Posts Tagged: ‘Notes Domino’

Domino Mail Product Strategy Update

24. Mai 2022 Posted by Agnes Ng

Providing a secure enterprise mail solution trusted by governments and regulated industries has always been an essential mission for HCL Domino. Trusted by 40% of the Fortune 500, Domino is the backbone of corporate communications and powers our customers’ workflow applications that run their business.

In every Domino release, we have continued to invest in the core platform for apps and mail. This includes our own desktop, web and mobile clients, plus open client options such as Apple Mail. Here, we provide an update on the progress we’ve made and what’s coming.

User Experience  
Here are examples of the improvements we’ve made to both HCL Verse and HCL Notes. If you’ve not seen these before, please contact your BP or HCL sales representative for more information on upgrading so you can take full advantage of this more modern experience.

Capabilities Recently Delivered and What to Expect Next

Based on feedback from our community, here’s a summary of our Domino mail portfolio and our product plans for the next 3 years: 

Product/capability    Delivered recently   HCL roadmap & strategy 
Domino 
  • Improved security by introducing “Let’s Encrypt” and TOTP for web clients. 
  • Simplified admin management by streamlining cluster replication experience and introducing one-touch server setup. 
  • Cloud-native — flexible and scalable deployment on various platforms such as Azure, Google, and AWS 
  • Enhancement for mail security — including ICAP support, DKIM Inbound and SPF checking.  
  • Introducing Domino App Restyle — to make your existing apps UI look more modern with just a few easy steps.  
HCL clients for mail and apps 

  • Notes 
  • Nomad Web 
  • Verse Web  
  • Verse Mobile  
  • iNotes  
HCL Verse  

  • PWA for Verse 
  • Photos from NAB 
  • New calendar event interface 
     

HCL Verse Mobile 

  • Dark Mode Support 
  • Smart forward/smart reply 
     

HCL Notes 

  • Workspace UI Improvement 
  • Improved mail usability experience – sent from, copy formatting 
 

  • Introduce Verse 3.0 — new user interface for contacts & find availability visual scheduler. 
  • Nomad Web — printing and offline support.  
  • Notes Standard — continuous improvement of workspace and client performance. 
  • End of Support for iNotes — replaced by Verse with comparable functionality and much more. 
  • Our goal is to deliver a unified web experience that enables users to get work done more easily across today’s separate Verse, Nomad Web, Sametime and Domino Volt web experiences.  
Open clients 

  • HCL Microsoft for Outlook – (HTMO) Outlook on Windows *  
     
  • Project Quattro – Outlook on Mac and mobile *  
     
  • Traveler – Apple mail and calendar on iOS  
HTMO 

  • Delegation (full access) 
  • x.509 certificate authentication/ signing and encryption 
     

Traveler (Apple Mail) 

  • Room and resources updates in Apple calendar 
  • HTMO – improve performance, stability, and calendar features. 
Interoperability  
  • Directory Sync — External LDAP sync with Domino directory including password synchronization. 
     
  • Domino online meeting Integration (DOMI) in the Notes client — allows users to schedule meetings using Zoom, Webex, GoToMeeting, Teams and Sametime. 
     
  • Simplified backup experience – integrate with third-party backup solutions to restore your data reliably.  
  • A built-in free time busy look up feature — that works across both Domino and Exchange/Outlook-based systems.  

 

  • Migration tool — an intuitive UI for importing mail and calendar data from any third-party vendor such as Microsoft or Zimbra.   

 
Note:*
Recently, Microsoft announced an initiative to consolidate its Outlook clients and mail protocols. In addition, they announced the deprecation of the Exchange Web Services (EWS) protocol and API and its M365-based replacement that even Exchange on-premises customers will need to use.  

Due to the change in Microsoft’s protocol, and since most of the Domino customer base are Windows users, HCL has decided to invest in HCL Microsoft for Outlook (HTMO) to provide the open mail experience rather than continuing to develop EWS support. Specifically, our plan to deliver support for Outlook on Mac and Mobile under Project Quattro has ended. Consequently, in subsequent HTMO releases, we’ll focus on improving the ease of installation, performance, stability, and provide calendar feature parity with Notes and Verse where applicable.  
 
As always, HCL Digital Solutions is fully committed to the Domino community and our customers.  We value your feedback, so please feel free to reach out to us with any questions or submit your ideas to Aha. Thank you for your support.

Domino Product Team

Disclaimer – HCL’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at HCL’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard HCL benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multi programming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results like those stated here.  

 

 

Join Our Beta! Introducing Domino “Danube” Early Access Program

24. Mai 2022 Posted by HCL Domino Team

After the successful launch of HCL Domino v12.0.1 in December 2021, we are approaching the next release milestone: Today, we are happy to announce the new early access program for HCL Domino Danube!

You are invited to join the early access program to beta test our latest release and give feedback to our development teams.

We’re calling on our community to share honest, effective, and thoughtful reviews and testing of our software product. Your input is always essential for developing our products, and we will continue to listen to you every step of the way.

What you can expect from this first drop of Domino Danube:

HCL Domino Server 

For the Domino server, there are several enhancements waiting for you: 

  • Anti-virus scanning for message attachments 
    This will allow you to set up HCL Domino to work with an ICAP protocol server to scan for viruses in mail message attachments. 
  • Windows VSS support in Domino backup 
    Domino now provides a native Windows VSS writer for snapshot backups for use with the Domino backup and restore. VSS writers are designed for application-aware VSS snapshots. 
  • DAOS improvements 
    A new server task, DAOS Encryption Manager (daosencmgr), can be used to ensure DAOS objects on an HCL Domino server use a consistent encryption key.
  • XPages: upgrade to CKEditor 
    CKEditor, used in iNotes, is now version 4.5.6.1. Previously it was version 4.18.0. The new CKEditor version is also used in XPages.
  • New version of OpenSSL 
    HCL Domino now uses OpenSSL version 3.0.1. (it used OpenSSL version 1.1.1a previously).
  • Support for 5.x Linux kernels 
  • “Tell Domino support” console command 
    You can use the new tell domino support command to collect diagnostic files recently created in the IBM_TECHNICAL_SUPPORT directory into a .zip file to provide to support.
  • 256bit AES Encryption for database 
    The new default selection for database encryption is 128-bit AES. Previously it was Strong Encryption.
  • Administration Quick enhancements 
    Administration Quick (AdminQ) has been enhanced in Domino Danube.
  • Domino directory user interface enhancements 
    These Domino directory user interface enhancements are added for improved usability. 

… Plus, several other minor changes and performance improvements.

For a complete list of changes and improvements, please refer to the Domino Danube release notes.

And this is just the first beta drop! We are going to release even more features and Notes client builds in the coming stages of the early access program. We are planning to have monthly drops until the end of September (subject to change).

What’s new in Domino Danube? Find out here.

How to participate in this beta? 

Customers with a current entitlement to Domino can find the software packages for both beta programs on Flexnet. Beta participants, please let us know by submitting any and all feedback in our beta forum. For general input and new ideas or feature enhancement requests, please use the Domino ideas forum, here.

Thank you for your participation and your passion for HCL Domino!

HCL Domino Product Team 

 

How Domino v12 Improves an Administrator’s Life

17. Februar 2022 Posted by Heather J Hottenstein

As someone who has spent almost 28 years working around HCL Notes and Domino administration, my mind was blown with the number of new features that were delivered when v12 shipped in May of 2021.  And HCL kept the pedal pressed to the floorboard, introducing many more enhancements with Domino v12.0.1 in December of 2021. 

Considering the primary goal of a systems administrator is to protect the service, these new offerings make obtaining that goal easier.  When it comes to simplifying configuration, boosting security, and ensuring data integrity, Domino sets you up for success.

Nomad Web 

For years you have had the option of letting your end users access their Domino data from the Notes client or a web browser.  The Notes client provides various UI features, and the web browser offers mobility.  Nomad Web gives you the best of both worlds – a Notes client that is accessible from anywhere with zero local install required. 

By deploying Nomad Web, you no longer manage Notes client deployments.  The binary files supporting Nomad Web are on a single server.  In just a few minutes you can upgrade thousands of users to a new Notes version, apply a fix pack, etc. 

And, when migrating Notes users to Nomad Web, they can take their Notes desktop with them.  Out of the box, they have all their same databases available.

CertMgr  

Just like you wouldn’t send a letter in a non-sealed envelope, you should take the same safeguard and put a lock on your system’s network traffic.   

Domino v12 has a new Certificate Manager feature, which provides an easy and effective way of managing TLS credentials used for securing Domino server communications.  From within the Certificate Store database, you can create certificate requests, add trusted roots, upload received certificates and configure automatic renewal of Let’s Encrypt certificates.   

