**
Stephen....holding things in isn't good for you...so please go ahead and get all your items off of your chest......

:-)

Tim Powell
Vice President
KPBS, Inc.
704-489-8599 (Office)
704-301-1047 (Cell)








From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Heider, Stephen
Sent: Monday, January 30, 2006 12:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: What Bugs you about Remedy?


**
To those on the List and anyone at BMC, I think ARS is an excellent and powerful product. Yet, every product can be improved. Here is my quick list:

1. Full API support in the .Net API. In addition, with each example in the help guide both C# and VB.Net languages should be included.

2. A button for the $NULL$ keyword throughout the Admin Tool (ie. Run If qualification, Set Fields, etc.) - I use this keyword far more than any other.

3. A button for the $NULL$ keyword in the User Tool for Advanced Searches.

4. Save environment settings in Admin Tool and User Tool as they are changed instead of waiting until the user successfully logs out. Occasionally these programs do crash and any settings are lost.

5. Ability to setup the layout of the Admin Tool and press a button/select a menu option to write these settings to the AR System Administrative Preferences form right then.

6. Larger windows in Admin Tool for developing work flow (Active Links, Filters, Guides, etc.). I have dual 20" monitors and yet I frequently have to scroll or click the ellipsis button to see all the code or objects.

7. Quicker turn-around time for purchasing licenses. Once BMC receives the official request from our vendor it seems to take a very long time to receive the license keys. With almost every purchase our vendor (and sometimes me) has had to repeatedly contact BMC to find out when we would receive the license keys.

8. Single-Sign-On with Windows User Tool.

9. More granularity with installing server patches with the installer program. For example, there should be an option to *only* patch DLLs and other files and *not* update any forms, fields or work flow.

10. Support current version of Crystal Reports - at least with the current version of ARS and User Tool. Within 3 months after a new version of Crystal Reports is released [from Business Objects] BMC should endeavor to put out a new patch of the User Tool that supports it. BMC undoubtedly has access to beta and pre-release versions of Crystal Reports months before it is finally released to the public. This should provide ample time to patch the User Tool.

11. Support for current version of SQL Server. Version 2005 was released 3 months with beta versions available for over a year, yet no word on if/when it will be supported. Chances are that 99.9% of ARS would run fine as-is now.

12. Clarify in writing the exact licensing requirements with ARS on SQL Server. After many contacts with our vendor, and our vendor directly with BMC, there is no consensus on how to properly license SQL Server to run ARS. Is it by the number of threads, by number of Remedy users? This information should be posted on the SupportWeb.

13. Fix the KB search on the SupportWeb. After one or two searches I have to log out, wait an hour and then log back in to be able to search again due to infinite timeouts. This has been going on for over a year. It finally reached the point where I simply wrote a program that downloads every KB and stores it in a Remedy form so I can perform my own queries.

14. Add the IP address of users in log files.

15. Have the option to log to tables instead of text files. This could be a regular Remedy form a direct SQL table. This would provide increased ability to monitor and troubleshoot a system, would allow for filtering (ie. I only want to query for entries that I made between 2:00pm and 2:05pm), could take less time to debug and would allow for reporting.

16. Change licensing enforcement to pre-version 6.3 whereas the same user can be logged into more than one computer. Our technicians are logged into Remedy at their desk throughout the day. They also move around a lot to support our users. As soon as the new licensing enforcement went into effect technicians were now forced to return to their desk to update a Remedy ticket. They used to be able to update their tickets right then - the new Remedy licensing has reduced worker productivity.

17. Provide downloadable training modules and exercises on ARS and other Remedy products. These could be billed by module and/or annual subscription for a set of modules. Microsoft has one implementation that may work (https://www.microsoftelearning.com/default.aspx).

18. Display a message when user has Caps-Lock turned On at the User Tool login prompt. It is relatively easy for a user to get locked out of the network (when pass-through authentication is used). In some companies Remedy/network login IDs are numeric, therefore Caps-Lock could be On and the user may not be aware.

19. Create or help sponsor a Remedy Development Guide book. As far as I know there is no third-party design and development book available for the Remedy administrator or developer. This guide would include topics such as solving particular problems, integration with other Remedy modules, integration with external systems, API usage, best practices, etc.


Stephen





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Scott Ames
Sent: Monday, January 30, 2006 11:31 AM
To: arslist@ARSLIST.ORG
Subject: What Bugs you about Remedy?


**
What bugs you about Remedy and what would you like to see them fix or change? Sometimes Remedy has the functionality, but it's implemented in such a way as to be quite a pain. Sometimes the functionality is totally missing. What bugs you and what would make your job easier?

For example:

I would love to see a simple single sign on implementation that doesn't require a lot of development.

I would like to see a robust ODBC driver for Remedy that has all the functionality.

I would like an option to generated the record ID in advance when a record is created rather than when it's saved. ...etc...


