SlideShare uma empresa Scribd logo

Audit your existing code in Domino - Collabsphere2022_v5.pdf

D
DominiquePerarnaud

Session Type: presentation Dominique Perarnaud Data101 Our customer asks us to audit his 15 years old applications, we build an application to answer to his questions. Customer needed a clear view on his applications, sum of 15 years of code. This session will deal with a real user case. We will show you how address it only using Lotuscript, No extra license fees from the existing tools that he already owns. We solve the following tasks: Security Audit mandate > clean the code (C: references, hard coding) Correct code after upgrading to v12.0.1 (where are the calls to specific Java JAR) Improve the code (Migration to Libre Office from Word.application OLE Calls) Cartography inheritance of design to detect bad practices Know the complexity of the applications Have an accurate and updated Audit for immediate request from management Integration with Teamstudio for updates (and may be Ytria + JIRA in the future) Search and find

Software
1 de 46
Baixar para ler offline
Audit your existing code in Domino (just with Lotuscript) Dominique Perarnaud – Data 101
3 • Introduction • The customer • The problem to solve > know your code, answer questions • Guidelines from our customer • How to do it • Next steps… • Questions. Agenda
Dominique Perarnaud • Citizen developer / Domino Administrator / In the Yellow bubble since 2001 • Partner at • . • French in the Basque country, North of Spain, for 20 years • I like to build things 2021-2022
Javier Sánchez Oliva javiersanchezoliva.com @javdev84 Domino/Notes Lead Developer
6 • We are Data 101, HCL Business Partner based in San Sebastian, Spain
Donostia / San Sebastian: The Bay and the fine food… 3rd industrial region of Spain Biggest concentration of 3* Michelin Restaurants in Europe
Audit your existing code in Domino (just with Lotuscript) Dominique Perarnaud – Data 101 8
THE CONTEXT Disclaimer: This is a “Work in Progress” application, we want to show the potential. Third party products are mentionned here, only to add value to the context of this real use case. In any moment, it is a promotion/ads of these tools. The Audit tool in itself could be used without them, but mentionning how it integrate them, add value to the Audit and to this presentation. 9
• City Council > all the data of the citizens must remain on-Premises • Mantra: “Our citizens are our customers” • Must respect the “Spanish National Framework for Security” (Real Decreto 311/2022) • Domino shop already using third party products The customer 10
• HCL Domino 12.0.1 FP1 • Installation based on separated Dev / Pre production / Production server • 1 unique server for development (mainly…) • Build Manager partially implemented for pushing changes to pre/production • All type of code: @formula, Lotuscript, Java, Web services, call to external API • Traditional Notes applications co-existing with pure Java applications/server Environment 11
THE PROBLEM TO SOLVE Blindness… but not only The “Why” 12
• Accurate and update overview of all database designs / server. • Document the database design. • Know dependencies between applications (getview/getdatabase) • Know use of generic Script Library components trought all applications • Know dependencies between applications for Web Services • Document funcionalities on a per database basis (complexity) • Answer questions when the developer may be gone… • Improve security ➢ This will allow to evaluate cost changes, make right decisions for maintenance. Functional requirements made by the customer 13
• No license fees. (context: IT Cost per user is rising steadily) • Low cost (only with Lotuscript) & homemade > Rapid Application Developement • UX : Easy to use and understand > Search the data and find • Deliver an accurate and updated Audit > Audit must always contains up-to-date information > Answering urgent requests from Management > Enabling IT for improving/cleaning/decommissioning Notes applications Practical Requirements made by the customer 14
• Know your code – relationship – dependencies between applications • Security Audit mandate > clean the code > C: references, misuses of tmp folder, hard coding • Detect Bad practices: cartography of inheritance of design elements > Orphans or not – Do not refresh tags • Maintenance & improvements > Migration from Word.application to LibreOffice, Identify / evaluate OLE Calls • Find niddles in my code: > Use case: “errors after v12.0.1 upgrade“ > Where are the calls to specific (deprecated) JAR in my server Solving specific problems 15
• Scheduled updated (only update design since last scan) • Integration with Teamstudio > continous updates for DBs on Build Manager • Trigger manual update (available with one button) • Update start from last point of failure of the scan if the process ended with error • Size should not be a problem Maintenance of the Audit 16
• We use the design from the v12 system database • We add some color specific columns • We think in usability first (one view = one answer) DESIGN: v12 UX > Simple (we are not designer) 17
DESIGN: v12 UX > Menu 18
DESIGN: v12 UX > Configuration document 19
DESIGN: v12 UX > Database document 20
HOW TO AUDIT THE CODE 21
• Maps all databases in server • Gather useful information • With customized views Dominique Perarnaud Where is the information ? 1.Catalog.nsf 2. WebServices.nsf • Maps all WebServices • Authorize ejecution, and gather database using it (Database path, Project owner) • Clear relation of dependencies: who can call who 22
