Domino Mobile Apps On Your iPad & In The App Store

The mobile apps team at HCL have finally been able to release the Domino Mobile App into the Apple app store here. The app gives you access to your Domino applications as if using a Notes client and with no programming changes required. It includes full encryption and even local replication – that’s right, replication to your iPad.

I have been using the beta since last summer and it has become indispensable. So first things first, go to the app store and download the Mobile App or click on the image below.

Once it is installed you will need to connect to a server that can access your ID Vault. Having your id in a vault it how it is downloaded to the iPad so if you don’t have an ID Vault configured you need to do that, it should only take a few minutes to configure but you may have to wait a few hours for IDs to populate on your server.

First complete your name and server name. I am using a dummy server name here – the app will try and find my server..

This server isn’t reachable by name from where I am so I am asked for an ip or hostname. If you have a VPN on your iPad or are working on your internal network you can use an internal host or address but I am remote so I will use a public ip on a dummy server.

My next prompt was asking me for my Notes ID password and it wants the most current one which is the one in the vault.  Once it has that I am into the Mobile app and I can start opening applications and even creating connections to other servers in my local contacts.

Below is a copy of my ddm.nsf from the server – you can see it looks identical to my viewing it through a Notes client but it’s clearly on my iPad (see title bar)

..and a further example, a document opened in ddm.nsf.  You can see my action bar buttons are available.

Finally let’s look at a document library document in edit mode – you can see all the buttons, drop downs and action bars are visible and working.  Document Library is a pretty old template so it’s good to know older applications work well too.

I am afraid I don’t know what the licensing situation is. I do believe if you are licensed currently with an up to date subscription you can use this at no additional charge but I will update when I know more for certain.

A New Base – A New Hope – A New Beginning. Factory Tours Episode 2

This week I spent time in Milan at HCL’s 2nd factory tour at their offices.   It was an intense couple of days, with presentations from the development teams working on Domino, Notes, Nomad, Sametime, DQL, etc, as well as HCL executives working on building the support program, the partner program, and HCL’s client advocacy program.

After several great discussions with people from HCL and IBM all I can say is that things are moving F-A-S-T and thank you in particular to Richard Jefts, Russ Holden, John Curtis, Tony Blake, Pat Galvin and Francois Nasser for listening to my ideas even if they end up being unworkable.

Note there was no discussion of Connections at all as that deal with IBM is not finalised and HCL aren’t in a position to discuss it. HCL are targeting April 1st for the deal and early June for everything to be transitioned over, with the v11 beta this summer and the v11 launch around end of Q4.

Here are some highlights that I noted from the conversations and sessions that I want to share here.  I apologise if I have incorrectly noted what I heard.

Domino (presented by Russ Holden) – v11 Features 

  • Directory Sync from Active Directory to Domino Directory. Renames made in AD will trigger a Domino rename.  Attempting to get rid of or at least minimise the HTTP password field and make AD authoritative.  We had discussions about whether attributes in AD should/could be written to by Domino or if AD was to be the single authoritative and management source.
  • HTTP password authentication via ID Vault instead of person document, including the ability to keep the Notes password and HTTP password in the vault in sync.*Those of us who work with Traveler know the risk of changing the HTTP password until we get client certificate authentication in Traveler, and we shared that with Russ as well.
  • DAOS will still exist but in v11 there will also be Cloud Object Storage where a single instance of an attachment per note ID will be stored in Amazon’s S3 cloud by default but with the option for extensions to other servers.The concept is that it would potentially save on both on premises storage costs and backup requirements for the attachment store.  It’s not intended to be a space saving offering over DAOS as although there will be one instance of an attachment regardless of cluster replicas, that instance is based on the note id of the document.  That means whereas with DAOS an email sent to 40 people will generate only a single NLO on each cluster server, with this model there would be 40 attachments all accessible by any server in the cluster.  How appropriate this will be as a solution will be dependent on your storage and backup requirements as well as your typical mail usage.
  • A new PubSub feature that will allow applications to subscribe for updates that Domino will publish rather than poll for them.  Traveler is a good example, currently Traveler scans each user’s mail file on a polled interval to see if there are updates and if there are it then grabs them to send to your device. Polling databases asking for “anything new to tell me” is a lot of unnecessary overhead when the alternative is Domino publishing updates each time there is activity (note adds, deletes, folder adds etc).  The ability to subscribe to specific databases you want immediate activity on and for Domino to publish that activity to you as it happens obviously has a huge scope beyond performance outside of Domino as well.Which leads us to…
  • Using ElasticSearch for searching which will utilise the PubSub functionality in order to get immediate updates to process.  ElasticSearch will be configurable on a database-by-database basis including the option to have it take the place of Domino FT search.  One of my issues with ElasticSearch is its security model and they are also working on an API to address that so that we get security parity with the current FT search model.
  • Message recall for undelivered (scheduled or queued) mail.

