With all the new support for Internet standards, there's plenty of incentive for new customers to consider the soon-to-be-released Domino 4.6 server for their Internet platform. But beyond assembling the appropriate arsenal of protocols, this new version may just race to the front of the pack, thanks to its much easier administration, monitoring and management. There's a brand new, Web-friendly server setup, a browser-based administration tool, a faster HTTP server, support for server-side Java agents, better integration with Windows NT, and lots of bundled applications and templates for easing tasks like setting up a basic Web site or enabling mail and discussions.
What's most significant about the Domino 4.6 server?
Sue Nesson: Well, certainly the introduction of new Internet standards support for LDAP, IMAP, and NNTP is important, but people tend to focus on standards support as the key thing because it's easy to do a checklist. In fact, what these enhancements are really about is making the server easier to set up and control in an inter-networked enterprise. And, each of these new protocols helps make management easier: LDAP provides a common directory environment; IMAP allows IMAP mail clients to be part of the managed Notes mail environment; and NNTP gives you a tightly integrated means for getting news readers into discussions. Additionally, the new server offers much better security for the Web via support for SSL 3.0. And, of course, there's lots of new functionality in the HTTP arena: a faster server; support for HTTP 1.1; and support for great new Web-oriented features in the Notes Designer for Domino, which allows you to create even more powerful dynamic Web applications.
What else is there that's new for administrators?
Sue Nesson: The things that are really exciting, I think, are the new graphical tools for installing and administering the server as a single server, not a bunch of loosely connected ones. This includes a new Web-based tool for administering your server from a browser.
The other feature that's really worth looking into is the support for Java classes, so you can access Notes objects using Java. In addition to that, users running the Web server can also run Java servlets or Java CGI programs.
So, with support for Java classes, I can write server agents in Java?
Bob Balaban: Right. You can create all the kinds of agents previously done in LotusScript in Java, so you can call on your resource pool of Java programmers and you can make use of all the language features of Java like multithreading, for example. You can write applications or agents that spin off as many threads as you need. If you want to write an application that goes out and crawls the Web and pulls data into a Notes database, you can do that. And you can have it be a multithreaded application, so one thread goes and looks over there, and another over here, and all the processing is happening in parallel.
But my LotusScript agents will still run, too?
Bob Balaban: Of course, because we're still supporting LotusScript. In fact, it's being enhanced through the new Notes Designer, which has more than 20 new LotusScript classes and events.
What's the difference between a Java servlet and a Notes agent?
Bob Balaban: People are doing things like servlets in CGI on Web servers. Servlets and agents are alike in that you write a Java program that a Web server can kick off, but agents are better because they live in a Notes database, which makes them part of the application that can be replicated and have security attached -- two things that servlets don't have. Agents can run either with the privileges of the agent designer, or they can assume the identity of the invoker. Servlets can't do either. Agents are part of your unified application design, so if your design is in a database, and that database migrates to another server, then everything goes with it.
But the Web server also supports Java CGI and Java servlets? What's the difference between these?
Bob Congdon: The Java CGI in the Web server allows Java applications to be run on the HTTP server in a similar fashion to CGI programs written in other languages. As for the difference, both are written in Java and can be used to respond to HTTP requests, but they are invoked differently. A CGI program is invoked in a separate process, executes and then exits. A Java servlet is loaded at server initialization time and stays resident in the server's Java Virtual Machine (JVM). It can respond to requests much quicker since it doesn't need to wait for the JVM to be loaded. Also, multiple concurrent requests can be satisfied by servlet threads inside the same JVM. Plus, a servlet can take better advantage of JVM optimization such as JIT (Just-In-Time) compilation, which improves performance.
Bob Congdon: Web server architect
Can all my Notes 4.5 databases and applications run on the 4.6 server?
Bob Balaban: Yes, and you can then edit them using the new design client.
Why should Java developers check out the new Java classes?
Bob Balaban: With the Notes Designer, you can write stand-alone Java programs that make use of our Notes objects, and they can have their own UI and be their own program. By providing a Java API, you can do amazing things in application development that you can't do with any other object library that's out there. For example, you can write server admin programs that do their own user interfaces. They can use the nice built-in Java classes for talking to the network or to Web sites. If you're developing Web applications using Domino, you usually end up writing some agents to process input on the server. Now, you can write those agents in Java.
Bob Balaban: Programmability team leader
How much faster is the HTTP server?
Ned Batchelder: While there are lots of industry benchmarks for serving static HTML out of the file system, there is still no industry-standard benchmark for measuring dynamic serving. As everyone knows, the Domino server uses code from IBM for its HTTP stack. Formerly known as ICS, it was recently compared to other HTTP servers by Infoworld, and won the comparison by a fairly significant margin.
