Developer Works Article on DAOS
July 17 2008
There's a newly published article on DeveloperWorks that outlines how to setup DAOS in your environment. I think many of you have asked questions that aren't covered in that article either, so I'm still getting those answers. In the meantime, take a look here for more information.
DAOS How it Works and Security
July 7 2008
WOW! We've had quite a response from my initial post on DOAS in 8.5, so I think I need to add some more information for everyone out there! I had an absolutely AMAZING discussion with one of the developers today about DAOS, and I have to say I'm getting more and more impressed about the feature the more I know about it. I have a TON of information on this now, so I'll try to give you the highlights and not the fire hose! Of course, if fire hose is what you want, let me know and I'm happy to have a more in-depth discussion with you offline.
In the meantime, I'm going to break this up into various sections that answer the questions from my previous post and to make it easier to digest (and to write!!). In this section, we'll talk about how DAOS works and how it is secured.
So, first of all, DAOS will work on ANY database that resides on a DAOS-enabled server. There is a property selection box in the database properties, and if enabled, the database will use DAOS for all it's attachments. Basically, what happens is this:
When a document is saved (or emailed, or whatever), Domino sees it as essentially
ddddddXXXXXXXXXddddddddddddXXXXXXXXXXXXXXXdddddddddddddXXXX
where "d" represents the body and "X" represents one or more attachments.
DAOS "rewrites" that so that Domino now sees the document as
ddddddTddddddddddddTdddddddddddddT
where "T" is the "small ticket" information for DAOS
Then, DAOS puts the attachments in the file system and also puts a counter/reference to those attachments in a DAOS Catalog nsf file (more on that feature in a moment). You would have an NLO file for each attachment in the document (as long as the attachments are DIFFERENT).
There you have it! Now, you have a bunch of .NLO files on the file system of your Domino server. Then, when a user opens the document and double-clicks on the attachment icon, Domino knows to go to the DAOS store and retrieves the attachment.
But WAIT, you say...How do I secure it? Can't anyone just get into those .NLO files and manipulate them?
Well, yes and no. First of all, they are on the file system of your Domino server, and a user can't access those files in any way other than through the file structure. So let's take a moment and talk about how secure your Domino server is. In theory, if people have access to the file structure of your Domino server, you have more to worry about than them looking at those .NLO files and reading attachments! They have access to EVERYTHING! The keys to the kingdom, so to speak! They can access id files, .ini files not to mention EVERY single database on the server. So..I'm going to assume that your Domino server is locked down so that Joe user can't just map a drive to it and get at the files.
Secondly, in the next beta drop of 8.5, we will be providing an encryption mechanism for the DAOS store. Therefore, all the files will be encrypted. So, if Joe user does happen to have access, well, now they can be encrypted!
Now, back to how counts work and that comment above about attachments only being stored if they are different..
There is a database, the DAOS Catalog, that keeps track of all the counts for an attachment and where the "tickets" for the attachment are referenced. It knows every .NLO created, how many references for each of them and maintains a list of every .NSF file using the attachments. And, being a Notes database, if it becomes corrupted, DAOS will detect that corruption and attempt to remain operable. But, if for some reason the corruption is such that DAOS can't continue to function, there will be some commands an administrator can run that will resync everything.
Suffice to say, the developers will ensure you can get at your attachments! There will be many tools you can leverage that will allow you to restore NLOs, fixup the stores and keep the store up to date. Having said that however, you can't really manipulate the DAOS counts on your own. Administratively, it's a no-no.
We also had some great questions about the fact that if you got spammed or did a copy/paste of an attachment, wouldn't there be a million files out in the DAOS store? Now, here's where it gets really cool.
When you do a copy/paste of an attachment or if an attachment is the same across multiple messages, the DAOS code recognizes that! DAOS will then only store one version of the attachment, and create a ton of reference counts for each document!
So, while we can't keep you from getting spammed or copying attachments a bunch of times, we can make it easier by saving you a lot of disk space when that occurs! Too cool!
WHEW! That's a LOT of information!!!
Next topic... How does DAOS work with replication, clustering and archives!
In the meantime, I'm going to break this up into various sections that answer the questions from my previous post and to make it easier to digest (and to write!!). In this section, we'll talk about how DAOS works and how it is secured.
So, first of all, DAOS will work on ANY database that resides on a DAOS-enabled server. There is a property selection box in the database properties, and if enabled, the database will use DAOS for all it's attachments. Basically, what happens is this:
When a document is saved (or emailed, or whatever), Domino sees it as essentially
ddddddXXXXXXXXXddddddddddddXXXXXXXXXXXXXXXdddddddddddddXXXX
where "d" represents the body and "X" represents one or more attachments.
