DDive11 - IBM Lotus Notes Traveler
-
Upload
dominopoint-italian-lotus-user-group -
Category
Technology
-
view
5.285 -
download
4
Transcript of DDive11 - IBM Lotus Notes Traveler
IBM Lotus Notes Traveler
Roberto Boccadoro
Lotus Collaboration Solutions Architect
Roberto Boccadoro
52 anni, dei quali 17 passati in Lotus/IBM, un terzo della mia vita.
Ho iniziato a lavorare con Notes 3.0, devo ancora smettere... :-)
Ovviamente nel corso degli anni ho lavorato su molti dei prodotti che Lotus ed IBM hanno rilasciato sul mercato, ed anche su qualcuno che non avete mai visto.
Al momento il mio ruolo in IBM quello di Collaboration Architect, ovvero una figura di IT Architect specializzata nel portafoglio Lotus.
Il mio compito quello di aiutare i Clienti ed i Business Partners a disegnare soluzioni che prevedano l'uso di vari prodotti Lotus.
[email protected] 335/8073444
Agenda
Mobile Landscape and TrendsLotus Mobile StrategyLotus Notes TravelerTimeline
What's New
Security
Best Practices
Reference Links
Q & A
http://www.pewinternet.org/Reports/2010/Mobile-Access-2010/Summary-of-Findings.aspx
Source: Pew Internet, July 2010
Percent
200m+ users accessing Facebook through mobile devices40% of all Facebook usersMobile usage 2x in 2010
People that use Facebook on their mobile devices are twice as active on Facebook than non-mobile users
Mobile Landscape and Trends
Consumer mobile usage is driving enterprise expectations
Bottom line is the mobile landscapes is changing. Both the way that people are using the devices, the way theyre the devices, and the applications theyre using on devices are changing.
In the pastToday and tomorrow
Only a few devices supportedMany device platforms & form factors(Smartphones, tablets, etc)
Communication focused devices Social and collaboration focused devices
Phone, mail, calendar contacts, chat, SMSSocial collaboration, meetings, VoIP, video
Enterprise owned & controlled devicesBring your own device but enterprise controls management & security policies
Enterprise mobile use cases are evolving
Agenda
Mobile Landscape and TrendsLotus Mobile StrategyLotus Notes TravelerWhat's New
Timeline
Security
Best Practices
Reference Links
Q & A
Lotus Mobile Strategy
Enabling users to participate in social business on the move
A comprehensive solution for social business delivered as first-class mobile platform experiencesMade available on leading devices through the device platforms' associated distribution channelSupported by application development tools to help partners and customers reach their mobile user base by mobilize their information and applicationsComplete with enterprise governance capabilities that are easily managed on premises, hosted, or in the cloud
Agenda
Mobile Landscape and TrendsLotus Mobile StrategyLotus Notes Traveler Timeline
What's New
Security
Best Practices
Reference Links
Q & A
Integrated collaboration on multiple devices, any network
Offline / Online capabilities
Clients managed centrally, easier administration
Multi-OS support
Out of the box features, cost effective and innovative
Integrates with existing systems and applications
IBM Lotus Notes
laptopZeta_Mail_RenataIBM Lotus iNotes
EarthA screen capture shows the Lotus Domino Web access browser-based client.IBM Lotus Notes Traveler
IBM Lotus iNotes
mdamobilephone2A screen capture shows the Lotus Notes Traveler interface
IBM Lotus Domino has a rich client ecosystem
Email, PIM, and more...
What is Lotus Notes Traveler?
Automatic wireless delivery of Lotus DominoEmail and PIM Data
Device security settings
2-way synchronization
Over the air client or profile installation
Uses native device applications for best integration (except Android)
Works over all wired / wireless connections (CDMA, GPRS, GSM, WiFi, etc.)
