HCL Domino 11 released
Daniel Nashed 25 December 2019 10:09:14
Notes/Domino/Traveler&Sametime 11 has been released as promised shortly before x-mas at 20.12.
For some of us a good time to look into it. For others a bad timing for the x-mas holidays.
Let me share some first look information for the Domino 11.0.1 GA version to make it easier for you to start.
We also did a presentation at DNUG, which I posted on Slideshare and I am referencing technotes for you to look into more details.
But let me comment some of the information from the technotes.
(https://www.slideshare.net/daniel_nashed/dnug-hcl-domino-11-first-look)
There has been a lot of work in the back-end, which isn't immediately visible.
- Replacing IBM JDK with Open JDK.
- Introducing the OpenSSL Lib
- All the external in internal rebranding from IBM to HCL
That's a lot of extra work, which is laying the foundation for the next years
Have a great x-mas time and enjoy the time with friends & family!
Maybe some of you start looking into it between x-mas and new year :-)
Daniel
HCL Notes and Domino 11.0 Release Notes
(https://support.hcltechsw.com/csm?id=kb_article&sys_id=8d5f8e521b3d401c77761fc58d4bcb93)
The release notes are a good start point got get current information about what has changed.
It's a good reference point to find the online documentation and technotes.
And it also has a link to system requirements.
HCL Domino 11.0 Detailed System Requirements
(https://support.hcltechsw.com/csm?id=kb_article&sys_id=5d9fe4311b7d885083cb86e9cd4bcb6d)
I would have expected that RHEL / CentOS 8.x and SLES 15 would be supported in Domino 11.
But this will hopefully be updated latested for 11.0.1 or post 11.0.0 release.
So for now you should stay with your current Linux versions!
I tested those Linux versions already with the Domino 11 beta and it should run. But you should wait for official support!
But what we now see for the first time is a official statement in the full system requirements for CentOS!! :-)
Install Best Practices
When you have used the beta version you should do a clean install (means deinstall Domino, cleanup remaining files and install again).
But I would also recommend to do a clean install updating from earlier releases as a best practice.
You should specially take care for the JVM directories, because the JVM changed from IBM JDK to OpenJDK.
There might be even some mior changes, which could effect you.
And it makes sense having a closer look into your Java applications for testing before moving to Domino 11.
IBM JRE classes not supported by OpenJDK
(https://support.hcltechsw.com/csm?id=kb_article&sys_id=49063cac1b21c09083cb86e9cd4bcb62)
This technote states currently just one difference. But there might be others.
Don't use Compact -replica
(https://support.hcltechsw.com/csm?id=kb_article&sys_id=6576200d1bb98c9c83cb86e9cd4bcbd8)
There is a current issue with compact -REPLICA. I was never a fan of compact -REPLICA but at least with fragmented ID tables this was the only solution in earlier releases.
You should avoid running Compact -replica. In fact, Compact -replica was a solution for ID table fragmentation that no longer an issue in Domino 10 ODS.
The other scenario for running Compact -replica was for system DBs. I have always stated that the recommended off-line maintenance is to run DBMT off-line while the server is down.
Tip for Linux: My start script has configuration options to allow a startup or restart to compact system-databases. It's already predefined in the current config file.
Reference: #SPR SPPPBJQJJT: Compact -REPLICA removes all profile documents"
This will be hopefully fixed in 10.0.1 FP4 and 11.0.1. But again I would replace/remove compact -REPLICA in general!
Cipher Update in Domino 11
(https://hclpnpsupport.hcltech.com/csm?id=kb_article&sys_id=cb9c1c0e1bf9089083cb86e9cd4bcb84)
There have been changes in the supported cipher suite. There have been ciphers which used SHA1 internally.
Those ciphers have been tolerated for a while by German BSI and other. But they are now rated as "weak".
Those ciphers are changed in the server doc and internet site doc in the cipher configuration.
You should review the server.doc and internet site. docs and update those documents.
So what you need to do in detail, is to use the "modify" button and accept the updated cipher list -- which should be a good recommendation (the weak ciphers have been changed).
