Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
ILUG 2010 - Deploying plug-ins to the enterprise
1. Deploying plug-ins to the enterprise
Presenter: René Winkelmeyer
Company: Partner Dialog
2. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
3. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
4. About me
• René Winkelmeyer
• 32 years
• Married, two dogs, two cats
• Consultant for Business Process Optimization
and Domino Development
at Partner Dialog Unternehmensberatung GmbH
• IBM Business Partner
• Using Notes/Domino since 10+ years
• Member of IBMs Domino NEXT Design Partner program
5. About me
• OpenNTF Contributor and Committer
• Winner of the “IBM Best Open Source Award 2010”
• Main developer of the well-known “File Navigator” plug-in
6. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
7. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
8. What’s to expect from this session
• We’ll take a look how to deploy plug-ins to your enterprise.
• For that I’ll show you what’s to consider when you setup plug-ins within your
company.
• And you’ll learn how to avoid some problems (maybe).
• It will be a brief overview !
9. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
10. Talking about plug-ins and widgets
• Since the availability of plug-in provisioning within Lotus Notes there has always
been a kind of knowledge gap for administrators (and developers).
• The difference between plug-ins (and features) and widgets is still not clear to
anybody.
• If you talk about plug-in deployment – you talk about “widget deployment” (or so).
11. What are plug-ins?
• Plug-ins are java programs
• Plug-ins are able to change the look and feel
• Plug-ins are the core base of the Notes standard client
• Plug-ins are the core base of Sametime
• Plug-ins are, well, everywhere in the Lotus world now.
13. What are features?
• Features are the main mechanism for plug-in deployment.
• That’s because plug-ins are always part of a feature
• Features can contain multiple plug-ins
14. And what are widgets?
• Widgets are … let’s say “gadgets” for the Notes client.
• You can use widgets for displaying several stuff in the Notes client sidebar
• Notes views, forms, pages etc.
• Google gadgets
• Web sites
• And you can use widgets to install plug-ins!
15. What are widgets?
• The “functionality” of a widget is described as an XML configuration.
• You can export the XML through a right-click on the widget and send it via E-mail or
publish it to a catalog.
• Both ways assume that you allow your users to install widgets (and maybe plug-ins)
by themselves!
17. Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false"
doubleClickCommandId="“
hideThumbnail="false“
id="2016957732“
imageUrl=""
providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning"
singletonSidebar="false“
title="File Navigator Feature“
url="http://domsrv1/intern/it/updatesite.nsf"
viewImageUrl="">
Set this parameter to
„true“ if you don‘t
want that users will
see the widget icon
18. Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false"
doubleClickCommandId="“
hideThumbnail="false“
id="2016957732“
imageUrl=""
providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning"
singletonSidebar="false“
title="File Navigator Feature“
url="http://domsrv1/intern/it/updatesite.nsf"
viewImageUrl="">
The id is very important. It
identifies the widget. If you
change it, Notes will
recognize a „new“ widget!
19. Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false"
doubleClickCommandId="“
hideThumbnail="false“
id="2016957732“
imageUrl=""
providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning"
singletonSidebar="false“
title="File Navigator Feature“
url="http://domsrv1/intern/it/updatesite.nsf"
viewImageUrl="">
If you want a custom
image in the widget
sidebar you can set
the url right here.
20. Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false"
doubleClickCommandId="“
hideThumbnail="false“
id="2016957732“
imageUrl=""
providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning"
singletonSidebar="false“
title="File Navigator Feature“
url="http://domsrv1/intern/it/updatesite.nsf" Setting this
viewImageUrl=""> parameter to „true“
forces the Notes
client to open the
widget in the same
Sidebar panel (not
needed for plug-ins).
21. Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false"
doubleClickCommandId="“
hideThumbnail="false“
id="2016957732“
imageUrl=""
providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning"
singletonSidebar="false“
title="File Navigator Feature“
url="http://domsrv1/intern/it/updatesite.nsf"
viewImageUrl="">
Just the title of the
widget.
22. Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false"
doubleClickCommandId="“
hideThumbnail="false“
id="2016957732“
imageUrl=""
providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning"
singletonSidebar="false“
title="File Navigator Feature“
url="http://domsrv1/intern/it/updatesite.nsf"
viewImageUrl="">
Here you define the
source where to get
the plug-in. That‘s the
HTTP way…
23. Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false"
doubleClickCommandId="“
hideThumbnail="false“
id="2016957732“
imageUrl=""
providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning"
singletonSidebar="false“
title="File Navigator Feature“
url=“nrpc://domsrv1/C12574550014E1F0"
viewImageUrl="">
…and that‘s the
NRPC way.
24. Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false"
doubleClickCommandId="“
hideThumbnail="false“
id="2016957732“
imageUrl=""
providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning"
singletonSidebar="false“
title="File Navigator Feature“
url="http://domsrv1/intern/it/updatesite.nsf"
viewImageUrl="">
If you like custom
icons for your sidebar
elements – here you
can configure them.
25. Anatomy of the an extension.xml
<data>
<installManifest><![CDATA[<install>
<installfeature id="org.openntf.filenavigator.feature" name="File
Navigator Feature" version="1.0.4">
<requirements>
<feature id="org.openntf.filenavigator.feature" version="1.0.4"
match="perfect" />
</requirements>
</installfeature>
</install>
]]></installManifest> That‘s where the
</data> features are set
which should be
installed.
