As someone who has spent almost 28 years working around HCL Notes and Domino administration, my mind was blown with the number of new features that were delivered when v12 shipped in May of 2021. And HCL kept the pedal pressed to the floorboard, introducing many more enhancements with Domino v12.0.1 in December of 2021.
Considering the primary goal of a systems administrator is to protect the service, these new offerings make obtaining that goal easier. When it comes to simplifying configuration, boosting security, and ensuring data integrity, Domino sets you up for success.
For years you have had the option of letting your end users access their Domino data from the Notes client or a web browser. The Notes client provides various UI features, and the web browser offers mobility. Nomad Web gives you the best of both worlds – a Notes client that is accessible from anywhere with zero local install required.
By deploying Nomad Web, you no longer manage Notes client deployments. The binary files supporting Nomad Web are on a single server. In just a few minutes you can upgrade thousands of users to a new Notes version, apply a fix pack, etc.
And, when migrating Notes users to Nomad Web, they can take their Notes desktop with them. Out of the box, they have all their same databases available.
Just like you wouldn’t send a letter in a non-sealed envelope, you should take the same safeguard and put a lock on your system’s network traffic.
Domino v12 has a new Certificate Manager feature, which provides an easy and effective way of managing TLS credentials used for securing Domino server communications. From within the Certificate Store database, you can create certificate requests, add trusted roots, upload received certificates and configure automatic renewal of Let’s Encrypt certificates.
In v12.0.1 you can import PEM/PKCS12 certificates, export TLS credentials to PEM/PKCS12 certificates and create your own Domino based certificate authority.
Backups and Restores
Mistakes, failures, and disasters happen. Your ability to respond to these events is a keystone in data management.
Domino v12 has a native backup and restore offering. The configuration, processing and logging is all part of Domino. As a result, the Domino administrator has complete control over protecting Domino’s data.
Additionally, you can use third party backup software and integrate it with the native feature. Domino v12.0.1 allows you to reliably restore data from a third party. Full integration with Veeam snapshots are possible, too.
Domain Keys Identified Mail, DKIM, is an email security standard used to guarantee email messages are not tampered with during transit.
Domino v12.0.1 supports DKIM by adding an encrypted signature to the messaging header of outbound emails. DKIM signatures not only assure message contents but also confirm the originating point, meaning your sender addresses cannot be forged. Adding DKIM to the Domino configuration allows recipients of your domain’s email to trust your communication’s authenticity.
Time-based One-time Password (TOTP) Authentication
Domino v12 delivers 2-Factor authentication, requiring web users to provide both their user name/password credentials and a unique six-digit token. The token is unique for the user, generated by the TOTP application and the user’s Domino ID Vault server. While a third party may obtain a user’s credentials, they will not have access to the device running the TOTP application. Hence, they cannot provide the required code and the access attempt fails.
IP Address Lockout
The ability to control Domino resource access by IP address has been part of the SMTP and Router configuration for several releases. With v12 you can also define which IP addresses are allowed to access the Domino server from a web browser. Addresses outside of the allowed list will be denied access.
iNotes/Verse and User IDs
A cornerstone of Notes client security is the ability to sign and encrypt email. With the move to accessing email from a web browser, iNotes and Verse support document signing and encrypting by requiring a copy of the Notes ID be contained in the mail file.
With v12.0.1 iNotes and Verse can use the ID stored in the ID Vault. This enhancement continues the trend towards leveraging the ID Vault for security operations. Using the ID Vault provides a secure, centralized and sustainable ID file storage strategy, which improves the formidability of the Domino deployment.
Domino Directory Enhancements
The Domino Directory is where administrators do most of their configuration work. Domino v12 adds new features to improve the directory’s usability.
- Auto group population: Groups can now be automatically updated based on a pre-defined criteria. In a group document select Custom for the Auto Populate Method field and use the Selection Criteria field to define a LDAP search query, which will search the Domino Directory. For example, have a membership list based on department name specified in person documents.
- Mail-in database usability: The Mail-in Databases and Resources view now displays the Internet email address of mail-in databases. Also, there is a Go to Database action button available. Pressing this button, opens the respective mail-in database of the document in focus.
- Find Groups button: The Find Group action button, located on the Person document, shows all groups the user belongs to. This is for both groups where the user is listed as a member and nested groups.
- Find Server Config button: The Server document has a new Find Server Config action button, which displays a list of Configuration Settings documents associated with the server. From the document list you may select one and open it.
The Administration Process in Domino automates user renames, updating a locally stored ID, group listings, access control lists and Names fields in documents. However, if a user does not log in from a Notes client, the rename process fails to complete.
New to v12.0.1 is Admin Quick, which is a Notes database, adminq.nsf, AdminP uses to process user renames automatically. While this feature is intended for iNotes and Verse users, the administrator can extend it to all users.
Cloud computing provides a means to be flexible and scalable without having to internally support an expensive infrastructure and respective IT staff, which equals the ability to stay competitive at a reduced cost.
Your Domino v12 servers can be part of your cloud journey. V12 is fully supported to run on all major platform vendors, including Google, Azure and AWS. Domino servers are certified for Docker, Kubernetes, and Red Hat’s OpenShift. As always, Domino provides you with options.
One Touch Setup
Part of a modern DevOps strategy is the ability to quickly deploy servers using a script that defines configuration settings. Additionally, re using a script ensures your standards are applied to each install.
Domino v12 allows you to use a JSON when building new servers. The JSON can be used for the first domain server or additional servers. When deploying Domino on Docker, Windows and UNIX platforms a JSON can set up the Domino server, an ID Vault, register users, configure directory assistance, create/update applications/documents and enable agents.
Advanced Properties Box
The document properties box is a valuable troubleshooting tool when it comes to reviewing document contents, specifically field values.
With the Notes v12.0.1 client you now have an Advanced Properties box that allows you to search for field names and values, copy rows of data as a CSV, view profile documents and compare documents. And, the advanced properties box can be resized, making the text easier to read.
AD/Domino Password Sync
The Domino Directory, also known as the Public Address book, has existed since v1 was released in 1989. And while it is great for managing a Domino environment, most often it is not the only system directory you have. You wind up duplicating efforts with user life cycle processing.
To reduce administration efforts Domino v11 introduced the ability to synchronize the contents of AD to the Domino Directory, which includes both user and group documents. User creations, renames and deletions are performed in AD and then flow to the Domino Directory.
Domino v12 now includes password synchronization with AD. When a user’s password is changed in AD, the password for the respective user ID in the ID Vault and Internet password in the Person document are updated to the same value.
Domino v12 and v12.0.1 offer several new features that the administrator can use to improve the security and operations of the Notes and Domino infrastructure, all while decreasing total cost of ownership. Most important, these are all included as part of the entitlement, no additional cost required. There has never been a better time to upgrade!
And, in the works is Domino v12.0.2 which promises to deliver even more mind blowing administrative features. Be on the lookout for announcements coming soon.