There are times when you need to use multiple technologies and you need them working well together. One example is: Office 365 and Domino. Why would you need them both you ask? Well, maybe you have your email on Domino and also using O365 apps or your email is on Exchange and you have data and apps on Domino.
HCL Notes, Domino and Microsoft 365
Domino gives you a lot of great things, flexibility it offers you. You can be on prem, hybrid or in cloud and have the same level of security and all.
- Collaboration client-server application
- Email/Calendar/Contacts
- Applications – business workflow, document libraries…
- Sametime
- Domino Server – Windows, Linux, OS/400, AIX, Docker containers, Kubernetes, OpenShift
- Notes client, Verse, Traveler, Web Browser, Nomad, Outlook
Microsoft on the other hand is all about the cloud.
- Subscription based cloud services
- Email/Calendar/Contacts
- SharePoint
- Teams, Skype for Business (deprecated)
- Outlook and OWA
- Powersuite – Apps/Automate/AI/BI – a great tool but quite on the expensive side of things.
Directory
As we all know already the Domino Directory is the heart and soul of Domino. It’s where you find all your server config and how you manage your users.
- Domino Directory – names.nsf
Microsoft is a bit more complex:
- Active Directory – on premises
- Azure Active Directory – cloud
- Hybrid considerations
- AAD requires additional licenses to behave more like AD in the cloud
Directory Components
These are the Directory Components you will find and use most often in Domino:
- Person
- Group
- Multi, Server, ACL, Mail, Servers, Deny
- Mail in Database
- Resource
- Server
- Configuration
- Connection
- Program
- Policy/Setting
- Internet Site
Here is what Microsoft has to offer in this regard:
- User
- Mailbox user, mail user, mail contact
- Group
- Distribution, Dynamic Distribution, Security
- Shared mailbox
- Resource
Server vs Service Management
Endpoint Management
What is HCL Nomad?
- Similar to the HCL Notes Client Basic experience all within a web browser
- Designed for users to access HCL Domino applications (NSFs) from the users’ desktops and/or laptops
- Available as a fully native application for Android, Chromebook, and iOS mobile devices
- Secure access to mail and/or HCL Domino applications
- Ironclad security leveraging HCL’s Safelinx technology (built-in, secure, VPN) in addition to updated Domino security layers (e.g., physical, OS, network, server, ID, application, application design, and workstation)
- Includes:
- Biometric authentication for iOS mobile devices (face or touch ID)
- Secure proxy integration (SafeLinx)
- Two factor authentication (2FA)
- Username detection for secure access
- Local replica enablement to work off-line (on the native mobile version)
- Field level security for applications
- No specific design modifications required (to existing apps)!
Here is how Nomad looks like on Tablets and Smartphones
Domino V12: Nomad for Web Browsers
Coexistence Considerations
- Directory synchronization
- SSO Authentication
- Bi-directional mail routing with correct content and format
- Calendar free/busy time lookups/scheduling
- Instant Messaging coexistence
- Application inter-operation
Client options
- Outlook as a Domino client
- HCL Traveler for Microsoft Outlook 3.x (HTMO)
- Email/Calendar/Contacts
- Future – Open Client
- DOMI – Domino Online Meeting Integration
- Teams at the center of everything Microsoft – Viva
Active Directory and Domino synchronization can prove to be a drag. Here is a scheme of how you can make this work.
Domino Directory Sync
- objectGUID field added
- New Users – Register Selected Person
- User Renames
- Person document only – automatic
- Registered Notes user – admin4.nsf, Rename common name requests
- User Deletions
- Person document only – automatic
- Registered Notes user – No
- Group Deletions – automatic
Groups
AD Controller Password Sync Components
- Domino Utility server registered and installed note: does not run
- Domino Configuration Directory
- Directory Assistance Database (New)
- Document for directory of administration server
- Domino Password Library (npwsync.dll)
- Request Creator (names.nsf)
- Password Change Request Database – adpwsync.nsf
Domino Domain Server Password Sync Components
- Request Processor (names.nsf)
- Configuration Settings document (names.nsf)
- Password Change Request Database – adpwsync.nsf
- Directory Assistance Database (New)
- ID Vault
Password Flow – AD Controller
- Local Security Authority
- Processes password change in AD
- Passes user name and password to Domino Password Library
- Domino Password Library
- Finds objectGUID from user’s AD document
- Uses Directory Assistance database to find objectGUID in Domino Directory (on Request Processor)
- Creates document in Password Change Request database that contains the objectGUID and password
- Copies document to Request Processor’s Password Change Request database
Password Flow – Domino
- Request Processor Server sees new request
- Uses objectGUID to find Person document in names.nsf
- Updates Internet Password in Person document in names.nsf of administration server
- Updates Notes ID Password in ID Vault
Authentication Coexistence
- LDAP provides a way to authenticate, but both AD/AAD/O365 and Domino require they are the directory ”master” so Dirsync is necessary for these two systems to work together
- SAML – supported 90% by Domino and 100% by AAD, so this is a good path to pursue IMHO, however:
- Assertions not supported (If this could be supported then we could support Domino ACLs for SAML users)
- Managed logout not supported
- OAuth – OAuth2 Support for Domino Web Applications
- OAuth2 Support for Domino Web Applications allows administrators to configure token-based access to Domino-hosted ReST API’s.
- Available with Domino V12
https://doc.cwpcollaboration.com/appdevpack/docs/en/domino-app-oauth-support.html
HCL Domino – Security Enhancements
For any questions you might have we are here to help.