Dr. Rolf KremerDirector Product Development
New Features IBM Lotus Domino AdministrationRelease 8.5
September 2010 (Last Update: 2010-09-19)
Content
Domino Roaming
Domino Configuration Tuner
Start-up of IBM Lotus Notes Clients
Managing of Widgets
ID Vault
DAOS
Lotus Traveler
Other Topics
Source: IBM Lotus Domino Administrator Help 8.5.1
Domino Roaming (1)
New in 8.5: Support for roaming in the standard configuration
New in 8.5: Two new roaming databases:
Feed subscription database
Eclipse plugin data and preferences database
New in 8.5: File server roaming
New in 8.5: New Roaming policy settings document for upgrading/downgrading a user to/from file roaming
New in 8.5: User files configured for roaming appear in a single Roaming applications folder on the Notes replicator page
New in 8.5: New Notes preference panel Roaming is available for file server roaming-enabled users
Domino Roaming supports: contacts, bookmarks, notebook or journal, feeds subscription, Eclipse plugin data and settings
Domino Roaming (2)
Files replicated locally from the user's roaming server
Any changes replicates back to the roaming server
Not supported is
Switching user Ids
Notes Single Logon
Users should not
Using File Security Switch ID
Switching location document
Recommandation: Start Notes -> Start Lotus Symphony; otherwise some Notes preferences will not available for roaming in the session
Supported platforms:
Microsoft Windows 32-bit
Linux
Apple Mac OS X
Domino Roaming (3)
Domino server roaming supported in basic and standard configuration
File server roaming supported in standard configuration
Upgrading/Downgrading to/from Domino server roaming: use roaming tools in Administration client People and Groups Tab Tools People
Upgrading/Downgrading to/from File server roaming: use always policies
Domino Configuration Tuner (DCT) (1)
Evaluates server settings according to a growing catalog of best practies and worst practice disclosure
Evaluates all servers in a single domain together
Helps to reduce total cost of ownership by idenifying configuration problems
Looks at settings in
Domino server documents
Notes.ini file
Advanced database properties
Configuration settings are flagged when their values are known to cause problems
Useful to evaluate Domino 7.0 or newer releases
Changes in Domino configuration are not necessary to use DCT
Runs on Notes (basic or standard) client, version 8 or later
Domino Configuration Tuner (DCT) (2)
Included in Domino Administrator installation
Implemented as template (dct.ntf)
User need read access to the Domino directory and View only administrators access defined in the server document
Assist in troubleshooting generating exception errors: Quicktune_Debug
Necessary outbound port to pull update information: HTTP
New rules applied if a new template design is retrieved
Free download
Free of charge
Available outside of the Domino release cycle
IBM Lotus Notes Clients Start-up
Reordered start-up sequence (reason: performance enhancements)
New in 8.5: Prompted to authenticate -> Notes workbench appears
Earlier: Notes workbench appears -> Prompted to authenticate
Notes.ini setting (client): ENABLE_EARLY_AUTHENICATION
1 = new order is on (= standard)
0 = old order is on (= feature is disabled)
If disabled:
Domino Roaming does not work
Performance enhancements are not realized
Managing of Widgets
Widgets can be managed centrally
Manual installation and search for updates is not necessary anymore
Client will receive new updates when the local widget catalog is updated
Support for Widgets & Live Text on Apple Mac OS platfrom (besides Windows & Linux)
ID Vault (1)
Server-based database holds protected copies of user ids
Users assigned to vault through policy configuration
Copies of user ids uploaded to vault automatically once the policy has taken effect
User id can uploaded, if a parent certifier of the user id has issued a Vault Trust Certificate certifying its trust of the vault and if the associated user's effective policy has a Security Settings document that specify the vault name
Process of user registration uploads the id to the vault
If you do not want to keep copies of user ids in the Domino Directory, clear Advanced ID File registration setting Location for storing user ID In Domino Directory, which is selected by default
User changes password or adds Internet certificate: id is pushed to vault
ID Vault (2)
Synchronize (local and vault): client asks its home server for a list of servers that have a replica of the vault
If home server is unavailable or does not run release 8.5, client searches for a server in the home server cluster
A server returns list in random order to load balance synchronization among vault servers
For better performance, client caches location of first vault server that responds
Cache cleared periodically to ensure that load balancing is maintained
Synchronization starts immediately
Client checks for changes periodically, generally every eight hours
Client does its first check at a random time within the first eight hours from client startup
If an attempt failed, three retry attempts are made at five-minute intervals
ID Vault (3)
User does not have to change the password on each client
