Monday, November 17, 2014
Professional, Book Review
Sometimes a book review and my experiences connect, and that triggers a chain reaction of books to read. I'm in one of those chain reactions now. I started with Theory U which led to Bowling Alone which led to reading Churchless. The last connection will make more sense once I've done the review for Bowling Alone. However for now, I'll share that in Bowling Alone much of the book is the research about how we as Americans are not joining and participating in clubs as much as we once were. There's a bit of data about how this decline worked relative to churches, but during a church service I heard many more statistics about the challenges of churches in America. When I inquired, my pastor shared the data was from the Barna group – and that led me to their latest book Churchless.
Churchless is the study of why Americans aren't connected to church. The research indicates that slightly less than half (49%) of Americans attend church regularly – though regularly is defined liberally as attending once a month. Another 8 percent of Americans attend church occasionally, some of which are what the book calls CEOs – Christmas and Easter Only. Interestingly 33% of Americans are what the book considers de-churched. That is they have previously had a church experience but have left the church for some reason – perhaps they're only on hiatus.
Finding the Differences
One of the things for which I've heard over and over again in the statistics, including those in Churchless and Bowling Alone, is that in many respects the Christian doesn't look that different from the non-Christian. For instance, Christian and non-Christian youth are essentially equal in their sexual activity – despite the strong moral line that the church takes against sex before marriage. (For the record, I've not found the support for this in the scripture despite numerous attempts to find it in the translations as well as the original Greek.) Sure, Christians are more generous (by 5x) according to Churchless – but that's not an outwardly visible aspect of Christian life. You may recall from Diffusion of Innovations that visibility is one of the key factors in influencing how quickly an innovation diffuses through a network. If there's no visible difference in the way we behave as Christians – why would anyone want to become one of us?
Real and Relevant
Another criticism leveled against the church is often that the Bible isn't relevant to today's world. While many people – including those who are not church attenders – believe that the Bible was the inspired word of God, and still others believe them to be important stories but written by man – many struggle with how the Bible is relevant to their worlds today. In America, we've become self-reliant. We believe that we can make our own way and we don't need anyone else. If we can make our own way then why do we need God in our lives? Even if you realize that you need God in your life, does the church experience connect you with God? All too often, the answer is no. 20% of the people who've dropped out from church say that they didn't feel the presence of God there. If people can't feel the presence of God then why should they come? Too often people walk out of church believing that it was just a performance, a show, or an obligation. That's no way to motivate people.
Do they Care?
The key point to Christianity – the one thing that Jesus said over and over again – is that we should love. As I've mentioned before the Greek has three words for love. Eros – erotic love, Philo – Brotherly love, and Agape – God's unconditional love for his people. Buddhists call Agape love compassion. It's loving everyone. On this mark the unchurched are clear. They don't believe that the church is a loving church, and accepting church, a church worthy to be called the bride of Christ. Instead, the church has become more like the Pharisees of the bible. (Given that Jesus called the Pharisees a brood of vipers, it's probably not a good thing.) Both from the inside of a church and for those on the outside it can seem like a church is all about rules and values that you must hold. It's often seen that you are either with "us," the churchgoing Christians, or you're in the "them" category. Unchurched often feel judged when they walk in the door.
Making Your Way in the World Today
The theme song for the television show "Cheers" includes the words, "Making the way in the world today takes everything that you've got." Certainly we feel that. Today Americans are more stressed out than a decade ago. We feel like we're always busy. We never have enough time to do what is expected of us. This one factor has led to lower church attendance. When you're following a travel hockey team and you're not home on Sunday morning – making church is hard. You can tell yourself that it's only for a while and it's not that big a deal, but all of the demands on our schedules and individuals skipping church is reducing the number of people in the building each weekend. The point here is that sometimes the numbers don't tell the full story. It's possible that you would assume that the congregation is shrinking because the numbers from the weekly attendance is dropping. However, if every family misses just one weekend a month your attendance drops 25% overall.
The point of my reading of Churchless wasn't to study how I could grow my church – because I'm not involved in that aspect of the church. The goal for me was to evaluate what's going on with churches in the larger context of the societal trends in Bowling Alone. On balance, it seems like the church is impacted by the same factors that are impacting society as a whole. Adults are on their self-reliance path and that path doesn't lead someone to understand their need for God – and that means no church. It's disturbing that we're valuing social media more and real conversations less. The data on the use of social networks like Facebook says that we're feeling more distant from one another even as we're technically more aware of what they're doing. The factors that are driving people away from the church – like the feeling of entitlement – are driving people away from social institutions. We believe that we are entitled to be a part of the conversation – just like we are on Facebook – and church experiences of today aren't that.
However, perhaps if you read Churchless you'll be able to find ways to make your church more appealing to those who aren't currently attending church. Give it a try.
Monday, October 27, 2014
Book Review, Professional
I've been wandering around the land of innovation lately. I wrote a chapter for the Ark Group book Smarter Innovation: Using Interactive Processes to Drive Better Business Results. That chapter really followed up on the chapter I wrote for Unlocking Value: KM as a Strategic Management Tool. Of course, I read and reviewed Unleashing Innovation about Whirlpool's transformation into an innovative company. So reading Creative Confidence is trying to move upstream. I describe innovation as an idea that has been implemented. (Perhaps from my study of Diffusion of Innovations.) It's great to work on the plumbing of sifting through ideas and ultimately converting them into innovations – but there has to be a source somewhere for these ideas. That's what Creative Confidence focuses on – how to encourage, enable, and support the creation of ideas.
Boxes that Define Us
Everyone is born creative. Everyone is born with innate ability to be creative and to create something new. You see it in children all the time. They dance unapologetically. They color outside the lines – and sometimes off the page. They've not learned to be creative, they were born with it. Many adults, however, have unlearned how to be creative. We've learned that it's wrong to color outside of the lines. We've learned to fear rejection and scorn as we do something that others don't understand or approve of.
It's the guilt and shame (See Daring Greatly) that begin to separate us from our innate creative nature. A small comment about how we're not good enough is replayed over and over in our minds, leading us to believe that we really are not good enough. We're not worthy. Faced with a wave of negative emotions and a shrinking personal value our ego defenses kick in and create a split in our personality. (See Change or Die for more on ego defenses.) We suppress the pain rather than dealing with it directly. The result is that we fragment our identity. On the one hand there is the minimizing comments which create a negative image of ourselves, but there is also a positive ego we create through our ego defenses and our belief that we are different than the comments that harmed us. This is the identity that we project. This identity is what Anatomy of Peace would call our must-be-seen-as box. That is we must be seen as someone different than we really are – or who we really, deep in our core, believe that we are.
From my perspective one of the keys to rediscovering our creativity is in integrating these two self-images. That is that we should resolve the internal schism that created the separation in the first place. I've spoken about integrated self-image in The Inner Game of Dialogue (part of my series for the book Dialogue.) I spoke about the need to eliminate boxes through this integrated self-image, but I've not spoken much about ways to reintegrate the image. I want to focus on this topic in this review.
