October 31, 2011 | Written by: Fang Feng
Share this post:
Here is Part 2 of our interview with Marshall Lamb. (Catch up on Part 1.)
Fang Feng: How does the business partnership work? I’ve seen many vendors put their applications on LotusLive. How does this relationship work?
Marshall Lamb: Very good question. That’s another really good key differentiator between our offering and our competitors. We have such a rich mixture and collection of Business Partners that we work with to enhance the functional offering that’s in LotusLive.
The way it works is that we engage with IBM Business Partners like Salesforce, or United Parcel Services (or UPS). Let’s see, Skype is also one and we have Silanis that offers eSignLive service, authority for documents.
Lots of different types of Business Partners and they offer different types of services. Some might be around people management, some might be around file management – it varies. Probably the large majority of our Business Partners we engage with have to do with some type of file management.
eXpresso for example, is a Business Partner that has an online document viewer and editor so they work with online files. We strike up a relationship with Business Partners, like eXpresso, United Parcel Service, or someone like that.
There are standard hook points within the LotusLive platform that we extend with the business partner function. So we don’t host business partner applications within LotusLive. We host hooks that call out to the business partner services.
The Business Partners offer their own software as a service offering in some form. And, we create a trust relationship between LotusLive and the Business Partner so that we can pass identities – an identity from LotusLive to the Business Partners.
Let’s take a use case. I’m in LotusLive. I’m logged in as Marshall Lamb and I go to my files. Well, I have also independently gone to eXpresso and signed up for an account with eXpresso. I also have an account with eXpresso and I link that to LotusLive. So my identity is the same between them.
When I go to LotusLive and I tell my organizational admin, or my organizational administrators acknowledges that I am a eXpresso customer, maybe my whole organization is an eXpresso customer. Then, my organizational administrator, within LotusLive, checks a box that enables eXpresso for my account.
So the next time I log in to LotusLive, when I look at my files or anytime I look at a file, I’ll see a button next to the file that says launch eXpresso.
So that button is an extension point within LotusLive. It’s a standard extension point that I could add any business partner link that has to do with file manipulation.
And we have similar extension points throughout LotusLive to add buttons and links based upon my being entitled to that business partner service such that I can leverage that business partner service as a pivot point within LotusLive.
So now, when I’m viewing my file in LotusLive and I click Edit in eXpresso, a call is made to eXpresso basically, and it automatically logs me into eXpresso. eXpresso is given the document that I want to edit. eXpresso then turns around calls back into LotusLive using our REST APIs, downloads the file, and brings it up for viewing. And then, I can manipulate the file within eXpresso.
When I click Save, eXpresso then calls back to LotusLive to save the file using basically LotusLive as file repository. So we’re not actually hosting the code in LotusLive, we’re calling out to the service within LotusLive and providing the ability for Business Partners to call back into LotusLive to get access to the data they need to provide the service. Business partners run their own applications. The content that the Business Partner has access to is stored within LotusLive and not within the Business Partner’s infrastructure.
Using the eXpresso example, eXpresso reaches back into LotusLive to load the file; you do what you want within eXpresso, and then it saves it back into LotusLive. It doesn’t store within its own infrastructure.
So, LotusLive has a rich set of REST APIs, a REST services protected through OAuth that the Business Partners can use to extend basically the LotusLive capabilities with their own.
Fang Feng: Great. Thanks for the explanation. How does the license work with the Business Partners?
Marshall Lamb: Typically – and I think this might differ by Business Partner – it requires that you subscribe to the business partner services independently of LotusLives.
Fang Feng: I see.
Marshall Lamb: So I need an eXpresso account like I need a LotusLive account. I believe there are some examples of business partner integrations within LotusLive that, while I’m in LotusLive and I express interest in using a Business Partner, I can basically be prompted to create an account through LotusLive by virtue of how the Business Partners integrate with LotusLive.