The Clients (presented by Andrew Davis, Maxx Sutton, Barry Rosen)

The focus for v11 is very much around the client delivery and UI.

There is a new UI under development for Notes and some of its key templates that modernises it and brings it more in line with the UI design of Verse.  These are early stages but they will be part of the v11 ship.  Verse continues to be extended with very welcome upcoming support for mobile browsers and a goal to have parity with iNotes by the end of this year.

HCL Nomad, currently on public beta for iPad (yes, they know we want it SHIPPED) was demoed for Android and ChromeOS at Think and to us this week.  iPhone is also on the way.  To develop for Android HCL used OpenGL and that code can also be compiled as WebGL which, using WebAssembly, will enable Nomad to run in most browsers with the same fidelity and behaviour as on the mobile devices.

I’m not saying that would give us a lightweight client but it would totally give us a lightweight client that could be used in something like HCL Places for instance.

Sametime (presented by Pat Galvin)

Sametime 10 Limited Use, that now includes mobile entitlement, is on track to be delivered in the first half of this year.  The persistent chat feature that allows chats to be routed to multiple devices you are logged into will, in the first instance, require MongoDB with Domino coming “later”.  I have a big problem with this.  Neither me nor my customers want to bring the overhead of MongoDB into a Domino site just for this single feature regardless of how welcome that feature is.  I hope HCL prioritise “later” as “soonest” to be honest otherwise I suspect we’ll be deploying v10 of Sametime initially without its biggest feature.

Platforms will be Windows initially then Linux.  All 64bit.

Sametime will be released lock step with Domino, so at the end of this year Domino 11 will support the product released as Sametime 11.  Targeted for release with v11 is Docker deployment and support for integration with Zoom, Webex, etc. Stretch goals for v11 include getting rid of the Sametime System Console and the ability to invite external guests into chats.

In addition, they are looking to deliver chat enhancements in v11 such as read status on messages, @mentions, and multi-device file transfer so you can select which device a received file is downloaded to as well as choosing which device to answer an audio / video call on if you are logged into multiple devices.

Finally for meetings I’m delighted to hear that they are working to remove the accursed browser plugins for audio and video from v11.

Sametime 12+ includes targets that are stretch goals on v11 and additional targets such as removing WebSphere and DB2.

DQL (Presented by John Curtis)

The 1.0.1 Appdev pack which contains all the functionality you need to deploy DQL from Node is out this quarter.  The plan is to have quarterly updates to the Appdev pack introducing new features.  Some things planned for future updates include:

OAuth authentication.  This is a huge deal and has to be done right.  DQL only works as a solution if we can maintain the same security model that Domino gives us and OAuth has the ability to give us that.   Currently the OAuth implementation in the Appdev pack is application level, meaning one identity shared by anyone using that application which means no reader fields of custom user security.

They are working to support on-the-fly computation of formulas to support things like computed for display fields.

For searching there will be support for both FT Search and the new ElasticSearch with indexes created across databases and in attachments where required.  Searching rich text and mime is also on the agenda.

These are just some of my highlights.  There was a lot more and if you want to get involved I highly recommend registering for Engage UG in Brussels this May (14/15) https://engage.ug.  It’s a free user group event and HCL will be there in force with a lot more to show, hopefully on the heels of some beta content.

