Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Traveler causing replication/save conflict for invitations accepted in Notes client

Daniel Nashed  19 February 2019 15:29:54

Traveler causing replication/save conflict for invitations accepted in Notes client

This issue can occur for normal invitations and also with *.ICS files that you add to your calendar.

We found out that this is a timing issue between the user interaction and the background processing of the Traveler server.


There are two different scenarios:


a.) Accept an invitation (technically a "notice" document which when accepted is saved as an "appointment".


b.) An *.ICS file which is launched and turned into a "notice" which is than when accepted saved as an "appointment"


In both cases it can happen that the so called meeting ghosting adds a field "ILNT_GhostUNID" into the "notice" document causing a replication/save conflict when the user interacts at the same time.

Calendar ghosting is used to display the invitation as a not yet accepted meeting in a calendar.


Right now the only way to safely avoid this issue is to disable Calendar Ghosting functionality on the Traveler side.

The functionality on the Notes side will continue to work. This just disables the Traveler functionality.


We got the following notes.ini settings for disabling the Ghosting Calendar functionality. You need to disable both!


My support ticket is still open and I will update this blog entry when I get a SPR.


-- Daniel


NTS_IOS_CALENDAR_INITIAL_GHOST=false


Traveler will ghost meeting updates to the Apple iOS Calendar application's calendar even when the initial invitation has not been accepted yet. Ghosting enables you to see the original invitation and schedule change correctly. Applies to iOS 9 or later

The default is true.



NTS_CALENDAR_GHOSTING_SYNCML=false


Allows meeting invitations to be "ghosted" on the Verse mobile client calendar (iOS and Android). Ghosting enables you to see the original invitation and schedule change correctly.

The default is true.



If you are interested in what happens see the details below:


a.)


The user opens the invitation ("notice" document) before the Traveler processes the "notice".

While the user has the invitation open Traveler updates the document and adds the "ILNT_GhostUNID" to it.

The user accepts the meeting and saves turns the "notice" into an "appointment", which causes the replication/save conflict


--> The conflict occurs when the user opens the invitation before the Traveler has processed the invitation


b.)


When an user opens an *.ICS attachment a new "notice" document will be created in the user mail-file an the document will be opened directly in the client.

Meanwhile the Traveler server will see the document and add the "ILNT_GhostUNID".

Afterwards the user accepts the meeting and updates the "notice" to turn it into an "appointment"


--> The conflict occurs when the user is taking "too long" to accept the meeting.


But in this scenario the delay needed is quite short and you have to be lucky!
It will happen most of the time because the Traveler server has a subscription into the mail-files with the notification API and by default checks for new data every 3 seconds.

The only work-around from user side that would be save is:


- Launch the *.ICS File to turn it into a notice

- close the document and wait a while until Traveler processed the document

- re-open it to accept it


We first ran into scenario a.) but it turned out scenario b.) is the one that causes more issues because you have to be either very fast to accept the invitation before Traveler processes the document or use the described work-around.


Replication/save conflicts in calendar documents can cause that appointments are not shown in the calendar even you accepted them and you cannot accept them again because it already exists with the same ApptUNID (internal ID used for identifying an appointment).


IBM Think 2019 Session - Domino on Docker Boot Camp

Daniel Nashed  10 February 2019 12:15:20
Sadly I cannot make it to IBM Think this year.
But I would like to highlight a session where I have some contribution.

Thomas Hampel invited me to work with him on the IBM Docker image and beside contributing my start script I also worked with him on some parts of the Docker script.

We finally ended up adding a kind of "start & management-script" for your Docker containers which is helpful in a stand alone Docker environment if you don't have Docker management tools in place.
It will be part of my start script and added to the IBM Docker script. It will help you to get your Docker images build, created, updated, started, stopped, ..  and you can even directly attach to the Domino server console from the host command-line!

Thomas will show the management part of the Docker project the for the first time in his session.

Everyone who is attending IBM Think 2019 next week in San Francisco, have an interesting and fun conference!

-- Daniel


IBM Think 2019 Session - Domino on Docker Boot Camp

https://myibm.ibm.com/events/think/all-sessions/session/7557A

Wednesday, 10:30 AM - 11:10 AM | Session ID: 7557A
Moscone South, Exhibit Level, Hall D | Data & AI Think Tank E

Docker containerization in Domino V10 has become a powerful tool in the administrator arsenal. Join this session to learn the best practices for bringing Docker into your datacenter or hybrid cloud deployment.

