Enterprise Groupware with IBM (Lotus) Domino



Deem can establish integration at the enterprise level with IBM (Lotus) Domino – versions R8.5.x and R9.0.x. Choose Lotus Notes Integration Service as the server type (for Domino Bridge) in the Partner Dashboard.

Users access Domino through their Lotus Notes client app. This integration method offers only calendar updates; integration with contacts or address books is not supported.

Lotus Notes integration requires deploying a small web application that accepts secure SOAP requests (over SSL) and translates these into calendar events. The web application uses a minimal-access delegate account to connect over DIIOP to your Domino server and create calendar entries on behalf of users. Additionally, each message is authenticated with a dedicated service account. Account credentials are never sent with the message. Rather, a keyed-Hash Message Authentication Code (HMAC) is used, along with time-stamp based message replay protection. This combination of techniques creates a message exchange pattern that is extremely secure. The web application also uses the same technique to modify or delete calendar entries that it had created.

The integration uses a minimal permissions delegate account to perform groupware operations. The delegate account password is stored with the web service on your infrastructure, and is encrypted using AES 128-bit encryption. Deem uses a service password you select to communicate with the web service. No delegate credentials are stored within the Deem system.

Deem uses a minimal permissions delegate account when performing groupware operations. This account only has permissions to create, update, and delete Deem-related calendar entries. This ensures that the user’s credentials are not required and never exposed. The delegate requires minimally invasive “Author Access” to user calendars. This allows for create, edit, and delete permissions only for calendar items that are authored by the delegate, not for other items. In addition, the delegate gets the least invasive setting, “No Access” with read-write access only to public documents. The delegate account can't update any user credentials.

For instructions on setting up Lotus Notes integration, see Lotus Notes Setup.

Frequently Asked Questions (FAQs)

Does the web app need to be installed on our Domino server?

The web application does not need to be installed on the Domino server. However it needs to be installed in a location that can talk to the server where the delegate user resides. That Domino server must also have DIIOP enabled.

We have multiple Domino mail servers. How do you manage the update of a user's calendar who is located on a mail server other than the specified mail server in the configuration of the web server?

The WAR file is deployed to talk to the server that has DIIOP enabled. From there, this "Gateway Server" has the directory containing all users and the server the reside. When the Deem service makes a calendar entry request, our request via DIIOP first looks up the user against the Domino directory based on Groupware ID that we have (typically the email address). The Domino directory knows on which server the user is and from that point on, native Domino calls route the calendar entry to the appropriate server.

If a calendar event fails to write to a user's calendar, is there a retry mechanism present?

A mechanism is in place that makes three additional attempts to write to the user's calendar. If there is a failure, the system calculates the delay between the moment of failure and the start time for the event. If this delay is greater than 36 hours, a retry is scheduled for 24 hours after the moment of failure. If the delay is less than or equal to 36 hours, the retry is scheduled for half of the difference between the moment of failure and the start time for the event, up to a maximum of 18 hours after the moment of failure. If the retry fails, the system calculates the delay between the moment of the retry failure and the start time for the event, and uses the same algorithm to schedule another retry. If the second retry fails, the system uses the same calculation and algorithm to schedule a third retry. Each actual retry occurs soon after the schedule for the retry. 

What application servers does the Web Application work on?

The Lotus Integration web application will work with any J2EE compliant Application Server such as Tomcat, Websphere and Weblogic. We recommend that you use Tomcat Version 6.x.