Jump to main content
HCL Domino 11.0 documentation
Welcome to the HCL Domino® 11.0.0 documentation.
What's new in HCL Domino® 11.0?
Learn about all of the new features for administrators in HCL Domino® 11.0.
New Domino® licensing model
Active license management is not available for production use licenses at this time. Therefore, configuring a FlexNet license server for Domino 11.0.0 is not required.
Product rebranding
References to IBM® have been rebranded to HCL for the Notes® and Domino® product family.
New InstallAnywhere platform for Domino®
Flexera InstallAnywhere 2018 is the underlying install platform used as of HCL Domino® 11.
Directory Sync
Directory Sync allows you to sync people and group data from an external LDAP directory into the Domino® directory. Currently data from Active Directory can be synced.
DAOS tier2 storage
Domino® Attachment Object Service (DAOS) tier 2 storage enables you to use an S3-compatible storage service to store older attachment objects that haven't been accessed within a specified number of days. This feature allows you to reduce the amount of data stored on Domino servers that use DAOS. It can also improve the performance of any incremental file backups done for DAOS.
New Java™ Runtime Environment
The Java™ Runtime Environment (JRE) that comes with HCL Domino® 11 and HCL Domino Designer 11 is now Eclipse OpenJ9 that is provided through AdoptOpenJDK.
IBM® GSKit cryptographic libraries replaced with the OpenSSL equivalents
On all HCL Notes® and Domino® platforms, OpenSSL 1.1.1a cryptographic libraries replace the IBM® GSKit libraries provided in earlier releases.
Limiting ID file downloads from the ID vault is disabled for SAML federated login
When SAML Notes® federated login or SAML Web federated login is the authentication method used to extract HCL Notes ID files from the ID vault, the value for the ID Vault policy setting Allow automatic ID downloads is now ignored. (This setting is in the ID vault tab of a Security Settings policy document).
Authenticating web users against the Notes ID passwords in the ID vault
You can configure HCL Domino® to use the password in an ID vault to authenticate web users that access the server.
Components no longer included in Domino® 11
The following components are no longer included in HCL Domino® 11.
Documentation updates article on the Support site
See the article Domino 11 documentation updates for any significant corrections or other updates to this documentation.
Welcome to HCL Domino® Administrator Help.
Accessibility features for Domino Administrator
Accessibility features help users who have a physical disability, such as restricted mobility or limited vision, to use information technology products.
Using Domino® Administrator Help
Because Domino Administrator Help is a Notes application, you can use familiar Notes gestures to find information.
Use this documentation to install the HCL Domino® server and subsequently deploy the HCL Notes®client.
Installing and upgrading Domino® servers
Perform a new or upgrade install of one or many Domino® servers.
Installing and upgrading Notes® clients
Use this documentation to upgrade the existing Domino® server and subsequently upgrade the Notes® client to a new release. You can also upgrade additional clients such as Domino Administrator and Domino Designer clients and additional features and plug-ins such as the embedded HCL Sametime® client.
Use this topic as an overview of planning task.
Roadmap for deploying Domino® servers
Use this as a tool when planning how to integrate HCL Domino® into your existing environment.
Planning server-to-server connections
Servers must connect to each other to exchange data, for example to replicate databases and exchange mail. You can create connections between servers across a local area network (LAN) or wide area network (WAN), by using a pass-through server (a server that acts as an intermediary server between a client and its destination), or over the Internet. Create a Server Connection document whenever you need to establish any new or additional server connections. You can modify this document when necessary.
Planning directory services
HCL Domino® provides a range of directory service features.
Planning a mail routing topology
HCL Domino® offers you considerable flexibility in configuring your mail system infrastructure, allowing you to use HCL Notes® routing, SMTP routing, or both, for internal and external messages.
Planning a cluster
When planning a cluster, it is important to consider the performance and ability of your hardware. The cluster must have enough CPU power, memory, and disk space to handle the cluster traffic and the number of databases and replicas required.