DAOS "rewrites" that so that Domino now sees the document as
ddddddTddddddddddddTdddddddddddddT
where "T" is the "small ticket" information for DAOS
Then, DAOS puts the attachments in the file system and also puts a counter/reference to those attachments in a DAOS Catalog nsf file (more on that feature in a moment). You would have an NLO file for each attachment in the document (as long as the attachments are DIFFERENT).
There you have it! Now, you have a bunch of .NLO files on the file system of your Domino server. Then, when a user opens the document and double-clicks on the attachment icon, Domino knows to go to the DAOS store and retrieves the attachment.
But WAIT, you say...How do I secure it? Can't anyone just get into those .NLO files and manipulate them?
Well, yes and no. First of all, they are on the file system of your Domino server, and a user can't access those files in any way other than through the file structure. So let's take a moment and talk about how secure your Domino server is. In theory, if people have access to the file structure of your Domino server, you have more to worry about than them looking at those .NLO files and reading attachments! They have access to EVERYTHING! The keys to the kingdom, so to speak! They can access id files, .ini files not to mention EVERY single database on the server. So..I'm going to assume that your Domino server is locked down so that Joe user can't just map a drive to it and get at the files.
Secondly, in the next beta drop of 8.5, we will be providing an encryption mechanism for the DAOS store. Therefore, all the files will be encrypted. So, if Joe user does happen to have access, well, now they can be encrypted!
Now, back to how counts work and that comment above about attachments only being stored if they are different..
There is a database, the DAOS Catalog, that keeps track of all the counts for an attachment and where the "tickets" for the attachment are referenced. It knows every .NLO created, how many references for each of them and maintains a list of every .NSF file using the attachments. And, being a Notes database, if it becomes corrupted, DAOS will detect that corruption and attempt to remain operable. But, if for some reason the corruption is such that DAOS can't continue to function, there will be some commands an administrator can run that will resync everything.
Suffice to say, the developers will ensure you can get at your attachments! There will be many tools you can leverage that will allow you to restore NLOs, fixup the stores and keep the store up to date. Having said that however, you can't really manipulate the DAOS counts on your own. Administratively, it's a no-no.
We also had some great questions about the fact that if you got spammed or did a copy/paste of an attachment, wouldn't there be a million files out in the DAOS store? Now, here's where it gets really cool.
When you do a copy/paste of an attachment or if an attachment is the same across multiple messages, the DAOS code recognizes that! DAOS will then only store one version of the attachment, and create a ton of reference counts for each document!
So, while we can't keep you from getting spammed or copying attachments a bunch of times, we can make it easier by saving you a lot of disk space when that occurs! Too cool!
WHEW! That's a LOT of information!!!
Next topic... How does DAOS work with replication, clustering and archives!
Reduce Storage Costs with Domino 8.5
June 24 2008
The Notes/Domino 8.5 public beta has been out for a couple weeks now, so I wanted to take a moment to highlight one of the new features that will help reduce those wonderful storage costs and large mail file sizes! Storage costs consistently rate as one of the highest components of Domino TCO and my customers are always asking how they can better manage mail file storage. To help with that (and the ever increasing size of your mail files out there), enter DAOS.
With DAOS you can consolidate the storage of attachments for all users of a Domino server. Common content is stored only once (outside the Notes database) and DAOS manages reference counts on the shared content. For example, in the "old way", when a user sends an attachment to a group of people, each person receives a copy of that attachment in his/her mail file.
In the "new way", with DAOS, when an email is sent to multiple recipients with an attachment, one reference of the attachment is stored in DAOS, and the recipients of the message get a"small ticket" or pointer to the DAOS store. In addition, DAOS keeps a count of how many "links" are provided.
So, less copies of an attachment in a mail file translates to less I/O on the server, faster database operations such as compact, less network bandwidth used and a significant reduction in the amount of storage used.
How does it work?
DAOS is local to the Domino server and is not cross-server. Each mail.box on the Domino mail server is DAOS-enabled. Then, when a message is deposited in the mail.box, any attachments are removed and stored in DAOS. Only a reference to the attachment is routed for each target database on that mail server. I've already gotten a couple of questions from customers on how it works, so I thought I'd share some of the more "pressing" things I've been asked:
How do I use it?
DAOS is optional and is a service specific to each Domino server partition. Also, it requires transaction logging be enabled on the server and the ND8 ODS. Participation is a per-database property setting that can be enabled via a compact command. In addition, DAOS objects count against the quota of the mail file and are reported as part of the file size.