Administration support for device security policies and remote wipe
Server Requirements
Operating SystemWindows Server 2003 Standard/Enterprise/R2 (32 and 64 bit)
Windows Server 2008 Standard/Enterprise (32 and 64 bit)
Windows Server 2008 Standard/Enterprise R2 (64 bit)
Red Hat Enterprise Linux (RHEL) 5 Server (32 and 64 bit)
SUSE Linux Enterprise Server (SLES) 10.2 (32 and 64 bit)
SUSE Linux Enterprise Server (SLES) 11 (32 and 64 bit)
Requires Domino 8.5.2 Server, Enterprise or Messaging configurationsRuns in 32-bit or 64-bit mode on Domino server for Windows
Linux Domino server is 32-bit only, so Traveler only runs in 32-bit mode on Linux
Remote mail database supportDomino 7.0.2 servers or above
Remote mail OS can be anything that Domino supports
Mail file templates
Standard and iNotes version 6.5 and above
Device Requirements
Android 2.0.1 or greater devices, phone & tablets (incl.3.0)
Apple Devices and Operating SystemsiPhone, iPhone 3G, iPhone 3GS, iPhone 4
iPad
iPod Touch
Apple OS 3.x
Apple iOS 4.x
Nokia DevicesNokia Series 60 3rd edition, including feature pack 1 and 2
Nokia Series 60 5th edition
Nokia manufactured phones are only versions supported
Windows Mobile DevicesWindows Mobile 6.0, Standard, Professional and Classic versions
Windows Mobile 6.1, Standard, Professional and Classic versions
Windows Mobile 6.5, Standard, Professional versions
Note that Lotus Notes Traveler version 8.5.2 does not run on Windows Mobile 5 devices
Lotus Notes Traveler Email, Calendar, Contacts
Bullet 1
Symbian^3 coming soon (8.5.3)
Lotus Notes Traveler Email on the iPad
Bullet 1
Recent Traveler Releases at a glance
Lotus Notes Traveler 8.5.2 - Aug 2010 Security, Device managment, Full calendar support (iOS), Linux server
8.5.2.1 Dec 2010 adds Android 2.0.1+ supportAbility to specify & enforce Domino security settings on Android
8.5.2.2 March 2011 adds Android 3.0 (Xoom) support & battery efficienciesEnhancement/Fix List: http://www.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_APAR_listing
8.5.2.3 June 2011 adds iOS partial (Traveler only) wipeEnhancement/Fix List: http://www.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_APAR_listing
8.5.3 beta in progress adds cross-platform enhancementsIOS, Android & Nokia enhancements, Group Lookup and more... coming soon....
A one vendor solution!Integrated with Domino; Domino domain expertise and support
Alignment with Notes/Domino development; insight into future direction & plans
Preserve & extend Domino investment; a no-cost mobile option for licensed Domino servers
No requirement for 'Enterprise' level data plan For corporate or employee owned phones
Security - 8.5.2 capabilities leverage familiar Domino admin tools:Set & enforce security rules, based on company policy
Password length/strength/age
Options to block unencrypted devices and camera usage
Remote wipe (admin & self) per request and upon specified # of failed attempts
end-to-end security via several supported network topologies
Device management Automatic device updates
Multiple device per user support
Centralized view of connected users/devices & their status; Admins allow/deny access by policy
Ease of configuration and deployment *Killer App* for IT shops !!
Disaster Recovery Leverages mature Domino DR capabilities
Serviceability - Problem reporting utility and intuitive log viewer/management tools
Enhancements delivered frequently through .x (point) releases
LotusLive - Common mobile solution for on-premise or LotusLive Notes cloud service, or a hybrid
Lotus Notes Traveler Value Statement
beyond mail/calendar/contact 2-way sync (push)
Lotus Notes Traveler 8.5.2.3 for Android/Apple/Nokia/Windows Mobile shipped:
10 June, 2011 !
Enhancements in 8.5.2 and beyond
Lotus Mobile Installer - Automatic upgrade notification
Linux server support RHEL 5, SuSE 10/11
Meeting Invitations on iOS (create and accept)
Corporate Name Lookup
Scheduled Synchronization - sync during peak/off peak hours
Data Roaming detection suspends sync; saves data costs & battery
Support for Windows Mobile 6.5
Self service wipe!