Malleability and Fear
A prerequisite for reintegrating our self-images is the belief that we're able to change. It's what Carol Dweck calls a growth mindset. We have to believe that we can change who we are, where we are, and our potential. That's something that Dweck explores at length in her book Mindset.
If we believe that we're able to change, the trick becomes how we do it. Redirect speaks about cognitive behavior therapy (CBT), and its effectiveness at changing the internal monologue that we hear. However, so does Emotional Intelligence and How to Be an Adult in Relationships. Clearly, CBT is an important technique. It's been proven to be one of the most effective psychological therapies created. (However, a book that I'm not finished with, The Heart & Soul of Change, discusses many of the issues with testing psychological treatment regimens.) One key to actually making the change once you believe it is possible is to change that inner monologue from a negative confirmation to a positive confirmation. (See The Science of Trust
for positive and negative sentiment override.)
With the belief that change is possible and that you're capable of change it's time to do what Albert Bandura, in the context of conquering fears, calls the process of guided mastery – taking small steps to overcoming a fear. Bandura's goal was the development of Self-Efficacy – that is the belief that we can reach goals or complete tasks. The process of guided mastery involves the development of a series of small steps to reach a goal. Desensitization is a variation that is specifically designed to reduce the impact of negative responses to stimulus. By repeatedly creating safe interactions it's possible to reduce the fear response in animals and humans.
To repair a fragmented self-image we've got to go back to what fragmented the image in the first place. You've got to find the hurt – or more likely set of hurts that created the split in the first place. Often the hurts are caused by people who are closest to us. In my post Trust=>Vulnerability=>Intimacy I linked trust, betrayal, vulnerability and intimacy. Because we trusted someone (even if it was only a little bit) and we felt like they harmed us (a betrayal) we were harmed. Our vulnerability due to trust created an opportunity for sufficient harm that our identity became fragmented – or at the very least cracked.
How many of us have been deeply wounded by a comment made by a friend? The comment may – or may not – have been true, however, the comment harmed us greatly. For me, personally, I have been harmed by how my friends see me – because it didn't match the person I wanted to be or the person I saw myself being. I know that for me the reconciliation process for those comments is a very difficult process. I can dismiss the comment out of hand – indicating a lack of trust and therefore vulnerability – or I can process what they've said and hope that they've said it in both truth and love.
The key – I believe – to repairing a fragmented identity is to learn to trust again. We see this in desensitization and in what Bandura calls guided mastery. It's all about making life safer. In How Children Succeed research was shared that spoke about how important it was to feel safe to be vulnerable – but more importantly how children who felt safer (because of fewer adverse childhood experiences (ACE)) were more well-adjusted and more inclined to take risks. In the context of creativity it's feeling safe to be creative without fear of ridicule.
I still remember a comment that an English teacher made to me in passing. She didn't mean anything by it, and I hold no malice to her for it. She told me that I shouldn't consider a career in writing. My grammar was – and is – often awful. I don't spell well. I sometimes get ahead of myself in my writing. (I know you're saying "Duh".) I carried with me for a long time that perception that I shouldn't be a writer. As it turns out my journey to writing came from writing presentations – something a former boss nudged me into. It wasn't writing. It was producing slides so it was OK. It also came from a friend who encouraged me to be a technical editor – editing for technical accuracy –and then eventually encouraging me to write a chapter. Now I've got author credit on 24 books and hundreds of articles. That would have never happened if I hadn't been able to work through that part of my fragmented self-image – the one that didn't care about writing and the one that enjoyed it but which was hurt.
When it comes to creativity one guy to look at is Walt Disney. As I mentioned in my review of Primal Leadership, I had the pleasure of visiting the Walt Disney Family Museum. One of the striking things about the museum is that you have the ability to see not just the end result of Disney's life, which is quite remarkable. Instead you get to see the progression of things that he did to become the man he was. You got to see how he was able to do what people thought was impossible simply because of his dedication to his craft. You got to walk through the short stories that lead to longer features. You got to see whole new techniques that he and his team invented for creating animated movies. The other component to the Disney story that is compelling here is that he had plenty of setbacks, rejections, and failures. Bankruptcy is just one of those ways that he failed. So he was always trying to figure out how to be successful at his creativity while accepting failure as a natural consequence of trying. This is Walt Disney I'm speaking about, someone who has arguably done more to entertain people than anyone else who has ever lived.
Learning More than Fear
So what was it that drove Walt Disney and Thomas Edison to move past their failures and their fear? Some call it an innate desire to create. Others reduce it to the fundamental element of learning. They wanted to learn how something could be done. They wanted to see what the possibilities were, and how to make it really work. They had already seen what it was like to be a failure. They didn't need to fear failure because they had been there, and they realized that the only way to remain a failure was to stop trying. Failure was a stop along the road. The trick was to not build a house and live there.
Interesting in the review of my notes from all of the books that I've read is that the word "lifelong" is most frequently (and nearly exclusively) used when speaking about learning or developing the habit of learning. There's no clear pointer on what gets the process kicked off. It seems like the key is buried somewhere in research around Flow – that is that great leaders found a way to get into a state of high productivity when learning. They enjoyed it. Learning wasn't the means to an end. Rather the ends – the tangible outcomes – were a means to learn more. Said differently they created a target, which created the need to learn.
When fear of failure moves out of the center spotlight, and it is replaced with the desire to learn, it becomes safe to be creative. When fear has to take a back seat to anything, it is weakened. It's stronghold over our lives begins to falter and we can regain our creativity. It doesn't have to be learning that you want more than fear, but learning creates opportunities for new places where fear has no hold.
Compassion and Empathy
Buddhists hold, as a core part of their beliefs, that they should have compassion for every living thing. Christians have a fundamental belief that they're supposed to love their neighbor. (Including the Greek words Agape – God's love – and Philos – brotherly love.) Fundamentally both believe in creating a connection – a shared experience – with another human being. It's this connection that allows you to experience their world and to be creative for their needs.
Consider for a moment the plight of the average traveler in the 1960s. They were just beginning to have air travel available. The luggage of the time was big, heavy, and clunky. However, passengers and baggage handlers had to move this luggage around. It was around 1970 when Benard Sadow created the innovation of the wheel on luggage. His patent in 1972 for "rolling luggage" was, at the time, innovative. It was different than how luggage had always been done. However, by experiencing the plight of a traveler trying to move their luggage through an airport, Sadow, realized the opportunity to make luggage better. This is deep empathy to the plight of travelers.
Having compassion and empathy for others is necessary to create solutions that really resonate with them. All too often people design solutions for the surface issues that people see. Solutions are targeted at creating a bigger bag because of all of the things that people need to carry. It's the creative person that creates ways for the items they carry to be less bulky – or to create a situation where they don't need to carry them at all. From deep empathy comes innovative solutions. From a love of others comes a desire to create something that is harmonious with their lives.
Journeying to Mastery
Daniel Pink, in his book Drive, discusses what drives people. We've all seen Maslow's hierarchy of needs and the carrots and sticks model of rewards and punishments, but Pink exposes another model that focuses on the intrinsic motivators of autonomy, mastery, and purpose. Mastery is an interesting motivator since mastery is an asymptote. That is that you can never really reach 100% mastery, you can only get close to mastery. Thus you're always in a journey towards mastery – never arriving. I spoke about the impact of journey in my review of Changes That Heal.
