Welcome
Welcome to the HCL Domino® 12.0.2 documentation.
What's new in Domino 12?
Learn about all of the new features for administrators in HCL Domino® 12.
What's new in 12.0.2?
HCL Domino 12.0.2 introduces new features and enhancement several areas.
What's new in 12.0.1?
HCL Domino 12.0.1 introduces the following new features.
What's new in 12.0?
HCL Domino 12.0 introduces the following new features.
Components no longer included in this release
The following components are no longer included in Domino 12.
Overview
Welcome to HCL Domino® Administrator Help.
Accessibility features for Domino Administrator
Accessibility features help users who have a physical disability, such as restricted mobility or limited vision, to use information technology products.
Translated languages
This release of HCL Domino® and Notes® is translated into the following languages.
Using Domino® Administrator Help
Because Domino Administrator Help is a Notes application, you can use familiar Notes gestures to find information.
Installing
Use this documentation to install the HCL Domino® server and subsequently deploy the HCL Notes®client.
Installing and upgrading Domino® servers
Perform a new or upgrade install of one or many Domino® servers.
Planning your upgrade to Notes and Domino 12.0.2
Use this documentation to upgrade the existing Domino® server and subsequently upgrade the Notes® client to a new release. You can also upgrade additional clients such as Domino Administrator and Domino Designer clients and additional features and plug-ins such as the embedded HCL Sametime® client.
Planning
Use this topic as an overview of planning task.
Roadmap for deploying Domino® servers
Use this as a tool when planning how to integrate HCL Domino® into your existing environment.
Planning server-to-server connections
Servers must connect to each other to exchange data, for example to replicate databases and exchange mail. You can create connections between servers across a local area network (LAN) or wide area network (WAN), by using a pass-through server (a server that acts as an intermediary server between a client and its destination), or over the Internet. Create a Server Connection document whenever you need to establish any new or additional server connections. You can modify this document when necessary.
Planning directory services
HCL Domino® provides a range of directory service features.
Planning a mail routing topology
HCL Domino® offers you considerable flexibility in configuring your mail system infrastructure, allowing you to use HCL Notes® routing, SMTP routing, or both, for internal and external messages.
Planning a cluster
When planning a cluster, it is important to consider the performance and ability of your hardware. The cluster must have enough CPU power, memory, and disk space to handle the cluster traffic and the number of databases and replicas required.
Planning the TCP/IP network
The default TCP/IP configuration for an HCL Domino® server is one IP address that is globally bound, meaning that the server listens for connections at the IP addresses of all NICs on the computer. Global binding works as long as the computer does not have more than one IP address offering a service over the same assigned TCP port.
Messaging overview
The HCL Domino® mail system has three basic components: Domino mail servers, Domino mail files, and mail clients. The Domino mail server is the backbone of an organization's messaging infrastructure, acting both as an Internet mail server and an HCL Notes® mail server. Domino provides standards-based Internet messaging through its support of the Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3), Internet Message Access Protocol (IMAP), and Multipurpose Internet Mail Extensions (MIME). At the same time, Domino supports Notes mail through the use of Notes routing protocols -- Notes remote procedure calls (NRPC) -- and the Notes rich text message format.
Planning your Notes® client deployment
Use the references listed here to plan for, install, upgrade to, and configure the HCL Notes® client.
Planning security
An important aspect of planning security for your Domino® environment is understanding the tasks and features involved with securing each type of resource.
Configuring
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
Configuring a network
This section presents the planning concepts and setup procedures necessary for a successful HCL Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.
Configuring users and servers
Topics in this section describe how to set up users and servers.
Securing
This section describes security features, including execution control lists, IDs, and TLS.
Overview of Domino security
Setting up security for your organization is a critical task. Your security infrastructure is critical for protecting your organization's IT resources and assets. As an administrator, you need to give careful consideration to your organization's security requirements before you set up any servers or users. Up-front planning pays off later in minimizing the risks of compromised security.
Server access for Notes® users, Internet users, and Domino® servers
To control user and server access to other servers, Domino® uses the settings you specify on the Security tab in the Server document as well as the rules of validation and authentication. If a server validates and authenticates the Notes® user, Internet user, or server, and the settings in the Server document allow access, the user or server is allowed access to the server.
The database access control list
Every .NSF database has an access control list (ACL) that specifies the level of access that users and servers have to that database. Although the names of access levels are the same for users and servers, those assigned to users determine the tasks that they can perform in a database, while those assigned to servers determine what information within the database the servers can replicate. Only someone with Manager access can create or modify the ACL.
Domino® server and Notes® user IDs
Domino® uses ID files to identify users and to control access to servers. Every Domino server, Notes® certifier, and Notes user must have an ID.
The execution control list
You use an execution control list (ECL) to configure workstation data security. An ECL protects user workstations against active content from unknown or suspect sources, and can be configured to limit the action of any active content that does run on workstations.
