Active license management is not available for production use licenses at this time. Therefore, configuring a FlexNet license server for Domino 11.0.0 is not required.

References to IBM® have been rebranded to HCL for the Notes® and Domino® product family.

Flexera InstallAnywhere 2018 is the underlying install platform used as of HCL Domino® 11.

Directory Sync allows you to sync people and group data from an external LDAP directory into the Domino® directory. Currently data from Active Directory can be synced.

Domino® Attachment Object Service (DAOS) tier 2 storage enables you to use an S3-compatible storage service to store older attachment objects that haven't been accessed within a specified number of days. This feature allows you to reduce the amount of data stored on Domino servers that use DAOS. It can also improve the performance of any incremental file backups done for DAOS.

The Java™ Runtime Environment (JRE) that comes with HCL Domino® 11 and HCL Domino Designer 11 is now Eclipse OpenJ9 that is provided through AdoptOpenJDK.

On all HCL Notes® and Domino® platforms, OpenSSL 1.1.1a cryptographic libraries replace the IBM® GSKit libraries provided in earlier releases.

When SAML Notes® federated login or SAML Web federated login is the authentication method used to extract HCL Notes ID files from the ID vault, the value for the ID Vault policy setting Allow automatic ID downloads is now ignored. (This setting is in the ID vault tab of a Security Settings policy document).

You can configure HCL Domino® to use the password in an ID vault to authenticate web users that access the server.

The following components are no longer included in HCL Domino® 11.

See the article Domino 11 documentation updates for any significant corrections or other updates to this documentation.

Accessibility features help users who have a physical disability, such as restricted mobility or limited vision, to use information technology products.

Because Domino Administrator Help is a Notes application, you can use familiar Notes gestures to find information.

Perform a new or upgrade install of one or many Domino® servers.

Use this documentation to upgrade the existing Domino® server and subsequently upgrade the Notes® client to a new release. You can also upgrade additional clients such as Domino Administrator and Domino Designer clients and additional features and plug-ins such as the embedded HCL Sametime® client.

Use this as a tool when planning how to integrate HCL Domino® into your existing environment.

Servers must connect to each other to exchange data, for example to replicate databases and exchange mail. You can create connections between servers across a local area network (LAN) or wide area network (WAN), by using a pass-through server (a server that acts as an intermediary server between a client and its destination), or over the Internet. Create a Server Connection document whenever you need to establish any new or additional server connections. You can modify this document when necessary.

HCL Domino® provides a range of directory service features.

HCL Domino® offers you considerable flexibility in configuring your mail system infrastructure, allowing you to use HCL Notes® routing, SMTP routing, or both, for internal and external messages.

When planning a cluster, it is important to consider the performance and ability of your hardware. The cluster must have enough CPU power, memory, and disk space to handle the cluster traffic and the number of databases and replicas required.

The default TCP/IP configuration for an HCL Domino® server is one IP address that is globally bound, meaning that the server listens for connections at the IP addresses of all NICs on the computer. Global binding works as long as the computer does not have more than one IP address offering a service over the same assigned TCP port.

The HCL Domino® network is compatible with NetBIOS, a set of IBM® session-layer LAN services that has evolved into a standard interface that applications use to access transport-layer network protocols.

The HCL Domino® mail system has three basic components: Domino mail servers, Domino mail files, and mail clients. The Domino mail server is the backbone of an organization's messaging infrastructure, acting both as an Internet mail server and an HCL Notes® mail server. Domino provides standards-based Internet messaging through its support of the Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3), Internet Message Access Protocol (IMAP), and Multipurpose Internet Mail Extensions (MIME). At the same time, Domino supports Notes mail through the use of Notes routing protocols -- Notes remote procedure calls (NRPC) -- and the Notes rich text message format.

Use the references listed here to plan for, install, upgrade to, and configure the HCL Notes® client.

An important aspect of planning security for your Domino® environment is understanding the tasks and features involved with securing each type of resource.

This section presents the planning concepts and setup procedures necessary for a successful HCL Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.

Topics in this section describe how to set up users and servers.

You should rarely, if ever, need to modify a server's or client's NOTES.INI file. The NOTES.INI file contains many settings that Domino® and Notes® rely on to work properly. An accidental or incorrect change may cause Domino or Notes to run unpredictably. Therefore, you should edit the NOTES.INI file only if special circumstances occur or if Support recommends that you do so.

This section describes how to plan, set up, and use HCL Domino® directory services.

This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.

HCL iNotes® provides HCL Notes® users with browser-based access to Notes mail and to Notes calendar and scheduling features. Administrators specify mail policy and security policy settings as well as notes.ini file settings to complete the full implementation of HCL iNotes.

