Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

LotusTraveler 8.5.2 First Look

Daniel Nashed  2 May 2010 12:35:09


I have been using the beta releases of Lotus Traveler for a while and we got the OK to blog about what is currently planned for 8.5.2.

Disclaimer: The IBM Lotus Notes, iNotes, Designer , Domino and Lotus NotesTraveler 8.5.2 features referenced/presented here are currently in beta and are not guaranteed to be in the final shipping product. IBM reserves the right to change product content prior to ship.

Linux Support for Lotus Traveler

Many customers have asked for Lotus Traveler Support for Linux. IMHO Linux is one of the most popular platforms and is also often used inside a DMZ for security reasons.
The installation is almost as easy than what we are used to on the Windows side and Traveler works exactly the same on the Linux platform.
This new option will allow many more customers to implement Traveler in their environments :-)

No additional push port required for Windows Mobile and Nokia S60

All supported mobile devices are now using the same standard http/https connection and there is no additional port needed any more.
That's great news for customers with very strict firewall rules and paranoid firewall admins.
On the other side this means a higher load on the HTTP task and that you have to increase the number of worker threads now also for Windows Mobile and Nokia S60 users.
But in current customer deployments It worked well also for larger number of iPhone users once you increased the number of HTTP work threads (because of the long going http request used for the "push functionality").

Support for Security Policies for iPhone

The security settings for devices have now be split into one tab per Device. This is important because there are specific settings per device type (see below).

In previous versions you had to customize the template used to create the Apple profile that is created for each user when you register your iPhone with the Travler server.
For iPhones we now have options to enforce security. Those settings are pushed to the phone via ActiveSync and the device profile contains information if those settings have been set successfully.
When you push the settings to the device the user is prompted for example to add a password with certain security level. The dialogs provided by the iPhone really look great (even my mom would know what to do).

Here is what you currently can configure using the iPhone policies

There are separate settings for password strength (length, alpha chars, complex chars) but in most cases users will not like to type in a complex password anyway.
In my tests a 4 digit numeric password is what you can type in quickly and which does only show the simple 10 digit dialog. If you specify a more complex password the iPhone will show the full keyboard when prompting for the password.
You can reduce the auto-lock time and the user can only set it to a lower level than what you specify.And you can also enforce periodic password change with password history.

Beside enforcing to use a password setting the wipe option for wrong passwords is the most important option. Without this setting a simple pin password might not be a good idea.

In addition you can ensure that only encrypted iPhones (3GS and above) can sync and you can ensure that only devices that meet the specified security policy can sync (for example if you use an iPhone with older OS release or a different device implementing an older ActiveSync protocol version).

A last point that might be important for some companies is the option to disable the camera of the iPhone. But this will just hide the camera application. You can still use other applications from the App store to take pictures (this is more a iPhone limitation than a Traveler limitation and you might need to find a hardware solution to completely disable the camera if needed).

In combination with the remote wipe (already available in the 8.5.1) those security settings should be fully sufficient for most customer environments.
Other settings like disabling the App store can be still set thru a customized Apple profile that you roll out to your users but in most cases users will hate you anyway if you put those kind of restrictions on their iPhones ;-)

IMHO this is a great step ahead to bring iPhones into corporate environments.
Thanks to the Traveler team for those great new features! Great job! I said it before and I say it again... You rock!


One side not about pushing device security settings to your devices

I would recommend to use the LotusTraveler.nsf to apply settings to your devices because using policies you need to upgrade your primary Domino Directory always to the latest release and the policy settings are pushed to the traveler profile in each mail database. It takes a while until those settings become effective and it is more difficult to separate Traveler administration from Domino administration.
The same config settings settings are always available in the Travler database (LotusTraveler.nsf) and you can build groups for your users independent from your policy structure.
The changes are pushed almost immediately to your devices.

-- Daniel




 
Lotus Traveler Device Settings : Default
 
Assignment
Default Device Settings Assignment
Include users:Daniel Nashed/NashCom/DE
Exclude users:

Archives


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]