Enhancements in 8.5.2 and beyond - continued
Ability to specify/enforce Domino security settings on iOS and
Android
Device password (Android)
Prohibit ascending, descending and repeating sequences
Require alphanumeric value (Android)
Minimum password length (Android)
Minimum number of complex characters
Password expiration period
Password history count
Auto lock period (maximum) (Android)
Wrong passwords before wiping device (Android)
Prohibit camera
Prohibit unencrypted devices
Prohibit devices incapable of security enablement (Android)
iOS partial (Traveler only) wipe
8.5.3 Beta What's New!! (planned for 3Q)
Android Enhanced Installation
Android Home Page Widgets for mail and calendar
Android Calendar Invite creation, quick switch days/weeks, week view hints
Android Tap-to-dial for calendar entries
Android Mail enhancementsCopy/paste from clipboard
Added a Send button to the compose email form
Android multi-line signature
Added Android OS 3.0 Support
Group name lookup
Domino Mail-in db returned with Name Lookup
Select which applications are allowed to sync for Apple devices
Reply and Forward indicators from Apple devices
Device approval
Symbian^3 support
Android improved installation
Single application (no separate Lotus Installer that was previously used)
First time installing version 8.5.3, old Lotus Installer application will be removed if found
Features from Lotus Installer such as automatic client update integrated into Lotus Traveler application
If installing via built in Android browser, installation panels now pre-fill server name and user id
Works with most browsers that use Android browser history features
Android improved installation (2)
Lotus Traveler application now includes new options in the tools menuCheck for updated software
Uninstall application
Android Chair side meeting support
Now supports chair side meeting actions
Meeting owner can now do the following from the deviceCreate meetings with attendees
Reschedule meetings
Modify meetings
Cancel meetings
Android Tap to dial for calendar
Phone numbers included in a calendar entry are now hot spots that when clicked will dial the number. Number can be included in fields:Subject
Location
Description
Supports conference dialingP and , (comma) characters interpreted as a pause
'#' to enter the conference code
';' or 'x' to prompt user before sending codes
Android Calendar improvements
Week view now displays text (as much as display will allow)
Performance improvements when navigating (swiping) between days
Performance improvements when scrolling large calendars
Revised menu experience for Android 3.x tablets
Android Mail Widgets
Lotus Traveler mail widget now available to add to Android home screens
Comes in large (3x3) and small (4x1) formats
OS 3 tablet widget includes smooth scrolling feature
Click mail icon to launch the mail application
Open individual mail items
Compose message by clicking '+' symbol
Android Calendar Widgets
Lotus Traveler calendar widget now available to add to Android home screens
Comes in large (3x3) and small (4x1) formats
OS 3 tablet widget includes smooth scrolling feature
Click calendar icon to launch the calendar application
Open individual calendar items
Create new calendar entries by clicking '+' symbol
Android Type-ahead Lookup
Server lookup done automatically when composing a new mail or searching for a contact using the Lotus Lookup application
Lookup results now display contact photo if available in local contacts
Results display person, group or mail-in database silhouette if results contain different types
Android Select text
Use 'Select Text' menu option to copy text from mail or calendar documents
Long press inside another document or application and select 'Paste
Android Multi-line signature
Multi line mail signatures now possible on Android devices
Lotus Traveler->Settings->Applications
Signature added to all new mail messages composed on device
Nokia Symbian^3 Support
Symbian^3 devices now supported
New SIS installation package created for S3 devices
Device support includes (but not limited to)Nokia E7
Nokia C7
Nokia C6-01
Nokia N8
Nokia Encrypted device policy
Server policy can be defined to require that only encrypted Nokia devices are allowed to connectProhibit unencrypted devices
Device user must encrypt phone and mass storage using Nokia supplied utility
Only supported for Nokia Symbian^3 devices
Requires Nokia Symbian Anna level firmware release
Apple iOS Data only wipe
Remote wipe option now available for Apple devices to remove only Lotus Traveler dataContacts
Calendar
Command available via self-service Traveler home page or administrator database
Apple iOS Data only wipe (2)
Data is removed from device, but profile or account settings remain
