[Editor's Note: This article is a technical overview of the features in version 5.0, the initial gold release of Domino R5. To read about enhancements since 5.0 was first released, read our companion article, Enhancements in 5.0.1 through 5.0.8 . To check out the features for yourself, download a trial of Domino R5 now!]
Lotus Domino R5 brings messaging, Internet integration, and scalability to a whole new level. The new Domino server includes the latest innovations in Internet messaging, with native support for all the major Internet standards; industry-leading support for Web applications, including CORBA support and integration with Microsoft Internet Information Server (IIS); and increased server reliability and scalability, including improvements in performance, capacity, availability, and maximum database size. In addition, the server has a new administration interface, with a task-oriented approach that makes Domino easier to deploy, use, and manage.
Domino R5 continues to support a wide variety of clients, in addition to the traditional Notes client. Messaging features are available to Web browsers and Internet mail clients (such as POP3 and IMAPv4 clients); directory features are available to browsers and LDAP clients; discussion features are available to browsers and NNTP newsreader clients; and administration features are available to browsers as well as the Notes client. Plus, Domino continues to be the best platform for designing dynamic Web applications, and with the new Domino Designer R5, you can easily build a single application that looks and runs the same for both the Web and Notes clients.
The Domino R5 server builds on its already strong foundation for messaging and Web applications. The R5 enhancements are the next step in making Domino easy to use, and a better fit for any size of organization. "We have a broad audience of customers interested in Domino, from large enterprises down to small and medium businesses," says Craig Smelser, Director of Server Product Management. "The enterprises are more concerned with the total cost of ownership, while the smaller businesses just want a server that's easy to use. Domino R5 answers the needs of both of these different audiences."
Specific Domino R5 features include:
Internet messaging and
–Provide full-fidelity messaging for your users, with native MIME and SMTP support
–Use the new Directory Catalog to save space and provide quick name lookups
–Use new LDAP features to authenticate users in external directories and customize the directory
Expanded Web application
–Use Web clusters for high availability of Web services, expanded security options, and more
–Run Domino using the Microsoft Internet Information Server (IIS) HTTP services
–Use transaction logging for faster restarts and data recovery
–Convert to the new on-disk structure (ODS) for better performance and data integrity
–Manage users, databases, and servers with the new Domino Administrator
–Migrate users from cc:Mail, Microsoft (MS) Mail, Exchange, GroupWise, Netscape Mail, LDAP, or Windows NT with the redesigned user registration
–Use new tools for server monitoring and message management
The following sections give you a closer look at the new key features. Keep in mind that this article is only an overview of these features. For more information on Domino R5, see our interview with John Banks-Binici, development manager of messaging and directories; our interview with Russ Holden, project leader of the database team; and our interview with Art Thomas, project leader of administration. In addition, look for more in-depth information on each feature on Notes.net in the months ahead.
Domino R5 focuses on making the best messaging server even better. "We're aligning ourselves with Internet standards, and allowing users to be completely interoperable with the rest of the world," says John Banks-Binici, development manager of messaging and directories. "Notes mail is now Internet mail in R5."
In fact, Domino R5 allows all types of clients to enjoy full-fidelity Internet messaging. With support for native MIME content and native SMTP routing, Domino now integrates the features that previously required a separate message transfer agent (MTA). The native support means that conversions between Notes format and Internet format are no longer required. In addition, the server includes a new Directory Catalog for faster name lookups, and expanded LDAP support for more directory features. (For an in-depth look at the Domino R5 messaging and directory features, see our interview with John Banks-Binici.)
To allow messages to be more than just plain text, the Multipurpose Internet Mail Extensions (MIME) standard "extends" the format of messages to allow for audio, video, international character sets, and multi-part messages. Most Internet messages are stored in MIME format. Now with R5, all Notes messages are stored as either Notes Rich Text or MIME, and Domino translates dynamically between the formats as needed. This means that Notes users can send mail to and from Internet users with no loss of fidelity. (You may remember that Domino R4.6 allowed MIME messages to route through the Notes infrastructure without losing their original format, so that POP3 or IMAP clients could retrieve the original MIME message. R5 extends the format to Notes clients.) In addition, Domino supports S/MIMEv2 for secure Internet mail delivery, including encryption and digital signatures.
To transfer mail reliably and efficiently, the Simple Mail Transfer Protocol (SMTP) defines mechanisms for relaying mail between networks on the Internet.Previously, you would configure the SMTP MTA on a few dedicated Domino servers to act as gateways for your Internet mail, converting Notes mail to Internet mail, and vice versa. All Internet mail needed to transfer through these servers. With Domino R5, you no longer need to install a separate MTA. All Domino servers now have native SMTP capabilities, so all servers can transfer mail directly to and from the Internet. Also, as mentioned above, conversions to and from MIME are no longer necessary since the R5 client can send and receive native MIME messages. (Of course, the server can still convert messages for pre-R5 clients.) Domino also supports Extended SMTP (ESMTP) for delivery notifications for Internet messages-for example, reporting whether deliveries are successful, fail, or are delayed. In addition, Domino R5 allows you to secure SMTP connections using TCP/IP or a TCP/IP port secured with Secure Sockets Layer (SSL). You can require a name and password either unencrypted over TCP/IP or encrypted over SSL.
Domino R5 also supports native Internet addressing, based on the Internet RFC821/822 standards for mail addresses. RFC821 specifies an address of localpart@domain, while RFC822 adds a "phrase" portion to the address that looks like "phrase" <local part@domain>. In Domino R5, the phrase portion of the address contains the user's distinguished name for backward compatibility (for example, "Joe Smith/Acme" <firstname.lastname@example.org>). To generate the Internet address portion (email@example.com), Domino now includes a new Internet Address field in each user's Person document. When you upgrade to Domino R5, you can use the Internet Address tool (on the People & Groups tab) to fill in the Internet Address field for all Person documents in which the field is blank. In addition, you can populate the new Internet Address fields during user registration. The following screen shows the new Internet Address tool:
Figure 1. Set Internet Address tool
Finally, Domino R5 includes some exciting enhancements to the mail router, so you can now:
- Control who can route documents over a given size, and when
- Configure the router to obey database quotas
- Use anti-spam controls to prevent unwanted mail from being forwarded through your domain
- Allow users to connect and "pull" mail using temporary network connections-for example, when dialing into an Internet Service Provider (ISP)
- Enjoy a greater amount of concurrency, with support for multiple sessions to the same destination, multiple delivery threads, and synchronous mail delivery agents (For more information on these new mail agents, see "Out of the Inbox: Mail processing with the new R5 mail agents.")
To supplement your messaging needs, Domino R5 includes robust directory services, including the Domino Directory (previously known as the Public Address Book), Directory Assistance (previously known as the Master Address Book), and the new Directory Catalog for providing quick name lookups. The Directory Catalog is a compressed version of one or multiple Domino Directories, which improves the speed of name lookups and name resolution for all organizations. For example, if a user addresses a message to "Julia Smith," Domino can quickly fill in her full address.
You can also use this same Directory Catalog for mobile users to access locally for type-ahead, name lookups, and local LDAP searches. "We needed a way to allow disconnected users to have at their fingertips, access to the directory-to look up names, and so on," explains Banks-Binici. "We've always had the lead in disconnected use, so the Directory Catalog was the next logical step to take."
The Directory Catalog is highly scaleable, but has a very small footprint, so the directory requires significantly less disk space. For example, a combined Iris/Lotus/IBM worldwide Directory Catalog (with around 400,000 names) is only about 55MB (100MB with a full-text index). In fact, the Directory Catalog can contain millions of entries. To keep a Directory Catalog small, entries contain only a subset of the full record, with the default being the minimum set of attributes necessary for mail routing. In order to give users seamless access to fields unavailable in the Directory Catalog, the enhanced Directory Assistance feature redirects the query to the full record in the original Domino Directory when necessary. The following screen shows the Configuration document for the Directory Catalog, with the minimum fields required for mail routing:
Figure 2. Directory Catalog Configuration document
Domino R5 expands its support of the Lightweight Directory Access Protocol (LDAP), which makes the Domino Directory available for searching over TCP/IP. Domino now supports LDAPv3 with authenticated read/write access. This means that, for example, you can use the LDAP write operations to make changes to the Domino Directory through an LDAP client. In addition, the Domino Directory scales to support at least one million registered users in a single domain.
For authentication, you can now use LDAP to authenticate users in external directories, and to authenticate members of a group. For example, you can use an external directory to check passwords and X.509 certificates for your Web applications. You simply define a trust relationship in Domino's Directory Assistance database (previously called the Master Address Book). Then, users can use the LDAP-based external directory defined in Directory Assistance for authentication and access control information.
For customization, Domino R5 now supports the LDAP Data Interchange Format (LDIF) for importing and exporting directory information between LDAP servers. An LDIF file contains a series of records, each of which describes a directory entry. After you export a directory to a file, you can then use the file with an import utility to import its contents into another directory. For example, you can import directory entries from an LDIF file into the Domino Directory to create new user accounts during user registration. You might also export a directory to see its schema. This means that you can see the schema of the Domino Directory and modify it-for example, to add fields required in the directory by other applications. Any changes that you make to the directory are now automatically preserved, as long as you follow the rules for schema extension outlined in the Administration Help.
For running your Web applications, Domino R5 includes an updated HTTP engine, enhancements to clusters (so you can provide high availability for Web browser clients), expanded security options, and other Web server enhancements. Or, you can run Domino on top of Microsoft IIS, to combine Domino's application services with the HTTP services of IIS.
Domino R5 unveils support for the Common Object Request Broker Architecture (CORBA) and Internet Inter-ORB Protocol (IIOP), so you can build robust, distributed applications. The Object Request Broker (ORB) technology and Java allow you to create client applications that are dynamically loaded from the server with transparent access to the server-side "Domino Object Model." While Notes client applications have been able to access Domino objects for quite some time, CORBA/IIOP support in Domino R5 expands this access to Web clients. Your primary access to this ORB is through Java applets or applications. For example, you can place a custom Java applet on a form and have that applet access objects in either the Notes client or a Web browser. For the Notes client, you're actually using the local Java interfaces. For the browser, you're using the CORBA-remote objects-that is, the applet uses IIOP to connect back to the ORB on the server.
"We're moving a lot of the processing that happens on the server over to the client," explains Gary Devendorf, product manager of languages. "CORBA allows you to create client-side objects that 'talk' IIOP across the wire to the server-side ORB, which is hard-wired to our own back-end classes for better performance. The main purpose is to offload the server by projecting its services to the client. Browser applications can then execute locally with the context of the Domino server, so for instance, you can interact with your server-based mail locally, without involving the server in each user transaction."
Figure 3. Java editor in Domino Designer
Finally, Domino R5 also includes the new Domino Enterprise Connection Services (DECS) for building live links between Domino pages and forms, to data from relational databases. To set up the links, you simply use the DECS template application to identify your forms and fields that will contain external source data, and to define the real-time connection settings. You can set up connections for DB2, Oracle, Sybase, EDA/SQL, and ODBC. A Domino server add-in task passes the real-time connection instructions to the Domino Extension Manager, which monitors the server for your user-initiated events. When events are intercepted (such as a query for data), the Extension Manager transfers the query to the external source, which performs the query on the behalf of the end user. Results are presented to the user in real-time, as if the data were stored natively in Domino.
Domino R5 supports clusters for Web clients, which means that you can provide increased availability and scalability for your Web applications. Not only will Web browser requests failover to another server in the cluster when one server goes down, but Domino clustering provides load balancing across all servers in the cluster. The Internet Cluster Manager (ICM) is the new Domino server task that acts as an intermediary between the Web client and the servers in the Web cluster. Web clients direct requests for databases to the ICM, and then the ICM determines the best server to receive the request based on the server availability and workload. Since cluster replication keeps all database replicas synchronized, the replicas appear to the user as a single, highly available database. You can also use Domino with OS-level application clusters, such as the Microsoft Cluster Server (MSCS). For more information on Domino R5 cluster features, see the article, "Domino R5: The Domino Internet Cluster Manager."
As for security options, Domino R5 integrates SSLv3 and X.509v3 certificates. Users accessing the Domino server over any supported Internet protocol can now use SSL for certificate-based authentication and encryption. You can issue X.509 certificates to Notes users, or you can use X.509 certificates instead of Notes certificates. Notes clients can then use these Internet certificates for secure access to Web servers (SSL) and for secure Internet mail (S/MIME). Domino R5 also supports VeriSign Global Server IDs that negotiate a 128-bit cipher when communicating with international browsers and servers over HTTP, NNTP, LDAP, IMAP, and POP3. (Previously, Domino supported the Global Server ID only on HTTPS.) Separate key rings for SSLv3 are supported for each Domino virtual server. This means that each virtual server can have its own certified identity, and can authenticate its users with its own set of certificates.