20060125This posting was submitted with HTML in it 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it

Stephen,

You clearly come from a Windows centric environment. So I understand
where a lot of what your asking for comes from, but let me add a bit
of my own 2 cents to some of these...


I do not work in a Windows only env. Sure we have it on the desktops,
but everyone wants to use the web anyways.. and no a Mac, or FreeBSD,
or... etc...

See below for my two cents...


On 1/30/06, Heider, Stephen wrote:
> **
> To those on the List and anyone at BMC, I think ARS is an excellent and
> powerful product. Yet, every product can be improved. Here is my quick
> list:
>
> 1. Full API support in the .Net API. In addition, with each example in the
> help guide both C# and VB.Net languages should be included.


Please, Oh please, before you add C#,VB.Net or even .Net to the
"supported list of API language" finish the Java API. And personally I
think there is more value in a Perl API than any "Windows ONLY"
language. Perl and Java runs just fine on Windows.

I know "C" is the primary language for ARS, but C is just plain
painful for most people to write. So higher level wrapper are a good
thing, but they all cost time/effort/bug fix cycles too. So I think
this list needs to be kept to a minimum to allow BMC to get on with
new ARS features.

So how about you pick one "Windows ONLY" language and just champion it?



> 6. Larger windows in Admin Tool for developing work flow (Active Links,
> Filters, Guides, etc.). I have dual 20" monitors and yet I frequently have
> to scroll or click the ellipsis button to see all the code or objects.


Oh I think that should have been done in v1. However Remedy/BMC
appears to be very slow to improve the development IDE (AKA: Admin
Tool) Maybe v7 will bring a step in this direction?


> 8. Single-Sign-On with Windows User Tool.

Uh... You likely mean "use my Windows login as a 'Single-Sign-On'
option via the User Tool". I can only hope that BMC sees how bad of
an idea that would be. ( I do not trust Windows authentication. It is
far to easy to hack your way in to a console and become whatever user
you want to me. Reboot from a CD, rest the users password vai a
special tool and restart and your in as that user. Very bad that it
even caches domain passwords so you should be able to impersonate
domain users that way too!

However, if there is ever a widely adopted PKI based "Single-Sign-On"
model then I would really like to see an AREA plug in for the HUB that
would support that too. (And a turnkey solution for the Mid-Tier would
not hurt too. I know I am not asking for the sky, just most of the
clouds. :)


> 9. More granularity with installing server patches with the installer
> program. For example, there should be an option to *only* patch DLLs and
> other files and *not* update any forms, fields or work flow.


Or how about just a "standard script format" for applying "file based patches.
Keep it simple (batch, WSH, sh, Perl[if you want to]) and pick a shell
for the various platforms that you support, but do not just ship me a
set of files and say "go put them where they belong", or "the
README.txt will tell you what to do".

Give me a "INSTALLDIR" setting at the top of the script and a set of
"copy"(cp, etc..) statements in an "unsupported" script for each and
every patch drop. We can edit the file if needed.

ALSO... ALWAYS release a patch as a single ZIP file. (Ok to also
release all individual files, but provide a single zip file download
too. I mean how hard would that really be for you to do? And I know it
would save me a lot of time click on 15-30 files and trying to keep
them in the right directory structure etc...)


> 12. Clarify in writing the exact licensing requirements with ARS on SQL
> Server. After many contacts with our vendor, and our vendor directly with
> BMC, there is no consensus on how to properly license SQL Server to run ARS.
> Is it by the number of threads, by number of Remedy users? This
> information should be posted on the SupportWeb.


Good luck with that request. I am sure the (BMC) lawyers will only
tell you to "follow the rules of your RDBMS and your BMC software".
Which likely mean that the answer is the highest number/combination
you can invent.


> 13. Fix the KB search on the SupportWeb. After one or two searches I have
> to log out, wait an hour and then log back in to be able to search again due
> to infinite timeouts. This has been going on for over a year. It finally
> reached the point where I simply wrote a program that downloads every KB and
> stores it in a Remedy form so I can perform my own queries.


I would go one step farther than that...
Give us, your paying customers, WebService based integration to our
support and enhancement process. Let us have an application on our
side that can "submit a ticket", "Search the KB", "Request a License",
etc... Let us register ways for you to send messages back to us (if
our business rules/networks allow for it), Let us write workflow (on
our end) that can remind us that we have not yet received that call
back, or bug fix....

Give us access to SLA type reports on the service that our 18% is
paying for. Help me prove to my management that the money is worth it
because of the service and responsiveness of this (BMC) vendor.



> 14. Add the IP address of users in log files.

And add that as a KEYWORD too. I mean you give us $ TCPPORT $ (which
according to the does does not work for a Web Application, that
exception needs removed/fixed guys) but you do not give us enough
context/connection information in workflow.

Same "context" comment applies to the VUI keyword too. (IMHO, Filters
should see this value because it might be helpful to build workflow to
allow specific operations based on VUI. Active Link's do not cut it
for anyone with an eye to security and a passing a value in a field
via an active link has it's own security problems too.)