Dominique Perarnaud Where is the information ? 3. Central dependencies DB Each Application DB store one “Configuration document” > Dependencies by configuration 6. Each application with his code 4. Build Manager: Who is automated ? 23 5. Script library Component DB
• First Part: Gather information from external database into “Central Audit database” • Database document from Catalog.nsf -> Audit Db • Doc Configuration from Dependencies DB -> Audit Db • Web Services Dependencies -> Audit Db • Build Manager -> Analysis + update -> Audit Db • Cartography of the central “Script Library Component” DB ressource-> Audit Db ➢ At this point, we have a clear view of dependencies between database, and which one is automated. ➢ No NTF Dbs, No System Dbs in the list DEMO Workflow of analysis 1/2 24
• Step 0: User enable/ diabled analysis on a per database basis Dominique Perarnaud Workflow of analysis 2/2 25
• Step 2: Agent extract all the code by design element in Audit Database (DXL) • Step 3: Agent parse the code to extract information • Like if Design elements use LS component • Step 4: Agent validate if Values from Configuration Document are used • Step 5: Agent validate use of Excel/Word, & other specific topics asked by customer Database offer dedicated views to answer some requests. Extra requests are solved by searching the full text index. Dominique Perarnaud Workflow of analysis 2/2 26
DEMO 27 At this point, we have confirmation about if : • Configuration document are accurate or contains false positive. • Consumer and Provider for Web Services are up-to-date • LS Component are correctly implemented • And a lot of precise informations….
WHEN THE CODE TALK Results 28
1. Hardcoded > bad practices like email, server names, usernames, databases names, old employees, Local Temp Folder 2. Dependencies on external interfaces like DLLs/pdf/Word, ODBC, Fax, Outdated third party applications 3. Inheritance - Do Not refresh 4. Dependencies between Dbs 5. Unused Script library 6. Unused values from Configuration document 7. Compliance with for Nomad web 29 Analysis and Results
1. Hardcoded > email, server names, usernames, databases names, old employees (DENY ACCESS GROUP) 30 Results Search Formula of the agent: NAB give us the emails : search and mark then accordingly
Dependencies on external interfaces DLLs (pdf Word), ODBC, Fax, Outdated third party applications 31 Results Search formula include specific keywords
Bad management of inheritance – Do not refresh tags 32 Results
Deployement to production 33 Results Agent identifies key field inside Build Manager and mark then accordingly
Dependencies between Dbs 34 Results Search by specific fields extracted from the DXL Search and mark then accordingly
35 Results
Unused values from Configuration document 36 Results Search Field name from the Config Document inside the design of all the design element of the same database
Unused Script libraries 37 Results Search Script Library name present in the DB, in all the design elements of the same database
DESIGN: v12 UX > Database document 38
HCL Nomad Web 39 Compliance of Nomad Web is just an agent away… https://help.hcltechsw.com/nomad/1.0_web/nomad_web_limitations.html •Following Java™-based applications are not supported: •JavaAgents •XPages (.xsp) •LotusScript 2 Java Bridge (LS2J – Uselsx “*javacon” ) •Web services design elements are not supported. •Dynamic client extensions via native code are not supported. This includes but is not limited to the following: •The DXJ name picker implemented for Windows via a DLL. •Some LotusScript and Formula commands associated are not supported. •In particular, commands associated with Object Linking & Embedding (OLE) are not supported. •The LotusScript LSXLC and LSXODBC extensions.
• Regular (and simple) Lotuscript has been used to search, and extract the data, Export DXL and then parse the code… • Most of the work consist in finding how to gather and organize the information in order to present it in an explicit way. • Update the Audit is also an important aspect (“<modified> <date>” ) About the Lotuscript used in this database 40
• Check the ACL of the user running the Audit, first. Must be Manager (LocalDomainAdmin) • Do not Audit if you have NO design change (already integrated) • Do not Audit mail template (complex, slow) • Do not Audit mail file • Do not Audit System database (useless) • Audit only NSF • Check what database needs more time to be audited -> complex design Some points of interest when running the tool 42
• Add black list “Do not audit” for Database • Visualize data with Graph (xPages?) • Extend with action in YTRIA Automation API Ytria tools can be launched from the agent to generate more data to add to the Audit. • Integrate with JIRA create ticket to ask improvement, linked with some document of this Audit • Update Audit after each automatic build process launch from Build Manager • Add Usage data / Active users /By database Possible improvements 43
• We want to know your opinion about our work • Missing features ? Ideas ? • Loophole you see that we missed ? • Would you buy a copy of that work ? At which price ? • Contact: info@data101.es ANSWER OUR QUESTIONS, ASK YOURS 44
dperarnaud@data101.es Dominique Perarnaud @dperarnaud www.dperarnaud.es www.data101.es 45 Questions ?
Thank you !! 46

