There are still a lot of admins that still run on Domino 9 or lower, even though HCL has invested a great deal into the latest versions of Domino. So, why update if the apps still work?
The axiom that you don’t fix something that is not broken does not necessarily apply to this situation as older versions do have bugs, vulnerabilities that can be exploited, especially since hackers have had 13 plus years to analyze any potential crack in the system.
Here are the most important risk areas when running on an old version of Domino:
Regarding security, truth be told, hacking a Notes Domino environment is indeed a challenge; however, there are components in Notes / Domino, the environment does have dependencies and those components are the ones susceptible to vulnerabilities.
One note to keep in mind: HCL does still support Domino 9 and 10. The tricky part is that there are versions of Domino 9 and Domino 10 that at the time they came out they supported certain Operating Systems. Since that point in time those OS are no longer supported by their vendors. Moving into the next calendar year of 2022 HCL will offer no further hotfixes or fix packages for those specific platforms.
- RHEL 6
- IBM iV7.1
- Windows Server 2008 R2
- Windows 8.X, XP, Vista (Notes client)
- MacOS Mavericks, Yosemite, El Capitan, Sierra, High Sierra (Notes)
For a better overview here are the Domino V9 and 10 Operating Systems End of Support Dates
Up to a point the old releases are holding you back. You have Software limits:
- 64 GB NSF
- Summary data
- Field sizes
- Performance issues
- Folder limitations
Limited architecture options:
- Container Technology
- S3 storage
Limited integration options
- REST APIs, JSON
- Third party applications, i.e. data exchange, business analytics
- Directory integration, i.e. Active Directory, SAML
Antiquated UI
- Legacy perception
What HCL Notes and Domino 12 bring to the table?
Break of the NSF Boundaries
Full Text Search and View Indexing
- Automatically update index on search for up to 200 documents with un-indexed changes. Additional documents are queued for immediate indexing.
- A corrupted full-text index will be rebuilt automatically on both client and server.
- Attachment indexing uses Apache Tika filters, supporting more and newer file formats.
- Dynamic indexing of high-usage views
- Domino will track view updates and reads in real time, permanently computes the 10 most active views and automatically assigns additional update threads.
Enhanced Replication Engine
- Detect and fix out-of-sync replicas
- replicate <server><database>-L lists missing notes in log file
- replicate <server><database>-F full replication (replica resync)
- In Domino Cluster
- More efficient streaming cluster replication after server restart
- Replication Currency Monitoring compares replication on all cluster servers and lists currency of the replicas (“all copies current within 2 mins”)
- Servers with databases exceeding a configurable currency interval can generate an alert.
Symmetrical Servers
- One or more data directory folders are declared to be symmetrical.
- Any Notes database which exists on any server in the cluster must exist on every server in the cluster.
- “Repair Engine” will detect any missing databases and repair them automatically.
- Clusters > Configuration
Sync and Repair engine:
- NSF databases
- DAOS objects
- Auto Repair task
- Manual repair command
Note Deletion Logging
DirSync with Active Directory
- New implementation for a dedicated sync tool with AD
- Completely new feature in DominoV11
- DirSync allows you to sync people and group data from an external LDAP (currently AD) directory into the Domino directory
- Federated contact information
- Sync’ing of AD and Domino attributes
- Security and Distribution groups
- Password Synchronization (Domino12)
Admins can focus on registering new Domino app (or mail) users, with a single right mouse click, when ADFS is the single source of truth for enterprise authentication.
Security Enhancements
- Group population based on LDAP Search Query.
Group documents can now be auto-populated based on a LDAP search query against the documents in the Domino Directory.
- Certificate Manager task and Certificate Store application
Complete automation for requesting, configuring, and renewing free, widely trusted TLS certificates from the Let’s Encrypt certificate authority (CA). Can also be used with other third-party CAs.
- ID Vault Updates
- Automatic archiving of existing user ID in Vault if the user is using an old ID file with an old password for more than 7 days.
- Restart ID file sync (auto-upload ID file into ID Vault). Administrator can reset the password on the “archived” ID vault entry to recover it for the user.
- ID Vault scanning via command line or Admin Client with optional update of ID Vault information in person document in the Domino Directory.