The new HTTP stack in Domino is a variant (ICS version 4.2+) of the IBM code reviewed by Infoworld, so on static file system serving, you can expect the same results shown there. Of course, the performance gains will also be felt in Domino's dynamic serving capabilities, but dynamic serving measurements are harder to quantify without specific applications to measure.
Ned Batchelder: Web server architect
What else have you done to improve Domino as an HTTP server?
Colleen Griffiths: Well, in terms of the total project, this is really our biggest one to date for the Domino Web server team -- even bigger than our first effort to build release 1.0 of Domino, which shipped in July of '96.
We integrated a completely new Web server from our partners at IBM Raleigh. It's much faster than the one in previous versions of Domino. We added support for SSL 3.0, so users can create more secure applications because the server can now authenticate users via SSL 3.0 certificates. Working with the Notes Designer for Domino team, we helped provide a user interface for many of the features in Domino that could only be enabled by knowing some tricks (like $$ViewBody, etc.), and we added lots of new features as well. For example, we made it easier to design applications for both Notes clients and Web clients with the advent of "hide-from-Notes" or "hide-from-Web" checkboxes. Or, another example is the new button behavior we designed, which takes advantage of Javascript-enabled browsers, and offers application developers the capability to have multiple buttons on forms.
We also improved our logging functions for our ISP community, so they can get to more accurate data for billing purposes. In the area of templates, the new Web mail template offers the ability to do free-time search and name lookup from Web browsers. In addition to the Web mail template, we also spent some time developing some really excellent templates and samples that download as part of the product. You can use these to get up to speed with doing Web things, like creating framesets and Web pages, home pages and other cool things really quickly.
Colleen Griffiths: Project Leader for Domino Web Application Server and Design Environment
What have you done to improve the setup and configuration process?
Jim Cunningham: The main thing we've added is the ability to set up a new Domino server using the new Setup database. It's a 4-step, point-and-click interface with on-screen instructions. You get a choice of using either the Quick and Easy method for faster setup using defaults, or the Advanced method, which allows you to specify the full range of server parameters. You can interrupt setup at any time, save your settings, and return to the same point later to continue setup.
How did you go about getting the install down to so few steps?
Jim Cunningham:
Our auto-detection routines allowed us to capture most of the pertinent information without much need for user input, which meant we could streamline the screens we had to present. Some of the data was recycled from the installation process, like user name and company, and some was obtained by reading machine settings like ports and TCP/IP settings. Since there are fewer questions, there's less chance of user-input errors. In fact, you can actually complete setup by just confirming all the screens and be done in four clicks. Users familiar with Notes or comfortable with server complexities can choose the Advanced path, and have all the editable details on one screen. One thing we're looking at is adding a "Revert" button to revert to defaults.
Jim Cunningham: UI Designer
Plus, you can now administer the server from a browser, right? What drove that idea?
Tom Hoey: We figured since we're selling the server separately, the Notes client wouldn't be available to a lot of shops that run HTTP. So, the best way to let people administer the server is through a browser, which is on everybody's desktop. We also knew that people are used to seeing a lot of bitmaps and easy-to-use graphics through the browser, so these were the two things driving the design.
Tom Hoey: Web administration tool developer
What does the browser administration tool do?
Tom Hoey: You can pull up a browser, like Internet Explorer or Netscape Navigator, and monitor the different parts of the server -- like mail, server memory and disk space. You can also manage users and groups and so forth, and see the status through graphics like pie charts, as opposed to raw numbers.
How is it implemented?
Tom Hoey: We created Java applets for each of the tasks, using a combination of Java scripts, HTML, and lots of bitmaps and .GIF files, which are then all contained within a Domino document. That's what's cool about it -- everything, including the Java applets, are contained within the new database WebAdmin.nsf, so we're using the power of Domino to create the application. Then, it becomes part of a database with replication and all the stuff Notes does.
What does the user see?
Tom Hoey: It's an application with its own user interface and separate navigation areas for each task or Java applet. You can select whether you want to see buttons or a drop-down list. There are graphical tools that you can glance at to monitor, say, mail statistics. Things like mail waiting appear as a dash board with a needle that goes up to 100, for example.
Which tasks can I monitor?
Tom Hoey: This is really just a beginning list of what we felt were the most essential things: Mail status, server memory and disk space, Web server statistics, and the server console, server log information, and event and statistics reports. You can also manage users and groups. And, you can manage database access control lists (ACLs), and view database usage and sizes.
It sounds like it's intended to be used by people with less technical experience?
