Posts Tagged: ‘domino’

Introducing Domino v12.0.1 and HTMO 3.0.3 Beta Program!

23. August 2021 Posted by Ketan Godhaniya

After the successful launch of HCL Domino v12.0 in June 2021, we are approaching the next milestone: We’re happy to announce two new beta programs at onceHCL Domino 12.0.1 and HTMO 3.0.3 have both launched a Beta Program today!

You are invited to join the beta program to test our latest release and provide feedback to development teams.  

We’re calling on our community to share open, effective, and thoughtful review and testing of our software product. Your input is essential to how we develop our products, and we will continue to listen to you every step along our roadmap. 

What you can expect from this first beta of Domino v12.0.1:

HCL Notes Client

Domino Online Meeting Integration

The Notes Client 12.0.1 is providing native integration of online meeting platforms like ZoomWebexGoToMeetingTeams and of course Sametime Meetings. So, from within the Notes calendar users can now more easily schedule online meetings on their preferred platform without having to install a plug-in.

Improved Workspace Design with High Resolution Icons

The new Notes client is finally allowing to use high resolution icons for your databases, which makes a big difference to the look and feel of your workspace! No need to stick to small and old style 32×32 pixel database icons anymore.

We have already updated our standard templates with new icons, will you update yours?

Advanced Properties Box

You have asked for it, we have delivered: an all-new and resizable document property box:

Thanks to Panagenda, the new “advanced properties” box allows to search for field names or values, it also provides the requested ability to copy to clipboard or export to a CSV file:

What’s new in Notes v12.0.1?

https://help.hcltechsw.com/notes/beta/12.0.1/whats_new_01.html

HCL Domino Designer

We have already provided a 64Bit Notes client (in beta as of now), and based on your request are now providing a 64Bit Domino Designer client.

Also, Domino Designer v12.0.1 provides the ability to include high quality icons for rendering and enables developers to optimize the database full text index by defining which fields to be included in the index — a feature that many customers were requesting (see this idea).

What’s new in Domino Designer v12.0.1?

https://help.hcltechsw.com/dom_designer/beta/12.0.1/basic/whatsnew1201.html

HCL Domino Server

For the Domino server a number of enhancements are waiting for you:

  • One-touch Domino setup with the ability to register users automatically
  • Certificate Manager is now integrated and does not require the DSAPI filter configuration anymore
  • Domino Directory template was cleaned up based on your request
  • Updates to the QVault tool for better manageability of ID’s in the Vault
  • Compare DB’s – a new template for developers to compare the design elements of two apps with each other
  • Entitlement Tracking now providing monthly reports 

This is just the first beta drop! We are going to release even more features in the next stage of the beta program.

What’s new in Domino 12.0.1?

https://help.hcltechsw.com/domino/beta/12.0.1/wn_12.0.1.html

HCL Traveler for Microsoft Outlook (HTMO) 3.0.3

HTMO in version 3.0.3 is providing the following new features:

  • Full support for delegated access (mail, calendar, contact)  
  • Improvements to the out-of-office user interface 
  • Performance improvements 

What’s new in Traveler 12.0.1?

https://help.hcltechsw.com/traveler/beta/12.0.1/new_server_features_12_01.html

What’s new for Microsoft Outlook support

https://help.hcltechsw.com/htmo/beta/3.0.3/whats_new_outlook_support.html

…and a number of minor changes and performance improvements.

For a complete list of changes and improvements, please refer to Domino v12.0.1 release notes.

How to Participate in this Beta?

Customers with a current entitlement to Domino can find the software packages for both beta programs on Flexnet.

Beta participants, please let us know how you think about the product by submitting your feedback in our beta forum. For general input and new ideas or feature enhancement requests, please use the Domino ideas forum here. 

Thank you for your participation and your passion for HCL Domino!
HCL Domino Product Team 

 

 

New Tech Updates for HCL Domino, Notes, Traveler, Verse, and Connections

18. August 2021 Posted by Thomas Hampel

While you may have been on a summer vacation, we at HCL have been busy improving our products! Here is a small overview of what happened in the last couple of weeks and what you can expect soon from your most favorite collaboration platform. 

Group 3 Language Translations for Notes and Domino 11.0.1 

Good news for many of our customers: HCL Notes 11.0.1 is now available in more languages.  

You asked for it (DOMINO-I-831 and NTS-I-842) – In addition to the 16 languages the Notes client was already providing, we are delivering the following language translations: 

  • Danish 
  • Finnish 
  • Norwegian
  • Catalan
  • Hebrew
  • Hungarian
  • Slovenian
  • Thai
  • Turkish 

Install kits for the HCL Notes Standard and Basic Client V11.0.1 in those languages can be found at our License and Download Portal under the Notes/Domino version 11.0.1.  

Of course, we are also providing the Multilingual User Interface (MUI) kit for those languages, as well as the Install Shield Tuner files to customize your installation. 

Group 3 language translations for the Notes Client v12 are being worked on.

Level up for our Domino Rest API 

In June, we started the beta program for our new Domino Rest API. Now in August, it’s time for the next iteration. Shifting gears to Beta 2 will introduce several improvements customers were asking for: 

  • ODATA support was added for reading/writing from/to Domino, which is especially of interest for e.g., Salesforce customers who want to store data in Domino
  • A new Domino server add-in task is provided to start/stop/reload the Domino Rest APIs and show its status from the Domino server console
  • An installer is now allowing to install the Domino Rest APIs on a Domino Linux server. Previously only a docker container was provided 

For more details, about the new features please refer to the changelog of this project. 

Please note: The Domino Rest APIs are still in beta — the first eGA release is scheduled to be shipping with Domino v12.0.1 later this year. Customers interested in joining the beta program can find the required files available for download at our License and Download Portal

HCL Traveler 12.0 updated with Fix Pack 1 

Fix Pack 1 for HCL Traveler 12.0 is also available for download at our License and Download Portal. This update is especially recommended for customers using Android devices due to a bug fix that is addressing an error connecting to Firebird Cloud Messaging servers via proxy. (Ref: KB0092130 ). It also fixes a bug that caused Traveler to crash (Ref. KB0091495 ) and addresses two other issues that customers have reported. 

For more details on HCL Traveler 12.0.0 Fix Pack 1 please refer to this technote.

Housekeeping for Notes/Domino v10.0.1 

For customers running on HCL Domino 10.0.1 we have shipped Fix Pack 7 in mid-July. This fix pack is a collection of 136 low-risk, high-impact fixes to help customers safely avoid known issues, e.g., resolving several UI issues for Notes Clients on MacOS Big Sur and on Windows 10.  

It also provides 25 fixes for the Domino server, resolves 33 problems that customers have reported with iNotes, and is addressing about 20 issues around development and programmability.  

HCL strongly recommends that customers running Notes/Domino 10.0.1 apply this Fix Pack since it addresses a small percentage of defects that impact the broadest set of customers. 

For details on the individual SPR’s addressed in this fix pack please refer to this article or check the Fix List database.

New features for Domino AppDev pack 

Version 1.0.9 of the Domino AppDev pack was released end of June is providing Node.js and Java developers with new features such as: 

  • Ability to export individual design elements and other non-data documents into DXL 
  • Retrieve the list of files in a given directory on the Domino server 
  • Work with Access Control Lists and Roles in Domino databases, allowing to get / update / replace entries in the ACL. 

Furthermore, the user interface improvements for the Identity and Access Management (IAM) server have been updated and is providing tools to leverage the new Domino 12 Certificate Store for Proton and domino-db clients.  

More information can be found in the What’s New section of the Domino AppDev Pack.

What’s Next? 