As mentioned earlier, you can now authenticate Web users from external directories over LDAP, and you can use a third-party Certificate Authority for generating X.509 certificates. New session-based authentication allows you to authenticate a Web user using a name and password for the current user session. For file-level security, you can now implement access control for HTML, image, and other types of files in the file system, similar to other Web servers. In addition, to ensure security across your Domino infrastructure, you can use password quality testing. When registering users, you can now specify one of several password quality levels. The higher the level, the more complex the password phrase needs to be.
Domino R5 also includes:
- The Domino Server Application Programming Interface (DSAPI) for writing your own extensions to the Domino server, such as a program that performs custom authentication
- Support for caching of Domino pages and elements by proxy servers and browsers
- Logging of the IP address or host name of the server that Web users request (useful when analyzing statistics for virtual servers)
- Options for specifying when to create new Web log files (the default in R5 is to create new files daily)
- Support for HTTP 1.1 byte-range serving (allowing users to download files in sections rather than all at once)
- Automatic configuration for maximum HTTP performance based on the type of applications you are running, such as Web Mail, Web Applications, or Both Mail and Applications
Domino provides numerous services to support Web applications, such as security, replication, messaging, clustering, and more. Serving up Web pages through an HTTP stack is one of these services, which in R5, Domino will allow Microsoft IIS to provide. In R5, you will be able to run Domino using Microsoft IIS to handle HTTP requests, use Domino to serve dynamic and secure Web pages, and still use all of the Domino application services (like replication, security, indexing, messaging, and more). When you configure Domino to use IIS as its HTTP stack, IIS fields all URL requests, calling Domino to process URL requests for Domino pages (indicated by URLs that include the extension ".nsf"). You can run the Domino server and its tasks (such as, routing and replication) at the same time that IIS is running.
Domino R5 also marks the culmination of two years of behind-the-scenes work to improve the server's reliability and scalability. Key database goals were to improve database integrity, reduce I/O costs, improve CPU and memory utilization, improve scalability, and address database management weaknesses. (For an in-depth look at the database improvements in Domino R5, see our interview with Russ Holden, project leader of the database team.)
With transaction logging, Domino now allows for 24x7 online server backup and recovery support-so you no longer need to shut down Domino servers in order to maintain them. A transaction log provides a sequential record of every operation that occurs (sequential writing on disk is much faster than writing in various places on disk). Logging helps to ensure complete data integrity for updates and enables you to perform incremental database backups. You no longer need to run DbFixup on databases to recover information; you can instead use the logs to replay all the changes and bring databases up-to-date. Support for online database backup and media recovery, including point-in-time media recovery, is available via new API functions. Lotus is working with major backup vendors to provide these backup and recovery features in their products when R5 is made generally available.
To take advantage of the transaction logging, you must upgrade databases to the new R5 on-disk structure (ODS) format. Note that upgraded databases are still accessible to pre-R5 clients, and can replicate with pre-R5 servers. When you convert to the new ODS, you gain better performance and data integrity, as well as new database properties that were not available for R4-format databases. For example, you can now create databases that don't maintain unread marks. Operations performed by R5 databases require considerably less I/O than their R4 counterparts. In addition, with the new ODS, you gain online, in-place compaction. This means that when you compact a database, the compaction occurs in-place, meaning that your server doesn't require extra disk space. Also, users can continue to work in the database during the compaction.
Performance improvements include:
- Faster view updates and rebuilds
- Better mail server performance and availability (because of support for multiple mail.box databases)
- Faster name resolution (because of the implementation of a NameLookup cache)
- Better use of memory and I/O
Preliminary performance numbers show performance increases in the area of 3-5 times over the current published benchmarks (Notes, HTTP, IMAP, view rebuilds, and so on). On Enterprise-class UNIX server configurations, the results will exceed 10 times the R4.x benchmarks. As mentioned earlier, a single Domain Directory can now exceed one million registered users (it was 150,000 for R4.x), while the Directory Catalog can support millions of entries. In addition, R5 databases can be up to 64GB in size (up from 4GB in R4.x).
Administration in Domino R5 has a new face-that is, a new, task-oriented interface. "We took a step back to look at what we have today on the server administration panel," says Art Thomas, project leader of administration. "The Domino server is very feature-rich and customizable, so our goal was to make all of that functionality easily understandable and maintainable, and I think we've hit the mark." (For an in-depth look behind the administration improvements in Domino R5, see our interview with Art Thomas.)
The new administration interface, called the Domino Administrator, includes task-oriented panes for managing the people, databases, and servers in your organization. One of the tasks on the new Administrator is user registration, which now allows you to easily migrate users from cc:Mail, MS Mail, Exchange, GroupWise, and Netscape Mail, or to register users from Windows NT, an external LDAP directory, or a text file. The Domino Administrator also includes new tools for monitoring and message management.
Additional administration improvements make it easier for you to manage users. For example, you can now centrally modify client configurations (you could set them up in R4, but you couldn't update them), choose what server the client connects to during setup, and centrally configure the users' desktops. If users lose, damage, or forget the password for their ID, you can now recover their ID files for them (instead of having to issue a new ID). During user registration, you can now specify password quality levels for ID files. The higher the level, the more complex the password phrase needs to be. In addition, you can now assign primary and alternate names to users. This way, users can have a primary name that is internationally recognizable and an alternate name that is recognizable in their own native culture.
Finally, you can set up robust searching for users, with searches across all the databases in a domain, as well as the file system. By incorporating ACLs into the search, users only get results for the Notes documents to which they have access. The Search results are formatted to look like the results from the major Internet search engines. Domino R5 can index attached documents in a variety of formats, including Adobe Acrobat PDF, Word, WordPerfect, WordPro, 1-2-3, Excel, Freelance, PowerPoint, and more. With the new Domain Catalog, you can also categorize all documents in the domain regardless of where they are located, according to a single hierarchical scheme or taxonomy. Users can then browse through the resulting content map. For more information on the search features in R5, see "Domino R5: Domain Search."
The new Domino Administrator makes your job easier, because it's organized around the tasks you need to do, such as move databases to a different server, or change the ACLs on multiple databases at once. To open the Domino Administrator, click the Domino Administrator bookmark from within Notes R5:
Figure 4. Administrator bookmark
Also, you can choose File - Tools - Server Administration, or click the Administrator icon on your desktop. When you launch Domino Administrator the first time, it automatically populates a bookmark with all the servers in your domain. You can also view servers by cluster, network, hierarchy, release, and operating system, as shown here:
Figure 5. Domain bookmark in Domino Administrator
The Domino Administrator organizes Domino administration tasks into "areas" by placing them on separate tabs. You can use the tabs to quickly switch from people and group management, to file management, to server, messaging, replication, or configuration management. If you're working in an administration area for a particular server, you can quickly switch between servers by clicking on a new server in the bookmark. So, for example, you can view the databases on Server A, and then quickly view the databases on Server B with a single click of the mouse. In addition, many of the tabs have tools that appear on the right side of the Domino Administrator. The following screen shows the Files tab of the new Domino Administrator, which includes disk space information, folder tools, and other database tools:
Figure 6. Files tab
You can also now use drag-and-drop to manage your domain. To change a user's home server, simply drag-and-drop their name onto the new server. In addition, you can drag-and-drop databases across servers, create replicas across multiple servers at once, and make multiple ACL changes to multiple databases at once.
The Domino Administrator also includes:
- Administration Process support for moving mail files between servers, cross-domain requests, and third-party requests created with the Administration Process APIs
- A tool for analyzing what you need to do to decommission a server (located on the Servers/Analysis tab). For more information on this tool, see "Notes from Support: Decommission your Domino server."
- Topology maps to graphically display your mail routing and replication topologies (similar to NotesView maps). The topology maps display on the Messaging/Mail and Replication tabs, respectively.
From the People & Groups tab on the new Domino Administrator, you can easily manage users and groups. One aspect of this is the redesigned user registration, which allows you to easily register users from other directories-whether those directories are from cc:Mail, MS Mail, Exchange, GroupWise, Netscape Mail, Windows NT, or another LDAP directory. Domino R5 also includes the registration API calls, so you can integrate your own migration tools. (For an in-depth look at the migration tools, see our interview with Mike Brown, the developer of the Exchange migration tool.)
When registering users, you can select to migrate people and groups from a foreign directory source. You can choose to migrate individual users and groups, or all of the available users and groups in the foreign directory. Advanced options allow you to tweak the mailbox and name features, according to the type of directory. In addition, you can select to convert mail files to Notes mail (if applicable), generate random passwords, use the mail file provided, or use the fullname provided as the primary Notes user name. The following screen shows the new dialog box for migrating people and groups:
Figure 7. People and Groups Migration dialog box
After the registration completes, Domino automatically converts the users' mailboxes to Notes databases, maintaining the folder hierarchies and any calendar data. The final step is for the users to migrate their local mail data, such as private directories and archives.
In addition, the user registration dialog box itself includes enhancements, such as the ability to see all users pending registration and to sort them; the ability to save pending user registrations and complete them later; and the ability to see the registration status of the user. On the Basics page, you can specify a password quality level and the Internet address format. You can also now import a text file into the registration UI, and modify the information for imported users. On the Mail page, you can now assign mail templates to users during registration, so you can easily set up users with a customized template. You can also set the mail file owner's access level, and set database quotas and warning thresholds. Finally, you can now assign users pending registration to one or more Notes groups. Previously, many of these were post-registration tasks.
From the Servers/Monitoring tab on the new Domino Administrator, you can easily check the status of your servers and the tasks running on them. Domino R5 incorporates features from NotesView and allows you to quickly see server availability and status. You can check the tasks running on an individual server, a group of servers, or your whole domain. The interface displays indicators (icons and colors) for the status of the services running on each server, as shown in the following screen:
Figure 8. Server/Monitoring tab, Services by state
Using the updated Statistics & Events database, you can also now configure every Domino server to measure response times for TCP services (such as HTTP, IMAP, and LDAP) on any host that can be reached by TCP/IP. In addition, you can configure mail probes to be sent to various recipient mailboxes to measure delivery time. The results of these probes are stored in the Statistics database. You can set up a time interval for testing whether a service is responding, for example, every 30 minutes. Then, you can generate an event if there's a problem-and just like other events, you can be notified by e-mail, page, and so on.
The Messaging/Mail tab provides new ways to manage your messaging infrastructure. You can get quick information on shared mail usage, mail routing status, and routing events. (For more information on shared mail in R5, see "Shared mail: Today and tomorrow.") You can also analyze corporate mail usage and routing patterns with automated mail server reporting. The reports cover topics like message count by author and size, most common message routings, and volume summaries. Finally, the mail routing topology maps can help you quickly see how mail routes for any server:
Figure 9. Messaging/Mail tab, Mail Routing Topology
From the Messaging/Tracking Center tab on the new Domino Administrator, you can monitor and track Notes mail within a single domain, or across multiple domains. With detailed message tracking, you can now query the status of messages while they are en route, and see details from each server along the way. You can use wildcards and specify that you want to see all messages for "Tom*" at a certain time of day. Also, you can use mail rules to better prioritize the messages that get routed. In addition, new Quality of Service (QOS) statistics allow you to monitor the routing of messages based on the message or network properties (such as the message size). Users can track the status of an individual message from their Sent folder, while administrators can perform more extensive queries and generate usage reports from the statistics.
Domino R5 wears many different hats, and it wears them well. As an Internet messaging server, Domino integrates the features you need for providing full-fidelity messaging for your users. In addition, it includes many exciting new directory features that you can customize for your own organization. For your Web applications, you can use the best tools for designing the applications, and then use Domino Web application services to ensure that the application is always available and secure. You can even decide to combine Domino with Microsoft IIS. Database improvements in R5 mean that you can get greater reliability, availability, and scalability out of a single server. Finally, the day-to-day administration of the server is made easy with task-oriented, drag-and-drop administration. With all the enhancements large and small, the Domino R5 server is a good investment for any organization.
5.0.1 through 5.0.8
Banks-Binici: R5 Messaging & Directories
Domino R5 database improvements
Domino R5 Administration
Domino R5: The
Domino Internet Cluster Manager
R5 Technical Overview