IBM Lotus Notes Traveler

June 9, 2011

Jan Kenney - Product Manager, Lotus

Notes Traveler & Lotus Mobile Connect
2011 IBM Corporation

Agenda
Mobile Landscape and Trends Lotus Mobile Strategy Lotus Notes Traveler

Timeline What's New Security Best Practices Reference Links

Q&A

2011 IBM Corporation

Mobile Landscape and Trends

Consumer mobile usage is driving enterprise expectations

Social networking

Instant messaging

Email

200m+ users accessing Facebook through mobile devices 40% of all Facebook users Mobile usage 2x in 2010 People that use Facebook on their mobile devices are twice as active on Facebook than non-mobile users

Access internet

Send photo/video 0 10 20 30 40 50 60 70 80 90
Percent

All adults

Ages 18-29

Source: Pew Internet, July 2010

http://www.pewinternet.org/Reports/2010/Mobile-Access-2010/Summary-of-Findings.aspx
2011 IBM Corporation

Enterprise mobile use cases are evolving

In the past
Only a few devices supported Communication focused devices Phone, mail, calendar contacts, chat, SMS Enterprise owned & controlled devices

Today and tomorrow

Many device platforms & form factors (Smartphones, tablets, etc) Social and collaboration focused devices Social collaboration, meetings, VoIP, video Bring your own device but enterprise controls management & security policies

2011 IBM Corporation

Agenda
Mobile Landscape and Trends Lotus Mobile Strategy Lotus Notes Traveler What's New Timeline Security Best Practices Reference Links Q&A

2011 IBM Corporation

Lotus Mobile Strategy

Enabling users to participate in social business on the move
A comprehensive solution for social business delivered as first-class mobile platform experiences Made available on leading devices through the device platforms' associated distribution channel Supported by application development tools to help partners and customers reach their mobile user base by mobilize their information and applications Complete with enterprise governance capabilities that are easily managed on premises, hosted, or in the cloud

2011 IBM Corporation

Agenda
Mobile Landscape and Trends Lotus Mobile Strategy Lotus Notes Traveler

Timeline What's New Security Best Practices Reference Links

Q&A

2011 IBM Corporation

IBM Lotus Domino has a rich client ecosystem

Email, PIM, and more...

Integrated collaboration on multiple devices, any network Offline / Online capabilities Clients managed centrally, easier administration Multi-OS support Out of the box features, cost effective and innovative Integrates with existing systems and applications
IBM Lotus iNotes IBM Lotus iNotes IBM Lotus Notes

IBM Lotus Notes Traveler

2011 IBM Corporation

What is Lotus Notes Traveler?

Automatic wireless delivery of Lotus Domino Email and PIM Data Device security settings 2-way synchronization Over the air client or profile installation Uses native device applications for best integration (except Android) Works over all wired / wireless connections (CDMA, GPRS, GSM, WiFi, etc.) Administration support for device security policies and remote wipe

2011 IBM Corporation

Server Requirements

Operating System

Windows Server 2003 Standard/Enterprise/R2 (32 and 64 bit) Windows Server 2008 Standard/Enterprise (32 and 64 bit) Windows Server 2008 Standard/Enterprise R2 (64 bit) Red Hat Enterprise Linux (RHEL) 5 Server (32 and 64 bit) SUSE Linux Enterprise Server (SLES) 10.2 (32 and 64 bit) SUSE Linux Enterprise Server (SLES) 11 (32 and 64 bit)

Requires Domino 8.5.2 Server, Enterprise or Messaging configurations

Runs in 32-bit or 64-bit mode on Domino server for Windows Linux Domino server is 32-bit only, so Traveler only runs in 32-bit mode on Linux

Remote mail database support

Domino 7.0.2 servers or above Remote mail OS can be anything that Domino supports

Mail file templates

Standard and iNotes version 6.5 and above

10

2011 IBM Corporation

Device Requirements

Android 2.0.1 or greater devices, phone & tablets (incl.3.0) Apple Devices and Operating Systems

iPhone, iPhone 3G, iPhone 3GS, iPhone 4 iPad iPod Touch Apple OS 3.x Apple iOS 4.x

Nokia Devices

Nokia Series 60 3rd edition, including feature pack 1 and 2 Nokia Series 60 5th edition Nokia manufactured phones are only versions supported

