SlideShare a Scribd company logo
1 of 73
Download to read offline
HCL Domino 11
First Look
Daniel Nashed, Nash!Com
Ulrich Krause, midpoints
November 2019, KÃļln
Speaker Introduction Daniel Nashed
ī‚§ Nash!Com – HCL Business Partner
ī‚§ Member The Penumbra group - An international consortium of selected
Business Partners pooling their talent and resources
ī‚§ Focus: Cross-Platform C-API, IBMÂŽ DominoÂŽ Infrastructure,
Administration, Integration, Performance, Security, Troubleshooting and
IBMÂŽ Traveler
ī‚§ “DNUG Fachgruppenleiter” Verse/Notes/Domino
ī‚§ Author Domino on LinuxÂŽ Start Script
ī‚§ Co-Author Domino Docker Script
Speaker Introduction Ulrich Krause
ī‚§ Lotus Notes and Domino since 1993
ī‚§ Developer / Administrator
ī‚§ IBM Champion 2010 – 2019
ī‚§ HCL Master 2019
ī‚§ OpenNTF Contributor
ī‚§ Let‘s Encrypt 4 Domino ( LE4D )
ī‚§ Working with midpoints GmbH
Agenda
ī‚§ Introduction
ī‚§ Backend/Infrastructure Changes
ī‚§ New Features
ī‚§ DirSync
ī‚§ Flexnet Licensing
ī‚§ Q&A
“IBM” → “HCL” Branding
ī‚§ “IBM” is replaced by “HCL” in most places
ī‚§ But there are still some “IBM” strings which stay
ī‚§ “Lotus” and “Domino” remains
Guidelines followed while replacing IBM to HCL
ī‚§ Any “IBM” Strings are Logos which are visible in normal use of the product are replaced
ī‚§ IBM Strings, Logos and Copyright in any UI like Splash screens
ī‚§ Error message, Dialog etc which are visible in normal use
ī‚§ Templates and Database which are shipped as part of Domino 11
ī‚§ Registry path in Windows platform
“IBM” Strings not replaced
ī‚§ Any Directories or Path which may cause the customers to have to alter their
applications
ī‚§ IBM_TECHNICAL_SUPPORT
ī‚§ IBM_ID_VAULT
ī‚§ IBM_Credstore
ī‚§ IBMDomino.sym
ī‚§ ibmditar.css
ī‚§ C:Program FilesIBMDominodatadominojsdojo-1.5.4ibm
ī‚§ Any configuration parameters which has IBM string in notes.ini
ī‚§ IBM strings coming from IBM proprietary like IBM OS , Server and Compiler
ī‚§ LDAP Attributes
ī‚§ Any COM objects with IBM as namespace
New Default Installation Directory
ī‚§ Linux/AIX Example:
ī‚§ /opt/hcl/domino
ī‚§ New Nash!Com Start script version doesn't install into Domino binary directory
ī‚§ New Directory /opt/nashcom/start-script
ī‚§ Install script will install into new location
ī‚§ Existing configuration is still used
ī‚§ Best Practice: Uninstall and cleanup binary directory and install in new path!
InstallAnywhere instead of InstallShield Multiplatform (ISMP)
ī‚§ Flexera InstallAnywhere 2018 used for Domino Server install
ī‚§ Traveler is already using InstallAnywhere
ī‚§ Notes Clients still stay with Install Shield (different product than ISMP)
ī‚§ Some changes in detail
ī‚§ Graphic User Interface (GUI) mode, available only on Windows
ī‚§ Console mode, available only on AIX and Linux
ī‚§ Silent install mode, available on all platforms!
ī‚§ Makes perfectly sense because Windows customers prefer GUI
Linux/AIX customers are usually more console oriented
InstallAnywhere
ī‚§ Works similar to ISMP but
ī‚§ Command Line has different parameters
ī‚§ New response file format
ī‚§ Response file is UTF-8 formatted → needs a proper editor like Notepad++ or Ultraedit
ī‚§ Windows → install.exe -r <path><myresponse>.properties
ī‚§ Linux/AIX → sudo ./install -r <path><myresponse>.properties
ī‚§ New silent install is used by Domino on Docker
ī‚§ Works well but some detailed output has changed
ī‚§ Domino 10 → “Dominoserver Installation successful"
ī‚§ Domino 11 → "install Domino Server Installation Successful"
New Javaâ„ĸ Runtime Environment in Notes/Domino 11
ī‚§ Notes/Domino 10 used the IBM JVM
ī‚§ Previous Notes/Domino version used IBM JVM build by IBM JVM team based on Oracle sources
ī‚§ HCL needed to replace the JVM with an Open JVM
ī‚§ Oracle JVM isn't free any more for commercial use (only Open Java is free)
ī‚§ See https://www.oracle.com/technetwork/java/javase/overview/oracle-jdk-faqs.html
ī‚§ Eclipse OpenJ9 that is provided through AdoptOpenJDK
ī‚§ https://adoptopenjdk.net
ī‚§ https://openjdk.java.net
New Javaâ„ĸ Runtime Environment in Notes/Domino 11
ī‚§ openjdk version "1.8.0_222"
ī‚§ OpenJDK Runtime Environment (build 1.8.0_222-b10)
ī‚§ Eclipse OpenJ9 VM
ī‚§ Time Zone data base tzdata2019c
ī‚§ https://www.iana.org/time-zones
ī‚§ Just In Time (JIT) is still enabled by default
ī‚§ Can be still disabled via notes.ini JavaEnableJIT=0
IBMÂŽ GSKit crypto libs replaced with OpenSSL
ī‚§ Previous Notes/Domino version used IBMÂŽ GSKit cryptographic libraries
ī‚§ Replaced with the OpenSSL equivalents → Free & open SSL Lib
ī‚§ OpenSSL 1.1.1a → Up to date version shipped with Notes/Domino 11
ī‚§ See details here → https://www.openssl.org
ī‚§ NotesÂŽ W32 and Mac
ī‚§ Not FIPS support (Federal Information Processing Standards – required by US government)
ī‚§ DominoÂŽ W64, LinuxÂŽ 64, AIX64
ī‚§ With OpenSSL 2.0 FIPS mode (https://wiki.openssl.org/index.php/FIPS_module_2.0)
ī‚§ Disable FIPS support → notes.ini HCC_FIPS_NON_CERTIFIED=1
ī‚§
Limiting ID vault download disabled for SAML federated
ī‚§ Previously you had to enable automatic ID download if SAML is used
ī‚§ The ID Vault security policy setting “Allow automatic ID downloads” is ignored for SAML
ī‚§ The setting is ignored because SAML authentication requires unrestricted download access to ID files
from the vault
ī‚§ User already used trusted authentication against AD
ī‚§ This feature is already included in Domino 10.0.1 FP2 → SPR# DKENAJTT67
Web authentication against NotesÂŽ ID passwords in the ID vault
ī‚§ Idea: Instead of having two different passwords which need to sync and need to be
stored in the person doc, just use the ID vault password
ī‚§ No sync needed between web and Notes.ID password
ī‚§ Safer place to store passwords
ī‚§ This only used for users with a Notes.ID
ī‚§ So there is no “all or nothing” setting
ī‚§ Instead you can define what should happen, when no ID in vault is found
ī‚§ Configured in configuration document
ī‚§ New challenge: Sync AD Password → Notes.ID password
TLS Deprecated (weak) Ciphers
ī‚§ The following ciphers are listed as weak in
Domino 11
ī‚§ TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
ī‚§ TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
ī‚§ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (xC013)
ī‚§ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (xC014)
Weak because they still use SHA1
ī‚§ Also a BSI recommendation!
ī‚§ Cipher names come back after doc refresh
ī‚§ You should remove the weak (deprecated) ciphers
Directory Sync with Active Directory (AD)
ī‚§ New implementation for a dedicated sync tool with AD
ī‚§ Completely new feature in Domino 11
ī‚§ Thanks to Ulrich Krause (midpoints) who is the most active & best tester for this feature!
Directory Sync (DirSync)
ī‚§ Directory Sync allows you to sync people and group data from an external LDAP
directory into the DominoÂŽ directory
ī‚§ Currently data from Active Directory can be synced
ī‚§ Directory Sync makes it easy for your Note users to address mail to and see details about
users in your organization not using NotesÂŽ such as Microsoftâ„ĸ Outlook users registered
in Active Directory
ī‚§ With this feature, Active Directory users automatically have Person documents in the DominoÂŽ directory
so that NotesÂŽ users can find their addresses and other information
ī‚§ Without Dirsync, NotesÂŽ users must know the addresses of the Active Directory users before they can
send mail to them, unless Person documents are added for them manually
Directory Sync Components
ī‚§ LDAP directory assistance document created in a directory assistance database that is
enabled for Directory Sync
ī‚§ Directory Sync Configuration document created in the Directory Sync view of the
DominoÂŽ directory
ī‚§ A server task, Dirsync, that runs only on the DominoÂŽ administration server, that
connects to the Active Directory server regularly to pull person and group changes into
the DominoÂŽ directory
Directory Sync Overview
Directory Assistance
Directory Assistance
SHOW XDIR
DirSync Configuration
1. Open the DominoÂŽ directory.
2. Select Configuration > Directory > Directory Sync.
3. Click Add Directory Sync.
DirSync Configuration
DirSync Configuration
