this task. Something more like:

self::soapenv:Envelope/soapenv:Body/urn:loginResponse/result/sessionId

Our simplified view of the output doc now looks more like:

<nds> <output> <soapenv:Envelope> </soapenv:Envelope> <instance class-name='login' src-dn='sfdc'> <attr attr-name='sessionId'> <value>SomeHexStringOfSessionIdValues</value> </attr> </instance> </output> </nds>

Now we rinse and repeat the previous 4 tokens to add the <attr> node for serverURL.

<do-append-xml-element expression="../instance" name="attr"/> <do-set-xml-attr expression="../instance/attr[last()]" name="attr-name"> <arg-string> <token-text xml:space="preserve">serverUrl</token-text> </arg-string> </do-set-xml-attr> <do-append-xml-element expression="../instance/attr[@attr-name='serverUrl']" name="value"/> <do-append-xml-text expression='../instance[@class-name="login"]/attr[@attr-name="serverUrl"]/value'> <arg-string> <token-xpath expression="*//*[local-name()='serverUrl']/text()"/> </arg-string> </do-append-xml-text>

After that, our simplified view of the output doc now looks more like:

<nds> <output> <soapenv:Envelope> </soapenv:Envelope> <instance class-name='login' src-dn='sfdc'> <attr attr-name='sessionId'> <value>SomeHexStringOfSessionIdValues</value> </attr> <attr attr-name='serverUrl'> <value>https://tapp-0.salesforce.com/services/soap/c/18.0/something</value> </attr> </instance> </output> </nds>

Now at the same time, I set the driver scoped variables holding the same data, so it is available to all other rules in the driver.

<do-set-local-variable name="SfdcTargetURL" scope="driver"> <arg-string> <token-xpath expression="*//*[local-name()='serverUrl']/text()"/> </arg-string> </do-set-local-variable> <do-set-local-variable name="SessionID" scope="driver"> <arg-string> <token-xpath expression="*//*[local-name()='sessionId']/text()"/> </arg-string> </do-set-local-variable>

Finally the coup de grace, as we remove the original SOAP document, via Strip by XPATH.

<do-strip-xpath expression="self::soapenv:Envelope"/>

This leaves us, finally with the following document, which looks very nice and XDS complaint.

<nds> <output> <instance class-name='login' src-dn='sfdc'> <attr attr-name='sessionId'> <value>SomeHexStringOfSessionIdValues</value> </attr> <attr attr-name='serverUrl'> <value>https://tapp-0.salesforce.com/services/soap/c/18.0/something</value> </attr> </instance> </output> </nds>

This looks just like the sort of response you would get in any driver to a query response.

Cool eh? And zero XSLT involved. Ya, the DirXML Script is a little hard to read, but building is pretty easy if you have the input doc, the output doc you need to get too, sitting on your screen. It is just a matter of doing it step by step, element by element until you are done.

Using this approach, at least on the response side, will let you handle pretty much the entire set of API possibilities. The next step was to use this approach on query events, which has its own set of special requirements.

But once I had that done, I eventually realized I needed some other API calls, and this approach worked fine for those cases as well. Everything comes back to the engine from the shim as an <instance> doc, which makes handling it very easy.

Next to discuss is the Query handling. There are two sides to that problem, first the converting an XDS <query> event to a SFDC <query> SOAP document, which is harder than it seems, and then handling the response. Stay tuned for more in this series.

• Cool Solutions

Check out this new Dilbert strip that is an uncanny illustration of an entry in our Dilbert contest. Either Scott Adams is watching us, or we share in the collective madness of the corporate world. Either way, there's no end of fodder for the brilliant Mr. Adams.

http://dilbert.com/strips/comic/2010-09-01/

Eerily similar to:

"It should be noted that this was the same manager who regularly threatened to "cut people's hands off" if they did anything wrong, and the very same manager who reviewed the "Confidential Employee Survey" with his entire department, reading each complaint out loud and saying, "Who wrote this one? No one? No one? I guess if you're not man enough to admit it in front of me, it's not a problem! Next!!" "

From: Fix this Problem Once and for All (But Don't Make any Changes)

• File Management Suite

About Mobile Workforce

With today's ever-progressing wireless technologies, it's
easier for people to work away from the office. Not only can they receive
and send e-mail with mobile devices, they can also use Internet
access and powerful mobile devices to work away from the office
for longer periods of time.

Challenge

In spite of the constant advances in wireless technologies, receiving,
accessing, and modifying the latest information is still a major
challenge for the mobile workforce. As information changes, people
need the newest versions, whether they are in the office or not.
And they need to be able to access the newest information using
laptops, remote desktops, and mobile phones

When working remotely it's difficult to securely search through
large quantities of information in all of its available formats
and locations. Simply viewing files important to your work can be
difficult. If you don't have the files stored locally on your mobile
device, they might be in a location that is remotely inaccessible.
Mobile phones and computers outside the organization's firewall
might have problems connecting to internal information storage areas.
This can be a significant challenge for mobile workers that might need
access to company information, including knowledge stores, project
data, customer information, company policies and training materials.

Even if your mobile workforce can access the files they need,
depending on file format and the capabilities of their mobile device,
the files might not even be viewable. When they are able to view
those files, they also need to be able to modify them or provide
feedback on them back to their team members or others in the organization.
Consequently, the major challenge in supporting the mobile workforce
is in effectively providing the the type of access your mobile workers
need, no matter where they happen to be located.

Novell Solution

Novell Teaming is a next-generation, Web-based collaborative
application that allows users to view information from any device
that has access to the Internet. Since it is browser-based, Novell
Teaming allows information to be accessed through any Web-enabled device,
including Web-enabled mobile phones. Additionally, Novell Teaming
doesn't require any client software on your mobile devices.

Novell Teaming also provides a lightweight, secure and easy
to use mobile user interface that incorporates most of the functionality
available in the standard Novell Teaming interface. Tailored to
the needs of mobile users, it presents a specialized view of Novell
Teaming workspaces, including a starting home page with quick links
to the most commonly used aspects of Teaming, such as workspaces,
favorites, search, teams and what’s new. The mobile UI enforces
the same security and access controls as does the regular Novell
Teaming interface. While optimized for iPhone and Blackberry devices,
the new interface works with any mobile device with an HTTP/HTML-based
interface that supports HTML 4 and JavaScript. So, as long as you
have a connection to the Internet, you can access the information you
need, even files from your mobile device.

To address the problem of limited document support in some
mobile phones, Novell Teaming also has a document rendering engine
that presents mobile users an HTML view of most file types (over
400 formats supported). Although this rendered HTML view does not
allow file editing from a mobile phone, Novell Teaming does allows
comments to be posted on the file or on other information in the
Novell Teaming workspace.

The ability to assign e-mail addresses to each of your Novell
Teaming folders can also be a help to your mobile workforce. This
lets users simply e-mail information to those folders while being
mobile. Once the folders receive the e-mail, its information will
be incorporated into the Novell Teaming system, making it completely
searchable and accessible while on the road.

Also, any time information changes in Novell Teaming, it's updated
in real time across the entire system. If a change is made by anybody
at any location, the change instantly becomes visible to everyone
else who has access to the information. This ensures that even mobile
users that access Novell Teaming from their mobile devices will always
have access to the most current information that they need.

Results

Whether they're using a laptop or mobile phone, Novell Teaming
enables mobile users to access any information they need to do
their job while away from the organization. Mobile users can easily
view and manage documents in Novell Teaming even if they don't have
the same application the document was created in. Mobile users can easily
and securely enjoy the same level of access to company information
that they have when in the office. Novell Teaming updates information
in real time, always presenting the most recent version. Mobile
users can also easily contribute information to their organization's knowledge
base via e-mail without ever logging in to Teaming. Whether in the
office or mobile, users can always take advantage of the powerful
search options in Novell Teaming to quickly find the information
they need. Novell Teaming empowers mobile users to be more efficient
and effective by providing them constant access to the information
they need.

To see the full list of use cases click here.

• Teaming Cool Solutions