In thisAppendix A, we look at several vendor offerings that could extend your Lotus Notes/Domino 8 environment. The information contained in this chapter is provided by the vendors themselves. For more information, consult the respective vendor's website.
PistolStar, Inc. is a password management software solutions provider specializing in IBM software platforms, with a core focus on the Lotus software suite. Many of PistolStar's senior-level developers are from Iris and Lotus, bringing in-depth knowledge and first hand experience to Password Power 8's plug-ins.
PistolStar's Password Power 8 plug-ins expand the authentication and password management capabilities of Lotus Notes/Domino 8. The Notes ID plug-in offers SSO and seamless redirection of the Notes ID file's authentication to LDAP compliant directories (e.g. Microsoft Active Directory, Novell eDirectory, Tivoli Directory Server). Likewise, the Domino plug-in offers HTTP SSO to Domino and seamless redirection of HTTP authentication to LDAP-compliant directories as well. TheWeb Set Password Plug-in (WSP) offers great control over the management of the Domino Internet password if it is vital to the current authentication processes. Below is an outline of the functionality available with each of PistolStar's Password Power 8 plug-ins as they pertain to Lotus Notes and Domino 8.
To achieve PistolStar's definition ofSingle Sign-On (SSO), we start at the desktop with the Windows session. We leverage Microsoft Active Directory and Novell eDirectory — both significant technologies in Windows-centric computer environments — by enabling use of either of their passwords at the initial computer login to access all Domino server applications in multiple domains and the Notes client. With this capability, the number of times an end-user must supply logon information during a Windows session is reduced to a single instance.
The Domino plug-in provides end-users with SSO access to all applications on Domino servers, creating convenience and saving login time. The Domino plug-in now offers two methods for SSO capabilities: Kerberos or proprietary cookies, both of which optionally allow authentication utilizing a Personless NAB.
Enabling SSO to Domino HTTP servers via Kerberos requires connectivity to a central Key Distribution Center (KDC). In Windows, each Active Directory domain controller acts as a KDC. Users authenticate themselves to services (e.g. Domino servers) by first authenticating to their Windows machine using a domain account, then requesting encrypted service tickets from the KDC for the specific services they wish to use. This last step is performed automatically by the user's web browser. Only the service (and the KDC) can decrypt the service ticket to get the user's information. Because only the KDC could have created the service ticket, the service knows that the user must have also authenticated to the KDC so it can trust the user credentials in that ticket.
Alternatively, to enable SSO to Domino HTTP servers, a web browser toolbar creates client-side cookies with encrypted credentials for each of the Domino servers listed in the Password Power configuration file. Accessing a Domino server through a web browser automatically sends the corresponding cookie with the request. These same cookies can also be used to grant SSO to IBM Lotus QuickPlace and Sametime, IBM WebSphere and WebSphere Portal and SAP Netweaver. These in-memory session cookies have a configurable expiration interval that defaults to 12 hours. When the end-user closes the browser, logs out or shuts down Windows, the cookies are automatically destroyed.
The Domino plug-in also supports a Personless NAB allowing the end-user to logon to Domino HTTP with their network directory (e.g. Microsoft Active Directory) credentials to access all Domino HTTP solutions, including Lotus iNotes, Sametime, QuickPlace, and Domino Web applications. Browser-only end-users no longer need a duplicate set of Person documents as the Domino plug-in requires that the end-user be defined only once in Active Directory (users of the stand-alone Notes client would still need Person documents to support encryption and signatures). The Personless NAB approach also leverages Domino's Directory Assistance, which allows an end-user access token to contain their Active Directory name and any Active Directory groups to which they belong. The central role in this approach is performed by a DSAPI filter which can give SSO and overrides the normal authentication process, which checks the username and password against the Domino Directory.
This functionality solves many of the username mapping issues associated with authenticating against remote directories without requiring changes to the LDAP server accounts or Domino Directory. Redirecting web authentication requests from the Domino Directory to a different LDAP directory also eliminates the need to maintain or synchronize the Domino Internet password, as its presence and upkeep are no longer required. This functionality extends to affect all Domino HTTP authentication including QuickPlace and Sametime.
Lotus Domino 5/6/7/8
Microsoft Windows NT, 2000, 2003
IBM AIX 5.1 and higher
IBM System i V5R3 and higher
All x86 Linux distributions
Sun Solaris SPARC 9 and higher
LDAP Server - Microsoft Active Directory, Novell eDirectory, SunONE/iPlanet, Domino, Tivoli Directory Server
SAP Netweaver 2004 (optional)
WebSphere 5.1+ (optional)
WebSphere Portal 5.1+ (optional)
PistolStar's Password Power Notes ID plug-in removes the need for separate passwords and repositories for the Notes ID file by configuring the Active Directory as the central password authentication point for accessing the Lotus Notes Client, thus eliminating the need to separately maintain the Notes ID password.
