New Features Lotus Domino Administration 8.5


Published on

Short presentation about the new features in IBM Lotus Domino Administration, Release 8.5

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

New Features Lotus Domino Administration 8.5

  1. 1. Dr. Rolf Kremer Director Product Development New Features IBM Lotus Domino Administration Release 8.5 September 2010 (Last Update: 2010-09-19)
  2. 2. Content <ul><li>Domino Roaming </li></ul><ul><li>Domino Configuration Tuner </li></ul><ul><li>Start-up of IBM Lotus Notes Clients </li></ul><ul><li>Managing of Widgets </li></ul><ul><li>ID Vault </li></ul><ul><li>DAOS </li></ul><ul><li>Lotus Traveler </li></ul><ul><li>Other Topics </li></ul>Source: IBM Lotus Domino Administrator Help 8.5.1
  3. 3. Domino Roaming (1) <ul><li>New in 8.5: Support for roaming in the standard configuration </li></ul><ul><li>New in 8.5: Two new roaming databases: </li></ul><ul><ul><li>Feed subscription database </li></ul></ul><ul><ul><li>Eclipse plugin data and preferences database </li></ul></ul><ul><li>New in 8.5: File server roaming </li></ul><ul><li>New in 8.5: New Roaming policy settings document for upgrading/downgrading a user to/from file roaming </li></ul><ul><li>New in 8.5: User files configured for roaming appear in a single Roaming applications folder on the Notes replicator page </li></ul><ul><li>New in 8.5: New Notes preference panel „Roaming“ is available for file server roaming-enabled users </li></ul><ul><li>Domino Roaming supports: contacts, bookmarks, notebook or journal, feeds subscription, Eclipse plugin data and settings </li></ul>
  4. 4. Domino Roaming (2) <ul><li>Files replicated locally from the user's roaming server </li></ul><ul><li>Any changes replicates back to the roaming server </li></ul><ul><li>Not supported is </li></ul><ul><ul><li>Switching user Ids </li></ul></ul><ul><ul><li>Notes Single Logon </li></ul></ul><ul><li>Users should not </li></ul><ul><ul><li>Using File – Security – Switch ID </li></ul></ul><ul><ul><li>Switching location document </li></ul></ul><ul><li>Recommandation: Start Notes -> Start Lotus Symphony; otherwise some Notes preferences will not available for roaming in the session </li></ul><ul><li>Supported platforms: </li></ul><ul><ul><li>Microsoft Windows 32-bit </li></ul></ul><ul><ul><li>Linux </li></ul></ul><ul><ul><li>Apple Mac OS X </li></ul></ul>
  5. 5. Domino Roaming (3) <ul><li>Domino server roaming supported in basic and standard configuration </li></ul><ul><li>File server roaming supported in standard configuration </li></ul><ul><li>Upgrading/Downgrading to/from Domino server roaming: use roaming tools in Administration client „People and Groups Tab – Tools – People“ </li></ul><ul><li>Upgrading/Downgrading to/from File server roaming: use always policies </li></ul>
  6. 6. Domino Configuration Tuner (DCT) (1) <ul><li>Evaluates server settings according to a growing catalog of best practies and worst practice disclosure </li></ul><ul><li>Evaluates all servers in a single domain together </li></ul><ul><li>Helps to reduce total cost of ownership by idenifying configuration problems </li></ul><ul><li>Looks at settings in </li></ul><ul><ul><li>Domino server documents </li></ul></ul><ul><ul><li>Notes.ini file </li></ul></ul><ul><ul><li>Advanced database properties </li></ul></ul><ul><li>Configuration settings are flagged when their values are known to cause problems </li></ul><ul><li>Useful to evaluate Domino 7.0 or newer releases </li></ul><ul><li>Changes in Domino configuration are not necessary to use DCT </li></ul><ul><li>Runs on Notes (basic or standard) client, version 8 or later </li></ul>
  7. 7. Domino Configuration Tuner (DCT) (2) <ul><li>Included in Domino Administrator installation </li></ul><ul><li>Implemented as template (dct.ntf) </li></ul><ul><li>User need read access to the Domino directory and „View only administrators“ access defined in the server document </li></ul><ul><li>Assist in troubleshooting generating exception errors: Quicktune_Debug </li></ul><ul><li>Necessary outbound port to pull update information: HTTP </li></ul><ul><li>New rules applied if a new template design is retrieved </li></ul><ul><li>Free download </li></ul><ul><li>Free of charge </li></ul><ul><li>Available outside of the Domino release cycle </li></ul>