Creating a deep desire to become a master at something – or achieve some level of mastery on many different topics. Mastery, as I discussed in Sources of Power – the mental models that masters create are different. They're richer and by nature of their mastery people can see things that others simply cannot see. In Efficiency in Learning they call the mental models schemas. However, the message is the same. Masters just see the problem differently. Things that others can't see from the noise masters pick out with ease. They can locate the salient information – the most important – quickly and they're able to act on it. In terms of creativity the ability to see and know what's most important, and to be able to create solutions based on that knowledge, means better solutions with less effort.
The journey to mastery is not a short road. In Outliers Malcom Gladwell asserts that it takes 10,000 hours of intentional practice to become a master. The process of developing mastery may in fact take longer – or shorter but the message is simple. Developing mastery in a topic takes a great deal of dedication and effort. Paradoxically the greatest value may come in learning from many different disciplines. Some of the most important masters in history were polymaths – they had developed mastery in multiple disciplines. These folks showed a desire to learn, a fearless quest for doing something more, and very little concern for failure.
Acting with Intention
If you were to ask most people about a characteristic of a good designer what would they say? Most folks wouldn't have an answer for you. However, what if you asked a professor who teaches management? Well, if you ask Roger Martin at the University of Toronto's Rotman School of Management you'd hear him say that designers act with intention. Designers and creators see the world the way it is, and they want to make it better. They're always analyzing what they're doing, and try to improve the experience.
In my office I have a rather steep set of steps up to the video studio. I put laminate floor in, and was disappointed to find out that the way that the stairs were created to work is a bull-nose. That is that the stair noses are taller than the laminate itself. I felt like this would be a tripping hazard. So I had custom pieces of metal bent to form over the laminate and screw into the end of the stair's plate. I ultimately decided on stainless steel over aluminum because I observed that most people put their weight on the edge of the stairs, and the stainless steel – because it's much harder – would hold up better. It's a tiny thing, but it's important to me as I walk the stairs nearly every day.
Crawling Your Way Through Fear
I made a conscious decision one day to not live in fear. I need to clarify. I'm not saying that I'll never be in fear. I mean I'll never live there. It will never be my home. I recognize that fear can be an appropriate emotion. If you're face-to-face with a bear, lion, or other wild animal fear may be the appropriate response – unless you're at a zoo and there's a barrier between you. With the decision to not live in fear, I had to figure out how to live that out. One of the ways that I decided to live that out was to go caving. (Spelunking if you want to get technical.)
I've never liked tight spaces. I don't know that it would cross the line into phobia or not, but I know that I didn't like the idea that I could get stuck or not have enough room to move. I don't know if everyone has the fear – and I certainly don't know where it came from, however, I know that for me it was very real. So when a friend asked if I would be interested in going caving with her and some friends, I said yes. Certainly there are many people who would wonder about my sanity. Why would I intentionally do something that I knew I was going to fear and struggle with – of course the answer is that this was entirely the point. I didn't want the fear to control me.
We ended up going to Buckner Cave. While it didn't require rope or special gear, the belly crawling wasn't something that I was particularly thrilled with. As I remember it the cave wasn't awful. There was a large set of people who were with me and were encouraging me. The belly crawling though it felt like it was forever wasn't really. It was probably only a few hundred feet.
What I learned out of the situation is that I didn't have to be afraid of tight spaces. I realized that I could – in this case – crawl my way through fear. I could become more comfortable by realizing that my fears weren't justified by reality.
Unlearning and Relearning
Mark Twain said "It's not what you don't know that gets you into trouble, it's what you know that ain't so." In other words, it's what you've learned that is wrong that is much more risky than just not knowing something. You see, the world is split into the known-unknowns and the unknown-unknowns. The known-unknowns are things like not knowing how much gas is in your car. The unknown-unknowns are those random events that you can't predict. Most people don't worry about a thermostat in their engine failing or a timing belt failing. We simply just don't know that we need to be concerned with such things. The challenge with this point of view is that incorrect knowledge is an unknown-unknown. You can't see the place where you're standing until you move. You can't know that something you believe is wrong until you start to look at it from another point of view – and few of us do that.
However, being open to being wrong removes one of our greatest challenges to see how to be creative.
I don't know how to be creative in how I end this review, but I know that if you want to be more creative, you need more Creative Confidence.
Wednesday, September 24, 2014
Unit testing and test driven design don't help you if your requirements aren't right. It may be that trying to create the tests will expose that you have a problem but wouldn't it be nice to know that there are gaps in requirements before you sit down to write code? Although it's impossible to get perfect requirements, most developers would love to get requirements that are better than what they're getting.
Whether you're getting requirements from a business analyst or you're creating them yourself, here are a few simple tips for ensuring that your software requirements are right.
Read more at http://www.developer.com/design/validating-software-requirements.html
Wednesday, September 24, 2014
Years ago, we heard about a movement in software development that was more about individuals and interactions than processes and tools. It was about responding to change and not a rigid plan. Of course, I'm quoting from the Agile Manifesto. Agile development didn't spring to life overnight, but slowly and over time we've adapted as an industry a more agile approach to how we develop software. A similar change is happening in the way that we communicate, and it's happening in the same fits and starts that agile development initially had. The change is about collaboration, not negotiation. It's about getting things done rather than having documentation. The changes that we're seeing in communication follow the same openness and transparency that created agile nearly 15 years ago. One of the tools that stands to change the way that we communicate is Yammer. Microsoft purchased Yammer in 2012 and has been integrating it into its products and services, creating a future that includes Yammer integrated into the Office applications we use every day. But the question is how does a mass-market enterprise social tools help developers write better software? Clues are in how Yammer aligns to the direction we've been headed for years and what we're already doing in person for agile development. Clues can also be found in the way that we collaborate outside our enterprise, despite Yammer being described as the enterprise social network. - Read more at: http://sdtimes.com/yammering-development/
Sunday, September 21, 2014
I started this blog in June 2005. It was after much resistance. Back then every one of the web sites and publishers I was working with was asking if I had one. My first post named the blog – Not fit for print. I really did feel like the entire online world was celebrating the democratization of content and everyone started creating blogs.
More recently I've noticed a reduction in the traffic to my blog – not in overall aggregate numbers, those numbers are climbing ever so slowly. However, what I did notice is that my RSS traffic dropped substantially. Take a look at these statistics from 2007 through 2014. (I started using FeedBurner for my RSS feed in 2007.)
The key to this graphic shows the rise and fall of RSS reading as a way to get information. You'll see a drop in late 2011 – and another cliff of activity mid-year in 2013. The market used to be getting news through a set of known RSS feeds – feeds of people they knew and wanted to follow. However, over time more and more people began to consume their information driven by search engines and fewer people subscribed to RSS feeds and read them regularly. To see how this is the case, we need to look at how the big producers of content were working.