I would really love an %ENV associative array with the users env
settings to be available in workflow (AL and passed up to FL too.) On
a browser it would include details about the Mid-Tier, browser and any
other session bits that you can get your programming hands on too.


> 15. Have the option to log to tables instead of text files. This could be a
> regular Remedy form a direct SQL table. This would provide increased
> ability to monitor and troubleshoot a system, would allow for filtering (ie.
> I only want to query for entries that I made between 2:00pm and 2:05pm),
> could take less time to debug and would allow for reporting.


Here Here. I agree fully.
But the files are also needed (at least as a fall back position
for the server) and maybe should be a redundancy to the tables like
the way a RDBMS deals with a transaction log. Having the logs emit
"Server Events" (so some such construct) would also allow us to write
workflow and monitor/react to errors/log events as they happen too. :)


> 16. Change licensing enforcement to pre-version 6.3 whereas the same user
> can be logged into more than one computer. Our technicians are logged into
> Remedy at their desk throughout the day. They also move around a lot to
> support our users. As soon as the new licensing enforcement went into
> effect technicians were now forced to return to their desk to update a
> Remedy ticket. They used to be able to update their tickets right then -
> the new Remedy licensing has reduced worker productivity.


Teach your users to logout before they leave the terminal and this
will not be a problem. They need to logout from the "remote side" too.
It is a consistent behaviour that is a "best practice".


> 18. Display a message when user has Caps-Lock turned On at the User Tool
> login prompt. It is relatively easy for a user to get locked out of the
> network (when pass-through authentication is used). In some companies
> Remedy/network login IDs are numeric, therefore Caps-Lock could be On and
> the user may not be aware.
>
>
> Stephen



ABSOLUTELY NOT!
This is one of the most stupid Window constructs that I think I have
ever seen. If I want to put a phrase in a password that is in all caps
and I do not want to "Shift+" every letter/number/symbol then I should
be able to use the Caps Lock key. (Without alerting the person looking
over my shoulder that I am typing in caps.) Judicious use of CaPs in a
password is a good thing but knowing if that "6" was a "6" or "^"
makes watching someone type a password harder to do.

If this is implemented, OH Please give me a way to turn it off from the server!

--
Carey Matthew Black
Remedy Skilled Professional (RSP)
ARS = Action Request System(Remedy)

Solution = People + Process + Tools
Fast, Accurate, Cheap.... Pick two.
Never ascribe to malice, that which can be explained by incompetence.


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org

Carey,

I thought Windows was the only operating system in existence. No?

Thank you for your details comments. I added a few too.


-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Carey Matthew Black
Sent: Tuesday, January 31, 2006 9:21 AM
To: arslist@ARSLIST.ORG
Subject: Re: What Bugs you about Remedy?

Stephen,

You clearly come from a Windows centric environment. So I understand
where a lot of what your asking for comes from, but let me add a bit of
my own 2 cents to some of these...


I do not work in a Windows only env. Sure we have it on the desktops,
but everyone wants to use the web anyways.. and no a Mac, or FreeBSD,
or... etc...

See below for my two cents...


On 1/30/06, Heider, Stephen wrote:
> **
> To those on the List and anyone at BMC, I think ARS is an excellent
> and powerful product. Yet, every product can be improved. Here is my

> quick
> list:
>
> 1. Full API support in the .Net API. In addition, with each example
> in the help guide both C# and VB.Net languages should be included.


Please, Oh please, before you add C#,VB.Net or even .Net to the
"supported list of API language" finish the Java API. And personally I
think there is more value in a Perl API than any "Windows ONLY"
language. Perl and Java runs just fine on Windows.

I know "C" is the primary language for ARS, but C is just plain painful
for most people to write. So higher level wrapper are a good thing, but
they all cost time/effort/bug fix cycles too. So I think this list needs
to be kept to a minimum to allow BMC to get on with new ARS features.

So how about you pick one "Windows ONLY" language and just champion it?


I have done a lot more with VB/VBA/VB.Net than with C, so VB.Net would
be my natural choice. With the advent of .Net languages it now becomes
*almost* only a matter of preference to which language to use. If I
knew both C# and VB.Net equally I would chose VB.Net because it is
easier to read the code, more English-like.



> 6. Larger windows in Admin Tool for developing work flow (Active
> Links, Filters, Guides, etc.). I have dual 20" monitors and yet I
> frequently have to scroll or click the ellipsis button to see all the
code or objects.


Oh I think that should have been done in v1. However Remedy/BMC appears
to be very slow to improve the development IDE (AKA: Admin
Tool) Maybe v7 will bring a step in this direction?


Making changes to the underlying framework, such as adding a new
keyword, is a large task that would involve a large amount of testing/QA
by BMC. However, making windows larger, adding a $NULL$ button, etc. in
the Admin Tool would be almost trivial to implement. I bet it could be
done in one week with one or two of BMC's great developers. Things like
these should be implemented quickly.



> 8. Single-Sign-On with Windows User Tool.

Uh... You likely mean "use my Windows login as a 'Single-Sign-On'
option via the User Tool". I can only hope that BMC sees how bad of an
idea that would be. ( I do not trust Windows authentication. It is far
to easy to hack your way in to a console and become whatever user you
want to me. Reboot from a CD, rest the users password vai a special tool
and restart and your in as that user. Very bad that it even caches
domain passwords so you should be able to impersonate domain users that
way too!


SSO can mean different things to different people in different
environments. I was referring to having Remedy [optionally]
automatically authenticate the user when the user has already been
authenticated to the network domain - Windows Server 2003 in our
environment. I agree with you that storing the user's password on the
local computer is not the best practice. Our company is nationwide with
4000+ employees; all authenticate to the Windows domain. There is a lot
of security measures - and personnel - in place to protect the network.
I have confidence in [our implementation of] our Windows authentication
that the possibility for someone to hack into an account is remote. I
would have no apprehension with Remedy+SSO here. The security would
(should?) be like that of Outlook. When I start Outlook I am not
prompted for any password because I have already authenticated to the
domain.


However, if there is ever a widely adopted PKI based "Single-Sign-On"
model then I would really like to see an AREA plug in for the HUB that
would support that too. (And a turnkey solution for the Mid-Tier would
not hurt too. I know I am not asking for the sky, just most of the
clouds. :)


> 9. More granularity with installing server patches with the installer
> program. For example, there should be an option to *only* patch DLLs
> and other files and *not* update any forms, fields or work flow.


Or how about just a "standard script format" for applying "file based
patches.
Keep it simple (batch, WSH, sh, Perl[if you want to]) and pick a shell
for the various platforms that you support, but do not just ship me a
set of files and say "go put them where they belong", or "the README.txt
will tell you what to do".

Give me a "INSTALLDIR" setting at the top of the script and a set of
"copy"(cp, etc..) statements in an "unsupported" script for each and
every patch drop. We can edit the file if needed.


I agree. I ended up writing a console application (VB.Net of course)
that automatically creates a batch file that can be later run to: stop
the Remedy services, backup the original files, copy the new files on
top of the existing files, and then restart the Remedy services.
Something like this could be implemented or provided as a downloadable
utility.


ALSO... ALWAYS release a patch as a single ZIP file. (Ok to also release
all individual files, but provide a single zip file download too. I mean
how hard would that really be for you to do? And I know it would save me
a lot of time click on 15-30 files and trying to keep them in the right
directory structure etc...)


> 12. Clarify in writing the exact licensing requirements with ARS on
> SQL Server. After many contacts with our vendor, and our vendor
> directly with BMC, there is no consensus on how to properly license
SQL Server to run ARS.
> Is it by the number of threads, by number of Remedy users? This
> information should be posted on the SupportWeb.


Good luck with that request. I am sure the (BMC) lawyers will only tell
you to "follow the rules of your RDBMS and your BMC software".
Which likely mean that the answer is the highest number/combination you
can invent.


> 13. Fix the KB search on the SupportWeb. After one or two searches I
> have to log out, wait an hour and then log back in to be able to
> search again due to infinite timeouts. This has been going on for
> over a year. It finally reached the point where I simply wrote a
> program that downloads every KB and stores it in a Remedy form so I
can perform my own queries.


I would go one step farther than that...
Give us, your paying customers, WebService based integration to our
support and enhancement process. Let us have an application on our side
that can "submit a ticket", "Search the KB", "Request a License", etc...
Let us register ways for you to send messages back to us (if our
business rules/networks allow for it), Let us write workflow (on our
end) that can remind us that we have not yet received that call back, or
bug fix....

Give us access to SLA type reports on the service that our 18% is paying
for. Help me prove to my management that the money is worth it because
of the service and responsiveness of this (BMC) vendor.



> 14. Add the IP address of users in log files.

And add that as a KEYWORD too. I mean you give us $ TCPPORT $ (which
according to the does does not work for a Web Application, that
exception needs removed/fixed guys) but you do not give us enough
context/connection information in workflow.


An $IPADDRESS$ keyword would be wonderful, in addition to having it in
the log files.


Same "context" comment applies to the VUI keyword too. (IMHO, Filters
should see this value because it might be helpful to build workflow to
allow specific operations based on VUI. Active Link's do not cut it for
anyone with an eye to security and a passing a value in a field via an
active link has it's own security problems too.)

I would really love an %ENV associative array with the users env
settings to be available in workflow (AL and passed up to FL too.) On a
browser it would include details about the Mid-Tier, browser and any
other session bits that you can get your programming hands on too.


I capture the environment when the main control form is loaded in the
application (in the Windows User Tool). I run a Set Fields with
$PROCESS$ cmd.exe /c set This captures all settings. I then parse out
what I need, like COMPUTERNAME. For the mid-tier I capture the IP
Address, network username and domain. These are the only ones I need...
There may be other ways to obtain additional data on the connecting
user.