If you want to add your own enhancement requests and suggestions definitely to go the aha! site and add them there.  Everyone who spoke said they monitored that site and many of the features that are coming are based on posts there.

https://domino.ideas.aha.io/

HCL Client Advocacy – (presented by John Immerman)

If you are a customer or a business partner please sign up for the Client Advocacy Program @ HCL.  John Paganetti and his team will connect you with a developer advocate who will work with you to make sure your requests are heard, your PMRs don’t stall, and your ideas are taken seriously.  Much of what they do is learning about how you use the tools and what your pain points and wishes are.  This speaks to the core of who HCL are and I can’t think of any other company who would commit skilled expert resources to these kind of relationships.  If you want to be heard go register here. There are 200 companies registered already with hundreds more requested and being personally contacted.  Nothing about this is automated so don’t pass up the opportunity.

https://www.cwpcollaboration.com

Support – (presented by Michael Fiorentino)

The support model is still transitioning over from IBM including hundreds of thousands of technotes and HCL are moving away from the Salesforce support interface that IBM use to a simpler more streamlined one.  The big question I wanted to ask was whether HCL would do away with the login requirement to read technotes or get patches.  Currently IBM require you to be a customer with a support license to be able to read technotes and find out what may be wrong.  I’ve always thought that’s crazy and I know it frustrates customers and partners alike.  Both Richard Jefts and Michael Fiorentino confirmed that is not how they plan to run things and that’s a great start.

Michael also wanted to understand the business partner requirements so he could structure things to make it easier for us to open calls at the right level of expertise and to do so on behalf of our customers in an easier way.  Michael has a frankly astonishing amount of work ahead of him to get the support structure right, but he was very open to all our ideas and comments and I honestly believe they are committed to doing this right and not “business as usual”.

I heard from more people there of really good IBM’ers who are moving to HCL. I don’t want to name them here as that’s their business but I’m delighted they are joining.

Let’s all work together and do great things.

 

 

Domino – Exchange On Premises Migration Pt2: Wrestling the Outlook Client

In part 1 of my blog about Exchange on premises migration from Domino I talked about the challenges of working with Exchange for someone who is used to working with Domino.  If only that were all of it but now I want to talk about the issues around Outlook and other Exchange client options that require those of us used to working with Domino to change our thinking.

In Domino we are used to a mail file being on the server and regardless of whether we used Notes or a browser to see that client, the data is the same.  Unless we are using a local replica, but the use of that is very clear when we are in the database as it visibly shows “on Local” vs the server name.

We can also easily swap between the local and server replicas and even have both open at the same time.

In Outlook you only have the option to open a mailbox in either online or cached mode.

So let’s talk about cached mode because that’s the root of our migration pains. You must have a mail profile defined in Windows in order to run Outlook. The default setting for an Outlook profile is “cached mode” and that’s not very visible to the users. The screenshot below is what the status bar shows when you are accessing Outlook in cached mode.

connectedtoexchange

In cached mode there is a local OST file that syncs with your online Exchange mailbox.  It’s not something you can access or open outside of Outlook.

datafiles

Outlook will always use cached mode unless you modify the settings of the data file or the account to disable it.

cachedsettings

As you can see from the configuration settings below, a cached OST file is not the same as a local replica and it’s not designed to be.   The purpose of the cached mail is to make Outlook more efficient by not having everything accessed on the server.

cachedoffline

Why does this matter during a migration?  Most migration tools can claim to be able to migrate directly to the server mailboxes but in practice the speed of that migration is often unworkably slow.  If that can be achieved it’s by far the most efficient but Exchange has its own default configuration settings that work against you doing that including throttling of activity and filtering / scanning of messages.   Many / most migration tools do not expect to migrate “all data and attachments” which is what we are often asked to do.  If what we are aiming for is 100% data parity between a Domino mail file and an Exchange mailbox then migrating that 5GB, 10GB, 30GB volume directly to the server isn’t an option.  In addition if a migration partially runs to the server and then fails it’s almost impossible to backfill the missing data with incremental updates.  I have worked with several migration tools testing this and just didn’t have confidence in the data population directly on the server.