This section describes how to set up the HCL Domino® Web server, and the Domino Web Navigator.

Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.

Setting up security for your organization is a critical task. Your security infrastructure is critical for protecting your organization's IT resources and assets. As an administrator, you need to give careful consideration to your organization's security requirements before you set up any servers or users. Up-front planning pays off later in minimizing the risks of compromised security.

To control user and server access to other servers, Domino® uses the settings you specify on the Security tab in the Server document as well as the rules of validation and authentication. If a server validates and authenticates the Notes® user, Internet user, or server, and the settings in the Server document allow access, the user or server is allowed access to the server.

Every .NSF database has an access control list (ACL) that specifies the level of access that users and servers have to that database. Although the names of access levels are the same for users and servers, those assigned to users determine the tasks that they can perform in a database, while those assigned to servers determine what information within the database the servers can replicate. Only someone with Manager access can create or modify the ACL.

Domino® uses ID files to identify users and to control access to servers. Every Domino server, Notes® certifier, and Notes user must have an ID.

You use an execution control list (ECL) to configure workstation data security. An ECL protects user workstations against active content from unknown or suspect sources, and can be configured to limit the action of any active content that does run on workstations.

You can set up a Domino® certifier that uses the CA process server task to manage and process certificate requests. The CA process runs as a process on Domino servers that are used to issue certificates. When you set up a Notes® or Internet certifier, you link it to the CA process on the server in order to take advantage of CA process activities. Only one instance of the CA process can run on a server; however, the process can be linked to multiple certifiers.

Secure Sockets Layer (SSL) is a security protocol that provides communications privacy and authentication for Domino® server tasks that operate over TCP/IP.

Clients can use a Domino® certificate authority (CA) application or a third-party CA to obtain certificates for secure SSL and S/MIME communication.

Encryption protects data from unauthorized access.

Name-and-password authentication, also known as basic password authentication, uses a basic challenge/response protocol to ask users for their names and passwords and then verifies the accuracy of the passwords by checking them against a secure hash of the password stored in Person documents in the Domino® Directory.

Multi-server session-based authentication, also known as single sign-on (SSO), allows Web users to log in once to a Domino® or WebSphere® server, and then access any other Domino or WebSphere servers in the same DNS domain that are enabled for single sign-on (SSO) without having to log in again.

Federated identity is a means of achieving single sign-on, providing user convenience and helping to reduce administrative cost. In Domino® and Notes®, federated identity for user authentication uses the Security Assertion Markup Language (SAML) standard from OASIS.

In this release, the on-premises Domino® server can use a credential store application (credstore.nsf). The credential store is a secure repository for document encryption keys and other tokens necessary for Notes® client users to grant access to applications that use the OAuth (open authorization) protocol. OAuth allows user credentials to be shared with compliant applications so that users avoid extra password prompts.

Topics in this section describe the tools you can use to administer a Domino® server.

This section describes how to use the tools and features that help you monitor a Domino® system.

Manage Domino® servers by performing any of these tasks.

Topics in this section describe how to set up and manage Domino® databases.

Domino® server resource utilization can be separated into two types, system activity and user activity. System activity, which includes the level of processor, disk, memory, and network consumption that Domino generates to keep the server running, is a fixed amount of activity, as long as systems are healthy and performing smoothly. Domino servers typically use a modest percentage of their resources to run. The remaining server capacity is used to support user activity, which varies with the usefulness of the data on the server.

Server.Load is a capacity-planning tool that you use to run tests, also called "scripts" and "workloads," against a targeted Domino® server to measure server capacity and response metrics.

Each time the Domain Indexer task runs, it looks in the Domain Catalog for new databases that have the Include in multi database indexing property enabled. It then looks for documents and files in existing databases and file systems that are new or changed since the last time it ran, and adds them to the Domain Index.

Read the following topics for help on improving basic Domino® server performance and capacity, as well as the performance of these features: Agent Manager, databases and the Domino directory, the directory catalog, LDAP searches, mail, Web server, and UNIX™ server.

After you set up the Domino® Web server and make sure that it runs properly, check the server's performance and response time.

Domino® includes features that improve efficiency in specific environments, but these features may not be switched on by default.

Advanced database properties include performance optimization and compression features, as well as ways to manage usability features such as unread marks and soft deletions.

Three categories of Domino® cluster statistics help you analyze clusters

If the Domino® Administration client workstation performs at 100 percent CPU utilization for a long period of time, the Server Health Monitor discards server statistic data to keep up with the workload.

Troubleshooting is a systematic approach to solving a problem. The goal of troubleshooting is to determine why something does not work as expected and how to resolve the problem.