The Notes ID plug-in provides synchronization between Active Directory and the Notes ID File and allows forgotten Notes ID file passwords to be automatically recovered and resynchronized with the Active Directory.
With PistolStar's Password Power Notes Id plug-in, a successful authentication to Microsoft Active Directory, Novell eDirectory, Lotus Domino LDAP, Tivoli Directory Server or Sun ONE LDAP grants access to the Lotus Notes client. This effectively eliminates the manual Notes ID password recovery by allowing a reset of the LDAP password to restore access to Lotus Notes. Password synchronization between LDAP and the Notes ID file is always performed for times when the LDAP server is unreachable.
This plug-in synchronizes multiple passwords via a web browser. This allows end-users to synchronize Windows, HTTP, LDAP passwords and Notes ID File. This increases security because having only one password to commit to memory decreases the likelihood end-users will write it down and become a target for internal intruders.
Lotus Domino 5/6/7/8
Microsoft Windows NT, 2000, 2003
IBM AIX 5.1 and higher
IBM System i V5R3 and higher
All x86 Linux distributions
Sun Solaris SPARC 8 and higher
Lotus Sametime 3.1, 6.5.1, 7, 7.5 (optional)
Lotus QuickPlace 3.1, 6.5.1, 7 (optional)
Domino.doc 6.5.1, 7 (optional)
The Password Power 8 Web Set Password plug-in (WSP) offers the following security features:
Force an SSL connection for logins: WSP can ensure end-users' credentials are submitted via SSL. If an end-user tries to login through HTTP instead of HTTPS, WSP forces login with HTTPS by redirecting the end-user to a HTTPS connection.
Dictionary lookup functionality: Allows administrators to enable a dictionary lookup to prevent users from setting pre-specified (unacceptable or easily guessed) passwords, such as company name. The lookup can be added in three ways: Notes database, JavaScript, or both Notes database and a list accessed through JavaScript.
Password quality: With WSP, Administrators can configure several fully customizable password 'strength' rules.
Password quality check on both client and server sides: With WSP, client side checking does not access server and is done through JavaScript requiring less server loan and network traffic. Server side checking can use @PasswordQuality instead of JavaScript (requires a trip to the server) to determine if a new password is acceptable. This allows administrators to set minimum password quality (0-16) and any new password must, at a minimum, equal this quality.
Disqualify username as password: Administrators can prevent new passwords from containing variations of the end-user's username, a typical password choice that is easily guessed by network intruders.
Password expiration grace period: WSP lets Administrators select a grace period or a timeframe in which end-users must change their passwords.
Disable Internet Explorer Auto Complete: Administrators can prevent Internet Explorer Auto Complete feature from offering a list of previously used entries. When enabled, this applies to all WSP fields and only affects IS5.0 and higher. This feature prevents internal intruders from easily accessing the password from the drop-down menu of previously used passwords.
Prevent similar password use: WSP's 'Prevent Similar Passwords' JavaScript Rule checking disallows use of similar passwords during password resets.
Confirmation requirement for self-registration: With WSP, an email is sent to the end-user with a link to a confirmation page for self-registration. On this page, end-users are prompted for their email address, which affects creation of the Person Document in the Domino Directory.
WSP also includes auditing features. These include:
Store last login date and time: Allows Administrators to track the date and time an end-user last logged in data that is stored as a new field in the Person Document. Administrators can also elect to record more detailed information to be sent to the WSP database, such as username, end-user's IP address, URL requested and server name.
Enable Strikeout logging functionality: Strikeouts can be logged to a database so Administrators see when failed attempts occurred.
Log invalid usernames: Administrators can enable logging of invalid usernames to the mail-in database. The information included in this report is:
IP address of computer that made the request
URL requested by the user
Username used
Password given
The WSP-specific function the user attempted to accomplish (log in, set password, and so on)
The server on which the attempt occurred
The time the attempt occurred
Enable 'set password' logging: In WSP, Administrators can enable logging of successful 'Set Password' events to the mail-in database.
WSP also includes Help Desk productivity features. For example, WSP's Help Desk Manager Utility allows Help Desk personnel to manage end-user passwords without full access to WSP's configuration data. This database includes several actions (the Unlock Agent item is actually an agent, not a button):
Unlock User unlocks end-user accounts that have been locked by WSP's strikeout function utility.
Email Random Password: generates random value passwords and emails them to the end-user. This can also be used automatically send multiple end-user's blank passwords.
Reset Password resets the HTTP password to a new value when an end-user does not have an HTTP password, has forgotten it, is unable to reset it themselves, and does not have a Notes client.
Expire Password forces end-user to change their HTTP password the next time they log in to Domino through a Web browser. This is useful when password policies change.
Reset WSP Fields resets end-user accounts as if they had never accessed WSP.
Set Expiration Date provides a one-time override of WSP's expiration functionality. This is useful for exempting end-users from resetting a password.
Unlock Agent unlocks end-users automatically every x number of hours.