In the next few weeks, we have lined up the following releases and updates for you: 

HCL Domino C-API Toolkit v12.0 is going to be released end of August, so developers, partners and third-party vendors can upgrade their products to leverage the latest compiler and take benefit from new capabilities of Domino 12 

HCL Verse 2.2.0 will be providing new features like an updated Sametime integration as requested here, and the ability to restore documents from an archive. Furthermore, this release is adding support for Connections 6.5 and 7, provides an enhanced preferences page to manage your availability and other calendar settings and provides updates to freetime search and is improving the PWA capabilities.

We are also looking forward starting the first beta release of HCL Domino 12.0.1 later this month and have a new release of HCL Nomad 1.0.1 waiting for you in early September. However, details for those two are subject of a future blog post, so please stay tuned for more!

Announcing the Domino REST API Beta Program  

11. Juni 2021 Posted by Barry Rosen

Today, we’re announcing the start of the beta program for our new Domino REST API, formerly known as “Project Keep.” This is the latest addition to our ongoing Domino Early Access Program.

The Domino REST API will introduce hundreds of new APIs that aperture to information on Domino — further extending access to your Domino data. It’s a modern take on the REST API for opening Domino access to a world of standards — and API-first developers.

What is it? 

Domino REST API is a new feature that runs alongside the server and allows you to expose your Domino data in the form of standardized Open-APIbased methods securely and easily. Using a browser-based admin UI, application owners can define which data will be made available for view or update on a REST API. It extends the Domino principles of reader/author document access definitions into the world of Internet protocols. 

It also includes Swagger UI which allows the visualization and interaction with APIs without having any of the actual implementation logic in place. The APIs are automatically generated from an OpenAPI (formerly Swagger) specification with visual documentation, making it easier to later implement the back-end code. 

What is special about the new Domino REST APIs? 

  • Secureby default, with fine granular controls per form, field and user basis 
  • Implements latest open standards 
  • HTTP/2-ready, for server-to-server or client-to-server communication
  • API-first design with full interactive documentation 
  • Low barrier to entry as it runs on a Domino server and/or your Notes client 
  • Admin UI and Postman samplesincluded 
  • State-of-the-art JWT access token integrated with your existing IdP infrastructure

What can be accessed via the Domino REST APIs?

You can access content like views, documents, and fields, as well as database design, agents, and ACL settings. And, of course, featuring DQL queries to quickly access the data you are looking for. 

Built-in declarative security ensures the API will only allow access to fields the caller is authorized to see or update. This can effectively prevent computed fields to be overwritten and limits participants in a workflow to update their fields only.  

How to participate  

The Domino REST API is now available as a prepacked ready-to-use Docker container to all current Domino customers. The download can be found in the “Domino Early Access program” category on Flexnet. Please visit documentation here to learn more and to set up your test environment.  

You are invited to join our Domino Early Access program forum here, to provide your valuable feedback and suggestions on the Domino REST API beta program.

Please note, the Beta program will run from June 7 until the REST APIs are shipped with the next Domino release, post v12.

The Domino v12 launch

Missed the v12 live event? The launch is not over! We’re half-way through rolling out the Domino Dozen which includes 12 days of exciting Domino content consisting of panel discussions with customers, demos, new thought leadership and more. Register now to get access to announcements like these and watch the live event on replay!   

 

HCL SafeLinx 1.2 is Live with Nomad Web

7. Juni 2021 Posted by Ketan Godhaniya

We are pleased to announce the release of HCL SafeLinx 1.2 for general availability. Starting today, customers cantry out new features by downloading the package from Flexnet. In the past few months, we have been focusing on providing you a more user-friendly enterprise VPN platform with reverse proxy capabilities which aims to boost your middleware security at work. 

SafeLinx and Nomad web 

As part of the Domino v12 launch, this version comes with improved functionalities for Nomad Web Proxy: 

  • New resources container specifically for Nomad, inherited from the generic http access service but only providing attributes needed for NWP 
  • Modified initial configuration wizard to streamline NWP creation as part of initial setup 
  • Ability to serve the Nomad web application static files directly from SafeLinx (event driven), without the need for an additional http server 
  • Support for HCL Verse application integration when the Nomad app launches from a mail link 
  • SAML as an authentication option 
  • Configurable buffer size for NRPC flow 
  • Configurable attribute for querying the User CN to use in Nomad client configuration. 
  • Nomad-branded login screens 

Other new features of this release include support for Mac OS administrator, MS-SQL Linux, and My SQL (Linux and Windows), and a new splash screen. To see the full list, please refer to SafeLinx 1.2 release notes. 

Getting startedpricing and licensing

For Notes/Domino Complete Collaboration (CCB) customersSafeLinx is now available as a FREE entitlement and will be listed under supporting programsCCB customers can use SafeLinx’s server component without the need for an additional VPN client to securely access their Domino apps from mobile. With this release, we’d like to provide our customers the opportunity to evaluate SafeLinx VPN for broader usage. Please contact your HCL Software representative or HCL Business Partner for more information on how to get SafeLinx 1.2. 

SafeLinx is also available as a standalone to non-Notes-Domino Complete Collaboration customers. Contact us for more details.

Our team has put in many hours turning your ideas into reality and we’d love for our customers to continue submitting ideas and improvements in our Ideas Portal. (Make sure you select “SafeLinx” under the Workspace before submission.) 

Domino v12 Launch

Missed the v12 live event yesterday? The launch is not over! We’ve just started rolling out the Domino Dozen which includes 12 days of exciting Domino content consisting of panel discussions with customers, demos, new thought leadership and more. Register now to get access and watch the live event on replay! 

Making a Smooth Upgrade to HCL Notes v12

3. Juni 2021 Posted by Christoph Adler

The big day is coming soon! HCL Notes / Domino v12 will be launched  globally on June 7th (it’s already available for download on HCL FlexNet since May 27th). For those customers planning to upgrade, we have some great news. Whether you have been keeping pace with the rollouts of new HCL Notes client versions, or are WAY behind, there is a path for a seamless and smooth transition to v12. The MarvelClient Upgrade solution empowers organizations to optimize their HCL Notes client management and standardize all client versions with a consistent configuration during the automated upgrade process. 

Common Upgrade Challenges

What we have heard consistently from organizations around the world is that they want to reduce the complexity of their HCL Notes client installations and lessen the administration support tasks required. It is an ongoing challenge for IT support groups to keep pace with the upgrade cycles provided by their vendors. The following list is a showcase of some challenges that organizations face during an upgrade process: 

  • Creation of Notes Client Install Package (with standard configurations) 
  • Upgrade Package Deployment for Remote Users (with or without VPN) 
  • Installation / Upgrade Process Execution Trigger for Automation 
  • Migration of Notes Data Folder 
  • Automated Upgrades for Different Deployment Models (Laptops, Desktops, Citrix, VDI, different OS versions, etc.) 

 The MarvelClient Upgrade solution handles all those requirements and more. The centralized tracking and reporting environment allows administrators to monitor the client deployments for all employees. And if any modifications are made through user error, they will be rectified and reset to the standard, supported settings on the next restart of the HCL Notes client. These automated, self-healing functions enable any organization to ensure a consistent environment for their users and reduce the number of IT support calls from HCL Notes client installation issues. 

In addition, the MarvelClient Upgrade automates the entire process. This makes it easy to perform regular upgrades in the future as new software versions become available. If your organization is preparing to upgrade HCL Notes/Domino in the near future, please access this best practices list to avoid common project pitfalls. 

Review of HCL Notes / Domino v12

We recently hosted a co-webinar with an expert from HCL on April 22nd.  To see what treasures await in Notes / Domino v12 and learn how you can automate a smooth upgrade process, please use this link to view the recorded webinar. 

We are also hosting an HCL Notes v12 unboxing webinar on June 10th that reviews some of the new features and showcases real-world usage scenarios for organizations. Use this link to register for the webinar hosted by HCL Ambassadors Christoph Adler and Marc Thomas.  

Smooth Upgrade Promotion 

We are currently running a special offering to help customers with their HCL Notes Client upgrades to v12.  If you are interested in finding out more about our MarvelClient Upgrade solution and how it can help streamline your upgrade processes, please visit our promotion page online. 

