Scanning the Internet for External Cloud Exposures via SSL Certs
Intro to XPages for Administrators (DanNotes, November 28, 2012)
1. Introduction to
XPages for administrators
PHL-Consult.dk
info@PHL-Consult.dk
Per Henrik Lausten
November 28, 2012 per.lausten.dk/blog/
twitter.com/perlausten
2. About Per Henrik Lausten
●
Full-time developer and part-time administrator with my
own one-man company
●
Chairman of NotesNet – an assocation of 25 independent
consultants
●
Member of the board at OpenNTF – open source for IBM
Notes/Domino and IBM Connections
●
Member of the board at DanNotes
●
Mentor for XPages developers in several companies
●
Experienced XPages web application developer
●
startdithjerte.dk
●
mediaplus.dk
●
cbbpremiumpro.dk
●
collaborationtoday.info
●
sherlockapp.dk
●
and more
3. Agenda
●
Warning!
●
What is XPages?
●
“You”
●
Maximizing performance
●
Application development
●
RESTful web services
●
Configuration and administration
●
Security
●
Troubleshooting and monitoring
●
Impress your developers and users
●
Homework
4. Questions
How many of you run web servers?
How many of you run XPages web apps?
5. Warning!
●
It's the Wild Wild Web (WWW)
●
so normal rules do not apply!
●
The structure and predictability of the Notes client is gone
●
The web is different than the Notes client
●
But don't worry! you can blame your developers - and
Internet Explorer
6. What is XPages?
●
Web development platform based on JavaServer Faces (JSF) 1.2
●
Uses HTML, CSS, server-side Javascript, client-side Javascript, Java,
Dojo Javascript framework
●
Runs on IBM Domino 8.5+ and IBM XWork Server 8.5+
●
Can use 3rd party (commercial and open source) frameworks such as:
●
UI: Blueprint, Twitter bootstrap, etc.
●
Mobile UI: jQuery Mobile, Dojo Mobile, Sencha Touch, etc.
●
Java: Google Guava, iText, JDBC connectors, etc.
●
Uses the Notes/Domino NSF for data storage (NoSQL)
●
Can easily extend and modernize existing Notes applications
●
It's the future!
9. “You”
●
Your job as administrator is very important:
●
You help developers
●
You help users
●
You manage the servers
●
In other words: you are involved in the complete
application lifecycle
●
Your developers' job: build the system
10. Maximizing performance
●
Hardware and OS level
●
Add lots of RAM
●
64-bit OS and 64-bit IBM Domino/IBM XWork Server (only 32-bit on Linux
available)
●
SSD for the Domino program files
●
Adjust Java heap size: HTTPJVMMaxHeapSize=512M (appr. 25% of available
memory). Default can be very low!
●
XPages server-wide performance settings via data/properties/xsp.properties
●
Persistence mode (xsp.persistence.mode):
– Keep pages in memory (best performance)
– Keep pages on disk (best scalability)
– Keep only the current page in memory (scales and performs well)
Default on 8.5.2+
●
Compression mode (xsp.compress.mode): gzip
●
Aggregate resources (xsp.resources.aggregate): true
11. Maximizing performance (continued)
●
Use Single Copy XPage Design: improve performance for apps using the same template
●
Caching of application data
●
DbLookup and DbColumn with cache:
http://openntf.org/s/dblookup-dbcolumn-with-cache-sort-and-unique
(to reduce hits at the "backend" database). Consider modifying it to use applicationScope
for some lookups
●
Scoped beans (cached application logic and data)
●
Caching of resources such as CSS, client-side JS and images (to reduce number of requests
from browser to server)
●
Application Properties caching of JS, CSS, images and files (defaults to no caching, and is
set in each database)
●
Internet Site rules (you do use Internet sites in your Domino Directory, right?)
●
HTTP response headers, incoming URL pattern such as *.jpg, add Expires header
●
XPages Resource Servlet (xsp.expires.global, default 10 days): used for /.ibmxspres
resources such as compressed CSS and compressed JS
12. Maximizing performance (continued)
●
Pre-load certain XPages applications to improve startup times
●
XPagesPreload=1 in notes.ini
●
XpagesPreloadDB=servername!!
path/mydb.nsf/myxpage.xsp,servername!!path/anotherdb.nsf
●
Test application using the Yahoo YSlow analyzer (tests 23 of the 34 rules
from the Yahoo Web Performance Best Practices and Rules document).
http://developer.yahoo.com/yslow/
13. Demo of compression and aggregation
●
First load: appr. 300 KB
●
Following requests: appr. 3 KB
●
http://sherlockapp.dk
15. Application development (continued)
●
IBM Upgrade Pack 1 vs. the OpenNTF Extension Library
●
Benefits of UP1 and Ext. Lib
●
Installation
●
Installing UP1 on 8.5.3 (OS installer)
●
Installing Extension Library on 8.5.2
(manually or via the Plugins Deployment for Domino
project on OpenNTF)
●
Installing Extension Library on 8.5.3 (using an Update
Site database to deploy it as OSGi plugins)
16. Development (continued)
●
Domino releases and fix packs improve XPages a lot! So
use Domino 8.5.3 FP3 (latest as of November 2012)
●
Help your developers and users: turn of the intranet
setting that forces Internet Explorer to use IE6 Standards
Mode!