In v12.0.1 you can import PEM/PKCS12 certificates, export TLS credentials to PEM/PKCS12 certificates and create your own Domino based certificate authority.

Backups and Restores 

Mistakes, failures, and disasters happen.  Your ability to respond to these events is a keystone in data management.   

Domino v12 has a native backup and restore offering.  The configuration, processing and logging is all part of Domino.  As a result, the Domino administrator has complete control over protecting Domino’s data.   

Additionally, you can use third party backup software and integrate it with the native feature.  Domino v12.0.1 allows you to reliably restore data from a third party.  Full integration with Veeam snapshots are possible, too.

DKIM 

Domain Keys Identified Mail, DKIM, is an email security standard used to guarantee email messages are not tampered with during transit.   

Domino v12.0.1 supports DKIM by adding an encrypted signature to the messaging header of outbound emails.  DKIM signatures not only assure message contents but also confirm the originating point, meaning your sender addresses cannot be forged.  Adding DKIM to the Domino configuration allows recipients of your domain’s email to trust your communication’s authenticity.

Time-based One-time Password (TOTP) Authentication 

Domino v12 delivers 2-Factor authentication, requiring web users to provide both their user name/password credentials and a unique six-digit token.  The token is unique for the user, generated by the TOTP application and the user’s Domino ID Vault server.  While a third party may obtain a user’s credentials, they will not have access to the device running the TOTP application.  Hence, they cannot provide the required code and the access attempt fails.

IP Address Lockout 

The ability to control Domino resource access by IP address has been part of the SMTP and Router configuration for several releases.  With v12 you can also define which IP addresses are allowed to access the Domino server from a web browser.  Addresses outside of the allowed list will be denied access.

iNotes/Verse and User IDs 

A cornerstone of Notes client security is the ability to sign and encrypt email.  With the move to accessing email from a web browser, iNotes and Verse support document signing and encrypting by requiring a copy of the Notes ID be contained in the mail file.   

With v12.0.1 iNotes and Verse can use the ID stored in the ID Vault.  This enhancement continues the trend towards leveraging the ID Vault for security operations.  Using the ID Vault provides a secure, centralized and sustainable ID file storage strategy, which improves the formidability of the Domino deployment.

Domino Directory Enhancements 

The Domino Directory is where administrators do most of their configuration work.  Domino v12 adds new features to improve the directory’s usability. 

  • Auto group population: Groups can now be automatically updated based on a pre-defined criteria.  In a group document select Custom for the Auto Populate Method field and use the Selection Criteria field to define a LDAP search query, which will search the Domino Directory.  For example, have a membership list based on department name specified in person documents.
  • Mail-in database usability: The Mail-in Databases and Resources view now displays the Internet email address of mail-in databases. Also, there is a Go to Database action button available.  Pressing this button, opens the respective mail-in database of the document in focus.
  • Find Groups button: The Find Group action button, located on the Person document, shows all groups the user belongs to.  This is for both groups where the user is listed as a member and nested groups.
  • Find Server Config button: The Server document has a new Find Server Config action button, which displays a list of Configuration Settings documents associated with the server.  From the document list you may select one and open it. 

 AdminQ 

The Administration Process in Domino automates user renames, updating a locally stored ID, group listings, access control lists and Names fields in documents.  However, if a user does not log in from a Notes client, the rename process fails to complete. 

New to v12.0.1 is Admin Quick, which is a Notes database, adminq.nsf, AdminP uses to process user renames automatically.  While this feature is intended for iNotes and Verse users, the administrator can extend it to all users.

Cloud Native 

Cloud computing provides a means to be flexible and scalable without having to internally support an expensive infrastructure and respective IT staff, which equals the ability to stay competitive at a reduced cost. 

Your Domino v12 servers can be part of your cloud journey.  V12 is fully supported to run on all major platform vendors, including Google, Azure and AWS.  Domino servers are certified for Docker, Kubernetes, and Red Hat’s OpenShift.  As always, Domino provides you with options.

One Touch Setup 

Part of a modern DevOps strategy is the ability to quickly deploy servers using a script that defines configuration settings.  Additionally, re using a script ensures your standards are applied to each install. 

Domino v12 allows you to use a JSON when building new servers.  The JSON can be used for the first domain server or additional servers.  When deploying Domino on Docker, Windows and UNIX platforms a JSON can set up the Domino server, an ID Vault, register users, configure directory assistance, create/update applications/documents and enable agents.

Advanced Properties Box 

The document properties box is a valuable troubleshooting tool when it comes to reviewing document contents, specifically field values.   

With the Notes v12.0.1 client you now have an Advanced Properties box that allows you to search for field names and values, copy rows of data as a CSV, view profile documents and compare documents.  And, the advanced properties box can be resized, making the text easier to read.

AD/Domino Password Sync 

The Domino Directory, also known as the Public Address book, has existed since v1 was released in 1989.  And while it is great for managing a Domino environment, most often it is not the only system directory you have.  You wind up duplicating efforts with user life cycle processing. 

To reduce administration efforts Domino v11 introduced the ability to synchronize the contents of AD to the Domino Directory, which includes both user and group documents.  User creations, renames and deletions are performed in AD and then flow to the Domino Directory. 

Domino v12 now includes password synchronization with AD.  When a user’s password is changed in AD, the password for the respective user ID in the ID Vault and Internet password in the Person document are updated to the same value.

Conclusion 

Domino v12 and v12.0.1 offer several new features that the administrator can use to improve the security and operations of the Notes and Domino infrastructure, all while decreasing total cost of ownership.  Most important, these are all included as part of the entitlement, no additional cost required.  There has never been a better time to upgrade!   

And I can assure you that HCL is not backing off the commitment to continue delivering powerful administrative features as we look to Domino v12.0.2 and beyond.

5 Reasons to Love the HCL Domino Notes Client

9. Februar 2022 Posted by Ren Mark Tapang

HCL keeps making improvements and investing in all our products, and HCL Domino has a strong and future-proof roadmap. The latest version (v12.0.1) has a lot of new features and improvements. You can listen to a webinar about everything it has to offer here (plus a Q&A summarizing the hundreds of questions asked at that event).

I have been using Notes Client for many years, and it has improved with each version, here is a summary of some of the latest features of Notes Client that you will surely love and will help you with everyday life.

1. You Can Access Your Email from Anywhere — Even Offline  

Due to the global pandemic, most of us are working from home. So, with Notes, even if you don’t have immediate internet access, you can draft emails and keep working. There are times that the internet connection is intermittent, or even lost due to unforeseen circumstances. Emails prepared offline will be sent as soon as the Internet connection is re-established. 

Also, customers have told us that when traveling on a plane or going somewhere, their favorite work-related activity is to clear up their email backlog. Most of them work in Notes Client during their journey. They can read and respond to email just like they would when they are at their desk connected to the Internet. As the Internet connection is re-established, the email is automatically sent.

2. You Can Schedule When Emails Are Delivered

There are times when you want to schedule or delay the sending of an email if you’re working late and want to send an important email to a customer/client, you may not necessarily want it to show up in their inbox at 12 midnight). You can schedule the sending of that message so that it will appear in their Inbox closer to their working hours.  

Here’s a link to how to schedule how you can schedule email.

3. You Can Recall an Email 

Have you ever experienced that sinking feeling as you realize you have accidentally sent an email to the wrong person? Or experienced sending email with incorrect data or missing attachment? If you are lucky, it could just be an embarrassing blip on your day, but there is the potential for some very real damage, like incorrectly sending confidential information. 

So yes, sending an email to the wrong person or group can be embarrassing. Here’s how.

4. You Can Categorize Email Items to Stay Organized

Hunting and pecking to find a lost email can be frustrating and time-consuming but Notes now has an easy way to search by sender. You can quickly find a name in this view by typing any string of characters in the name, not just the first characters. This feature requires the Notes® 10 mail template (mail10.ntf).

5. You Can Manage Email by Creating and Setting Mail Rules

Does your inbox get flooded with emails every day (like it does for all of us)? Ever wish they would magically move to another folder where you can view them later; so that you can focus and concentrate on what is more important. 

Great news, with Notes Client, you can set rules that will automatically manage your emails and organize them in specific folders. This is possible by setting mail rules through the Manage and Create rule feature.  

Here’s how to create and manage rules in Notes Client.

Blog Posted by:  
Ren Mark Tapang  
HCL Notes Client Software Engineer  

How to Create Application Icons in Domino 12.0.1

23. November 2021 Posted by Mary Elizabeth Miller

In the Notes and Domino release of version 12.0.1 (coming soon!), we have updated the ability to display 64 x 64 px application icons in the workspace. You will have the ability to upload icon files that are larger than that, but on workspace they will display as 64 x 64 px. If you have older application icons that were created with the 32 x 32px icon specification that existed prior to this release, then those will still display at the smaller size. The Notes Domino design and development teams are working to update existing template icons for HCL provided templates; you will also see these icons updated in the v12.0.1 release.