In addition, WSP offers the following features designed to assist Help Desk personnel:
Enable customized HTML: With WSP, Administrators can write customized messages to end-users to prompt them through the login process, reducing end-user confusion and subsequent Help Desk Calls.
Email Random Password Functionality: Allows Administrators to generate random passwords that are automatically emailed to new end-users. This is both an administrative time-saver as well as a security feature because the administrator never sees the password. WSP enables customizable expiration options for the new password as well.
Support localization: Administrators can configure all UI screens in any language without use/knowledge of Domino Designer. Administrators can easily modify logon screens to ensure that customized messages and prompts are understood by the end-user. Localization reduces Help Desk calls by minimizing end-user confusion.
Enable customized disclaimer messages: Administrators can create a disclaimer message that the end-user sees upon logon. This feature can be used to display corporate network usage instructions for sensitive Websites and resources (i.e., password protected).
Easily configurable user interface: All WSP screens seen by the end-user are configurable without knowledge/use of Domino Designer. Through a user-friendly interface, screens can be modified with logo insertion, font and color selection, and editing of HTML seen by user.
WSP Unlock Utility: WSP's strikeout functionality is an important part of securing the authentication process. When enabled, the end-user is no longer able to log in after a pre-set number of attempts. The WSP Unlock Utility allows Help Desk personnel who do not have Editor-level access to the Domino directories to unlock end-users who have struck out.
You can now delegate unlocking of strikeouts to Help Desk personnel with less security clearance. This is especially beneficial to companies with employees in different time zones, when employing Help Desk personnel with a high-level of security clearance around the clock is costly. The end-user does not have to wait for support and the company can maintain security by granting Editor-level access to fewer personnel.
WSP also offers end-user productivity features. For instance, WSP's challenge, question, and answer functionality allows the end-user to recover passwords without Help Desk assistance. This feature stems potential security breaches that occur when Administrators e-mail passwords to end-users or when they give out passwords to end-users over the phone. Challenge questions are customizable.
WSP also allows end-users to create their own user accounts without administrator involvement. If more complex workflow around account verification is necessary, self-registrations can be set to require either end-user confirmation (to prevent automated account creation bots) or approval by an internal user.
For more information about PistolStar and Password Power 8 plug-ins please visit our websitewww.pistolstar.com. Or you may contact:
PistolStar, Inc.
PO Box 1226
Amherst, NH 03031 US
(603) 546-2300
As a Notes/ Domino developer, you must be familiar with the limitations of reporting from Notes and Domino data. Common approaches include using Notes scripting or external reporting tools to transform the data into meaningful reports that can be accessed on demand by end users.
This section provides a quick overview of the two methods, their inherent limitations and provides an introduction to IntelliPRINT, the only effective reporting solution which is native to Notes and Domino. The section on IntelliPRINT lists a few of its key features which make it an effective solution for addressing the need for reporting from Notes and Domino data, in a holistic manner.
There are two common approaches generally followed by organizations to report and print data from Notes and Domino.
Notes professionals often prefer to create and manage their reports programmatically using Lotus Script. This approach ensures that data security and integrity are preserved, the business context is inherited, and the Notes application workflow is kept intact. While it overcomes many limitations set by non-native reporting tools, reporting using Lotus Script does have a few limitations:
Time Consuming: The time taken to create reports may vary from several hours for basic reports to several days for complex reports.
Significant overhead on IT: Programming requires highly competent Notes developers to design and manage the reports. This imposes time and effort overheads on the IT team.
Limited Reporting Functionality: Visual representation of data in the form of charts is not supported, and even tabular reports often require the creation of additional views.
This approach is time consuming, expensive and end-user unfriendly. In most situations, user request for reports cannot be met due to the effort involved in producing the report and the poor presentation quality of the reports.
There are a wide variety of report creation tools with extensive functionality that are available for use with Notes and Domino. However, most of these are not native to the Notes and Domino framework. These tools connect to Notes data by using ODBC drivers or by exporting Notes data to other formats such as spreadsheets. Limitations posed by these approaches include:
Security: Once data leaves the Notes environment via ODBC, it compromises the robust data security offered by Notes and fails to leverage the Notes ACL which is one of the inherent strengths of Lotus technology. Data integrity is also compromised, as data type definitions are lost when the data is exported from Notes. Furthermore, the exported data can be modified, as most external environments do not provide the robust change tracking inherent to Notes. This compromises the reliability and accuracy of reported data.
Performance: There is a significant performance impact while accessing or exporting data from Notes and Domino through the ODBC connector. The performance degradation results in significant additional hardware investment and compromises business efficiency by considerably increasing system response times.
Inability to use native Notes functionalities: Unique Notes functionalities such as @Formula, multi-value fields, RTF, etc. cannot be used for designing reports
Presents a confusing view of the target database: Notes forms, views and folders are exposed as separate data tables leading to a confused view of the target database
IntelliPRINT started as a printing solution for Notes and Domino and has matured to become one of the best reporting solutions in its current release, which was launched at Lotusphere 2007. It has also been extended to natively support Notes/ Domino 8 while continuing support for Notes versions 6 and 7.