●
The Update Site method for OSGi installations can be
used to easily deploy Jar files, jQuery etc. that are going
to be used server wide
●
Source control: use an external service such as Github
and Bitbucket, or setup your own in-house server
17. RESTful web services
●
Domino Access Services (DAS): Provides a REST API that
represents Domino objects in JSON format
●
Provides easy access to backend data for e.g. mobile apps
and XPages apps that needs to create, read, update and
delete (CRUD)
●
How to install: http://www-
10.lotus.com/ldd/ddwiki.nsf/xpViewCategories.xsp?
lookupName=Domino%20Data%20Service
●
Must be enabled on server level (internet sites documents),
database level and view level
●
The DELETE HTTP method is disabled by default on internet
sites
18. RESTful web services (continued)
●
Examples of GET requests:
● GET http://server/api/data
Gets information about the databases on the server
● GET http://server/path/db.nsf/api/data/collections
Gets information about the views and folders in a database
● GET http://server/path/db.nsf/api/data/collections/name/viewname?
start=0&count=3
Gets information about entries in a view of a database
● GET http://server/path/db.nsf/api/data/documents/unid/<UNID>
Get a specific document
19. Questions
How many of you use Internet Sites in
your Domino Directory?
20. Configuration and administration
●
Domino Directory (names.nsf)
●
Use Internet Sites
●
Use substitution rules (friendly URLs)
●
Use Single Server or Multiple Servers (SSO) session
authentication
●
LTPA:
– set Expiration to a high number (example: 480
minutes) because LTPA sessions are not extended
even though the user is active
– Then use Idle Session Timeout and set it to a
(example: 60 minutes)
21. Configuration and administration (cont.)
●
Use Domino Web Server Configuration (domcfg) to set up Sign In, Change
Password and Error & Response mappings to have login, change
password and error/response forms with a corporate UI (?login and ?
changepassword commands)
●
Set HTTP_PWD_CHANGE_CACHE_HOURS=0 to remove caching of
old password
●
Use Auto Login to set up “remember me” functionality (from OpenNTF)
●
LTPA uses Lotus Multi-Byte Character Set (LMBCS) from IBM Lotus to
encode the LTPA tokens. You need to install the jar files icu4j-49_1.jar
and icu4j-charset-49_1.jar on the server in the jvmlibext folder. They
can be downloaded from http://site.icu-project.org/download
22. Configuration and administration (cont.)
●
Set up an error page for non-nsf resources:
HTTPMultiErrorPage=/error.html
●
It has to be a static HTML file. It can not be redirected to a NSF
●
Use the latest ODS (CREATE_R85_DATABASES=1)
●
Central control of lots of XPages properties via xsp.properties
●
On the IBM Domino and IBM XWork server in data/properties there is
a xsp.properties.sample file
●
XPages creates lots of temp files. You can move them to another drive
by using the xsp.persistence.dir.xspstate option in xsp.properties
●
example: xsp.persistence.dir.xspstate=e:xspstate
23. Security
●
XPages can use session, sessionAsSigner, and
sessionAsSignerWithFullAdminRights (!)
●
Access is controlled in the server document
●
Tell your developers: Use "Hide design element from:
Web browsers" for forms and views when moving an
internal Notes client app to the external web
24. Troubleshooting and monitoring
●
Add an error page with corporate UI to web applications
●
Use a central logging system such as OpenLog (from OpenNTF)
●
Inspect log files (log.nsf, console.log, xpages log files in
IBM_TECHNICAL_SUPPORT, etc)
●
Use XPages Log File Reader for easy access to log files (from
OpenNTF)
●
Use XPages Toolbox for profiling, monitoring and inspection of
XPages applications (from OpenNTF)
●
Use XPages Debug Toolbar for access to debug tools useful during
development (from OpenNTF)
●
Using Java: watch for memory leaks on the server
●
Use YourKit for profiling of JVM/memory issues
25. Impress your developers and users
●
Install XPages Extension Library (from OpenNTF) or Upgrade Pack 1 (from
IBM)
●
Use the XPages demo application (http://dev.openntf.org/) to see what
Extension Library and Upgrade Pack 1 offers
●
Install Auto Login to have “remember me” functionality (from OpenNTF)
●
Upgrade existing teamrooms and discussion databases to Teamroom XL
and Discussion XL (from Extension Library or Upgrade Pack 1)
26. Impress your developers and users (cont.)
●
Install XPages Log File Reader (from OpenNTF) and send your
developers a link
●
Tell your developers about XPages Debug Toolbar (from OpenNTF)
●
Tell your developers about the multipage messages phase listener
(by Mark Leusink: http://linqed.eu/?p=66)
●
Use a central OpenLog database
●
Load commonly used code elements such as Java JAR files as OSGi
modules