If you have seen some of the new template icons, you might be thinking, “How can I update my application icons to look like that?” Follow along with the tutorial below or watch the webinar replay on how to update your Notes application icons. The default application icons are available to download from the forum here.

For applications using HCL-provided template such as mail, calendar, rooms and resources, and directory, etc., these will automatically update when the user opens these applications. For the custom applications that you have created for your clients or company, these icon files will need to be updated and deployed in Domino Designer by the owner of the application.

Examples of HCL provided template icons:

Guide to Creating Application Icons 

The following documentation explains how to design new application icons that match the style of the HCL Notes app icons but are tailored to the purpose of your application.

There are two different approaches you can take, review the following documentation, and decide which approach is best for you.

Option 1 

Use one of the provided icons and upload to Domino Designer. In this package, there are some default app icons that you can use out of the box and there is no design needed. These icons map to some of the templates that are provided with Domino such as Teamroom, Discussion, and Document Library. For these, all you will need to do is download the icon you would like from the folder titled “Option 1 – default Icons,” and upload it to designer.

Available Default Icons:

Option 2 

Note: For this option you will need to have access to an image-editing tool, such as:     

  • Microsoft Paint: Installed on Windows Machine 
  • GIMP: A free software available for Windows and Mac 
  • Adobe Photoshop: I would suggest to only use this one if you already have it installed on your machine  

You can create an application icon using a foreground and background image provided in this package.

Within this package there are many foreground and background images to select from. Select the ones that best match the intention of the application. For example, if the application is focused on scheduling and uses calendar views, then you might want to choose one of the foreground icons that represents events or time. While for the background color you might want to choose a color that is also represented in the color of the application.

Example Application Icons:

GIMP: Step by step 

The following instructions describe how to create these icons in GIMP 2.10. Other image editing software would have similar steps.

Step 1 

In the zip file provided you will see a folder titled Option 2 – Foreground and Background > Background Images. Within this folder select the background image that you would like to use. Then select a foreground image from the folder Option 2 – Foreground and Background > Foreground Images.

Step 2 

Create a new document and set the image size to 64 x 64px.

Step 3 

Drag or import the background image from the downloaded zip file. The background image was created specifically for a 64 x 64px background. Be sure that the background image is centered on the artboard.

Step 4

Follow the same steps for placing the foreground image. Be sure that the order of the layers has the foreground image on top of the background image.

Step 5 

If the background of the artboard is not transparent, then delete the white background that was created by default.

Step 6 

Export the image as a PNG file and upload the image to the Application Icon section in Domino Designer.

What’s New in HCL Domino Volt

5. Oktober 2021 Posted by Martin Lechleider

The latest release of Domino Volt, v1.0.4, is available for customers to download from the HCL license and download portal and to try out in the Domino Volt Sandbox. New features include the data grid and rich text items on the palette, in-place editing of text in design, a new overall design, and a new Link design client and SAP adapter.

Watch our latest webinar showing how these features enable marketing business users to create their own apps — Be an IT Hero: Empower Your Marketing Teams with Domino Volt.

The release delivers on the promise of “building apps … not just forms.”  The data grid in combination with app pages and navigation make it a much easier to address many application scenarios.  Think of the new release as allowing you to build apps which include forms – vs – building forms that look like apps. Many apps can be created in half the time and in many cases without writing a line of code. On top of that, they’ll have improved function and user experience.

Here’s a rundown of the new features and you can view the features in action here.

The data grid is the star of the release. It gives you a way to build views of form data on app pages or forms that can be used for all kinds of scenarios such as: 

  • Display the contents of a catalog for purposes of making a selection   
  • Show a task list or a summary of “my requests” 
  • Provide a dashboard summary which you can filter and sort
  • Create a list which allows you to conveniently select and update the underlying records 


    Example of the Data Grid used for catalog selection and my requests

Rich-text data input lets you build forms that allow users to enter and format text, tables and links. They can also paste content directly from sources like Microsoft Word.


Adding a rich text field in design mode 

Also, Domino data services can fetch rich text from Domino and put it the new rich text data field.

In-place text editing frees designers from the properties panel and makes it easier to add and format text content in-place in their apps.


  In-place editing of text 

The new design provides a modern, streamlined experience, with the tabs that were on top moved to the left to be more intuitive. 


New modern design

An updated Link client provides a simpler experience for the Domino Volt admin to build and manage integrations for Domino Volt designers. Plus, the addition of a new SAP adapter makes it possible to set up integration with SAP BAPIs. 

Check out the Domino Volt Showroom for new apps that you can download and import into the Domino Volt Sandbox to see what the new release can do. 

 

Domino v12.0.1 Beta 2

5. Oktober 2021 Posted by Ketan Godhaniya

Almost a month ago, we introduced the first Domino v12.0.1 beta program and we received a lot of participation from customers, ambassadors, and business partners.

Now, we are pleased to announce Domino V12.0.1 Beta 2 Program.

Your input is essential to how we develop our products — and we will continue to listen to you every step along our roadmap. 

Highlights of Domino v12.0.1 Beta 2 Program: 

Domino 

Domino Designer  

  • New methods for DQL named results
  • New method to saved sorted QRP results to a results view
  • New methods for named documents 

Apart from above highlights, we have made minor changes and performance improvements.

To see the full list, please refer to Domino v12.0.1 Beta 2 release notes.

Beta participants, please let us know how you think about the product by submitting your feedback in our beta forum. For general input and new ideas or feature enhancement requests, please use the Domino ideas forum here.

Thank you for your participation and your passion for HCL Domino! #dominoforever

HCL Domino Product Team 

Introducing Domino v12.0.1 and HTMO 3.0.3 Beta Program!

23. August 2021 Posted by Ketan Godhaniya

After the successful launch of HCL Domino v12.0 in June 2021, we are approaching the next milestone: We’re happy to announce two new beta programs at onceHCL Domino 12.0.1 and HTMO 3.0.3 have both launched a Beta Program today!

You are invited to join the beta program to test our latest release and provide feedback to development teams.  

We’re calling on our community to share open, effective, and thoughtful review and testing of our software product. Your input is essential to how we develop our products, and we will continue to listen to you every step along our roadmap. 

What you can expect from this first beta of Domino v12.0.1:

HCL Notes Client

Domino Online Meeting Integration

The Notes Client 12.0.1 is providing native integration of online meeting platforms like ZoomWebexGoToMeetingTeams and of course Sametime Meetings. So, from within the Notes calendar users can now more easily schedule online meetings on their preferred platform without having to install a plug-in.

Improved Workspace Design with High Resolution Icons

The new Notes client is finally allowing to use high resolution icons for your databases, which makes a big difference to the look and feel of your workspace! No need to stick to small and old style 32×32 pixel database icons anymore.

We have already updated our standard templates with new icons, will you update yours?

Advanced Properties Box

You have asked for it, we have delivered: an all-new and resizable document property box:

Thanks to Panagenda, the new “advanced properties” box allows to search for field names or values, it also provides the requested ability to copy to clipboard or export to a CSV file:

What’s new in Notes v12.0.1?

https://help.hcltechsw.com/notes/beta/12.0.1/whats_new_01.html

HCL Domino Designer

We have already provided a 64Bit Notes client (in beta as of now), and based on your request are now providing a 64Bit Domino Designer client.

Also, Domino Designer v12.0.1 provides the ability to include high quality icons for rendering and enables developers to optimize the database full text index by defining which fields to be included in the index — a feature that many customers were requesting (see this idea).

What’s new in Domino Designer v12.0.1?

https://help.hcltechsw.com/dom_designer/beta/12.0.1/basic/whatsnew1201.html

HCL Domino Server

For the Domino server a number of enhancements are waiting for you:

  • One-touch Domino setup with the ability to register users automatically
  • Certificate Manager is now integrated and does not require the DSAPI filter configuration anymore
  • Domino Directory template was cleaned up based on your request
  • Updates to the QVault tool for better manageability of ID’s in the Vault
  • Compare DB’s – a new template for developers to compare the design elements of two apps with each other
  • Entitlement Tracking now providing monthly reports 

This is just the first beta drop! We are going to release even more features in the next stage of the beta program.

