We ran out of time during our April webinar for the Q&A session, so this blog presents all of the questions and answers for you. Again we thank Heather, Roberto, Serdar and John for providing more detail on this interesting topic, and a big thanks to Daniel Nashed for helping with some of these answers too.

Before the Q&A however, we have some additional goodies for you. Heather and Roberto have put together a blog on some details they didn't get to in the slides.

Also, Serdar has a correction on the slide about the java.pol file. Apparently, after V11, HCL Domino is no longer using the “java.pol” file, also noted by Per Henrik Lausten previously. After V11, you need to use “$user.home/.java.policy” file. Please refer to the relevant technote https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085173.

And now, onto the Q&A from our audience:

Q	Is it easy to scrap then rebuild an ID vault in Domino?
A	The best practices approach is to build an ID Vault as soon as you create a server and make a replica of the resulting ID Vault database. Having said that, Yes, you can scrap an ID Vault and then go through the process of creating a new one.
Q	I can’t find the password to my ID Vault. How much trouble am I in?
A	Definitely you are in trouble. The only option is to create a new Vault.
Q	Personally I think it's good practice to use OU's to separate servers and signer IDs from the User IDs. /SRV/ACME, /QA/ACME, /USR/ACME. Context: The purpose of the comment during the webinar was with regards to keeping the architecture simple.
A	O and OU organization is definitely subjective. The purpose of the comment during the webinar with regards to keeping the architecture simple, which would be ideal for a small deployment. However, for a large deployment in a company that is federated, OUs may indeed lend themselves for allowing secure distributed administration and end user categorization. Overall, just like server platforms, there really is not a best practice here. Also a best practice is to make a backup of all cert IDs along with the passwords. Your future self will thank you.
Q	Is the notes client able to connect to a domino server created on an openshift container that has the port 1352 exposed in a reverse proxy way ? I know it is complicated, but I'm just asking if it is possible.
A	We went straight to Daniel for the answer on this one. Today there is no supported solution available. HCL is aware of the need however, hearing this request from Business Partners already.
Q	We want to move all on premise servers into the cloud, on openshift, containers, using the Daniel Nashed script. We somehow don't want to recreate the environment from scratch is there a best practice to this kind of migration?
A	Another question that we went to Daniel to ask. His response: This is really difficult to answer. It is less about a Domino migration and more about learning the best way to implement and use OpenShift. Once you have OpenShift configured correctly, this is a normal Domino migration. But the key challenge is to get the right OpenShift configuration.
Q	What tool do you use to analyze NSDs and crashes?
A	Generally Admins will use their eyes and experience. The key things in an NSD are to find the PID and TID that crashed and the call stack of the PID and TID. John mentioned encouraging people to use the Fault Analyzer Task and setting up your environment for fault data collection as Heather had mentioned, so that you can identify patterns that lead to crashes if you are experiencing a high number of outages.
Q	Do you recommend different a Notes network port for cluster traffic?
A	Yes :) It will depend on your environment and available resources of course, but ideally, Yes.
Q	How about HCL SafeLInx as front end for Traveler Server?
A	Absolutely. HCL SafeLinx can manage and redirect incoming requests from Traveler clients to Traveler servers.
Q	Is LE4D going to be part of Domino v12?
A	No, but the new CertMgr application will have the same features and much more. LE4D works only with the LetsEncrypt Ca, while the new app will work with any CA.
Q	For 443, how do we let Java agents know, where are the certificate files? .kyr, .sth files
A	If the question is about connecting to HTTPS targets when the remote certificate is untrusted, this is documented here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0035853
Q	Serdar, your thoughts on using Basic Authentication for REST services (naturally on HTTPS)?
A	Basic Authentication has inherent security flaws in various scenarios. For example, it’s easily decoded once intercepted, it has a large attack window as it’s transmitted for every request, etc. HTTPS will definitely help but still there are reasons to be uncomfortable with it. In some cases, it would be acceptable with reasonable precautions. Such as a securely containerized consumer in a closed network would provide a more secure architecture. In less controlled environments it’s still possible to implement cookie-based session-authentication for RESTful consumers. The only problem is, it has some non-standard behaviours. Eventually, OAuth2 support would be ideal for the future.
Q	The value of 'redirectTo' in the post could be validated or rewriten?
A	I have seen pen test issues related to RedirectTo parameter. In certain cases this parameter might be considered as a security vulnerability. I created an idea (https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-273) about this a while ago. There is also another notes.ini param “DominoValidateRedirectTo=1”. Refer to this technote: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0037962
Q	If a java agent on the web gets "Out of Backend Memory" error - which size needs to be increased? It occurs when JVM Heap Space indicates ample memory still available.
A	When a java agent is called through Web, it’s run by the HTTP task. So HTTPJVMMaxHeapSize is the setting to adjust.
Q	java.pol should be used for Domno Volt, I suppose. Rather than modify java.policy
A	After v11, HCL Domino does not use the java.pol file anymore. Instead, you need to use “$user.home/.java.policy” file. Please refer to the relevant technote: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085173.
Q	We have never implemented ID Vault, what is a good document that helps explain everything and has detailed steps of the process to implement? I am the only admin so want to make sure I don't mess it up.
A	The documentation explains in details how an ID Vault works and all the steps needed to set it up, start from here https://help.hcltechsw.com/domino/11.0.1/admin/conf_notesidvault_c.html
Q	There used to be a notes.ini analyser at http://www.lntoolbox.com/en/online-tools/notes-ini-analyzer.html did anyone use this and is it still alive ?
A	That website seems to be not active anymore
Q	What is the best current resource for notes.ini settings? I recently ran into a setting that caused a problem on the server and I eventually found out that the setting had been deprecated and replaced by a new setting in the NSF.
A	The HCL Notes and Domino documentation available on the HCL website should be considered reliable. For example, the following page is for notes.ini parameters related to Traveler 11. https://help.hcltechsw.com/traveler/11.0.0/List_of_Notes_ini_settings.html. And this one is for notes.ini parameters that may be set in the Domino Configuration document https://help.hcltechsw.com/domino/11.0.0/conf_notesinisettings_c.html

Posted by Graham Acres At 5:25 PM Location | Permalink | Comments (0)

Please join OpenNTF at an open online gathering to remember our co-founder and friend, Nathan T. Freeman.

We will host an open GoToMeeting for everyone in the Community to join and share their memories of Nathan, this coming Friday, from 1:00 - 2:00 PM EDT. You may use this link to join the meeting: https://www.gotomeet.me/howardtlcc/nathan

Nathan's vision led to the forming on OpenNTF as a free, open source service to the Notes and Domino community. His leadership made it happen, and also he backed it up by contributing code, sharing ideas, and pushing IBM, all while giving his time freely on the old XPages Skype chat that he was a regular participant in. User Groups were another way to share, and he has numerous presentation to his credit, sharing his knowledge with the community.

We have already seen some wonderful memories of Nathan shared by various members of the community, all with the theme of his generosity, and his unique grin. Please join us to share more of these stories.

Posted by Graham Acres At 9:59 AM Location | Permalink | Comments (0)

Dear Friends

Today, we have lost our Co-Founder Nathan T. Freeman. Nathan was a fighter, an inspiration and a visionary. As one of the Founders of OpenNTF, he had a huge influence of how and what OpenNTF has become. Beside his contribution as a leader, he has also done the hard work of contributing code. Code that will be a part of his legacy to us. He had always a strong opinion and therefore also strong arguments. Disussions with him where always fun and intense at the same time.


I remember, when I was speaking together with Nathan at a Notes User Group Event in Denmark. We had a nice chat about our families and what we are doing beside the crazy programming stuff. At that moment, I figured out that Nathan cares more about who I am then what I do. So let us do the same. Let us keep in our memory who he was and who he was to us. We will miss you!

Today, we as OpenNTF ask you to give something back and support Nathan's family. So please support: https://www.gofundme.com/f/ntf-needs-your-help


Christian

Posted by Christian Guedemann At 11:36 PM Location | Permalink | Comments (0)

We ran out of time during our March webinar for the Q&A session, so this blog presents all of the questions and answers for you. Again we thank Thomas, Maxx, Theo and Tom for providing more detail on this interesting subject.

Q	Is it possible to create from a NotesDatabase within Nomad a kind of shortcut on the 'AndroidOS desktop' which links direct to the application within Nomad? (so the user does not need to open Nomad to access a database)
A	Yes. See Maxx's demo during the webinar as he showed how to do this.
Q	Will Nomad Mobile also support SAML / TOTP ?
A	Currently Nomad Mobile does not support SAML / TOTP. HCL is considering this. Please use the AHA site to share your voice for this functionality. Note that Domino will support two-factor authentication. This is a lot of work but is on the list of things HCL is looking at for Nomad Mobile.
Q	Which version of the Designer is needed for "Mobile Actions buttons"?
A	Domino Designer V11 and later
Q	Just to confirm, Hide Column from Mobile only apply to view column, not table column ?
A	Correct. However, you can design an application with logic that will hide and show table columns exactly the same as you would for a standard Notes client app.
Q	Does nomad web respect the "web browsers" settings selected in the designer?
A	Nomad Web is a different story and is not part of today's topic.
Q	What port does Nomad use? (mobile? web?)
A	Nomad mobile uses the NRPC protocol on port 1352, the same as your Notes client. In combination with Safelinx Proxy it can also use port 443 (=HTTP/S). Nomad Web will only work on port 443 and will require the Safelinx proxy
Q	s it possible to change from a vpn/nrpc configuration of the nomad app to the SSL/Safelinx configuration?
A	See answer above.
Q	Are these changes to enable responsive applications already supported by the latest Nomad build on Testflight so that i could start evaluating them once i get my hands on Domino Designer 12?
A	No, not yet available on Test Flight. Will be available closer to when V12 ships.
Q	Are there plans for a kiosk type mode, or the ability to launch straight into a specific application from the phone home screen?
A	It has been requested - please vote for this idea https://domino-ideas.hcltechsw.com/ideas/ideas/DMA-I-151
Q	Currently, is there any way to capture a user's handwritten signature using Nomad on a mobile device?
A	Not yet, but planning to provide this feature soon. If you like this idea, please vote for it: https://domino-ideas.hcltechsw.com/ideas/DMA-I-6
Q	Are calendar views supported?
A	Yes
Q	In V12 will you update the classic standard templates Journal / DocLib and Discussion to play nicely with Nomad? These templates are HCL showcases and are still useful !
A	Yes. This needs to be done but it will be done in stages. The work has begin but is so far incomplete.
Q	Can you open a Nomad document from a Notes Doc link in Verse/Traveller email.
A	Yes
Q	How can we (technically) design an application which looks nice in iOS and Android? Best practice?
A	Look up the Wine Tasting project on OpenNTF, and see how we did it (in designer). Lots of tips in there. Also worth keeping an eye on the HCL Digital Solutions Academy as they develop best practices documentation for all HCL Digital Solutions products.
Q	What is the current version of Nomad mobile? and what version of Domino server supports Nomad Mobile?
A	You will always find the current version of the apps in the iOS App Store and the Android Marketplace. They happen to be numbered differently but they will always be current. Technically Nomad Mobile may communicate with all supported versions of the Domino server. Note that it is best to have ID Vault implemented on the server. Note also that Domino Designer V11 is necessary to use the new checkboxes that offer specific Nomad functionality to do with swiping right and left.
Q	What is the most efficient way to get some nice looking icons/images suitable for the OS?
A	Nothing special. Google searches for icons that work best on iOS and Android. HCL is using the Carbon Design System for icons, and you may incorporate these icons to make your apps look consistent.
Q	Have you found a method for importing items from the android file system. looking at saving a customer signature and then loading it into the notes application.
A	There is no documented method to do this right now. Please add/vote this on AHA.
Q	Selection in view like zip code not easy to do like type ahead to specific town.
A	This functionality does not currently exist. Please add/vote this on AHA.
Q	Seach in view list please. This dosen't work as well as in the Notes client.
A	Again, please add this on AHA and have people vote on it.
Q	Can we expect to see scheduled replication soon?
A	Scheduled Replication is a prioritized feature. We are unable to provide time estimates at this time.
Q	Any plans to make the name picker more mobile friendly?
A	Yes, we plan on improving the Name Picker experience. On Phones the dialog is particularly challenging. If you use the Name Picker on a phone, then I would recommend interacting with the dialog with your device in landscape orientation.
Q	Where can we get the updated Discussion template ?
A	See here: HCL Template Experience Project
Q	Does Nomad Mobile work with XPages?
A	XPages are not supported inside Nomad, but of course you can use your XPages apps in your browser.
Q	How close are Nomad Mobile apps to be considered a PWA?
A	Nomad Mobile apps are not PWAs. There is no plan to support Nomad Web running as a PWA on Mobile platforms.
Q	Can Nomad be setup for multiple users on the same device?
A	You are not able to switch the user on mobile devices. This is more of a limitation from the hardware manufacturers. There is already an AHA request that you can up-vote if you wish. HCL sees the value in the use case. please vote for it on AHA.
Q	Is there is a way to manage a notification in the mobile system
A	There currently is no way for an application to manage notifications going to the device. However, this is an interesting request and would be a nice way to extend the device capabilities of Notifications to the Domino application. Please add your request to the AHA forum to be voted on. Specifics on the use case that you are looking for would be very helpful in that post. https://domino-ideas.hcltechsw.com/ideas?project=DMA

Posted by Graham Acres At 10:56 AM Location | Permalink | Comments (0)

OpenNTF Webinar - Domino Administration Best Practices

While installing a new HCL Domino server is a relatively straight forward task, configuring the server properly requires knowledge. Lacking this knowledge means that several key steps may be missed resulting in a server with potential security and performance issues. Additionally there are several key features that will save you time on administration of the server. Domino server settings also affect the performance and security of custom applications. Even if you are a developer you should be aware of the options available when configuring a server.

Join our incredibly experienced presenters as they share their many years of Domino expertise. They will cover the finer details to correctly setup a Domino server environment that is optimized for performance, security and sustainable administration. Plus use this information presented in this webinar to modify and improve your existing server environment.

Presenters:
Heather Hottenstein, HCL Ambassador
Roberto Boccadoro, HCL Ambassador
Serdar Basegmez, HCL Ambassador

Additonal Panelists (Q and A)
John Paganetti, HCL

This webinar will take place on Thursday, April 22, 2021 at 11:00 AM (New York time) to 12:30 PM. There will be time for questions at the end.

To register for this webinar go to https://attendee.gotowebinar.com/register/8784371542445648910

Posted by Jesse Gallagher At 2:39 PM Location | Permalink | Comments (0)