S 3.87 Introduction in Lotus Notes/Domino

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Specialists Responsible, IT Security Officer

Basic terms and historical development of the Lotus Notes/Domino platform

Lotus Notes/Domino is a product family of the Lotus Software department of the manufacturer IBM. Initially developed by Iris Associates, the Lotus Notes Groupware platform became the most successful product of Lotus Software Corporation and was the dominating platform for communication and collaboration in the market for decades (Communication Platform). Since the launch of Microsoft Exchange and Outlook, a commercial alternative to Lotus Notes/Domino exists that also has a significant share in the market. In addition, there is a number of open source products that can be used to image the functionality of these two platforms. However, only individual components of the aforementioned (such as Apache Webserver) have high shares in the market.

The discontinuation of the IBM Workplace concept (a parallel development to Lotus Notes with Groupware and Office functionalities on the technological basis of Open Office and the WebSphere platform)resulted in a strategical and technical enhancement of the Lotus product range by the manufacturer right up to strategically positioning the Lotus Notes Full client as a universal client. The universal client concept provides for the use of only one client for accessing different applications and practically continues the use of a single browser as the client for numerous web applications into the world of Fat and/or Full clients. Manufacturers with a comprehensive application portfolio can leverage synergies by providing a standardised (Full) client for all applications offered allowing for more comprehensive client functionalities when compared to a browser.

Open standards increasingly complement or supersede the proprietary Lotus Notes/Domino world. For this reason, Lotus Notes/Domino increasingly emphasises its platform status. This includes a broad range of basic services such as email, calendar/organiser, web access, Presence and Instant Messaging, as well as extensive support of application development for this platform. In-house developed applications can be used to complement the basic services by company-specific elements, e.g. personal organisation taking into account company-specific resource databases. However, it is also possible to develop mostly independent applications, e.g. applications for imaging approach models in the project business. Additionally, there are manifold integration options into different platforms, open standards, and a range of additional products of the manufacturer and third parties for the Lotus Notes/Domino platform.

Hereinafter, the term Lotus Notes/Domino platform will be used for the sum of available Lotus Notes/Domino components of a defined release status and/or the Lotus Notes/Domino components of a defined release status used in the organisation, while the term Lotus Notes/Domino environment will be used for a specific instance (installation) with defined functionality, the intranet of the organisation established via Lotus Domino services and Notes client, for example. Within an organisation, several Lotus/Domino environments, but also several platforms (by using different releases of Lotus Notes/Domino in parallel) can be used.

The Lotus Notes/Domino platform includes server- and client-side components processing the occurring communication, data storage, and data processing.

Lotus Domino is the term for the basic component to be installed on the server side, while Lotus Notes is the term for the client-side basic component. It is generally possible to use only server-side or only client-side components. However, a Lotus Notes/Domino environment normally includes both server-side and client-side Lotus components.

Initially designed as classic client-server application in proprietary technology with a Fat client, Lotus Notes/Domino was subject to major modifications. Now, even browser-based clients (iNotes) or clients for mobile end devices such as PDAs, smartphones, etc. can be used as clients. Additionally, the "classic" client is available in a proprietary variant (Basic client) and a variant based on the standard of the Eclipse platform (Standard and/or Full client). It is also possible to use third party email clients via POP3 and IMAP standards.

On the server side, the amount of available services of the Domino server was increased and the connection to the internet standards summarised in web 2.0 was improved.

Today's Notes/Domino application scenarios can differ strongly. From the simple application as centralised email system with additional workgroup functions up to a large number of networked services on differently designed Domino servers operated in the company's intranet, diverse extranets, and at the internet interface. These services can be used by means of differently designed clients, with Notes/Domino being functional as integration platform both on the server and on the client side, e.g. for accessing SAP systems. For that reason, neither the intranet nor the internet architecture are considered regarding the use of Notes/Domino, but rather the protection of the services made available by the Notes/Domino environment, depending on the application scenario.

Security-relevant developments of the Lotus Notes/Domino platform

The Lotus Notes/Domino platform was strongly developed further with the current releases 8.0.x and 8.5.x both regarding its functionality and the used technology. This refers to the number and functionality of the Domino services provided, the number and functionality of the possible Domino clients, as well as the application scenarios of the platform.

From a security point of view, the following developments are particularly important in order to be able to protect the Notes/Domino platform.

