2. IBM Software Group | Lotus software
OPEN MIC NOTES/DOMINO TEAM
Shrikant Jamkhandi – Staff Software Engineer
● Presenter
J Rajendran – Notes/Domino Technical advisor
● Focussing on Notes/Domino & SCN
IBM Software Group | Lotus software
Ranjit Rai – Notes/Domino Technical advisor
● Focussing on Notes/Domino & SCN
Hansraj Mali – Notes/Domino Technical advisor
● Focussing on Notes/Domino & SCN
Vinayak Tavargeri – Notes/Domino support Manager
● Facilitator for Open Mics
04/11/13 @2013 IBM Corporation 2
3. IBM Software Group | Lotus software
Agenda
Security Assertion Markup Language (SAML)
OAuth (Open standard Authorization)
Transport Layer Security (TLS)
Secure Hash Algorithm (SHA-2)
Program document support for server groups
IBM Software Group | Lotus software
Database Management Tool (DBMT)
Mail routing enhancement
Additional features
Serviceability
OS support
References
Q/A
04/11/13 @2013 IBM Corporation 3
4. IBM Software Group | Lotus software
SAML
What is SAML ?
– XML-based standard for exchanging authentication and authorization data between
parties
– Provides ease of use for end users – reduce the # of password to memorize
– Provides complete SSO coverage across a variety of services, applications and
platforms
– Reduced administration time and cost
IBM Software Group | Lotus software
Support for Notes, iNotes and web clients
– Notes Federated Login
– Web Federated Login
SAML 2.0 is recommended, but SAML 1.1 is also supported
Identity Providers supported
– IBM Tivoli Federated Identity Manager(TFIM)
– Microsoft ADFS (Active Directory Federation Services) integrated with Active
Directory
04/11/13 @2013 IBM Corporation 4
5. IBM Software Group | Lotus software
SAML Continued.
1) After launching the Notes client, it connects to
Notes ID vault to get the IdP information (Id Vault
configured for SAML authentication) & it sends
client IdP information
2) Client connects to IdP, authenticates the user
via username/password or kerberos credentials.
Once authenticated the client receives a SAML
token.
IBM Software Group3) Client sends SAML token to ID vault.
| Lotus software
4) ID vault validates the token with the IdP.
5) ID Vault sends the ID to the client.
*Once Notes session is completed, no ID
remains. No ID ever stored on local disk.
This works in CITRIX Environment
04/11/13 @2013 IBM Corporation 5
6. IBM Software Group | Lotus software
SAML Continued..
True single sign On for Notes
– For Windows users one password can get into:
– OS, Notes, Sidebar widgets and web applications
Allow user to access external services from Notes
– IBM Sametime chat and meetings
IBM Software Group
– IBM Connections and file share | Lotus software
– Feeds
– Widget and Live Text
– Embedded browser
– Open Social components leveraging the above URLs
Managed via Domino policies
04/11/13 @2013 IBM Corporation 6
7. IBM Software Group | Lotus software
OAuth
Open Standard for Authorization
Domino 9.0 Social edition adds support for OAuth client
Basis for Embedded experience in Notes/iNotes Mail
– Embedded Experience allow you to access business critical actions from
other application without leaving your email. This brings collaboration in
context and results in tighterGroup | Lotus iNotes, Connections,
IBM Software integration across software
Notes , app dev (Xpages), and 3rd-party products and services
"Credentials store" in Domino stores OAuth tokens/keys for access to
application
04/11/13 @2013 IBM Corporation 7
8. IBM Software Group | Lotus software
OAuth continued.
IBM Software Group | Lotus software
04/11/13 @2013 IBM Corporation 8
9. IBM Software Group | Lotus software
OAuth continued...