Sync Groups
ī‚§ If you want to synchronize groups, select the types of groups to synchronize. If you
don't want to synchronize groups, do not select either option.
ī‚§ Global Security groups, to be able to use Active Directory security groups in NotesÂŽ
access lists.
ī‚§ Global Distribution groups, to be able to use Active Directory distribution groups in
NotesÂŽ mail addressing.
Enable DirSync Configuration
ī‚§ Select one ore more DirSync configurations and click „Enable“.
Enable DirSync Configuration
ī‚§ Select “Run in test mode” to simulate the actions that Directory Sync would take but
without changing any DominoÂŽ data.
Enable DirSync Configuration
ī‚§ Resnyc request is created automatically, when DirSync configuration has been changed.
Resync
Disable DirSync Configuration
ī‚§ Before you can edit the configuration, you must disable it!
ī‚§ Select one ore more DirSync configurations and click „Disable“
ī‚§ Request action document is being created and processed by DirSync task
Register Selected Person
Register Selected Person
Rename Registered Person
ī‚§ “Rename Domino
users upon Active
Directory rename”
option must be enabled
in the Directory Sync
configuration document
Domino 11 – Two Tier DAOS
â€ĸBigfile.xls
â€ĸHugefile.ppt
â€ĸPodcast.mp3
â€ĸBigfile.xls
â€ĸHugefile.ppt
â€ĸPodcast.mp3
â€ĸBigfile.xls
â€ĸHugefile.ppt
â€ĸPodcast.mp3
Domino
Domino 8.5
with DAOS
S3 (Simple Storage Service)
“Cloud” or “local”
S3
“Bucket”
ABC.nlo
moved
after n-days
of inactivity
ABC.nlo
Domino 11
DAOS T2
DAOS T1
+ many others
DAOS Tier 2 Storage on S3 Storage
ī‚§ “Domino Attachment Object Service (DAOS) Tier 2 storage”
ī‚§ Allows to use S3-compatible storage service to store older attachment objects that haven't been
accessed within a specified number of days
ī‚§ Reduces the amount of data stored on DominoÂŽ servers that use DAOS because of
ī‚§ Scalability
ī‚§ Storage costs
ī‚§ Backup optimization
ī‚§ A S3-compatible storage service uses the Amazon Web Services (AWS) Simple Storage
Service (S3) API
Amazon S3 Storage
ī‚§ S3 Amazon is the reference implementation
ī‚§ Amazon Simple Storage Service
ī‚§ There is an SDK from Amazon which is also used by Domino
ī‚§ https://en.wikipedia.org/wiki/Amazon_S3
ī‚§ Many vendors support “cloud object storage”
ī‚§ But it's not just for cloud storage vendors!
ī‚§ It's a general interface!
ī‚§ Simple design
ī‚§ Objects organized in “buckets” + Each object is identified by a unique, user-assigned key
Other S3 Implementations
ī‚§ Minio Server
ī‚§ Provides a S3 server and also a nice command-line client
ī‚§ Can run as a single binary or inside a Docker container
ī‚§ References and good start point
ī‚§ https://docs.min.io/docs/minio-quickstart-guide.html
ī‚§ https://docs.min.io/docs/minio-client-complete-guide
ī‚§ Other vendor examples
ī‚§ IBM Cloud
ī‚§ NetApp & others
DAOS T2 Configuration
ī‚§ Simple configuration
ī‚§ Credential Name of user/password
stored in credential store
ī‚§ S3 Bucket / S3 Endpoint
ī‚§ Settings for S3 Server
ī‚§ Push object store if not accessed for
ī‚§ Standard value 1000 days
ī‚§ Minimum internal value 7 days
S3 storage ID
ī‚§ Unique identifier for the server that is created the first time server configures itself for
tier 2. This ID becomes part of the name of each S3 object!
ī‚§ Don't change this ID once it is established!
ī‚§ You cannot access existing S3 objects if the ID changes!
Create S3 Credentials
Create a file with the credentials “dominocred.txt”
[dominocos]
aws_access_key_id = my-access-key..
aws_secret_access_key = my-secret-key...
Create named encryption key and credential store
ī‚§ KEYMGMT CREATE NEK credstorenek
ī‚§ KEYMGMT CREATE CREDSTORE credstorenek
ī‚§ Credentials are stored encrypted in credential store
ī‚§ tell daosmgr S3 storecred dominocred.txt
S3 MINIO special configuration
ī‚§ S3 MINIO needs additional parameters
ī‚§ Some of them are not just for MINIO
ī‚§ S3_USE_MINIO=1
ī‚§ Enable MINIO configuration
ī‚§ COS_SKIP_SSL_VERIFY=1
ī‚§ Disable SSL certificate checking → certificates are checked against cacert.pem in data directory
ī‚§ COS_USE_HTTP=1
ī‚§ User HTTP instead of HTTPS (only recommended for local or test deployments)
Restart serer and check startup
ī‚§ Restart server
ī‚§ This is needed to restart DAOS for each process
ī‚§ Make sure server configuration is replicated to the right server ;-)
ī‚§ Server Commands
ī‚§ tell daosmgr status
ī‚§ tell daosmgr objectinfo summary
ī‚§ tell daosmgr objectinfo all
New “tell daosmgr commands”
ī‚§ OBJECTINFO [-O outfile] [-olderThan days] [-prefix prefix] [TIER1|TIER2|ALL|SUMMARY]
ī‚§ Show information about DAOS Objects
ī‚§ OBJECTPUSH age Push objects older than age to S3
ī‚§ Manually push NLOs to T2 → Very useful for testing
ī‚§ S3 related config commands
ī‚§ S3 STORECRED Stores an S3 credential in the credential store cred-file-path [OVERWRITE]
ī‚§ S3 DELETECRED Deletes an S3 credential from the credential store cred-name
ī‚§ S3 SHOW Shows S3 credentials in the credential store
ī‚§
Tell daosmgr status
...
24.11.2019 08:56:26 DAOS Encryption is currently Disabled
24.11.2019 08:56:26
24.11.2019 08:56:26 DAOS Tier2 is Enabled
24.11.2019 08:56:26
24.11.2019 08:56:26 DAOS Tier2 Server ID = 045731D47D45CF4B3BAC64C260EB84A92822F76A
24.11.2019 08:56:26 DAOS Tier2 Credential name = dominocos
24.11.2019 08:56:26 DAOS Tier2 Bucket = nsh-domino11-daos
24.11.2019 08:56:26 DAOS Tier2 Endpoint = 192.168.100.107:9000
24.11.2019 08:56:26 DAOS Tier2 days since last access before pushing = 1
...
Tell daosmgr objectinfo summary
tell daosmgr objectinfo summary
DAOS TIERED STORAGE SUMMARY
TIER 1 STORAGE:
OBJECTS - 0
MB - 0 MB
TIER 2 STORAGE:
OBJECTS - 5
MB - 933 MB
TOTAL STORAGE :
OBJECTS - 5
MB - 933 MB
AVERAGE AGE - 47 days
Tell daosmgr objectinfo tier2 -o file.txt
ī‚§ Default outputfile: objectinfo.txt in notesdata
tell daosmgr objectinfo tier2 -o d:t2.txt
NLO_KEY TIER STATE ACCESSED AGE LENGTH
74B9AD33C9A37D5BE8406D993BACE688BA271EEC0003E9DE T2 Shared 09/29/2019 56 256,478
ABFD47F6F4FDE853FEA03127E578EBD074FA374939020DB8 T2 Shared 10/14/2019 40 956,435,896
84C534B143FE5BC221D3B1AB12DDABBDF3E0311F00AE3B30 T2 Shared 10/23/2019 31 11,418,416
5044FAB61575A0B36575E676CF7FEED189A844800004B3AE T2 Shared 09/29/2019 56 308,142
237FDB9BE73376B8577F9F111E69F2F8AA40D5C4009B6A5E T2 Shared 09/29/2019 56 10,185,310
DAOS TIERED STORAGE SUMMARY
TIER 2 STORAGE:
OBJECTS - 5
MB - 933 MB
AVERAGE AGE - 42 days
S3 Storage Encryption and Backup
ī‚§ The channel is already HTTPS encrypted
ī‚§ Even if your DAOS store isn't encrypted, the S3 NLOs are encrypted on the fly!
ī‚§ Paranoid admins might add another level of encryption on AWS level
ī‚§ Backup could be performed locally before data is pushed to S3
ī‚§ But this would need to keep NLOs not to be deleted from backup when moved to S3
ī‚§ Backup should also be performed on S3 storage!
AWS References and Download
ī‚§ Build with AWS SDK for C++ Version:1.7.85
ī‚§ https://aws.amazon.com/sdk-for-cpp
ī‚§ AWS Command Line Tools
ī‚§ https://aws.amazon.com/cli/
ī‚§ Short Video
ī‚§ https://youtu.be/77lMCiiMilo
“FlexNet Licensing Server” instead of “ILMT”
ī‚§ HCL is planning to use the FlexNet License services
ī‚§ FlexNet License Portal
ī‚§ Provide license information and license keys
ī‚§ Software Downloads
ī‚§ License measurement with FlextNet License server instead of ILMT
ī‚§ The idea is to count floating users in a 30 days usage period
ī‚§ All users with authenticated access to a none-system database count
ī‚§ Access types measured
ī‚§ NRPC access (Notes client, Traveler)
ī‚§ HTTP (e.g. iNotes, Verse)
ī‚§ POP3/IMAP
Licensing Terminology
ī‚§ Entitlement
ī‚§ Licensing model that you've been entitled to. For Domino, your entitled to Counted user model
licensing which is based on a number of users accessing Domino servers.
ī‚§ There will be a license key for Domino 11
ī‚§ FlexNet Operations Site (FNO)
ī‚§ Site used to download software and map licensing entitlements. Referred to as
ī‚§ License server (device on FNO site)
ī‚§ A server to which Domino connects to validate licensing entitlements
ī‚§ Either Cloud License server or Local License Server configuration
Cloud License Server (CLS)