If client is not updated, user can continue to use old password
Delete id file: copy of id is downloaded to the client from the vault
Shared login is supported with id vault
Shared login (if id is deleted): Notes password must be reset on copy of id in the vault. After reset:
User is prompted for the new password, then restart Notes
Copy of id file is downloaded to the client from the vault
Local id is re-enabled for shared login
Response of a stolen id: reset password on the id, roll over the keys on the id, ensure that server key checking is enabled
Shared-login-enabled-id is different: can only be used on the computer on which it was shared-login enabled
ID Vault (4)
Stolen id of that computer: disable shared login in user policy; force policy to replicate all vault servers; respond with steps for non-shared-login-enabled id; re-enable shared login in user policy
Option Ask your approval before accepting name changes is unavailable
Name change is made on client id copy automatically during client-vault synchronization when name change is detected on server
User with a vaulted id cannot request a key rollover through the user security window -> only an administrator can initiated key rollover through policy configuration
User is never prompted to accept the new keys
Key rollover is in process: do not enable use of a vault until key rollover is complete
ID Vault (5)
Vault Trust Certificate is a special-purpose cross-certificate
Creation: Configuration Security Certificates view in Domino Directory, using the ID Vaults Create or ID Vaults Manage tool
Vault Trust Certificates determine which ids are allowed in a vault; policy configuration determines which ids are actually stored there
Vault administrators can add and remove other vault administrators; add and remove vault replicas; delete ids from a vault; mark ids inactive; restore ids, and delete a vault
Names of vault administrators are added to the vault database ACL and to the vault document in the Security ID Vaults view of the Domino Directory
Vault administrator assigned to auditor role in vault database ACL can extract id from vault to gain access to user's encrypted data
Location of vault database: IBM_ID_VAULT subdirectory
ID Vault (6)
Disable auditor role capability in notes.ini: SECURE_DISABLE_AUDITOR=1
Only people with password reset authority can use Domino Administrator to reset passwords and specify an ID download count limit
Creation of vault replica: replication starts immediately
Add or remove replicas of a vault: User must
Vault administrator
Have access to vault id file & password
Have editor access to Domino directory
Add vault replica: you must have Create new replicas server access
User cannot use the ID Vaults Manage tool to delete the vault primary server replica -> use ID Vaults Delete tool
Different vault primary server can be specify by Tools ID Vaults Manage
DAOS (1)
DAOS = Domino Attachment and Object Service
Save significant space at file level by sharing data identified as identical between databases on the same server
Server saves a reference to each attached file in an external repository
Attachment consolidation is not supported for DB2-enabled databases
DAOS-enabling:
Server document
Advanced database property Use Domino Attachment and Object Service
Enable transaction logging
Saving attachment in document: reference (ticket) will saved in object header.
Ticket identify the attachment in the repository
Consolidation occurs immediately
DAOS (2)
If user deletes or replaces an attachment, the server adjusts references to each attachment in the repository as necessary
Enable mail files, enable any mail.box files on the server
Works for all databases with the current ODS
Databases with earlier ODS do not include the DAOS setting in the advanced properties
They can be pre-enabled in the Domino Administrator client; they are included when later upgraded to the current ODS
Delete attachment: Domino deletes only the reference in the document header
Delete attachment from all documents: Domino marks the file for removal from the repository
File will removed after a specified days (default 30 days)
DAOS (3)
Administrator can use a tell command to specify a different number of days
Administrator see information on the size of databases after it participants in DAOS on the Files tab in the Domino Administrator
Enabling setting for an existing database consolidates only attachments created and saved in the database from then on
Consolidate both existing and new ones: run a copy-style compact operation on the database after enabling the setting
DAOS objects count in mail file quotas and included in the displayed file size of a database
Upgrade all newly created databases to the current ODS, enter the following setting in the Notes.ini: Create_R85_Databases=1
Mail & mail.box files: LZ1 compression is necessary
DAOS file names: *.nlo
DAOS (4)
Default repository created relative to logical directory structure on server
Directory can created anywhere on the server or connected file drive
Domino administrative user needs file-access permissions to the directory
DAOS catalog file: daoscat.nsf
DAOS (5)
Tell commands: (Tell DAOSMgr ...)
