ilug 2010 - deploying plug-ins to the enterprise

Presenter: René Winkelmeyer Company: Partner Dialog

Deploying plug-ins to the enterprise

•  About me

•  About you

•  What’s to expect from this session

•  We are talking about plug-ins – and so we have to talk about widgets

•  Security, security, security

•  Deployment in Lotus Notes and Domino

•  Conclusion

Agenda

•  René Winkelmeyer

•  32 years

•  Married, two dogs, two cats

•  Consultant for Business Process Optimization and Domino Development at Partner Dialog Unternehmensberatung GmbH

•  IBM Business Partner

•  Using Notes/Domino since 10+ years

•  Member of IBMs Domino NEXT Design Partner program

About me

•  OpenNTF Contributor and Committer

•  Winner of the “IBM Best Open Source Award 2010”

•  Main developer of the well-known “File Navigator” plug-in

About me

•  About me

•  About you





•  Conclusion

Agenda

•  We’ll take a look how to deploy plug-ins to your enterprise.

•  For that I’ll show you what’s to consider when you setup plug-ins within your company.

•  And you’ll learn how to avoid some problems (maybe).

•  It will be a brief overview !

What’s to expect from this session

•  About me

•  About you





•  Conclusion

Agenda

•  Since the availability of plug-in provisioning within Lotus Notes there has always been a kind of knowledge gap for administrators (and developers).

•  The difference between plug-ins (and features) and widgets is still not clear to anybody.

•  If you talk about plug-in deployment – you talk about “widget deployment” (or so).

Talking about plug-ins and widgets

•  Plug-ins are java programs

•  Plug-ins are able to change the look and feel

•  Plug-ins are the core base of the Notes standard client

•  Plug-ins are the core base of Sametime

•  Plug-ins are, well, everywhere in the Lotus world now.

What are plug-ins?

What are plug-ins?

•  Features are the main mechanism for plug-in deployment.

•  That’s because plug-ins are always part of a feature

•  Features can contain multiple plug-ins

What are features?

•  Widgets are … let’s say “gadgets” for the Notes client.

•  You can use widgets for displaying several stuff in the Notes client sidebar

•  Notes views, forms, pages etc.

•  Google gadgets

•  Web sites

•  And you can use widgets to install plug-ins!

And what are widgets?

•  The “functionality” of a widget is described as an XML configuration.

•  You can export the XML through a right-click on the widget and send it via E-mail or publish it to a catalog.

•  Both ways assume that you allow your users to install widgets (and maybe plug-ins) by themselves!

What are widgets?

<?xml version="1.0" encoding="UTF-8"?> <webcontextConfiguration version="1.1"> <palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="" hideThumbnail="false" id="2016957732" imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false" title="File Navigator Feature" url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl=""> <data> <installManifest><![CDATA[<install> <installfeature id="org.openntf.filenavigator.feature" name="File Navigator Feature" version="1.0.4">

<requirements> <feature id="org.openntf.filenavigator.feature" version="1.0.4" match="perfect" /> </requirements>

</installfeature> </install> ]]></installManifest> </data> </palleteItem> </webcontextConfiguration>

Anatomy of the an extension.xml

<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl="">


Set this parameter to „true“ if you don‘t want that users will see the widget icon



The id is very important. It identifies the widget. If you change it, Notes will recognize a „new“ widget!



If you want a custom image in the widget sidebar you can set the url right here.



Setting this parameter to „true“ forces the Notes client to open the widget in the same Sidebar panel (not needed for plug-ins).



Just the title of the widget.



Here you define the source where to get the plug-in. That‘s the HTTP way…

<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url=“nrpc://domsrv1/C12574550014E1F0" viewImageUrl="">


…and that‘s the NRPC way.



If you like custom icons for your sidebar elements – here you can configure them.

<data> <installManifest><![CDATA[<install> <installfeature id="org.openntf.filenavigator.feature" name="File Navigator Feature" version="1.0.4">

<requirements> <feature id="org.openntf.filenavigator.feature" version="1.0.4"

match="perfect" /> </requirements>

</installfeature> </install> ]]></installManifest> </data>


That‘s where the features are set which should be installed.

<data> <installManifest><![CDATA[<install> <installfeature id="com.iscoord.isphone.addon.sametime.feature" name="is-phone" version="8.7.3">

<requirements> <feature id="com.iscoord.isphone.addon.sametime.feature" version="8.7.3" match="perfect" /> <feature id="com.iscoord.isphone.core.feature" version="8.7.3" match="perfect" /> <feature id="com.iscoord.isphone.notes.toolbar.feature" version="8.7.3" match="perfect" /> <feature id="com.iscoord.isphone.ui.swt.feature" version="8.7.3" match="perfect" /> </requirements> </installfeature></install>]]></installManifest> </data>


Here is a somewhat „bigger“ feature set.

•  About me

•  About you





•  The plug-in deployment tool (got still no name for it)

•  Conclusion

Agenda

•  Security is important – as always

•  Would your OS administrators allow your users to install any software by themselves?