As with all wipe operations, device cannot connect back to Traveler server until the administrator clears the wipe order
Device user receives mail message on device indicating that wipe order was completed
Server Device Approval Policy
If policy is enabled, administrator must explicitly approve end user device before it can access the Lotus Traveler service
Set number of devices to allow before approval to zero if all devices must be pre-approved
Optional address list can be used to notify administrator by mail when device approval is pending
Server Device Approval Policy (2)
Lotus Traveler administration database keeps track of approval status
Administrator uses Change Approval action to approve or deny
Sort by Approval column
Server Lock sync applications for Apple
Administrator policy set using Domino Lotus Traveler Settings
Lotus Traveler server now enforces the Set value and prevent changes option for Apple devices
Policy can turn mail, calendar or contacts off. Application still exists on device but will not receive or sync any data
Server Mail Routing and Lookup
Mail routing configuration is no longer required on the Lotus Notes Traveler serverMeeting notices are sent via the user's mail server's mailbox
SMS messages (if configured) are sent via the user's mail server's mailbox
Meeting notices no longer appear to be sent by the Lotus Notes Traveler server
Corporate lookup (aka Name Lookup) requests are executed against the user's mail server's directoryPreviously all requests executed against the Traveler servers directory
Will be more consistent with a Notes client's lookup results
Change back to the old behavior by setting NTS_TRAVELER_AS_LOOKUP_SERVER=true in notes.ini on Traveler server
Lookup results now include Group names and Mail-in databases
Apple iOS Reply/Forward Indicators
Mail replied to or forwarded from the Apple device will now have the reply or forward indicator set in the server mail copy
Cannot yet keep reply/forward indicators in sync with device still a current restriction
Agenda
Mobile Landscape and TrendsLotus Mobile StrategyLotus Notes Traveler Timeline
What's New
Security
Best Practices
Reference Links
Q & A
Device Security Capabilities
Lotus Notes Traveler8.5.18.5.28.5.2.3
AppleNokiaWMAppleNokiaWMAndroidApple
1Encrypted data in transit (HTTPS)YesYesYesYesYesYesYesYes
2Domino encrypted mailYesw/ Companion(read only)YesYesYesw/ Companionread (reply, fwd, send in test)YesYesYesYesw/ Companionread (reply, fwd, send in test)
3Remote wipeYesFull reset onlyYesFull or Traveler onlyYesFull or Traveler onlyYesFull reset onlyYesFull or Traveler onlyYesFull or Traveler onlyYesFull or Traveler onlyYesFull or Traveler only
4Encrypted data at restNoNo2No2Yes1via Domino policiesNoNoYesYes1via Domino policies
5Password monitoringYes4via IPCUYesYesYes3via Domino policiesYesYesYesYes3via Domino policies
Footnotes for previous slide
1. Whole devices can be encrypted, and can be enabled and enforced with the security policies in 8.5.2+. iPhones that don't support hardware encryption can be blocked. The 3GS & 4G support hardware encryption, Original and 3G don't. Domino policies that admins can use to force the enablement of encryption and block unencrypted phones are:Prohibit unencrypted devices
Prohibit devices incapable of security enablement
2. Storage cards can be encrypted. Data in native PIM/email applications is not encrypted except for Domino encrypted mail.
3. Domino Policies that admins can use to manage passwords are:Device password
Prohibit ascending, descending and repeating sequences
Require alphanumeric value
Minimum password length
Minimum number of complex characters
Password expiration period
Password history count
Auto lock period (maximum)
Wrong passwords before wiping device
Dynamic policy changes (admin changes are automatically synchronized to the device without requiring user interaction)
4. Static policy changes (user must remove and reinstall the Apple Profile)
On-device encryption
iOS - Except for early models (original and 3G) the iPhone/iPads are password protected at the device level and, by definition, data is encrypted. The level of encryption is controlled by Apple and is described here: http://www.apple.com/iphone/business/integration/Device policies, restrictions and strong encryption methods on iPhone provide a layered approach to keeping your information secure. iPhone uses AES 256-bit hardware encryption to protect all data at rest. To further secure mail messages and attachments iPhone uses Data Protection which leverages the unique device passcode to generate the encryption key. And, in the event of a lost or stolen iPhone, all data and settings can be cleared by issuing a remote wipe command from Exchange or a Mobile Device Management server.