In 2003 today's market leader in blog software, WordPress, was started. WordPress holds approximately 44% of the entire content management system market (According to BuiltWith). So when I was looking for statistics for the number of blogs read and those posted and I couldn't find numbers in aggregate, I decided to use WordPress as a proxy for the overall market. In August 2014 WordPress reported nearly 16 billion visits and nearly 44 million pieces of content. Underlying this data though is a substantial drop in the number of new posts in 2013.
It was only a few months after my first blog post, in October of 2005, when Google created its Reader service. In 2003, FeedDemon, an exceedingly popular Windows based RSS reader was initially created and in 2005 was sold to NewsGator (now Sitrion). Google killed Reader in 2013 citing declining interest. Because FeedDemon used Google Reader on the back end for tracking what you read, FeedDemon has nearly died as well. The death of Google Reader is visible in the above graphics both personally on my blog – but even in the much larger sampling of WordPress sites. While readership subscriptions were already on the decline, Google reader disappearing hastened its demise.
But careful observers will note that blog posts and views on WordPress kept climbing – and were I to show my activity numbers on my blog you'd see a slow climb of activity there as well – but the slope is much shallower. The big change in the statistics is that people are entering through search. They're no longer following a set of people that they have identified, they're relying – more and more – on what search brings to them. Instead of selecting what they're interested in by following people via RSS feeds, they're searching for topics that they're interested in – or they've stopped proactively looking for content.
You can see in the WordPress numbers that the number of reads are accelerating where the number of posts isn't accelerating as quickly. (Look how the actual numbers exceed the trend line near the end.) We're writing less. We're consuming more. We're following less and searching more. Blogs started because people wanted to follow others. They were interested in what luminaries for their niches were saying. However, by all accounts that's not what is happening any longer. People are overwhelmed by following and don't have the capacity to follow any longer.
In my own experience, I was subscribed to many RSS feeds in the day and I'd periodically check the authors that I was interested in. At first it was every week or two but as I grew busier I found that I was checking less and less. It became monthly and then quarterly. It reminded me of how I used to read magazines. Instead of reading them the moment they came in I'd let them pile up and I'd read them all in one batch – and generally make my head hurt through the process. This was the process I was in when FeedDemon died and I was left without an RSS reader.
Of course, the idea that I didn't have an RSS reader isn't literally true since IE and Outlook can both process RSS feeds – however, they're not very good at the experience and as a result I gave up. I don't read RSS feeds any longer myself. I can hardly blame others for not doing something that I myself no longer do.
This post was prompted by the fact that I attended a Venture Club of Indiana meeting a few weeks ago where someone was pitching the idea of an organization that connected advertisers with blog authors as a way for them to monetize their blog. It occurred to me instantly that the value of the offering was declining – and probably two years late to market. Perhaps it's also because I've got a pending blog post to write about the book Bowling Alone as well.
I'm going to continue to blog because it's always been for me as much as it has been for others – and I've still got a great number of books to read and review.
Monday, September 15, 2014
One of the challenges that I face with my clients is how to help them manage a single taxonomy across multiple platforms. There are some tools that we use to develop and manage taxonomies but ultimately those taxonomies need to be something that users can tag in their work and that means getting the taxonomy into the tools they use to create and manage content. For most of my customers that means SharePoint.
That's why I was excited that the team and I could help PremierPoint Solutions develop their TermSync solution. It takes any database – actually anything that can be connected to Business Connectivity Services (BCS) in SharePoint and synchronize it to a term set. So if you've developed a set of terms in Smartlogic's Semaphore tools you can synchronize them with SharePoint.
The initial case for synchronization isn't a difficult problem to solve. You can import a spreadsheet into the term store with a bit of massaging. However, it's effectively not possible to operationalize the management of terms over time without some sort of a tool which can cope with new terms, renaming terms, new synonyms, users changing the term name in SharePoint, etc.
While it's difficult for anyone to come up with a taxonomy – or more realistically a set of taxonomies – it's even more difficult to maintain them over time. The benefits of focused thoughts and energy are lost in the sea of competing priorities. The clarity of the moment when the taxonomy was created was lost. The logistical challenges of pushing these changes through the systems connected to the taxonomy can be utterly exhausting – if you don't have a tool to simplify it.
Configuring term sync is super-simple. You start by connecting your data source to SharePoint as a BCS source. SharePoint Designer effortlessly connects any database table or view to SharePoint. From there you simply connect a sync point – a place in the term set where you want the taxonomy to be placed. Take a look at the process in three steps…
Once the connection is established you can map properties from the source to any term property – and even to extended properties. So you can even use TermSync to support your custom applications integration to your taxonomy. Take a look at the flexibility…
While we use TermSync to keep taxonomies synchronized there are other uses as well. For instance, consider mapping customers into a SharePoint TermSet so that sales can tag the customer to which a proposal belongs. Mapping products into a term set allows you to build bill of materials for new products in SharePoint. Mapping warehouses into SharePoint Term sets means that SharePoint users can attach warehouses to their lists, forms, and documentation as well.
You can sign up for a trial version of TermSync on the PremierPoint site.
Sunday, September 07, 2014
My history with software development starts before I graduated high school. I was taking programming courses at the local community college. I was getting small jobs to help software developers and working a cooperative job for a computer consultant in Essexville, MI. The simple fact is that I started my career as a developer learning where the semicolons and braces go.
Over the years, I've written dozens of articles on software development. Some of the ones I felt like were most important got bundled up into a book that I called Constructing Quality Software. Before and after that time I was studying and researching software development including what at one time was the new concept of agile software development. In short I was trying to understand the software development market as best as I could.
Over the last 10 years I've done quite a bit of work making development for Microsoft SharePoint easier but I've also "wandered off" the development reservation by spending time doing IT infrastructure, information architecture, knowledge management, organizational change, etc. I decided that I wanted to get a broader perspective.
When I was looking to come back one to what I've learned in my journeys, I realized that one of the key skills that was common to my development and non-development projects is that every successful project starts with a shared understanding of the problem being solved – and that means developing a set of requirements.
So I have spent some of my time over the last several months working on the development of a course that can teach some of the key skills of software requirements gathering to my fellow developers. The idea was simple. Whether someone is a developer tasked with gathering their own requirements – or is someone who has requirements created for them that they need to validate – I wanted to quickly develop those skills.
I found through the development that one key challenge that developers – and non-developers – have is the ability to assess whether requirements are good or not. In the course I put together I knew that I'd need to help people with specific techniques to validate whether an individual requirement is good. I also knew I'd need to help folks know when the overall set of requirements were good.
The result of my journey and my struggles to create content is three hours and eleven minutes of video that I've published through Pluralsight. You can find the course on their site at http://beta.pluralsight.com/courses/gathering-good-requirements-developers
If you're not familiar with Pluralsight – they're the premiere learning platform for developers – and non-developers. Their model is a subscription model where you pay one fee and can watch whatever content you need. I highly recommend that you try it out if you haven't. You can even watch my course on gathering good requirements – if you're interested. I'd love the feedback here or directly though my email.