W indows Mobile Devices

Windows Mobile 6.0, Standard, Professional and Classic versions Windows Mobile 6.1, Standard, Professional and Classic versions Windows Mobile 6.5, Standard, Professional versions Note that Lotus Notes Traveler version 8.5.2 does not run on Windows Mobile 5 devices

11

2011 IBM Corporation

Lotus Notes Traveler Email on the iPad

Bullet 1

12

2011 IBM Corporation

Lotus Notes Traveler Email, Calendar, Contacts

Bullet 1

Symbian^3 coming soon

13

2011 IBM Corporation

Recent Traveler Releases at a glance

Lotus Notes Traveler 8.5.2 - Aug 2010

Security, Device managment, Full calendar support (iOS), Linux server

8.5.2.1 Dec 2010

adds Android 2.0.1+ support

Ability to specify & enforce Domino security settings on Android

8.5.2.2 March 2011

adds Android 3.0 (Xoom) support & battery efficiencies

http://www.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_APAR_listing

Enhancement/Fix List:

coming soon !! 8.5.2.3 June 2011 adds iOS partial (Traveler only) wipe

Enhancement/Fix List:

http://www.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_APAR_listing

8.5.3 beta in progress adds cross-platform enhancements

IOS, Android & Nokia enhancements, Group Lookup and more... coming soon....

14

2011 IBM Corporation

Lotus Notes Traveler Value Statement

beyond mail/calendar/contact 2-way sync (push)

A one vendor solution!

Integrated with Domino; Domino domain expertise and support Alignment with Notes/Domino development; insight into future direction & plans a no-cost mobile option for licensed Domino servers For corporate or employee owned phones

Preserve & extend Domino investment;

No requirement for 'Enterprise' level data plan

Security - 8.5.2 capabilities leverage familiar Domino admin tools:

Set & enforce security rules, based on company policy Password length/strength/age Options to block unencrypted devices and camera usage Remote wipe (admin & self) per request and upon specified # of failed attempts end-to-end security via several supported network topologies

Device management
Automatic device updates Multiple device per user support Centralized view of connected users/devices & their status; Admins allow/deny access by policy Ease of configuration and deployment *Killer App* for IT shops !!

Disaster Recovery Leverages mature Domino DR capabilities Serviceability - Problem reporting utility and intuitive log viewer/management tools Enhancements delivered frequently through .x (point) releases LotusLive - Common mobile solution for on-premise or LotusLive Notes cloud service, or a hybrid

15

2011 IBM Corporation

Lotus Notes Traveler 8.5.2.2 for

Android/Apple/Nokia/Windows Mobile shipped:

10 March, 2011 !

16

2011 IBM Corporation

Enhancements in 8.5.2 and beyond

Lotus Mobile Installer - Automatic upgrade notification Linux server support RHEL 5, SuSE 10/11 Meeting Invitations on iOS (create and accept) Corporate Name Lookup Scheduled Synchronization - sync during peak/off peak hours Data Roaming detection suspends sync; saves data costs & battery Support for W indows Mobile 6.5 Self service wipe!

17

2011 IBM Corporation

Enhancements in 8.5.2 and beyond - continued

Ability to specify/enforce Domino security settings on iOS and Android

Device password (Android!) Prohibit ascending, descending and repeating sequences Require alphanumeric value (Android) Minimum password length (Android) Minimum number of complex characters Password expiration period Password history count Auto lock period (maximum) (Android) Wrong passwords before wiping device (Android) Prohibit camera Prohibit unencrypted devices Prohibit devices incapable of security enablement (Android)

18

2011 IBM Corporation

8.5.3 Beta What's New!! (planned for 3Q)

iOS partial (Traveler only) wipe Android Enhanced Installation Android Home Page Widgets for mail and calendar Android Calendar Invite creation, quick switch days/weeks, week view hints Android Tap-to-dial for calendar entries Android Mail enhancements Copy/paste from clipboard Added a Send button to the compose email form Android multi-line signature Added Android OS 3.0 Support Group name lookup Domino Mail-in db returned with Name Lookup Select which applications are allowed to sync for Apple devices Reply and Forward indicators from Apple devices Device approval Symbian^3 support
19
2011 IBM Corporation

Android improved installation

Single application (no separate Lotus Installer that was previously used) First time installing version 8.5.3, old Lotus Installer application will be removed if found Features from Lotus Installer such as automatic client update integrated into Lotus Traveler application If installing via built in Android browser, installation panels now pre-fill server name and user id Works with most browsers that use Android browser history features

2011 IBM Corporation

20

Android improved installation (2)