What’s new in Domino 12.0.1?

https://help.hcltechsw.com/domino/beta/12.0.1/wn_12.0.1.html

HCL Traveler for Microsoft Outlook (HTMO) 3.0.3

HTMO in version 3.0.3 is providing the following new features:

  • Full support for delegated access (mail, calendar, contact)  
  • Improvements to the out-of-office user interface 
  • Performance improvements 

What’s new in Traveler 12.0.1?

https://help.hcltechsw.com/traveler/beta/12.0.1/new_server_features_12_01.html

What’s new for Microsoft Outlook support

https://help.hcltechsw.com/htmo/beta/3.0.3/whats_new_outlook_support.html

…and a number of minor changes and performance improvements.

For a complete list of changes and improvements, please refer to Domino v12.0.1 release notes.

How to Participate in this Beta?

Customers with a current entitlement to Domino can find the software packages for both beta programs on Flexnet.

Beta participants, please let us know how you think about the product by submitting your feedback in our beta forum. For general input and new ideas or feature enhancement requests, please use the Domino ideas forum here. 

Thank you for your participation and your passion for HCL Domino!
HCL Domino Product Team 

 

 

Licensing Update: Domino V12 and Key CCX Enhancement

2. Juni 2021 Posted by Uffe Sorensen

Over the past yearHCL Digital Solutions has been on a journey to consolidate our customers’ HCL Domino licensing around our modern, per user, licensing model – HCL Domino Complete Collaboration Business Edition (a.k.a. “CCB”) including unlimited Guest Users, and the additional external user capability under the HCL Domino Complete Collaboration eXternal User (a.k.a. “CCX”) entitlement. 

The majority of our customers are now licensed under this model. With the upcoming HCL Domino V12 release, we are further enhancing the CCB/CCX entitlements as described below.  

Additionally, with the release of HCL Domino V12 we are aligning all Domino products on consistent license termswhich will be available imminently and include the compliance rules outlined in “HCL Domino Support Update” from February 3, 2021. 

CCB Recap: Simplifying HCL Domino Licensing

CCB is the key step in our journey to provide one license model for HCL Domino, eliminating the uncertainty of server capacity and sub-capacity (PVU) licensing and ambiguous entitlement rules. 

  • A simple “Per User everything model” – use any client and any protocol for any server capacity to run all applications – including enterprise e-mail. 
  • Transparent license compliance management by simple user counting. 
  • Adding additional capabilities to the core Domino environment under CCB entitlements from V12 – for example HCL Nomad for Web Browsers and HCL SafeLinx. 

CCB entitlements are needed for all employees and contractors of your enterprise needing access to your Domino CCB servers – covering all B2E (Business-to-Employees) scenarios. All CCB entitlements include unlimited external web user access as needed for most B2C (Business-to-Consumer/Citizen) scenarios: 

  • Guest: unlimited anonymous browser users can freely access your Domino based websites. 
  • Known Guest: unlimited registered users with credentials to log-in and access applications limited to being a “Reader” with permission to “write public documents” (controlled by Domino application access [ACL] – see Known Guest Use Cases later in this blog post).

For B2B (Business-to-Business) or advanced B2C scenarios, where the external users need to fully engage in applications beyond the access permitted for Known Guests, we introduced the CCX entitlement as an add-on for CCB licensing. (See Introducing CCX, External User Entitlements“ from September 23, 2020.

Extending CCX entitlement to address additional use cases

CCX users have full functionally to use Domino or Domino Volt [see below] applications and workflows but cannot create applications themselves. CCX users do not have a personal mailbox but can use task/functional mail for workflow routing or applications generating mail.  

The CCX Authorized User entitlement is unique, however, can be reassigned after 30 days of inactivity.  Consequently, some former Domino Utility Server B2C use cases can now be easily changed from trying to manage/throttle server PVU consumption, to simply ensuring adequate CCX entitlements for actual/expected external users in any 30 day periodwith little or no change to existing apps.  See later in CCX Use Cases. 

CCB Recap: Add-on features for CCB licenses

HCL will continue the “add-on” scheme for CCB licensing, which now includes: 

  • HCL Domino Volt can be licensed to all CCB users.  Licensing HCL Domino Volt as an add-on, includes all CCB and CCX users, as well as enabling use of HCL Enterprise Integrator, HCL SAP Connector and HCL Link on all HCL Domino servers under CCB entitlements. 
  • HCL Sametime Premium: special add-on price for CCB users to upgrade from HCL Sametime Premium Limited Chat to full capabilities.  

CCB Recap: Access to Domino Servers Licensed under CCB

HCL Domino Servers deployed under CCB Authorized User entitlements can only be accessed by the Licensee’s Enterprise entitled CCB Authorized Users, Guest Users, and CCX Authorized Users. No other user access or Domino Client Access Licensing are permitted access to CCB licensed servers.  In addition, the Servers may participate in mail routing (SMTP), directory lookup and authentication (LDAP) for non-HCL Domino programs and permit access to free/busy time information. 

Known Guest Use Cases (general B2C)

Known Guest, as seen from an application, is an authenticated (must be identified) external user listed in the application access control list (ACL) with Reader permission and permitted to write public documents.  This access is either granted on a named user basis or by the user being a member of a group or generic association in the ACL. 

Content tailored to individual users, subscribing to information

Any Known Guest in an application can read all non-restricted documents in the database and download any attachments from these.  Access to specific documents in the database can be controlled by adding users/groups in the ”Reader Name Field” for the document(s). As a result, only the appropriate Known Guests can read/download content. If you have a special Interest Profile or similar for the users, this can be used to filter the information available to relevant individuals. 

Submitting a form, starting a workflow, creating content

If a Known Guest is flagged as permitted to “Write Public Documents” this user will be able to see all Forms/actions in the application which are enabled as “Available to Public Access Users”.  
For example, using a Form called “Create Interest Profile”, which the user would complete and save to create a special Interest Profile or tailor a mailing list.   

Hints for the Admins/Developers: The Save Process can turn off the “$PublicAccess=1” flag to prevent the Interest Profile from being visible to all users of the appbut still available for the app and the originator to access appropriate content. 

 If/when the Known Guest wants to “Update Interest Profile” later, another Form will be used presenting the update options, maybe pre-populated with some of the existing information, and then processed as above. 

Hints for the Admins/DevelopersThe Known Guest cannot update the initial document directly (being “Reader”), but the app could include a background Agent to manage updating/merging the content. 

When B2C requires higher level of access than the Known Guest

The above simple rules should permit implementation of most B2C use cases, however, HCL have found a number of existing B2C apps hosted on Domino Utility Server which do not adhere to the above rules. HCL has decided to enable the reuse of these apps rather than mandating a rewrite (which you can of course always do). This is accomplished by relaxing the usage requirements for the CCX entitlement and permitting an entitlement to be reassigned after 30 days of inactivity See examples below. 

CCX Use Cases

CCX Authorized User as seen from an application is an authenticated (must be identified) external user listed in the application access control list (ACL) with a maximum permission of Author. 
This access is either granted on a named user basis or by the user being a member of a group or generic association in the ACL. Any of these authenticated users can contribute documents to a Domino app/database, and edit own or other designated content. 

Some CCX B2B users will have a permanent, continuous, use of applications under the CCX entitlement.  
In B2C scenarios, with full use of app capabilities, user access is more sporadic. HCL have found that many customers with Domino Utility Server licensing, largely ignored the volume of users that were created as the user count was not a factor in licensing. These same customers struggled with server sub-capacity PVU management under fluctuating capacity needs and often had to throttle use to stay within licensed capacity (PVU) limits for their B2C apps, resulting in reduced customer satisfaction. 

Most applications written to work on a Domino Utility Server (using Author access) are now viable to deploy under CCX licensing, unchanged, by licensing the maximum volume of expected/planned users for any 30 day period. HCL still recommends that you optimize your B2C apps for the Known Guest model, which is included, with no limits, with even a single CCB entitlement. 

 Two examples of how to use short term/occasional external user engagement apps under the CCX model

Example 1: Job Postings

New Applicants register for web credentials and submit an initial Job Application Package.  They then: 

  • Update Packages during interview cycles and eventually progress into on-boarding workflows 
  • If not on-boarded, Job Application docs still exist and can be resumed/updated later by Applicants 
  • When there is no activity with a particular Applicant for 30 days, the CCX entitlement can be reassigned to another Applicant/External user – effectively, you need entitlements for any active/expected users within any 30 days period. 
Example 2: Citizen/Government Interactions 

Many countries are creating authentication facilities for citizens based on government issued individual credentials.  Any user based licensing counting all permitted users, would be totally prohibitive for using these public IDs.  However, many apps exist or are being written to submit public forms, to obtain information from Government/Municipalities, etc under the Government ID: 

  • The revised CCX is perfectly designed for many existing apps coded for user permission as Author. 
  • The app must use the Government provided means of authentication, and then have appropriate ACL set-up to allow these external users access up through Author for the app.  Data can be kept around as app scenarios dictate, and user affiliation with the app likewise.   
  • If there is no activity with a particular CCX Citizen for 30 days, the entitlement can be reassigned to another Citizen/External user – effectively, you need entitlements for any active/expected users within any 30 day period. 