And since I'm sure you'll ask -----
DAOS is completely different from and shares No code with Single Copy Object Store (SCOS)!
So - it's pretty cool and something I'm sure you will want to take a look at - either in the beta or once 8.5 goes production later this year. I'll post more information about it and how it works as we come closer to the release date.
With DAOS you can consolidate the storage of attachments for all users of a Domino server. Common content is stored only once (outside the Notes database) and DAOS manages reference counts on the shared content. For example, in the "old way", when a user sends an attachment to a group of people, each person receives a copy of that attachment in his/her mail file.
In the "new way", with DAOS, when an email is sent to multiple recipients with an attachment, one reference of the attachment is stored in DAOS, and the recipients of the message get a"small ticket" or pointer to the DAOS store. In addition, DAOS keeps a count of how many "links" are provided.
So, less copies of an attachment in a mail file translates to less I/O on the server, faster database operations such as compact, less network bandwidth used and a significant reduction in the amount of storage used.
How does it work?
DAOS is local to the Domino server and is not cross-server. Each mail.box on the Domino mail server is DAOS-enabled. Then, when a message is deposited in the mail.box, any attachments are removed and stored in DAOS. Only a reference to the attachment is routed for each target database on that mail server. I've already gotten a couple of questions from customers on how it works, so I thought I'd share some of the more "pressing" things I've been asked:
- If an attachment is edited and re-attached, it is detected as a new file attachment and stored separately
- If the message is replied to or forwarded, DAOS still only uses the pointer or "small ticket" for the new messages
- For non-DAOS enabled databases, the entire attachment is copied (so for local replicas, the full attachment will be in the local mail file)
- The current plan is to allow the administrative client to see DAOS reference counts, attachment sizes, etc. and administer the DAOS store
How do I use it?
DAOS is optional and is a service specific to each Domino server partition. Also, it requires transaction logging be enabled on the server and the ND8 ODS. Participation is a per-database property setting that can be enabled via a compact command. In addition, DAOS objects count against the quota of the mail file and are reported as part of the file size.
And since I'm sure you'll ask -----
DAOS is completely different from and shares No code with Single Copy Object Store (SCOS)!
So - it's pretty cool and something I'm sure you will want to take a look at - either in the beta or once 8.5 goes production later this year. I'll post more information about it and how it works as we come closer to the release date.
Are you upgrading to Domino 8?
June 20 2008
I've been making the rounds lately talking to customers at the Lotusphere Comes to You events as well as the Notes/Domino 8 Upgrade Proof of Technology and I'm wondering - are any of you starting (or are in process) a Domino8 upgrade? Are you waiting for Domino 8.5 or going with the 8.01 release?
If you are getting started or would like more information, here are some good sites for you:
Upgrade Central
Domino Wiki
Notes/Domino 8 Deployment Guide
Also, some tidbits of information for you about the upgrade:
Did you know you can upgrade the client first? That's right! More than 90% of the new features in the Notes client are contained to the template and so don't require a Domino8 server. More than that...it's actually SUPPORTED during the upgrade!! Many of my clients are taking this route, as it will provide a huge amount of value very quickly. The 3 features that won't work are unprocessed meetings (ghosted meetings), message recall and the out of office enhancements.
You can do a spoke/hub type of upgrade instead of a hub/spoke. That's where you start with your mail servers instead of your hub. This is a good option if you are on 6.5, as a hub-first type of upgrade might require some additional planning in terms of resource reservations, etc. This option is actually outlined in the Deploying Notes/Domino8 redbook.
If all of your client desktops don't have enough memory, don't just install the basic code. For example - there are 2 "versions" of the installation code for the Notes client - Standard and Basic. The basic installation set does not have the Eclipse components and is a much smaller installation. One suggestion is to use the Standard install set for all workstations - even if they can't run the Eclipse components. Simply modify the desktop icon and add the "-sa" parameter after the notes.exe. This will open Notes in the "Basic" mode. Then, when the client gets upgraded, you don't have to install a whole new code set to get the Eclipse components.
Hope those help! Happy Upgrading!!
If you are getting started or would like more information, here are some good sites for you:
Upgrade Central
Domino Wiki
Notes/Domino 8 Deployment Guide
Also, some tidbits of information for you about the upgrade:
Did you know you can upgrade the client first? That's right! More than 90% of the new features in the Notes client are contained to the template and so don't require a Domino8 server. More than that...it's actually SUPPORTED during the upgrade!! Many of my clients are taking this route, as it will provide a huge amount of value very quickly. The 3 features that won't work are unprocessed meetings (ghosted meetings), message recall and the out of office enhancements.