• Electronic communication and collaboration are becoming increasingly important. The integration into virtually all business processes also increases the protection requirements of the services implemented using Lotus Notes, e.g. email and intranet/extranet access. In total, this results in increasing protection requirements of the Lotus Notes/Domino platform.
• There are few assessments regarding potential risks for newer internet services such as Presence and Instant Messaging resulting in a rather low awareness for the related IT risks.
• The platform's architecture is subject to change: Starting from a pure client-server architecture with Fat client, the Lotus Notes/Domino platform is today a service-based platform. This includes differently configurable server components and services, a complex development environment, and several clients that can either be used for all functions of the platform or selectively for defined services (such as POP3 and IMAP clients for email).
• The strongly increased complexity of the software resulting from the connection to established platforms of the manufacturer and standards (DB2 as DBMS, Eclipse, Websphere technology, W3C standards) significantly increases the number of potential weaknesses and makes it difficult to stay on top of things: It is increasingly more difficult to assess the architecture, interfaces, and critical components regarding the security aspects.
• The heterogeneity of the code base (client-side Eclipse, server-side Websphere technology, Web 2.0 standards) caused by the integration of new technology platforms requires broader technological know-how for protecting the Lotus Notes/Domino platform.
• The comprehensive integration options of the Notes platform, particularly the Alloy component for SAP integration, but also the other options for server- and client-side integration may significantly increase the protection requirements of individual Lotus Notes/Domino components (e.g. of the clients when implementing a universal client strategy), if used accordingly.

Universal client

Although web browsers dominate the field of application frontends, there often still is a "classic" client for complex applications able to offer significantly more functionality than the "simple" web browser. Browser plugins or the Ajax Framework can be used to extend the browser-based client's functionality, but protection and maintenance of the components become more difficult.

Major software providers expect the "universal" client concept to simplify the development of classic clients for the offered applications on the one hand, and to reduce the time required for installation and administration on part of the customer on the other hand.

With the previous, proprietary Notes client, IBM disposes of a broadly accepted client developing the comprehensive functionality of the Lotus Notes/Domino platform and used by many customers as a client for proprietary developments under Lotus Notes/Domino.

For the Lotus Notes/Domino platform, the Eclipse Framework is both development framework and runtime framework for the Full client. The framework is supported by IBM and is broadly accepted as a free platform for Java.

With the conversion of the Notes client to the Eclipse platform in Notes 8 (Standard and/or Full client) and the release of the Eclipse-based Lotus Notes/Domino development environment Domino Designer, IBM created all the prerequisites for establishing the Notes client as universal client not only for the proprietary product family, but for Java-based applications in general.

The effects of a universal client on information security may be significant and must therefore be reviewed conceptionally before any introduction. The following aspects must be taken into consideration in particular:

• The security assessment of different applications is easier when using a universal client, since the security mechanisms of the client must be evaluated once only.
• The protection requirements of the client are increased due to the maximum and accumulation principle to be applied to the different applications using the client, both regarding availability, confidentiality, and integrity.
• Protection may be more difficult due to the increased complexity of the Lotus Notes client. The fact that the Full client is a client created on the basis of a development framework that is much more open (and thus susceptible to attacks) than a pure, proprietary application client such as the Basic client also contributes to the aforementioned.

Application integration with Lotus Notes/Domino

The manufacturer also increasingly positions the Lotus Notes/Domino platform as a platform for application integration. From a technical point of view, this is imaged by open standards for interfaces and by the proprietary Lotus technology being complemented by tried and tested technology of the WebSphere platform and the Eclipse framework.

Application integration using Lotus Notes clients

The advanced options of client-side application integration (e.g. using web services) are another advantage of the Full client and strengthen the strategic position of the Lotus Notes client as a universal client. Client-side application integration often can be implemented more easily and quicker when compared to server-side application integration, since no or only minor interventions into the operational procedures of the applications to be integrated are required.

Application integration using the Lotus Domino server

The existing options of server-side integration, e.g. by connecting DB2 databases, using the Domino Application Server or using the Lotus Enterprise Integrator for Domino (additionally licensable product of Lotus Extended Products) position the Lotus Notes/Domino platform as an alternative to proprietary application integration products.

Products developed in collaboration with SAP, e.g Alloy, allow for accessing SAP systems from the Lotus Notes client and therefore strengthen the position of the client as universal client, whereby the Domino server and the SAP Application Server communicate using corresponding plugins.

Analogous to the universal client, the protection requirements both of the client-side Notes components and the server-side Domino components used accordingly for integration purposes increase when using Lotus Notes/Domino as an application integration platform. Thus, the security safeguards to be implemented may be significantly more complex when compared to using the Lotus Notes/Domino functionality alone and the proprietary developments made available for the Lotus Notes/Domino platform.