IBM Software Group | Lotus software
04/11/13 @2013 IBM Corporation 9
10. IBM Software Group | Lotus software
Transport Layer Security
Successor to Secure Socket Layer
– An upgrade to SSL 3.0
Web Server activity protected by
TLS
– Xpages
– Traveler
– iNotes
– ST IBM Software Group | Lotus software
– REST APIs
– Quickr
Windows only in 9.0
IBM HTTP Server will act as "front
end" for Domino HTTP server
Requirement for many
Governments, Agencies and
Contractors
04/11/13 @2013 IBM Corporation 10
11. IBM Software Group | Lotus software
SHA-2 support
Secure Has Algorithm 2 designed by the National Security Agency
Covered under (FIPS) 140-2
Requirement for many Government, Agencies, and Contractors
SHA-2 is used for X.509 certificate signature verification, S/MIME signed mail,
and TLS (IBM HTTP) for authentication
No Configuration needed, just works out of the box provided you have a SHA-2
certificate
IBM Software Group | Lotus software
04/11/13 @2013 IBM Corporation 11
12. IBM Software Group | Lotus software
Program document support for server group
Create Groups of servers, Groups need to be "Server Only" groups
Program document can be applied to servers group name
Migrated/New server with version 9 can be added to the group and all the
standard program documents will be applied straight away
IBM Software Group | Lotus software
04/11/13 @2013 IBM Corporation 12
13. IBM Software Group | Lotus software
Database Management Tool (DMBT)
DMBT is used for performing multiple daily/weekly administrative tasks on user's
mail database files
The DBMT tool relieves the administrator of the need to run the Updall task
New DBMT task been added
The dbmt tool does all of the following:
– runs copy-style compact operations
– purges deletion stubs
IBM Software Group | Lotus software
– expires soft deleted entries
– updates views
– reorganizes folders
– merges full-text indexes
– updates unread lists
– ensures that critical views are created for failover
The dbmt tool does not compact system databases:
– names.nsf,log.nsf,admin4.nsf,ddm.nsf,lndfr.nsf,events4.nsf,statrep.nsf,dbdirman.nsf,dircat
.nsf,clubusy.nsf,domlog.nsf,cldbdir.nsf,busytime.nsf,catalog.nsf,daoscat.nsf,mtdata/mtstor
e.nsf
04/11/13 @2013 IBM Corporation 13
14. IBM Software Group | Lotus software
Mail routing
Local Mail Delivery FailOver
– Local Delivery Failover if the destination mail file is unavailable
• Copy-style compact of mail file is in progress
• Fixup of mail file is in progress (Performing consistency check on...)
• Mail file is missing (File does not exist)/Corrupt
– MailFileEnableDeliveryFailover=1 will make router to route mail to replica server
which has replica of the mail db
IBM Software Group | Lotus software
– More Granular than cluster failover as this on the database level during mail delivery
Changes to policy settings for return receipts
– Changes to return receipt behavior on both outgoing and incoming mail messages for
notes client users
– Configure the behavior through a combination of policy settings and NOTES.INI settings
on the Domino server
– The settings are configured entirely through NOTES.INI settings for iNotes client users
04/11/13 @2013 IBM Corporation 14
15. IBM Software Group | Lotus software
Additional features
Protected groups
– Prevents accidental deletion of critical groups, configured via directory profile
IBM Software Group | Lotus software
Administration client
– "Last compact date" column has been added to the IBM Domino Administrator 9.0
64 bit Domino support RHEL/SUSE Linux 64 bit OS
04/11/13 @2013 IBM Corporation 15
16. IBM Software Group | Lotus software
Serviceability
NSD monitor for Unix
NSD memory summary for Unix
Quality of Service Probe (QOS)
– Detects if server is not responding or hung
– Optionally email an administrator and/or automatically terminate the server and
restart it
– QoS, is designed Software Group | Lotusasoftware in order
IBM to react to the general operation of Domino server
to keep that server up and functioning reliably at all times
04/11/13 @2013 IBM Corporation 16
17. IBM Software Group | Lotus software
Operating System support
AIX family
– AIX 7.1
IBM i family
– IBM i 6.1, 7.1
Linux family
– Red Hat Enterprise Linux (RHEL) Server V6 on System z
– Red Hat Enterprise Linux (RHEL) Server V6 on x86-64
– SUSE Linux Enterprise Server (SLES) V11 on System z
IBM Software Group | Lotus software
– SUSE Linux Enterprise Server (SLES) V11 on x86-64
Windows family
– Windows Server 2008 Enterprise Edition R2 x86-64
– Windows Server 2008 Standard Edition R2 x86-64
– Windows Server 2012 Datacenter Edition x86-64
– Windows Server 2012 Standard Edition
We have removed support for Windows 2003 and Solaris from Domino 9 social edition
There will be a Solaris version of the 8.5.4 server but that won't support the embedded experiences
component. Demand for Solaris has dropped to near zero and hence the support has been
discontinued.
Still shipping 32 Domino primarily for API and product compatibility
04/11/13 @2013 IBM Corporation 17
18. IBM Software Group | Lotus software
References
Upgrade Central: Planning your upgrade to IBM Notes and Domino 9.0
Social Edition
http://www.ibm.com/support/docview.wss?uid=swg21623106
What's New in IBM Domino 9.0 Social Edition
IBM Software Group | Lotus software
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Whatapos_New_in_IBM_Domino_9.0_Social_Edition
What's new in Notes, as well as iNotes, Traveler, and Domino:
http://www-10.lotus.com/ldd/dominowiki.nsf
04/11/13 @2013 IBM Corporation 18