> 15. Have the option to log to tables instead of text files. This
> could be a regular Remedy form a direct SQL table. This would provide

> increased ability to monitor and troubleshoot a system, would allow
for filtering (ie.
> I only want to query for entries that I made between 2:00pm and
> 2:05pm), could take less time to debug and would allow for reporting.


Here Here. I agree fully.
But the files are also needed (at least as a fall back position for
the server) and maybe should be a redundancy to the tables like the way
a RDBMS deals with a transaction log. Having the logs emit "Server
Events" (so some such construct) would also allow us to write workflow
and monitor/react to errors/log events as they happen too. :)


> 16. Change licensing enforcement to pre-version 6.3 whereas the same
> user can be logged into more than one computer. Our technicians are
> logged into Remedy at their desk throughout the day. They also move
> around a lot to support our users. As soon as the new licensing
> enforcement went into effect technicians were now forced to return to
> their desk to update a Remedy ticket. They used to be able to update
> their tickets right then - the new Remedy licensing has reduced worker
productivity.


Teach your users to logout before they leave the terminal and this will
not be a problem. They need to logout from the "remote side" too.
It is a consistent behaviour that is a "best practice".


For many of the technicians logging out is fine. Others are constantly
logged into to two computers throughout the day and are not able to be
logged into Remedy on more than one. I am normally logged into three
computers... but I am in the Remedy Administrator group and able to run
Remedy on all the computers.



> 18. Display a message when user has Caps-Lock turned On at the User
> Tool login prompt. It is relatively easy for a user to get locked out

> of the network (when pass-through authentication is used). In some
> companies Remedy/network login IDs are numeric, therefore Caps-Lock
> could be On and the user may not be aware.
>
>
> Stephen



ABSOLUTELY NOT!
This is one of the most stupid Window constructs that I think I have
ever seen. If I want to put a phrase in a password that is in all caps
and I do not want to "Shift+" every letter/number/symbol then I should
be able to use the Caps Lock key. (Without alerting the person looking
over my shoulder that I am typing in caps.) Judicious use of CaPs in a
password is a good thing but knowing if that "6" was a "6" or "^"
makes watching someone type a password harder to do.

If this is implemented, OH Please give me a way to turn it off from the
server!


Making this optional would be fine. In our environment I could make use
of it several times a day.


--
Carey Matthew Black
Remedy Skilled Professional (RSP)
ARS = Action Request System(Remedy)

Solution = People + Process + Tools
Fast, Accurate, Cheap.... Pick two.
Never ascribe to malice, that which can be explained by incompetence.



UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org

**
24. In Admin Tool provide ability to search objects. For example, highlight all the Filters in this form that update the zTmpField1 field.

I believe you can do this one as long as your Search database is in Sync. { Tools | Search Objects } Is that what you mean?

20060125This posting was submitted with HTML in it

**
Similar, but more advanced.



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Scott Ames
Sent: Tuesday, January 31, 2006 3:03 PM
To: arslist@ARSLIST.ORG
Subject: Re: What Bugs you about Remedy?


**
24. In Admin Tool provide ability to search objects. For example, highlight all the Filters in this form that update the zTmpField1 field.

I believe you can do this one as long as your Search database is in Sync. { Tools | Search Objects } Is that what you mean?

20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it

When you get a customer support survey request, then you are forced to
tell them how you feel about their product which takes some time to do
unless you lie or just click any on anything, otherwise you can't submit
the survey.

Ron

Scotiabank Information Commmons, University of Toronto


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org

**

BINGO -=-- That is my Greatest Complaint Right now..
I am thankful for a Installer for Patches.. But you Hit a NERVE ..


-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Axton
Sent: Tuesday, January 31, 2006 10:39 AM
To: arslist@ARSLIST.ORG
Subject: Re: What Bugs you about Remedy?

To add some more:

- Server events that properly register events (import actions cause all kinds of erroneous behavior)

- Ability to move a single field between servers. Would be nice to be able to export a form with only a series of selected field; then import it to add/update only those fields on the target server.

- Why can't the unix/linux server patches be available as a .tar.gz download. What is the point in making me set the permissions/masks for every one of the files and require me to download them one by one.

To comment on soem of Carey's remarks:

> 8. Single-Sign-On with Windows User Tool.

Uh... You likely mean "use my Windows login as a 'Single-Sign-On'
option via the User Tool". I can only hope that BMC sees how bad of an idea that would be. ( I do not trust Windows authentication. It is far to easy to hack your way in to a console and become whatever user you want to me. Reboot from a CD, rest the users password vai a special tool and restart and your in as that user. Very bad that it even caches domain passwords so you should be able to impersonate domain users that way too!