Speaker: Thomas Hampel, IBM


Image:IBM Think 2019 Session - Domino on Docker Boot Camp


    Domino on Docker Requirements and Configuration

    Daniel Nashed  9 February 2019 11:17:06
    A while ago I started into look into Domino for Docker.
    I have contributed my start script under Apache 2.0 license to the official IBM Docker container.

    The first version is already available but we are still not 100% sure about versioning. And add-on product support.
    Currently the GitHub repository contains the Docker script and helper script to automatically build an image on your own environment.

    For license and legal reasons IBM cannot just put the ready to go image into the Docker registry to just pull it down.
    But there easy to follow scripts to get it working. I would still wish that at some point having a official Docker community image at least will be available.

    In addition I am preparing a Docker start script that will do all operations you need to get your Domino server up and running on Docker.
    It will build an own customizable image that will be based on the official IBM Domino Docker image.

    The script will -- very similar to my start script -- help you with all steps in an unmanaged Docker environment, From build, run, start, stop to updating, log collecting and interacting with the container.

    Thomas Hampel (IBM) will present the Docker image and also the Docker start script that we plan to include at IBM Think next week.

    Probably this will be included into the GitHub project either as part of my start script or an extra script.
    My start script already includes a Docker entry script and official Docker support for that reason.

    But beside that there is some other important information that I would like to share.

    There are some requirements that you will need to look into when you want to successfully run Domino on Docker.
    Those requirements did not make it yet into the IBM Docker technote but I want to share them for everyone who is running Domino on Docker.

    -- Daniel


    Domino on Docker Requirements and Configuration

    We have tested creating and running the image with the following environment.
    There are some special settings that you need to successful run Domino on Docker.
    And there have been recent changes to Docker. So you should make sure that you are running a current Docker version.

    Environment

    - CentOS Linux release 7.5.1804 (Core)
    - Docker CE 18.09.0

    - Linux and OSX, Windows is not supported!


    Storage and Driver Requirements

    Overlay2 Driver

    The overlay driver is an important component in your Docker infrastructure.
    There is a newer overlay driver "overlay2" which is required for the overlay file-system used by your container to run properly.

    Here is the official requirement on the Docker side

     https://docs.docker.com/storage/storagedriver/overlayfs-driver/


    But before you can start to change your overlay driver, your file-system needs to support d_type / ftype=1.

    When your file-system is not formatted in the right way, you will see the following warning message:

    WARNING: overlay: the backing xfs filesystem is formatted without d_type support, which leads to incorrect behavior.

            Reformat the filesystem with ftype=1 to enable d_type support.

            Running without d_type support will not be supported in future releases



    You can check if you already have ftype=1 check the following:

    xfs_info /dev/sdb | grep ftype


    naming   =version 2              bsize=4096   ascii-ci=0 ftype=1


    If this doesn't return anything you have to reformat the file-system with the right options.
    The easiest and most convenient way is to create new disk and format it in the right way.
    A best practice is to use this file-system for /var/lib/docker.

    Create a new disk for /var/lib/docker

    To create a new file-system on an additional disk you can use the following command.

    mkfs -t xfs -n ftype=1 /dev/sdb


    Afterwards you can mount the disk via fsstat. Before you mount it you should move the existing data to a different location and and move it back to the new file-system afterwards.

    vi /etc/fsstab
    dev/sdb         /var/lib/docker   xfs     defaults    1 1


    Changing the overlay driver

    Now that you ensured the disk has the right configuration you can change the overlay driver.

    You have to create a new configuration file and add the following configuration.

    vi /etc/docker/daemon.json


    {
     "storage-driver": "overlay2",
     "storage-opts": [
       "overlay2.override_kernel_check=true"
     ]
    }


    Requirements for NSD

    When looking into NSD inside the Docker container you first have to ensure that you have the right packages install.

    You will need the the GNU Debugger (gdb) and also the lsof tools to show open files and handles.

    yum install lsof gdb


    But this isn't all you need. There are missing permissions when your run NSD/GDB inside Docker.