Lotus Traveler application now includes new options in the tools menu
Check for updated software Uninstall application

2011 IBM Corporation

21

Android Chair side meeting support

Now supports chair side meeting actions Meeting owner can now do the following from the device
Create meetings with attendees Reschedule meetings Modify meetings Cancel meetings

2011 IBM Corporation

22

Android Tap to dial for calendar

Phone numbers included in a calendar entry are now hot spots that when clicked will dial the number. Number can be included in fields:
Subject Location Description

Supports conference dialing

P and , (comma) characters interpreted as a pause '#' to enter the conference code ';' or 'x' to prompt user before sending codes
2011 IBM Corporation

23

Android Calendar improvements

W eek view now displays text (as much as display will allow) Performance improvements when navigating (swiping) between days Performance improvements when scrolling large calendars Revised menu experience for Android 3.x tablets

2011 IBM Corporation

24

Android Mail Widgets

Lotus Traveler mail widget now available to add to Android home screens Comes in large (3x3) and small (4x1) formats OS 3 tablet widget includes smooth scrolling feature Click mail icon to launch the mail application Open individual mail items Compose message by clicking '+' symbol
2011 IBM Corporation

25

Android Calendar Widgets

Lotus Traveler calendar widget now available to add to Android home screens Comes in large (3x3) and small (4x1) formats OS 3 tablet widget includes smooth scrolling feature Click calendar icon to launch the calendar application Open individual calendar items Create new calendar entries by clicking '+' symbol

2011 IBM Corporation

26

Android Type-ahead Lookup

Server lookup done automatically when composing a new mail or searching for a contact using the Lotus Lookup application Lookup results now display contact photo if available in local contacts Results display person, group or mailin database silhouette if results contain different types

2011 IBM Corporation

27

Android Select text

Use 'Select Text' menu option to copy text from mail or calendar documents Long press inside another document or application and select 'Paste
2011 IBM Corporation

28

Android Multi-line signature

Multi line mail signatures now possible on Android devices Lotus Traveler->Settings>Applications Signature added to all new mail messages composed on device

2011 IBM Corporation

29

Nokia Symbian^3 Support

Symbian^3 devices now supported New SIS installation package created for S3 devices Device support includes (but not limited to)
Nokia E7 Nokia C7 Nokia C6-01 Nokia N8

2011 IBM Corporation

30

Nokia Encrypted device policy

Only supported for Nokia Symbian^3 devices Requires Nokia Symbian Anna level firmware release Server policy can be defined to require that only encrypted Nokia devices are allowed to connect
Prohibit unencrypted devices

Device user must encrypt phone and mass storage using Nokia supplied utility
2011 IBM Corporation

31

Apple iOS Data only wipe

Remote wipe option now available for Apple devices to remove only Lotus Traveler data
Contacts Calendar Email

Command available via self-service Traveler home page or administrator database

2011 IBM Corporation

32

Apple iOS Data only wipe (2)

Data is removed from device, but profile or account settings remain As with all wipe operations, device cannot connect back to Traveler server until the administrator clears the wipe order Device user receives mail message on device indicating that wipe order was completed
2011 IBM Corporation

33

Server Device Approval Policy

If policy is enabled, administrator must explicitly approve end user device before it can access the Lotus Traveler service Set number of devices to allow before approval to zero if all devices must be pre-approved Optional address list can be used to notify administrator by mail when device approval is pending

2011 IBM Corporation

34

Server Device Approval Policy (2)

Lotus Traveler administration database keeps track of approval status Administrator uses Change Approval action to approve or deny Sort by Approval column

2011 IBM Corporation

35

Server Lock sync applications for Apple

Administrator policy set using Domino Lotus Traveler Settings Lotus Traveler server now enforces the Set value and prevent changes option for Apple devices Policy can turn mail, calendar or contacts off. Application still exists on device but will not receive or sync any data

2011 IBM Corporation

36

Server Mail Routing and Lookup

Mail routing configuration is no longer required on the Lotus Notes Traveler server Meeting notices are sent via the user's mail server's mailbox SMS messages (if configured) are sent via the user's mail server's mailbox

Meeting notices no longer appear to be sent by the Lotus Notes Traveler server Corporate lookup (aka Name Lookup) requests are executed against the user's mail server's directory Previously all requests executed against the Traveler servers directory Will be more consistent with a Notes client's lookup results Change back to the old behavior by setting NTS_TRAVELER_AS_LOOKUP_SERVER=true in notes.ini on Traveler server