Tom Hoey: Yes, the security actually assigns three kinds of roles because in most companies, the person who manipulates ACLs, for example, might not be the same person you want monitoring the server. So, as the overall server administrator, I can make the Webmaster in charge of managing users and groups, allow a designer to change ACLs, and let an administrative assistant see what's going on with the server at a visual level and that execs are getting their mail.
How hard was it to get it to work with two different browsers?
Tom Hoey: Not very, because we used the power of Java and the fact that if you write it once, it runs everywhere. And for the most part, that's really true with just a few glitches here and there. You can just code it once for all the platforms -- in our case, Macintosh, Alpha, NT, Windows 95 and OS/2, and it all works the same way.
Are you limited in any way by the clients being browsers?
Tom Hoey: The hardest part was making the graphics look nice -- you can't get too fancy with the look because the browser can't support all the colors. On the other hand, there aren't any other administration tools out there that can do this.
Will you do more admin Java applets?
Tom Hoey: Sure, if we get good feedback. This is just a start in introducing applets to the world of administering Domino servers, but you can have lots of other tasks. You could have one for replication that is very wizard-like in terms of being easy and fill-in-the blank, so you could click on it and everything having to do with replication would be there. Or for databases, you could have items like size, ACL changes, and so on, all done in forms, so you could just click Next, Next, Next.
What about the new support for IMAP4?
Greg Pflaum: Our new IMAP server component is yet another way that users can access their mail on a Domino server, adding IMAP clients to Notes clients, POP3 clients and web browsers using HTTP. POP3 is the dominant mail client protocol on the Internet today, but IMAP offers more functionality and will become increasingly popular. The IMAP protocol has been around since 1988, and the IMAP4 protocol RFCs started in 1994, but IMAP servers and clients are only recently becoming widely available.
Did the limited number of IMAP clients make it difficult to develop a server?
Greg Pflaum: In theory we just needed to make sure our implementation followed IMAP RFC 2060, and all the clients should work with us ok. But in fact most of the IMAP clients available in the market are pretty rough around the edges, malfunctioning and crashing, so we were constantly comparing their behavior to the RFC to determine whether the problem was with the client or with our server, or whether we were dealing with a grey area of the specification. And if the problem was a buggy or poorly implemented client, we had to decide whether to stay strictly with the spec or write code to work around the clients' problems.
Another problem was that, while the IMAP protocol supports a simple form of client/server replication, only a couple IMAP clients have implemented it, and they haven't done it particularly well. It's clear that it will be a long time before they have the power that Notes replication has, with features like selective replication and field level replication. Partly that's due to the limitations of the IMAP protocol, and partly to the difficulty in designing and implementing replication in a product.
Greg Pflaum: Network and protocol senior developer
How does IMAP fit into the Domino server?
Greg Pflaum: When the IMAP user connects to the Domino server, the IMAP task receives the connection and authenticates the user. The authentication can either use a user name and password, or it can use X.509 certificates for authentication over SSL. Even without X.509 certificates, the connection can be encrypted with SSL. Once the user is authenticated, the server opens their mail file. After that, the IMAP user can read and write mail messages, and organize them into folders.
The work to support MIME in the IMAP server meant a big increase in the use of MIME in Domino. Through enhancements to the SMTP MTA in 4.6, we also added support for full fidelity of MIME messages for POP and IMAP users. Instead of converting back and forth between Notes documents and Internet messages, we are working with the Internet message from end to end. A lot of the work we did for this MIME support in the server is going into the next major client release, which will have full native support for MIME, so this 4.6 release is a step along the way to the v5 release.
LDAP is also a work in progress. How much is useful now?
Mike O'Brien: People can load our LDAP implementation as a server task without having to install a separate server, and then use it to perform LDAP lookups into public directories on the Internet, like LDAP://ldap.four11.com or LDAP://ldap.bigfoot.com.
Also, we expose our Notes directories to the Internet, so anyone using Internet mail can send mail to people in our directories. They might send to an LDAP URL, like say LDAP://IBM.com, which takes them to a Domino server. Once they're in the directory, they can do all kinds of searches. It's up to the administrator to determine what parts of the directory are published. The power of LDAP is really in its search capability -- you can do all sorts of complex Boolean searches. We even modified our full text index on our directories to fully exploit the search capabilities of LDAP.
Mike O'Brien: Replication senior developer
Where is LDAP headed?
Mike O'Brien: We're really at step one. The reality right now is that LDAP is helping for name lookup and organizational viewing, but for real applications like synchronizing directories for supporting various applications such as payroll and the like, we're not there yet because of the schema problems. The common fields people have agreed upon are things like your Internet mail address and an X.500 hierarchy. This is only addressing Mail applications, but that seems to be working and directories are coming together. Everyone has bought off on it, although everyone still wants you to use their proprietary API that people can write programs for. They say, if you want the real power of our directory, write to LDAP and our API. Microsoft, for one, is advancing Active Directory as the directory infrastructure that ties everything together. They have an LDAP interface, but encourage you to write to the Active Directory API's. They claim this is an easier and more powerful API. That's true for us, too, because, for example, replication is not yet defined for LDAP. When it is, it won't be as functionally rich, but we'll be able to map to it fairly easily.
How hard was it to work with LDAP v. 2 -- and what advice do you have for others starting to use it?
Mike O'Brien: Some tough things we had to work around were the fact that there are no common schemas for a lot of the attributes, so we had to go out and try to figure out what was the superset of attributes that LDAP clients would be looking for. We were testing five different LDAP clients and all ask for different attributes -- some are the same attributes, but just called something else. We settled on supporting at least a minimum set. This set is commonly referred to as the Lightweight Internet Person Schema or LIPS. We will be supporting other schemas, such as VCARD, as they become finalized and standardized.
Also, international characters are a problem because LDAP only supports ASCII, so even Western European isn't supported in version 2. We do return attributes in Latin character sets. Some LDAP clients can understand and parse, and some can't. LDAP version 3 addresses this. LDAP version 3 will probably become a standard this month, and we will support it soon after.
Otherwise, our effort went fairly smoothly, because we got the LDAP version 2 reference code from the University of Michigan, which all the LDAP RFCs were based on so everyone could take the code, port it, and not have to interpret the protocol. You can get the code at ftp://terminator.rs.itd.umich.edu/ldap/ldap-3.3.tar.Z and hook it into your backend directories.
How does the NNTP server work?
Tom Galvin: You just load the NNTP server task and configure the NNTP section of the Server Configuration document. You can host both USENET discussions or discussions in private newsgroups within your organization. Domino can receive content from Internet NNTP servers, such as the USENET servers, via server-to-server replication or news feeds. Clients that support NNTP, like Internet Explorer, can participate in the discussions, too.
Tom Galvin: NNTP senior developer
What have you added to better integrate the Domino server with Windows NT?
Ken Moore: Two new NT integration features are the ability to do more complete group management, like add, modify, and delete users and security settings, and also synchronize between the NT directory and the Domino directory. You can also now synchronize passwords between NT Internet user passwords and Domino HTTP passwords.
Ken Moore: General co-manager of Domino server team
What kinds of sample applications and templates have you included?
Colleen Griffiths: Well, in 4.6, we really stuck to the obvious. Three applications you find leveraged in just about every intranet, for instance, are mail, discussions, and document-sharing libraries. So, we have templates for each of these that work well for both Web browsers and Notes clients. Beyond these, we added a template to facilitate the simple creation of a collection of linked Web pages. One feature of the template is the ability to make any page in the collection the home page, just by clicking a checkbox. In addition to the basic three, we also added a template that shows you how to set up frames in your Domino applications, several site samples that illustrate basic site configurations using text links, image maps, or tables, and of course, we refined our FAQs, and Registration samples as well. Oh, I almost forgot -- we also provide a Quick Start that walks you through using some of the new templates (like pagesw46.ntf) to make some Web pages using the Notes Designer or using existing HTML. It also shows you how to use the discussion template to create a secure threaded discussion.
Will you do more?
Colleen Griffiths: Absolutely. People should give us their feedback for other templates they'd like to see.
BIOGRAPHIES
Bob Balaban is the Programmability team leader at Iris, focusing on development of Notes objects for LotusScript and Java.
Ned Batchelder and Bob Congdon are architects on the Web server team at Iris.
Jim Cunningham implemented the Domino 4.6 server's new installation features. He joined Iris a year ago from Lotus, where he worked on Organizer and designed the UI for Lotus Team Room and Learning Space.
Tom Galvin implemented the Domino 4.6 server's support for the NNTP protocol.
Colleen Griffiths has been with Iris and Lotus for roughly 7 years, working in various product management, user interface design, and development roles. She is the Project Leader for Domino Web Application Server and Design Environment.
Tom Hoey implemented the server's new Web-based administration tool. He joined Iris three years ago from Digital, primarily focusing on back-end server projects.
Ken Moore and Sue Nesson are General Managers of the Domino server team.
Mike O'Brien implemented the Domino 4.6 server support for LDAP. He joined Iris four years ago, focusing on the Notes full text engine and replication, having implemented various V4 replication features such as field level and selective replication methods.
Greg Pflaum has been with Iris for 7 years, working in the networking area where he was responsible for writing the original protocol support for TCP/IP, AppleTalk, NetWare IPX/SPX and Banyan Vines, as well as the NT Alpha port. His first published program was a game for the Osborne 1 personal computer.
Copyright 1997 Iris Associates, Inc. All rights reserved.