But in all cases, I must have an account with a Business Partner. And that account and the Business Partner is linked to my account in LotusLive so I can establish a single sign-sn (SSO) agreement between them and not be challenged when I go to the Business Partner. That’s a requirement.
We don’t want our customers being challenged for credentials again when they switch over to using the service. We want to try to make the service as seamlessly integrated with LotusLive as possible.
Fang Feng: For the customer using LotusLive, do we charge them for using Business Partner’s service and then somehow we pay the Business Partner later? How does this financially work?
Marshall Lamb: No, for my account with the Business Partner, I am billed from the Business Partner. LotusLive is not involved at all. And the Business Partner would determine what is the billing model – how am I billed? Is it, you know, a yearly subscription? Is it a per usage? For example, Silanis is an e-signing application that I can electronically sign and secure a document for being transferred to another party and that I need to ensure that the document is secured and only opened by that party.
I’m not sure about this, but Silanis might charge per signing, for example, as opposed to having a yearly account. That would be an example, but that will be up to the Business Partner.
Fang Feng: When you access your LotusLive account, do you simply use your user ID and password?
Marshall Lamb: Correct. I have a user ID and password in LotusLive that I log in with.
Fang Feng: This is different from the one used at IBM SmartCloud Enterprise. You need a key to access your instance.
Marshall Lamb: No, because as I explained earlier, the IBM SmartCloud Enterprise is an infrastructure as a service offering where it’s giving you access to a running operating system. So they prevent you from accessing the operating system except through secure shell (SSH) using an RSA encryption key.
This is different – this is a set of application services that you simply need to identify who you are through user ID and password. But that brings up another point.
We have the ability to integrate with an enterprise authentication mechanism through SAML, which allows the enterprise to project itself as an identity provider.
And LotusLive then becomes what’s called a service provider. And we will establish what’s called a partnership between LotusLive and the enterprise identity provider such that when you log in to LotusLive, the login is actually performed within the enterprise. So you’re actually logging in to your internal authorization or authentication engine within the enterprise and LotusLive then honors the credential as a SAML token. The way that basically works is you go to LotusLive.
You log in and it knows what organization you’re in and says, “Well, you actually need to – as part of the log-in, you need to log in within the enterprise.” And it directs you to the login page in your enterprise. And when you log in and are redirected back to LotusLive, we let you in as an authenticated individual.
We use that within IBM to host internal meetings. We have an internal site within IBM that hosts a login screen that authenticates against BluePages (the IBM internal employee directory) and then just basically sends a SAML token that represnets your identity to LotusLive and LotusLive trusts IBM as a identity provider and authenticates you to LotusLive.
So, in most cases with large enterprises, you don’t have a separate identity for LotusLive. It’s the same identity that you have within IBM. And we use the SAML association to connect the two from a single sign-on perspective.
This is another good differentiator between us and some of our competitors who only offer basic authorization type of access, which has lots of challenges around keeping things in sync, between your user ID and password within LotusLive, and your user ID and password within the enterprise.
Fang Feng: You mentioned the REST API for hooks to business partner applications. Is there any API provided to the customers for them to somehow connect their internal applications to LotusLive?
Marshall Lamb: There are, but the predominate user of these APIs as we talked about are the partners. The OAuth authentication model that the partners use doesn’t work well for the end user who needs to use the API as more or less through a single sign-on mechanism. The OAuth is not designed to be a single sign-on provider – that’s what SAML’s for.
We are actively working on enabling various client-side applications to leverage these APIs to project LotusLive services into these client-side apps. I’ve mentioned portlets, widgets, gadgets, and connectors. There are a number of examples of client-side apps that consume the on-premise versions of the products that are within LotusLive, like Lotus Connections.
And we are working to extend those connectors and client-side applications to LotusLive so that they can consume LotusLive services for the end-user and other contacts besides just the web browser.
So the short answer to your question is, “Yes, the APIs exist.” The end users can use, but the authentication models currently leveraged by these APIs don’t lend themselves well for the average end user to consume them.
Fang Feng: Do we have any free service on LotusLive like a Google apps? They have document, presentation, and others.
Marshall Lamb: We have trials so you can sign up for a 60-day trial and get access to any service within LotusLive. We do not have a free for use model like Google does or Gmail that they use to entice you with the service. And then once you want enterprise-level usage or enterprise-level functionality or features, you start paying for it. So we don’t actually have that. We start with the enterprise or we start with the business offering and don’t offer any free teasers outside of a trial.
Fang Feng: I understand. Mobile support, and I know with iPhone and Android, that for all those mobile devices, we have full support on LotusLive for those PDAs, right?
Marshall Lamb: Correct. We support them through Notes, and we support them through meetings, Lotus email, Lotus Notes email. Yes, you can access them through mobile devices on the Web – I’m not sure if we have an email client similar to the Notes client. But we certainly do support mobile email, Blackberry and Android and iPhone access to Lotus Notes email. We support meetings access also.
We are working on mobile access to instant messaging and the collaborative features.
Neena Richard: I don’t know if you thought of this before but as of now, we just offer the services provided by LotusLive as a SaaS. Is there anything in the future to offer it as a platform as a service?
Marshall Lamb: Not platform as a service because LotusLive is not positioned for platform as a service. Platform as a service being basically an application-serving platform that you deploy your own applications into with service delivery requirements that the platform must meet. So we’re not ever going to be in the market of running custom applications for customers. That’s not our mission. We won’t dismiss the idea of actually packaging LotusLive as a solution. IBM is striving more and more to look at ways of tackling business problems not with software products but with software solutions. And LotusLive is a software solution made up of several software products.
So by natural extension, it makes sense to consider repackaging LotusLive as a solution that other companies might use as and host themselves as opposed to purchasing the services from LotusLive.
We, of course, prefer them to, you know, come on board in the LotusLive SaaS offering. But we’re not dismissing the possibility of offering maybe some aspect of LotusLive as a solution in and of itself.
Fang Feng: So they can use as a private cloud package, right, in that case?
Marshall Lamb: Correct. Like I said, there are no solid plans in that area but we’re not dismissing the possibility. We are in the solutions business and software as a service is simply one way to deliver a solution.
Neena Richard: Good. How is our overseas market looking for LotusLive?
Marshall Lamb: I might be the wrong person to ask, but I can tell you at least from a technology perspective. With the opening of the Japan data center this year, we have certainly opened up all sorts of possibilities for customers in that area of the world.
Software as a service is probably more appealing to the growth markets in Asia Pacific than it might be for North America with established IT infrastructures.
And so with the Asia Pacific area now being treated with a Japan data center, we think there’s a huge untapped opportunity for LotusLive there appealing to the growth markets in the area that need collaborative services but are unwilling to invest in the infrastructure to host it.
So we think that the doors are wide open for us and there’s a lot of opportunity we need to go after. But I can’t really speak about what the opportunity looks like. You’d have to interview my colleagues in the product management area.
Fang Feng: Oh I forgot one thing, about the support structure to LotusLive customers. After the customers set up their accounts, do they get free support or do they have to buy support contracts?
Marshall Lamb: They get free support as a licensed user through email and forums. We have a support forum and we have an email account that’s monitored by our support team. I’m not aware if there is a priced support agreement that IBM traditionally has associated with products.
Fang Feng: All right. Thank you very much, Marshall. Thanks for talking to us.
Marshall Lamb: Okay, you’re welcome. Have a good day.
About Marshall Lamb
Marshall Lamb is a Senior Technical Staff Member and Chief Architect for LotusLive Systems within IBM’s Software Solutions Group. His responsibilities include overseeing the LotusLive software as a service (SaaS) physical architecture, including its performance, high availability, and scalability characteristics. Before his current position, Marshall was a lead architect and chief programmer on WebSphere Portal for 5 years, focusing on administration and operations, and high performance, large scale deployments. Marshall has spent his career in networking and communications software including a focus on pervasive computing.