Join the Global Launch  

Come join us at the global launch of Domino v12. There’s a ton of great content and announcements that await you.  

Licensing Update: Domino V12 and Key CCX Enhancement

2. Juni 2021 Posted by Uffe Sorensen

Over the past yearHCL Digital Solutions has been on a journey to consolidate our customers’ HCL Domino licensing around our modern, per user, licensing model – HCL Domino Complete Collaboration Business Edition (a.k.a. “CCB”) including unlimited Guest Users, and the additional external user capability under the HCL Domino Complete Collaboration eXternal User (a.k.a. “CCX”) entitlement. 

The majority of our customers are now licensed under this model. With the upcoming HCL Domino V12 release, we are further enhancing the CCB/CCX entitlements as described below.  

Additionally, with the release of HCL Domino V12 we are aligning all Domino products on consistent license termswhich will be available imminently and include the compliance rules outlined in “HCL Domino Support Update” from February 3, 2021. 

CCB Recap: Simplifying HCL Domino Licensing

CCB is the key step in our journey to provide one license model for HCL Domino, eliminating the uncertainty of server capacity and sub-capacity (PVU) licensing and ambiguous entitlement rules. 

  • A simple “Per User everything model” – use any client and any protocol for any server capacity to run all applications – including enterprise e-mail. 
  • Transparent license compliance management by simple user counting. 
  • Adding additional capabilities to the core Domino environment under CCB entitlements from V12 – for example HCL Nomad for Web Browsers and HCL SafeLinx. 

CCB entitlements are needed for all employees and contractors of your enterprise needing access to your Domino CCB servers – covering all B2E (Business-to-Employees) scenarios. All CCB entitlements include unlimited external web user access as needed for most B2C (Business-to-Consumer/Citizen) scenarios: 

  • Guest: unlimited anonymous browser users can freely access your Domino based websites. 
  • Known Guest: unlimited registered users with credentials to log-in and access applications limited to being a “Reader” with permission to “write public documents” (controlled by Domino application access [ACL] – see Known Guest Use Cases later in this blog post).

For B2B (Business-to-Business) or advanced B2C scenarios, where the external users need to fully engage in applications beyond the access permitted for Known Guests, we introduced the CCX entitlement as an add-on for CCB licensing. (See Introducing CCX, External User Entitlements“ from September 23, 2020.

Extending CCX entitlement to address additional use cases

CCX users have full functionally to use Domino or Domino Volt [see below] applications and workflows but cannot create applications themselves. CCX users do not have a personal mailbox but can use task/functional mail for workflow routing or applications generating mail.  

The CCX Authorized User entitlement is unique, however, can be reassigned after 30 days of inactivity.  Consequently, some former Domino Utility Server B2C use cases can now be easily changed from trying to manage/throttle server PVU consumption, to simply ensuring adequate CCX entitlements for actual/expected external users in any 30 day periodwith little or no change to existing apps.  See later in CCX Use Cases. 

CCB Recap: Add-on features for CCB licenses

HCL will continue the “add-on” scheme for CCB licensing, which now includes: 

  • HCL Domino Volt can be licensed to all CCB users.  Licensing HCL Domino Volt as an add-on, includes all CCB and CCX users, as well as enabling use of HCL Enterprise Integrator, HCL SAP Connector and HCL Link on all HCL Domino servers under CCB entitlements. 
  • HCL Sametime Premium: special add-on price for CCB users to upgrade from HCL Sametime Premium Limited Chat to full capabilities.  

CCB Recap: Access to Domino Servers Licensed under CCB

HCL Domino Servers deployed under CCB Authorized User entitlements can only be accessed by the Licensee’s Enterprise entitled CCB Authorized Users, Guest Users, and CCX Authorized Users. No other user access or Domino Client Access Licensing are permitted access to CCB licensed servers.  In addition, the Servers may participate in mail routing (SMTP), directory lookup and authentication (LDAP) for non-HCL Domino programs and permit access to free/busy time information. 

Known Guest Use Cases (general B2C)

Known Guest, as seen from an application, is an authenticated (must be identified) external user listed in the application access control list (ACL) with Reader permission and permitted to write public documents.  This access is either granted on a named user basis or by the user being a member of a group or generic association in the ACL. 

Content tailored to individual users, subscribing to information

Any Known Guest in an application can read all non-restricted documents in the database and download any attachments from these.  Access to specific documents in the database can be controlled by adding users/groups in the ”Reader Name Field” for the document(s). As a result, only the appropriate Known Guests can read/download content. If you have a special Interest Profile or similar for the users, this can be used to filter the information available to relevant individuals. 

Submitting a form, starting a workflow, creating content

If a Known Guest is flagged as permitted to “Write Public Documents” this user will be able to see all Forms/actions in the application which are enabled as “Available to Public Access Users”.  
For example, using a Form called “Create Interest Profile”, which the user would complete and save to create a special Interest Profile or tailor a mailing list.   

Hints for the Admins/Developers: The Save Process can turn off the “$PublicAccess=1” flag to prevent the Interest Profile from being visible to all users of the appbut still available for the app and the originator to access appropriate content. 

 If/when the Known Guest wants to “Update Interest Profile” later, another Form will be used presenting the update options, maybe pre-populated with some of the existing information, and then processed as above. 

Hints for the Admins/DevelopersThe Known Guest cannot update the initial document directly (being “Reader”), but the app could include a background Agent to manage updating/merging the content. 

When B2C requires higher level of access than the Known Guest

The above simple rules should permit implementation of most B2C use cases, however, HCL have found a number of existing B2C apps hosted on Domino Utility Server which do not adhere to the above rules. HCL has decided to enable the reuse of these apps rather than mandating a rewrite (which you can of course always do). This is accomplished by relaxing the usage requirements for the CCX entitlement and permitting an entitlement to be reassigned after 30 days of inactivity See examples below. 

CCX Use Cases

CCX Authorized User as seen from an application is an authenticated (must be identified) external user listed in the application access control list (ACL) with a maximum permission of Author. 
This access is either granted on a named user basis or by the user being a member of a group or generic association in the ACL. Any of these authenticated users can contribute documents to a Domino app/database, and edit own or other designated content. 

Some CCX B2B users will have a permanent, continuous, use of applications under the CCX entitlement.  
In B2C scenarios, with full use of app capabilities, user access is more sporadic. HCL have found that many customers with Domino Utility Server licensing, largely ignored the volume of users that were created as the user count was not a factor in licensing. These same customers struggled with server sub-capacity PVU management under fluctuating capacity needs and often had to throttle use to stay within licensed capacity (PVU) limits for their B2C apps, resulting in reduced customer satisfaction. 

Most applications written to work on a Domino Utility Server (using Author access) are now viable to deploy under CCX licensing, unchanged, by licensing the maximum volume of expected/planned users for any 30 day period. HCL still recommends that you optimize your B2C apps for the Known Guest model, which is included, with no limits, with even a single CCB entitlement. 

 Two examples of how to use short term/occasional external user engagement apps under the CCX model

Example 1: Job Postings

New Applicants register for web credentials and submit an initial Job Application Package.  They then: 

  • Update Packages during interview cycles and eventually progress into on-boarding workflows 
  • If not on-boarded, Job Application docs still exist and can be resumed/updated later by Applicants 
  • When there is no activity with a particular Applicant for 30 days, the CCX entitlement can be reassigned to another Applicant/External user – effectively, you need entitlements for any active/expected users within any 30 days period. 
Example 2: Citizen/Government Interactions 

Many countries are creating authentication facilities for citizens based on government issued individual credentials.  Any user based licensing counting all permitted users, would be totally prohibitive for using these public IDs.  However, many apps exist or are being written to submit public forms, to obtain information from Government/Municipalities, etc under the Government ID: 

  • The revised CCX is perfectly designed for many existing apps coded for user permission as Author. 
  • The app must use the Government provided means of authentication, and then have appropriate ACL set-up to allow these external users access up through Author for the app.  Data can be kept around as app scenarios dictate, and user affiliation with the app likewise.   
  • If there is no activity with a particular CCX Citizen for 30 days, the entitlement can be reassigned to another Citizen/External user – effectively, you need entitlements for any active/expected users within any 30 day period. 

 Both of these scenarios could, generally, be written/updated to work within the Known Guest model.

Aligning all Domino V12 Licenses

HCL Domino V12 products will be provided to customers on active Support consolidated under the four categories and License Information documents below.  Note, that all current entitlements, support subscriptions and part numbers remain unchanged. 

Program Name:  HCL Domino Complete Collaboration Business Edition 12.0 includes: 

  • HCL Domino Complete Collaboration Business Edition 12.0 
  • HCL Domino Complete Collaboration External User 12.0 
  • HCL Nomad for Web Browsers (eliminating desktop upgrades for the future) is a supporting program uniquely provided with the CCB entitlement from V12. Any customer needing this feature must migrate to the CCB/CCX license model. 

 Program Name:  HCL Domino Enterprise 12.0 consolidating the following 3 models: 

  • HCL Domino Enterprise 12.0 Client Access 
  • HCL Domino Enterprise 12.0 Processor Value Unit  
  • HCL Domino Collaboration Express 12.0 

 Program Name:  HCL Domino Messaging 12.0 consolidating the following 3 models: 

  • HCL Domino Messaging 12.0 Client Access 
  • HCL Domino Messaging 12.0 Processor Value Unit  
  • HCL Domino Messaging Express 12.0 

 Program Name:  HCL Domino Utility 12.0 consolidating the following 2 models: 

  • HCL Domino Utility 12.0 Processor Value Unit  
  • HCL Domino Utility Express 12.0 Processor Value Unit 

Acquiring Entitlements and Support for above products is fully supported for CCB/CCX and for all other products as described in “HCL Domino Support Update” from February 3, 2021, under the following rules: 

  • No partial renewals permitted for any licensing. 
  • For HCL Domino Enterprise Client/Server:  If the current configuration is compliant for both client and server side, Support can be renewed as-is, or you can migrate to CCB, cost neutral.  In all other circumstances, to renew or adjust volumes, HCL require that you negotiate a migration to the CCB/CCX license model.  
  • For HCL Domino Collaboration Express:  A compliant configuration can be renewed as-is, or you can migrate to CCB on attractive terms.  HCL also recommends migrating to CCB to increase footprints, or to take advantage of HCL Domino Volt, however, you are permitted to acquire additional perpetual entitlements for a compliant configuration. 
  • All compliant standalone Utility Server entitlements can be renewed as-is (use of Domino Designer requires appropriate Domino Enterprise Client Access licences). To increase footprints, HCL require that you migrate to the CCB/CCX license model, which now supports all Utility Server use cases. 
  • For HCL Domino Messaging product models: A compliant configuration can be renewed as-is.  Also, you can increase the footprint for a compliant configuration by acquiring appropriate new entitlement parts. 

 HCL has updated all formal HCL Domino V12 License Information Documents now available here

Managing the upgrade/coexistence scenario from Domino Utility Server to CCB/CCX

An existing Domino Utility Server PVU or Utility Express PVU configuration with appropriate Domino Enterprise Client Access licenses for app maintenance can be renewed as-is.  However, many customers want to grow their application volume (hence, deployed server capacity) or want to take advantage of moving to CCB/CCX and the CCB add-on capabilities.

If you replace your Utility Server Support Subscription with appropriate CCB/CCX Authorized User volume to cover the current users, you can leave the installation as-is and just use your new CCB licensing.

If you need to maintain coexistence between Utility Server and CCB environments, you need to observe the following guidelines: 

  • Any entitlements included with CCB are only available to the CCB environment, e.g. Safelinx/Nomad Web. If HCL Domino Volt was added to CCB, the HCL Enterprise Integrator, HCL SAP Connector, and HCL Link are only available for the CCB environment.  
  • Any existing HEI/SAP Connector in the Utility Server environment must be continued/renewed as-is and cannot be replaced by the CCB entitled programs.  
  • Users defined on Utility Servers must be on the Denied Access List for all CCB servers to separate them from CCB licensing counts, whereas any CCB user is permitted access to the Utility Servers. 
  • The V12 Entitlement Reporting Tool provides a report for all of your Domino Domains, however, you can drill down on specific servers or groups of servers to understand user volumes by server. 

This announcement further enforces CCB/CCX as the licensing platform for Domino customers, allowing all customers to upgrade to CCB and with CCB as the only model for all new customers.

If you have any questions about this blog post and announcements or have any licensing questions, please contact your HCL product specialist or Business Partner. 

 Useful Links:  

 Related Blog Posts:

Frequently Asked Questions

Updated since September 23,  2020, “Introducing CCX, External User Entitlements 

Q: How are CCB/CCX users counted?

A: The Domino V12 Entitlement Tracker Tool produces an internal report to assist you with license compliance. (This report is not collected by HCL) 

  • You simply count the entries across all Domino Directories and Authentication Sources permitting users to log-in.  The count of credentials permitting log-in equals the number of Authorized Users. 
  • Keep separate track of “external” users and exclude from the CCB count.  A user on all Denied Access Lists are excluded from the counts. 
  • CCB includes an unlimited entitlement for Guest users. If logged-in Known Guest user credentials are included in the Domino Directories identified/separated out as “guests”, simply exclude from CCB/CCX counts. 
  • Needed CCX entitlements are established from the maximum number of log-in’s used or to be used in any 30 day period.  
  • CCB and CCX can reside on same server or as administrator decides – counting is always across all Domino Directories in Licensee’s enterprise.   
  • No employee or contractor in Licensee’s Enterprise can be a CCX or Guest user.   
     

Q: am using an earlier Domino license model. How do I switch to CCB/CCX?  

A: CCB licensing is a superset of prior Domino licensing. When CCB licensing is established replacing active Domino licensing, CCB can provide the entitlements that were in place for the Domino Servers and various clients. To support the user constituents, you may need both CCB/Guest and CCX entitlements to match your current use cases, but you can continue to use deployed software. In most cases, if you have a compliant installation, the move to CCB is cost neutral. 

Q: I just need Domino apps, no need for mail or other features. 

A: Mail routing is intrinsic to Domino and to many apps that run on the platform. For simplicity, the full mail application is included with CCB and functional/workflow mail is included with CCX – both HCL Verse, the traditional Notes user interface, and mobile access. The mail function is always part of your entitlement, whether you use it or not. 

Q: Can I still just license mail? 

A: The mail-only licensing of Domino Messaging CAL/PVU, Messaging Express is still available. However, you can fully replace your mail entitlements with CCB and include Domino Volt to gain significant additional value for your users. (See also Aligning all Domino V12 Licenses in this blog.) 

Q: What is included with CCB and what are add-ons? 

A: The CCB license includes entitlements to  

  • HCL Nomad for Web Browsers for all CCB/CCX users 
  • HCL SafeLinx  for all CCB servers and CCB/CCX users  
  • HCL Sametime Premium Limited Chat 
  • You must have a CCB license to enable any code install/download & product support for the above functions. 

Add-ons include:   

  • Full HCL Sametime Premium at a special, reduced, price 
  • HCL Domino Volt for all CCB users at a simple uplift (which is also extended to all CCX users for no additional charge).  The HCL Domino Volt add-on includes HCL Enterprise Integrator, HCL SAP Connector and HCL Link which are entitled for all CCB entitled servers with Domino Volt 
  • CCX on a per External User basis as described elsewhere in this blog. 

Q: What is a CCB user permitted to do? 