Tuesday, September 02, 2014
Book Review, Professional
With all of the books on innovation in the market, it's a fair question to ask why I read Unleashing Innovation: How Whirlpool Transformed an Industry. There are two simple answers. First, it was recommended to me by a friend who felt like the book was a good discussion about innovation. Second, I was intrigued by the idea of operationalizing innovation as a way of life inside an organization. I've been involved with and have led innovation workshops but these represent a burst of activity around a specific need for innovation instead of an organization wide commitment to change the DNA of innovation.
Much is made in Unleashing Innovation about the idea of having a definition for innovation that the organization and everyone accepts. There is no doubt that this focuses everyone around the same goal. Interestingly the definition that is in use at Whirlpool isn't the definition that I'd use. As I've talked about in some of my work (ARK references), I believe that innovation is the implementation of an idea. I believe strongly that everyone has ideas. We all have ideas buzzing through our brain. The road to hell is paved with good intentions (never executed). So the trick of innovation for me isn't the ideation phase. It's not the creation of ideas – or even the elicitation of ideas – that is the difficult part. The difficult part of innovation is nurturing and supporting an idea until it's able to be implemented.
They share eight reasons why creating a solid definition for innovation is critical:
- Helps screen and classify ideas.
- Maintains integrity and credibility.
- Provides objectivity and standards for innovation.
- Ensures alignment and consistency across regions, business, and groups.
- Drives differentiation.
- Creates a common language.
- Establishes what metrics are needed and tracked.
- Helps innovators know where to focus to make ideas more innovative.
From Whence Does Innovation Come?
When I'm running an innovation workshop there's an invisible dance that's happening. It's a dance when we're all trying to get together to create something shared that comes together. The ideas that come – that will hopefully become innovations – are in a sense from everyone together. However, the kernel, the seed, the core – always comes from one individual. They put it out there as the next step in the dance first. The rest of us just all follow. What's curious to me about this is that I almost never know who it will be that will offer up that nugget that we all ultimately find the most valuable. It can be the staunchest supporter of the old guard or the newest member of the team.
In a traditional model of innovation, a small group – typically research and development or marketing – are the keepers of innovation. They'll provide the innovative ideas that the organization uses to drive itself forward. However, the idea that such a small group of people can be as powerful as enabling ideas and innovation to come from everyone in the organization can be silly.
In a focused engagement the question is about the person from which the vital idea will come. When you're seeking to operationalize innovation into an organization there's a slightly different context. There it's about being inclusive about your thinking about who can help drive innovation forward. The vital idea may come from the CEO but it's much more likely to come from the manufacturing line worker who spends time dreaming about making something new and different and compelling. The manufacturing worker longs to have something exciting to share with their family about something new and interesting they're doing since for the most part they cannot see their jobs today that way.
Innovation comes often from questioning the orthodoxies (paradigms or ingrained practices) that people have come to expect. The people in management have too much to lose to be free to openly question orthodoxies – and innovate from the ideas that breaking them down can bring. Whirlpool broke down their orthodoxy that their customers are women with their line of garage storage solutions.
Flavor of the Weak
Anyone with corporate experience has seen programs come and go. The CEO reads a new book and decides that it's the solution to the ails that the organization has. They hastily pen a note to HR to implement a new program. This kicks off a new program which is barely out of the gates when the CEO reads the next book and pens a new note to HR with the next new program. While this may be a slight exaggeration, it's fundamentally what corporate cubicalites expect. With experience in the organization they realize that today's hot topic will be discarded soon enough when it doesn't work – so why get worked up about it?
Innovation can become the flavor of the month. It can be the thing that leadership (CEO or otherwise) believes is the thing that the organization needs. However, as Unleashing Innovation attributes 3M – does the leadership have the unwavering commitment to wait for patient money? There's no doubt that innovation can return massive changes in profitability for an organization if it's able to wait for them. Innovation isn't a short bet and it's not for those who're watching the quarterly returns to be reported to the stock market.
Innovation Operational Excellence
What happens when you take an organization that's known for organizational excellence in the form of Lean Six Sigma and Malcolm Baldrige awards and you infect them with innovation? The answer is that the organization weaves innovation into its DNA just like it had woven quality through its DNA. The results are amazing.
Manufacturing organizations used to have manufacturing systems and separate systems to ensure quality. However, thanks to Deming, organizations began to integrate quality into their manufacturing system. Instead of something separate which must be added on to the manufacturing process it was integrated into the process and as a result quality became the way of operating.
Like quality, integrating innovation is about a change of mindset. Integrating the quality system is about allowing everyone to identify and resolve quality problems. (See Change or Die about how Toyota took one of GM's worst performing plants and made them effective by listening to them.) Innovation is a more difficult mindset to instill because it requires a level of creativity in addition to a level of commitment and focus.
There are hidden reasons why this is more challenging. Innovative and creative thought requires that our minds be free to think outside the box as was discussed in the book Drive. It's hard to provide the accountability necessary for productivity while providing a safe environment for innovation and failure. Creating an environment that simultaneously hold people accountable and allows for failures is a difficult balance.
Rational and Emotional Drivers
Unleashing Innovation breaks down the drivers for innovation in the organization into two categories, the rational drivers and the emotional drivers. These roughly break down into the rider and the path in the rational drivers category and the elephant in the emotional drivers category. (See Switch and The Happiness Hypothesis for more on the elephant-rider-path model.) They describe the emotional drivers as twice as important as the rational drivers – and yet the rational drivers are substantially longer and more detailed.
There are numerous rational ways to drive innovation into the culture. By setting up the systems of the organization up in a way that encourages innovation you create more conditions for innovation to occur. (See The Fifth Discipline and Thinking in Systems for more about how systems work.)
What appears below are the rational drivers called out in Unleashing Innovation with a few slight modifications of my own and commentary on them:
Strategic Architecture – The highest level framework for the organization is its vision, mission, goals, etc. Some of these can be created from the perspective of being most innovative or leveraging innovation to maintain profitability or they can be focused on operational excellence or cost efficiency. The more aligned the strategic architecture of the organization is towards innovation, the easier it will be for innovation to catch and be sustained in the organization.
- Vision – As I mentioned in my book review of Dialogue I never met a vision I liked because they weren't specific enough but I have a respect for the alignment that they can encourage. Aligning around innovation can be a powerful thing.
- Goals – If the organization's goals don't include some measure of how innovation is driving the organization, how can you expect that employees will drive innovation?
- Principles – In Heroic Leadership it was clear the four principles that the Jesuits worked from. If your organization doesn't understand its guiding principles and they don't include innovation how will the organization become innovative?
- Approach – Sometimes the approach the organization uses like top-down control can stifle innovation. How is it that the organization approaching management and the encouragement for people to try new things – and fail?
- Definitions – As mentioned above, the definition of what is innovative has a powerful set of effects on driving innovation.
Management Systems – Innovation is patient money but there must still be systems in place today to ensure the organization can survive the short term to take advantage of the long term effects.
- Financial – Does the financial system have a way to track the value of innovation to the organization? If you can't track the impact of innovation to the organization it may be assigned no value and cut.