Planning the TCP/IP network
The default TCP/IP configuration for an HCL Domino® server is one IP address that is globally bound, meaning that the server listens for connections at the IP addresses of all NICs on the computer. Global binding works as long as the computer does not have more than one IP address offering a service over the same assigned TCP port.
Planning the NetBIOS network
The HCL Domino® network is compatible with NetBIOS, a set of IBM® session-layer LAN services that has evolved into a standard interface that applications use to access transport-layer network protocols.
Messaging overview
The HCL Domino® mail system has three basic components: Domino mail servers, Domino mail files, and mail clients. The Domino mail server is the backbone of an organization's messaging infrastructure, acting both as an Internet mail server and an HCL Notes® mail server. Domino provides standards-based Internet messaging through its support of the Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3), Internet Message Access Protocol (IMAP), and Multipurpose Internet Mail Extensions (MIME). At the same time, Domino supports Notes mail through the use of Notes routing protocols -- Notes remote procedure calls (NRPC) -- and the Notes rich text message format.
Planning your Notes® client deployment
Use the references listed here to plan for, install, upgrade to, and configure the HCL Notes® client.
Planning security
An important aspect of planning security for your Domino® environment is understanding the tasks and features involved with securing each type of resource.
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
Configuring a network
This section presents the planning concepts and setup procedures necessary for a successful HCL Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.
Configuring users and servers
Topics in this section describe how to set up users and servers.
Editing the NOTES.INI file
You should rarely, if ever, need to modify a server's or client's NOTES.INI file. The NOTES.INI file contains many settings that Domino® and Notes® rely on to work properly. An accidental or incorrect change may cause Domino or Notes to run unpredictably. Therefore, you should edit the NOTES.INI file only if special circumstances occur or if Support recommends that you do so.
Configuring directory services
This section describes how to plan, set up, and use HCL Domino® directory services.
Configuring messaging
This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
Configuring iNotes®
HCL iNotes® provides HCL Notes® users with browser-based access to Notes mail and to Notes calendar and scheduling features. Administrators specify mail policy and security policy settings as well as notes.ini file settings to complete the full implementation of HCL iNotes.
Configuring Web servers
This section describes how to set up the HCL Domino® Web server, and the Domino Web Navigator.
Setting up a cluster
Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.
This section describes security features, including execution control lists, IDs, and SSL.
Overview of Domino security
Setting up security for your organization is a critical task. Your security infrastructure is critical for protecting your organization's IT resources and assets. As an administrator, you need to give careful consideration to your organization's security requirements before you set up any servers or users. Up-front planning pays off later in minimizing the risks of compromised security.
Server access for Notes® users, Internet users, and Domino® servers
To control user and server access to other servers, Domino® uses the settings you specify on the Security tab in the Server document as well as the rules of validation and authentication. If a server validates and authenticates the Notes® user, Internet user, or server, and the settings in the Server document allow access, the user or server is allowed access to the server.
The database access control list
Every .NSF database has an access control list (ACL) that specifies the level of access that users and servers have to that database. Although the names of access levels are the same for users and servers, those assigned to users determine the tasks that they can perform in a database, while those assigned to servers determine what information within the database the servers can replicate. Only someone with Manager access can create or modify the ACL.
Domino® server and Notes® user IDs
Domino® uses ID files to identify users and to control access to servers. Every Domino server, Notes® certifier, and Notes user must have an ID.
The execution control list
You use an execution control list (ECL) to configure workstation data security. An ECL protects user workstations against active content from unknown or suspect sources, and can be configured to limit the action of any active content that does run on workstations.
Domino® server-based certification authority
You can set up a Domino® certifier that uses the CA process server task to manage and process certificate requests. The CA process runs as a process on Domino servers that are used to issue certificates. When you set up a Notes® or Internet certifier, you link it to the CA process on the server in order to take advantage of CA process activities. Only one instance of the CA process can run on a server; however, the process can be linked to multiple certifiers.
