A new version of Domino is in the making and we are excited about what it will bring to the table.
It’s no news that Domino has been around for some time now and that some might say it’s not modern enough. It can’t be further from the truth as Domino is used on numerous systems and the new iterations have made it even more attractive to admins and users alike.
Here is the strategy that HCL has in mind for Domino:
The next version of HCL Domino, set to sail in 2022 is called Danube and it comes with a lot of goodies to look forward to.
HCL implemented the Early Access Program (EAP) releasing Domino code early for customers and partners to give hands-on feedback before we release the product.
The access was free to the EAP for anyone with a current Domino subscription and it also came with a Forum where questions can be asked and feedback provided.
Here is the timeline for these EAP releases:
- May 25th – Drop 1 – Domino (Windows & Linux)
- June 17th – Drop 2 – Domino
- July 20th – Drop 3 – Domino, Notes & Languages
- August – Drop 4 – Domino
- September – Drop 5 – Domino & Notes
The May 25th release came with:
- Upgrade CKEditor to 4.18 (change is in Domino)
- daosencmgr tool
- DominoBackup native Windows VSS support
- 256 bit AES for Database Encryption
- Ability to encrypt a database programmatically
- DQL 12.0.2 Optimization
- Upload support data via server command “Tell Domino Support”
- Linux: Support SELinux in Enforcing Mode
- Linux: Support 5.x Kernel
- Update IDVault (Recertification) without End user intervention
- Update IDVault (Key Rollover) without user intervention
- KeyCloak SAML IdP requires support for HTTP Redirect Binding signing
- Upgrade to OpenSSL 3.0.1 for FIPS 140-2 support
- Update CA root certificates that ship with Notes/Domino
- Add Briefcase icon also to Groups view in the Domino Directory
- Add Cell Phone Number to Telephone column in Person view in Address Book
The Second EAP Release added:
- Deprecate ADSync
- View Updating Speed and Throughput Improvements
- Secure OSLoadLibrary Usage, primarily on Windows
- Implement appropriate SCN QOS improvements in OnPrem
- Need NIFNSF tab in Server form
EAP 4 in August promises:
- Domino Danube for IBMi
- SMTP inbound SPF checking
- SMTP inbound DKIM
- Entitlement tracking – next stage
And EAP 5 in September:
- Domino Restyle integration with Notes
HCL Domino EAP release 3 offers:
Better Looking Apps
- Domino restyle – improve the UI of your existing apps by giving them a modern makeover;
- Apply themes or update colors – in a single Domino app or many at once
What is Project Restyle?
Project Restyle offers a way to easily update the visual styling of existing applications:
- It is low-risk because we are not touching code that would affect the logic of applications
- It is fast!
- It provides options (all of which look good)
- It is reliable. Users should have confidence in running Restyle on applications.
Project Restyle will provide you with a set of design options (colors and themes) that will style the following areas of your application:
- Action bars
- Embedded outlines
Enhanced Email Security
- ICAP support – server based Anti-virus protection
- DKIM Inbound – ensures emails are not altered in transit between the sending and receiving server
- Sender Policy Framework – coupled with DMARC it provides protection against email spoofing used in phishing and spam
Email Virus Scanning Using ICAP
What is ICAP (Internet Content Adaptation Protocol)?
- A lightweight and extensible point-to-point protocol that effectively adapts content for user needs
- An ICAP server can also act as a server by accepting payloads and returning a specific response
How is ICAP used by Domino?
- Domino uses ICAP to send email messages to anti-virus servers to be scanned
- Domino sends a web response to an ICAP server with a streamed attachment
- The ICAP server responds with a completion code indicating if the payload was infected
- Headers contain additional information about the type of virus, timestamp, etc.
Your ICAP-enabled A/V solution
- You control the A/V rules
- You manage the virus signature refresh
- Sanitize and release
DKIM Signature Verification Inbound
- DKIM (Domain Keys Identified Mail) is an email signing standard which helps detect modification of certain message content while in transit between sending and receiving SMTP servers
- DKIM signing and signature verification are done by the SMTP endpoints. A DKIM signature is not typically visible to the end user. Domino 12.0.2 will introduce DKIM signature verification for inbound messages received over SMTP.