In sites where I have done migrations to on premises servers I’ve often found the speed of migration to the server mailbox on the same network makes migration impossible so instead I’ve migrated to a local OST file.  The difference between migrating a 10GB file to a local OST (about an hour) vs directly to Exchange (about 2.5 days) is painfully obvious. Putting more resources onto the migration machine didn’t significantly reduce the time and in fact each tool either crashed (running as a Domino task) or crashed (running as a Windows desktop task) when trying to write directly to Exchange.

An hour or two to migrate a Domino mail file to a local workstation OST isn’t bad though right?  That’s not bad at all, and if you open Outlook you will see all the messages, folders, calendar entries, etc, all displaying.  However that’s because you’re looking at cached mode. You’re literally looking at the data you just migrated.  Create a profile for the same user on another machine and the mail file will be empty because at this point there is no data in Exchange, only in the local OST.  Another thing to be aware of is that there is no equivalent of an All Documents view in Outlook so make sure your migration tool knows how to migrate unfoldered messages and your users know where to find them in their new mailbox.

Now to my next struggle.  Outlook will sync that data to Exchange.  It will take between 1 and 3 days to do so.  I have tried several tools to speed up the syncing and I would advise you not to bother.  The methods they use to populate the Exchange mailbox from a local OST file sidestep much of the standard Outlook sync behaviours meaning information is often missing or, in one case, it sent out calendar invites for every calendar entry it pushed to Exchange.  I tried five of those tools and none worked 100%. The risk of missing data or sending out duplicate calendar entries/emails was too high.  I opted in the end to stick with Outlook syncing.  Unlike Notes replication I can only sync one OST / Outlook mailbox at a time so it’s slow going unless I have multiple client machines. What is nice is that I can do incremental updates quickly once the initial multi-GB mailbox has synced to Exchange.

So my wrestling with the Outlook client boils down to

  • Create mail profiles that use cached mode
  • Migrate to a local OST
  • Use Outlook to sync that to Exchange
  • Pay attention to Outlook limits, like a maximum of 500 folders*
  • Be Patient

*On Domino mailboxes we migrated that pushed up against the folder or item limits we found Outlook would run out of system memory repeatedly when trying to sync.

One good way to test whether the Exchange data matches the Domino data is to use Outlook Web Access as that is accessing data directly on the Exchange server.  Except that’s not as identical to the server data as we are used to seeing with Verse or iNotes.  In fact OWA too decides to show you through a browser what it thinks you most need to see versus everything that’s there.  Often folders will claim to be empty and that there is no data when in fact that data is there but hasn’t been refreshed by Exchange (think Updall).  There are few things more scary in OWA than an empty folder and a link suggesting you refresh from the server.  It just doesn’t instill confidence in the user experience.

Finally we have Outlook mobile or even using the native iOS mail application.  That wasn’t a separate configuration and unless you configure Exchange otherwise the default is that mobile access will be granted to everyone.   In one instance a couple of weeks ago, mobile access suddenly stopped working for all users who hadn’t already set up their devices.  When they tried to log in they got invalid name or password.  I eventually tracked that down to a Windows update that had changed permissions in Active Directory that Exchange needed set.  You can see reference to the issue here, and slightly differently here, although note it seems to have been an issue since Exchange 2010 and still with Exchange 2016.  I was surprised it was broken by a Windows update but it was.

I know (and have used) many workarounds for the issues I run into but that’s not for here.  Coming from a Domino and Notes background I believe we’ve been conditioned to think in a certain way about mailfile structure, server performance, local data, and the user experience, and expecting to duplicate that exactly is always going to be troublesome.

#DominoForever

 

 

 

 

 

 

Domino – Exchange On Premises Migration Pt2: Wrestling the Outlook Client

In part 1 of my blog about Exchange on premises migration from Domino I talked about the challenges of working with Exchange for someone who is used to working with Domino.  If only that were all of it but now I want to talk about the issues around Outlook and other Exchange client options that require those of us used to working with Domino to change our thinking.

In Domino we are used to a mail file being on the server and regardless of whether we used Notes or a browser to see that client, the data is the same.  Unless we are using a local replica, but the use of that is very clear when we are in the database as it visibly shows “on Local” vs the server name.

We can also easily swap between the local and server replicas and even have both open at the same time.

In Outlook you only have the option to open a mailbox in either online or cached mode.

So let’s talk about cached mode because that’s the root of our migration pains. You must have a mail profile defined in Windows in order to run Outlook. The default setting for an Outlook profile is “cached mode” and that’s not very visible to the users. The screenshot below is what the status bar shows when you are accessing Outlook in cached mode.

connectedtoexchange

In cached mode there is a local OST file that syncs with your online Exchange mailbox.  It’s not something you can access or open outside of Outlook.

datafiles

Outlook will always use cached mode unless you modify the settings of the data file or the account to disable it.

cachedsettings

As you can see from the configuration settings below, a cached OST file is not the same as a local replica and it’s not designed to be.   The purpose of the cached mail is to make Outlook more efficient by not having everything accessed on the server.

cachedoffline

Why does this matter during a migration?  Most migration tools can claim to be able to migrate directly to the server mailboxes but in practice the speed of that migration is often unworkably slow.  If that can be achieved it’s by far the most efficient but Exchange has its own default configuration settings that work against you doing that including throttling of activity and filtering / scanning of messages.   Many / most migration tools do not expect to migrate “all data and attachments” which is what we are often asked to do.  If what we are aiming for is 100% data parity between a Domino mail file and an Exchange mailbox then migrating that 5GB, 10GB, 30GB volume directly to the server isn’t an option.  In addition if a migration partially runs to the server and then fails it’s almost impossible to backfill the missing data with incremental updates.  I have worked with several migration tools testing this and just didn’t have confidence in the data population directly on the server.

In sites where I have done migrations to on premises servers I’ve often found the speed of migration to the server mailbox on the same network makes migration impossible so instead I’ve migrated to a local OST file.  The difference between migrating a 10GB file to a local OST (about an hour) vs directly to Exchange (about 2.5 days) is painfully obvious. Putting more resources onto the migration machine didn’t significantly reduce the time and in fact each tool either crashed (running as a Domino task) or crashed (running as a Windows desktop task) when trying to write directly to Exchange.

An hour or two to migrate a Domino mail file to a local workstation OST isn’t bad though right?  That’s not bad at all, and if you open Outlook you will see all the messages, folders, calendar entries, etc, all displaying.  However that’s because you’re looking at cached mode. You’re literally looking at the data you just migrated.  Create a profile for the same user on another machine and the mail file will be empty because at this point there is no data in Exchange, only in the local OST.  Another thing to be aware of is that there is no equivalent of an All Documents view in Outlook so make sure your migration tool knows how to migrate unfoldered messages and your users know where to find them in their new mailbox.

Now to my next struggle.  Outlook will sync that data to Exchange.  It will take between 1 and 3 days to do so.  I have tried several tools to speed up the syncing and I would advise you not to bother.  The methods they use to populate the Exchange mailbox from a local OST file sidestep much of the standard Outlook sync behaviours meaning information is often missing or, in one case, it sent out calendar invites for every calendar entry it pushed to Exchange.  I tried five of those tools and none worked 100%. The risk of missing data or sending out duplicate calendar entries/emails was too high.  I opted in the end to stick with Outlook syncing.  Unlike Notes replication I can only sync one OST / Outlook mailbox at a time so it’s slow going unless I have multiple client machines. What is nice is that I can do incremental updates quickly once the initial multi-GB mailbox has synced to Exchange.

So my wrestling with the Outlook client boils down to

  • Create mail profiles that use cached mode
  • Migrate to a local OST
  • Use Outlook to sync that to Exchange
  • Pay attention to Outlook limits, like a maximum of 500 folders*
  • Be Patient

*On Domino mailboxes we migrated that pushed up against the folder or item limits we found Outlook would run out of system memory repeatedly when trying to sync.

One good way to test whether the Exchange data matches the Domino data is to use Outlook Web Access as that is accessing data directly on the Exchange server.  Except that’s not as identical to the server data as we are used to seeing with Verse or iNotes.  In fact OWA too decides to show you through a browser what it thinks you most need to see versus everything that’s there.  Often folders will claim to be empty and that there is no data when in fact that data is there but hasn’t been refreshed by Exchange (think Updall).  There are few things more scary in OWA than an empty folder and a link suggesting you refresh from the server.  It just doesn’t instill confidence in the user experience.

Finally we have Outlook mobile or even using the native iOS mail application.  That wasn’t a separate configuration and unless you configure Exchange otherwise the default is that mobile access will be granted to everyone.   In one instance a couple of weeks ago, mobile access suddenly stopped working for all users who hadn’t already set up their devices.  When they tried to log in they got invalid name or password.  I eventually tracked that down to a Windows update that had changed permissions in Active Directory that Exchange needed set.  You can see reference to the issue here, and slightly differently here, although note it seems to have been an issue since Exchange 2010 and still with Exchange 2016.  I was surprised it was broken by a Windows update but it was.

I know (and have used) many workarounds for the issues I run into but that’s not for here.  Coming from a Domino and Notes background I believe we’ve been conditioned to think in a certain way about mailfile structure, server performance, local data, and the user experience, and expecting to duplicate that exactly is always going to be troublesome.

#DominoForever

 

 

 

 

 

 

Whooomf – All Change. HCL Buys The Shop…

According to this Press Release as of mid June 2019, HCL take ownership of a bunch of IBM products including Notes, Domino and Connections on premises. Right now and since late 2017 there has been a partnership with IBM on some of the products such as Notes, Domino, Traveler and Sametime* so this will take IBM out of the picture entirely. Here are my first “oh hey it’s 4am” thoughts on why that’s not entirely surprising or unwelcome news ..

HCL are all about leading with on premises, not cloud. The purchase of Connections is for on premises and there are thousands of customers who want to stay on premises. Every other provider is either entirely Cloud already or pushing their on premises customers towards it by starving their products of development and support (waves at Microsoft). *cough*revenue stream*cough*

HCL have shown in 2018 that they can innovate (Domino’s TCO offerings, Notes on the iPad, Node integration etc) , develop quickly and deliver on their promises. That’s been a refreshing change.

They must be pleased with the current partnership products to buy them and more outright.

When HCL started the partnership with IBM they brought on some of the best of the original IBM Collaboration development team and have continued to recruit at high speed. It was a smart move and one I hope they repeat across not just development but support and marketing too.

HCL already showed with “Places” that they have ideas for how collaboration tools could work (see this concept video https://youtu.be/CJNLmBkyvMo) and that’s good news for Connections customers who gain a large team and become part of a bigger collaboration story in a company that “gets it”.

Throughout 2018 HCL have made efforts to reach out repeatedly to customers and Business Partners, asking for our feedback and finding out what we want. From sponsoring user group events (and turning up in droves) around the world to hosting the factory tour in June at their offices in Chelmsford where we had two days of time with the developers and their upcoming technologies. I believe they have proven they understand what this community is about and how much value comes from listening and – yes – collaborating.

Tonight I am more optimistic for the future of these products and especially Connections than I have been in a while. HCL, to my experience, behave more like a software start up than anything else, moving fast, changing direction if necessary and always trying to lead by innovating. I hope many of the incredibly smart people at IBM (yes YOU) who have stood alongside these products for years do land at HCL if that’s what they want, it would be a huge loss if they don’t.

*HCL have confirmed that Sametime is included

Are You Ready: Domino #Perfect10

In today’s edition of my #Perfect10 webcast I discuss some steps in finding your Domino servers, reviewing their dependencies and auditing database access.   This is a 15 minute presentation which I’ve tried just as slides with my voice instead of video.

As always please let me know what you think and anything else you would find useful.

Next Up: Are you ready – Traveler, Sametime and Web Mail