You can do a spoke/hub type of upgrade instead of a hub/spoke. That's where you start with your mail servers instead of your hub. This is a good option if you are on 6.5, as a hub-first type of upgrade might require some additional planning in terms of resource reservations, etc. This option is actually outlined in the Deploying Notes/Domino8 redbook.
If all of your client desktops don't have enough memory, don't just install the basic code. For example - there are 2 "versions" of the installation code for the Notes client - Standard and Basic. The basic installation set does not have the Eclipse components and is a much smaller installation. One suggestion is to use the Standard install set for all workstations - even if they can't run the Eclipse components. Simply modify the desktop icon and add the "-sa" parameter after the notes.exe. This will open Notes in the "Basic" mode. Then, when the client gets upgraded, you don't have to install a whole new code set to get the Eclipse components.
Hope those help! Happy Upgrading!!
Have you Heard about Lotus Traveler?
June 2 2008
A new feature that comes with the Domino 8.0.1 server is Lotus Traveler. Finally - we are providing a built-in mobile solution for devices other than the Blackberry!
Traveler provides basic wireless mobile replication for Lotus Domino email/PIM data and runs directly on the Domino server as a server task (or on a separate server that has access to the mail files)! This provides real-time replication of email (including attachments), calendar, contacts, personal journal and to-do access on mobile devices. It communicates on SSL with 128-bit encryption and (wait for it) even integrates with Domino administration and policies!
Also, using optional WECM (the product formerly known as Lotus Mobile Connect), you can optionally secure your mobile connection even more over a wide variety of networks.
Lotus Traveler supports Windows Mobile 5 and 6 (Professional and Smartphone) and is included in the Domino 8.0.1 release (there is a separate install component).
To install - you can download a CAB file to the device via web site, Active Sync via cradle attachment/etc or via memory card. There is even an option for administrator-configured response file (bootstrap.nts). The installer puts files in the \Program Files\Lotus Traveler directory, adds shortcuts, then launches and walks the user through the registration wizard. So, yes, out of the box, the end-user must know their Domino server name (and LMC gateway if WECM is used). But...with a configured response file, those fields can be pre-filled!
Once installation is complete, Traveler is minimized to the application bar and the client automatically starts whenever the mobile device is reset.
From an end-user standpoint, using it is pretty simple. Truncated messages have a special icon, synchronization runs in the background, and I can set filters, alarms, which components I want to synchronize, etc. Word of warning though -- even though your mail folders show up on the device, only Inbox and Drafts are synchronized by default - to get others, you have to select them in the Manage Folders areas.
Administratively, there are a few things you should be aware of before installing Lotus Traveler:
For more information, see the this document.
Traveler provides basic wireless mobile replication for Lotus Domino email/PIM data and runs directly on the Domino server as a server task (or on a separate server that has access to the mail files)! This provides real-time replication of email (including attachments), calendar, contacts, personal journal and to-do access on mobile devices. It communicates on SSL with 128-bit encryption and (wait for it) even integrates with Domino administration and policies!
Also, using optional WECM (the product formerly known as Lotus Mobile Connect), you can optionally secure your mobile connection even more over a wide variety of networks.
Lotus Traveler supports Windows Mobile 5 and 6 (Professional and Smartphone) and is included in the Domino 8.0.1 release (there is a separate install component).
To install - you can download a CAB file to the device via web site, Active Sync via cradle attachment/etc or via memory card. There is even an option for administrator-configured response file (bootstrap.nts). The installer puts files in the \Program Files\Lotus Traveler directory, adds shortcuts, then launches and walks the user through the registration wizard. So, yes, out of the box, the end-user must know their Domino server name (and LMC gateway if WECM is used). But...with a configured response file, those fields can be pre-filled!
Once installation is complete, Traveler is minimized to the application bar and the client automatically starts whenever the mobile device is reset.
From an end-user standpoint, using it is pretty simple. Truncated messages have a special icon, synchronization runs in the background, and I can set filters, alarms, which components I want to synchronize, etc. Word of warning though -- even though your mail folders show up on the device, only Inbox and Drafts are synchronized by default - to get others, you have to select them in the Manage Folders areas.
Administratively, there are a few things you should be aware of before installing Lotus Traveler:
- Authentication uses the same mechanisms used by the Domino web server - so the http password must be filled in for the end-user.
