Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

LotusTraveler 8.5.2 First Look

Daniel Nashed  2 May 2010 10:35:09


I have been using the beta releases of Lotus Traveler for a while and we got the OK to blog about what is currently planned for 8.5.2.

Disclaimer: The IBM Lotus Notes, iNotes, Designer , Domino and Lotus NotesTraveler 8.5.2 features referenced/presented here are currently in beta and are not guaranteed to be in the final shipping product. IBM reserves the right to change product content prior to ship.

Linux Support for Lotus Traveler

Many customers have asked for Lotus Traveler Support for Linux. IMHO Linux is one of the most popular platforms and is also often used inside a DMZ for security reasons.
The installation is almost as easy than what we are used to on the Windows side and Traveler works exactly the same on the Linux platform.
This new option will allow many more customers to implement Traveler in their environments :-)

No additional push port required for Windows Mobile and Nokia S60

All supported mobile devices are now using the same standard http/https connection and there is no additional port needed any more.
That's great news for customers with very strict firewall rules and paranoid firewall admins.
On the other side this means a higher load on the HTTP task and that you have to increase the number of worker threads now also for Windows Mobile and Nokia S60 users.
But in current customer deployments It worked well also for larger number of iPhone users once you increased the number of HTTP work threads (because of the long going http request used for the "push functionality").

Support for Security Policies for iPhone

The security settings for devices have now be split into one tab per Device. This is important because there are specific settings per device type (see below).

In previous versions you had to customize the template used to create the Apple profile that is created for each user when you register your iPhone with the Travler server.
For iPhones we now have options to enforce security. Those settings are pushed to the phone via ActiveSync and the device profile contains information if those settings have been set successfully.
When you push the settings to the device the user is prompted for example to add a password with certain security level. The dialogs provided by the iPhone really look great (even my mom would know what to do).

Here is what you currently can configure using the iPhone policies

There are separate settings for password strength (length, alpha chars, complex chars) but in most cases users will not like to type in a complex password anyway.
In my tests a 4 digit numeric password is what you can type in quickly and which does only show the simple 10 digit dialog. If you specify a more complex password the iPhone will show the full keyboard when prompting for the password.
You can reduce the auto-lock time and the user can only set it to a lower level than what you specify.And you can also enforce periodic password change with password history.

Beside enforcing to use a password setting the wipe option for wrong passwords is the most important option. Without this setting a simple pin password might not be a good idea.

In addition you can ensure that only encrypted iPhones (3GS and above) can sync and you can ensure that only devices that meet the specified security policy can sync (for example if you use an iPhone with older OS release or a different device implementing an older ActiveSync protocol version).

A last point that might be important for some companies is the option to disable the camera of the iPhone. But this will just hide the camera application. You can still use other applications from the App store to take pictures (this is more a iPhone limitation than a Traveler limitation and you might need to find a hardware solution to completely disable the camera if needed).

In combination with the remote wipe (already available in the 8.5.1) those security settings should be fully sufficient for most customer environments.
Other settings like disabling the App store can be still set thru a customized Apple profile that you roll out to your users but in most cases users will hate you anyway if you put those kind of restrictions on their iPhones ;-)

IMHO this is a great step ahead to bring iPhones into corporate environments.
Thanks to the Traveler team for those great new features! Great job! I said it before and I say it again... You rock!


One side not about pushing device security settings to your devices

I would recommend to use the LotusTraveler.nsf to apply settings to your devices because using policies you need to upgrade your primary Domino Directory always to the latest release and the policy settings are pushed to the traveler profile in each mail database. It takes a while until those settings become effective and it is more difficult to separate Traveler administration from Domino administration.
The same config settings settings are always available in the Travler database (LotusTraveler.nsf) and you can build groups for your users independent from your policy structure.
The changes are pushed almost immediately to your devices.

-- Daniel




 
Lotus Traveler Device Settings : Default
 
Assignment
Default Device Settings Assignment
Include users:Daniel Nashed/NashCom/DE
Exclude users:

Comments

1Daniel Nashed  03.05.2010 17:45:07  LotusTraveler 8.5.2 First Look

a VMware image should make no difference for Windows and Linux. It should just work with no difference.