IntelliPRINT Reporting is to Notes and Domino what Crystal Reports was to Visual Basic. It is a native reporting component that is tightly integrated with the Notes and Domino application framework. It is a logical extension to Notes and Domino and lets you use its APIs to tightly integrate the reports within the workflow of your Notes and Domino applications.
As the report format is stored as a Notes document, security settings for report access as well as row level access are automatically inherited from the Notes ACL. The report is then presented as a Notes tab making the reporting workflow integral to your application workflow.
The key features that make it a logical extension of Notes and Domino are listed below and include details of the steps involved in creating a simple report and a complex report.
Consider a scenario where a multi-level cross-tab report has to be created, such as a sales report that shows the sales for multiple products across several geographical regions. The rows would display the sales for each of the regions while the columns would show the product sales across the regions. Creating such a cross-tab by just using Lotus Script would typically entail the following:
Several hours of scripting to create the row and column totals
A script that spans several hundred lines
Creation of additional views in the Notes application, for document selection in the script
Hard coding of the font and color formatting
The same cross-tab can be created with IntelliPRINT Reporting within just a few minutes. The benefits of using IntelliPRINT in this situation include:
Drag and drop creation process that saves substantial time
No changes required in the database
The Notes database would not get loaded with multiple Views
Color schemes can be easily and quickly defined to suit organizational standards
Presentation quality reports that can be printed or exported to PDF
IntelliPRINT thus helps reduce a substantial amount of IT workload for not only creation of the report but also for future changes in the report! The report format gets saved in the host database and can be accessed on demand by authorized users.
Once designed, a report template is stored in the host Notes application or a central report repository. These formats can also be deployed on a Domino server and made available online via a web browser. Report format take very little space to store — typically less than 100KB — and can be opened almost instantaneously.
When a report is viewed, data is fetched from the database and presented in the format as specified in the report metadata. This ensures the report always reflects real-time information. Generated reports can be programmatically stored, for example you could save them into the same Notes database as the application.
IntelliPRINT Reporting integrates seamlessly with the Notes and Domino's existing security framework. Reports are only accessible to users who have access to the applications in which IntelliPRINT is embedded. In addition, report creators can specify access controls for individual reports in addition to the Notes ACLs already present. This means the data in IntelliPRINT reports have access controls enabled for users as well as groups. Report Designers can easily set this up using a form, which will specify access levels for each report. This ensures that your users can access their data within Notes' secure, consistent security model without you having to spend time and effort to setup different systems.
Report templates that have been embedded in the Notes application can be made available to users by just adding Action buttons in the Notes application. Consider the scenario where an employee needs to create time-sheet reports from an HR application. Using IntelliPRINT, the reports can be triggered by 'action' buttons within the application, and directly mailed to users as PDF attachments.
The entire process can be automated on a Domino server using Notes agents that can generate reports automatically at pre-defined intervals, e.g. weekly reports that are generated every Monday. The agent will also handle emailing of these reports to the users.
Automation of the entire reporting system for scheduled reporting provides tremendous benefits to IT personnel as well as the business users. IT no longer needs to spend days working on manual report creation and business users are guaranteed timely delivery of reports.
With IntelliPRINT Reporting, simple tabular reports can be created in a matter of minutes. The procedure below describes the steps involved in creating a simple report. The steps below are to be performed on the Pinnacle Electronics sample database provided with IntelliPRINT Reporting. The database is automatically installed while installing IntelliPRINT Reporting.
To create a simple report using a wizard:
Open the Formats list in IntelliPRINT Reporting Designer, via the Notes Actions menu.
Click New and choose Report. Select the Standard Report Wizard.
In the Report Wizard, use the Edit Database button to define the database from which the report needs to be generated. Click Edit query to start the visual query builder. Select the required fields from the Views listed.
Select the page layout and the report style, and you're done.
And you're report is ready; the Wizard will now place the bands automatically. Click the Preview button to view the final report. You can even adjust the band layout to suit your needs. The entire process takes just a few minutes!
IntelliPRINT Reporting allows you to create a variety of complex reports such as:
Master-detail reports
Multi-database reports
Subreports
Parameterized reports
Cross-tab reports
Charts
Here we will step through the procedure for creating a Master-Detail report; we'll be working with the Pinnacle Electronics sample database that is provided with IntelliPRINT Reporting.
A Master-Detail report connects to a database using multiple queries. The idea is to extract related information from two different queries and print them in the same report. For instance, we can design a report which utilizes two queries - the first query fetches the customer Name and ID while the second query extracts the same customer's purchase details, such as the Product name, Quantity and Unit price.
To create a Master-Detail report:
Open the database from which the report has to be generated. IntelliPRINT Reporting will now use this as the default database automatically.
Open the Formats list in IntelliPRINT Reporting Designer, via the Notes Actions menu.
Click New and choose Report. Cancel the Standard Report Wizard as we'll be designing this report manually.
Add a Notes database connection by selecting Insert | LN Database from the menu. A new icon named LNDatabase1 should appear in Data pane (at the bottom).
Define a Notes query by selecting Insert | LN Query from the menu. A new icon named LNQuery1 should appear in Data pane. Repeat this step to add LNQuery2.
Double-click LNQuery1 to open the Query Builder window, seen below. Expand the View that contains the required fields, and drag the appropriate fields' folder to the Data Fields box to populate it with the list of fields. LNQuery1 is ready. Similarly, define LNQuery2.
Insert the Master Band by selecting Insert | Insert Band | Master Data from the menu options. Use LNQuery1 in the Select DataSet dialog box.
Insert a Detail Band by selecting Insert | Insert Band | Detail Data from the menu options. Use LNQuery2 this time in the Select DataSet dialog box.
Now you can add the required fields from the Data Tree window (on the right side). Just drag and drop the field to the Master and Detail bands
Add a Report Title band and define the title as Master Detail Report.
Your report is ready, click Preview to view your report. To add even more power to your report, you can add objects such as Computed Columns, Images, Charts, Cross-tab tables, Rich Text, Sub report objects, and a lot more.
To sum up, here's why IntelliPRINT Reporting can help you improve the productivity of your reporting system:
Shortened report development cycle
Superior performance because of its native 'designed-for-Notes' approach
Advanced drag-and-drop and wizard-based reporting functionality
Presentation-quality reports that are print-ready as well
Support for native Notes features, including the Notes security framework
All of these make IntelliPRINT Reporting the product of choice for reporting and printing with Lotus Notes and Domino applications.
For more information on IntelliPRINT, please visithttp://www.synaptris.com/go/intelliprint.
IONET are a Wellington, New Zealand based company that have specialised in Lotus Notes and Domino solutions since v3.0. They concentrate on innovative, low-cost products to enhance the usability of any Lotus Notes/Domino environment.
For a demonstration copy of the Incremental Archiver, or more information on IONET or our products, please visithttp://www.ionetsoftware.com.
The IONET Incremental Archiver complements R8 as an automatic archive/restore tool for Lotus Notes data. In the Archiver, we use standard Lotus Notes technologies, but in an innovative way, which is the focus of this article.
Briefly, the Archiver automatically installs, archives, allows users to restore document versions and deletions themselves, and removes production data (including mail). It does this via a combination of Notes replication and a host of other functions that may be useful for any Notes/Domino environment. Coupled with the usability of R8, this makes a powerful platform for your archiving requirements.
The Archiver has been designed to allow users to restore their own data from any date (including document versions), using the source Notes application they are familiar with, be it mail or any other Notes database. This means that the hierarchy of the data (e.g. responses) is preserved and therefore familiar to the user. It also means that the IT Department no longer has to juggle backup tapes to restore user data. The user can also search Archives, providing a 'back-through-time' look at document versions in the Archive.
All facets of the Archiving process are automatically enabled and controlled by the Administrator, Notes security is observed, and full backups can still be taken for Disaster Recovery. In addition, Notes databases no longer need custom Archiving solutions, as data can be simply deleted from the database and remains in the Archive, including document versions. That means you can safely use the 'Remove documents not modified in the last x days' setting to control database size (the Archiver can also remove documents for you according to combinations of dates and @formulas). For the full product description, features and downloads, please visithttp://www.ionetsoftware.com/archiving.
Let's have a look at the main components in more detail. They are:
Setup Archiving: Create the Archiving environment per database
The Archive Process: Locate, Compress, Archive and Remove Data
The Restore Process: View Actions
Searching Archive: Including Search functions i.e. Client JS
To make it easier to administer, the Archiver installation is automated as much as possible. The setup process below is followed for each database included in the Archive:
Add three design elements (an Agent, View and Form) to the production database design. This is performed using the excellent DBDesign LotusScript class from Damien Katz (ex. IRIS). This class treats Notes Design elements as Notes Documents, thus allowing them to be copied between databases using the
CopyToDatabaseNotesDocument method. This library is available via the Sandbox on the Lotus Developers Domain.Create a replica on the Archive Server. This is performed using the
CreateReplicamethod.Set the Replica to not replicate deletions, via the
NotesReplicationLotusScript class.Set the Replica to only replicate documents matching a user-defined @formula, using the
NotesReplicationEntryLotusScript class.Create a copy of the newly created replica on the Archive Server (this copy contains document versions). This is performed using the
CreateCopymethod of the NotesDatabase class.Check there is no scheduled replication (by trawling Directory documents), and that the Replica cannot write back to the Production database (via NotesACL LotusScript methods). These checks are also performed before each Archiving operation to ensure the integrity of data.
Create Full Text Indices of the newly created databases on the Archive Server. This function is not directly possible via LotusScript. However, it is possible to create a separate LotusScript agent (called BuildIndex) that opens a database locally (using
"as the server argument) and creates an Index using theCreateFTIndexmethod of the NotesDatabase class. Using a second agent, you then instantiate this agent and call the RunOnServer method, passing a NotesDocument containing the database information. The result is to create a Full Text Index on the Server. This is shown below.
Sub Initialize
Dim s As New NotesSession
Dim db As NotesDatabase
Dim agent As NotesAgent
Dim doc As NotesDocument
Set db = s.CurrentDatabase
Set doc = ... Set the document object containing the Database Replica ID
Set agent = db.GetAgent("BuildIndex")
Call agent.RunOnServer(doc.NoteID)
End Sub
Sub Initialize
Dim s As New NotesSession
Dim db As NotesDatabase
Dim targetDB As New NotesDatabase("", "")
Dim agent As NotesAgent
Dim doc As NotesDocument
Set db = s.CurrentDatabase
Set agent = s.CurrentAgent
Set doc = db.GetDocumentByID(agent.ParameterDocID)
If Not (doc Is Nothing) Then
replicaID$ = doc.DBReplicaID(0)
If targetDB.OpenByReplicaID("", replicaID$) Then
Call targetDB.CreateFTIndex(23, False)
End If
End If
End Sub
During setup, we created a replica on the Archive Server (the Archive Replica) and a copy of that replica (the Archive Store), for each production database.
A scheduled agent in the Archiver checks each Production database for any changes made to eligible documents (i.e. those matching the Archive @formula for the Database) since the last time replication occurred, using the Search method of the NotesDatabase class - the Search method allows reasonable search performance using time/date criteria within databases that may or may not be Full Text Indexed.
For any document that has been modified, the corresponding document is located in the Archive Replica (where it contains the previous content). This document is copied to the Archive Store database. Because we're copying data on the same file system and not traversing a network, this is a reasonably fast process.
During the copy process, the user has the choice to automatically ZIP attachments. This is done by calling a Java agent that uses the java.util.zip package. Briefly, the steps are:
Make an array of all eligible attachments in the document and write this to the document.
Extract the attachments to disk and remove them from the document.
Call the Java agent, again using the NotesAgent
RunOnServermethod and passing the documentNoteID. The Java agent locates the files on disk according to information in the document, ZIPs them, then writes a flag once finished. The initial agent sees the flag and reattaches the ZIP files to the document.
Set doc = ... Set the document object containing information on the files to ZIP
Call session.SetEnvironmentVar("ZipAgentStatus","")
Set agent = db.GetAgent("(ZipFiles)")
Call agent.RunOnServer(doc.NoteID)
chkFinished$ = session.GetEnvironmentString("ZipAgentStatus")
While chkFinished$ = ""
chkFinished$ = session.GetEnvironmentString("ZipAgentStatus")
Sleep 1
Wend
import lotus.domino.*;
import java.io.*;
import java.util.*;
import java.util.zip.*;
import java.text.*;
public class JavaAgent extends AgentBase {
private ZipInputStream inZipFile;
private String aDBServer;
private String aDBFileName;
private String aDBNoteID;
private String zipFileNameInput;
private String zipFileNameOutput;
public void NotesMain() {
try {
Session session = getSession(); //Instantiate NotesSession
AgentContext agentContext = session.getAgentContext(); //Instantiate AgentContext
Database db = agentContext.getCurrentDatabase(); //Instantiate CurrentDatabase
Agent agent = agentContext.getCurrentAgent(); //Instantiate CurrentAgent
Document callingDoc = db.getDocumentByID(agent.getParameterDocID()); //Get the doc calling this agent
String aDBServer = callingDoc.getItemValueString ("IOZipDBServer"); //Get the server of the target database
String aDBFileName = callingDoc.getItemValueString ("IOZipDBFileName"); //Get the filename of the target database
String aDBNoteID = callingDoc.getItemValueString ("IOZipNoteID"); //Get the Note ID of the target document
Database aDB = session.getDatabase(aDBServer, aDBFileName); //Open the target database
Document doc = aDB.getDocumentByID(aDBNoteID); //Get the target document
Vector zipFileInput = doc.getItemValue("IOZipInput"); //Source uncompressed files
Vector zipFileOutput = doc.getItemValue("IOZipOutput"); //Target compressed files
byte[] buffer = new byte[18024];
for (int i = 0; i < zipFileInput.size(); i++) {
// Associate a file input stream for the current file
String zipFileNameOutput = (String)zipFileOutput. elementAt(i);
ZipOutputStream out = new ZipOutputStream(new FileOutputStream(zipFileNameOutput));
out.setLevel(Deflater.DEFAULT_COMPRESSION);
String zipFileNameInput = (String)zipFileInput.elementAt(i);
FileInputStream in = new FileInputStream(zipFileNameInput);
// Add ZIP entry to output stream.