Recomendados

Software Architecture and Architectors: useless VS valuable
Software Architecture and Architectors: useless VS valuableSoftware Architecture and Architectors: useless VS valuable
Software Architecture and Architectors: useless VS valuableComsysto Reply GmbH
 
Architectural Decisions: Smoothly and Consistently
Architectural Decisions: Smoothly and ConsistentlyArchitectural Decisions: Smoothly and Consistently
Architectural Decisions: Smoothly and ConsistentlyComsysto Reply GmbH
 
Architectural Decisions: Smoothly and Consistently
Architectural Decisions: Smoothly and ConsistentlyArchitectural Decisions: Smoothly and Consistently
Architectural Decisions: Smoothly and ConsistentlyComsysto Reply GmbH
 
Office Add ins community call-February 2019
Office Add ins community call-February 2019Office Add ins community call-February 2019
Office Add ins community call-February 2019Microsoft 365 Developer
 
Why retail companies can't afford database downtime
Why retail companies can't afford database downtimeWhy retail companies can't afford database downtime
Why retail companies can't afford database downtimeDBmaestro - Database DevOps
 
How Does the Denodo Platform Accelerate Your Time to Insights?
How Does the Denodo Platform Accelerate Your Time to Insights?How Does the Denodo Platform Accelerate Your Time to Insights?
How Does the Denodo Platform Accelerate Your Time to Insights?Denodo
 
Innovations in Sencha Tooling and Framework
Innovations in Sencha Tooling and FrameworkInnovations in Sencha Tooling and Framework
Innovations in Sencha Tooling and FrameworkSandeep Adwankar
 
Technical Without Code
Technical Without CodeTechnical Without Code
Technical Without CodeCaitlin Cassidy
 

Recomendados

Software Architecture and Architectors: useless VS valuable
Software Architecture and Architectors: useless VS valuableSoftware Architecture and Architectors: useless VS valuable
Software Architecture and Architectors: useless VS valuableComsysto Reply GmbH
 
Architectural Decisions: Smoothly and Consistently
Architectural Decisions: Smoothly and ConsistentlyArchitectural Decisions: Smoothly and Consistently
Architectural Decisions: Smoothly and ConsistentlyComsysto Reply GmbH
 
Architectural Decisions: Smoothly and Consistently
Architectural Decisions: Smoothly and ConsistentlyArchitectural Decisions: Smoothly and Consistently
Architectural Decisions: Smoothly and ConsistentlyComsysto Reply GmbH
 
Office Add ins community call-February 2019
Office Add ins community call-February 2019Office Add ins community call-February 2019
Office Add ins community call-February 2019Microsoft 365 Developer
 
Why retail companies can't afford database downtime
Why retail companies can't afford database downtimeWhy retail companies can't afford database downtime
Why retail companies can't afford database downtimeDBmaestro - Database DevOps
 
How Does the Denodo Platform Accelerate Your Time to Insights?
How Does the Denodo Platform Accelerate Your Time to Insights?How Does the Denodo Platform Accelerate Your Time to Insights?
How Does the Denodo Platform Accelerate Your Time to Insights?Denodo
 
Innovations in Sencha Tooling and Framework
Innovations in Sencha Tooling and FrameworkInnovations in Sencha Tooling and Framework
Innovations in Sencha Tooling and FrameworkSandeep Adwankar
 
Technical Without Code
Technical Without CodeTechnical Without Code
Technical Without CodeCaitlin Cassidy
 
Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"
Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"
Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"Emerasoft, solutions to collaborate
 
Bringing DevOps to the Database
Bringing DevOps to the DatabaseBringing DevOps to the Database
Bringing DevOps to the DatabaseMichaela Murray
 
Data harmony update 2021
Data harmony update 2021 Data harmony update 2021
Data harmony update 2021 Access Innovations, Inc.
 
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?Denodo
 
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)Masayuki Nii
 
Shaik Niyas Ahamed M Resume
Shaik Niyas Ahamed M ResumeShaik Niyas Ahamed M Resume
Shaik Niyas Ahamed M ResumeShaik Niyas Ahamed M
 
AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2Sean Braymen
 
AdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für AdministratorenAdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für AdministratorenChristoph Adler
 
How to overcome challenges in it system evolution
How to overcome challenges in it system evolutionHow to overcome challenges in it system evolution
How to overcome challenges in it system evolutionGrupa Unity
 
Database continuous integration, unit test and functional test
Database continuous integration, unit test and functional testDatabase continuous integration, unit test and functional test
Database continuous integration, unit test and functional testHarry Zheng
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev opsLen Bass
 
Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2James Cowie
 
The challenges and pitfalls of database deployment automation
The challenges and pitfalls of database deployment automationThe challenges and pitfalls of database deployment automation
The challenges and pitfalls of database deployment automationDBmaestro - Database DevOps
 
#SpFestSea azr203 Azure functions lessons learned
#SpFestSea azr203 Azure functions lessons learned#SpFestSea azr203 Azure functions lessons learned
#SpFestSea azr203 Azure functions lessons learnedVincent Biret
 
Boosting the Performance of your Rails Apps
Boosting the Performance of your Rails AppsBoosting the Performance of your Rails Apps
Boosting the Performance of your Rails AppsMatt Kuklinski
 
Data Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfData Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfRob Winters
 
Inventory managment system
Inventory managment systemInventory managment system
Inventory managment systemVenkata Naga Gopi Krishna Komirisetty
 
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...BDO IT Solutions
 
Evolutionary database design
Evolutionary database designEvolutionary database design
Evolutionary database designSalehein Syed
 
PCB Design and Data Management
PCB Design and Data ManagementPCB Design and Data Management
PCB Design and Data ManagementEMA Design Automation
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 

Mais conteúdo relacionado

Semelhante a Audit your existing code in Domino - Collabsphere2022_v5.pdf

Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"
Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"
Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"Emerasoft, solutions to collaborate
 
Bringing DevOps to the Database
Bringing DevOps to the DatabaseBringing DevOps to the Database
Bringing DevOps to the DatabaseMichaela Murray
 
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?Denodo
 
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)Masayuki Nii
 
AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2Sean Braymen
 
AdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für AdministratorenAdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für AdministratorenChristoph Adler
 
How to overcome challenges in it system evolution
How to overcome challenges in it system evolutionHow to overcome challenges in it system evolution
How to overcome challenges in it system evolutionGrupa Unity
 
Database continuous integration, unit test and functional test
Database continuous integration, unit test and functional testDatabase continuous integration, unit test and functional test
Database continuous integration, unit test and functional testHarry Zheng
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev opsLen Bass
 
Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2James Cowie
 
The challenges and pitfalls of database deployment automation
The challenges and pitfalls of database deployment automationThe challenges and pitfalls of database deployment automation
The challenges and pitfalls of database deployment automationDBmaestro - Database DevOps
 
#SpFestSea azr203 Azure functions lessons learned
#SpFestSea azr203 Azure functions lessons learned#SpFestSea azr203 Azure functions lessons learned
#SpFestSea azr203 Azure functions lessons learnedVincent Biret
 
Boosting the Performance of your Rails Apps
Boosting the Performance of your Rails AppsBoosting the Performance of your Rails Apps
Boosting the Performance of your Rails AppsMatt Kuklinski
 
Data Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfData Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfRob Winters
 
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...BDO IT Solutions
 
Evolutionary database design
Evolutionary database designEvolutionary database design
Evolutionary database designSalehein Syed
 

Semelhante a Audit your existing code in Domino - Collabsphere2022_v5.pdf (20)

Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"
Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"
Webinar: "DBMaestro: Database Enforced Change Management (DECM) tool"
 
Bringing DevOps to the Database
Bringing DevOps to the DatabaseBringing DevOps to the Database
Bringing DevOps to the Database
 
Data harmony update 2021
Data harmony update 2021 Data harmony update 2021
Data harmony update 2021
 
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?
Wie beschleunigt die Denodo Plattform Ihre Zeit der Erkenntnisgewinnung?
 
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)
Framework Enabling End-Users to Maintain Web Applications (ICICWS2015)
 
Shaik Niyas Ahamed M Resume
Shaik Niyas Ahamed M ResumeShaik Niyas Ahamed M Resume
Shaik Niyas Ahamed M Resume
 
AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2
 
AdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für AdministratorenAdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für Administratoren
 
How to overcome challenges in it system evolution
How to overcome challenges in it system evolutionHow to overcome challenges in it system evolution
How to overcome challenges in it system evolution
 
Database continuous integration, unit test and functional test
Database continuous integration, unit test and functional testDatabase continuous integration, unit test and functional test
Database continuous integration, unit test and functional test
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev ops
 
Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2
 
The challenges and pitfalls of database deployment automation
The challenges and pitfalls of database deployment automationThe challenges and pitfalls of database deployment automation
The challenges and pitfalls of database deployment automation
 
#SpFestSea azr203 Azure functions lessons learned
#SpFestSea azr203 Azure functions lessons learned#SpFestSea azr203 Azure functions lessons learned
#SpFestSea azr203 Azure functions lessons learned
 
Boosting the Performance of your Rails Apps
Boosting the Performance of your Rails AppsBoosting the Performance of your Rails Apps
Boosting the Performance of your Rails Apps
 
Data Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfData Vault Automation at the Bijenkorf
Data Vault Automation at the Bijenkorf
 
Inventory managment system
Inventory managment systemInventory managment system
Inventory managment system
 
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
 
Evolutionary database design
Evolutionary database designEvolutionary database design
Evolutionary database design
 
PCB Design and Data Management
PCB Design and Data ManagementPCB Design and Data Management
PCB Design and Data Management
 

Último

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 

Último (20)