ī‚§ A virtual/logical license server available through the HCL License Portal
ī‚§ You configure a Logical Device on the FNO website
ī‚§ FlexNet Server identifier and admin password you specify
ī‚§ HTTPS connection needed from Domino Servers to FNO License Servers
ī‚§ Most customers will probably use the CLS
ī‚§ No FlextNet server setup is needed
Local License Server (LLS) – Planned for 11.0.1
ī‚§ A license server installed on-premises
ī‚§ Two different modes
ī‚§ Online connects to FNO website
ī‚§ Connects over HTTPS to FNO License Servers
ī‚§ Completely off-line
ī‚§ Entitlements are manually downloaded and imported to LLS
ī‚§ Reports are manually downloaded from LLS and uploaded to FNO Website
ī‚§ Manual process which needs access to the LLS and FNO website!
Configure Could License Server (CLS)
ī‚§ Log into your FlexNet account
ī‚§ https://hclsoftware.flexnetoperations.com/flexnet/operationsportal/startPage.do
ī‚§ Create a virtual “license device” (CLS)
ī‚§ Set password for device
ī‚§ Map Licenses
Login & Create License Device
ī‚§ Log into FlexNet
ī‚§ Create Device
Configure as “CLS”
ī‚§ Give it a meaningful name and site name
ī‚§ Just for reference. Not used
ī‚§ Select “Runs license server?”
ī‚§ Select “Server deployment”: “Cloud”
Configure as “CLS”
ī‚§ Action: “Set Password”
Set CLS Password
ī‚§ Create a password
ī‚§ Tip: Avoid Linux specific chars!
ī‚§ Needed for REST calls to FNO
CLS Map Entitlements
ī‚§ Action: Map Entitlements
CLS Map Entitlements
ī‚§ This assigns licenses to your license server
CLS Server Setup complete
Connect Domino to CLS
ī‚§ Domino needs to connect to CLS over HTTPS
ī‚§ Either directly or via Proxy
ī‚§ In 11.0.0 without authentication only
REST Request for Flexnet authenticated via “JSON Web Token” (JWT)
ī‚§ A JSON web token needs to be generated from a public/private key pair
ī‚§ The public key needs to be registered with the CLS server
ī‚§ Sounds complicated but is covered by a server command (not part of Beta2)
Domino License Configuration
ī‚§ The JWT needs to be stored in a local file on the server
ī‚§ License configuration is in a new tab in config document
ī‚§ All servers can share the same configuration
ī‚§ But each server currently has it's own configuration and would need to connect to FlexNet on it's own
Domino FlexNet License Reporting
ī‚§ “restart server” to get changes effective
ī‚§ If you want to see more details enable debugging via notes.ini ServerLicenseDebug=3
23.11.2019 16:57:27,42 Licensing> Hashed 'daniel nashed/nashcomlab' into
'1A8F29B6674EF0F4A86918A046078E93EB892E7A'
23.11.2019 16:57:27 Opened session for Daniel Nashed/NashComLab (Release 11.0)
23.11.2019 16:57:27,84 Licensing> Capability Request =
00000000: 207B 6822 736F 4974 2264 203A 227B 7974 '{ "hostId": {"ty'
00000010: 6570 3A22 2220 7473 6972 676E 2C22 7622 'pe": "string","v'
00000020: 6C61 6575 3A22 2220 4131 4638 3932 3642 'alue": "1A8F29B6'
00000030: 3736 4534 3046 3446 3841 3936 3831 3041 '674EF0F4A86918A0'
00000040: 3634 3730 4538 3339 4245 3938 4532 4137 '46078E93EB892E7A'
00000050: 7D22 222C 6F62 7272 776F 692D 746E 7265 '"},"borrow-inter'
00000060: 6176 226C 203A 3322 6430 2C22 6622 6165 'val": "30d","fea'
00000070: 7574 6572 2273 203A 7B5B 6322 756F 746E 'tures": [{"count'
00000080: 3A22 3120 222C 616E 656D 3A22 2220 4448 '": 1,"name": "HD'
00000090: 4D4F 4E49 5F4F 7355 7265 2C22 7622 7265 'OMINO_User","ver'
000000A0: 6973 6E6F 3A22 2220 2E31 2230 5D7D 7D 'sion": "1.0"}]}'
23.11.2019 16:57:27,84 Licensing> Flexnet URL:
https:/hclsoftware.compliance.flexnetoperations.com/api/1.0/instances/..
Domino FlexNet License Reporting
ī‚§ “show license” Domino Server command
ī‚§ Shows the currently cached licenses
show license
Begin Domino License Cache dump.
Licensed Entity:
Added to cache time Error Total Hits MQ HashID Last Server Attempt Last Server Refresh Expires
---------------------- ----- ---------- -- ---------------------------------------- ---------------------- ---------------------- ----------------------
daniel nashed/nashcomlab :
23.11.2019 16:57:27 0 1 0 1A8F29B6674EF0F4A86918A046078E93EB892E7A 23.11.2019 16:57:28 23.11.2019 16:57:28 23.12.2019 16:57:28
---------------------- ----- ---------- -- ---------------------------------------- ---------------------- ---------------------- ----------------------
License.Cache.Entries = 1
License.Cache.Hits = 1
License.Cache.Misses = 1
License.Cache.HitRate = 50%
License.Cache.PoolSize = 1048576
License.Cache.PoolUsed = 1024
License Model = Counted User
Last cache enumeration time: 23.11.2019 17:56:35
End Domino License Cache dump.
Domino FlexNet License Reporting
ī‚§ Show used licenses using the FlexNet Admin
ī‚§ Command-Line needs your FlexNet Server identifier and admin password for the CLS
flexnetlsadmin -server https://hclsoftware.compliance.flexnetoperations.com/api/1.0/instances/DZ2EPP4XGCKT -authorize admin xyz -licenses -verbose
User authentication succeeded.
=======================================================================================
Feature ID Feature Name Feature Version Feature Count Used/Available
=======================================================================================
682125 HDOMINO_User 1.0 4/6
=======================================================================================
Device Information:
-------------------------------------------------------------
Device Name Feature Registered(Used Count)
-------------------------------------------------------------
CAF36C31C586F7561610D449F265CC7396D9622A HDOMINO_User(1)
2DCF1E219F34A8D21966D30544D71E62D94ED994 HDOMINO_User(1)
CBC2706DA6267BAE259F5F93DC76287B4FB3D80A HDOMINO_User(1)
1A8F29B6674EF0F4A86918A046078E93EB892E7A HDOMINO_User(1)
=======================================================================================
Total feature count : 10
Total feature count used : 4
Total uncounted features : 0
=======================================================================================
FlexNet License Server Download Packages
ī‚§ Needed for
ī‚§ Local License Server
ī‚§ FlexNet Admin Commands
ī‚§ Windows or Linux, Local Online or Offline Server – Just download the online version
ī‚§ Those files are usually used for the Local License Servers
ī‚§ Extracted directories contain “enterprise” directoy, containing “flexnetadmin” command
Traveler 11
ī‚§ Works on Domino 9.0.1, 10.0.1, 11.0
ī‚§ You should install current fixpacks (9.0.1 FP10 IF5, 10.0.1 FP3)
ī‚§ Traveler is continuous build with a build-date, which get a “version tag” at some point
ī‚§ The same installer will install different binaries based on your Domino version!
ī‚§ For example for Domino 11 the GSKIT is removed
ī‚§ HTTP/2 support for APNS (Apple Push notifications)
ī‚§ Supports ActiveSync 16
ī‚§ Draft Folder sync
ī‚§ Calendar Attachments & more than 24-hour meeting support
ī‚§
Domino Docker
ī‚§ Domino 9.0.1 FP10 is already supported on Docker
ī‚§ Documented via IBM technote (not available any more)
ī‚§ IBM published a first reference implementation on GitHub
ī‚§ https://github.com/IBM/domino-docker
ī‚§ Dockerfiles run on Linux and MAC OSX Docker Docker hosts
ī‚§ Domino-Core Image dockerfiles will contain installation for Domino 10.0.1
ī‚§ Sample Dockerfiles how to adapt the image for your environment and applications
ī‚§ Nash!Com Domino Start Script supports Domino on Docker with
automatic installation routine and Docker Entrypoint
Virtual Machine vs. Docker Infrastructure
Virtual Machines Docker Containers
Docker Container Concept
ī‚§ Container is
ī‚§ A layered file system where each layer references
the layer below
ī‚§ A run-time instance of an image.
ī‚§ Not containing your persistent (Domino) data
ī‚§ They are stored on a separate “volume”
ī‚§ Images
ī‚§ Are used to create containers
ī‚§ Layers build on top of each other
ī‚§ Only the differences are stored in each layer
Questions & Answers?
ī‚§ Questions & Further information
ī‚§ http://blog.nashcom.de , nsh@nashcom.de
ī‚§ https://www.eknori.de , ulrich.krause@midpoints.de
ī‚§ Resources
ī‚§ HCL site
ī‚§ https://www.hcltechsw.com/welcome
ī‚§ Domino Ideas #dominoforever
ī‚§ https://domino-ideas.hcltechsw.com
ī‚§ Submit your most wanted features