26. Anatomy of the an extension.xml
<data>
<installManifest><![CDATA[<install> <installfeature
id="com.iscoord.isphone.addon.sametime.feature" name="is-phone" version="8.7.3">
<requirements>
<feature id="com.iscoord.isphone.addon.sametime.feature" version="8.7.3" match="perfect" />
<feature id="com.iscoord.isphone.core.feature" version="8.7.3" match="perfect" />
<feature id="com.iscoord.isphone.notes.toolbar.feature" version="8.7.3" match="perfect" />
<feature id="com.iscoord.isphone.ui.swt.feature" version="8.7.3" match="perfect" /> </
requirements> </installfeature></install>]]></installManifest>
</data>
Here is a somewhat
„bigger“ feature set.
27. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• The plug-in deployment tool (got still no name for it)
• Conclusion
28. Security, security, security
• Security is important – as always
• Would your OS administrators allow your users to install any software by
themselves?
• So - why would you allow users to install plug-ins by themselves??!
• The next steps will show you the security preparations for plug-in deployment. You
just need to set them up once!
29. Digitally sign your plug-ins
• It’s highly recommended that you only deploy signed plug-ins. Without that you
won’t be able to deliver a real silent installation – and it is more secure!
• Step 1: Create a keystore
%JAVA_HOME%binkeytool
-genkey -dname "cn=signer, ou=ca, o=partner-dialog, c=DE“
-alias “codesigner"
-keypass mypassword
-keystore c:yourfolderkeys
-storepass secret
-keyalg "RSA"
-validity 360
31. Digitally sign your plug-ins
• Step 3: Import the certificate into your Domino directory
32. Digitally sign your plug-ins
• Step 4: Create a cross-certificate
• You need to open the internet certificate document!
33. Digitally sign your plug-ins
• Step 5: Deploy the certificate to your users with an Security policy setting
You can use this to
deploy any kind of
certificate from your
Domino directory
into the users local
address book
34. Setup plug-in policy settings
• Please configure the policy setting for signed plug-ins!
35. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
36. Deployment in Lotus Notes / Domino
• Consider five steps for plug-in deployment
Sign the Import the Add the
Configure
features plug-in to plug-in to Deploy the
plug-in
and your your widget
settings
plug-ins updatesite toolbox
37. Digitally sign your features and plug-ins
• Remember the security part?
• We setup internet cross-certificates and deployed them to our users.
• We set plug-in security to only allow the installation of signed plug-ins.
• Now we need to sign the features and plug-ins (every single jar file).
%JAVA_HOME%binjarsigner -verbose
-keystore C:myfolderkeys
-storepass secret
-keypass secret
C:devupdatesitefeaturesorg.openntf.filenavigator.feature_1.0.5.jar
codesigner
38. Using the widget catalog
• Please configure the policy setting for signed plug-ins!
Make use of RUN_IN_BACKGROUND=true
in org.eclipse.ui.workbench – that is
nescessary for silent deployment
39. Using the widget catalog
Remove means „Remove from the policy setting“ –
it doesn‘t mean „Remove from the users workspace folder“
40. Using the widget catalog
All those Eclipse settings are stored in <notesdata>workspace.metadata.plugins
org.eclipse.core.runtime.settings
Content of org.openntf.filenavigator.prefs
#Mon Sep 13 13:41:43 CEST 2010
org.openntf.filenavigator.activity.PreferencePageFavFolder=true
pref_question_roots_refresh=true
org.openntf.filenavigator.activity.PreferencePageRoots=true
org.openntf.filenavigator.activity.PreferencePageShares=true
pref_question_eml_open=systemdefault
pref_initial_setup=true
prefmgmt_allow_shares=true
eclipse.preferences.version=1
pref_roots_active=#C:#D:#E:#F:#P:#G:#I:#Z:#H:
pref_unzip_files=true
org.openntf.filenavigator.activity.PreferencePageMail=false
41. Import into the Updatesite
• IBM has provided a database for plug-in deployment.
• You’ll find it as an advanced template on your Domino server.
• This database allows you to have a single storage for your features and plug-ins.
It‘s a Notes database – so think
about setting the ACL properly.
42. Import into the Updatesite
Import mechanisms You can‘t delete single documents!
Views for Feature name Feature ID Feature version
different sortings
43. Using the widget catalog
• IBM has provided a database for plug-in deployment.
• You’ll find it as an advanced template on your Domino server.
• This database allows you to have a single storage for widgets.
It‘s a Notes database – so think
about setting the ACL properly.
44. Using the widget catalog
All widgets are stored as
Notes documents
45. Using the widget catalog
You need to set a category for
the deployment with policies
The widget catalog assumes, that
you already have an extension.xml
This nice button imports some
of the extension.xml data into
the document.
46. The desktop policy setting
The client will look at this server
Define the categories which
should be installed
Should your users be able to
see the widget sidebar?
48. How does the client provisioning work
• At client start-up the client searches for the Widget catalog on the server.
• It then replicates the local widget catalog (if it doesn’t exist a new one is created).
• The client then searches in the local replica for changes.
• Note: a periodical replication of 24h is automatically enabled
49. How do I uninstall a widget?
• Just delete the corresponding document in the Widget catalog.
That will affect
all users!
50. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
51. Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
52. Conclusion
• Plug-ins are a very powerful
– handle them with care!
• IBM has provided a good set of tools to administrate and deploy plug-ins
– use them!
• You should always consider about security!
53. Thank you!
Thank you very much for attending my session !
René Winkelmeyer
Questions and – hopefully good – answers can now be placed !