 Both of these scenarios could, generally, be written/updated to work within the Known Guest model.

Aligning all Domino V12 Licenses

HCL Domino V12 products will be provided to customers on active Support consolidated under the four categories and License Information documents below.  Note, that all current entitlements, support subscriptions and part numbers remain unchanged. 

Program Name:  HCL Domino Complete Collaboration Business Edition 12.0 includes: 

  • HCL Domino Complete Collaboration Business Edition 12.0 
  • HCL Domino Complete Collaboration External User 12.0 
  • HCL Nomad for Web Browsers (eliminating desktop upgrades for the future) is a supporting program uniquely provided with the CCB entitlement from V12. Any customer needing this feature must migrate to the CCB/CCX license model. 

 Program Name:  HCL Domino Enterprise 12.0 consolidating the following 3 models: 

  • HCL Domino Enterprise 12.0 Client Access 
  • HCL Domino Enterprise 12.0 Processor Value Unit  
  • HCL Domino Collaboration Express 12.0 

 Program Name:  HCL Domino Messaging 12.0 consolidating the following 3 models: 

  • HCL Domino Messaging 12.0 Client Access 
  • HCL Domino Messaging 12.0 Processor Value Unit  
  • HCL Domino Messaging Express 12.0 

 Program Name:  HCL Domino Utility 12.0 consolidating the following 2 models: 

  • HCL Domino Utility 12.0 Processor Value Unit  
  • HCL Domino Utility Express 12.0 Processor Value Unit 

Acquiring Entitlements and Support for above products is fully supported for CCB/CCX and for all other products as described in “HCL Domino Support Update” from February 3, 2021, under the following rules: 

  • No partial renewals permitted for any licensing. 
  • For HCL Domino Enterprise Client/Server:  If the current configuration is compliant for both client and server side, Support can be renewed as-is, or you can migrate to CCB, cost neutral.  In all other circumstances, to renew or adjust volumes, HCL require that you negotiate a migration to the CCB/CCX license model.  
  • For HCL Domino Collaboration Express:  A compliant configuration can be renewed as-is, or you can migrate to CCB on attractive terms.  HCL also recommends migrating to CCB to increase footprints, or to take advantage of HCL Domino Volt, however, you are permitted to acquire additional perpetual entitlements for a compliant configuration. 
  • All compliant standalone Utility Server entitlements can be renewed as-is (use of Domino Designer requires appropriate Domino Enterprise Client Access licences). To increase footprints, HCL require that you migrate to the CCB/CCX license model, which now supports all Utility Server use cases. 
  • For HCL Domino Messaging product models: A compliant configuration can be renewed as-is.  Also, you can increase the footprint for a compliant configuration by acquiring appropriate new entitlement parts. 

 HCL has updated all formal HCL Domino V12 License Information Documents now available here

Managing the upgrade/coexistence scenario from Domino Utility Server to CCB/CCX

An existing Domino Utility Server PVU or Utility Express PVU configuration with appropriate Domino Enterprise Client Access licenses for app maintenance can be renewed as-is.  However, many customers want to grow their application volume (hence, deployed server capacity) or want to take advantage of moving to CCB/CCX and the CCB add-on capabilities.

If you replace your Utility Server Support Subscription with appropriate CCB/CCX Authorized User volume to cover the current users, you can leave the installation as-is and just use your new CCB licensing.

If you need to maintain coexistence between Utility Server and CCB environments, you need to observe the following guidelines: 

  • Any entitlements included with CCB are only available to the CCB environment, e.g. Safelinx/Nomad Web. If HCL Domino Volt was added to CCB, the HCL Enterprise Integrator, HCL SAP Connector, and HCL Link are only available for the CCB environment.  
  • Any existing HEI/SAP Connector in the Utility Server environment must be continued/renewed as-is and cannot be replaced by the CCB entitled programs.  
  • Users defined on Utility Servers must be on the Denied Access List for all CCB servers to separate them from CCB licensing counts, whereas any CCB user is permitted access to the Utility Servers. 
  • The V12 Entitlement Reporting Tool provides a report for all of your Domino Domains, however, you can drill down on specific servers or groups of servers to understand user volumes by server. 

This announcement further enforces CCB/CCX as the licensing platform for Domino customers, allowing all customers to upgrade to CCB and with CCB as the only model for all new customers.

If you have any questions about this blog post and announcements or have any licensing questions, please contact your HCL product specialist or Business Partner. 

 Useful Links:  

 Related Blog Posts:

Frequently Asked Questions

Updated since September 23,  2020, “Introducing CCX, External User Entitlements 

Q: How are CCB/CCX users counted?

A: The Domino V12 Entitlement Tracker Tool produces an internal report to assist you with license compliance. (This report is not collected by HCL) 

  • You simply count the entries across all Domino Directories and Authentication Sources permitting users to log-in.  The count of credentials permitting log-in equals the number of Authorized Users. 
  • Keep separate track of “external” users and exclude from the CCB count.  A user on all Denied Access Lists are excluded from the counts. 
  • CCB includes an unlimited entitlement for Guest users. If logged-in Known Guest user credentials are included in the Domino Directories identified/separated out as “guests”, simply exclude from CCB/CCX counts. 
  • Needed CCX entitlements are established from the maximum number of log-in’s used or to be used in any 30 day period.  
  • CCB and CCX can reside on same server or as administrator decides – counting is always across all Domino Directories in Licensee’s enterprise.   
  • No employee or contractor in Licensee’s Enterprise can be a CCX or Guest user.   
     

Q: am using an earlier Domino license model. How do I switch to CCB/CCX?  

A: CCB licensing is a superset of prior Domino licensing. When CCB licensing is established replacing active Domino licensing, CCB can provide the entitlements that were in place for the Domino Servers and various clients. To support the user constituents, you may need both CCB/Guest and CCX entitlements to match your current use cases, but you can continue to use deployed software. In most cases, if you have a compliant installation, the move to CCB is cost neutral. 

Q: I just need Domino apps, no need for mail or other features. 

A: Mail routing is intrinsic to Domino and to many apps that run on the platform. For simplicity, the full mail application is included with CCB and functional/workflow mail is included with CCX – both HCL Verse, the traditional Notes user interface, and mobile access. The mail function is always part of your entitlement, whether you use it or not. 

Q: Can I still just license mail? 

A: The mail-only licensing of Domino Messaging CAL/PVU, Messaging Express is still available. However, you can fully replace your mail entitlements with CCB and include Domino Volt to gain significant additional value for your users. (See also Aligning all Domino V12 Licenses in this blog.) 

Q: What is included with CCB and what are add-ons? 

A: The CCB license includes entitlements to  

  • HCL Nomad for Web Browsers for all CCB/CCX users 
  • HCL SafeLinx  for all CCB servers and CCB/CCX users  
  • HCL Sametime Premium Limited Chat 
  • You must have a CCB license to enable any code install/download & product support for the above functions. 

Add-ons include:   

  • Full HCL Sametime Premium at a special, reduced, price 
  • HCL Domino Volt for all CCB users at a simple uplift (which is also extended to all CCX users for no additional charge).  The HCL Domino Volt add-on includes HCL Enterprise Integrator, HCL SAP Connector and HCL Link which are entitled for all CCB entitled servers with Domino Volt 
  • CCX on a per External User basis as described elsewhere in this blog. 

Q: What is a CCB user permitted to do? 

A: CCB users are entitled to all aspects of Domino applications and enterprise e-mail and purchased add-ons per above, without license restrictions on what users are permitted to do. CCB users can create and participate in apps and workflows to any level set by their Domino Administrators. 

Q: How do you restrict CCX and Guest users’ access to an application? 

A: Based on your settings in the Domino “Access Control List” (ACL) – all Domino databases/applications have an ACL which maps access levels to users. The access level is a classification limiting which tasks a user can perform in the database  – Manager, Editor, Author, Reader, Depositor, No Access – these classes are just labels, not verbatim. To fully understand permitted use cases, refer to the product documentation on ACLs found here  
Learn about Domino Access Control Lists (ACL)

Hints for the Admins/DevelopersExisting apps and standard templates may need customisation to support Known Guest users (free with CCB), whereas CCX users should have appropriate support with no changes to apps. 

Q: Why is a CCX user permitted ACL level up to Author? 

A: CCX users can fully participate in, and use (not create) Domino apps and workflows (including Domino Volt if added to CCB.)  The maximum ACL level allowed is “Author” access, which is typically assigned to users who need to contribute documents to a Domino database – and authenticated users can edit their own and other designated content.  
CCX is for authenticated, external users only and not permitted for any employee or contractor in the Licensee’s Enterprise. 