Without modifying the settings you will see warning messages like the following by default.
[002254:000010-00007F5229EDF700] 25.12.2019 04:09:43,61 nti_CipherSpecStringToMask> Ignoring invalid SSLCipherSpec value C014
[002254:000010-00007F5229EDF700] 25.12.2019 04:09:43,61 nti_CipherSpecStringToMask> Ignoring invalid SSLCipherSpec value 39
[002254:000010-00007F5229EDF700] 25.12.2019 04:09:43,61 nti_CipherSpecStringToMask> Ignoring invalid SSLCipherSpec value C013
[002254:000010-00007F5229EDF700] 25.12.2019 04:09:43,61 nti_CipherSpecStringToMask> Ignoring invalid SSLCipherSpec value 35
Suppress innocuous plug-in loading errors coming from Tika
(https://support.hcltechsw.com/csm?id=kb_article&sys_id=9b9ba9541b08005083cb86e9cd4bcb4f)
There have been a couple detail changes in the latest Domino 10.0.1 FPs.
The mentioned technote describes how to pass configuration settings to the Tika server.
The Tika server is a separate Java process running on your server or client.
In this case there are parameters passed to avoid certain warning messages from the Tika process to show up in the live console log.
In general there have been a couple of fixes introduced in 10.0.1 FP3 and Domino 11.0.0.
This includes updating the Tika server to a newer Tika release.
License Information Domino 11
(https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0073301)
FlexNet license reporting is brand new in Domino 11. I have been one of the beta testers and we gave a lot of feedback.
Not all of the feedback could be added to Domino 11.0.0 GA. So you can expect the FlexNet license server integration to be updated for 11.0.1.
The FlexNet integration in 11.0.0 is a first start and HCL is working on updating and extending it in Domino 11.0.1
Right now only the integration with the Cloud License Server (CLS) is supported.
There is also a Local License Server (LLS) provided by FlexNet. But the LLS support isn't part of 11.0.0.
CLS vs LLS
The difference between a CLS and a LLS is that the CLS is just a virtual/logical device at the FlexNet Operation Website (FNO).
Your Domino server(s) communicate with FlexNet over HTTPS leveraging their REST API to send anonymized user information (technically the SHA1 hash of the abbreviated, lowercase user name -- that should be a secure way to report users).
The LLS (Local License Server) is a local server which can be either run in on-line or off-line mode, depending on customer requirements.
A LLS is configured using software from FlexNet. It is basically Java application, which acts as your license server and either a.) communicates with FNO or b.) provides a way to manually download licenses and uploads license reports to FNO.
I would expect that 95% of customers will be fine with CLS once it has full proxy support (currently only not authenticated proxy configurations are supported).
So unless you are one of the companies with very special requirements, there is no need for your own LLS.
HCL wants us to get familiar with the new FlexNet license tracking. But as the technote states, this is a preview right now and you will continue to use your existing license tracking approach (for example using the ILMT server).
So once you updated the first test servers to Domino 11, you could connect your server to FlexNet creating your CLS already.
There should be documentation shortly describing the steps. The Domino First Look presentation I mentioned above has all the screen prints and steps included already.
But I plan to write up a full presentation or longer blog post about the technical side of the new License tracking soon.
And you can expect License tracking configuration and functionality easier in 11.0.1.
If you have used the new FNO license reporting before in the beta, there is a changed notes.ini setting.
LICENSE_DEBUG=3 will dump information for all protocols, which are measured by license tracking.
This setting does also show which data is sent over to FlexNet. The code is using libcurl functionality to do a REST request.
And you see all the data hex/text dumped on the console using this debug setting.
You find all the other features in the what's new section in the help database and also in our presentation.
The last couple of month have been quite busy. I hope to find time to get your updated with current Domino 11 stuf.
Domino 11 on Docker
Of course also our Domino on Docker Project got updated to Domino 11. We have been looking into it with the two beta releases.
And the Domino 11.0.0 GA version is currently already updated in the "develop" branch of the project.
We are planning a Domino 11 on Docker post when updating the master branch of the project.
- Comments [11]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}