Quit (stops process, cleans up, exits)
Help (list options)
Status, Status , Status catalog
Dbsummary (display status of all DAOS-enabled databases)
Databases (same as above + additional details)
ListNLO (allow admin to identify documents whose objects may be missing)
ListNLO -o (add file for output & desired database)
Prune (display current delete interval specified in server document)
Prune (deletes all unreferenced objects that are older then the argument days)
Resync (resynchronizes DAOS-enabled databases with DAOS objects)
Resync Force (runs the resynchroinzation command whether or not the DAOS catalog is in a synchronized state)
Lotus Traveler (1)
Supports Apple iPhone (ActiveSync support in 8.5.1), iPad, Microsoft Windows Mobile 5 & 6 & 6.1, Symbian Series 60
Synchronizes e-mail, calendar, contacts, journal, to-do
Supports rich text content on Windows Mobile 6 devices
Supports encryption of e-mails on Windows Mobile 6 devices
Default synchronisation settings stored in NTSConfig.xml
Database with information of cluster mail replicas should synchronized: ntsclcache.nsf
User should disable for using Lotus Traveler: Enter name of user in Not access server field in the server document (section 'Lotus Traveler')
Use Domino servlet manager
Lotus Traveler (2)
Change download site:
Home url in Internet Site document
NTS_WEBSITE_HOME parameter in the notes.ini file
Default number of returned results for user names and telephone number searches: 25
Read and send encrypted mail: User must upload his Notes ID to his mail database
Server console commands:
Force policy updates: tell adminp process traveler
Remove all users from the list of users that are logging: tell traveler log removeuser *
Extract user information to a file: tell traveler dump
Lotus iNotes
New mode Ultra-light: use for mobile devices
Administrators can enable use of Lotus Quickr links and attachments in messages and to set Lotus Quickr preferences in Lotus iNotes users preferences
Administrators can allow users to add external calendar
Supports
HTTP-proxy servlets
Some Mail policy settings
Some Desktop policy settings
Server command to replace or update iNotes forms.nsf file without restart the Domino server: tell http inotes flushforms
Other Things (1)
AdminP (admin4.nsf) records statistics to help monitoring portions of administration process tasks
Notes basic configuration 'all client' install kit is no longer available
Auto-populate groups:
Apply policies to users and groups based on their home servers
Home server group for a group will be defined in the group document
Then assign a policy to that group
To use large numbers of names in the group, use the Notes.ini parameter: Namelookup_max_mb=1 (standard; enter a higher value as 1)
Can have subgroups
Group can be used anywhere that a static group can be used
Subgroup can not be created manually; members field is not editable
Groups with a subgroup should not be copied and pasted in the Domino Directory
Other Things (2)
Messaging:
Router was optimized
New: Mailbox event notification
Running router in steady state transfer new message to mail.box -> Copy of message is made and placed on mailbox event queue which is used by new MailEvent thread.
Router copy message without searching mail.box
Message is cached and additional copies are made for multiple recipients
Notes.ini setting is available to limit the amount of memory by open notes
Memory values are shared and maintained by mailbox event generation and any open router note
There are no changes to the UI
Other Things (3)
Policies
New Dynamic policies: New option for assigning explicit policies
User or group name should specify in a policy document
Advantage: If organization changes, only group document needs to update
Updated group information is applied next time the policy is calculated for any users in that group
New Roaming policy settings document
Widgets policy page settings: New setting com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning; exists also in the plugin_customization.ini file
Desktop policy settings document:
New Window management settings: Display sidebar
New Hide settings for several sidebar panels (Feeds, Day-At-A-Glance, Activities, Sametime Primary Contacts, My Widgets)
Other Things (4)
Console Log Mirroring:
New server thread which monitors all messages written to the Console Log file and duplicates these messages into another file
Three Notes.ini settings:
Console_Log_Mirror=1 (Enables mirroring feature)
Retain_Mirror_Logs=1 (Prevents deletion or previous mirrors)
Console_Log_Max_Kbytes=... (Maximum size of Console Log)
All keystrokes are copied to the console log and mirrored (also backspaces)
By default, console log mirroring is disabled
Server task is named Console Log Mirror Task; created in the IBM_Technical_Support directory under the data directory
File name is Console.log + number appended (maximum number is 999) (Example: Console11.log)
Uses circular logging
Other Things (5)
Notes shared login:
Login without providing Notes passwords; instead Windows password
Available on Windows platforms
Windows password will not used for Notes ID file
New server commands:
Show idvaults (Displays configuration information about the ID vaults on a server)
Show stat mail (New message statistics)
Show tasks (Includes task status from additional mail router threads)
Show server (Report whether DAOS is enabled, provides a list which databases are included)
Show directory (Same enhancements as show server)
DAOS Tell commands
PAVONE Ltd, UK
School House, Hackforth
BEDALE, N. Yorks. DL8 1PE
United KingdomPhone: +44 (0) 1748 811527
E-Mail: [email protected] PAVONE Inc.13 NW 13th Avenue
Portland, Oregon 97209
USAPhone: +1.503.754.3144
E-Mail: [email protected]
PAVONE AGTechnologiepark 933100 PaderbornTel.: +49 52 51 / 31 02-0Fax: +49 52 51 / 31 02-99E-Mail: [email protected]
For more information please visit our homepage http://www.pavone.comand http://www.pavonelive.com
Contact
Folientitel Arial Black (24)
Klicken Sie, um die Formate des Gliederungstextes zu bearbeiten
Zweite Gliederungsebene
Dritte Gliederungsebene
Vierte Gliederungsebene
Fnfte Gliederungsebene
Sechste Gliederungsebene
Siebente Gliederungsebene
Achte Gliederungsebene
Neunte Gliederungsebene