Lookup results now include Group names and Mail-in databases

2011 IBM Corporation

37

Apple iOS Reply/Forward Indicators

Mail replied to or forwarded from the Apple device will now have the reply or forward indicator set in the server mail copy Cannot yet keep reply/ forward indicators in sync with device still a current restriction

2011 IBM Corporation

38

Agenda
Mobile Landscape and Trends Lotus Mobile Strategy Lotus Notes Traveler

Timeline What's New Security Best Practices Reference Links

Q&A

2011 IBM Corporation

40

2011 IBM Corporation

Footnotes for previous slide

1. Whole devices can be encrypted, and can be enabled and enforced with the security policies in 8.5.2+. iPhones that don't support hardware encryption can be blocked. The 3GS & 4G support hardware encryption, Original and 3G don't. Domino policies that admins can use to force the enablement of encryption and block unencrypted phones are: Prohibit unencrypted devices

Prohibit devices incapable of security enablement

2. Storage cards can be encrypted. Data in native PIM/email applications is not encrypted except for Domino encrypted mail. 3. Domino Policies that admins can use to manage passwords are: Device password Prohibit ascending, descending and repeating sequences Require alphanumeric value Minimum password length Minimum number of complex characters Password expiration period Password history count Auto lock period (maximum) Wrong passwords before wiping device Dynamic policy changes (admin changes are automatically synchronized to the device without requiring user interaction)

41

2011 IBM Corporation

On-device encryption

iOS - Except for early models (original and 3G) the iPhone/iPads are password protected
at the device level and, by definition, data is encrypted. The level of encryption is controlled by Apple and is described here: http://www.apple.com/iphone/business/ integration/
Device policies, restrictions and strong encryption methods on iPhone provide a layered approach to keeping your information secure. iPhone uses AES 256-bit hardware encryption to protect all data at rest. To further secure mail messages and attachments iPhone uses Data Protection which leverages the unique device passcode to generate the encryption key. And, in the event of a lost or stolen iPhone, all data and settings can be cleared by issuing a remote wipe command from Exchange or a Mobile Device Management server.

Android - Mail, calendar, attachments, are fully under Traveler control and are all AES
256 encrypted. Contacts application comes with the OS and is outside of Traveler and therefore not encrypted by Traveler.

Nokia/Symbian - Storage cards can be encrypted. Mail/PIM data is not encrypted

except for Domino encrypted email, but certain Symbian device models (E5, E52, E55, E72) support encryption, though not enforce-able by Traveler.

Windows Mobile - Storage cards can be encrypted. Mail/PIM data is not encrypted
except for Domino encrypted email.

42

2011 IBM Corporation

Traveler Companion for iPhone/iPad

Companion App for iPhone/iPad; Read/compose Domino encrypted mail Free download available from Apple iTunes Apps Store Coming soon password caching (enter password once per session)

43

2011 IBM Corporation

Android Device security capabilities

Traveler Mail and Calendar data encrypted (on phone storage or sdcard) Wipe and Password policies primarily based on Android 2.2 security capabilities: Device wipe to factory settings, sdcard wipe, Traveler data only wipe

Alphanumeric device level password enforcement

Android 2.1 and older not capable of device or sdcard wipe, or device level password enforcement Setting in the Traveler server security policy can control if these devices are allowed to connect to the Traveler server

44

2011 IBM Corporation

Security Planning and Capabilities

Remote Wipe

Several wipe options available for Android/WM/ Nokia, Apple supports hard reset Hard reset device action removes all data and applications on device Wipe commands are delivered over TCP and SMS push channels (no SMS support on iPhone) Wipe order remains in effect on the server until cancelled

Admin can pullback request if caught before command activation.

45

2011 IBM Corporation

Default Settings and Security Profiles

LotusTraveler.nsf Default Settings view Alternative to Domino Traveler Settings in policies

46

2011 IBM Corporation

Filtered access -Restrict access by device category

Examples:

"Apple" - all Apple devices are allowed to sync, but no other devices. "(IBM SyncML Client)|(Lotus Traveler WM)" - All Windows Mobile devices (old and new) are allowed to sync, but no other devices. "(Nokia SyncML HTTP Client)|(Lotus Traveler Nokia)" - All Nokia devices (old and new) are allowed to sync, but no other devices. "Lotus Traveler * 8.5.2" - Only 8.5.2 Windows Mobile and Nokia clients are allowed to sync, but not Apple devices. "(Apple)|(Lotus Traveler WM)" - Only Apple and 8.5.2 Windows Mobile clients are allowed to sync, but not Nokia devices. "Apple-iPhone/7" - only Apple iPhones (not iPods or iPads) using OS 3 are allowed to sync (Windows Mobile and Nokia devices are not allowed either). "Lotus Traveler Android" - Only Android devices are allowed to sync.