    You have to start it with the following additional settings:

     docker run -p 1352:1352 -p 80:80 -p 443:443 --name docker-name --cap-add=SYS_PTRACE -v notesdata:/local/notesdata -v /etc/localtime:/etc/localtime:ro ibmcom/domino:10.0.0



    Conclusion and Result

    After this change all my file move and remove operations did work!
    The older overlay driver is not really supported any more but it is still the default driver at least in my installation.

    It's not just the driver! The driver depends on features in the XFS.
    You can query the overlay driver type via:

    docker inspect --format '{{ .Driver }}' container_name

    This will show if you have the right overlay2 driver.

    There have been some very odd issues when running NSD if you don't have the overlay2 driver.
    And also without GDB an LSOF is really required. And last but not  least you need to provide the right permissions to have GDB attach to your running processes.


    Be aware of Soundex

    Daniel Nashed  7 February 2019 14:54:49
    We just ran into an issue where I user was removed from the Domino directory and the server had setup Fullname than local part for Mail lookup configured.
    What happened is that the wrong user got the e-mail!

    @Soundex

    Returns the Soundex (the Lotus Notes phonetic speller) code for the specified string.

    The phonetic name can result in the same short "hash" value for multiple names. There are a lot of collisions even for names that are not the same!.

    I can only recommend to stay away from Fullname than Local Part for mail lookups. But if you can't you should be aware of @Soundex.

    @soundex ("nsh@nashcom.de") for example returns N200.

    I opened a support ticket and they pointed me to the following AHA entry. https://domino.ideas.aha.io/ideas/DOMINO-I-548

    IMHO this feature request to allow Soundex to be completely disabled makes a lot of sense!

    -- Daniel

    Domino HTTP Basic Authentication still uses ISO-8859-1

    Daniel Nashed  7 February 2019 04:44:32

    Specially for Mobile devices HTTP Basic Authentication is needed.
    Those devices don't understand login forms and forms based authentication.
    For forms based authentication you can configure which charset to use and most environments should be already setup to use UTF-8.

    For basic authentication there wasn't really a standard and the first implementations used ISO-8859-1.

    I just had a support ticket with IBM double checking about a way to change the charset to UTF-8.

    It's currently not possible and there is an enhancement request:

    SPR # DKENAJTT9G :Enhancement: Non-ASCII UTF-8 passwords don't work over basicAuth


    There is a newer RFC superseding the previous SPR.

    I have looked a Domino idea to have this enhancement request on the radar --> https://domino.ideas.aha.io/ideas/DOMINO-I-570

    -- Daniel

    See https://tools.ietf.org/html/rfc7617 for details.

    Since 2015 there is RFC 7617, which obsoletes RFC 2617. In contrast to the old RFC, the new RFC explicitly defines the character encoding to be used for username and password.
    • The default encoding is still undefined. Is is only required to be compatible with US-ASCII (meaning it maps ASCII bytes to ASCII bytes, like UTF-8 does).
    • The server can optionally send an additional authentication parameter charset="UTF-8" in its challenge, like this:
      WWW-Authenticate: Basic realm="myChosenRealm", charset="UTF-8"
      This announces that the server will accept non-ASCII characters in username / password, and that it expects them to be encoded in UTF-8 (specifically Normalization Form C). Note that only UTF-8 is allowed.

    Shortcut Key Issue Notes Client 10.0.1 G1 Languages - Download on hold

    Daniel Nashed  6 February 2019 18:34:21
    There is a critical issue with the standard client and G1 languages that have just been released yesterday.
    According to this technote the issue is under investigation and the download as have been stopped for now.

    That's all info I have right now ..

    -- Daniel

    https://www.ibm.com/support/docview.wss?uid=ibm10870434


    Shortcut Key issue impacting Notes Client 10.0.1 Group 1 Language release

    Ask the IBM Support Agent Tool
    Flashes (Alerts)

    Abstract

    An defect is under investigation with the Notes 10.0.1 Standard client language releases impacting keyboard shortcut keys that are improperly mapped. While the issue is under investigation, these kits have been put on hold from All IBM Download sites to minimize the impact to customers. This document will be updated as we progress.
    Content

    IBM has received reports and has confirmed an issue in Notes Standard language kits where keyboard shortcuts are not working as expected / mapped to incorrect key combination for that language. Since keyboard shortcuts are a very basic operation, the below kits have been put on hold while we investigate the issue.