Domino® server-based certification authority
You can set up a Domino® certifier that uses the CA process server task to manage and process certificate requests. The CA process runs as a process on Domino servers that are used to issue certificates. When you set up a Notes® or Internet certifier, you link it to the CA process on the server in order to take advantage of CA process activities. Only one instance of the CA process can run on a server; however, the process can be linked to multiple certifiers.
TLS security
Transport Layer Security (TLS) is a security protocol that provides communications privacy and authentication for Domino® server tasks that operate over TCP/IP.
TLS and S/MIME for clients
Clients can use a Domino® certificate authority (CA) application or a third-party CA to obtain certificates for secure TLS and S/MIME communication.
Encryption
Encryption protects data from unauthorized access.
Name-and-password authentication for Internet/intranet clients
Name-and-password authentication, also known as basic password authentication, uses a basic challenge/response protocol to ask users for their names and passwords and then verifies the accuracy of the passwords by checking them against a secure hash of the password stored in Person documents in the Domino® Directory.
Time-based one-time password (TOTP) authentication
When users log on to a Domino Web server, you can require that they provide time-based one-time passwords in addition to their user names and passwords.
Multi-server session-based authentication (single sign-on)
Multi-server session-based authentication, also known as single sign-on (SSO), allows Web users to log in once to a Domino® or WebSphere® server, and then access any other Domino or WebSphere servers in the same DNS domain that are enabled for single sign-on (SSO) without having to log in again.
Using Security Assertion Markup Language (SAML) to configure federated-identity authentication
Federated identity is a means of achieving single sign-on, providing user convenience and helping to reduce administrative cost. In Domino® and Notes®, federated identity for user authentication uses the Security Assertion Markup Language (SAML) standard from OASIS.
Using OpenID Connect (OIDC) to configure federated-identity authentication
Federated identity is a means of achieving single sign-on, providing user convenience and helping to reduce administrative cost. One way that client applications can authenticate users is by using an OpenID Connect (OIDC) provider.
Using a credential store to store credentials
A Domino® server can use a credential store application as a secure artifact repository. Examples of secure artifacts include authentication credentials and security keys.
History of supported key sizes in Notes and Domino
Understand the RSA key sizes supported by Notes® and Domino® from past releases to the current release.
Administering
This documentation provides information about the administration tools for managing and monitoring servers and databases.
Administration tools
Topics in this section describe the tools you can use to administer a Domino® server.
Managing users
The Administration Process helps you manage users by automating many of the associated administrative tasks. For example, if you rename a user, the Administration Process automates changing the name throughout databases in the Notes® domain by generating and carrying out a series of requests, which are posted in the Administration Requests database.
Monitoring servers
This section describes how to use the tools and features that help you monitor a Domino® system.
Managing servers
Manage Domino® servers by performing any of these tasks.
Managing databases
Topics in this section describe how to set up and manage Domino® databases.
Tuning
Use this information to improve HCL Domino® server, Domino Web server, and messaging performance through the use of resource balancing and activity trends, Server.Load commands, advanced database properties, cluster statistics, and the Server Health Monitor.
Resource balancing and activity trends
Domino® server resource utilization can be separated into two types, system activity and user activity. System activity, which includes the level of processor, disk, memory, and network consumption that Domino generates to keep the server running, is a fixed amount of activity, as long as systems are healthy and performing smoothly. Domino servers typically use a modest percentage of their resources to run. The remaining server capacity is used to support user activity, which varies with the usefulness of the data on the server.
The Server.Load tool
Server.Load is a capacity-planning tool that you use to run tests, also called "scripts" and "workloads," against a targeted Domino® server to measure server capacity and response metrics.
Tuning Domain Indexer performance
Each time the Domain Indexer task runs, it looks in the Domain Catalog for new databases that have the Include in multi database indexing property enabled. It then looks for documents and files in existing databases and file systems that are new or changed since the last time it ran, and adds them to the Domain Index.
Improving Domino® server performance
Read the following topics for help on improving basic Domino® server performance and capacity, as well as the performance of these features: Agent Manager, databases and the Domino directory, the directory catalog, LDAP searches, mail, Web server, and UNIX™ server.
Improving Web server performance
After you set up the Domino® Web server and make sure that it runs properly, check the server's performance and response time.
Improving mail performance
Domino® includes features that improve efficiency in specific environments, but these features may not be switched on by default.
Setting advanced database properties
Advanced database properties include performance optimization and compression features, as well as ways to manage usability features such as unread marks and soft deletions.
Understanding cluster statistics
Three categories of Domino® cluster statistics help you analyze clusters
Improving the performance of the Server Health Monitor
If the Domino® Administration client workstation performs at 100 percent CPU utilization for a long period of time, the Server Health Monitor discards server statistic data to keep up with the workload.
Troubleshooting
This section describes how to find and solve problems with HCL Domino® server and Administrator client.
Troubleshooting a problem
Troubleshooting is a systematic approach to solving a problem. The goal of troubleshooting is to determine why something does not work as expected and how to resolve the problem.
Collecting information in a .zip file to send to Support
Use the tell domino support command to collect diagnostic files recently created in the IBM_TECHNICAL_SUPPORT directory into a .zip file.