Q: Why is an anonymous Guest permitted ACL level up to Author? 

A: Anonymous Guests are web users, who beyond browsing a web site are permitted actions like submitting a contact form, participating in a web survey, posting anonymous blog content, etc. “Author” access is typically assigned to users who need to contribute documents to a Domino database just like CCX users, however, being anonymous they cannot edit any content, nor access individualised content and no details are retained as to who contributed to the database. 

Q: Why is a logged-in Guest only permitted ACL level up to Reader? 

A: Under ACL control, “Reader” access allows controlled creation of documents by using public access forms. Logged-in Guests authenticating with HTTP/LDAP are typically a dynamic, ever increasing volume of users visiting your web site, registering to gain access to community content, special interest forums, initiating workflows, etc.  “Reader” access is typically assigned to users who are only permitted to read documents in a database and/or using public forms to create documents. This case is for authenticated, external, limited use only, and not permitted for any Employee or contractor in the Licensee’s Enterprise.  
For external users needing any higher level of access, you must purchase CCX entitlements. 

Disclaimer – HCL’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at HCL’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard HCL benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multi programming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.  

HCL Domino v12: The 4 New Security Features You’ve Been Waiting for

16. März 2021 Posted by Cormac McCarthy

While no platform is immune to the possibility of hacking, the question I would pose is: Has your Domino infrastructure ever been hacked?  Didn’t think so. It’s probably boring to say that the most straight forward answer is HCL Domino is rock solid on security.   When set up correctly and optimised, HCL Domino is the most secure platform of its type.  It’s true though.  Reliable and secure is a good thing. A very good thing. 

The HCL Domino v12 beta is out now.  If you haven’t already tried it, it’s free for all existing licensed Domino customers.  It’s waiting there in flexnet for you to download and try it out!  It’s the first time a beta of this type is in existence and it has multiple interactions (we’re currently on beta 2; beta 3 is scheduled for the end of March. Register here to join us for the beta 3 webinar.

What I really love about it is the almost instantaneous feedback from the beta forum, from those in charge of development.  Domino v12 is scheduled for full release in Q2 of this year.  (June 2021 timeframe is given at the moment).

Read an overview of what’s coming here.

Here’s is a list of all the NEW NATIVE security features coming in Domino v12 and there’s a whole host of them:

  • Automating certificate management 
  • Time-based one-time password (TOTP) authentication 
  • Enforce internet password lockout based on IP address 
  • TLS 1.0 is disabled by default 
  • Support for PEM-formatted TLS host keys and certificates 
  • Two new curves supported for TLS 1.2 ciphers that use ECDHE for forward secrecy
  • New template signing ID uses 2048-bit keys
  • NRPC port encryption supports forward secrecy using X25519
  • Import internet certificates that contain unsupported critical extensions
  • Suppress key rollover alerts during ID vault synchronization
  • New Query Vault command options
  • Support for SameSite cookie 

Also note native support for DKIM is planned in the 12.0.x timeline. (Again natively, you can achieve DKIM with third party mail gateways).

We could argue about which are the best and more important ones here, but I’m going to concentrate on the 4 new security features in Domino v12 that you’re going to want to implement straight away:

  1. Automating certificate management 
  2. Time-based one-time password (TOTP) authentication
  3. Two new curves supported for TLS 1.2 ciphers that use ECDHE for forward secrecy
  4. NRPC port encryption supports forward secrecy using X25519 

Note: these are all based on current plans at beta 2, some of these will be subject to change (for the better) come beta 3 and GA.

What is it?
Automating certificate management?

What does it give you?

This topic could probably be four killer new features in one on its own, because it includes so much.

The short answer here is it takes something that was a headache to most admins and makes it completely seamless and automatic. It also includes support for ECDSA which is very progressive in terms of offering support for cutting edge security (some browsers don’t even support it yet).

In order to explain the context here, we probably need a short history lesson on cert management in Domino.  Prior to SHA-2 being the supported, Domino managed certs via a Domino database. It did exactly what it said on the tin and was never really updated from the time of release. But it worked. There were only four steps listed in the database. Some customers did find it fiddly.

Then SHA-2 support for Domino came out and admins did not like how this was implemented.  Again, it’s Domino, so it was secure, and it worked, but the process was a headache.  I have to admit for 99 percent of our customers, I just did it for them to save them the hassle so I got used to it.  But you did need a kyrtool, you’d need to install Openssl, you’d have to copy and paste various commands, copy parent and intermediate certs into text files.  It was messy to implement.

Well that’s gone.

What’s in its place is the most straight-forward solution one could imagine.

Let’s Encrypt offers free third-party SSL certs.  They’re currently the most widely used Certificate Authority in the world and work with all major browsers (they’re sponsored by some of them).

You can now get Let’s Encrypt Certs in Domino, by filling in a couple of fields in a form.  In short saying, “I want a cert for my website.  Give me one now.”  And it will give you one straight away. In seconds, your web server will be running with that cert.  A new task called CertMgr manages it all.

“It can’t be that easy,” I hear you say.  Well, in most use cases, it is.

Wildcard certs are slightly different, but again it’s as easy as it can be.  Other third-party certs are still 100 per cent supported, and easier than ever to implement with the Certificate Store.

Another point you might have missed around this is CertMgr supports Elliptic Curve Digital Signature Algorithm (ECDSA) using the NIST P-256 and NIST P-384 curves.  Not all browsers support this yet (most do), but in short it has the potential to give quicker and more secure TLS connections and shows that HCL are ahead of the curve #badnerdpun.

How do you implement it?

There are a lot of options available here but I cannot over emphasise how straight forward this is to implement.

CertMgr runs as a task. The first time you load it builds a back-end Domino database.  The database has intuitive forms but there’s documentation just in case.  You create a free account with Let’s Encrypt with a couple of clicks within the database.

I don’t want to get too bogged down in the detail here, because you don’t actually need to know the back ground details, but there a couple of ways Let’s Encrypt will verify you’re the owner of the domain, either by HTTP response (the most straight forward I think, but requires that the server can initiate outbound HTTPS requests – even temporarily to Lets Encrypt) or via DNS Response.

The HTTP response in particular is VERY easy to setup.

Third party certs are managed via the database, so you won’t have to fiddle about with openssl and the kyrtool.

ECDSA is a more complex subject, but the steps to implement are relatively straight forward here, the main complicating factor here is managing browser support, there’ll be more of this in beta 3 (thanks to Daniel Nashed for answering some of my basic questions on this.  Follow Daniel’s blog for more expanded detail on these subjects).

What is it?

Time-based one time password (TOTP) authentication

What does it give you?

Firstly, the obvious point here is you’ve been able to do TOTP in Domino for a long time, but it required third party software or appliances.  Here we get TOTP natively within Domino.

What is TOTP? Well, it’s two factor authentication based on a time based password that changes.   You put an app on your device that manages a six figure pin that changes every 60 seconds and it associated with a specific account.

Here you can deploy here with any number of apps (I’ve used Google Authenticator and OpenATP with Domino12 extensively for a couple of months and both have worked perfectly).

How do you implement it?

It’s easy.

You set up a trust relationship with your ID Vault and TOTP.

You enable it on the configuration settings document and then either web site, server or virtual server document.

You’ve to do a once off configure on the login form (but there’s a template for you to use, so it’s two minutes work for a non-developer).

Restart Domino and you’re ready to go.

Each user does a self-enrolment process the first time they connect which is intuitive, and takes no more than a couple of minutes.

There’s more functionality coming on this with Directory Assistance and managing multiple domains so watch this space.

What is it? 

Two new curves supported for TLS 1.2 ciphers that use ECDHE for forward secrecy

What does it give you?

Better performance on Perfect Forward Secrecy.

Perfect Forward Secrecy has been available since Domino 9.0.1 FP3 IF2.  It gives assurances session keys will not be compromised.

This new set of two new elliptical curves (once forward secrecy is set up) can offer better performance.  The two new curves are X25519 and X448. 

How do you implement it?

You do nothing. If you don’t want it you need to actively turn it off with a notes.ini setting. Domino 12 will attempt to use supporting curves in the following order

  1. X25519 
  2. NIST P-256
  3. X448
  4. NIST P-384
  5. NIST P-521 

What is it?

NRPC port encryption supports forward secrecy using X25519

What does it give you?

This sounds very similar to the last one, but there’s a whole lot more to unpack here.  These are for Domino to Domino connections over port 1352 or Notes client to Domino connections over port 1352.