- Directory Assistance can be used for more advanced authentication
- Databases MUST grant Manager access to the Lotus Traveler server (easier if the Lotus Traveler server is part of LocalDomainServers
- Policies are only supported for those users whose mail file is on a Domino 8.0.1 or later server
- Configuration data is synchronized between the device and the user's mail file - it's stored as a Notes profile within the database
- Use "Tell traveler showstats" on the Domino server command line to see statistics about Traveler
For more information, see the this document.
Domino as an Update Site!
May 14 2008
There's a great new feature that is included in Notes/Domino 8 that I don't think is getting enough press. It's a very useful feature that all Domino administrators and developers should be looking at to assist in your Notes8 rollouts. What is this wonderful new feature that will save you lots of time and heartache?
Domino as an Update Site!
Domino as an Update Site??? What is that? Why should I be looking at it? Why is it important to my Notes8 rollouts, you ask? Read on!
As we all know by now, the Notes 8 client is built on an Eclipse framework. One of the great things this provides us is the ability to do those wonderful side shelf and composite applications. You saw them at Lotusphere - and you saw all the cool little things you can put out there to help make end-users a little bit more productive. And, with the introduction of widgets in 8.01, we made it so that end-users can put their own productivity tools on their desktops without any administrative or development intervention. Pretty cool, huh?!
So let's take this one step further. Side shelf and composite applications can provide a lot of value in an organization. I have customers who are creating applications to provide functions such as an employee yellow pages, a skills look-up application and even a way to hook into CRM applications. These are all great uses! But as an administrator, you have to wonder - how do I manage all those applications? In the past, they were just icons on the workspace, and we all know how difficult it was to maintain those for an end-user. Sure, you could write a script in an email that would add them - but what if you moved the database to another server? It wasn't easy to maintain those icons on the workspace. But now - now it's much more than just an icon on the workspace. It's a composite application with multiple parts or a side shelf that's used every day! What if there's a new feature? What if the developer wants to change things? Now what??
Enter server-based provisioning and Eclipse update sites.
To add an Eclipse application onto your workspace, you point to an update site that has all the components of the application. In addition, when an Eclipse application is written, you have the ability to point it to an update site (.xml) where the application will automatically "look to" for any updates. So this concept of an update site is a powerful thing!
A new template was introduced in 8 called UPDATESITE.NTF. This template can be used to create an NSF-based update site that can provide site.xml features and plug-ins. Once you create this database, you can import all your update sites into this database and point your clients to this consolidated site. It's that simple! Now, the Domino server can selectively deliver incremental features and applications. And to top it all off, the Domino server can centrally manage all my update sites for all my eclipse applications -- whether they are in the Notes client, the Sametime client, or any other eclipse-based client! Your end-users have a single place to go to for user-based installs of applications, and your applications get automated updates! It couldn't get any simpler!
But wait..there's more!! Since it's a Notes database, it can be replicated across the organization for geographical considerations, and you can use Domino security to provide fine-grained access to the applications. So using Domino as an update site provides:
Like I said...it's a great feature and one that will make any administrator (or developer)'s life happier! Imagine the possibilities - create an eclipse plug-in, have users access a single, standard site to install it on their machines, and you can automatically provide updates!
For more information, see the following:
Oh...and as an aside note....this being my first "real" post... Enough? Not enough? Detailed? Not enough detail?
Domino as an Update Site!
Domino as an Update Site??? What is that? Why should I be looking at it? Why is it important to my Notes8 rollouts, you ask? Read on!
As we all know by now, the Notes 8 client is built on an Eclipse framework. One of the great things this provides us is the ability to do those wonderful side shelf and composite applications. You saw them at Lotusphere - and you saw all the cool little things you can put out there to help make end-users a little bit more productive. And, with the introduction of widgets in 8.01, we made it so that end-users can put their own productivity tools on their desktops without any administrative or development intervention. Pretty cool, huh?!
So let's take this one step further. Side shelf and composite applications can provide a lot of value in an organization. I have customers who are creating applications to provide functions such as an employee yellow pages, a skills look-up application and even a way to hook into CRM applications. These are all great uses! But as an administrator, you have to wonder - how do I manage all those applications? In the past, they were just icons on the workspace, and we all know how difficult it was to maintain those for an end-user. Sure, you could write a script in an email that would add them - but what if you moved the database to another server? It wasn't easy to maintain those icons on the workspace. But now - now it's much more than just an icon on the workspace. It's a composite application with multiple parts or a side shelf that's used every day! What if there's a new feature? What if the developer wants to change things? Now what??
Enter server-based provisioning and Eclipse update sites.
To add an Eclipse application onto your workspace, you point to an update site that has all the components of the application. In addition, when an Eclipse application is written, you have the ability to point it to an update site (.xml) where the application will automatically "look to" for any updates. So this concept of an update site is a powerful thing!
A new template was introduced in 8 called UPDATESITE.NTF. This template can be used to create an NSF-based update site that can provide site.xml features and plug-ins. Once you create this database, you can import all your update sites into this database and point your clients to this consolidated site. It's that simple! Now, the Domino server can selectively deliver incremental features and applications. And to top it all off, the Domino server can centrally manage all my update sites for all my eclipse applications -- whether they are in the Notes client, the Sametime client, or any other eclipse-based client! Your end-users have a single place to go to for user-based installs of applications, and your applications get automated updates! It couldn't get any simpler!
But wait..there's more!! Since it's a Notes database, it can be replicated across the organization for geographical considerations, and you can use Domino security to provide fine-grained access to the applications. So using Domino as an update site provides:
- Robust Domino-based security such as ACLs and reader fields for fine-grained access control
- Easy replication of features and plugins (read: http access from anywhere)
- Intelligent analysis and meta-data presentation of the entire update site in easy-to-read Notes documents (all plug-ins used by a feature are doc-linked)
- Built-in tools to import/merge from other update sites and...
- Globally change embedded URLs inside JARs (hello...globally change URL's??!!! WOW! Developer's don't have to update the apps for URL changes!!)
Like I said...it's a great feature and one that will make any administrator (or developer)'s life happier! Imagine the possibilities - create an eclipse plug-in, have users access a single, standard site to install it on their machines, and you can automatically provide updates!
For more information, see the following:
- Domino8 InfoCenter
- ID103 - Deploying Notes 8 Clients (Lotusphere 2008 presentation)
- For additional information about NSF-based update sites in conjunction with composite applications, see the composite applications blog at IBM developerWorks, for example, the NSF-based update site posting and the site index .
Oh...and as an aside note....this being my first "real" post... Enough? Not enough? Detailed? Not enough detail?
Domino Blog has a new blogger!
May 13 2008
Hello Lotus Land! You heard it right - Domino Blog has a new blogger!
When Rob Ingram started this blog back in 2006 (has it really been that long?), his intent was to provide a place where you could get information about IBM Lotus Domino server infrastructure and administration, written by the team that builds it. His goal was to help you understand that the future of Domino is Domino, that Domino is not going away, and that it has a great and bright future! Rob and his team have done a great job of providing buzz around Domino over the last year+, and as many of you know, Rob moved on to bigger things in the IBM family and we all wish him well!
So, in the spirit of continuing the buzz and continuing to provide you with information on Lotus Domino server infrastructure and administration, the torch has been passed!
My name is Andrea Waugh-Metzger, and while I am not a part of the team that writes Lotus Domino, I am a part of the team that helps to sell, plan, support and implement it for customers like you. I am a field technical specialist (ITS, if you prefer) and have been working with Lotus Domino for almost 11 years now - the last 8 of them for Lotus.
So how is a field person qualified to write a Lotus Domino blog started by the Lotus Domino developers, you ask?!
As a field person, I'm close to you - the customer - the people that matter. I started my life at Lotus in the ISSL team (Software Services for Lotus, LPS, LCS, etc.), where I worked with customers like you on Domino server infrastructure and administration projects. I helped you optimize your servers, implement new servers, implement best practices, and migrate off other mail platforms. I was deep in the trenches, just like you, every day. A year ago, I moved to the ITS organization, and it's now my responsibility to evangelize the Lotus portfolio to my customers.
So, as such, it's my responsibility to make sure you know all the great things coming out of Lotus Domino development - and how you can apply them to your organization today. And let me tell you...there are some GREAT things!!! There's no end in sight to the excitement about Lotus Notes and Domino and the buzz is only growing! With the release of Domino 8 and the upcoming release of Domino 8.5, there are a TON of things to update the community on. I hope to take this blog one step further and help you realize the value you can gain, the tips/tricks you can use, and how to really make use of these great new features! I think it's going to be a great ride!
Here we go...I'll continue Rob's conversation - but your contributions are critical to the site's success. Let's make this a lively community with its own personality that will be shaped by our readers. Visit often, ask questions, give me your ideas, and please tell your friends, colleagues, boss, or overworked administrators about it!
Upcoming topics include: (and I hope to get YOUR ideas for topics)
Credits
Special thanks go to Ed Brill and the Domino development team for making this happen!
When Rob Ingram started this blog back in 2006 (has it really been that long?), his intent was to provide a place where you could get information about IBM Lotus Domino server infrastructure and administration, written by the team that builds it. His goal was to help you understand that the future of Domino is Domino, that Domino is not going away, and that it has a great and bright future! Rob and his team have done a great job of providing buzz around Domino over the last year+, and as many of you know, Rob moved on to bigger things in the IBM family and we all wish him well!
So, in the spirit of continuing the buzz and continuing to provide you with information on Lotus Domino server infrastructure and administration, the torch has been passed!
My name is Andrea Waugh-Metzger, and while I am not a part of the team that writes Lotus Domino, I am a part of the team that helps to sell, plan, support and implement it for customers like you. I am a field technical specialist (ITS, if you prefer) and have been working with Lotus Domino for almost 11 years now - the last 8 of them for Lotus.
So how is a field person qualified to write a Lotus Domino blog started by the Lotus Domino developers, you ask?!
As a field person, I'm close to you - the customer - the people that matter. I started my life at Lotus in the ISSL team (Software Services for Lotus, LPS, LCS, etc.), where I worked with customers like you on Domino server infrastructure and administration projects. I helped you optimize your servers, implement new servers, implement best practices, and migrate off other mail platforms. I was deep in the trenches, just like you, every day. A year ago, I moved to the ITS organization, and it's now my responsibility to evangelize the Lotus portfolio to my customers.
So, as such, it's my responsibility to make sure you know all the great things coming out of Lotus Domino development - and how you can apply them to your organization today. And let me tell you...there are some GREAT things!!! There's no end in sight to the excitement about Lotus Notes and Domino and the buzz is only growing! With the release of Domino 8 and the upcoming release of Domino 8.5, there are a TON of things to update the community on. I hope to take this blog one step further and help you realize the value you can gain, the tips/tricks you can use, and how to really make use of these great new features! I think it's going to be a great ride!
Here we go...I'll continue Rob's conversation - but your contributions are critical to the site's success. Let's make this a lively community with its own personality that will be shaped by our readers. Visit often, ask questions, give me your ideas, and please tell your friends, colleagues, boss, or overworked administrators about it!
Upcoming topics include: (and I hope to get YOUR ideas for topics)
- Notes as an Update Site - Auto-Provision Your Applications
- What is TDI and Why Do I Care? (a great new, free, tool to make your Directory life easier)
- Sneak Peeks at Domino 8.5
- Many, many more!
Credits
Special thanks go to Ed Brill and the Domino development team for making this happen!
Introducing Lotus Protector
March 11 2008
Notes & Domino administrators manage some of the world's largest and most sophisticated enterprise e-mail deployments, with reliability that is (we believe) the gold standard for the category. When it comes to deploying, administering, and supporting an enterprise-wide messaging and scheduling system, with multiple client types and over complex topologies.... well, you're just not going to beat Lotus Notes and Domino, and the people who make it run.
But over time there has developed a second, separate layer of infrastructure that need to be managed in support of Domino -- in fact, for any e-mail system, not just Domino. For example, connections to the Internet introduce threats that need to be addressed, so the SMTP interface needs to present a locked-down posture, and filter unwanted content such as spam and viruses. At the same time, continuing growth in sheer e-mail data volume, plus increasing regulation of corporate information, particularly compliance and legal discovery, combine to create pressures to better manage the ever-bigger chunk of an enterprise's data that goes through people's mailboxes.
Most of todays infrastructure on that second layer doesn't have much to do with specific Domino skills, and often may not even the responsibility of the Domino team. Typically these products/solutions simply sit on the network or out at the edge, treating whatever is inside as the next relay in a generic SMTP stream. Often that's a sensible strategy for increasing throughput, especially when inspecting for things like spam and viruses, which can comprise over 90% of SMTP e-mail volume.
Of course some vendors integrate with specific Notes/Domino (or Outlook/Exchange or GroupWise) APIs to create extra value, and we're always looking for ways to help our ISV partners improve their products for our mutual customers. But some things are just hard problems for everyone. For instance, encryption (popular with Domino customers) always throws a wrench into things when you need to inspect a piece of content. And the client-server nature of Notes/Domino can often result in data in multiple places. Since security systems can operate at different points in a network, it's problematic to make everyone's stuff work reliably across different functions and locations. It is a pain point that our customers have shared with us.
Lotus Protector is the brand for a new family of security products being introduced over the next 12-24 months. They create solutions for common e-mail security and compliance needs, but do it in a way that's consistent with the way Domino administrators operate. For example, Lotus Protector products place a premium on being able to interoperate with Domino's user and security frameworks, and integrating features tightly with Notes clients, presenting the most natural user experience.
The first Lotus Protector release is an antispam/antivirus appliance based on technology from Internet Security Systems (ISS), a company acquired by IBM in 2006. This top-notch edge server solution is the result of some serious IBM/ISS research, and offers important capabilities like IP reputation filtering, which can drop the worst of the SMTP detritus before you even take receipt. We're entering beta soon on Lotus Protector for Mail Security 2.1 (it's not 1.0 because of the proven ISS Proventia code base), and expect to have final product in market in 1H 2008. A second major release is planned around year-end, introducing some pretty interesting Notes/Domino integration.
Going forward there will be Lotus Protector announcements in other security areas. All offerings will solve specific e-mail related security and/or compliance challenges. Each will be optimized for the interests of a Lotus Notes/Domino customer. Stay tuned. Feel free to comment here on your needs and desires regarding email security for the Protector roadmap.
But over time there has developed a second, separate layer of infrastructure that need to be managed in support of Domino -- in fact, for any e-mail system, not just Domino. For example, connections to the Internet introduce threats that need to be addressed, so the SMTP interface needs to present a locked-down posture, and filter unwanted content such as spam and viruses. At the same time, continuing growth in sheer e-mail data volume, plus increasing regulation of corporate information, particularly compliance and legal discovery, combine to create pressures to better manage the ever-bigger chunk of an enterprise's data that goes through people's mailboxes.
Most of todays infrastructure on that second layer doesn't have much to do with specific Domino skills, and often may not even the responsibility of the Domino team. Typically these products/solutions simply sit on the network or out at the edge, treating whatever is inside as the next relay in a generic SMTP stream. Often that's a sensible strategy for increasing throughput, especially when inspecting for things like spam and viruses, which can comprise over 90% of SMTP e-mail volume.
Of course some vendors integrate with specific Notes/Domino (or Outlook/Exchange or GroupWise) APIs to create extra value, and we're always looking for ways to help our ISV partners improve their products for our mutual customers. But some things are just hard problems for everyone. For instance, encryption (popular with Domino customers) always throws a wrench into things when you need to inspect a piece of content. And the client-server nature of Notes/Domino can often result in data in multiple places. Since security systems can operate at different points in a network, it's problematic to make everyone's stuff work reliably across different functions and locations. It is a pain point that our customers have shared with us.
Lotus Protector is the brand for a new family of security products being introduced over the next 12-24 months. They create solutions for common e-mail security and compliance needs, but do it in a way that's consistent with the way Domino administrators operate. For example, Lotus Protector products place a premium on being able to interoperate with Domino's user and security frameworks, and integrating features tightly with Notes clients, presenting the most natural user experience.
The first Lotus Protector release is an antispam/antivirus appliance based on technology from Internet Security Systems (ISS), a company acquired by IBM in 2006. This top-notch edge server solution is the result of some serious IBM/ISS research, and offers important capabilities like IP reputation filtering, which can drop the worst of the SMTP detritus before you even take receipt. We're entering beta soon on Lotus Protector for Mail Security 2.1 (it's not 1.0 because of the proven ISS Proventia code base), and expect to have final product in market in 1H 2008. A second major release is planned around year-end, introducing some pretty interesting Notes/Domino integration.
Going forward there will be Lotus Protector announcements in other security areas. All offerings will solve specific e-mail related security and/or compliance challenges. Each will be optimized for the interests of a Lotus Notes/Domino customer. Stay tuned. Feel free to comment here on your needs and desires regarding email security for the Protector roadmap.
DominoWiki - article on FIPS 140-2 for Domino 8.0.1
February 23 2008
It has not been widely publicized, but there is a great new resource of technical information from the development team for Domino geeks at DominoWiki. One recent article that caught my eye was one on FIPS and how to use the new 8.0.1 encryption options. Hope this adds another valuable information source to the Domino community.
Domino 8.0.1 has shipped
February 23 2008
The product is now available for download along with Notes 8.0.1, DWA 8.0.1 and Lotus Traveler. Take a look at the previous posting for list of enhancements and this announcement letter and this technote for more feature info and of course the release notes. The fix list is also posted here on the support web site.
No excuses now for not moving to Domino 8.0.1 with its compelling cost saving advantages like database compression or native 64 bit Windows support. This is on on top of the many improvements that were added previously in 8.0 (and 7.0 if you never moved from 6.x).
No excuses now for not moving to Domino 8.0.1 with its compelling cost saving advantages like database compression or native 64 bit Windows support. This is on on top of the many improvements that were added previously in 8.0 (and 7.0 if you never moved from 6.x).