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 

Audit your existing code in Domino - Collabsphere2022_v5.pdf

  • 1. Audit your existing code in Domino (just with Lotuscript) Dominique Perarnaud – Data 101
  • 2.
  • 3. 3 • Introduction • The customer • The problem to solve > know your code, answer questions • Guidelines from our customer • How to do it • Next steps… • Questions. Agenda
  • 4. Dominique Perarnaud • Citizen developer / Domino Administrator / In the Yellow bubble since 2001 • Partner at • . • French in the Basque country, North of Spain, for 20 years • I like to build things 2021-2022
  • 6. 6 • We are Data 101, HCL Business Partner based in San Sebastian, Spain
  • 7. Donostia / San Sebastian: The Bay and the fine food… 3rd industrial region of Spain Biggest concentration of 3* Michelin Restaurants in Europe
  • 8. Audit your existing code in Domino (just with Lotuscript) Dominique Perarnaud – Data 101 8
  • 9. THE CONTEXT Disclaimer: This is a “Work in Progress” application, we want to show the potential. Third party products are mentionned here, only to add value to the context of this real use case. In any moment, it is a promotion/ads of these tools. The Audit tool in itself could be used without them, but mentionning how it integrate them, add value to the Audit and to this presentation. 9
  • 10. • City Council > all the data of the citizens must remain on-Premises • Mantra: “Our citizens are our customers” • Must respect the “Spanish National Framework for Security” (Real Decreto 311/2022) • Domino shop already using third party products The customer 10
  • 11. • HCL Domino 12.0.1 FP1 • Installation based on separated Dev / Pre production / Production server • 1 unique server for development (mainly…) • Build Manager partially implemented for pushing changes to pre/production • All type of code: @formula, Lotuscript, Java, Web services, call to external API • Traditional Notes applications co-existing with pure Java applications/server Environment 11
  • 12. THE PROBLEM TO SOLVE Blindness… but not only The “Why” 12
  • 13. • Accurate and update overview of all database designs / server. • Document the database design. • Know dependencies between applications (getview/getdatabase) • Know use of generic Script Library components trought all applications • Know dependencies between applications for Web Services • Document funcionalities on a per database basis (complexity) • Answer questions when the developer may be gone… • Improve security ➢ This will allow to evaluate cost changes, make right decisions for maintenance. Functional requirements made by the customer 13
  • 14. • No license fees. (context: IT Cost per user is rising steadily) • Low cost (only with Lotuscript) & homemade > Rapid Application Developement • UX : Easy to use and understand > Search the data and find • Deliver an accurate and updated Audit > Audit must always contains up-to-date information > Answering urgent requests from Management > Enabling IT for improving/cleaning/decommissioning Notes applications Practical Requirements made by the customer 14
  • 15. • Know your code – relationship – dependencies between applications • Security Audit mandate > clean the code > C: references, misuses of tmp folder, hard coding • Detect Bad practices: cartography of inheritance of design elements > Orphans or not – Do not refresh tags • Maintenance & improvements > Migration from Word.application to LibreOffice, Identify / evaluate OLE Calls • Find niddles in my code: > Use case: “errors after v12.0.1 upgrade“ > Where are the calls to specific (deprecated) JAR in my server Solving specific problems 15
  • 16. • Scheduled updated (only update design since last scan) • Integration with Teamstudio > continous updates for DBs on Build Manager • Trigger manual update (available with one button) • Update start from last point of failure of the scan if the process ended with error • Size should not be a problem Maintenance of the Audit 16
  • 17. • We use the design from the v12 system database • We add some color specific columns • We think in usability first (one view = one answer) DESIGN: v12 UX > Simple (we are not designer) 17
  • 18. DESIGN: v12 UX > Menu 18
  • 19. DESIGN: v12 UX > Configuration document 19
  • 20. DESIGN: v12 UX > Database document 20
  • 21. HOW TO AUDIT THE CODE 21
  • 22. • Maps all databases in server • Gather useful information • With customized views Dominique Perarnaud Where is the information ? 1.Catalog.nsf 2. WebServices.nsf • Maps all WebServices • Authorize ejecution, and gather database using it (Database path, Project owner) • Clear relation of dependencies: who can call who 22
  • 23. Dominique Perarnaud Where is the information ? 3. Central dependencies DB Each Application DB store one “Configuration document” > Dependencies by configuration 6. Each application with his code 4. Build Manager: Who is automated ? 23 5. Script library Component DB