More information - http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Restricting_access_by_device_category_LNT8521

47

2011 IBM Corporation

Network topologies

Three network topology options to consider..... Direct connect Reverse Proxy VPN Configuration

48

2011 IBM Corporation

Direct Connect
SMS Email Notification (optional for Android/WM/Nokia only)

Push Request (SSL/443) Periodic poll for DB changes Notes RPC (TCP/1352)

Android,Nokia & Windows Mobile

App needs to sync Sync Request (SSL/ 443) Data access Notes RPC (TCP/ 1352) Lotus Domino 8.5.2 with Lotus Notes Traveler 8.5.2.x service DMZ Intranet Domain (trusted)

Apple devices

Lotus Domino mail servers (7.0.2 +)

Internet Domain (untrusted)

Understanding data flow using Lotus Notes Traveler in the DMZ

49
2011 IBM Corporation

Reverse Proxy

Reverse Proxy Configuration

50

2011 IBM Corporation

VPN Configuration

Virtual Private Network

51

2011 IBM Corporation

Things to know

AT&T *Fix* for installing Traveler on AT&T Android 2.2 devices Rollout May 16-23rd on select devices Guidelines for configuration/Infrastructure
See doc on planning your environment -http://w w w -10.lotus.com /ldd/dom inow iki.nsf/dx/Planning_your_netw ork_topology_LNT8521

Capacity planning

- See 8.5.2 performance report --- http://www.ibm.com/developerworks/lotus/library/notes852-trav-perf/index.html - See capacity planning doc -- http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Server_capacity_planning_LNT8521 - Capacity is based on workload which can vary incredibly between deployments. Look at things like CPU, memory, etc. For initial planning purposes ~ 2K per server is an upper end ballpark

Memory and thread sizing confusion with some users (e.g. some Traveler servers still
have 100 HTTP active threads when they might really need 300) - See configuring a Traveler server -- http://w w w -10.lotus.com /ldd/dom inow iki.nsf/dx/Configuring_Lotus_Notes_Traveler_server_LNT8521
- MUST READ - Tuning section of the doc - http://w w w -10.lotus.com /ldd/dom inow iki.nsf/dx/
Tuning_perform ance_of_the_se rver_LNT8521

- Traveler Health check command - "tell traveler status" tells you if your HTTP threads are too low or if you are using more devices than you have threads allocated.

52

2011 IBM Corporation

Server Best Practices

Install Lotus Traveler on Windows 64-bit server

Access to > 2GB virtual memory is critical in larger mobile user populations (> 300) Virtual memory is shared across all Domino processes and can exceed 2GB Reduce memory overhead with notes.ini setting NTS_BUFFER_POOL_SIZE_MB=256

Avoid running multiple applications on the Lotus Traveler server

Some applications make server changes which are not compatible with Lotus Traveler (e.g. Disabling HTTP JVM)

53

2011 IBM Corporation

Reference links

Lotus Notes Traveler Product Page

http://www.ibm.com/software/lotus/products/notes/traveler.html

Lotus Notes Traveler Support site

https://www-304.ibm.com/support/docview.wss?uid=swg24019529

Lotus Notes Traveler Wiki (8.5.2 and beyond)

http://www-10.lotus.com/ldd/dominowiki.nsf/xpViewCategories.xsp?lookupName=Lotus%20Notes%20Traveler%208.5.2% 20Documentation

Restricting access by device category

http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Restricting_access_by_device_category_LNT8521

Greenhouse (to test-drive Lotus Notes Traveler!)

http://greenhouse.lotus.com

Companion App on iTunes

http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=346633404&mt=8

Lotus Notes Traveler 8.5.2 Performance report

http://www.ibm.com/developerworks/lotus/library/notes852-trav-perf/index.html

Nomination form for 8.5.3 beta program !

https://www-304.ibm.com/software/earlyprograms/surveys/cust/nomination.wss?id=1163

54

2011 IBM Corporation

THANK YOU!!

2011 IBM Corporation