So if you’ve ports with encryption turned on (which nowadays we are recommending to everyone), with Domino 12 the level of encryption increases from:

  • 128 bit AES-GCM for network encryption and integrity protection and 128 bit AES tickets 

 To: 

  • 256 bit AES-GCM for network encryption and integrity protection, X25519 for forward secrecy, and 128 bit AES tickets.

Basically stronger, encryption, better protection for sessions with forward secrecy and a curve that gives the best performance.

How do you implement it?

This is one of those points of different between Domino and Notes clients and ANY other technology.  (i.e. as opposed to the Office365 hacks, which are being put down to weakness in how Microsoft authenticates out of box).  Certs are baked in.  Basically if you have port encryption turned on, this will turn on by default.  If you don’t have them, turned on you can just enable encryption on the ports (for all inter server traffic), and via a policy for Notes clients.

In any other technology this would be so much more complex to do.  You’d need multiple devices to manage the connections, you’d have to change the port numbers, probably have to allow that port in a firewall plus you’d need to manage certs with third parties.  With NRPC, you’re already using certs to connect in so it’s just saying encrypt the port.  The same port (1352) is in use whether encrypted or not encrypted, so no further changes are required on the network or firewalls etc.

Oh and that’s only NEW and NATIVE features in Domino 12.  I just have to mention one more briefly that is no-charge to all entitled CCB customers. It’s HCL SafeLinx.  It is already available and in the wild.  It supports both HTTP and Notes port connections out of the box as a reverse proxy.  If you already user HCL Nomad you’ll probably know about it.  Later this in 2021, HCL Nomad Web will be out and you’ll look into this more then. (It can also be used for Sametime, Traveler and Verse – there’ a webinar on this coming up).  It builds upon the layers of native Domino security and gives you flexibility to add extra layers of security, particularly for external connections.  The main advantage is that it’s got baked in functionality for Domino so you don’t have to reinvent the wheel to do a basic set up.

I hope you enjoyed my first blog for HCL.

As always please provide feedback if you found anything interesting here.

Cormac McCarthy – Domino People Ltd

The Low Down on HCL Domino v12 Beta 2 and Beta 3

1. März 2021 Posted by Barry Rosen

A month ago we released the first beta drop of HCL Domino v12 and we’re excited to see such a high level of engagement among our customers, ambassadors and business partners. Two weeks ago, we announced the drop of Beta 2 and hosted a webinar with an overwhelming number of live questions — 118 to be exact! If you missed the webinar, you can catch the replay here. We also picked the most popular questions about our beta program and v12 , and have published those — along with the answers — here.  

To keep up with this exciting momentum, please join us at our next webinar about beta 3 on March 30, at 10AM ET. Register here. Beta 3 will be the last beta drop before the v12 release, so don’t miss your chance to participate and help us shape the future of HCL Domino! In fact, don’t wait for the next beta drop. All existing customers are automatically entitled to download the software packages from Flexnet today. We look forward to your feedback.

Beta Q&A 

Still have unanswered questions about the beta? Submit them in the beta forum.

Q: Is there a way to tell if issues raised in the beta forum are included/fixed in beta 2 or 3? 

A: The list of SPRs fixed in beta2 can be found in the release notes. Please see here.

Q: When can we expect the 64-bit standard client? 

A: Our plan is to start with the basic Notes client first in v12 beta 3, and then release the 64-bit standard client in a beta post v12 GA.

Q: Is the C-API toolkit updated and available as part of this beta? 

A: We released the C-API toolkit for v11 and will update for v12 post release.

Q: Is two-factor authentication available? 

A: Yes, feel free to try it out today! 

Q: If I load the beta on my system, will upgrading to v12 Prod work? 

A: When going from the beta version to the GA version, we recommend uninstalling the beta and installing v12 as a clean new install.

Q: Is there a backlog of undo/redo? 

A: No, but it has been submitted in our Ideas Portal. You can vote for it here.

General HCL Domino v12 Q&A 

Q: Does Domino 12 install VoP automatically as part of the base install? 

A: VOP will be included in Domino v12, but not automatically installed. 

Q: When will Hebrew and Finnish be included in Domino? 

A: Both languages are on the list for v12.0.1.

Q: Is there any chance for DKIM support in Domino in near future? 

This is in our future roadmap and will be delivered in the V12.0.x timeframe.

Q: Is there a future for HCAA ? 

A: From a technical point of view, HCL Nomad Web will succeed HCAA.

Q: What version of Domino will the Nomad Web client require? 

A: It will require a v12 server.

Q: What version of Java is supported by the v12 Domino server? And what is the roadmap for Domino for keeping up with Java versions? 

A: OpenJDK 8, and of course we are going to upgrade this to newer versions moving forward.

Q: Is Certificate Store replacing CertSrv 

A: Yes.

Q: Can I install and configure Domino through Ansible? 

A: Yes, feel free to do that. You can also check out some examples here.

Q: Is the old KYR/STH still supported? Can I push in new certificates by script or automation? 

A: LetsEncrypt will manage certificate renewals automatically. If you do not want to use LetsEncrypt, you can use your own CA. And yes, you can automate it.

Q: Is it possible for a developer to use the LetsEncrypt support to create SSLKeyring for dummy FQDN? 

A: LetsEncrypt certificates are only issued to servers that can be reached via HTTP or where the owner is in control of the DNS record. Creating a self-signed certificate is not possible with LetsEncrypt but will be possible with the Domino Certificate Manager.

Q: What will happen to Xpages going forward?  

A: Domino V12 will include Bootstrap 4. XPages functionality will continue to be enhanced and fully supported, but note that we are shifting to make low code (Domino Volt) our top priority.

Q: Will Bootstrap4 & FontAwesome also be available in XPiNC? 

A: Yes.

Q: Are there still text size limits in text fields or form documents?  

A: Many limits of Domino were raised or will no longer exist in v12. However, if you still need anything to be improved, please submit your idea here.

Q: What is the version of Sametime embedded in Notes v12? 

A: Sametime 11.5.

Q: When will Domino v12 be available to the market and how can I learn more?  

A: We will launch v12 in Q2 this year, around June. Stay tuned as more details to be announced soon. In the meantime, you can read our preview article here and watch our preview demos here

Start Your Engines! HCL Domino v12 Beta is Here! Are You Ready?

20. Januar 2021 Posted by Thomas Hampel

If you joined us at Digital Week 2020, you’ve probably heard about the preview of Domino v12. (It was the most popular session of the event!) Now that the release of v12 is around the corner, we would like to provide all current customers an exclusive preview. Today, we’re officially launching the first public beta of Domino v12!  

We are inviting you to join this beta program and take part in shaping the future of our product, helping us deliver the best-ever product experience! All existing Domino customers are automatically entitled and will be able to download the required software packages from Flexnet today. (See below for Q&A.) 

The goal of the Domino v12 Beta Program is for our community of beta participants to conduct an honest, constructive, and thoughtful review and testing of the Domino v12 beta software, which includes HCL Domino V12 , HCL Notes V12 , HCL Domino Designer & Admin V12 and HCL Traveler V12  

 In the first phase of the beta program, we are delivering the following components:   

  • Domino on Docker (English)  
  • Domino for Windows, Linux, AIX (English)  
  • Traveler for Windows, Linux, AIX (Multilingual)  
  • Notes Standard for Windows (English)  
  • Notes Standard for Mac (English)
  • Designer and Admin Client (English)  
     

At a later stage of the beta program, we will be providing Domino and Traveler for IBMi, as well as additional language support. 

Beta participants, please let us know how you think about the product by submitting your feedback in our beta forum. For general input and new ideas or feature enhancement requests, please use the Domino ideas forum here.  

v12 Beta Highlights 

Domino 

 Domino Designer 

  • XPages now Bootstrap 4.4.1 – Thanks to Howard for this idea.   
  • Improvements to build responsive and mobile Domino applications,  
  • Ability to use DQL in Formulas 

 Notes Client 

  • Significantly improved the performance on Windows and Mac, especially on slow networks. 
  •  Improved Search: When searching for a person, an email, or a Notes application, suggestions will now appear in the typeahead. Your recent searches will also be displayed in the typeahead. This is based on this idea.  
  • Multiple email signatures: If you were bothered by the lack of email signature management before, Notes v12 allows you to choose a signature when you compose, reply or forward an email. Based on this idea from Daniel.
  • Choose a different “From” address when composing an email, a feature initially requested by Vlaad in this idea

 These are just a few highlights of the new features of V12. For more details, please refer to the What’s New section of the product: 

Frequently Asked Questions:   

 (1) Do I need to register to get the beta version of v12?  

If you are an existing customer, you are entitled to v12 beta automatically. Please contact your IT admin to get v12 beta from Flexnet.   

(2) How can I submit feedback on the beta and how would HCL handle my feedback?  

Please submit your feedback via our beta forum here.  