  8. 8. IBM Lotus Notes Clients Start-up <ul><li>Reordered start-up sequence (reason: performance enhancements) </li></ul><ul><li>New in 8.5: Prompted to authenticate -> Notes workbench appears </li></ul><ul><li>Earlier: Notes workbench appears -> Prompted to authenticate </li></ul><ul><li>Notes.ini setting (client): ENABLE_EARLY_AUTHENICATION </li></ul><ul><ul><li>1 = new order is on (= standard) </li></ul></ul><ul><ul><li>0 = old order is on (= feature is disabled) </li></ul></ul><ul><li>If disabled: </li></ul><ul><ul><li>Domino Roaming does not work </li></ul></ul><ul><ul><li>Performance enhancements are not realized </li></ul></ul>
  9. 9. Managing of Widgets <ul><li>Widgets can be managed centrally </li></ul><ul><li>Manual installation and search for updates is not necessary anymore </li></ul><ul><li>Client will receive new updates when the local widget catalog is updated </li></ul><ul><li>Support for Widgets & Live Text on Apple Mac OS platfrom (besides Windows & Linux) </li></ul>
  10. 10. ID Vault (1) <ul><li>Server-based database holds protected copies of user ids </li></ul><ul><li>Users assigned to vault through policy configuration </li></ul><ul><li>Copies of user ids uploaded to vault automatically once the policy has taken effect </li></ul><ul><li>User id can uploaded, if a parent certifier of the user id has issued a Vault Trust Certificate certifying its trust of the vault and if the associated user's effective policy has a Security Settings document that specify the vault name </li></ul><ul><li>Process of user registration uploads the id to the vault </li></ul><ul><li>If you do not want to keep copies of user ids in the Domino Directory, clear Advanced – ID File registration setting „Location for storing user ID – In Domino Directory“, which is selected by default </li></ul><ul><li>User changes password or adds Internet certificate: id is pushed to vault </li></ul>
  11. 11. ID Vault (2) <ul><li>Synchronize (local and vault): client asks its home server for a list of servers that have a replica of the vault </li></ul><ul><li>If home server is unavailable or does not run release 8.5, client searches for a server in the home server cluster </li></ul><ul><li>A server returns list in random order to load balance synchronization among vault servers </li></ul><ul><li>For better performance, client caches location of first vault server that responds </li></ul><ul><li>Cache cleared periodically to ensure that load balancing is maintained </li></ul><ul><li>Synchronization starts immediately </li></ul><ul><li>Client checks for changes periodically, generally every eight hours </li></ul><ul><li>Client does its first check at a random time within the first eight hours from client startup </li></ul><ul><li>If an attempt failed, three retry attempts are made at five-minute intervals </li></ul>
  12. 12. ID Vault (3) <ul><li>User does not have to change the password on each client </li></ul><ul><li>If client is not updated, user can continue to use old password </li></ul><ul><li>Delete id file: copy of id is downloaded to the client from the vault </li></ul><ul><li>Shared login is supported with id vault </li></ul><ul><li>Shared login (if id is deleted): Notes password must be reset on copy of id in the vault. After reset: </li></ul><ul><ul><li>User is prompted for the new password, then restart Notes </li></ul></ul><ul><ul><li>Copy of id file is downloaded to the client from the vault </li></ul></ul><ul><ul><li>Local id is re-enabled for shared login </li></ul></ul><ul><li>Response of a stolen id: reset password on the id, roll over the keys on the id, ensure that server key checking is enabled </li></ul><ul><li>Shared-login-enabled-id is different: can only be used on the computer on which it was shared-login enabled </li></ul>
  13. 13. ID Vault (4) <ul><li>Stolen id of that computer: disable shared login in user policy; force policy to replicate all vault servers; respond with steps for non-shared-login-enabled id; re-enable shared login in user policy </li></ul><ul><li>Option „Ask your approval before accepting name changes“ is unavailable </li></ul><ul><li>Name change is made on client id copy automatically during client-vault synchronization when name change is detected on server </li></ul><ul><li>User with a vaulted id cannot request a key rollover through the user security window -> only an administrator can initiated key rollover through policy configuration </li></ul><ul><li>User is never prompted to accept the new keys </li></ul><ul><li>Key rollover is in process: do not enable use of a vault until key rollover is complete </li></ul>