out.putNextEntry(new ZipEntry(zipFileNameInput));
int len;
while ((len = in.read(buffer)) > 0) {
out.write(buffer, 0, len);
}
// Close the current entry
out.closeEntry();
// Close the current file input stream
in.close();
out.close();
}
session.setEnvironmentVar("ZipAgentStatus", "Completed", false);
session.recycle();
agentContext.recycle();
db.recycle();
agent.recycle();
doc.recycle();
}
catch (IllegalArgumentException iae) {
iae.printStackTrace();
}
catch (FileNotFoundException fnfe) {
fnfe.printStackTrace();
}
catch (IOException ioe) {
ioe.printStackTrace();
}
catch(Exception e) {
e.printStackTrace();
}
}
}
When all eligible documents have been zipped and copied, the agent initiates normal Notes replication between the Production Database and Archive Replica to update the Archive Replica. It does this via the Replicate method of the NotesDatabase class.
So by identifying modified documents BEFORE they are updated via replication, an accurate versioning of the documents is achieved.
Because deletions are not replicated to the Archive Replica, all documents are permanently retained. Replication and ACL settings are verified before every Archive procedure to ensure deletions are not replicated back into Production when deletion stubs have been purged.
The final part of the Archive process is to remove documents from the Production database, if they match the criteria specified for the database, using a combination of document age, last accessed date, last modified date, and @formulas.
During the setup process, a Dialogbox Form and a 'Restore Document' Agent are automatically added to the Production database. When a user wants to restore a document, they run this agent. They are prompted for the date and it is retrieved from either the Archive Replica or Archive Store (depending on the required date), and opened.
The following graphics show the Restore operation. Note the handy use of the R8 function to modify the right-hand menu.
The user then has to select the type of Restore:
If the user wants to restore a deleted document, they instead automatically open the Archive Replica (where deletions are not removed), locate the document they want, set the date and repeat the restore process, retrieving the document from either the Archive Replica or Archive Store depending on the required date. Users can then restore deleted documents to the Production database.
The user is also able to search the Archive Replica and Archive Store databases for the data they want.
This allows a 'back through time' search facility that includes the date archived. This functionality is provided via our FT Search Manager, which allows simultaneous searching of multiple Full Text Indices.
Housekeeping agents optionally clear out Archived data after a configurable period.
A separate database option allows the restore process to use a separate directory, so that if a restore of data from 5 years ago is required, the Archive Replica and Archive Store tape backups can be restored into this directory and the process works from there instead of the normal location. This is so that 'normal' full backups to tape can be performed if required (i.e. for Disaster Recovery, reducing disk space usage etc.)
Another benefit of the Archiver is that no other form of archiving is required (i.e. no custom data archives need be done by the IT Department), documents can be simply deleted from the Production database and they will remain available in the Archive Replica for restore.
Your Domino infrastructure gets more complex every day, and effectively managing through that complexity can save your firm time and money. Before making upgrades/additions/wholesale changes to your Domino environment, gain the knowledge you need regarding what legacy applications exist today, with granular information on critical metrics such as usage, access and attachments. Easily identify opportunities for improved storage and security policies based on real-world results that point to changed business needs, falling usage/access, etc. CMT Inspector provides the inspection and analysis you need to not only justify the legacy environment, but also effectively plan for future investment options. CMT Inspector provides the following functionalities:
Usage Reports
Security Reports
Server Statistics
Email Statistics
Code Search and Comparison
Content Analysis
Application Design Analysis
User Surveys
Application Template Matching
Notes Upgrade Validation
Extensive Code Validation Rules Engine
Code Flowcharting
Export to Access
Design Sophistication Indexes
Express and Advanced Settings
Usage Analysis
Redundant Failover Logic
CMT Inspector contains an extensive Rules Filtering Engine with hundreds of rules that can be leveraged to find out if your applications will work when you upgrade. These rules can be modified and updated based on your environment. Furthermore, unlike simple searching that is performed by other products, CMT Inspector Rules can be tied to code snippets which can be executed to give you an even better understanding of the code in your Notes environment. This figure shows the Code Inspector at work:
CMT Inspector comes with an extensive collection of reports that can be automatically generated. Furthermore, all data can be exported to Microsoft Access for further reporting and querying. This means that almost any report can be generated on the fly.
You have business-critical information stored in Exchange Public Folders. You have to migrate to Lotus Notes, but, how do you migrate the data in the Public Folders?
Making your mail migrations from Microsoft Exchange to Lotus Domino easier is a snap with Binary Tree's CMT for Public Folders. This solution provides a simple and user-friendly means of migrating a public folder hierarchy to a single database.
The data in a Microsoft Exchange Public Folder often has significant value that has been protected with permissions, based on the identity stores in Exchange's Directory. CMT for Exchange Public folders was created to help companies recover the intellectual capital often found in Public Folders. CMT not only takes data from the Public Folders, but can also mimic the permissions that existed on the Exchange servers in brand new Domino databases. CMT migrates the standard Exchange document types, including mail messages, calendar events, journal items, tasks and notes. If your Public Folders contain forms that have been modified to include additional fields and data types, the CMT tool can be customized to migrate this data, as well.