More Related Content

What's hot

Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenAlles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
panagenda
 

What's hot (20)

Domino Server Health - Monitoring and Managing
 Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
HTTP - The Other Face Of Domino
HTTP - The Other Face Of DominoHTTP - The Other Face Of Domino
HTTP - The Other Face Of Domino
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM Domino
 
dominocamp2022.t1s1.dde.pptx
dominocamp2022.t1s1.dde.pptxdominocamp2022.t1s1.dde.pptx
dominocamp2022.t1s1.dde.pptx
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
 
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
 
JMP105 - "How Stuff Works" - Domino Style!
JMP105 - "How Stuff Works" - Domino Style!JMP105 - "How Stuff Works" - Domino Style!
JMP105 - "How Stuff Works" - Domino Style!
 
HCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsHCL Sametime V11 installation - tips
HCL Sametime V11 installation - tips
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAML
 
Improving notes addressing experience with recent contacts
Improving notes addressing experience with recent contactsImproving notes addressing experience with recent contacts
Improving notes addressing experience with recent contacts
 
Real life challenges and configurations when implementing HCL Sametime v12.0....
Real life challenges and configurations when implementing HCL Sametime v12.0....Real life challenges and configurations when implementing HCL Sametime v12.0....
Real life challenges and configurations when implementing HCL Sametime v12.0....
 
HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTP
 
Important tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingImportant tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routing
 
From frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationFrom frustration to fascination: dissecting Replication
From frustration to fascination: dissecting Replication
 
Spnego configuration
Spnego configurationSpnego configuration
Spnego configuration
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning
 
Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14
 
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenAlles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
 

Similar to DNUG HCL Domino 11 First Look

Deploying DAOS and ID Vault
Deploying DAOS and ID VaultDeploying DAOS and ID Vault
Deploying DAOS and ID Vault
Luis Guirigay
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Web
panagenda
 
Die ultimative Anleitung fuĖˆr HCL Nomad Web Administratoren
Die ultimative Anleitung fuĖˆr HCL Nomad Web AdministratorenDie ultimative Anleitung fuĖˆr HCL Nomad Web Administratoren
Die ultimative Anleitung fuĖˆr HCL Nomad Web Administratoren
panagenda
 
Ctive directory interview question and answers
Ctive directory interview question and answersCtive directory interview question and answers
Ctive directory interview question and answers
sankar palla
 

Similar to DNUG HCL Domino 11 First Look (20)

Connections fornewbies
Connections fornewbiesConnections fornewbies
Connections fornewbies
 
Deploying DAOS and ID Vault
Deploying DAOS and ID VaultDeploying DAOS and ID Vault
Deploying DAOS and ID Vault
 
Domino on docker version 2
Domino on docker version 2Domino on docker version 2
Domino on docker version 2
 
Domino 8.5 Presentation for ATLUG
Domino 8.5 Presentation for ATLUGDomino 8.5 Presentation for ATLUG
Domino 8.5 Presentation for ATLUG
 
Domino on docker version 1
Domino on docker version 1Domino on docker version 1
Domino on docker version 1
 
Connect2016 Shipping Domino
Connect2016 Shipping DominoConnect2016 Shipping Domino
Connect2016 Shipping Domino
 
Connect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping dominoConnect2016 - 1172 Shipping domino
Connect2016 - 1172 Shipping domino
 