However, if there is ever a widely adopted PKI based "Single-Sign-On"
model then I would really like to see an AREA plug in for the HUB that would support that too. (And a turnkey solution for the Mid-Tier would not hurt too. I know I am not asking for the sky, just most of the clouds. :)

>> There should be some type of framework to make this possible for
all single-sign on solutions; be it Active Directory, SiteMinder, Oracle, etc,; even if it is not a turnkey solution and is an api that can be compiled and packaged with the aruser installation program.
Currently, no capabilities exist.

>> "far to easy to hack your way in to a console and become whatever
>> user
you want to me". How do you do this to make yourself a domain user, since you still have to authenticate to the domain controller? Even if you have a machine that is not connected to the network and you use the cached login/password, this does not mean you are authenticated to the domain. Try it using something like using Outlook connecting to Exchange. Physical secuirity, trust relationships (for keys), encryption, etc. are all concepts adopted by various security models, of which M$ does follow, to some degree. M$ just has too many mistakes/slop jobs in seperating userland from the kernel, which is why people are able to gain elevated privelages or launch DoS attacks using apps that should be confined to userland but aren't. Totally seperate from active directory/M$ security model.

>> "far to easy to hack your way in to a console and become whatever
>> user
you want". So, I can do the same with any unix/linux desktop with a floppy, usb device, or cd. Does this make it a mistake to trust any unix/linux accepted authentication mechanisms?

> 16. Change licensing enforcement to pre-version 6.3 whereas the same
> user can be logged into more than one computer. Our technicians are
> logged into Remedy at their desk throughout the day. They also move
> around a lot to support our users. As soon as the new licensing
> enforcement went into effect technicians were now forced to return to
> their desk to update a Remedy ticket. They used to be able to update
> their tickets right then - the new Remedy licensing has reduced worker productivity.

Teach your users to logout before they leave the terminal and this will not be a problem. They need to logout from the "remote side" too.
It is a consistent behaviour that is a "best practice".

>> This is not a "best practice". It's a waste of time. Every time
the support agent gets a call where he has to move, he should be able to access Remedy from there while leaving Remedy open with his other dozen requests in progress open at his desk. The licensing model is too restrictive. It inhibits people from using the system the way it was intended to be used. There has to be a compromise in there somewhere where BMC can enforce it's licensing model and allow people to use the system. I quote my earlier statement where we can't use a load balanced mid-tier environment and the client at the same time, even from the same machine.

Axton


On 1/30/06, Scott Ames wrote:
> **
> I would like the client, (user) to have the ability to move, remove,
> add, their own list of columns in the result list.
>
> A way to replace the standard error messages with our own , better
> looking, error messages.
>
> The ability to sub-search any field and find records that have values
> in the linked sub-table. ( Siebel does this with exists(value) )
>
> The ability to copy a form and have all the workflow, active links,
> filters, copy as well and rename themselves.
>
>
> 20060125This posting was submitted with HTML
> in it


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org


20060125This posting was submitted with HTML in it

Axton,

We sound like we are mostly on the same page... so here we go.



On 1/31/06, Axton wrote:
> To add some more:
>
>
> - Why can't the unix/linux server patches be available as a .tar.gz
> download. What is the point in making me set the permissions/masks
> for every one of the files and require me to download them one by one.

Sure I am ok with that for the Unix version too. (By "zip" I really
mean a compressed file appropriate for the target OS for the given BMC
product. .tar.gz is cool where that is the standard.)


> To comment on soem of Carey's remarks:
>
> > 8. Single-Sign-On with Windows User Tool.
>
> Uh... You likely mean "use my Windows login as a 'Single-Sign-On'
> option via the User Tool". I can only hope that BMC sees how bad of
> an idea that would be. ( I do not trust Windows authentication. It is
> far to easy to hack your way in to a console and become whatever user
> you want to me. Reboot from a CD, rest the users password vai a
> special tool and restart and your in as that user. Very bad that it
> even caches domain passwords so you should be able to impersonate
> domain users that way too!
>
> However, if there is ever a widely adopted PKI based "Single-Sign-On"
> model then I would really like to see an AREA plug in for the HUB that
> would support that too. (And a turnkey solution for the Mid-Tier would
> not hurt too. I know I am not asking for the sky, just most of the
> clouds. :)
>
> >> There should be some type of framework to make this possible for
> all single-sign on solutions; be it Active Directory, SiteMinder,
> Oracle, etc,; even if it is not a turnkey solution and is an api that
> can be compiled and packaged with the aruser installation program.
> Currently, no capabilities exist.
>
> >> "far to easy to hack your way in to a console and become whatever user
> you want to me". How do you do this to make yourself a domain user,
> since you still have to authenticate to the domain controller? Even
> if you have a machine that is not connected to the network and you use
> the cached login/password, this does not mean you are authenticated to
> the domain. Try it using something like using Outlook connecting to
> Exchange. Physical secuirity, trust relationships (for keys),
> encryption, etc. are all concepts adopted by various security models,
> of which M$ does follow, to some degree. M$ just has too many
> mistakes/slop jobs in seperating userland from the kernel, which is
> why people are able to gain elevated privelages or launch DoS attacks
> using apps that should be confined to userland but aren't. Totally
> seperate from active directory/M$ security model.