- Strategic and Operations – Many organizations have famously created "slack time" where their employees can work on their own projects. Does your operational system have a way of allowing people to nurture their innovations?
- Performance Management – Does your performance management system focus exclusively on short-term goals such as utilization and quarterly profitability such that employees are dis-incentivized to work on long-term initiatives such as innovation?
- Leadership – Does leadership understand the criticality of innovation to long term success and model ways to encourage innovation?
- Career – Are promotions and performance reviews focused around goals that encourage or discourage innovation? Are employees, for instance, penalized for their failures – even when they were attempting to be innovative?
- Learning and Knowledge – How are learning and knowledge encouraged in the organization? Learning and the development of new knowledge are at the heart of innovation. Are employees encouraged to be continuously learning and developing themselves – beyond a tuition reimbursement program?
- Innovation Pipeline – Having a defined process for how innovations make it through the system makes it easier for innovators to be innovative. When people don't understand the social norm, or don't understand what they need to do next, most will just stop. The more clearly you can articulate the way the organization expects innovations to be nurtured to completion, the more innovations will make it through the pipeline.
- Innovators and Mentors – Most employees need to know they're not alone. Feeling safe is based in part on knowing others have been there before. Just having other successful innovators (heroes) is a great start but it's even better if the successful innovators are also encouraged to mentor other innovators along – to help pull them up.
Execution – While innovation is a creative task there's still an aspect of execution to getting the innovation done. Remember that I define innovation as an idea that's implemented and implementation requires the ability to execute.
- Metrics – Are the metrics that you're choosing effective at measuring progress of an idea through the innovation pipeline?
- Sustaining Mechanisms – What mechanisms do you have in place to support and push forward (or kill) innovations that get stuck.
- Value Extraction – How do you ensure that you are able to extract the maximum value from the innovations so that it becomes clear how important or critical innovations are to the organization?
As I've alluded to numerous times in my reviews, emotional topics are much harder to turn into explicit knowledge. (See Emotional Intelligence and Emotional Awareness for the difficulty of discussing emotion and The New Edge in Knowledge and Lost Knowledge for more about explicit knowledge.) Books like Who Am I? and Enneagram based Personality Types seek to quantify the factors that make people who they are – or at least communicate the person they've become. Most of these drivers are emotional in nature. Despite the challenges with conveying emotional drivers Unleashing Innovation attempts to quantify the factors that lead to emotional engagement in the innovation process in four categories:
- Dream – Everyone dreams. They want to think about winning the lottery or a future where their current problems are no longer problems. Many employees who have their lives wrapped up in their career or their organization want to see their friends succeed too. They want to be able to live lives that are beyond their current situation. By capturing the dreams of the employees about the organization and wrapping them up in the process that can drive innovation you can harness our desire for a better future.
- Create – The earliest humans created tools to make their lives better. We as a race are hard wired to create new things. It's no wonder then that some of the happiest people are those who create or that by enabling employees to create new markets, new product lines, or new divisions through innovations can engage employees in the innovation process.
- Heroes – Each of us has some desire to be accepted, liked, and looked up to. Heroes, those people who are held up as examples, are the people we want to be. Even the most introverted person wants to be acknowledged for the value they're bringing. By holding up the success stories – the heroes – you're creating a natural drive for more people to be innovative so they too can be respected.
- Spirit – There is a certain indivisibility of the spirit and culture of an organization. It's easy enough to say that you're happy when someone else in the organization is successful – instead of you – but to live it is much harder. Creating an organization where everyone truly wants everyone else to be successful and where petty infighting isn't the norm is a monumental challenge but one that reaps huge rewards not just in innovation but in many other aspects of corporate life as well.
I don't think that any one book could possibly communicate how to shape the emotional currents of employees. Some of the other books which I've reviewed which have elements of the emotional motivation of others are: Diffusion of Innovations, Change or Die, Drive, Primal Leadership, and Collaborative Intelligence.
Sources of Innovators
Innovators come in different shapes. They come from different perspectives. Unleashing Innovation identifies four:
- Searchers – These are looking to create new opportunities to expand the known map of what the organization can do.
- Orphans and Outcasts – These are never fully committed but because of that can see the orthodoxies that others cannot. They come to engage themselves more fully in the organization and to shape it more like they want the organization to be.
- Thrill Seekers – For some an innovation represents the thrill of the chase. If they can do this then what else can they do?
- Rebels – These are those that have a hidden distain for some part of what the organization is or has become and they leverage the innovation process to change the organization to be less of what they don't want and more of what they do.
If you're looking at trying to embed innovation into every corner of the organization or you're trying to integrate innovation into your every day, maybe it's time to pick up Unleashing Innovation.
Monday, August 25, 2014
Book Review, Professional
I've written about Dialogue before. I initially summarized my thoughts from The Fifth Discipline and Dialogue Mapping in a post called Discussion and Dialogue for Learning. More recently I posted about one aspect of Dialogue in my post on Defensive Routines and a second aspect in The Inner Game of Dialogue If you've missed it, I'd suggest you start with that post because it is really the other half of this post which got to be way too long.
Dialogue is much about creating the right environment through preparation of ourselves and creating a place where people can feel safe to express their reality.
The desire for dialogue … to be a part of something more
Creating conditions vs. forcing it to happen
Four Pathologies of Thought
Dialogue calls out four pathologies of thought – four things that lead us down paths which move us further away from Dialogue. They are:
- Abstraction – We fail to see things in concrete terms – in how our thoughts and actions are connected to real things.
- Idolatry – We idolize people, methodologies, and things so much that we fail to question them.
- Certainty – We believe in our own understanding so firmly that we can't allow the possibility that we're wrong and that someone else may be right
- Violence – We hold a grudge, a vengefulness about a person who may have wronged us.
David Kantor describes four positions that people can take in a discussion and how those positions can be intended and perceived. Someone can move through these positions in a discussion and be in different positions at different times. These four positions are like roots from which the personalities described in Buy-In are derived from. Here are the four positions and their intent and how they are sometimes perceived:
Sometimes Seen As
Life sometimes requires that we behave in one way and at other times requires that we behave in another. For instance, we must sometimes be freely giving of our time to our family and friends and other times we must guard our personal time. We sometimes must be frugal with our expenses in our day-to-day living to be able to be free with our spending during vacations.
Kantor cautioned about systems where two opposite ways of acting are required inside the same system since humans are particularly bad at learning when they must do something that at the other end of the spectrum they cannot do. Kantor called these structural traps.
We create structural traps when we call for dialogue in one conversation and shut people down for speaking the truth in the next meeting. The greater the different required in the behavior, the more space and the more safety that are required.
Ladder of Inference
Reality is an illusion created by our mind. We don't see or perceive reality – we have a perception of reality. We believe that our perception of reality is reality because we have nothing to contradict our perception. While we know every little thing about reality and much less about other people we often infer or project onto another person what we believe.
We can observe someone who has a sloppy appearance and from that decide that they're a bum, aren't clean, or are homeless. The direct observation is actually that their shirt is untucked or that they've got sweat stains on their shirt. From that, we infer that they have a sloppy appearance. From the sloppy appearance we ascribe or infer something else to them.