A: CCB users are entitled to all aspects of Domino applications and enterprise e-mail and purchased add-ons per above, without license restrictions on what users are permitted to do. CCB users can create and participate in apps and workflows to any level set by their Domino Administrators. 

Q: How do you restrict CCX and Guest users’ access to an application? 

A: Based on your settings in the Domino “Access Control List” (ACL) – all Domino databases/applications have an ACL which maps access levels to users. The access level is a classification limiting which tasks a user can perform in the database  – Manager, Editor, Author, Reader, Depositor, No Access – these classes are just labels, not verbatim. To fully understand permitted use cases, refer to the product documentation on ACLs found here  
Learn about Domino Access Control Lists (ACL)

Hints for the Admins/DevelopersExisting apps and standard templates may need customisation to support Known Guest users (free with CCB), whereas CCX users should have appropriate support with no changes to apps. 

Q: Why is a CCX user permitted ACL level up to Author? 

A: CCX users can fully participate in, and use (not create) Domino apps and workflows (including Domino Volt if added to CCB.)  The maximum ACL level allowed is “Author” access, which is typically assigned to users who need to contribute documents to a Domino database – and authenticated users can edit their own and other designated content.  
CCX is for authenticated, external users only and not permitted for any employee or contractor in the Licensee’s Enterprise. 

Q: Why is an anonymous Guest permitted ACL level up to Author? 

A: Anonymous Guests are web users, who beyond browsing a web site are permitted actions like submitting a contact form, participating in a web survey, posting anonymous blog content, etc. “Author” access is typically assigned to users who need to contribute documents to a Domino database just like CCX users, however, being anonymous they cannot edit any content, nor access individualised content and no details are retained as to who contributed to the database. 

Q: Why is a logged-in Guest only permitted ACL level up to Reader? 

A: Under ACL control, “Reader” access allows controlled creation of documents by using public access forms. Logged-in Guests authenticating with HTTP/LDAP are typically a dynamic, ever increasing volume of users visiting your web site, registering to gain access to community content, special interest forums, initiating workflows, etc.  “Reader” access is typically assigned to users who are only permitted to read documents in a database and/or using public forms to create documents. This case is for authenticated, external, limited use only, and not permitted for any Employee or contractor in the Licensee’s Enterprise.  
For external users needing any higher level of access, you must purchase CCX entitlements. 

Disclaimer – HCL’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at HCL’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard HCL benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multi programming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.  

Customer Success Case Study for Nolte Küchen, GmbH

27. Mai 2021 Posted by Karl Sand

A new customer success story was recently released by panagenda and was subsequently published by the HCL marketing team. The story outlines the dramatic improvements of the HCL Notes client management and improved upgrade processes for a German manufacturing company, Nolte Küchen. Below is a quote from their team lead who manages the Notes and Domino environment for the company. 

“Without MarvelClient, a Notes upgrade would be almost impossible for us. It would take more than 12 months for all clients, or we might not even be able to complete it at all.” 

Dr. Dirk Kirchhoff, Nolte Küchen

The company has been a long-time Domino shop, first deploying the collaboration and communication platform in 1997. However, by 2010, they had a sprawling set of inconsistent client deployments across the organization. This was causing issues with IT support troubleshooting and making subsequent client upgrades a nightmare. After deploying the MarvelClient solution the IT group was able to successfully identify the non-standard HCL Notes client configurations on all computers and quickly implement a fixup campaign to push out a common install. 

Helpdesk calls were reduced, and client performance improved for all users. As stated by their team ead, MarvelClient suddenly provided us with full visibility into the current Notes client environment and highlighted the potential problems cause by a mixed bag of inconsistent installs.” 

To download a copy of the customer case study from panagendaclick here

The case study has also been published on the HCL website  for your reference. 

Enabling a Smooth and Speedy HCL Notes Client Upgrade 

For those customers who have not upgraded their HCL Notes clients in years, and are subsequently out of practice with the processes and procedures to ensure a smooth experience for their end users, we can help. The MarvelClient Upgrade solution empowers organizations to optimize their HCL Notes client management and standardize all user installs with a consistent configuration. If any client settings or modifications are made through user error, they will be rectified and reset to the standard, supported configurations on the next restart of the HCL Notes client. These automated restore functions enable any organization to ensure a consistent environment for their users and reduce the number of IT support calls from HCL Notes client installation issues.  

Find Out More

The panagenda company is currently running a promotion to help customers with their Notes Client upgrades in preparation for the release of HCL Notes and Domino v12.  If you are interested in finding out more about the MarvelClient Upgrade solution and how it can help streamline your client upgrade processes, please visit the panagenda promotion page online 

 

The Countdown to the Newest HCL Domino and Sametime Begins! Join Us for Our Global Launch

15. April 2021 Posted by Richard Jefts

I am thrilled to announce that registration is now live for what will surely be a true, blockbuster event on June 7. This exclusive virtual event celebrates our latest versions of HCL Domino v12 and HCL Sametime. The first 1200 registrants got a free gift (we blew past that number in a couple of days!).

I personally love the amazing video that helps capture the excitement as we could down the days to these “breakaway” releases. (An agenda will be released soon. Follow us on Twitter to get the latest.) 

The launch event will include thought-leading sessions, demos, customer speakers, and more. And, it kicks off an exciting collection of Domino content delivered in a series we are calling the “Domino Dozen” (once you’ve registered for the launch, you will have access to this program). Each day, for 12 days following the launch, we will drop a new, essential Domino-related treasure. These pieces will include webinars, panel discussions, and technical deep dives, early access to special programs, thought leadership pieces, and more.  

Also, join us for the closing keynote and happy hour on June 23 — we are calling “Nerdi Gras,” as a hat tip to the days of Lotus past. We will be releasing a party kit soon, with downloadable favors, so you can join in the fun.

For those of us who’ve been on this Domino journey with us for so many years — and for those of you we will be welcoming as new customers — we can’t wait to celebrate.

Join us.

HCL Notes und Domino 11.0.1 FP3 veröffentlicht

15. April 2021 Posted by Oliver Regelmann

HCL hat das Fix Pack 3 für Notes und Domino 11.0.1 veröffentlicht. Fix List und Release Notes hier. Augenscheinlich hat Traveler aktuell ein Problem mit ein paar umbenannten Binarys und startet daher nicht. Um das zu beheben, müssen wir in der Technote beschrieben ein paar Symlinks manuell erstellt werden. Am Client gibt es mit FP3 […]

Der Beitrag HCL Notes und Domino 11.0.1 FP3 veröffentlicht erschien zuerst auf n-komm.

HCL Domino 12 und Sametime Launch Event

6. April 2021 Posted by Oliver Regelmann

Die Veröffentlichung von Domino 12 rückt näher. Aktuell kann man in der Beta 3 Features wie das neue Backup-Tool und die Kennwortsynchronisierung mit dem AD testen. Jetzt lädt HCL am 07. Juni zum globalen Launch Event ein: Und wer darauf nicht warten möchte: Nächste Woche gibt es ein Launch-Webinar zu HCL Verse 2.1.0. Die Veröffentlichung […]

Der Beitrag HCL Domino 12 und Sametime Launch Event erschien zuerst auf n-komm.

HCL Domino v12 Beta 3 Has Arrived

2. April 2021 Posted by Thomas Hampel

What a blast! In our webinar hosted this week, we announced Beta 3 is now available for download on Flexnet for all Domino customers. Watch the replay here.  This will be the last beta drop before the v12 release so don’t miss your chance to participate and help us shape the future of Domino! In this third iteration, we are unleashing another set of great features. See the full list here or read highlights below.

We’ve also included a Q&A received during our webinar and a special shoutout to all our customers and partners who covered our beta in blogs and tweets below!

Notes Client Highlights

New 64bit Notes Basic Client
For the first time ever, we are releasing a 64-bit Notes Basic client for beta testing. Many of our customers have been voting for this and we’re pleased to deliver. (See this idea from Cormac.)