I have seen cases in the past where the M$ "server" did not
reauthenticate the desktop authentication to the domain. So a user
could disconnect from the physical network. Replace the locally stored
password for an account. Authenticate to the desktop then plug back in
to the network and use the credentials that they have now
"confiscated". In the cases that the application server "trusts" the
desktop authentication, and the desktop authentication has been
circumvented (either through hacking or other security
vulnerabilities) then this model falls completely apart. (Which is
exactly why the ARS AREA/SSO model requires the ARS server to
authenticate the user directly and not accept a "client
authentication" done at the Mid-Tier or the User Tool.)

However, with a PKI type infrastructure then a physical part of the
communication is only one part of the link. Assuming the PKI structure
still requires a password from the user then the user must supply that
value at some point in the session. Sure the PKI structure might cache
that for some limited time line (on the client, in memory) and reapply
that authentication as the needs arise, but that time should be as
short as practical and not long enough to impact the risk level to
security as a whole.



> >> "far to easy to hack your way in to a console and become whatever user
> you want". So, I can do the same with any unix/linux desktop with a
> floppy, usb device, or cd. Does this make it a mistake to trust any
> unix/linux accepted authentication mechanisms?


Yes. That is why no application server should trust any desktop
authentication. ( Hey, it is my position and I have yet to see a model
that deals with this to my satisfaction.) There are designed ways to
recover/stomp/reset almost any account in the computing universe. In
fact I can not think of a single system (at the OS layer) that
literally requires a reinstall of the OS to recover
"Administrator"/"root"/etc...


> > 16. Change licensing enforcement to pre-version 6.3 whereas the same user
> > can be logged into more than one computer. Our technicians are logged into
> > Remedy at their desk throughout the day. They also move around a lot to
> > support our users. As soon as the new licensing enforcement went into
> > effect technicians were now forced to return to their desk to update a
> > Remedy ticket. They used to be able to update their tickets right then -
> > the new Remedy licensing has reduced worker productivity.
>
> Teach your users to logout before they leave the terminal and this
> will not be a problem. They need to logout from the "remote side" too.
> It is a consistent behaviour that is a "best practice".

> >I quote my earlier statement where we can't use a
> load balanced mid-tier environment and the client at the same time,
> even from the same machine.
>
> Axton

I think that the stated problem has more to do with the way Remedy
deals with "IP" from the Mid-Tier.

It shows up in the logs from time to time as this
"encrypted"/"encoded" string. ( It is not an IP address form that I
have ever seen before. ) If they actually used the real client IP from
the mid-tier, then using multiple client types from the same client
host should be possible. Since I have yet to get any explanation for
this strange string format I can only assume that is is covering some
"possible security hole" and they are not going to talk about it.

I can use two ARS User Tool clients with the same non-admin account
against an ARS server at the same time from a single host. So my
position is that the "problem" is a flaw in the client that does not
work, or causes the "problem" with the other clients and not the
design of the authentication/license enforcement. (But maybe I am
still standing on my head in the corner and seeing this all from the
wrong perspective. It could happen. :)

--
Carey Matthew Black
Remedy Skilled Professional (RSP)
ARS = Action Request System(Remedy)

Solution = People + Process + Tools
Fast, Accurate, Cheap.... Pick two.
Never ascribe to malice, that which can be explained by incompetence.


UNSUBSCRIBE or access ARSlist Archives at http://www.ARSLIST.org

**


- Ability to move a single field between servers. Would be nice to be
able to export a form with only a series of selected field; then
import it to add/update only those fields on the target server.

Migrator can do this, if I understand what you mean.


20060125This posting was submitted with HTML in it

**
Tim,

Since you asked... a few more.

1-20. From previous emails.

21. Provide the option to right-justify text inside a Character field.

22. In the Admin Tool provide ability to filter objects. One of my forms has 600+ Active Links. When I am viewing the ALs it would be more productive to be able to list only a subset when needed. Filtering criteria could be: by prefix, by date range of last modified, by one or more AL Guides, etc.

23. In the Admin Tool provide ability to hide/show disabled objects. If I have 20 Filters that are disabled and will not be worked on now I would rather not see them - it clutters up the display.

24. In Admin Tool provide ability to search objects. For example, highlight all the Filters in this form that update the zTmpField1 field.

Stephen



From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Timothy Powell
Sent: Tuesday, January 31, 2006 8:32 AM
To: arslist@ARSLIST.ORG
Subject: Re: What Bugs you about Remedy?