•  So - why would you allow users to install plug-ins by themselves??!

•  The next steps will show you the security preparations for plug-in deployment. You just need to set them up once!

Security, security, security

•  It’s highly recommended that you only deploy signed plug-ins. Without that you won’t be able to deliver a real silent installation – and it is more secure!

•  Step 1: Create a keystore

%JAVA_HOME%\bin\keytool -genkey -dname "cn=signer, ou=ca, o=partner-dialog, c=DE“ -alias “codesigner" -keypass mypassword -keystore c:\yourfolder\keys -storepass secret -keyalg "RSA" -validity 360

Digitally sign your plug-ins

•  Step 2: Export your certificate

%JAVA_HOME%\bin\keytool -export -alias “codesigner" -file pdcacert.cer -keystore c:\yourfolder\keys -storepass secret


•  Step 3: Import the certificate into your Domino directory


•  Step 4: Create a cross-certificate

•  You need to open the internet certificate document!


•  Step 5: Deploy the certificate to your users with an Security policy setting


You can use this to deploy any kind of certificate from your Domino directory into the users local address book

•  Please configure the policy setting for signed plug-ins!

Setup plug-in policy settings

•  About me

•  About you





•  Conclusion

Agenda

•  Consider five steps for plug-in deployment

Deployment in Lotus Notes / Domino

Configure plug-in settings

Import the plug-in to your updatesite

Add the plug-in to your toolbox

Deploy the widget

Sign the features and plug-ins

•  Remember the security part?

•  We setup internet cross-certificates and deployed them to our users.

•  We set plug-in security to only allow the installation of signed plug-ins.

•  Now we need to sign the features and plug-ins (every single jar file).

%JAVA_HOME%\bin\jarsigner -verbose -keystore C:\myfolder\keys -storepass secret -keypass secret C:\dev\updatesite\features\org.openntf.filenavigator.feature_1.0.5.jar codesigner

Digitally sign your features and plug-ins

•  Please configure the policy setting for signed plug-ins!

Using the widget catalog

Make use of RUN_IN_BACKGROUND=true in org.eclipse.ui.workbench – that is nescessary for silent deployment


Remove means „Remove from the policy setting“ – it doesn‘t mean „Remove from the users workspace folder“

All those Eclipse settings are stored in <notesdata>\workspace\.metadata\.plugins\org.eclipse.core.runtime\.settings Content of org.openntf.filenavigator.prefs #Mon Sep 13 13:41:43 CEST 2010 org.openntf.filenavigator.activity.PreferencePageFavFolder=true pref_question_roots_refresh=true org.openntf.filenavigator.activity.PreferencePageRoots=true org.openntf.filenavigator.activity.PreferencePageShares=true pref_question_eml_open=systemdefault pref_initial_setup=true prefmgmt_allow_shares=true eclipse.preferences.version=1 pref_roots_active=\#C\:\\\#D\:\\\#E\:\\\#F\:\\\#P\:\\\#G\:\\\#I\:\\\#Z\:\\\#H\:\\ pref_unzip_files=true org.openntf.filenavigator.activity.PreferencePageMail=false


•  IBM has provided a database for plug-in deployment.

•  You’ll find it as an advanced template on your Domino server.

•  This database allows you to have a single storage for your features and plug-ins.

Import into the Updatesite

It‘s a Notes database – so think about setting the ACL properly.

Import into the Updatesite

Feature name Feature ID Feature version Views for different sortings

Import mechanisms You can‘t delete single documents!

•  IBM has provided a database for plug-in deployment.

•  You’ll find it as an advanced template on your Domino server.

•  This database allows you to have a single storage for widgets.


It‘s a Notes database – so think about setting the ACL properly.


All widgets are stored as Notes documents


You need to set a category for the deployment with policies

This nice button imports some of the extension.xml data into the document.

The widget catalog assumes, that you already have an extension.xml

The desktop policy setting

The client will look at this server

Define the categories which should be installed

Should your users be able to see the widget sidebar?

The desktop policy setting

•  At client start-up the client searches for the Widget catalog on the server.

•  It then replicates the local widget catalog (if it doesn’t exist a new one is created).

•  The client then searches in the local replica for changes.

•  Note: a periodical replication of 24h is automatically enabled

How does the client provisioning work

•  Just delete the corresponding document in the Widget catalog.

How do I uninstall a widget?

That will affect all users!

•  About me

•  About you





•  Conclusion

Agenda

•  Plug-ins are a very powerful – handle them with care!

•  IBM has provided a good set of tools to administrate and deploy plug-ins – use them!

•  You should always consider about security!

Conclusion

Thank you!

Thank you very much for attending my session !

René Winkelmeyer

Questions and – hopefully good – answers can now be placed !

ilug 2010 - deploying plug-ins to the enterprise

Technology

security security

widgets security

security deployment

security preparations

setup plugins

multiple plugins

lotus notes

notes standard client