Docking, loading, running domino on docker v12
Docking, loading, running domino on docker v12Docking, loading, running domino on docker v12
Docking, loading, running domino on docker v12
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Web
 
DACHNUG50 EVERYTHING-you-need-to-know-about-HCL-Nomad-Web.pdf
DACHNUG50 EVERYTHING-you-need-to-know-about-HCL-Nomad-Web.pdfDACHNUG50 EVERYTHING-you-need-to-know-about-HCL-Nomad-Web.pdf
DACHNUG50 EVERYTHING-you-need-to-know-about-HCL-Nomad-Web.pdf
 
Lotus Domino 8.5
Lotus Domino 8.5Lotus Domino 8.5
Lotus Domino 8.5
 
DB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iDB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM i
 
Die ultimative Anleitung fuĖˆr HCL Nomad Web Administratoren
Die ultimative Anleitung fuĖˆr HCL Nomad Web AdministratorenDie ultimative Anleitung fuĖˆr HCL Nomad Web Administratoren
Die ultimative Anleitung fuĖˆr HCL Nomad Web Administratoren
 
MCITP
MCITPMCITP
MCITP
 
Unboxing HCL Notes/Domino v12!
Unboxing HCL Notes/Domino v12!Unboxing HCL Notes/Domino v12!
Unboxing HCL Notes/Domino v12!
 
Ctive directory interview question and answers
Ctive directory interview question and answersCtive directory interview question and answers
Ctive directory interview question and answers
 
Ibm connections docs 2 install guide
Ibm connections docs 2 install guideIbm connections docs 2 install guide
Ibm connections docs 2 install guide
 
70-410 Practice Test
70-410 Practice Test70-410 Practice Test
70-410 Practice Test
 
Container on azure
Container on azureContainer on azure
Container on azure
 
The lazy administrator, how to make your life easier by using tdi to automate...
The lazy administrator, how to make your life easier by using tdi to automate...The lazy administrator, how to make your life easier by using tdi to automate...
The lazy administrator, how to make your life easier by using tdi to automate...
 

Recently uploaded

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Abortion Pill Prices Tembisa [(+27832195400*)] đŸĨ Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] đŸĨ Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] đŸĨ Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] đŸĨ Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 

Recently uploaded (20)

Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >āŧ’8448380779 🔝 genuine Escort Service 🔝✔ī¸âœ”ī¸
call girls in Vaishali (Ghaziabad) 🔝 >āŧ’8448380779 🔝 genuine Escort Service 🔝✔ī¸âœ”ī¸call girls in Vaishali (Ghaziabad) 🔝 >āŧ’8448380779 🔝 genuine Escort Service 🔝✔ī¸âœ”ī¸
call girls in Vaishali (Ghaziabad) 🔝 >āŧ’8448380779 🔝 genuine Escort Service 🔝✔ī¸âœ”ī¸
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Abortion Pill Prices Tembisa [(+27832195400*)] đŸĨ Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] đŸĨ Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] đŸĨ Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] đŸĨ Women's Abortion Clinic in T...
 
call girls in Vaishali (Ghaziabad) 🔝 >āŧ’8448380779 🔝 genuine Escort Service 🔝✔ī¸âœ”ī¸
call girls in Vaishali (Ghaziabad) 🔝 >āŧ’8448380779 🔝 genuine Escort Service 🔝✔ī¸âœ”ī¸call girls in Vaishali (Ghaziabad) 🔝 >āŧ’8448380779 🔝 genuine Escort Service 🔝✔ī¸âœ”ī¸
call girls in Vaishali (Ghaziabad) 🔝 >āŧ’8448380779 🔝 genuine Escort Service 🔝✔ī¸âœ”ī¸
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems -The Print[A] Example- A Comprehension AidDirect Style Effect Systems -The Print[A] Example- A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 

