ID106 - Notes & Domino Archiving: Offerings and Roadmap

The need for archiving is currently driven by 4 factors:

1. Reduce storage size of mail
2. Legal compliance and eDiscovery
3. Collection of Enterprise Content from other systems
4. Line of Business application optimisation

IBM currently offer 3... well, 2 methods for archiving:

Domino server based archives, which will continue to be available but are being de-emphasised;
IBM's Common Store product, which is being retired; and
IBM Context Collector, which replaces CommonStore, Email Manager and Records Crawler into one unfied system.

There are also plenty of 3rd party products out there.

Mobing forward, they intend to push more on personal (user) e-mail archiving, and support for a platform agnostic Enterprise Content Management framework that any vendor can hook into.

For the user side, they recognise that the current archiving system in Notes is difficult to use, even more difficult to find and doesn't always work. They presented a "vision" for the future of user archiving. They call it a vision, but it was really a narrated story with some concept screenshots which were literally mocked up with pencil and paper.

In summary, they're moving to have roll-over nsf file archives for the user (rollover is date or size-based, and is automatic). Archived messages will leave a stub message in the main mail interface, and the message searching window will contain a checkbox to enable searching of archived mail. Whilst archiving will continue to have a scheduled process, the user will be notified if the schedule is missed due to the machine being powered off. The user will also be able to restore the message from archives easily from a link in the message stub.

Some of the features may be available in a point release for Domino 8.5.x, but most won't be around until "Domino 9 or beyond", they say.

Notes Client on Citrix

This session, far from being what I expected (a hands-on this-is-how-we-do-it) was mainly details of how version 8.0.2 runs much better on Citrix than the previous version (which, it's generally agreed, was awful)

They recommend Citrix XenApp 5.0 to get it working, and there's a few tweks with disabling Windows services and tuning the Anti-Virus software to imporve performance.

They did a lab test of server loading, and managed to get up to 145 clients connecting per (2 x quad core cpu 64 bit server with 32Gb RAM) server. They tested with 32 bit vs 64 bit servers, dual vs quad core and differing RAM and explained where the bottlenecks seemed to be on each configuration.

I did ask the question about what load each user was doing and it was only email, calendar and writing a document in embedded Symphony.

Personally, I'd think that ocne you add the other server overheads (presentation server, SQL back end, WAN accelerators, load balancing servers, etc.) that you'd need for a production level environment, 145 users on such a grunty server doesn't look like that much of an acheivement just to get mail and calendar. After all, if you gave the users the newer browser-based iNotes client, they'd get virtually the same experience of a no-footprint client and you'd scale far more users per server.

INV 102 Future Directions for IBM Lotus Notes and Domino Products

I know that there are a lot of blogs around Notes 8.5 that have been posted, however, here is mine on IBM's future direction on Notes domino 8.5 and beyond. Having have chance to chat with some of the experts, I do get an impression they are investing resources into the product to make it even better. As solid as the R8.5 product, IBM is raising the bar to make it even more stable and powerful. Here are just some highlights that was taken away from the session.

Notes Focus for 2009
Cold startup time improvement from v8.0.1 to v8.0.2 > 7% improvement to 8.5
warm startup times
general responsiveness
memory improvements
Mac support with notes 8.5
Drag/Drop of text within the rich text editor
offline support activities
choose for multiple addresses for a person in type ahead
inotes improvement
forward contact as vcards
roaming user available with new file-based options
support of lotus notes id vault with lotus notes share login
mac and linex support
ability to view the views like a pim view
calendar federation

Notes Share login
notes id vault
document compression
lz1 compression inside database
domino attachment
router enhancement
domino configure tuner
DAOS I+O improvement
domino designer enhancements.
xpages

BP305 - The document format dance

This session went over the various differences betweed ODF, OOXML and PDF formats.

At the heart, all three are XML driven and all are ISO standards. PDF is the clear winner for read-only content and archiving, and there's no reason why it shouldn't be adopted straight away.

For editable content, there is currently no clear choice between ODF and OOXML, and most programs do, or soon will, support both.

The speaker suggested that OOXML has a lot of support in the US, being Microsoft sponsored. ODF is the preferred format in Europe at the moment, so it could end up with ODF being the de facto standard for non-US companies.

Microsoft, of course, support the ECMA stardard OOXML, but not the later ISO standard (there were some alterations) and support for that won't come until Office 14. Interestingly Apple's iPhone editor also uses OOXML.

Lotus Symphony uses ODF, as does OpenOffice/Star Office as well as Google Docs.

So, the key take-aways from this is to use PDF for read only stuff, use XML where you can and ultimately keep your options open either way.

BP206 Domino Health Check

IBM recommends that a Health checks should be done on a regular bases, but the best time to do a health check is when a new project is about to the implemented. This ensures that the environment is healthy for the new project.

Good practices that IBM recommends are all currently being used by Mars IS. Examples: Document repository, change controls, and User community acceptance.