- Query Vault commands to “inactivate” and “reactivate” a user’s ID
- Manual ID uploads to the ID Vault for un-synched ID files (single or in batches)
- Web Authentication Updates
- Web browser login using Notes ID password stored in the ID Vault
- Time-based One-time Password for Multi-Factor Authentication in addition to standard username and password
- New MFA Login Form now available for TOTP login to web apps.
- Internet Password Lockout based on repeated login failures, invalid IP Address ranges and DDOS attacks.
- Identity Management
- SAML Updates
- ADFS 4.0 Support
- Support for Service Provider initiated flows
- Simplified SAML configuration
- Certificate Management
- TLS Cipher settings in Server Document
- Support for TLS 1.2 in SAML
- Notes Federated Login (SAML) will now use the TLS 1.2 version
- XULRunner browser has been upgraded to a new version
- Embedded Sametime authentication now uses TLS 1.2
- Sametime chats have a more robust experience with the XULRunner upgrade.
DAOS Two-Tier Storage
Backup and Restore your Domino Applications
- Easy-to-use interface to configure backup and restore of Notes databases and templates.
- New server tasks, Backup and Restore, use the configuration to back up one or more databases and to restore individual databases on demand.
- Domino backup and restore offers:
- File system backup to disk or network drive with no third-party backup solution
- Integration with third-party backup solutions
- Point-in-time restore of a database
- Restore missing or corrupted DAOS files.
“One Touch” Domino Setup
- Deploy Domino servers using DevOps & Automation
- Set up an ID Vault
- Create and update applications and documents and enable and run agents. This feature is available only through JSON file input.
- One touch Domino setup is supported on Domino on Docker, Windows and UNIX platforms.
Containerized Deployments
- Run HCL Domino servers in a flexible containerized environment. Start using it effectively for development and testing environments. Certified for Kubernetes and Red Hat OpenShift.
- Official repository contains:
- Dockerfiles
- Polished scripts for building and running images and containers
- Domino startup scripts compatible with Docker.
Email and Calendar Improvements
- Email and Calendar UI Enhancements
- Scheduled Messages
- Send time/UI mail rule notification vs delivery failure
- Automatic Dead Mail handling
- Secondary signature reply/forward
- Select alternate From address in a shared mail file
- Forward emails as .eml attachments
- Additional import capabilities – PowerPoint, Excel, Word
- Improved HTML Rendering
- Meetings greater than 24 hours
- Meeting attendee forward / delegate
- Meetings color coded by chair
- Improved rendering Teams invitations
- Traveler 12 (9.0.1 FP8 and higher)
- Verse on Premises 2.2 (9.0.1 FP10 and higher)
- HCL Traveler for Microsoft Outlook (HTMO) 3.0 – Outlook 2019 support (10.0 and higher)
Workspace 12.0.1
- High Resolution Database Icons
Marvel Client Essentials
- Continuously analyze and visualize Notes workspace, client config and OS details
- Take stock of your client deployment complexity and inconsistencies
- Deploy files like a Notes upgrade image, run programs and manage the Windows registry
- Provide the IT, help desk and management staffs with concrete Notes client details, facts and figures
- Identify pitfalls during upgrades such as insufficient resources or non-standard installations
- Prepare an efficient upgrade path
- Reduce risk and help desk tickets.
HCL Nomad Mobile and Web
- Similar to the HCL Notes Client Basic experience
- Designed for users to access HCL Domino applications (NSFs) from the users’ desktops and/or laptops
- Available as a fully native application for Android, Chromebook and iOS mobile devices
- Secure access to mail and/or HCL Domino applications
- Ironclad security leveraging HCL’s Safelinx technology (built-in, secure, VPN) in addition to update Domino security layers (e.g. physical, OS, network, server, ID, application design and workstation)
- Includes:
- Biometric authentication for iOS mobile devices (face or touch ID)
- Secure proxy integration (SafeLinx)
- Two factor authentication (2FA)
- Username detection for secure access
- Local replica enablement to work off-line (on the native mobile version)
- Field level security for applications
- No specific design modifications required (to existing apps).
Nomad on Tablets and Smartphones
New Development Options
- Domino Query Language
- Rest APIs / Project Keep
- New LotusScript Classes HTTP Request and JSON
- Support for 20 custom HTTP headers
- Domino Volt
- HCL Link
Here are the major changes that have taken place with Domino in the past 3 years:
The webinar is recorded so feel free to watch it if you would like.
If you would like to talk more about upgrading to Domino V12 let’s chat.