The Binary Tree Common Migration Tool (CMT) migrates data from one email system to another. The tool can be used to migrate from numerous email systems to Lotus Notes, and like the DUS tool, CMT has the ability to migrate both Server-Based data and end-user based data.
Binary Tree's Common Migration Tool for Notes builds on 14 years of outstanding email and calendar/schedule migration solutions from Binary Tree. To date, millions of users world-wide have been migrated to Lotus Notes with Binary Tree's CMT for Notes tool.
CMT for Notes offers several business benefits:
Enterprise migration solution that can manage large migrations (up to 50,000 users have been migrated at one time). There is no limit to the number of users that can be imported from a source directory.
Wizards set up specific functions such as importing users, registration to the Domino directory, the end-user migration and the server-to-server migration.
Ability to create mail files during the registration process.
Date filtering for migrating mail, calendar and tasks during an Exchange server-to-server migration.
Process can be rolled out into two steps: user registration and user migration.
Customize data types for migration, including mail, calendar, notes, journal, tasks and contacts, depending on individual needs, space and time.
Schedule users and/or groups to migrate at specific times, thereby limiting network load and support calls.
Migrations do not require end-users. The Administrator can perform the migration, cutting down on your IT department's time and expense.
Detailed logs with extensive error reporting help administrators identify, interpret and resolve issues.
By off-loading most of the traffic from the Microsoft Exchange Notes Connector, Binary Tree's CMT for Coexistence yields a more stable and reliable connection between Lotus Notes and Microsoft Exchange.
The most popular and highly functional connectivity solution between Microsoft Exchange and Lotus Notes environments is the Notes Connector for Microsoft Exchange. This solution addresses e-mail, calendar, scheduling and task data exchange, automated directory synchronization and free/busy lookup between Microsoft Exchange and Lotus Notes environments.
To overcome issues reported by many customers using the Microsoft Notes Connector, Binary Tree's solution greatly enhances fidelity of mail exchange and improves connectivity reliability. This is accomplished by a series of configuration and programmatic changes in the environment.
iCal is supported with the advent of Exchange 2000 and Notes 6. iCal is the standard for the encoding of a calendar messages in SMTP format. This allows email and calendaring to be sent via SMTP, which greatly decreases the stress on the Microsoft Connector, improving data fidelity.
CMT for Coexistence offloads all mail traffic from the Microsoft Notes Connector using SMTP and MIME encoding, effectively bypassing the inefficient Rich Text conversion used by the Microsoft Exchange Notes Connector. Mime encoding is much more efficient, preserving 100% fidelity.
CMT for Coexistence offloads all calendar traffic by encoding the message in iCal format and passing it via SMTP, instead of through the Microsoft Notes Connector.
Your Domain infrastructure is a vital asset, and one that should be protected. Your IT environment is unique, which means that you need something designed with adaptability in mind.
Enter Binary Tree's CMT for Domains, Users, Servers and Desktops, a solution which expedites the conversion between platforms, while diminishing the impact on your IT resources. A user-friendly administrator tool requiring virtually no end-user interaction, CMT for Domains, Servers, Users and Desktops will enable you to automate the entire migration lifecycle in minutes.
Utilizing CMT for Domains, Servers, Users and Desktops, the following processes can be accomplished with the click of a button:
Entire Environment and User Audit: Wholly automates the replacement of users' present naming structure to the new one.
All-encompassing Jurisdiction of the Migration Process: Grants the Administrator a complete overview of the migration life-cycle, providing meticulous data with process information based on migration phases or users.
Instigates the re-name of multiple users to the new hierarchical name/upgrade: The practice of migrating and/or consolidating Lotus Notes Domains is habitually escorted by altering end-users' hierarchical naming structures. Commonly, a Lotus Notes Administrator performs the process of Lotus Notes Domain migration by using a multifaceted, lingering process provided by Lotus. CMT for Domains, Users, Servers and Desktops condenses this process, accomplishing the task quickly and efficiently, but with the minimal amount of effort.
Notes Desktop Update: Programmed as an email message containing a button for each user to click, users' desktop information (server names for databases, user accesses, mail file and personal address book, location documents, connection documents, etc.) are automatically updated to the new infrastructure information with one click.
Notes Port: Runs on the Domino server and by design, replaces all reference to each migrated user's old infrastructure information with the new one in the users mail database. (Includes fields in mail messages, calendar, meetings and to-dos)
Move users/applications to a different Notes Domain/Domino Server and amend the Domino Directory to reflect the move
Monitor the rename process
Monitor the move Progress
Forget about digging through help files looking for answers
Never before has a consolidation of multiple Lotus Notes Domains been more straight-forward. CMT for Domains, Users, Servers and Desktops consists of everything a Lotus Notes Administrator needs to move users from an existing domain to a new one. Furthermore, as a result of the migration using CMT, users will appear to have always lived on the new domain.