New for Mars IS:

One great tool that was release 2 weeks ago is called Domino Configurator Tuner (DCT) that could assist EUT Operations/Development obtain gauge on the domino server health status. The DCT evaluates server settings according to a growing catalog of best practices. All servers in a single domain can be evaluated together. DCT generates reports that explain the issues DCT uncovers, suggest mitigations, and provide references to supporting publications. This free tool is like having an IBM expert at our fingertips checking the server health and providing feedback for us to fix critical issues before they occurs.

Click here to download a Full version copy now: This product will only support Notes Client 7 or higher:

http://www-01.ibm.com/support/docview.wss?uid=swg24019358&rs=0&cs=utf-8&context=SWA00&dcÔ00&q1=dct

ID211 - Executing a security assessment of Domino

We all know I'm not usually one to prattle on about security, so I'll make this one brief.... :-)

The majority of the session was about patterns in hacking recently and things to watch out for. They're telling us that due to the current economic climate, security is becoming more important because:

• Desperate times breed desperate people, and if people need money they may see an economic incentive.
• Higher rates of staff turnover/reduction at companies may lead to higher numbers of disgruntled people whom have inside knowledge of systems
• Staff changeover in companies without proper change control in place may lead to an administrator leaving and their replacement thinking patches, etc. have been done when they haven't.

So, what are the hackers up to? Leaving the script kiddies aside, there's a general, iterative procedure that a professional hacker tends to follow, being:

1. Recon - investigate the system and find out as much as they can, determining internet points of presence.
2. Probe & Attack - check for open ports, WiFi sidejacks, open file shares, anonymous access
3. Gain toehold - get low level access as an anonymous or standard user in unobtrusive manner, social engineering attacks, etc.
4. Advance - use the towhold position to attempt buffer overflows, injection attacks, weak passwords
5. Stealth listening - consolidate their position, cover the tracks, look for further opportunities for privelige escalation, packet captures, etc.
6. Takeover - own the system via a rootkit, download data or use system as a launching place for attacks on other systems on the network or internet.

One of the particular things they mentioned to crack down on is open file shares. Having access to the file system would allow the attacker to download nsf files, or the address book. Having access to the ID files is a particular risk, because they can be downloaded and subjected to an offline attack. Certificate ID file too, because that could be attacked and used to certify a new admin.

INV112 - Using a Virtual Microsoft Desktop Alternative

The underlying message of this session was about the stranglehold that Microsoft have on the desktops at the moment, and how it's become less necessary.

Presently, the documents people are creating are tied to Microsoft's Office suite. That, in turn is chained to the Windows operating system, which is linked to the desktop (via OEM or otherwise). A major upgrade of any one of these components usually triggers an upgrade of the others. ie. Wanting to upgrade the office suite usually means upgraded harware, and therefore an OS upgrade too.

At the Office level, the way to decouple this is to use open standards (more on that in a later blog) to store documents, so it becomes irrelevant whether you're using Office or Symphony/OpenOffice. And using Symphony means you're not tied just to Windows as the OS.

To decouple the OS from hardware upgrades, they recommend looking at VDI solutions, as you can maintain the hardware for longer, etc. etc. They showed some Gartner reports and pretty graphs, but they're the same ones we've already seen about trends and TCO of virtual desktops.

The other thing, brought in right at the end, was a move towards Desktop as a Service. Basically, like VDI but with the desktop hosted in the cloud. Nice, but not sure how practical it is for a large company.

ID405 - Sametime Advanced

I'll say upfront, I was rather disappointed with this session.

Sametime Advanced seems to have some nice features is it, but I'm not really sure how much they would get used at Mars.

In addition to multi-user chats, there is a more formal "chat room" feature available, with document sharing included. The can also be accessed from a browser interface too. It's nice, but SameTime meetings gives you the same functionality.

Broadcasts are another feature - you can broadcast a message out to a group, and those that respond are joined into an n-way chat. I can see maybe ART or teams like that using this, for getting help on a problem.

Instant poll works similar to Broadcasts, but with a polling/survey message. Meh.

Skilltap is virtually identical to broadcasts, but specifically pointed to asking questions that require specialist answers. At the end of the chat, the questioner has the option of reviewing the answers and adding them to an FAQ. It's an interesting way of working, sure, but surely the last thing we need is yet another silo of information locked away somewhere else?

And then there's desktop sharing, which gives... well, desktop sharing.

The other major functional benefit, which is the main value proposition for upgrade, would be the ability to customise the look and feel and location of the Sametime notification baloons.

So, all in all, some nice stuff, but anything we'd actually use we already have perfectly good ways of doing.

Directory Independence

I get all the best topics! I attended a session today about some future functionality in Domino. The idea is to provide an option to store all the person documents in an external LDAP directory, such as Active Directory. This is different to the secondary directory I talked about before (already in the product).