Android - Mail, calendar, attachments, are fully under Traveler control and are all AES 256 encrypted. Contacts application comes with the OS and is outside of Traveler and therefore not encrypted by Traveler.
Nokia/Symbian - Storage cards can be encrypted. Mail/PIM data is not encrypted except for Domino encrypted email, but certain Symbian device models (E5, E52, E55, E72) support encryption, though not enforce-able by Traveler.
Windows Mobile - Storage cards can be encrypted. Mail/PIM data is not encrypted except for Domino encrypted email.
Traveler Companion for iPhone/iPad
Companion App for iPhone/iPad; Read/compose Domino encrypted mail
Free download available from Apple iTunes Apps Store
Coming soon password caching (enter password once per session)
Android Device security capabilities
Traveler Mail and Calendar data encrypted (on phone storage or sdcard)
Wipe and Password policies primarily based on Android 2.2 security capabilities:Device wipe to factory settings, sdcard wipe, Traveler data only wipe
Alphanumeric device level password enforcement
Android 2.1 and older not capable of device or sdcard wipe, or device level password enforcement Setting in the Traveler server security policy can control if these devices are allowed to connect to the Traveler server
Security Planning and Capabilities
Admin can pullback request if caught before command activation.
Remote Wipe
Several wipe options available for Android/WM/Nokia,Apple
Hard reset device action removes all data and applications on device
Wipe commands are delivered over TCP and SMS push channels (no SMS support on iPhone)
Wipe order remains in effect on the server until cancelled
Default Settings and Security Profiles
LotusTraveler.nsf Default Settings view
Alternative to Domino Traveler Settings in policies
Filtered access -Restrict access by device category
Examples:"Apple" - all Apple devices are allowed to sync, but no other devices.
"(IBM SyncML Client)|(Lotus Traveler WM)" - All Windows Mobile devices (old and new) are allowed to sync, but no other devices.
"(Nokia SyncML HTTP Client)|(Lotus Traveler Nokia)" - All Nokia devices (old and new) are allowed to sync, but no other devices.
"Lotus Traveler * 8.5.2" - Only 8.5.2 Windows Mobile and Nokia clients are allowed to sync, but not Apple devices.
"(Apple)|(Lotus Traveler WM)" - Only Apple and 8.5.2 Windows Mobile clients are allowed to sync, but not Nokia devices.
"Apple-iPhone/7" - only Apple iPhones (not iPods or iPads) using OS 3 are allowed to sync (Windows Mobile and Nokia devices are not allowed either).
"Lotus Traveler Android" - Only Android devices are allowed to sync.
More information - http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Restricting_access_by_device_category_LNT8521
Network topologies
Three network topology options to consider.....Direct connect
Reverse Proxy
VPN Configuration
Direct Connect
Understanding data flow using Lotus Notes Traveler in the DMZ
Internet Domain (untrusted)DMZIntranet Domain (trusted)
Lotus Domino mail servers (7.0.2 +)
Lotus Domino 8.5.2 with Lotus Notes Traveler 8.5.2.x service
Apple devices
Push Request (SSL/443)
Periodic poll for DB changesNotes RPC (TCP/1352)
App needs to sync
Sync Request (SSL/443)
Data accessNotes RPC (TCP/1352)
Android,Nokia & Windows Mobile
SMS Email Notification (optional for Android/WM/Nokia only)
Reverse Proxy
Reverse Proxy Configuration
VPN Configuration
Virtual Private Network
Things to know
Guidelines for configuration/Infrastructure
See doc on planning your environment --
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Planning_your_network_topology_LNT8521
Capacity planning
- See 8.5.2 performance report ---
http://www.ibm.com/developerworks/lotus/library/notes852-trav-perf/index.html
- See capacity planning doc --
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Server_capacity_planning_LNT8521
- Capacity is based on workload which can vary incredibly between
deployments. Look at things like CPU, memory, etc. For initial
planning purposes ~ 2K per server is an upper end
ballpark
Memory and thread sizing confusion with some users (e.g. some
Traveler servers still have 100 HTTP active threads when they might
really need 300)
- See configuring a Traveler server --
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Configuring_Lotus_Notes_Traveler_server_LNT8521
- MUST READ - Tuning section of the doc -
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Tuning_performance_of_the_server_LNT8521
- Traveler Health check command - "tell traveler status" tells you
if your HTTP threads are too low or if you are using more devices
than you have threads allocated.