- DKIM helps to prevent spoofing by verifying the message coming from a domain are from one of its legitimate users or if the sender’s information has been faked.
- Domino router configuration will offer the option to send messages which fail DKIM signature verification to the recipients’ Junk folder.
Sender Policy Framework (SPF) Validation in SMTP
- SPF is a protocol designed to communicate which servers or IP addresses are authorized to send emails on behalf of a particular domain. SPF is technology designed to detect email sender spoofing.
- An internet domain publishes a DNS record containing its SPF policy. This policy asserts hosts which are authorized to send mail from addresses in the domain.
- A Domino SMTP server with SPF validation enabled will use DNS to look up the SPF policy for the domain of the sender of an inbound message. If a policy is found, Domino will determine if the connecting host is authorized to send mail for the sender’s domain.
- SPF validation is intended to be used on Domino servers receiving mail directly from external internet servers.
SPF Configuration Options in Domino
- Reject messages that fail SPF validation
- Deliver messages that fail to the recipients Junk folder
- Bypass SPF checks for trusted servers, such as internal relays
Also, when it comes to email security things will get better as DKIM and SPF are foundational to Domain-Based Message Authentication,Reporting and Conformance (DMARC).
Domino Backup – VSS Support
What is Windows VSS (Volume Shadow Copy Service)?
A technology that can create backup copies or snapshots of computer files or volumes, even when they are in use. Domino will be a VSS writer – Registers as a VSS writer with Windows.
Here is the flow when a snapshot is initiated (takes less than 60 seconds):
- Backup application starts VSS Snapshot
- Windows sends event to all VSS writers registered to “freeze” their application
- Domino switches all databases into backup mode
- Windows takes VSS snapshot
- Windows sends VSS “post thaw” event to application
- Domino stops backup mode and writes new data to databases
This works with all VSS backup aware backup applications without any additional scripting for backup!
Use OpenSSL 3.0.x for Notes/Domino Cryptographic code
- FIPS 140-2 Compliant, Important for government organizations around the world. A technology proven to be secure. (Included in Domino 12.0.2 Early Access 1, May 25th)
- Automatic administrative processing of User Recertification and Key Rollover in IDVault for Web only users (Included in Domino 12.0.2 Early Access 1, May 25th)
- Local Notes Client is no longer needed to complete the renewal process.
- Process is now entirely on the server. Local Notes ID file is no longer needed.
- Support for ECDSA based client certificates for TLS Client certificate authentication
- Smaller and faster than DSA.
- Improved Integration with SAML 2.0 IDPs like Keycloak/ADFS by using Redirect style signature binding. Provides better security and performance the Post style binding. (Included in Domino 12.0.2 Early Access 1, May 25th)
Easy Meeting Scheduling
DOMI – Calendar Delegation and Recurring Support
It allows delegates to now use Dynamic Online Meeting features while offering support in Notes/Verse for repeating meetings with online meetings.
One other great feature is that it integrates the meeting passwords and dial-in numbers from the meeting provider.
Free Busy Time With O365
- Free Time Credentials Setup
- Found in credential store
- Configure through console commands
Workspace UI Update
- App icons display with a border over a 50% transparent background for a cleaner, organized look.
- The replica icon is replaced with a dropdown icon in the top-right corner. This provides one-click to access replica information.
- Server name text color is the same as the database name
- Unread count displays in the bottom-right corner.
- New ini setting to restore Notes 12.0.1 look EnableV1202WorkspaceLook = 0
Document Properties Improvements
- Improvements to keyboard accelerators
- Two new indicator columns available
- Ability to copy multiple rows
Enable Sharing Of Jars Between XPages and Java Agents
Use Nomad Web without Safelinx
- Runs on Domino
- No need to deploy SafeLinx
- Does not require relational DB
As HCL has done in the past as well, big plans are already in place for the next 3 years: