New Features Overview

Added by Bart Jacob | Edited by IBM contributor

Bart Jacob on December 8, 2009 | Version 3

Abstract

No abstract provided.

Tags:

ShowTable of Contents

HideTable of Contents

1 Lotus Notes Client Enhancements
2 Domino Server Enhancements
3 Lotus iNotes Enhancements
4 Administration Enhancements
5 New Messaging feature
6 New Policies features
7 New Security Features
8 Using gzip on the web
- 8.1 Automatic creation of gzip files
- 8.2 Settings for gzip

Table of Contents | Previous Page | Next Page

In version 8.5 of IBM Lotus Notes and Domino Server there have been several enhancements incorporated over previous releases. This page provides and overview of some of these changes. In some cases, we will simply link to other pages in this wiki that provide more detail on these enhancements within the context of the specific component.

Lotus Notes Client Enhancements

Please refer to the Notes Client Enhancements page of the Lotus Notes Client section.

Domino Server Enhancements

Please refer to the Domino New Features page of the Domino Server section.

Lotus iNotes Enhancements

Refer to the iNotes Enhancements page.

Administration Enhancements

Please refer to the Administration pages for a description of the various enhancements.

New Messaging feature

Router optimizations is a series of enhancements and changes to the Domino mail router designed and implemented to reduce latency, that is, to reduce the amount of time between when a message is sent and when it is delivered, to contribute to reduced I/O, and to address scalability issues caused by a large message backlog. Mailbox event notification is also a router optimization. In Domino, when the router is running in a steady state and a new message is deposited in MAIL.BOX, a copy of the message is made and placed on a mailbox event queue which is then used by a new MailEvent thread in the router. The router then uses this copy of the message without having to search MAIL.BOX to discover new messages nor perform a full note open for use in transfer or delivery. The message is cached and additional copies of this message are made as needed for multiple recipients. You can use NOTES.INI settings to limit the amount of memory used by open notes. The memory values are shared and maintained by mailbox event generation and any open router note. These enhancements do not cause changes to the UI, but they are noticeable as performance improvements, see new Show Stat Mail, and new router task detail.

New Policies features

There are several new features related to policies in Version 8.5. An overview of these features are presented in the following sections.

New Dynamic Policies

Dynamic policy assignment is a new option for assigning explicit policies that allows you to assign policy settings to individual users and groups just by specifying the appropriate user or group name in a policy document. You are able to "set it and forget it" as far as the policy goes. As the organization changes, you only need to update the Group document. If a user changes jobs or organizations, you do not need to determine which policies need updating. The updated group information is applied the next time the effective policy is calculated for any users in that group.

File Server Roaming Policy Settings

A new Roaming policy settings document has been added in support of the file server roaming and IBM® Lotus® Domino® server roaming functionality introduced in this release for the IBM® Lotus® Notes® 8.5 and greater standard configuration user. Notes standard configuration user roaming, and this policy page, are introduced in this release.

New Widgets Policy setting

A new setting has been added to the "Enable provider IDs for widget addition" and "Restrict provider IDs for installation/execution" Widgets policy page settings to allow for widgets that deploy client plug-ins. The setting, "com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" is also available for the equivalent Eclipse preference settings in the plugin_customization.ini file.

Additional Window Management settings in Desktop Policy

The desktop policy settings document contains additional Window Management settings. On the Preferences - Window Management tab, the setting "Display sidebar" controls whether the sidebar displays on the Notes Client user's desktop. There are new "Hide" settings for several sidebar panels including Feeds, Day-At-A-Glance, Activities, Sametime Primary Contacts, and My Widgets. To review all of the new Window Management settings, see the topic Creating a desktop policy settings document.

Administration policies for Lotus iNotes

Domino administrators can use administrative policies to set or to enforce mail, desktop and security settings for Lotus iNotes users. When applied to a user, these mail settings lock down the associated user preferences in Lotus iNotes. (Note that any existing policies previously assigned to Lotus iNotes users will be enforced.)

New Security Features

The following sections describe new security features available in Notes and Domino Version 8.5.

Notes Shared Login

IBM Lotus constantly works at reducing the Total Cost of Ownership (TCO) and security is no exception. One key security feature contributing to this objective is Notes Shared Login, by meeting the following goals:

Reduction of the number of passwords the users need to remember
Elimination of the Notes password prompt ("single sign-on")
Elimination of the need for Lotus Notes ID password management

NOTE: As of now, for Notes 8.5, the only operating system supported for Notes Shared Login is Microsoft Windows. Linux and Mac are currently under consideration for a future release.

Notes Shared Login relies on the operating system's login credentials. These credentials are used to unlock the Notes ID file, so when the user logs into Windows, no Notes password is required to start the Notes client, and there's no password to synchronize. In the background, the Notes ID still authenticates to a Domino server using the client/server certificate-based authentication, just like before. The password management tasks are now controlled by Windows policies. For users using Notes Shared Login, the Notes password policies in place are simply ignored and the User Security dialog box does not display fields relating to Notes passwords. The only settings considered are the ones under "Password Management - Notes Shared Login" tab.

To protect the ID file that is Notes Shared Login-enabled, the Windows Data Protection API (DPAPI) is used. When an ID file is configured for Notes Shared Login, a complex "secret" is generated to protect it. Then, it is encrypted with DPAPI using additional application-specific entropy. The encrypted "secret" is then saved in the Windows user's profile directory. The Notes ID file is encrypted with a bulk key which is derived from the "secret", then saved.

NOTE: It is recommended to use an ID backup system to backup Notes Shared Login-enabled ID files for recovery. The use of the Lotus Notes ID Vault is recommended as it supports Notes Shared Login-enabled ID files and is a supported configuration.

Notes ID Vault

The other security feature contributing to lower the Total Cost of Ownership (TCO) is the Notes ID Vault. The Notes ID Vault is a server-based application used for storing and managing protected copies of ID files. Changes made in one copy of the ID file will resynchronize immediately with the ID file in the vault. Notes clients check periodically to see if the ID in the vault is different from their existing local ID. If it is, it resynchronizes it automatically and transparently to the user. If you need to deploy Key Rollover to your users, the ID vault will automatically distribute it to all users with no additional configuration required, with no confusing dialog boxes presented to the user. Renames and organizational moves will be automatically performed directly in the vault by the Notes 8.5 Administration client, with no additional configuration required.

The ID vault is secure. It provides protection against the use of an unauthorized vault with the creation of a vault trust certificate from the certifier ID. It has mechanisms to protect it against unauthorized downloads of IDs, unauthorized password resets, unauthorized access to vault content and unauthorized access to data transmitted over the network.

Here are some benefits of implementing this feature:

Simplify the provisioning of Notes ID credentials
Streamline the process of resetting forgotten passwords
Manage changes across multiple copies of Notes ID files (office workstation, laptop, home workstation, etc)
Make the use of ID files transparent to the end-user

Notes ID Vault has the following capabilities:

Upload copies of local ID files automatically to the vault for existing users
Register ID files automatically to the vault for newly created users
Reset password when a user forgets it, either by the Help Desk or by a self-service application
Synchronize ID files across multiple workstations
Auditor function available to gain access to encrypted data
Mark ID files as "Inactive" through AdminP when deleting users or directly in the ID vault

XPages security

Control the execution of XPages on a server the same way in which you control execution of agents.

Using gzip on the web

Gzip is a patent-free method used for compressing files. The RFC 1952 standard allows for 2 compression methods, 'deflate' and 'gzip'. With Domino 8.5, the Domino Web server will serve files compressed by gzip (GNU zip) by default. This feature allows the Domino web server to reduce the traffic sent to the client web browser when they access a web page. When you reduce the traffic, you improve the speed of your web pages. Static html, CSS and JavaScript files can be all compressed to gzip.

The Domino 8.5 web server will serves files compressed by gzip (GNU zip) under the following conditions:

Support is not disabled with the NOTES.INI setting: HTTPDisablePreCompressedGzipFiles=1.
The name of the gzip file is the same as the original file but has an extension of .gz. ( original= stlinks.html, gzip=stlinks.gz)
Both the original file and the gzip must be in the same folder on the server.
The original file is not newer than the gzip file.
The browser must provide gzip support, this is the default for most browsers.
The MIME Content-type of the file must match text/* (all subtypes of type text) or application/* (all subtypes of type application).

Note: The server does not support sending a range of bytes for gzip files.

Automatic creation of gzip files

New for Domino 8.5.1 is the automatic creation of the gzip files. Now you don't have to manually gzip the files and move them to the server. The settings have also changed, along with additional notes.ini entries. The NOTES.INI settings are only used if the server document has the "Load internet configurations from server/Internet documents" set to "disabled". So if you use the Web Site documents, then don't use the NOTES.INI settings! Prior to Domino 8.5.1, you could enable or disable gzip compression using a NOTES.INI file setting.

The Domino 8.5.1 Web server serves files compressed by gzip (GNU zip) given the following conditions:

Compression is disabled with the setting "Compress output" on web site documents or HTTPDisablePreCompressedGzipFiles=1 (when no Web Site docs)
The name of the gzip file is the same as the original file but has an extension of .gz. ( original= stlinks.html, gzip=stlinks.gz)
Both the original file and the gzip must be in the same folder on the server. .
The browser must provide gzip support, this is the default for most browsers.
The MIME Content-type of the file must match the included MIME types specified
The MIME Content-type of the file does NOT match the excluded MIME types specified.

Note: The server does not support sending a range of bytes for gzip files.

Settings for gzip

You can either use the Notes.ini settings or the Web Site documents but not both. The settings are the same for either method.

The Domino Web Server is configured on the Web Site document under the Configuration tab in the "File System Compression Settings" section and on the Domino Web Engine tab in the "Compression Settings" section. You need to configure gzip support for each Web Site document you have.

Remember you need to restart the web server for the changes to take effect regardless of the settings method you use.

On the Configuration tab:
File System Compression Settings

Field	NOTES.INI
Compressed files - Enabled / Disabled	HTTPDisablePreCompressedGzipFiles=1 / 0 (1 to enable)
Choose Enable if you want the Domino HTTP server to check for and serve gzip (GNU zip) compressed versions of static files and to activate other compression settings on this tab.
Include MIME Types	HTTPIncludeMimeTypes=text/;application/
Specify the types of MIME files that can be considered for compression. MIME types that are specified in the "Exclude MIME type" field will not be compressed even if they fit the parameters of MIME types to be included for compression.
Exclude MIME types	HTTPExcludeMimeTypes=application/x-gzip;application/x-zip
Specify the types of MIME files to be excluded from consideration for compression. File types specified here should be a subset of those types specified in the "Include MIME types" field.
Create compressed files	HTTPCreatePreCompressedGzipFiles=1
Choose Enable if you want the Domino HTTP server to create gzip (GNU zip) compressed versions of static file system files. Compressed files are created when they do not exist or the uncompressed version of the file has a time-date stamp that is later than the compressed version of the file.
Wait time out	HTTPCompressWaitTime=500
Specify a maximum wait time out. Allows you to change the time-out for a pending HTTP request that is waiting for compression to complete. The default setting is 500 milliseconds.
Minimum file size	HTTPCompressMinFileSize=500
Specify a minimum file size of files to be considered for compression. The default is 300 bytes. If a file is smaller than the minimum file size specified for a file, a compressed file is not created.

On the Domino Web Engine tab:
Compression Settings

Field	Action
Compressed output	DominoGzipEnabled=1
Allows you to enable compression for Domino Web engine output. The default is disabled.
Include MIME Types	DominoIncludeMimeTypes=text/;application/
Specify the MIME types to consider for compression. To enter multiple MIME types, separate each type with a semicolon (;).
Exclude MIME types	DominoIncludeMimeTypes=application/x-gzip;application/x-zip
Specify the MIME types to be excluded from consideration for compression. These MIME types are excluded even if they are also in the DominoIncludeMimeTypes list. To enter multiple MIME types, separate each type with a semicolon (;).
Compress to file threshold	DominoGzipCompressToFileThreshold=1
Specify the minimum size of content that will be compressed to disk. If response content is greater than the value of this setting, the compression of the content will be done to a temporary disk file to reduce process memory usage. The default setting is 1 MB.
Minimum compress content length	DominoGzipMinBytesToCompress=500
Specify the minimum size of content that can be compressed. The default setting is 300 bytes.