Our main intent for this release is to engage customers, business partners, and third-party vendors to try out 64-bit Windows Basic version and test existing extension integrations. Our plan is to provide several iterations of this 64-bit client in beta and once we feel that we have addressed most of the known and reported issues, we will release the Standard 64-bit client.

More Improvements for the Workspace
In Beta 2, we introduced a new Notes client user interface for the workspace. Thanks to all your feedback, we have addressed several improvement requests such as reducing excessive spacing between icons and adding the ability to change the font color of workspace database icon (which is also policy controlled). Now you can also partially or completely collapse the workspace navigator and easily identify multiple replicas with the added a visual indicator. Read more here: 

Apple M1 Support
Good news for customers planning to use Apple’s new M1 hardware with HCL Notes. Beta 3 now also supports those type of CPUs.

Domino Server

Password Synchronization
A new secure method to synchronize password changes from Active Directory to Domino allows customers to reduce the number of passwords that users have to remember. Password changes from Active Directory are instantly being applied to the Domino IDVault.

Domino Backup
An integrated backup solution that allows you to manage backup and restore processes from within a Domino application. It provides a simple backup client for Domino. (See this idea from Sean.)

Entitlement Tracker
This new entitlement tracker will help to take an inventory of your environment to identify the entitlements needed under the new CCB/CCX license model. 
For more details about the license model please refer to the following articles on CCB Licensing and CCX Licensing or review documentation here

Other Enhancements 

Questions and Answers 

We received more than 300 questions in our Q&A earlier this week. We’ve answered some of your key questions below. However, if you have an unanswered question about the beta, please submit them in the beta forum

Q: How do I join the beta program?
A: If you are a current customer, then you already have access to the beta. More details here.   

Q: Does the new Domino Backup allow for backing up NSF and NTF files? 
A: Yes.

Q: Does it need a new volume to be mounted in Docker? 
A: You need a volume because you want your backup to be preserved, you can use the same volume as for your data directory or a different one.

Q: Do unread marks get lost when restoring? 
A: No, for a full restore the unread marks will be recovered. When merging individual documents back into the original database, merged documents will have a new UNID and so unread marks will be different.

Q: Is the backup system compatible with IBM Spectrum Protect? 
A: It is possible to integrate with a variety of backup vendors, however for Spectrum Protect there is no need to change as there is an existing backup agent for Domino.

Q: Will Verse support updating photos in the Domino Directory instead of Connections? 
A: Yes, Verse will release a new version in April, so in just a few days, which will support this.

Q: Will Nomad Web be available with v12 beta or do we need to get access to another beta program? 
A: Nomad Web runs its own beta program. If you want to participate, register here.

Q: Is it possible to sync passwords back to AD? 
A: No, a Domino server does not have a copy of the Notes UserID password.

Q: Is there a chance we’ll see Sametime Community, or Traveler also on Docker? 
A: Yes, Traveler on Docker is part of this beta. Sametime to be provided later.

Q: Can I have page 25 of the handouts? I am a guitarist and server names are EPIC.  
A: You can find the slides here – Domino v12 Beta 3. Rock On!

Q: Can I use any TOTP application? 
A: Yes, any TOTP application of your choice will work.

Q: Who can I talk to for some sparring of upgrading a customer from R7.03 to 11.0.1FP2 or version 12? 
A: Please reach out to Luis Guirigay, luis.guirigay@hcl.com. 

Q: Where can I provide feedback on a feature or report a problem? 
A: Please use our Domino v12 beta forum.

Q: When is Domino v12 be released? 
A: v12 is scheduled to be released prior to launch but mark your calendars for the live announcement event on June 7th 2021.

Customer Feedback So Far 

We’re so excited to hear your experiences with the beta so far! Please keep them coming and don’t forget to tag us on Twitter, @HCLDigital, for a retweet.

Special thanks go to Haruyuki Nakano for deploying Beta 3 and testing the new Domino Backup solution just a few minutes after the webcast.

Ales Lichtenberg also tested the new Backup solution backup in his test environment to and he seems to like it!

Marc-Oliver Schaake saying (translated): Thomas Hampel is showing features we have been waiting for since 1989.

Please read and share Rainer Brandl’s blog about Beta3 containing “a great surprise”. 

Milan Matejic nicely summarizing what he likes the most in this iteration of the Beta.

Oliver Busse being has been actively blogging about v12 testing the Domino 12 backup feature and highlighting UI changes here and here.

Great note from our Nordic Collaboration User group about our Connections Plugin

Past Beta Blogs

HCL Domino v12: The 4 New Security Features You’ve Been Waiting for

16. März 2021 Posted by Cormac McCarthy

While no platform is immune to the possibility of hacking, the question I would pose is: Has your Domino infrastructure ever been hacked?  Didn’t think so. It’s probably boring to say that the most straight forward answer is HCL Domino is rock solid on security.   When set up correctly and optimised, HCL Domino is the most secure platform of its type.  It’s true though.  Reliable and secure is a good thing. A very good thing. 

The HCL Domino v12 beta is out now.  If you haven’t already tried it, it’s free for all existing licensed Domino customers.  It’s waiting there in flexnet for you to download and try it out!  It’s the first time a beta of this type is in existence and it has multiple interactions (we’re currently on beta 2; beta 3 is scheduled for the end of March. Register here to join us for the beta 3 webinar.

What I really love about it is the almost instantaneous feedback from the beta forum, from those in charge of development.  Domino v12 is scheduled for full release in Q2 of this year.  (June 2021 timeframe is given at the moment).

Read an overview of what’s coming here.

Here’s is a list of all the NEW NATIVE security features coming in Domino v12 and there’s a whole host of them:

  • Automating certificate management 
  • Time-based one-time password (TOTP) authentication 
  • Enforce internet password lockout based on IP address 
  • TLS 1.0 is disabled by default 
  • Support for PEM-formatted TLS host keys and certificates 
  • Two new curves supported for TLS 1.2 ciphers that use ECDHE for forward secrecy
  • New template signing ID uses 2048-bit keys
  • NRPC port encryption supports forward secrecy using X25519
  • Import internet certificates that contain unsupported critical extensions
  • Suppress key rollover alerts during ID vault synchronization
  • New Query Vault command options
  • Support for SameSite cookie 

Also note native support for DKIM is planned in the 12.0.x timeline. (Again natively, you can achieve DKIM with third party mail gateways).

We could argue about which are the best and more important ones here, but I’m going to concentrate on the 4 new security features in Domino v12 that you’re going to want to implement straight away:

  1. Automating certificate management 
  2. Time-based one-time password (TOTP) authentication
  3. Two new curves supported for TLS 1.2 ciphers that use ECDHE for forward secrecy
  4. NRPC port encryption supports forward secrecy using X25519 

Note: these are all based on current plans at beta 2, some of these will be subject to change (for the better) come beta 3 and GA.

What is it?
Automating certificate management?

What does it give you?

This topic could probably be four killer new features in one on its own, because it includes so much.

The short answer here is it takes something that was a headache to most admins and makes it completely seamless and automatic. It also includes support for ECDSA which is very progressive in terms of offering support for cutting edge security (some browsers don’t even support it yet).

In order to explain the context here, we probably need a short history lesson on cert management in Domino.  Prior to SHA-2 being the supported, Domino managed certs via a Domino database. It did exactly what it said on the tin and was never really updated from the time of release. But it worked. There were only four steps listed in the database. Some customers did find it fiddly.

Then SHA-2 support for Domino came out and admins did not like how this was implemented.  Again, it’s Domino, so it was secure, and it worked, but the process was a headache.  I have to admit for 99 percent of our customers, I just did it for them to save them the hassle so I got used to it.  But you did need a kyrtool, you’d need to install Openssl, you’d have to copy and paste various commands, copy parent and intermediate certs into text files.  It was messy to implement.