This process is both natural and dangerous. The problem is that we will infer things about people which aren't true. Unfortunately we don't store the inferences as inferences, we store them in our brains as facts. This causes for us the problem of unconsciously applying disrespectful judgments to people that we don't necessarily intend.
When encouraging dialogue we must be mindful of the ladder of inference we're placing above people comments – and specifically test them or dispel them as soon as possible. If we believe that someone is a bum, we might ask what they've just been doing. We may find out they've been working hard to build some landscaping and haven't yet had a chance to clean up.
My favorite story here is one where a man was riding home on the subway and there were a set of unruly kids disturbing nearly everyone on the subway. The man finally, in disgust, speaks to the father of the children who had been to this point oblivious to what the kids were doing. The father of the children responds that he's sorry that they had just left their mom's funeral and he didn't know what he was going to do or notice the kid's behavior. Our ladder of inference quickly jumped that the father was a bad father because his kids are unruly instead of questioning what the factors that led to the behavior were.
Feeling, Meaning, and Power
Have you ever been in a conversation and you felt like the parties were talking past each other? Each saying that the other was completely missing the point? One person is wondering out loud how everyone would feel after the decision was announced? Another person wonders what it will mean to everyone when the decision is announced. The third person talks about getting the decision done and what are we waiting on.
Kantor spoke of three different languages being feeling, meaning, and power. Two people speaking in the same language will understand each other well and speak effectively, but this isn't necessarily the case when people aren't speaking the same language.
The language of feeling is all about the emotional impact that will occur as the result of the decision. Meyers-Briggs speaks about folks being more feeling focused or thinking focused. (T(hinking) or F(eeling)). People who are more feeling focused are more likely to communicate in the language of feeling. This includes their feelings about the decision and the feelings of others. These folks demonstrate a high degree of emotional intelligence.
The language of meaning is all about how people will think about the decision. Back to Meyers-Briggs these would be those with a high thinking perspective. They're concerned about the long term impact of a short term decision and are focused on the downstream ripple effects.
Finally, the language of power is focused on getting things done. They're tired of the analysis paralysis and just want to move forward believing that any action is better than no action.
When someone is in one language – even if they know how to speak multiple languages – they may not be able to hear someone speaking in a different language.
One of the interesting things in having read a few books over the years is how often the ideas that we're looking at come back from a few individuals. Kurt Lewin is often quoted about his perspectives on people and behavior. This makes sense given his psychologist. However, one of the other commonly referenced visionaries is David Bohm. David was a physicist. He was gifted in his ability to see the natural order and flow of things. He was particularly effective at his expansion of the concepts of what dialogue is. However, this isn't the extent of his vision. There's another expanse that Dialogue surfaces. That is, he describes that trees do not come from seeds – that would be silly that a big tree came from such a tiny seed. Instead he encourages us to see a seed as an aperture through which the tree emerges. This is a great way of seeing things connected to the whole. He describes the process of nature unfolding and folding on itself.
Nature combines elements to unfold into a tree. When the tree's life is done those same elements fold back in to the rest of nature ready to recombine and become another tree or something different entirely. In this way we see that we're all connected to one another. We're all a part of the same stuff of nature. We're not apart from nature, were a part of the nature of all things.
We're All The Same
The more that I speak with people the more I realize that we all have the same fears and hopes and dreams. I don't mean that in a precise sense. I don't have the fear that my daughter has about being liked or fitting in at college but I do want to be a part of the "cool club" at the conferences I attend. I know that others want to receive the Microsoft MVP award to be in the group that I'm in.
In 2013 the SharePoint market convulsed at the announcements made at the Microsoft SharePoint Conference in 2012. The message was that on premises deployments were going to be no more and all hail the cloud. That messaging didn't sit well with customers and as a result many clients focused their energies outside of SharePoint hoping that the dust would settle. The result in the consulting market was that many organizations eliminated or scaled back their SharePoint practices.
The SharePoint developers started working on .NET projects. The infrastructure consultants went on to work on Azure, migrating users to Office 365, or some other product. Estimates on the change for consulting organizations ranges from 25% to 75% of their business was gone. Consultants that I talk to are scared. If they're working for themselves they're struggling to find clients. If they work for an organization they're not hitting their utilization numbers and they know that this means they are at risk of losing their job. I was speaking with a colleague inside of an organization and she mentioned that she's concerned about layoffs at her organization. It seems everyone is concerned about where they're going to continue to be able to make money to feed their families.
At the heart of the book Dialogue – The Art of Thinking Together is the awareness that we are all the same. We're all human. We have – when viewed broadly – the same desires, concerns and fears. In Emotional Awareness I heard the Dali Lama speak of compassion for all living things. For cultivating this compassion that connects us to everyone else. Sometimes we slip into a narrow minded view that we have to protect ourselves and what we have. We begin to think win-lose that in order to win someone else must lose. We stop thinking in terms of the Nash equilibrium and instead move to von Neumann-Morgenstern. (See The Science of Trust for Nash and von Neumann-Morgenstern equilibriums.)
Perhaps if we are able to cultivate our compassion for all people and our understanding that we're all fundamentally the same we'll be able to finally Dialogue instead of discuss.
Don't Just Talk About It, Read About It
If you're interested in how to create more knowledge, more dialogue and better interactions, it might be time to stop talking about it and read about it in Dialogue: The Art of Thinking Together.
Wednesday, August 20, 2014
Implementing Kerberos is frequently considered painful by IT Professionals. It seems like there's some magic incantation that has to be said over the network for things to work correctly. However, the components are relatively straight forward. In this post I'm going to walk through Kerberos setup front to back including delegation, how to get it working, and what doesn't work. My goal is to distil a great number of blog posts with half-collected information and make it all fit together so you can implement Kerberos step by step.
Some folks talk about Kerberos as resolving the double-hop problem – though that's relatively old terminology which is really talking about the fact that you're not allowed to use the client's NTLM credentials to access another source. Kerberos allows you to use pass-through authentication so the user's credentials can be used for backend services – particularly for access to SQL data.
This post applies equally to SharePoint 2010 and SharePoint 2013. The biggest change is that in 2010 you could do unconstrained Kerberos delegation (explained later) if you continued to use Windows Authentication. Since 2013 practically eliminates this option and strongly encourages the use of claims, you can no longer do unconstrained Kerberos delegation and must implement constrained delegation which is a little bit more challenging to setup. Let's start with getting users to be able to use Kerberos to login to the SharePoint site.
SharePoint Login via Kerberos
Getting Kerberos to login to the SharePoint site is the first step. This involves only two major steps. First, getting the service principle name correct in Active Directory. Second, you must configure SharePoint to accept Kerberos authentication. Let's look at each of these in turn.