DNUG HCL Domino 11 First Look

  • 1. HCL Domino 11 First Look Daniel Nashed, Nash!Com Ulrich Krause, midpoints November 2019, KÃļln
  • 2. Speaker Introduction Daniel Nashed ī‚§ Nash!Com – HCL Business Partner ī‚§ Member The Penumbra group - An international consortium of selected Business Partners pooling their talent and resources ī‚§ Focus: Cross-Platform C-API, IBMÂŽ DominoÂŽ Infrastructure, Administration, Integration, Performance, Security, Troubleshooting and IBMÂŽ Traveler ī‚§ “DNUG Fachgruppenleiter” Verse/Notes/Domino ī‚§ Author Domino on LinuxÂŽ Start Script ī‚§ Co-Author Domino Docker Script
  • 3. Speaker Introduction Ulrich Krause ī‚§ Lotus Notes and Domino since 1993 ī‚§ Developer / Administrator ī‚§ IBM Champion 2010 – 2019 ī‚§ HCL Master 2019 ī‚§ OpenNTF Contributor ī‚§ Let‘s Encrypt 4 Domino ( LE4D ) ī‚§ Working with midpoints GmbH
  • 4. Agenda ī‚§ Introduction ī‚§ Backend/Infrastructure Changes ī‚§ New Features ī‚§ DirSync ī‚§ Flexnet Licensing ī‚§ Q&A
  • 5. “IBM” → “HCL” Branding ī‚§ “IBM” is replaced by “HCL” in most places ī‚§ But there are still some “IBM” strings which stay ī‚§ “Lotus” and “Domino” remains
  • 6. Guidelines followed while replacing IBM to HCL ī‚§ Any “IBM” Strings are Logos which are visible in normal use of the product are replaced ī‚§ IBM Strings, Logos and Copyright in any UI like Splash screens ī‚§ Error message, Dialog etc which are visible in normal use ī‚§ Templates and Database which are shipped as part of Domino 11 ī‚§ Registry path in Windows platform
  • 7. “IBM” Strings not replaced ī‚§ Any Directories or Path which may cause the customers to have to alter their applications ī‚§ IBM_TECHNICAL_SUPPORT ī‚§ IBM_ID_VAULT ī‚§ IBM_Credstore ī‚§ IBMDomino.sym ī‚§ ibmditar.css ī‚§ C:Program FilesIBMDominodatadominojsdojo-1.5.4ibm ī‚§ Any configuration parameters which has IBM string in notes.ini ī‚§ IBM strings coming from IBM proprietary like IBM OS , Server and Compiler ī‚§ LDAP Attributes ī‚§ Any COM objects with IBM as namespace
  • 8. New Default Installation Directory ī‚§ Linux/AIX Example: ī‚§ /opt/hcl/domino ī‚§ New Nash!Com Start script version doesn't install into Domino binary directory ī‚§ New Directory /opt/nashcom/start-script ī‚§ Install script will install into new location ī‚§ Existing configuration is still used ī‚§ Best Practice: Uninstall and cleanup binary directory and install in new path!
  • 9. InstallAnywhere instead of InstallShield Multiplatform (ISMP) ī‚§ Flexera InstallAnywhere 2018 used for Domino Server install ī‚§ Traveler is already using InstallAnywhere ī‚§ Notes Clients still stay with Install Shield (different product than ISMP) ī‚§ Some changes in detail ī‚§ Graphic User Interface (GUI) mode, available only on Windows ī‚§ Console mode, available only on AIX and Linux ī‚§ Silent install mode, available on all platforms! ī‚§ Makes perfectly sense because Windows customers prefer GUI Linux/AIX customers are usually more console oriented
  • 10. InstallAnywhere ī‚§ Works similar to ISMP but ī‚§ Command Line has different parameters ī‚§ New response file format ī‚§ Response file is UTF-8 formatted → needs a proper editor like Notepad++ or Ultraedit ī‚§ Windows → install.exe -r <path><myresponse>.properties ī‚§ Linux/AIX → sudo ./install -r <path><myresponse>.properties ī‚§ New silent install is used by Domino on Docker ī‚§ Works well but some detailed output has changed ī‚§ Domino 10 → “Dominoserver Installation successful" ī‚§ Domino 11 → "install Domino Server Installation Successful"
  • 11. New Javaâ„ĸ Runtime Environment in Notes/Domino 11 ī‚§ Notes/Domino 10 used the IBM JVM ī‚§ Previous Notes/Domino version used IBM JVM build by IBM JVM team based on Oracle sources ī‚§ HCL needed to replace the JVM with an Open JVM ī‚§ Oracle JVM isn't free any more for commercial use (only Open Java is free) ī‚§ See https://www.oracle.com/technetwork/java/javase/overview/oracle-jdk-faqs.html ī‚§ Eclipse OpenJ9 that is provided through AdoptOpenJDK ī‚§ https://adoptopenjdk.net ī‚§ https://openjdk.java.net
  • 12. New Javaâ„ĸ Runtime Environment in Notes/Domino 11 ī‚§ openjdk version "1.8.0_222" ī‚§ OpenJDK Runtime Environment (build 1.8.0_222-b10) ī‚§ Eclipse OpenJ9 VM ī‚§ Time Zone data base tzdata2019c ī‚§ https://www.iana.org/time-zones ī‚§ Just In Time (JIT) is still enabled by default ī‚§ Can be still disabled via notes.ini JavaEnableJIT=0
  • 13. IBMÂŽ GSKit crypto libs replaced with OpenSSL ī‚§ Previous Notes/Domino version used IBMÂŽ GSKit cryptographic libraries ī‚§ Replaced with the OpenSSL equivalents → Free & open SSL Lib ī‚§ OpenSSL 1.1.1a → Up to date version shipped with Notes/Domino 11 ī‚§ See details here → https://www.openssl.org ī‚§ NotesÂŽ W32 and Mac ī‚§ Not FIPS support (Federal Information Processing Standards – required by US government) ī‚§ DominoÂŽ W64, LinuxÂŽ 64, AIX64 ī‚§ With OpenSSL 2.0 FIPS mode (https://wiki.openssl.org/index.php/FIPS_module_2.0) ī‚§ Disable FIPS support → notes.ini HCC_FIPS_NON_CERTIFIED=1 ī‚§
  • 14. Limiting ID vault download disabled for SAML federated ī‚§ Previously you had to enable automatic ID download if SAML is used ī‚§ The ID Vault security policy setting “Allow automatic ID downloads” is ignored for SAML ī‚§ The setting is ignored because SAML authentication requires unrestricted download access to ID files from the vault ī‚§ User already used trusted authentication against AD ī‚§ This feature is already included in Domino 10.0.1 FP2 → SPR# DKENAJTT67
  • 15. Web authentication against NotesÂŽ ID passwords in the ID vault ī‚§ Idea: Instead of having two different passwords which need to sync and need to be stored in the person doc, just use the ID vault password ī‚§ No sync needed between web and Notes.ID password ī‚§ Safer place to store passwords ī‚§ This only used for users with a Notes.ID ī‚§ So there is no “all or nothing” setting ī‚§ Instead you can define what should happen, when no ID in vault is found ī‚§ Configured in configuration document ī‚§ New challenge: Sync AD Password → Notes.ID password
  • 16. TLS Deprecated (weak) Ciphers ī‚§ The following ciphers are listed as weak in Domino 11 ī‚§ TLS_RSA_WITH_AES_256_CBC_SHA (0x35) ī‚§ TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) ī‚§ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (xC013) ī‚§ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (xC014) Weak because they still use SHA1 ī‚§ Also a BSI recommendation! ī‚§ Cipher names come back after doc refresh ī‚§ You should remove the weak (deprecated) ciphers
  • 17. Directory Sync with Active Directory (AD) ī‚§ New implementation for a dedicated sync tool with AD ī‚§ Completely new feature in Domino 11 ī‚§ Thanks to Ulrich Krause (midpoints) who is the most active & best tester for this feature!
  • 18. Directory Sync (DirSync) ī‚§ Directory Sync allows you to sync people and group data from an external LDAP directory into the DominoÂŽ directory ī‚§ Currently data from Active Directory can be synced ī‚§ Directory Sync makes it easy for your Note users to address mail to and see details about users in your organization not using NotesÂŽ such as Microsoftâ„ĸ Outlook users registered in Active Directory ī‚§ With this feature, Active Directory users automatically have Person documents in the DominoÂŽ directory so that NotesÂŽ users can find their addresses and other information ī‚§ Without Dirsync, NotesÂŽ users must know the addresses of the Active Directory users before they can send mail to them, unless Person documents are added for them manually
  • 19. Directory Sync Components ī‚§ LDAP directory assistance document created in a directory assistance database that is enabled for Directory Sync ī‚§ Directory Sync Configuration document created in the Directory Sync view of the DominoÂŽ directory ī‚§ A server task, Dirsync, that runs only on the DominoÂŽ administration server, that connects to the Active Directory server regularly to pull person and group changes into the DominoÂŽ directory
  • 24. DirSync Configuration 1. Open the DominoÂŽ directory. 2. Select Configuration > Directory > Directory Sync. 3. Click Add Directory Sync.