Well that’s gone.

What’s in its place is the most straight-forward solution one could imagine.

Let’s Encrypt offers free third-party SSL certs.  They’re currently the most widely used Certificate Authority in the world and work with all major browsers (they’re sponsored by some of them).

You can now get Let’s Encrypt Certs in Domino, by filling in a couple of fields in a form.  In short saying, “I want a cert for my website.  Give me one now.”  And it will give you one straight away. In seconds, your web server will be running with that cert.  A new task called CertMgr manages it all.

“It can’t be that easy,” I hear you say.  Well, in most use cases, it is.

Wildcard certs are slightly different, but again it’s as easy as it can be.  Other third-party certs are still 100 per cent supported, and easier than ever to implement with the Certificate Store.

Another point you might have missed around this is CertMgr supports Elliptic Curve Digital Signature Algorithm (ECDSA) using the NIST P-256 and NIST P-384 curves.  Not all browsers support this yet (most do), but in short it has the potential to give quicker and more secure TLS connections and shows that HCL are ahead of the curve #badnerdpun.

How do you implement it?

There are a lot of options available here but I cannot over emphasise how straight forward this is to implement.

CertMgr runs as a task. The first time you load it builds a back-end Domino database.  The database has intuitive forms but there’s documentation just in case.  You create a free account with Let’s Encrypt with a couple of clicks within the database.

I don’t want to get too bogged down in the detail here, because you don’t actually need to know the back ground details, but there a couple of ways Let’s Encrypt will verify you’re the owner of the domain, either by HTTP response (the most straight forward I think, but requires that the server can initiate outbound HTTPS requests – even temporarily to Lets Encrypt) or via DNS Response.

The HTTP response in particular is VERY easy to setup.

Third party certs are managed via the database, so you won’t have to fiddle about with openssl and the kyrtool.

ECDSA is a more complex subject, but the steps to implement are relatively straight forward here, the main complicating factor here is managing browser support, there’ll be more of this in beta 3 (thanks to Daniel Nashed for answering some of my basic questions on this.  Follow Daniel’s blog for more expanded detail on these subjects).

What is it?

Time-based one time password (TOTP) authentication

What does it give you?

Firstly, the obvious point here is you’ve been able to do TOTP in Domino for a long time, but it required third party software or appliances.  Here we get TOTP natively within Domino.

What is TOTP? Well, it’s two factor authentication based on a time based password that changes.   You put an app on your device that manages a six figure pin that changes every 60 seconds and it associated with a specific account.

Here you can deploy here with any number of apps (I’ve used Google Authenticator and OpenATP with Domino12 extensively for a couple of months and both have worked perfectly).

How do you implement it?

It’s easy.

You set up a trust relationship with your ID Vault and TOTP.

You enable it on the configuration settings document and then either web site, server or virtual server document.

You’ve to do a once off configure on the login form (but there’s a template for you to use, so it’s two minutes work for a non-developer).

Restart Domino and you’re ready to go.

Each user does a self-enrolment process the first time they connect which is intuitive, and takes no more than a couple of minutes.

There’s more functionality coming on this with Directory Assistance and managing multiple domains so watch this space.

What is it? 

Two new curves supported for TLS 1.2 ciphers that use ECDHE for forward secrecy

What does it give you?

Better performance on Perfect Forward Secrecy.

Perfect Forward Secrecy has been available since Domino 9.0.1 FP3 IF2.  It gives assurances session keys will not be compromised.

This new set of two new elliptical curves (once forward secrecy is set up) can offer better performance.  The two new curves are X25519 and X448. 

How do you implement it?

You do nothing. If you don’t want it you need to actively turn it off with a notes.ini setting. Domino 12 will attempt to use supporting curves in the following order

  1. X25519 
  2. NIST P-256
  3. X448
  4. NIST P-384
  5. NIST P-521 

What is it?

NRPC port encryption supports forward secrecy using X25519

What does it give you?

This sounds very similar to the last one, but there’s a whole lot more to unpack here.  These are for Domino to Domino connections over port 1352 or Notes client to Domino connections over port 1352.

So if you’ve ports with encryption turned on (which nowadays we are recommending to everyone), with Domino 12 the level of encryption increases from:

  • 128 bit AES-GCM for network encryption and integrity protection and 128 bit AES tickets 

 To: 

  • 256 bit AES-GCM for network encryption and integrity protection, X25519 for forward secrecy, and 128 bit AES tickets.

Basically stronger, encryption, better protection for sessions with forward secrecy and a curve that gives the best performance.

How do you implement it?

This is one of those points of different between Domino and Notes clients and ANY other technology.  (i.e. as opposed to the Office365 hacks, which are being put down to weakness in how Microsoft authenticates out of box).  Certs are baked in.  Basically if you have port encryption turned on, this will turn on by default.  If you don’t have them, turned on you can just enable encryption on the ports (for all inter server traffic), and via a policy for Notes clients.

In any other technology this would be so much more complex to do.  You’d need multiple devices to manage the connections, you’d have to change the port numbers, probably have to allow that port in a firewall plus you’d need to manage certs with third parties.  With NRPC, you’re already using certs to connect in so it’s just saying encrypt the port.  The same port (1352) is in use whether encrypted or not encrypted, so no further changes are required on the network or firewalls etc.

Oh and that’s only NEW and NATIVE features in Domino 12.  I just have to mention one more briefly that is no-charge to all entitled CCB customers. It’s HCL SafeLinx.  It is already available and in the wild.  It supports both HTTP and Notes port connections out of the box as a reverse proxy.  If you already user HCL Nomad you’ll probably know about it.  Later this in 2021, HCL Nomad Web will be out and you’ll look into this more then. (It can also be used for Sametime, Traveler and Verse – there’ a webinar on this coming up).  It builds upon the layers of native Domino security and gives you flexibility to add extra layers of security, particularly for external connections.  The main advantage is that it’s got baked in functionality for Domino so you don’t have to reinvent the wheel to do a basic set up.

I hope you enjoyed my first blog for HCL.

As always please provide feedback if you found anything interesting here.

Cormac McCarthy – Domino People Ltd

The Low Down on HCL Domino v12 Beta 2 and Beta 3

1. März 2021 Posted by Barry Rosen

A month ago we released the first beta drop of HCL Domino v12 and we’re excited to see such a high level of engagement among our customers, ambassadors and business partners. Two weeks ago, we announced the drop of Beta 2 and hosted a webinar with an overwhelming number of live questions — 118 to be exact! If you missed the webinar, you can catch the replay here. We also picked the most popular questions about our beta program and v12 , and have published those — along with the answers — here.  

To keep up with this exciting momentum, please join us at our next webinar about beta 3 on March 30, at 10AM ET. Register here. Beta 3 will be the last beta drop before the v12 release, so don’t miss your chance to participate and help us shape the future of HCL Domino! In fact, don’t wait for the next beta drop. All existing customers are automatically entitled to download the software packages from Flexnet today. We look forward to your feedback.

Beta Q&A 

Still have unanswered questions about the beta? Submit them in the beta forum.

Q: Is there a way to tell if issues raised in the beta forum are included/fixed in beta 2 or 3? 

A: The list of SPRs fixed in beta2 can be found in the release notes. Please see here.

Q: When can we expect the 64-bit standard client? 

A: Our plan is to start with the basic Notes client first in v12 beta 3, and then release the 64-bit standard client in a beta post v12 GA.

Q: Is the C-API toolkit updated and available as part of this beta? 

A: We released the C-API toolkit for v11 and will update for v12 post release.

Q: Is two-factor authentication available? 

A: Yes, feel free to try it out today! 

Q: If I load the beta on my system, will upgrading to v12 Prod work? 

A: When going from the beta version to the GA version, we recommend uninstalling the beta and installing v12 as a clean new install.

Q: Is there a backlog of undo/redo? 