Server Best Practices
Install Lotus Traveler on Windows 64-bit server
Access to > 2GB virtual memory is critical in larger mobile user populations (> 300)
Virtual memory is shared across all Domino processes and can exceed 2GB
Reduce memory overhead with notes.ini setting
NTS_BUFFER_POOL_SIZE_MB=256
Avoid running multiple applications on the Lotus Traveler server
Some applications make server changes which are not compatible with Lotus Traveler (e.g. Disabling HTTP JVM)
Reference links
Lotus Notes Traveler Product Page
http://www.ibm.com/software/lotus/products/notes/traveler.html
Lotus Notes Traveler Support site
https://www-304.ibm.com/support/docview.wss?uid=swg24019529
Lotus Notes Traveler Wiki (8.5.2 and beyond)
http://www-10.lotus.com/ldd/dominowiki.nsf/xpViewCategories.xsp?lookupName=Lotus%20Notes%20Traveler%208.5.2%20Documentation
Restricting access by device category
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Restricting_access_by_device_category_LNT8521
Greenhouse (to test-drive Lotus Notes Traveler!)
http://greenhouse.lotus.com
Companion App on iTunes
http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=346633404&mt=8
Lotus Notes Traveler 8.5.2 Performance report
http://www.ibm.com/developerworks/lotus/library/notes852-trav-perf/index.html
Nomination form for 8.5.3 beta program !
https://www-304.ibm.com/software/earlyprograms/surveys/cust/nomination.wss?id=1163
THANK YOU!!
Grazie agli sponsor per aver reso possibile il DDive 2011!
Main Sponsor
Premium Sponsor
Prime Sponsor
27
Accelerated Value Program 2010 IBM Corporation
ibm_light_gray_logo_300dpi
27
2727 2010 IBM Corporation
ibm_white_logo_300dpicircleR
2727
2011 IBM Corporation
ibm_light_gray_logo_300dpi
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline LevelNinth Outline Level
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline LevelNinth Outline Level
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline LevelNinth Outline Level
Click to edit the title text format
Click to edit the title text format
2011 IBM Corporation
2011 IBM Corporation
2011 IBM Corporation
2011 IBM Corporation
2011 IBM Corporation
Click to edit the notes format
Click to edit the title text format
Click to edit the outline text format
Second Outline Level
Third Outline Level
Fourth Outline Level
Fifth Outline Level
Sixth Outline Level
Seventh Outline Level
Eighth Outline Level
Ninth Outline Level
2011 IBM Corporation
Click to edit the notes format
2011 IBM Corporation
Click to edit the title text format
Click to edit the outline text format
Second Outline Level
Third Outline Level
Fourth Outline Level
Fifth Outline Level
Sixth Outline Level
Seventh Outline Level
Eighth Outline Level
Ninth Outline Level
2011 IBM Corporation
Click to edit the notes format
Click to edit the title text format
Click to edit the outline text format
Second Outline Level
Third Outline Level
Fourth Outline Level
Fifth Outline Level
Sixth Outline Level
Seventh Outline Level
Eighth Outline Level
Ninth Outline Level
2011 IBM Corporation
Click to edit the notes format
All adultsAges 18-29
Social networking2348
Instant messaging3046
Email3452
Access internet4065
Send photo/video5481