  • 27. Sync Groups ī‚§ If you want to synchronize groups, select the types of groups to synchronize. If you don't want to synchronize groups, do not select either option. ī‚§ Global Security groups, to be able to use Active Directory security groups in NotesÂŽ access lists. ī‚§ Global Distribution groups, to be able to use Active Directory distribution groups in NotesÂŽ mail addressing.
  • 28. Enable DirSync Configuration ī‚§ Select one ore more DirSync configurations and click „Enable“.
  • 29. Enable DirSync Configuration ī‚§ Select “Run in test mode” to simulate the actions that Directory Sync would take but without changing any DominoÂŽ data.
  • 30. Enable DirSync Configuration ī‚§ Resnyc request is created automatically, when DirSync configuration has been changed.
  • 32. Disable DirSync Configuration ī‚§ Before you can edit the configuration, you must disable it! ī‚§ Select one ore more DirSync configurations and click „Disable“ ī‚§ Request action document is being created and processed by DirSync task
  • 35. Rename Registered Person ī‚§ “Rename Domino users upon Active Directory rename” option must be enabled in the Directory Sync configuration document
  • 36. Domino 11 – Two Tier DAOS â€ĸBigfile.xls â€ĸHugefile.ppt â€ĸPodcast.mp3 â€ĸBigfile.xls â€ĸHugefile.ppt â€ĸPodcast.mp3 â€ĸBigfile.xls â€ĸHugefile.ppt â€ĸPodcast.mp3 Domino Domino 8.5 with DAOS S3 (Simple Storage Service) “Cloud” or “local” S3 “Bucket” ABC.nlo moved after n-days of inactivity ABC.nlo Domino 11 DAOS T2 DAOS T1 + many others
  • 37. DAOS Tier 2 Storage on S3 Storage ī‚§ “Domino Attachment Object Service (DAOS) Tier 2 storage” ī‚§ Allows to use S3-compatible storage service to store older attachment objects that haven't been accessed within a specified number of days ī‚§ Reduces the amount of data stored on DominoÂŽ servers that use DAOS because of ī‚§ Scalability ī‚§ Storage costs ī‚§ Backup optimization ī‚§ A S3-compatible storage service uses the Amazon Web Services (AWS) Simple Storage Service (S3) API
  • 38. Amazon S3 Storage ī‚§ S3 Amazon is the reference implementation ī‚§ Amazon Simple Storage Service ī‚§ There is an SDK from Amazon which is also used by Domino ī‚§ https://en.wikipedia.org/wiki/Amazon_S3 ī‚§ Many vendors support “cloud object storage” ī‚§ But it's not just for cloud storage vendors! ī‚§ It's a general interface! ī‚§ Simple design ī‚§ Objects organized in “buckets” + Each object is identified by a unique, user-assigned key
  • 39. Other S3 Implementations ī‚§ Minio Server ī‚§ Provides a S3 server and also a nice command-line client ī‚§ Can run as a single binary or inside a Docker container ī‚§ References and good start point ī‚§ https://docs.min.io/docs/minio-quickstart-guide.html ī‚§ https://docs.min.io/docs/minio-client-complete-guide ī‚§ Other vendor examples ī‚§ IBM Cloud ī‚§ NetApp & others
  • 40. DAOS T2 Configuration ī‚§ Simple configuration ī‚§ Credential Name of user/password stored in credential store ī‚§ S3 Bucket / S3 Endpoint ī‚§ Settings for S3 Server ī‚§ Push object store if not accessed for ī‚§ Standard value 1000 days ī‚§ Minimum internal value 7 days
  • 41. S3 storage ID ī‚§ Unique identifier for the server that is created the first time server configures itself for tier 2. This ID becomes part of the name of each S3 object! ī‚§ Don't change this ID once it is established! ī‚§ You cannot access existing S3 objects if the ID changes!
  • 42. Create S3 Credentials Create a file with the credentials “dominocred.txt” [dominocos] aws_access_key_id = my-access-key.. aws_secret_access_key = my-secret-key... Create named encryption key and credential store ī‚§ KEYMGMT CREATE NEK credstorenek ī‚§ KEYMGMT CREATE CREDSTORE credstorenek ī‚§ Credentials are stored encrypted in credential store ī‚§ tell daosmgr S3 storecred dominocred.txt
  • 43. S3 MINIO special configuration ī‚§ S3 MINIO needs additional parameters ī‚§ Some of them are not just for MINIO ī‚§ S3_USE_MINIO=1 ī‚§ Enable MINIO configuration ī‚§ COS_SKIP_SSL_VERIFY=1 ī‚§ Disable SSL certificate checking → certificates are checked against cacert.pem in data directory ī‚§ COS_USE_HTTP=1 ī‚§ User HTTP instead of HTTPS (only recommended for local or test deployments)
  • 44. Restart serer and check startup ī‚§ Restart server ī‚§ This is needed to restart DAOS for each process ī‚§ Make sure server configuration is replicated to the right server ;-) ī‚§ Server Commands ī‚§ tell daosmgr status ī‚§ tell daosmgr objectinfo summary ī‚§ tell daosmgr objectinfo all
  • 45. New “tell daosmgr commands” ī‚§ OBJECTINFO [-O outfile] [-olderThan days] [-prefix prefix] [TIER1|TIER2|ALL|SUMMARY] ī‚§ Show information about DAOS Objects ī‚§ OBJECTPUSH age Push objects older than age to S3 ī‚§ Manually push NLOs to T2 → Very useful for testing ī‚§ S3 related config commands ī‚§ S3 STORECRED Stores an S3 credential in the credential store cred-file-path [OVERWRITE] ī‚§ S3 DELETECRED Deletes an S3 credential from the credential store cred-name ī‚§ S3 SHOW Shows S3 credentials in the credential store ī‚§
  • 46. Tell daosmgr status ... 24.11.2019 08:56:26 DAOS Encryption is currently Disabled 24.11.2019 08:56:26 24.11.2019 08:56:26 DAOS Tier2 is Enabled 24.11.2019 08:56:26 24.11.2019 08:56:26 DAOS Tier2 Server ID = 045731D47D45CF4B3BAC64C260EB84A92822F76A 24.11.2019 08:56:26 DAOS Tier2 Credential name = dominocos 24.11.2019 08:56:26 DAOS Tier2 Bucket = nsh-domino11-daos 24.11.2019 08:56:26 DAOS Tier2 Endpoint = 192.168.100.107:9000 24.11.2019 08:56:26 DAOS Tier2 days since last access before pushing = 1 ...
  • 47. Tell daosmgr objectinfo summary tell daosmgr objectinfo summary DAOS TIERED STORAGE SUMMARY TIER 1 STORAGE: OBJECTS - 0 MB - 0 MB TIER 2 STORAGE: OBJECTS - 5 MB - 933 MB TOTAL STORAGE : OBJECTS - 5 MB - 933 MB AVERAGE AGE - 47 days
  • 48. Tell daosmgr objectinfo tier2 -o file.txt ī‚§ Default outputfile: objectinfo.txt in notesdata tell daosmgr objectinfo tier2 -o d:t2.txt NLO_KEY TIER STATE ACCESSED AGE LENGTH 74B9AD33C9A37D5BE8406D993BACE688BA271EEC0003E9DE T2 Shared 09/29/2019 56 256,478 ABFD47F6F4FDE853FEA03127E578EBD074FA374939020DB8 T2 Shared 10/14/2019 40 956,435,896 84C534B143FE5BC221D3B1AB12DDABBDF3E0311F00AE3B30 T2 Shared 10/23/2019 31 11,418,416 5044FAB61575A0B36575E676CF7FEED189A844800004B3AE T2 Shared 09/29/2019 56 308,142 237FDB9BE73376B8577F9F111E69F2F8AA40D5C4009B6A5E T2 Shared 09/29/2019 56 10,185,310 DAOS TIERED STORAGE SUMMARY TIER 2 STORAGE: OBJECTS - 5 MB - 933 MB AVERAGE AGE - 42 days
  • 49. S3 Storage Encryption and Backup ī‚§ The channel is already HTTPS encrypted ī‚§ Even if your DAOS store isn't encrypted, the S3 NLOs are encrypted on the fly! ī‚§ Paranoid admins might add another level of encryption on AWS level ī‚§ Backup could be performed locally before data is pushed to S3 ī‚§ But this would need to keep NLOs not to be deleted from backup when moved to S3 ī‚§ Backup should also be performed on S3 storage!
  • 50. AWS References and Download ī‚§ Build with AWS SDK for C++ Version:1.7.85 ī‚§ https://aws.amazon.com/sdk-for-cpp ī‚§ AWS Command Line Tools ī‚§ https://aws.amazon.com/cli/ ī‚§ Short Video ī‚§ https://youtu.be/77lMCiiMilo
  • 51. “FlexNet Licensing Server” instead of “ILMT” ī‚§ HCL is planning to use the FlexNet License services ī‚§ FlexNet License Portal ī‚§ Provide license information and license keys ī‚§ Software Downloads ī‚§ License measurement with FlextNet License server instead of ILMT ī‚§ The idea is to count floating users in a 30 days usage period ī‚§ All users with authenticated access to a none-system database count ī‚§ Access types measured ī‚§ NRPC access (Notes client, Traveler) ī‚§ HTTP (e.g. iNotes, Verse) ī‚§ POP3/IMAP
  • 52. Licensing Terminology ī‚§ Entitlement ī‚§ Licensing model that you've been entitled to. For Domino, your entitled to Counted user model licensing which is based on a number of users accessing Domino servers. ī‚§ There will be a license key for Domino 11 ī‚§ FlexNet Operations Site (FNO) ī‚§ Site used to download software and map licensing entitlements. Referred to as ī‚§ License server (device on FNO site) ī‚§ A server to which Domino connects to validate licensing entitlements ī‚§ Either Cloud License server or Local License Server configuration