  • 24. • First Part: Gather information from external database into “Central Audit database” • Database document from Catalog.nsf -> Audit Db • Doc Configuration from Dependencies DB -> Audit Db • Web Services Dependencies -> Audit Db • Build Manager -> Analysis + update -> Audit Db • Cartography of the central “Script Library Component” DB ressource-> Audit Db ➢ At this point, we have a clear view of dependencies between database, and which one is automated. ➢ No NTF Dbs, No System Dbs in the list DEMO Workflow of analysis 1/2 24
  • 25. • Step 0: User enable/ diabled analysis on a per database basis Dominique Perarnaud Workflow of analysis 2/2 25
  • 26. • Step 2: Agent extract all the code by design element in Audit Database (DXL) • Step 3: Agent parse the code to extract information • Like if Design elements use LS component • Step 4: Agent validate if Values from Configuration Document are used • Step 5: Agent validate use of Excel/Word, & other specific topics asked by customer Database offer dedicated views to answer some requests. Extra requests are solved by searching the full text index. Dominique Perarnaud Workflow of analysis 2/2 26
  • 27. DEMO 27 At this point, we have confirmation about if : • Configuration document are accurate or contains false positive. • Consumer and Provider for Web Services are up-to-date • LS Component are correctly implemented • And a lot of precise informations….
  • 28. WHEN THE CODE TALK Results 28
  • 29. 1. Hardcoded > bad practices like email, server names, usernames, databases names, old employees, Local Temp Folder 2. Dependencies on external interfaces like DLLs/pdf/Word, ODBC, Fax, Outdated third party applications 3. Inheritance - Do Not refresh 4. Dependencies between Dbs 5. Unused Script library 6. Unused values from Configuration document 7. Compliance with for Nomad web 29 Analysis and Results
  • 30. 1. Hardcoded > email, server names, usernames, databases names, old employees (DENY ACCESS GROUP) 30 Results Search Formula of the agent: NAB give us the emails : search and mark then accordingly
  • 31. Dependencies on external interfaces DLLs (pdf Word), ODBC, Fax, Outdated third party applications 31 Results Search formula include specific keywords
  • 32. Bad management of inheritance – Do not refresh tags 32 Results
  • 33. Deployement to production 33 Results Agent identifies key field inside Build Manager and mark then accordingly
  • 34. Dependencies between Dbs 34 Results Search by specific fields extracted from the DXL Search and mark then accordingly
  • 36. Unused values from Configuration document 36 Results Search Field name from the Config Document inside the design of all the design element of the same database
  • 37. Unused Script libraries 37 Results Search Script Library name present in the DB, in all the design elements of the same database
  • 38. DESIGN: v12 UX > Database document 38
  • 39. HCL Nomad Web 39 Compliance of Nomad Web is just an agent away… https://help.hcltechsw.com/nomad/1.0_web/nomad_web_limitations.html •Following Java™-based applications are not supported: •JavaAgents •XPages (.xsp) •LotusScript 2 Java Bridge (LS2J – Uselsx “*javacon” ) •Web services design elements are not supported. •Dynamic client extensions via native code are not supported. This includes but is not limited to the following: •The DXJ name picker implemented for Windows via a DLL. •Some LotusScript and Formula commands associated are not supported. •In particular, commands associated with Object Linking & Embedding (OLE) are not supported. •The LotusScript LSXLC and LSXODBC extensions.
  • 40. • Regular (and simple) Lotuscript has been used to search, and extract the data, Export DXL and then parse the code… • Most of the work consist in finding how to gather and organize the information in order to present it in an explicit way. • Update the Audit is also an important aspect (“<modified> <date>” ) About the Lotuscript used in this database 40
  • 41.
  • 42. • Check the ACL of the user running the Audit, first. Must be Manager (LocalDomainAdmin) • Do not Audit if you have NO design change (already integrated) • Do not Audit mail template (complex, slow) • Do not Audit mail file • Do not Audit System database (useless) • Audit only NSF • Check what database needs more time to be audited -> complex design Some points of interest when running the tool 42
  • 43. • Add black list “Do not audit” for Database • Visualize data with Graph (xPages?) • Extend with action in YTRIA Automation API Ytria tools can be launched from the agent to generate more data to add to the Audit. • Integrate with JIRA create ticket to ask improvement, linked with some document of this Audit • Update Audit after each automatic build process launch from Build Manager • Add Usage data / Active users /By database Possible improvements 43
  • 44. • We want to know your opinion about our work • Missing features ? Ideas ? • Loophole you see that we missed ? • Would you buy a copy of that work ? At which price ? • Contact: info@data101.es ANSWER OUR QUESTIONS, ASK YOURS 44