Initially user groups are likely to stay in the Notes NAB, but as with all early development, details are scarce and the plans are hazy. The presenters took us through some early code and it looks like the mechanisms to find the external directory servers are fairly primitive so far (basically there is a single DNS entry that defines a specific directory server), so it will be a while before this is robust and business ready. Great direction though - and if we can remove yet another directory from our environment we can start to think about less complex (and cheaper!) directory synchronisation tools

BP403 - Best practices for migrating Exchange to Domino

This session revolved around 2 case studies of companies migrating from Exchange to Domino and 1 from a Unix mail system to Domino that had been assisted by IBM, and the lessons learned from those cases.

Interestingly, all the cases revolved around a highly de-centralised mail system moving to centralised Domino. No-one went for decentralised Notes, and no examples of centralised Exchange to centralised Notes were cited. One of the migrations had started, but was halted partway though at the customer request, due to the economic downturn.

Some of the problems encountered were (in my own view) basic project management issues. Failure to define standards first, risk management and training needs.

On the technical problems, a few of the challenges they faced were:

• local PST files, which IT may not even know exists if they are user created.
• .msg emails saved on the file system
• Mail archives
• Calendar/Scheduling lookups
• Personal Address books
• Non-Blackberry mobile clients
• Blackberrys requiring a full wipe and resync as part of the migration
• Recurring meetings
• Outlook Journal
• Outlook Notes
• Unattended/Generic mailboxes
• Inbox rules
• Password synchronisation and distribution

IBM consulting, for one of the clients, ended up using 6 separate toolkits as well as customised scripts to manage the migtations.

All in all, there weren't any "best practices" discussed. It was probably better to say that it was a "things to watch out for" or "why you should get IBM consulting to help you" session.

ID207 - Getting the most out of DAOS

This was a more in depth technical look at DAOS (Domino Attachment and Object Service) and, as I blogged previously, something we should definitely use when we move to 8.5

Aside from the obvious benefits of reducing the database size and de-duplicating attachments, another point raised was that mail attachments are typically quite static and are usually not accessed all that often. Therefore, by spinning them out to separate files on the disk, it's more cost effective to place the repository on Tier 2 storage, saving your faster disks for the databases.

It's also worth noting that DAOS is not just for mailboxes - it will work with ANY notes database. That includes mail.box, by the way, so once a message with an attachment hits the server, it's written to the disk once and once only, and the pointer stub gets routed through the server. They've seen about a 13% reduction in disk I/O, as well as a 10.5% decrease in CPU usage from this.

Of course, it's not all sunshine and roses. There are a few caveats to be aware of. These include:

• The size of the attachment still counts towards the user's quota size, even though it's not stored within the nsf file.
• The attachment size does NOT count towards the 64Gb size limit for an NSF file. In one case, a client has created an NSF file which is logically storing 2TB of data, but thanks to DAOS the NSF is still less than 64Gb. However, this database cannot be replicated to any non-DAOS server, because the replica would then be over the limit
• Copying/duplicating an NSF file file at the OS level, or deleting an attachment file will cause the DAOS system to go out of sync. Things will still work, but files will not be deleted off the file system when the documents are deleted until after resync/verification is done. This can be automated, however.
• Transaction logging must be enabled on the server, and the available space in the logs must be large enough to buffer the largest file you might want to pull out.
• You need to create/upgrade the database format to 8.5 format.

So, there's a few things to note but they're fairly minor, compared to the significant savings that can be made.

ID206 5 New Tricks You Didn't Know about Lotus Notes Administrator

Here are some top Domino administration tips (including some undocumented gems!) that will make Lotus Notes Administrator lives easier. These time saver tricks will shave a few hours off our daily work so that we could do more work : )
These are just some examples of what you can do. More updates to these shortcuts in the near future.

1) Connecting Remotely to a Server directly in the Admin Client:

Add to Notes.ini
Add: RemoteProgram=C:\vnc\vncviewer.exe %hostname%

2) Cataloging All Databases: This will allow you to create views that show all databases in your domain.

Select formulas for views in Catalog.nsf included: &!(DBListInCatalog = "0") to keep those databases from being displayed.

Set Catalog_Disk_Usage=1 to have percent used logged by the Catalog Task.

3) Finding Duplicate Replicas: Duplicate Replicas on a server can cause confusion and can be tricky to find.

Option 1# use SHOW DIR command in the server console.

Option 2# Tweak the by Replica ID view in the Catalog.nsf

4) File Panel Output to Printer: No more need to do screenshot and send them to the site team. Just select the databases on the server in Admin client and hit print.

This can only be done with R7.0.2 or higher clients

User : Sort on any column and then print to produce reports

Version 8.5 allows copy and paste rich data from the files panel.

5) Update Task Tuning: The Updating task can overwhelm a notes server. How to tell if the task is overloaded?

Check the following:

Update.pendinglist
Update.DeferredList
Update.FullTextList
.Max

(If the numbers are high, then request are being backed up.

Also use 'Show STAT Update" command to see them or "Statistic Tab in the admin client. Chart them over time using Stat event generators in the Events4.nsf