  14. 14. ID Vault (5) <ul><li>Vault Trust Certificate is a special-purpose cross-certificate </li></ul><ul><li>Creation: Configuration – Security – Certificates view in Domino Directory, using the ID Vaults – Create or ID Vaults – Manage tool </li></ul><ul><li>Vault Trust Certificates determine which ids are allowed in a vault; policy configuration determines which ids are actually stored there </li></ul><ul><li>Vault administrators can add and remove other vault administrators; add and remove vault replicas; delete ids from a vault; mark ids inactive; restore ids, and delete a vault </li></ul><ul><li>Names of vault administrators are added to the vault database ACL and to the vault document in the Security – ID Vaults view of the Domino Directory </li></ul><ul><li>Vault administrator assigned to auditor role in vault database ACL can extract id from vault to gain access to user's encrypted data </li></ul><ul><li>Location of vault database: IBM_ID_VAULT subdirectory </li></ul>
  15. 15. ID Vault (6) <ul><li>Disable auditor role capability in notes.ini: SECURE_DISABLE_AUDITOR=1 </li></ul><ul><li>Only people with password reset authority can use Domino Administrator to reset passwords and specify an ID download count limit </li></ul><ul><li>Creation of vault replica: replication starts immediately </li></ul><ul><li>Add or remove replicas of a vault: User must </li></ul><ul><ul><li>Vault administrator </li></ul></ul><ul><ul><li>Have access to vault id file & password </li></ul></ul><ul><ul><li>Have editor access to Domino directory </li></ul></ul><ul><li>Add vault replica: you must have „Create new replicas“ server access </li></ul><ul><li>User cannot use the ID Vaults – Manage tool to delete the vault primary server replica -> use ID Vaults – Delete tool </li></ul><ul><li>Different vault primary server can be specify by Tools – ID Vaults – Manage </li></ul>
  16. 16. DAOS (1) <ul><li>DAOS = Domino Attachment and Object Service </li></ul><ul><li>Save significant space at file level by sharing data identified as identical between databases on the same server </li></ul><ul><li>Server saves a reference to each attached file in an external repository </li></ul><ul><li>Attachment consolidation is not supported for DB2-enabled databases </li></ul><ul><li>DAOS-enabling: </li></ul><ul><ul><li>Server document </li></ul></ul><ul><ul><li>Advanced database property „Use Domino Attachment and Object Service“ </li></ul></ul><ul><ul><li>Enable transaction logging </li></ul></ul><ul><li>Saving attachment in document: reference („ticket“) will saved in object header. </li></ul><ul><li>Ticket identify the attachment in the repository </li></ul><ul><li>Consolidation occurs immediately </li></ul>
  17. 17. DAOS (2) <ul><li>If user deletes or replaces an attachment, the server adjusts references to each attachment in the repository as necessary </li></ul><ul><li>Enable mail files, enable any files on the server </li></ul><ul><li>Works for all databases with the current ODS </li></ul><ul><li>Databases with earlier ODS do not include the DAOS setting in the advanced properties </li></ul><ul><li>They can be pre-enabled in the Domino Administrator client; they are included when later upgraded to the current ODS </li></ul><ul><li>Delete attachment: Domino deletes only the reference in the document header </li></ul><ul><li>Delete attachment from all documents: Domino marks the file for removal from the repository </li></ul><ul><li>File will removed after a specified days (default 30 days) </li></ul>
  18. 18. DAOS (3) <ul><li>Administrator can use a tell command to specify a different number of days </li></ul><ul><li>Administrator see information on the size of databases after it participants in DAOS on the Files tab in the Domino Administrator </li></ul><ul><li>Enabling setting for an existing database consolidates only attachments created and saved in the database from then on </li></ul><ul><li>Consolidate both existing and new ones: run a copy-style compact operation on the database after enabling the setting </li></ul><ul><li>DAOS objects count in mail file quotas and included in the displayed file size of a database </li></ul><ul><li>Upgrade all newly created databases to the current ODS, enter the following setting in the Notes.ini: Create_R85_Databases=1 </li></ul><ul><li>Mail & files: LZ1 compression is necessary </li></ul><ul><li>DAOS file names: *.nlo </li></ul>