    Traveler Sync Issue with more than one device

    Daniel Nashed  5 February 2019 14:24:24

    We ran into a situation where secondary devices not used all the time had missing mails, contacts and events.
    This was a long going support ticket, because it was very difficult to provide data from when the problem initially occurred.

    It turned out that this is caused by a bug in the way the cache worked. The cache is removed after the device is inactive (by default 24 hours) and the next sync when coming back when the device came back was affected by this.

    The fix is in Traveler 10.0.0 and higher. Traveler 10 is the next version after 9.0.1.21 and works on a Domino 9.0.1 server with current FPs (I would recommend using the latest IF for FP10).
    In contrast to Domino 10, Traveler 10 is an incremental release -- even it has some new features. So installing the Traveler 10.0.1 release on your Domino 9.0.1 FP10 server is perfectly OK.

    For some internal reason the fix was not included in the fixlist but the fixlist has been updated end of last month.
    See description of the fix here --> https://www.ibm.com/support/docview.wss?uid=swg1LO93818

    From what we see this does not only happen if the Traveler server was shutdown but also when all devices for an user are offline.

    To figure out if you have the issue, there is a command "DbRecordsCheck"  that you can run on your Traveler server. This check takes a while and goes thru all sync state entries for all users and devices.
    It will tell you which users have missing device records by comparing the table of documents that should be synced with what actually is synced.

    You can also take a dump for an individual user and check the dumped data for missing "DB records".

    Example:
    tell traveler dump daniel nashed

    Check the dump for lines that look like this:

      100000000000181001: ApplDMPT12XYZABC DB record was not found for this device.  LGUID: 100000000035031204 Type: 100000000000000401 (Event)
      100000000035510212: 6978dbc6ffab4180a1e1c7f16d42f70e timeSyncInDevice: 1543308447 (11/27/2018 09:47:27) timeSent: 1543308447
    (11/27/2018 09:47:27) DeviceRecordId: 100000000035031204 tsTaggedForSlowSync: 0 mChangeData: 0 mChangeMove: 0

    But if you want check all your users the db records check command is the right way.

    It comes in two different modes

    1. just check the records and show affected users
    2. check the records and if missing records are identified reset the device


    We took the approach to first check for all users and from the list we took the VIP users and users we know have been on the road and reset them manually.

    Example:
    tell traveler reset ApplDMPT12XYZABC daniel nashed


    The command is either

    Example:
    tell traveler DbRecordsCheck show 2500

    Or if you directly want to repair by resetting the users:

    Example:
    tell traveler DbRecordsCheck repair 2500

    The number is the maximum number of users that should be checked/fixed.

    See https://www.ibm.com/support/docview.wss?uid=swg1LO87614 for reference.

    The result looks like this

    -- snip --

    10.12.2018 12:41:41   Traveler: IBM Traveler Database is checking the records for 2202 accounts...
    10.12.2018 15:02:38   Traveler: 316 out of 2202 accounts were missing records and may need to be reset.
    10.12.2018 15:02:38   Traveler: Command DbRecordsCheck Show complete.

    The error for a user looks like this
    :

    10.12.2018 12:44:08   Traveler: CN=xyz.../O=Acme with account ID 100000000001234567 is missing at least one Traveler database record for a device but not all devices.  The first encountered record to be missing has LGUID 200000000012345678 and was not found


    -- snip --

    The command runs a while (it could be 1 hour or more for 1000 users) and checks one user after another.
    So if you are concerned about resetting too many users at a time, the reset will be spread over time just by the time it takes to analyze.


    Conclusion/Recommendation:

    If you are concerned that you might have this issue, you should do a DbRecordsCheck show first.
    When you have users facing this issue, you should upgrade to Traveler 10.0.1 first and afterwards run the DbRecordsCheck repair command or reset users/devices individual.

    If an user is in a good network location, it will take a couple of seconds to resync a device.
    But you should take care when users are on the road with a slow network connection!



    Notes/Domino 10.0.1 G1 Language Versions available today

    Daniel Nashed  5 February 2019 10:03:24
    I got this question many times in the last weeks.
    Today the G1 Language Versions will be available.


    In my Passport Advantage Account they did not show up yet.
    But a customer reported that he can see and download some of them already.


    PartnerWorld download also shows some of the files.

    It might take a while until all files are available. But they should show up today!

    Update: Andreas posted a detailed list with part numbers and descriptions -->
    https://ponte.ch/blog/get-your-10-0-1-language-packs-with-part-numbers/

    Another Update 6.2.2019:

    Download of some G1 Versions are on hold because of a keyboard local language issue with the Standard client --  Oooops


    See details below

    -- Daniel

    https://www.ibm.com/support/docview.wss?uid=ibm10870434


    Shortcut Key issue impacting Notes Client 10.0.1 Group 1 Language release

    Ask the IBM Support Agent Tool
    Flashes (Alerts)

    Abstract

    An defect is under investigation with the Notes 10.0.1 Standard client language releases impacting keyboard shortcut keys that are improperly mapped. While the issue is under investigation, these kits have been put on hold from All IBM Download sites to minimize the impact to customers. This document will be updated as we progress.
    Content

    IBM has received reports and has confirmed an issue in Notes Standard language kits where keyboard shortcuts are not working as expected / mapped to incorrect key combination for that language. Since keyboard shortcuts are a very basic operation, the below kits have been put on hold while we investigate the issue.


    Notes/Domino 10 FT Index Auto Update

    Daniel Nashed  30 January 2019 08:39:20
    There is a new feature in Notes/Domino 10 which is enabled out of the box.

    When you do a FT search, the backend checks if the index is up to date and will index up to 200 documents before the search is executed.
    If there are more than 200 documents to index, it will queue an update request for immediate action.

    This happens on client and server based databases and the index update is done in the backend where the database resists.

    I really like the feature but on my client with a larger local mailfile (8 GB) this causes some delay in some cases where the dialog was displayed for a couple of seconds once in a while.

    If you have the same experience I would be interested in your feedback (here or by mail).
    Time it takes, how often you see detail, database size, number of documents, version, client/server...

    If this happens too often that you have longer delays you can disable the auto update via notes.ini

    FT_SUPPRESS_AUTO_UPDATING=1 (dynamic on client and server)

    -- Daniel

      Notes Domino Platform - What is Notes/Domino and what is special about it?

      Daniel Nashed  10 January 2019 22:26:42

      In the last couple of month I did workshops with customers to check where they are with their Notes and Domino environment and what they are going to do in the future.

      My part was to explain what Notes/Domino really is and why this is so different than other application platforms.


      Based on my workshop and the presentation I put together a summary. If you want a copy of my German workshop slides, drop me a note.

      The following gives you a high level overview of Notes/Domino which describes the basic architecture and some of the most important core features.

      It is not a complete list of functionality nor describes all the details but it gives you an idea about the concept behind it.


      There is an interesting new Forrester study "The Total Economic Impact™ of IBM Domino" which provides some additional background.

      https://www.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=01022901USEN

      My summary is more a technical summary that gives you an idea about what is great about the platform.
      And this is not including the new exiting new development options introduced in Notes/Domino 10 which we should look into separately.


      -- Daniel



      Introduction


      When Notes was first released most of the core functionality was already in place and the core architecture never had to change because it was from ground up designed in a way that makes it very flexible, robust and secure.


      Looking into the first memorandum written by Mitch Kapor you can already see the most important aspects and the core idea behind Notes -->
      https://app.box.com/s/lv7lm64d1gbvkwyzxdct9sqzavot2mh6).

      Later there was a very interesting book published by Lotus Oktober 2000 which is still available. It describes the architecture and core components in a way, which has never been published before or after.

      The foreword already describes the core idea behind the product in a few words.


      „In 1989 Lotus Notes® made the world a little smaller.
      Since its first release, Notes™ has enabled teams of people to work together, even when separated by great distances or when individual contributions are made at different times.
      .. Notes continues to evolve innovative, new capabilities that support its initial core concept: Collaboration made possible through shared, secure, online databases."

      (Source :
      http://www.lotus.com/ldd/doc/uafiles.nsf/docs/inside-notes).

      Today we are used to work in shared teams in different countries and timezones but when Notes was first designed there wasn't a wide spread network that everyone could use.

      I recall the times where our servers had modems and later ISDN cards to communicate. Times changed but the concept behind it is still modern and very powerful.

      And when it comes to an integrated, rapid application development platform there is stil no comparable product on the market.



      What is IBM Notes


      When we look into the basic concepts behind Notes/Domino we see a  very flexible, document oriented. none-relational databases system (today you would name it "NoSQL").


      It is a Rapid Application Development & Deployment platform with integrated development and run-time environment.


      Lotus integrated email/calendar functionality into the base environment on same infrastructure and APIs

      Thus extendibility, customization of functionality and design is part of the core product.


      Notes and Domino has support for @Formula, Lotus Script/Com, Java, Javascript and C.

      This includes integration options like own servertasks or even Extension Managers, client extension points

      All of this has been designed into the product since day one.


      The application is document centric with flexible fields and field types per document (including Richtext and MIME).

      So you can have any number of fields of any type in any document. There is no fixed structure that limits you to a certain structure.


      It is not the best choice for large number of often changing records/documents that have more relational structure.

      But you can integrate via ODBC, JDBC and today with flexible Web-Services/REST services.


      Notes/Domino separates UI/Design/Code and Data which is also still a modern approach.

      Leveraging simple but very flexible and powerful architecture: e.g. "forms, views, folders, agents" you can write and extent applications flexible and in rapid application development style.


      The NSF storage (Notes database) holds the design and data at the same time. Both use separated but very similar "note-types" in the database.
      This makes easy to replicate among servers and clients. And this also helps to maintain the design leveraging "templates".


      Notes/Domino supports XML since Version 5 and allows to export/import documents and also design elements!


      The own client/server communication protocol "NRPC" allows transparent client/server access which allows you to work with the same database either on-line on a server or on a local instance "replica" of the database.

      For that reason Notes/Domino has build-in replication for Notes databases between clients and servers with full local support for databases.


      At the time Notes was first releases there wasn't any central directory.

      So Notes/Domino invented an integrated directory containing information for users, groups, servers and other information.

      Domino was one of the first products to support external access and sync via LDAP. And there are also other interfaces to access directory data.

      Today integration with central directories like Active Directory is important. There are multiple options to integrate and sync and also for Single Sign On (e.g. SAML or Kerberos).


      Out of the box you can open, edit and save back attachments with external applications like Office and other applications in any document.
      In addition the Notes client offers optional MAPI support for Office applications for mail integration for local applications.


      One feature that has been taken for granted by many users and developers is the integrated, performance optimized full text index for server and also local databases!

      You can use it in any database and you can use it on Lotus Script. Java and also C-API level!


      The tight integration with email and the private public key infrastructure allows to build flexible work-flow applications where you can digitally sign documents.
      Tight integration means that all functionality is available in one application in contrast to other applications that need separate products to implement comparable functionality -- if other products support the same functionality at all.

      In many cases you end up having multiple other application platforms depending on the solution you choose.



      Development Platform


      Since Version 8/8.5 Notes integrates with the Eclipse development and run-time environment.

      This offered new integration points and application options while keeping all existing functionality from the C/C++ application platform.

      At the time it was introduced this was a good idea. But using Eclipse was quite challenging specially from performance point of view.

      Today we see a move away from this integration and we will probably see other client options soon.


      The development platform (Admin/Design Client) has low footprint on normal desktop with local or server based applications.


      One simple but very powerful part of the application platform is the formula engine which can be used in forms, views and folders to calculate information that is displayed or stored in the application.

      This is is comparable to the @formula uses in spread sheet applications (no wonder looking into the roots of the inventors working on Lotus 1-2-3, Lotus Symphony and earlier products).


      This is on one side a very simple but also a powerful and very effective way to process and present data.



      Full Upward Compatibility


      From the very beginning Notes was design to be upward compatible!

      So all functionality remains supported in a newer version without much modification needed.


      A new version might come with a new On Disk Structure (ODS) which brings new database back-end functionality.

      Clients and servers encapsulate the ODS details for the local NSF so even earlier clients can access servers with later versions.


      Once you updated the client and server code you can simply update the ODS with standard tools/maintenance compact servertasks.

      Updates -- even major releases -- are simple without data migration or export/import!


      Custom applications usually work without or with little modification on new major release.

      Standard unmodified applications are "just" updated via updated templates by the standard design servertask.


      The client UI is consistent cross versions, even when new functionality is added.


      But on the other side this means UI/design enhancements for your existing applications and application maintenance is often neglected because everything just works.

      In fact many applications worked for years without any change. That's why nobody touched them even for UI modernization.



      JVM Support


      It took quite a while until IBM decided to implement JVM 1.8 in Domino and they implemented just in time before Oracle stopped supporting JVM 1.6.


      But  we now have JVM 1.8 support since 9.0.1 FP8 (runtime) 9.0.1 FP10 (compile time)

      An IBM JVM Team provides JVM based on Oracle JVM which is updated in every FP to the latest version available.



      Notes/Domino Security


      Flexible databases access with multiple levels is integrated part of the database design since day one.


      - Manager/Designer, Editor/Author, Reader, Depositor with additional roles

      - Access on document-level with simple but effective mechanisms like Reader/Author fields with names, groups and roles

      - Encryption on field/document level and local database level

      - Execution Control List (ECL) for detailed controlled for signed application code!
      - Integrated Public Key Infrastructure (PKI) document/email encryption based on RSA technology

      - Native S/MIME integration (public certs need deployment process, most customers use gateway encryptions)


      - Certificated based authentication via Notes.ID

      - Access via Certificate and optional password checking

      - Since Domino 8.5 simplified Notes.ID management via "ID-Vault"


      - HTTP via user/password with native SSO (LTPA token, also used in other IBM products)

      - Optional Authentication via X.509 Certificate

      - Optional Authentication with SAML 2.0



      Current Encryption Standards


      - HTTP/ SMTP, LDAP, IMAP, POP3 use current encryption like

      - TLS 1.2 with ECDHE Ciphers (since 9.0.1 FP4) and SHA256 certificates
      - SSL-Labs „A“ Rating


      - Notes NRPC Port Encytion (9.0.1 FP8)

      - Encryption using AES-128 CBC /  AES-128 GCM / AES-256 GCM / RC2-128

      - Ticket Algorithm HMAC-SHA 1 - HMAC-SHA 512 (Default: HMAC-SHA 256)


      - Notes data encryption AES 128 or AES 256



      HTTP/HTTPS Support


      Any database can be presented in web. Web representation with current technologies for example via XPages "Responsive-Design" with responsive design, infinite scolling etc


      - Hybrid applications with Web/Notes Client/mobile access


      - New modern web interface for mail.

      - Verse on Prem (VOP) does currently use a simple add-on installer and leverages the existing infrastructure


      - REST Interfaces for read/write with specific rest services for mail, calendar etc

      - Strategic use of REST with Open Standard documentation with new functionality in the latest Feature Packs



      Domino 64bit Support


      Domino supports native 64bit on all platforms.

      64bit has benefits specially in virtualized environments because it allows better optimization if all components leverage 64bit architecture.

      Larger memory support is also helpful for special applications servers like Traveler, specific HTTP work-loads or the IBM Enterprise Integrator.


      Domino as an application usually does not need more than 4 GB RAM for a normal server configuration.
      IBM put a lof of energy into I/O optimization. There fore not more RAM is needed by the application.

      You would still can benefit on larger memory configurations where the OS will leverage the file-system cache (specially in virtualized environments).

      But the existing code is performance and resource optimized and does not need more RAM on it's own like other applications do.



      64 GB Database Limit


      64 GB remains the physical limit of a Notes/Domino database

      But there are many options to optimize databases to either

      a.) reduce the storage needed
      b.) move some data outside the physical NSF file


      Document Design/Compression → Reduces Design and Document data (everything that is not Index or attachment) up to 50%


      DAOS (Domino Attachment and Object Services) = External Storage for "attachment" data (database objects are move to the DAOS storage)
      Leveraging DAOS officially supports 1 TB per NSF database. Usually for mail-databases attachments would cover 70% of the mail-data.


      NIFNSF = Put view/folder index to a separate file (.ndx) → Maximum size of the .ndx file: 1 TB!


      So when leveraging those technologies the physical limit of the NSF does not matter any more on server level.

      In addition a single NSF file would only hold data for a single mail user or a single application. So the 64 GB is per Notes NSF.


      On client side the 64 GB limit still applies because the optimization is not available in Notes 9.0.1.

      But on the other side more than 64 GB of data in a single application on client side might not be the best idea.

      Domino offers integrated archive functionality which would help to reduce data on the archive mail database or other application databases.


      For Notes/Domino 10 the maximum physical database size is increased to 256 GB.


      Database Optimized Storage


      Leveraging Database Compression, DAOS and NIFNSF also helps your to optimized performance and helps you to reduce storage and backup space dramatically!


      With Document/Design Compression you save additional storage space.

      It is transparent to the application with up to 50 % of data and design reduction just by enabling the feature via standard compact


      DAOS


      Domino Attachment and Object Services (DAOS) moves attachment data to a central store with one file per attachment (configurable threshold usually 256 KB generating NLO files with the attachment) where it is stored deduplicated.


      In addition to deduplication and NSF data reduction you can store data on a NetApp or other technologies which allow deduplication on storage container level to further reduce storage needs.

      DAOS also allows to reduce backup costs leveraging online, incremental backup. The NLO is only stored and backuped once per server!


      NIFNSF


      A quite new feature introduced in Domino 9.0.1 Feature Pack 8 allows to store the index in a separate file for performance reasons and also to further reduce backup costs.

      The separate file on disk allows optimized locking and the NIF index does not need to be backuped.



      Domino Clustering


      Application level Active/Active Clustering with separate, independent server instances with separate storage

      No SAN mirroring or special storage environment required.


      The Notes Client is "cluster aware" with automatic fail-over and fail-back


      A cluster replicator servertask is used for almost real-time replication.


      Downtime is minimized downtime because maintenance is performed on each server separately and Domino clusters are operating completely independent!

      A single databases can also be taken off-line. The key here is that Domino as a "service" is hight-available and the individual servers can be down for planned maintenance.



      Domino Transaction Logging/Backup


      Transaction Logging is fully integrated into Domino NSF infrastructure since Domino 5.0


      Ensures database consistence and performance for each NSF file.

      Fast restart without fixup after failure (similar to journal file-system on Linux).


      Translog functionality has been derived from DB2 functionality.


      Dedicated backup API interface used by 3rd parties for on-line backup without downtime

      Full backup/Incremental backups with Point in Time recovery per NSF file



      Notes Domino Diagnostic & Fault Recovery


      Outstanding, fully integrated diagnostic functionality for crash, hand, memory leaks etc.

      NSD (Notes System Diagnostic) provides detailed diagnostic information for IBM to pinpoint and fix issues.


      Fault-Recovery provides fast restart after server crash

      Automated diagnostic collection (ADC) after restart collects diagnostic data from client or server.



      Mobile Mail/PIM Access


      „Mobile First“ is one of the important IBM strategic goals.


      IBM Traveler as a separate, easy to install solution leverages the standard Domino server stack.


      Mobile access via iOS, Android, BB10 for Mail, Calendar, Contacts (and Todo)

      Native Verse Client (App) for iOS and Android via SyncML

      iOS Mail App Support via Active Sync

      BB10 Support via Active Sync



      My Conclusion


      Today mail is commodity. Notes and other products support similar features compared to other platforms.

      Replacing Notes as a mail-platform alone does not provide much benefit and has migration risks and costs.
      Specially coexistence during the migration or with existing applications can be tricky.


      The key benefit for Notes/Domino as a platform is unmatched rapid application development.

      There is no easy way to migrate applications and if you end up replacing just part of the applications you have to support and pay for both platforms for a longer time period.


      Alone the full integration of application with mail, calendar and contacts and workflow functionality is difficult to replace by one single product.

      Customers migrating most of the times have to move applications to multiple platforms and write new applications.


      Notes/Domino is stable, integrated, performing, high available platform.


      It has good TCO as an application platform compared to other platforms. There is no single platform providing all functionality used by customers today.


      In addition today offers Domino REST APIs to be more flexible and used in a micro-services landscape and can be even better integrated with other enterprise applications.

      Archives


      • [IBM Lotus Domino]
      • [Domino on Linux]
      • [Nash!Com]
      • [Daniel Nashed]