And Traveler servers don't have a high utilisation in most cases anyway so performance should not be a big detail.

I am running my Taveler on a XP host using VMware server with a XP guest OS with 8.5.2 current beta and it works like a charm with no difference.

Actually my Traveler server also uses dyndns and a dynamic IP ;-) not that this is supported but it works great as long my Linux based mail-server has a static IP and is hosted at an ISP.

Of course that combination is not supported at all :-) But with VMware ESXi you would be on the save side.

-- Daniel

2Jack Dausman  03.05.2010 18:09:41  LotusTraveler 8.5.2 First Look

This is terrific information. Having it work on Linux is a big assist. Any thoughts about running it in a VM ?

3Ulrich Krause  04.05.2010 4:52:15  LotusTraveler 8.5.2 First Look

>> That's great news for customers with very strict firewall rules and paranoid firewall admins.

And not to forget customer sites ( like ours ) that run a reverse proxy. I tried to get it to run for about one year or so, but it was impossible to get the traffic thru port 8642 without totally messing up the data stream.

I have tested now with the latest codedrop and my Nokia now works as expected.

4Jens Bruntt  04.05.2010 7:41:20  Any news on the Android client?

Thanks for the update. I will definately shut down my Windows-based Traveler server and put up a CentOS-based one instead when it gets to be publicly avilable.

Have you had a chance to get your hands on the Android-based Traveler client?

5Daniel Nashed  04.05.2010 17:32:24  LotusTraveler 8.5.2 First Look

CentOS will not be supported but because it is quite similar to RHEL it might work.

As far I understood the Android client is on the list but not yet in the beta.

But that is typically for the Traveler team. They will only put stuff into the betas once they are confident they work.

Android support was on the list for 8.5.2 at Lotusphere and it is still on the list but it is not confirmed nor in the current beta.

-- Daniel

6Detlev Poettgen  07.05.2010 9:13:51  LotusTraveler 8.5.2 First Look

Hi Daniel,

there is one great and most important difference between the Traveler Device Setting in the LotusTraveler.nsf and the Domino Traveler Policy Settings.

The Device Settings are only default values! You are not able to enforce the settings in 8.5.1. A user can change them on the device. In most cases like document size settings this is not wanted. Deploying these settings via Policy will prevent users from changing the settings.

7Torben Volkmann  09.05.2010 16:20:17  LotusTraveler 8.5.2 First Look

I hope that the Traveler will work on CentOS, too. Like the Domino itself ;-) Even if it's not supported.

8Daniel Nashed  10.05.2010 12:50:48  LotusTraveler 8.5.2 First Look

@Detlef, you are right about the general settings and the filter options in the policies and as dicussed offline it would be great if we would have the exact same options in policies and the settings documents including how they apply. the policy settings can be locked down the settings in the LotusTraveler.nsf currently are not enforced.

But for the iPhone settings the settings that apply to the iPhone (the filtering and the settings what to sync does currently not apply for the iPhone) the settings are exactly the same. When you set a password policy or one of the other security preferences they are enforced. I think this is not really consistent and I hope this is going to be changed in future. Both should do exactly the same for all settings.

-- Daniel

9Robert Thresher  11.05.2010 19:11:54  LotusTraveler 8.5.2 First Look

Fantastic, Traveler on Linux. This is such good news. I hope they release it for SuSe and Ubuntu. We use Droid in our little shop. Have you heard any thing about Quickr, will this continue only as windows?

10Daniel Nashed  19.05.2010 8:57:36  LotusTraveler 8.5.2 First Look

@Robert, it will only officially supported on the supported Domino on Linux releases but the chances are good that it will run on Ubuntu without any problem. But it's unsupported. No idea about the plans for Quickr.

-- Daniel

11Paul Harper  03.08.2011 6:07:51  LotusTraveler 8.5.2 First Look

What happened to "Linux Support for Lotus Traveler". Is it still in the pipeline. I would love to see Lotus Traveller for my Ubuntu Netbook.

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]