SSL security
Secure Sockets Layer (SSL) is a security protocol that provides communications privacy and authentication for Domino® server tasks that operate over TCP/IP.
SSL and S/MIME for clients
Clients can use a Domino® certificate authority (CA) application or a third-party CA to obtain certificates for secure SSL and S/MIME communication.
Encryption protects data from unauthorized access.
Name-and-password authentication for Internet/intranet clients
Name-and-password authentication, also known as basic password authentication, uses a basic challenge/response protocol to ask users for their names and passwords and then verifies the accuracy of the passwords by checking them against a secure hash of the password stored in Person documents in the Domino® Directory.
Multi-server session-based authentication (single sign-on)
Multi-server session-based authentication, also known as single sign-on (SSO), allows Web users to log in once to a Domino® or WebSphere® server, and then access any other Domino or WebSphere servers in the same DNS domain that are enabled for single sign-on (SSO) without having to log in again.
Using Security Assertion Markup Language (SAML) to configure federated-identity authentication
Federated identity is a means of achieving single sign-on, providing user convenience and helping to reduce administrative cost. In Domino® and Notes®, federated identity for user authentication uses the Security Assertion Markup Language (SAML) standard from OASIS.
Using a credential store to share credentials
In this release, the on-premises Domino® server can use a credential store application (credstore.nsf). The credential store is a secure repository for document encryption keys and other tokens necessary for Notes® client users to grant access to applications that use the OAuth (open authorization) protocol. OAuth allows user credentials to be shared with compliant applications so that users avoid extra password prompts.
This documentation provides information about the administration tools for managing and monitoring servers and databases.
Administration tools
Topics in this section describe the tools you can use to administer a Domino® server.
This section describes how to use the tools and features that help you monitor a Domino® system.
Managing servers
Manage Domino® servers by performing any of these tasks.
Managing databases
Topics in this section describe how to set up and manage Domino® databases.
Use this information to improve HCL Domino® server, Domino Web server, and messaging performance through the use of resource balancing and activity trends, Server.Load commands, advanced database properties, cluster statistics, and the Server Health Monitor.
Resource balancing and activity trends
Domino® server resource utilization can be separated into two types, system activity and user activity. System activity, which includes the level of processor, disk, memory, and network consumption that Domino generates to keep the server running, is a fixed amount of activity, as long as systems are healthy and performing smoothly. Domino servers typically use a modest percentage of their resources to run. The remaining server capacity is used to support user activity, which varies with the usefulness of the data on the server.
The Server.Load tool
Server.Load is a capacity-planning tool that you use to run tests, also called "scripts" and "workloads," against a targeted Domino® server to measure server capacity and response metrics.
Tuning Domain Indexer performance
Each time the Domain Indexer task runs, it looks in the Domain Catalog for new databases that have the Include in multi database indexing property enabled. It then looks for documents and files in existing databases and file systems that are new or changed since the last time it ran, and adds them to the Domain Index.
Improving Domino® server performance
Read the following topics for help on improving basic Domino® server performance and capacity, as well as the performance of these features: Agent Manager, databases and the Domino directory, the directory catalog, LDAP searches, mail, Web server, and UNIX™ server.
Improving Web server performance
After you set up the Domino® Web server and make sure that it runs properly, check the server's performance and response time.
Improving mail performance
Domino® includes features that improve efficiency in specific environments, but these features may not be switched on by default.
Setting advanced database properties
Advanced database properties include performance optimization and compression features, as well as ways to manage usability features such as unread marks and soft deletions.
Understanding cluster statistics
Three categories of Domino® cluster statistics help you analyze clusters
Improving the performance of the Server Health Monitor
If the Domino® Administration client workstation performs at 100 percent CPU utilization for a long period of time, the Server Health Monitor discards server statistic data to keep up with the workload.
This section describes how to find and solve problems with HCL Domino® server and Administrator client.
Troubleshooting a problem
Troubleshooting is a systematic approach to solving a problem. The goal of troubleshooting is to determine why something does not work as expected and how to resolve the problem.