  • 53. Cloud License Server (CLS) ī‚§ A virtual/logical license server available through the HCL License Portal ī‚§ You configure a Logical Device on the FNO website ī‚§ FlexNet Server identifier and admin password you specify ī‚§ HTTPS connection needed from Domino Servers to FNO License Servers ī‚§ Most customers will probably use the CLS ī‚§ No FlextNet server setup is needed
  • 54. Local License Server (LLS) – Planned for 11.0.1 ī‚§ A license server installed on-premises ī‚§ Two different modes ī‚§ Online connects to FNO website ī‚§ Connects over HTTPS to FNO License Servers ī‚§ Completely off-line ī‚§ Entitlements are manually downloaded and imported to LLS ī‚§ Reports are manually downloaded from LLS and uploaded to FNO Website ī‚§ Manual process which needs access to the LLS and FNO website!
  • 55. Configure Could License Server (CLS) ī‚§ Log into your FlexNet account ī‚§ https://hclsoftware.flexnetoperations.com/flexnet/operationsportal/startPage.do ī‚§ Create a virtual “license device” (CLS) ī‚§ Set password for device ī‚§ Map Licenses
  • 56. Login & Create License Device ī‚§ Log into FlexNet ī‚§ Create Device
  • 57. Configure as “CLS” ī‚§ Give it a meaningful name and site name ī‚§ Just for reference. Not used ī‚§ Select “Runs license server?” ī‚§ Select “Server deployment”: “Cloud”
  • 58. Configure as “CLS” ī‚§ Action: “Set Password”
  • 59. Set CLS Password ī‚§ Create a password ī‚§ Tip: Avoid Linux specific chars! ī‚§ Needed for REST calls to FNO
  • 60. CLS Map Entitlements ī‚§ Action: Map Entitlements
  • 61. CLS Map Entitlements ī‚§ This assigns licenses to your license server
  • 62. CLS Server Setup complete
  • 63. Connect Domino to CLS ī‚§ Domino needs to connect to CLS over HTTPS ī‚§ Either directly or via Proxy ī‚§ In 11.0.0 without authentication only REST Request for Flexnet authenticated via “JSON Web Token” (JWT) ī‚§ A JSON web token needs to be generated from a public/private key pair ī‚§ The public key needs to be registered with the CLS server ī‚§ Sounds complicated but is covered by a server command (not part of Beta2)
  • 64. Domino License Configuration ī‚§ The JWT needs to be stored in a local file on the server ī‚§ License configuration is in a new tab in config document ī‚§ All servers can share the same configuration ī‚§ But each server currently has it's own configuration and would need to connect to FlexNet on it's own
  • 65. Domino FlexNet License Reporting ī‚§ “restart server” to get changes effective ī‚§ If you want to see more details enable debugging via notes.ini ServerLicenseDebug=3 23.11.2019 16:57:27,42 Licensing> Hashed 'daniel nashed/nashcomlab' into '1A8F29B6674EF0F4A86918A046078E93EB892E7A' 23.11.2019 16:57:27 Opened session for Daniel Nashed/NashComLab (Release 11.0) 23.11.2019 16:57:27,84 Licensing> Capability Request = 00000000: 207B 6822 736F 4974 2264 203A 227B 7974 '{ "hostId": {"ty' 00000010: 6570 3A22 2220 7473 6972 676E 2C22 7622 'pe": "string","v' 00000020: 6C61 6575 3A22 2220 4131 4638 3932 3642 'alue": "1A8F29B6' 00000030: 3736 4534 3046 3446 3841 3936 3831 3041 '674EF0F4A86918A0' 00000040: 3634 3730 4538 3339 4245 3938 4532 4137 '46078E93EB892E7A' 00000050: 7D22 222C 6F62 7272 776F 692D 746E 7265 '"},"borrow-inter' 00000060: 6176 226C 203A 3322 6430 2C22 6622 6165 'val": "30d","fea' 00000070: 7574 6572 2273 203A 7B5B 6322 756F 746E 'tures": [{"count' 00000080: 3A22 3120 222C 616E 656D 3A22 2220 4448 '": 1,"name": "HD' 00000090: 4D4F 4E49 5F4F 7355 7265 2C22 7622 7265 'OMINO_User","ver' 000000A0: 6973 6E6F 3A22 2220 2E31 2230 5D7D 7D 'sion": "1.0"}]}' 23.11.2019 16:57:27,84 Licensing> Flexnet URL: https:/hclsoftware.compliance.flexnetoperations.com/api/1.0/instances/..
  • 66. Domino FlexNet License Reporting ī‚§ “show license” Domino Server command ī‚§ Shows the currently cached licenses show license Begin Domino License Cache dump. Licensed Entity: Added to cache time Error Total Hits MQ HashID Last Server Attempt Last Server Refresh Expires ---------------------- ----- ---------- -- ---------------------------------------- ---------------------- ---------------------- ---------------------- daniel nashed/nashcomlab : 23.11.2019 16:57:27 0 1 0 1A8F29B6674EF0F4A86918A046078E93EB892E7A 23.11.2019 16:57:28 23.11.2019 16:57:28 23.12.2019 16:57:28 ---------------------- ----- ---------- -- ---------------------------------------- ---------------------- ---------------------- ---------------------- License.Cache.Entries = 1 License.Cache.Hits = 1 License.Cache.Misses = 1 License.Cache.HitRate = 50% License.Cache.PoolSize = 1048576 License.Cache.PoolUsed = 1024 License Model = Counted User Last cache enumeration time: 23.11.2019 17:56:35 End Domino License Cache dump.
  • 67. Domino FlexNet License Reporting ī‚§ Show used licenses using the FlexNet Admin ī‚§ Command-Line needs your FlexNet Server identifier and admin password for the CLS flexnetlsadmin -server https://hclsoftware.compliance.flexnetoperations.com/api/1.0/instances/DZ2EPP4XGCKT -authorize admin xyz -licenses -verbose User authentication succeeded. ======================================================================================= Feature ID Feature Name Feature Version Feature Count Used/Available ======================================================================================= 682125 HDOMINO_User 1.0 4/6 ======================================================================================= Device Information: ------------------------------------------------------------- Device Name Feature Registered(Used Count) ------------------------------------------------------------- CAF36C31C586F7561610D449F265CC7396D9622A HDOMINO_User(1) 2DCF1E219F34A8D21966D30544D71E62D94ED994 HDOMINO_User(1) CBC2706DA6267BAE259F5F93DC76287B4FB3D80A HDOMINO_User(1) 1A8F29B6674EF0F4A86918A046078E93EB892E7A HDOMINO_User(1) ======================================================================================= Total feature count : 10 Total feature count used : 4 Total uncounted features : 0 =======================================================================================
  • 68. FlexNet License Server Download Packages ī‚§ Needed for ī‚§ Local License Server ī‚§ FlexNet Admin Commands ī‚§ Windows or Linux, Local Online or Offline Server – Just download the online version ī‚§ Those files are usually used for the Local License Servers ī‚§ Extracted directories contain “enterprise” directoy, containing “flexnetadmin” command
  • 69. Traveler 11 ī‚§ Works on Domino 9.0.1, 10.0.1, 11.0 ī‚§ You should install current fixpacks (9.0.1 FP10 IF5, 10.0.1 FP3) ī‚§ Traveler is continuous build with a build-date, which get a “version tag” at some point ī‚§ The same installer will install different binaries based on your Domino version! ī‚§ For example for Domino 11 the GSKIT is removed ī‚§ HTTP/2 support for APNS (Apple Push notifications) ī‚§ Supports ActiveSync 16 ī‚§ Draft Folder sync ī‚§ Calendar Attachments & more than 24-hour meeting support ī‚§
  • 70. Domino Docker ī‚§ Domino 9.0.1 FP10 is already supported on Docker ī‚§ Documented via IBM technote (not available any more) ī‚§ IBM published a first reference implementation on GitHub ī‚§ https://github.com/IBM/domino-docker ī‚§ Dockerfiles run on Linux and MAC OSX Docker Docker hosts ī‚§ Domino-Core Image dockerfiles will contain installation for Domino 10.0.1 ī‚§ Sample Dockerfiles how to adapt the image for your environment and applications ī‚§ Nash!Com Domino Start Script supports Domino on Docker with automatic installation routine and Docker Entrypoint
  • 71. Virtual Machine vs. Docker Infrastructure Virtual Machines Docker Containers
  • 72. Docker Container Concept ī‚§ Container is ī‚§ A layered file system where each layer references the layer below ī‚§ A run-time instance of an image. ī‚§ Not containing your persistent (Domino) data ī‚§ They are stored on a separate “volume” ī‚§ Images ī‚§ Are used to create containers ī‚§ Layers build on top of each other ī‚§ Only the differences are stored in each layer
  • 73. Questions & Answers? ī‚§ Questions & Further information ī‚§ http://blog.nashcom.de , nsh@nashcom.de ī‚§ https://www.eknori.de , ulrich.krause@midpoints.de ī‚§ Resources ī‚§ HCL site ī‚§ https://www.hcltechsw.com/welcome ī‚§ Domino Ideas #dominoforever ī‚§ https://domino-ideas.hcltechsw.com ī‚§ Submit your most wanted features