A: No, but it has been submitted in our Ideas Portal. You can vote for it here.

General HCL Domino v12 Q&A 

Q: Does Domino 12 install VoP automatically as part of the base install? 

A: VOP will be included in Domino v12, but not automatically installed. 

Q: When will Hebrew and Finnish be included in Domino? 

A: Both languages are on the list for v12.0.1.

Q: Is there any chance for DKIM support in Domino in near future? 

This is in our future roadmap and will be delivered in the V12.0.x timeframe.

Q: Is there a future for HCAA ? 

A: From a technical point of view, HCL Nomad Web will succeed HCAA.

Q: What version of Domino will the Nomad Web client require? 

A: It will require a v12 server.

Q: What version of Java is supported by the v12 Domino server? And what is the roadmap for Domino for keeping up with Java versions? 

A: OpenJDK 8, and of course we are going to upgrade this to newer versions moving forward.

Q: Is Certificate Store replacing CertSrv 

A: Yes.

Q: Can I install and configure Domino through Ansible? 

A: Yes, feel free to do that. You can also check out some examples here.

Q: Is the old KYR/STH still supported? Can I push in new certificates by script or automation? 

A: LetsEncrypt will manage certificate renewals automatically. If you do not want to use LetsEncrypt, you can use your own CA. And yes, you can automate it.

Q: Is it possible for a developer to use the LetsEncrypt support to create SSLKeyring for dummy FQDN? 

A: LetsEncrypt certificates are only issued to servers that can be reached via HTTP or where the owner is in control of the DNS record. Creating a self-signed certificate is not possible with LetsEncrypt but will be possible with the Domino Certificate Manager.

Q: What will happen to Xpages going forward?  

A: Domino V12 will include Bootstrap 4. XPages functionality will continue to be enhanced and fully supported, but note that we are shifting to make low code (Domino Volt) our top priority.

Q: Will Bootstrap4 & FontAwesome also be available in XPiNC? 

A: Yes.

Q: Are there still text size limits in text fields or form documents?  

A: Many limits of Domino were raised or will no longer exist in v12. However, if you still need anything to be improved, please submit your idea here.

Q: What is the version of Sametime embedded in Notes v12? 

A: Sametime 11.5.

Q: When will Domino v12 be available to the market and how can I learn more?  

A: We will launch v12 in Q2 this year, around June. Stay tuned as more details to be announced soon. In the meantime, you can read our preview article here and watch our preview demos here

HCL Digital Solution – Lizenzierung & Wartung

16. Februar 2021 Posted by Alexander Kühn

Wir möchten heute auf ein Thema aufmerksam machen, dass bisher noch nicht so recht beleuchtet wurde im Bereich Lizenzierung bei den HCL Digital Solutions – lassen Sie uns über das sogenannte Partial Renewal reden. Wer schon länger Software Produkte aus dem Domino Bereich einsetzt, kennt das Thema zur Genüge. Jedes Jahr zum Renewaldatum steht die Verlängerung […]

Der Beitrag HCL Digital Solution – Lizenzierung & Wartung erschien zuerst auf n-komm.

HCL Domino Support Update

3. Februar 2021 Posted by Uffe Sorensen

HCL Digital Solutions would like to take this opportunity to clarify the requirement for offering Support subscription for the various HCL Domino Programs. This blog covers two such cases related to partial renewals that are not permitted.

Specifically, HCL Digital Solutions does not permit:

  1. Partial renewal of HCL Domino Programs under Non-Expiring (“Perpetual”) License. I.e., Licensee cannot renew a lesser quantity than the entitled volume to obtain Support.
  2. Separate renewal of Client-only or Server-only licenses where both are needed for a production environment and must be on Support for all users.  

Here are the requirements for the HCL Domino Programs that can subscribe to Support (1) for Perpetual Licenses beyond the initial 12 months:

  1. All-inclusive Per User Licenses (i.e., all server entitlements included with the per user license) 
  • HCL Domino Complete Collaboration Business Edition (CCB/CCX)
  • HCL Domino Volt User
  • HCL CEO Communications User
  • HCL Collaboration Express User
  • HCL Messaging Express User 

To receive Support for any above Program, each User must be under Support. Licensee cannot have some Users on Support and others not, which precludes any partial Support renewals of Perpetual Per User Licenses.

2. Stand Alone Server Licenses 

  • HCL Domino Utility Processor Value Unit (“PVU”) 
  • HCL Domino Utility Express Processor Value Unit (“PVU”) 

To receive Support for either of these Programs, all PVUs as entitled must be under Support. This precludes any partial Support renewals of Perpetual Utility Server and Utility Server Express Licenses. 

3. Client and Server Licenses   

  • HCL Domino Enterprise Client Access
  • HCL Domino Enterprise Processor Value Unit (“PVU”) 

As stated in the License Information (LI), each of these parts are interdependent and form one logical Program. Specifically, the HCL Domino Enterprise Server License Information mandates the corresponding Client License for any productive use (for all in-market versions). 

From the HCL Domino Enterprise Server V10.0.1 License:
Use of the Program by any means of Authenticated Access requires an entitlement to HCL Domino Enterprise client access, or a subscription to either HCL SmartCloud Notes or a HCL Connections Cloud S1. (2) 

Further, the most recent Domino v9.0.x and Domino v10.0.x Support Update [KB0085697] documents the packaging and Support dependency for HCL Domino Enterprise Client and Server side as one Program, why these cannot be separated from a Support viewpoint.

HCL Domino Enterprise Client Access is required for productive use of HCL Domino Enterprise PVU, hence both must be on Support to the full volume of Perpetual entitlements for each, i.e. no partial renewals. 

4. Client and Server Licenses for Messaging Only 

  • HCL Domino Messaging Client Access
  • HCL Domino Messaging Processor Value Unit and/or HCL Domino Enterprise Processor Value Unit (3) 

In keeping with the other Client and Services licenses, each of these parts are interdependent and form one logical Program. Specifically, the HCL Domino Messaging Server License Information mandates the corresponding Client License for any productive use (for all in-market versions).

From the HCL Domino Messaging Server V10.0.1 License:
Users of the Program must be covered by an entitlement to either HCL Domino Messaging client access or HCL Domino Enterprise client access. (4) 

HCL Domino Messaging Client Access is required for productive use of HCL Domino Messaging PVU, hence both must be on Support to the full volume of Perpetual entitlements for each, i.e. no partial renewals. 

General Rules for Renewals  

  • If you already own Perpetual Licenses and a compliant Support subscription, you can simply renew Support AS-IS per above rules.  
  • If an organization (i.e., the Licensee) wishes to decrease the number of supported users, it may do so if it relinquishes perpetual license entitlements for such unsupported users. However, remaining entitlements must be fully covered by Support.
  • Conversely, to increase the number of perpetual Client Access License users and/or server PVU License capacity for a currently compliant Support subscription, HCL Digital Solutions requests that you move to the CCB/CCX licensing model to greatly simplify your renewals and compliance tracking in addition to enhancing your value of the licensing. 

If you have any questions about this announcement or have any licensing questions, please contact your HCL product specialist or HCL Business Partner. 

Comments: 

  1. “Support” was formerly known as S&S, “Subscription & Support”.   
    Product Support from HCL is described in the HCL Software Customer Support Guide
  2. “HCL SmartCloud Notes” and “ HCL Connections Cloud S1” are obsolete and withdrawn Programs
  3. HCL Domino Enterprise PVUs can constitute the server side for HCL Domino Messaging Client where a high-availability (clustered) environment is desired and/or if add-on applications for mail management need to be installed. Mandates Client and Server Support and preclude partial renewals for any configuration of a Messaging Only deployment.
  4. The use of HCL Domino Enterprise client access in this context is limited to Messaging use 

Useful links: 

 Disclaimer – HCL’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at HCL’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard HCL benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multi programming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.