Daniel Nashed's Blog

My personal thoughts about keeping OS and Domino versions up-to-date

Specially for Domino admin and mail servers upgrading to a later Domino version should not be complicated (unless you have backup or anti-virus dependencies specially on Windows).
I can understand that updates of application servers might take some time.

But staying on older Domino releases like 12.0.x always comes with a risk. No vendor can back port all add-on component new major versions to older code streams.
A dependencies like Java 11 for Tika 3.x where Domino 12.x still is running on Java 8 can't be simply solved if the vendor of the add-on software does not provide a fix of the add-on component of the code stream needed.
If like in the current case Apache Tika does not provide a patch for an older version (which is already out of support) and the new version depends on a newer Java version, the "upstream tool chain dependency" will hit us.

Running on older releases always comes with risk.HCL has quite a number of code streams in support. Plus offers extended support for older versions -- which gives you the chance to stay on an older version if you really have to.
But I would also see all of us admins being responsible to move to later code streams if possible.


GDPR

GDPR by the way implies that companies do what is feasible to protect customer data. This also means being up-to-date with OS and application releases.
I am not saying you have to be on the latest code stream. But today 14.0 with the latest fixpacks is a best practice form security point of view.


Domino Auto Update

Domino 14.0 introduces the first phase of Auto Update to automatically deploy software to install.
Domino 14.5 introduces true Auto Update functionality for Domino on Windows and Linux.
It has been introduced to allow customers to keep their environments patched to the latest version from security and functionality point of view.


Operating system choice and version

Domino is cross platform since the early days and there is a flexibility of choice also today (Windows/Linux/AIX/OS400).
I would personally like to get Domino on ARM supported -- but that's a different story.
But it is impressive how cross platform the Domino code base is on server side.

IMHO Domino on Linux is the better choice than running on Windows for multiple reasons:

• Security
• Performance
• Resource usage
• Operational costs
• Maintenance (like patching)
• Automation
• Independent from one large operating system vendor

I have spent a lot of time making Domino on Linux easier to deploy manage than on Windows.
Today Domino on Linux is the best choice unless you have special requirements which requires Windows.

For admin and mail servers I would not see any reason to not move to Linux.

Still HCL Domino gives you the flexibility of platform choice and both Windows and Linux are valid platforms.
But if you have Linux available as a platform in your company, running Domino on Linux is really a recommended combination for the reasons stated above.

Domino on Linux will also be the base for the new Domino Workspace Sovereign Cloud offering for exactly those reasons.

HCL does also allow you to run Domino on the Linux Enterprise version of you choice -> https://opensource.hcltechsw.com/domino-linux/
You are not limited to the two main enterprise vendors.

Some of the distributions like Ubuntu offers a free Linux distribution and commercial support if needed.
But also Redhat and SUSE have free options which are based on the same or very similar code bases if you prefer a free Linux distribution and get Linux level support from a local partner.

Ubuntu for example is a very interesting platform for two additional reasons

• In place major release updates (which by the way also work on client/desktop side)
• ZFS support (which would deserve a separate blog post)

---

I am not saying you have to migrate all your environments to Linux. But it would provide a lot of benefits and is even easier to manage today with the tooling the Domino Linux Start Script project offers --> https://nashcom.github.io/domino-startscript/
This includes an installation and run-time menu driven environment which makes it easy to install, manage, operate and update Domino on Linux.

In case you are having a container strategy, the container project is providing an even easier path Domino on Linux --> https://opensource.hcltechsw.com/domino-container/.


Keep your operating system update to the latest version

No matter which platform you choose, HCL always stays up to date with operating system support.
Each new enterprise version will be looked at as soon it is available.

One recent addition was Windows 2025 and Redhat Linux 10.
Support most times happens as soon the next fixpack of a code stream ships.

If you are still on Windows 2016 or earlier, it would be time to move up -- even you are on Windows extended support.

The next enterprise platform updating to a new major version will be SUSE updating to SUSE enterprise 16.0.
I took a quick look into the components and there are no surprises from Kernel nor glibc level.

In contrast to the just releases Debian 13, which comes with a very recent glibc which needs a newer OpenJDK version, which is planned to ship with Domino 14.5.1 next year.


My Conclusion

When it comes to security all components in your stack matter. Different application versions have different OS level version support and add-on requirements like Java.
Staying up to date is important for all components of your stack.

• Comments [1]