Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Domino
Categories Administration
Created by Guest
Created on Aug 19, 2024

Change defaults for new Domino servers (and server upgrades)

HCL have been good on changing defaults in upgrades of Domino settings, particularly on TLS ciphers (and moving them from the notes.ini).

I think we should be generally moving towards the most secure option being the default (useless you specifically set it another way), also generally any "consensus" type of settings that are explictly set in many (well managed) sites should probably be default.

I don't see any reasonable reason why the default on any new server(and likely server upgrades - with an optional tickbox - do you want to apply new defaults to this server) build shouldn't be

-Go to the latest available ODS on new server registrations and server upgrades with possibly a prompt similar to the upgrade your domino directory design prompt on first start i.e. do you want to upgrades your ODS level y/n do you want to compact everything in the data directory to upgrade the ODS now warning if you have a large amount of data this may take some time y/n (and apply the ODS level via either server doc or configuration doc, rather than notes.ini)

-Turn on port encryption/compression

-Compare public keys

-Log public key mismatches

-Automatically Restart Server After Fault/Crash.

Most of these likely could be achieved without massive development effort and aggregated together I think you're defaulting to more secure, easier to setup servers.

There's probably more that make sense (transaction logs maybe, certmgr as a default task) the community should likely be engaged on same (and the option should be available to de-select any of these).

  • Attach files
  • Admin
    Thomas Hampel
    Reply
    |
    Aug 22, 2024

    Could not agree more.
    However, overwriting settings that customers (knowingly or not) have set, will cause problems. e.g. Public Key checking will reveal that the public keys stored in the NAB are out of sync and a cleanup action is required that potentially can take a long time.