Service Principle Names for Kerberos
Kerberos is old in computer terms having come out of work at MIT and having been used for a long time. At its core, Kerberos requires mutual authentication. That is the server must identify itself to the client and the client identifies itself to the server. In Windows much of this is handled automatically as computers are automatically registered with their names in active directory. The problem occurs when a computer needs to host a site that's not the same as its computer name. For instance, when www.leadinglambs.com is hosted on SP2013-DC and no changes have been made, a client wouldn't allow Kerberos authentication because the name of the resource being accessed (www.leadinglambs.com) doesn't match the name of the server providing the resource. This is fundamentally the same sort of protection that is used in SSL – the name of the certificate must match the name the client is using to access the resource. The solution to getting the names right is to setup a service principle name.
One added complication is that the service account (application pool account) and not the computer is the account in active directory which gets enabled for the URL. So your service account (say sp.svc) is what you register the target name to. Before we can set the name we need to understand the full service principle name and not just the URL component of it and that leads us to services and protocols.
Service classes and Protocols
One common mistake is to believe that you prefix the URL in a service principle name with the actual protocol that is being used. This isn't correct. For instance, in SharePoint 2013 most URLs are going to be SSL or HTTPS URLs and yet the service principle name will start with HTTP/. The reason for this is that service principle names aren't using literal network protocols. They're service classes. As a result adding with HTTP/ enables the account to respond to both HTTP and HTTPs. The two service classes that are the most interesting to most folks are HTTP and MSSQLSvc which is used for SQL Server connections.
Before leaving how to form SPNs, it's important to talk about what happens when you port shift services – that is you make them available on a non-standard port. This isn't a problem for Kerberos but you have to append a comma and the port number to the end of the SPN. So for example if you have www.leadinglambs.com running HTTPS on a non-standard port of 4443 (instead of 443) you'll need an SPN of HTTP/www.leadinglambs.com,4443
The tool that you use for registering the SPN in AD is SETSPN and it comes on most servers – worst case you can run it from a domain controller which will surely have it. The format of the command you want is SETSPN –S <SPN> <account>. In our www.leadinglambs.com web site example on a standard port on the service account SP.SVC would look like this:
SETSPN –S HTTP/www.leadinglambs.com sp.svc
You may want to do a –L and the account name (SETSPN –L SP.SVC) to list out all the service principle names on the account to make sure you got it right after you've done the addition. Also, we recommend –S instead of the older –A because –S will ensure there are no duplicates. If you have two account registered with the same SPN – you won't be able to authenticate via Kerberos to that service.
Enabling SharePoint for Kerberos
Enabling SharePoint to accept Kerberos for authentication is straight forward. You go into Central Administration, select Manage Web Applications, click in the whitespace to the right of the web application name you want and in the ribbon click the Authentication Providers option. From the Authentication providers dialog click on the default zone and in the Edit Authentication dialog select the drop down under Integrated Windows authentication and select Negotiate (Kerberos). Next scroll down and click the Save button.
Now it's time to test it. For that you'll want to use the awesome and free Fiddler (www.fiddlertool.com). I won't go into the details of how to setup Fiddler so it can decrypt HTTPS traffic. There are plenty of walkthroughs on how to do that. Once you have Fiddler running try to login to the site. The initial request will get a HTTP 401 response from the server (unauthorized). The browser will respond with authentication and you'll see something like the following in the request:
This indicates that the browser authenticated with Kerberos.
Delegating Authentication via Kerberos
While logging in via Kerberos is a good start, you still can't use the user's credentials to access other resources until the account for the machine in Active Directory and the service account are trusted for delegation. There are two approaches to delegation – unconstrained and constrained. On the surface it would seem like unconstrained would be a better approach (less constraining). However, unfortunately in a claims mode implementation will require constrained delegation. However, let's look at both options.
When a user logs in with Kerberos it's possible to trust a computer and a service account and use their Kerberos identity with back end resources – when the computer and service account are trusted for unconstrained delegation. With this setting they'll be able to go to any backend service in the network using those credentials. This was the method we used in SharePoint 2007 and for SharePoint 2010 when not using claims. However, when we're using claims we really don't have a Kerberos login to pass along. The user logged into the web server with Kerberos and we generated a claims token from there on out we've been using the claims token to access local resources. So when we want to access remote resources we can't just delegate the Kerberos ticket because we don't have it any longer.
Behind the scenes SharePoint has been using the Claims to Windows Token Service to get a Windows token for a given user from the user's identity claim. This works well for on-box resources but it's not valid for remote resources when using unconstrained delegation because it didn't originate from a user Kerberos login directly – claims is in the middle. What we need to be able to do is to do a protocol transition. That is we need to be able to use our claims based authentication protocol and transition to a Kerberos login which we pass along. (I'm purposefully avoiding the detailed technical language of Kerberos about Ticket Granting Tickets, etc., to minimize the complexity of the discussion.)
Constrained delegation works like unconstrained delegation in that the service can reuse the credentials of the user except the credentials can only be used for prespecified services. When delegation is setup for the computer and service account the administrator specifies what services can be delegated to. Additionally, and importantly as previously mentioned, it's possible to do protocol transition. This is essential. Constrained delegation requires that you specify the allowed service endpoints. Let's looking at setting up constrained delegation in Active Directory Users and Computers.
Before setting up delegation the first step is to make sure that the service account used for the service that you want to be able to delegate has to have its service principle name setup too. So if you want to delegate to SQL server running on the default instance on the SP2013-SQ box running on the service account SQ.SVC you need to you're the SETSPN command:
SETSPN –s MSSQLSvc/SP2013-SQ SQ.SVC
Once the service principle name for the service is setup, setting up delegation isn't difficult. It's a matter of bringing up the computer account and the service account and changing the settings on the delegation tab. Let's start with the delegation tab of the computer account. Find the computer account (you can use Right-Click Find… if you want) and select properties then select the Delegation tab. It should look like this:
Click the Trust this computer for delegation to specified services only (which is constrained delegation). Then click the Use any authentication protocol radio button if it's not already selected. Then Click the Add button to add the services that this computer can delegate to. The Add services dialog will appear like this:
Next Click the Users or Computers… button. Enter the name for the service account for the SQL server that you want to delegate to and click OK. The list of SPNs associated with the account will appear and you can click the services you want or click the Select All button – the dialog will look something like:
Click OK to close the Add Services dialog then OK again to close the computer properties. Find the SharePoint service account and do the same procedure for it. Note that if you haven't already assigned the service principle name to the SharePoint service account the Delegation tab won't even show up in the properties for the user – so you'll need to make sure that you associate the SPN for the SharePoint web site first.
There are some special considerations that can create problems with Kerberos that it's worth mentioning here:
One of the hardest things with Kerberos is that testing your setup is very difficult and logging for what is wrong is effectively non-existent. However, there is a way that you can use out-of-the-box functionality to see if Kerberos delegation is working. You can setup an external content type with SharePoint Designer. Lightning Tools have step-by-step instructions at http://lightningtools.com/bcs/creating-an-external-content-type-with-sharepoint-designer-2013/ This will give you a quick way to test to see if your setup functions before using other tools.
One other additional troubleshooting idea that you may need to look into is enabling LSA Loopback if you're testing on the server locally. You can find out more about how to set this up in the MS KB article 896861.
If you're interested in more background on this topic you can read the Microsoft provided Configure Kerberos authentication for SharePoint 2010 Products.