  19. 19. DAOS (4) <ul><li>Default repository created relative to logical directory structure on server </li></ul><ul><li>Directory can created anywhere on the server or connected file drive </li></ul><ul><li>Domino administrative user needs file-access permissions to the directory </li></ul><ul><li>DAOS catalog file: daoscat.nsf </li></ul>
  20. 20. DAOS (5) <ul><li>Tell commands: (Tell DAOSMgr ...) </li></ul><ul><ul><li>Quit (stops process, cleans up, exits) </li></ul></ul><ul><ul><li>Help (list options) </li></ul></ul><ul><ul><li>Status, Status <database_name>, Status catalog </li></ul></ul><ul><ul><li>Dbsummary (display status of all DAOS-enabled databases) </li></ul></ul><ul><ul><li>Databases (same as above + additional details) </li></ul></ul><ul><ul><li>ListNLO (allow admin to identify documents whose objects may be missing) </li></ul></ul><ul><ul><li>ListNLO -o <file name> <database name> (add file for output & desired database) </li></ul></ul><ul><ul><li>Prune (display current delete interval specified in server document) </li></ul></ul><ul><ul><li>Prune <number of days> (deletes all unreferenced objects that are older then the argument days) </li></ul></ul><ul><ul><li>Resync (resynchronizes DAOS-enabled databases with DAOS objects) </li></ul></ul><ul><ul><li>Resync Force (runs the resynchroinzation command whether or not the DAOS catalog is in a synchronized state) </li></ul></ul>
  21. 21. Lotus Traveler (1) <ul><li>Supports Apple iPhone (ActiveSync support in 8.5.1), iPad, Microsoft Windows Mobile 5 & 6 & 6.1, Symbian Series 60 </li></ul><ul><li>Synchronizes e-mail, calendar, contacts, journal, to-do </li></ul><ul><li>Supports rich text content on Windows Mobile 6 devices </li></ul><ul><li>Supports encryption of e-mails on Windows Mobile 6 devices </li></ul><ul><li>Default synchronisation settings stored in NTSConfig.xml </li></ul><ul><li>Database with information of cluster mail replicas should synchronized: ntsclcache.nsf </li></ul><ul><li>User should disable for using Lotus Traveler: Enter name of user in „Not access server“ field in the server document (section 'Lotus Traveler') </li></ul><ul><li>Use Domino servlet manager </li></ul>
  22. 22. Lotus Traveler (2) <ul><li>Change download site: </li></ul><ul><ul><li>Home url in Internet Site document </li></ul></ul><ul><ul><li>NTS_WEBSITE_HOME parameter in the notes.ini file </li></ul></ul><ul><li>Default number of returned results for user names and telephone number searches: 25 </li></ul><ul><li>Read and send encrypted mail: User must upload his Notes ID to his mail database </li></ul><ul><li>Server console commands: </li></ul><ul><ul><li>Force policy updates: tell adminp process traveler </li></ul></ul><ul><ul><li>Remove all users from the list of users that are logging: tell traveler log removeuser * </li></ul></ul><ul><ul><li>Extract user information to a file: tell traveler dump <user> </li></ul></ul>
  23. 23. Lotus iNotes <ul><li>New mode „Ultra-light“: use for mobile devices </li></ul><ul><li>Administrators can enable use of Lotus Quickr links and attachments in messages and to set Lotus Quickr preferences in Lotus iNotes users preferences </li></ul><ul><li>Administrators can allow users to add external calendar </li></ul><ul><li>Supports </li></ul><ul><ul><li>HTTP-proxy servlets </li></ul></ul><ul><ul><li>Some Mail policy settings </li></ul></ul><ul><ul><li>Some Desktop policy settings </li></ul></ul><ul><li>Server command to replace or update iNotes forms.nsf file without restart the Domino server: tell http inotes flushforms </li></ul>
  24. 24. Other Things (1) <ul><li>AdminP (admin4.nsf) records statistics to help monitoring portions of administration process tasks </li></ul><ul><li>Notes basic configuration 'all client' install kit is no longer available </li></ul><ul><li>Auto-populate groups: </li></ul><ul><ul><li>Apply policies to users and groups based on their home servers </li></ul></ul><ul><ul><li>Home server group for a group will be defined in the group document </li></ul></ul><ul><ul><li>Then assign a policy to that group </li></ul></ul><ul><ul><li>To use large numbers of names in the group, use the Notes.ini parameter: Namelookup_max_mb=1 (standard; enter a higher value as 1) </li></ul></ul><ul><ul><li>Can have subgroups </li></ul></ul><ul><ul><li>Group can be used anywhere that a static group can be used </li></ul></ul><ul><ul><li>Subgroup can not be created manually; members field is not editable </li></ul></ul><ul><ul><li>Groups with a subgroup should not be copied and pasted in the Domino Directory </li></ul></ul>