**
Stephen....holding things in isn't good for you...so please go ahead and get all your items off of your chest......

:-)

Tim Powell
Vice President
KPBS, Inc.
704-489-8599 (Office)
704-301-1047 (Cell)








From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Heider, Stephen
Sent: Monday, January 30, 2006 12:59 PM
To: arslist@ARSLIST.ORG
Subject: Re: What Bugs you about Remedy?


**
To those on the List and anyone at BMC, I think ARS is an excellent and powerful product. Yet, every product can be improved. Here is my quick list:

1. Full API support in the .Net API. In addition, with each example in the help guide both C# and VB.Net languages should be included.

2. A button for the $NULL$ keyword throughout the Admin Tool (ie. Run If qualification, Set Fields, etc.) - I use this keyword far more than any other.

3. A button for the $NULL$ keyword in the User Tool for Advanced Searches.

4. Save environment settings in Admin Tool and User Tool as they are changed instead of waiting until the user successfully logs out. Occasionally these programs do crash and any settings are lost.

5. Ability to setup the layout of the Admin Tool and press a button/select a menu option to write these settings to the AR System Administrative Preferences form right then.

6. Larger windows in Admin Tool for developing work flow (Active Links, Filters, Guides, etc.). I have dual 20" monitors and yet I frequently have to scroll or click the ellipsis button to see all the code or objects.

7. Quicker turn-around time for purchasing licenses. Once BMC receives the official request from our vendor it seems to take a very long time to receive the license keys. With almost every purchase our vendor (and sometimes me) has had to repeatedly contact BMC to find out when we would receive the license keys.

8. Single-Sign-On with Windows User Tool.

9. More granularity with installing server patches with the installer program. For example, there should be an option to *only* patch DLLs and other files and *not* update any forms, fields or work flow.

10. Support current version of Crystal Reports - at least with the current version of ARS and User Tool. Within 3 months after a new version of Crystal Reports is released [from Business Objects] BMC should endeavor to put out a new patch of the User Tool that supports it. BMC undoubtedly has access to beta and pre-release versions of Crystal Reports months before it is finally released to the public. This should provide ample time to patch the User Tool.

11. Support for current version of SQL Server. Version 2005 was released 3 months with beta versions available for over a year, yet no word on if/when it will be supported. Chances are that 99.9% of ARS would run fine as-is now.

12. Clarify in writing the exact licensing requirements with ARS on SQL Server. After many contacts with our vendor, and our vendor directly with BMC, there is no consensus on how to properly license SQL Server to run ARS. Is it by the number of threads, by number of Remedy users? This information should be posted on the SupportWeb.

13. Fix the KB search on the SupportWeb. After one or two searches I have to log out, wait an hour and then log back in to be able to search again due to infinite timeouts. This has been going on for over a year. It finally reached the point where I simply wrote a program that downloads every KB and stores it in a Remedy form so I can perform my own queries.

14. Add the IP address of users in log files.

15. Have the option to log to tables instead of text files. This could be a regular Remedy form a direct SQL table. This would provide increased ability to monitor and troubleshoot a system, would allow for filtering (ie. I only want to query for entries that I made between 2:00pm and 2:05pm), could take less time to debug and would allow for reporting.

16. Change licensing enforcement to pre-version 6.3 whereas the same user can be logged into more than one computer. Our technicians are logged into Remedy at their desk throughout the day. They also move around a lot to support our users. As soon as the new licensing enforcement went into effect technicians were now forced to return to their desk to update a Remedy ticket. They used to be able to update their tickets right then - the new Remedy licensing has reduced worker productivity.

17. Provide downloadable training modules and exercises on ARS and other Remedy products. These could be billed by module and/or annual subscription for a set of modules. Microsoft has one implementation that may work (https://www.microsoftelearning.com/default.aspx).

18. Display a message when user has Caps-Lock turned On at the User Tool login prompt. It is relatively easy for a user to get locked out of the network (when pass-through authentication is used). In some companies Remedy/network login IDs are numeric, therefore Caps-Lock could be On and the user may not be aware.

19. Create or help sponsor a Remedy Development Guide book. As far as I know there is no third-party design and development book available for the Remedy administrator or developer. This guide would include topics such as solving particular problems, integration with other Remedy modules, integration with external systems, API usage, best practices, etc.


Stephen





From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Scott Ames
Sent: Monday, January 30, 2006 11:31 AM
To: arslist@ARSLIST.ORG
Subject: What Bugs you about Remedy?


**
What bugs you about Remedy and what would you like to see them fix or change? Sometimes Remedy has the functionality, but it's implemented in such a way as to be quite a pain. Sometimes the functionality is totally missing. What bugs you and what would make your job easier?

For example:

I would love to see a simple single sign on implementation that doesn't require a lot of development.

I would like to see a robust ODBC driver for Remedy that has all the functionality.

I would like an option to generated the record ID in advance when a record is created rather than when it's saved. ...etc...


20060125This posting was submitted with HTML in it 20060125This posting was submitted with HTML in it 20060125This posting was submitted with HTML in it
20060125This posting was submitted with HTML in it