We will review all the feedback and respond as soon as we can. Note that not all feedback will be implemented into the product; the final decision depends on various factors. However, we will ensure every comment is heard and being taken into consideration.  

(3) Do I need to register for the beta forum to provide feedback? 
 
If you have not created an account on HCL Partner Connect website, you will need to register for access. It will take around 1 business day to get the approval. Once the registration is approved, you can access the beta forum. The account will be used for accessing any beta forum in the future. For customers who already have an account, you can login and access the forum directly. 

(4) If I am not a current customer, can I be a part of the beta?   
 

Currently, the Domino v12 beta is only open to existing customers. If you would like to try Domino, please contact your HCL sales representative to get access to the trial version of Domino v11.  

 (4) What is the difference between beta and trial?  

A beta is considered as an early access program to our latest version which is not available to the public. The goal of setting up beta is to collect concrete feedback from users so that we make improvements and bring the best experience when the features go live.   

A trial is offered to potential customers who haven’t tried our software before and expressed interest in purchasing the software.   
 
(5) What is the difference between HCL Domino Early Access Program and the beta? If I have already registered for the Early Access Program, should I try the beta too? 
 
The Early Access Program (EAP) is intended to give users a preview of features that are considered for HCL Domino v12. It is feature-driven and iterative, meaning new iterations (code drops) will be made available as soon as they are declared ready for testing by our development team. In the EAP, you are usually be able to test only one or a few features.  
 
The beta is a full-scale preview of features and functionalities considered for HCL Domino v12. Various components including Domino, Notes and Traveler will be offered.  
 
With this beta release for v12, the EAP will be suspended until the official launch of HCL Domino v12.

Remotely Debugging Java Applications with Domino 11

5. November 2020 Posted by Abhaysingh Shirk

For Domino customers on v9 or 10, you might be familiar with debugging a Java agent remotely on IBM JVM using the following server ini’s and set Port 8000 in Debug Configuration from the Designer client:

JavaEnableDebug=1
JavaDebugOptions=transport=dt_socket,server=y,suspend=n,address=8000 

This will work up to Domino v10 but not on Domino v11. In fact, doing so will cause it to crash! This article is going to help developers looking for a way to debug Java agents remotely on Domino v11. The pre-requisites are: 

  1. Domino v11 or above on Windows Server 2016 / 2019.
  2. HCL Domino Console.
  3. Notes, Designer and Administrator Client v11 or above.
  4. Java agent to be debugged.
  5. Any Web Browser to run Java agent. 

Domino v11 uses OpenJDK. With the above ini’s enabled, both the JVMs would attempt to bind to same port (8000) and the second process that attempts to bind to this port would fail and crash. To overcome this problem, the idea is to remove the Port 8000 from the Debug and attach it to some other random Port. 

First, you will need to add the below ini’s to the server’s notes.ini.  

JavaEnableDebug=1 
JavaDebugOptions=transport=dt_socket,server=y,suspend=n 

Note that we are not binding the Debug to Port 8000 by omitting address=8000, as compared to ini which was set on earlier version of Domino. 

The JVM will then pick a random port. To know the random Port number, simply quit and load http or run your Java agent from web browser and check the console from HCL Domino Console Program. You will need to restart http task after adding those ini’s to make it work. 

Note down this Port number somewhere as you would need it in next step. (The server console in the Administrator Client doesn’t show the Port number information.)

With your Port number, you are going to bind to the Debug from the Designer client. Go to Tools menu > Debug Server-side Javascript > Manage Debug Configuration

You should land on the Debug Configuration window. Here you need to mention the Port number which you noted down from the HCL Domino Console in the earlier step and then select Debug. 

You should see this message in Status bar which confirms Debug has connected on the Port number you mentioned.

You are now ready with the Debug configuration and set to debug your Java agent. You’ll need to set the breakpoints in your Java code to debug the same. You can set multiple breakpoints. 

Once you have set the breakpoints in your code, run the agent from the web browser. You should see a Confirmation window on Designer client to open Debug perspective window. Select Yes. 

The Designer perspective will change to Debug perspective which contains views for displaying the debug stack, variables and breakpoint management. 

At this point, the usual Eclipse debugger features will become available (managing breakpoints, stepping, continuing, viewing variable values, etc). 

The steps to debug a scheduled Java agent (AMGR) will remain the same. Instead of waiting until the agent is scheduled, run the agent from server console using “Tell amgr run” command. Get the Port number from HCL Domino Console Program by running Java agent using “Tell amgr run” command and then set the Port number in Debug configuration as we did in the earlier steps.  

This completes the steps on how you can debug Java agent remotely on Domino v11. We hope you enjoyed reading this article and you have find it helpful.

Happy coding 🙂 

 

 

The post Remotely Debugging Java Applications with Domino 11 appeared first on HCL SW Blogs.

HCL Domino Notes Client 11 New Feature

8. Oktober 2020 Posted by Ren Mark Tapang

Last January 2020, we launched a new version of Domino Notes Client (V11) which contains cleaner and modernized UI, minimalist menus, simplified forms and user experience improvements for Mail.  

Under Modernized UI Notes Client V11 appearance has changed the new color scheme and design. Notes Client UI focused on Simplicity so that it will be more user friendly. 

Also, for user experience Improvements, we focused on Progressive disclosure to show the advanced features and actions as the user needs them. 

Finally, we focused on Notes Client performance to be faster and more stable to increase effectiveness of the user. 

In addition to the aforementioned enhancements, new features are also made available in response to the feedbacks and requests from our customers. 

What’s New in Notes v 11 

  • Export to PDF – You can now export emails and documents to PDF from the HCL Notes Client.

  • 24+ hour meeting support – Meetings that are longer than 24 hours are now supported by the HCL Notes® Calendar.

  • Three Click Support – Three click support adds a level of security when a user opens an attachment within an email.

  • Network resiliency improvements – When there is no network connection (when the cable is unplugged or the wireless is unavailable), the Notes client responds with an error message. Previously, the client would freeze before timing out – now, the error message appears right away.

  • Synched release schedule – Starting with this release, Sametime and Notes follow the same release schedule.

  • TLS 1.2 support for SAML – Notes and Embedded Sametime now support TLS 1.2 with Notes Federated login (SAML). This enhancement is a result of upgrading the XULRunner browser within Notes to the latest version (which supports TLS 1.2).

  • MAC 64-bit uninstaller – The uninstaller provided for Notes 11 on Mac is now 64-bit. This change is made because Apple will no longer support a 32-bit uninstaller as of its upcoming Mac OS 10.15 (Catalina) release. The 64-bit uninstaller can be used to uninstall Notes 11 running on Mac OS 10.15, 10.14, and 10.13.

  • Moving folders prompt – Users are now prompted to confirm when a mail folder is moved: 

Domino Notes Client is committed to a quarterly release cycle and the latest release is now here. Domino Notes Client customers can download v11.0.1 on FlexNet today! 

The post HCL Domino Notes Client 11 New Feature appeared first on HCL SW Blogs.

Project Eleven: Get the Most Out of Domino with Easy Direct Upgrades

15. September 2020 Posted by Luis Guirigay

HCL is fully committed to enabling you and your organization to maximize the value you get from the Domino and Sametime platforms today and in the future.  

In the latest release of Domino v11.0.1, we’ve delivered innovative new capabilities such as low-code app dev and integration with Microsoft Active Directory. We’ve also launched a brand new Sametime meetings solution over the last two yearsThe response from customers and business partners has been unanimously positive  

Today, we’re excited to announce, “Project Eleven,” a new program designed to help every Domino and Sametime customer running on releases prior to v11 have a smooth upgrade experience. As part of the HCL Digital Solutions Academy, Project Eleven’s goal is to enable you to 

  • Go straight to Domino v11.0.1HCL now supports direct upgrades from any of Domino version prior to v11. Whether you’re on v8, v9, or older, you can go straight to v11.0.1 with no additional steps necessary.
  • Experience the latest version of Sametime risk-free: Secure meetings and data privacy are the most important features in today’s environment. Sametime meetings runs on Cloud Native technologies allowing you to auto scale as needed. Experience our brand new, highly secure, scalable video meetings and enterprise chat risk-free.
  • Augment your skills todayAttend our online training sessions and get best-in-class support and training from a technical advocate in your local language. We’re rolling out more than 40 webinars and workshops and new articles, cookbooks, and help guides.
  • Speak to a technical expert: Schedule an appointment with one of our highly skilled technical advisors to understand your options and create an upgrade plan that’s right for you 

 Check out the new Project Eleven webpage to find all the resources you need to make your upgrade worry-free. 

 

                                         

The post Project Eleven: Get the Most Out of Domino with Easy Direct Upgrades appeared first on HCL SW Blogs.