  25. 25. Other Things (2) <ul><li>Messaging: </li></ul><ul><ul><li>Router was optimized </li></ul></ul><ul><ul><li>New: Mailbox event notification </li></ul></ul><ul><ul><li>Running router in steady state transfer new message to -> Copy of message is made and placed on mailbox event queue which is used by new MailEvent thread. </li></ul></ul><ul><ul><li>Router copy message without searching </li></ul></ul><ul><ul><li>Message is cached and additional copies are made for multiple recipients </li></ul></ul><ul><ul><li>Notes.ini setting is available to limit the amount of memory by open notes </li></ul></ul><ul><ul><li>Memory values are shared and maintained by mailbox event generation and any open router note </li></ul></ul><ul><ul><li>There are no changes to the UI </li></ul></ul>
  26. 26. Other Things (3) <ul><li>Policies </li></ul><ul><ul><li>New Dynamic policies: New option for assigning explicit policies </li></ul></ul><ul><ul><li>User or group name should specify in a policy document </li></ul></ul><ul><ul><li>Advantage: If organization changes, only group document needs to update </li></ul></ul><ul><ul><li>Updated group information is applied next time the policy is calculated for any users in that group </li></ul></ul><ul><ul><li>New Roaming policy settings document </li></ul></ul><ul><ul><li>Widgets policy page settings: New setting „“; exists also in the plugin_customization.ini file </li></ul></ul><ul><ul><li>Desktop policy settings document: </li></ul></ul><ul><ul><ul><li>New Window management settings: „Display sidebar“ </li></ul></ul></ul><ul><ul><ul><li>New „Hide“ settings for several sidebar panels (Feeds, Day-At-A-Glance, Activities, Sametime Primary Contacts, My Widgets) </li></ul></ul></ul>
  27. 27. Other Things (4) <ul><li>Console Log Mirroring: </li></ul><ul><ul><li>New server thread which monitors all messages written to the Console Log file and duplicates these messages into another file </li></ul></ul><ul><ul><li>Three Notes.ini settings: </li></ul></ul><ul><ul><ul><li>Console_Log_Mirror=1 (Enables mirroring feature) </li></ul></ul></ul><ul><ul><ul><li>Retain_Mirror_Logs=1 (Prevents deletion or previous mirrors) </li></ul></ul></ul><ul><ul><ul><li>Console_Log_Max_Kbytes=... (Maximum size of Console Log) </li></ul></ul></ul><ul><ul><li>All keystrokes are copied to the console log and mirrored (also backspaces) </li></ul></ul><ul><ul><li>By default, console log mirroring is disabled </li></ul></ul><ul><ul><li>Server task is named „Console Log Mirror Task“; created in the IBM_Technical_Support directory under the data directory </li></ul></ul><ul><ul><li>File name is „Console.log“ + number appended (maximum number is 999) (Example: Console11.log) </li></ul></ul><ul><ul><li>Uses circular logging </li></ul></ul>
  28. 28. Other Things (5) <ul><li>Notes shared login: </li></ul><ul><ul><li>Login without providing Notes passwords; instead Windows password </li></ul></ul><ul><ul><li>Available on Windows platforms </li></ul></ul><ul><ul><li>Windows password will not used for Notes ID file </li></ul></ul><ul><li>New server commands: </li></ul><ul><ul><li>Show idvaults (Displays configuration information about the ID vaults on a server) </li></ul></ul><ul><ul><li>Show stat mail (New message statistics) </li></ul></ul><ul><ul><li>Show tasks (Includes task status from additional mail router threads) </li></ul></ul><ul><ul><li>Show server (Report whether DAOS is enabled, provides a list which databases are included) </li></ul></ul><ul><ul><li>Show directory (Same enhancements as show server) </li></ul></ul><ul><ul><li>DAOS Tell commands </li></ul></ul>
  29. 29. For more information please visit our homepage and Contact PAVONE Ltd, UK School House, Hackforth BEDALE, N. Yorks. DL8 1PE United Kingdom Phone: +44 (0) 1748 811527 E-Mail: PAVONE Inc. 13 NW 13th Avenue Portland, Oregon 97209 USA Phone: +1.503.754.3144 E-Mail: PAVONE AG Technologiepark 9 33100 Paderborn Tel.: +49 52 51 / 31 02-0 Fax: +49 52 51 / 31 02-99 E-Mail: