Over the past year, HCL Digital Solutions has been on a journey to consolidate our customers’ HCL Domino licensing around our modern, per user, licensing model – HCL Domino Complete Collaboration Business Edition (a.k.a. “CCB”) including unlimited Guest Users, and the additional external user capability under the HCL Domino Complete Collaboration eXternal User (a.k.a. “CCX”) entitlement.
The majority of our customers are now licensed under this model. With the upcoming HCL Domino V12 release, we are further enhancing the CCB/CCX entitlements as described below.
Additionally, with the release of HCL Domino V12 we are aligning all Domino products on consistent license terms, which will be available imminently and include the compliance rules outlined in “HCL Domino Support Update” from February 3, 2021.
CCB Recap: Simplifying HCL Domino Licensing
CCB is the key step in our journey to provide one license model for HCL Domino, eliminating the uncertainty of server capacity and sub-capacity (PVU) licensing and ambiguous entitlement rules.
- A simple “Per User everything model” – use any client and any protocol for any server capacity to run all applications – including enterprise e-mail.
- Transparent license compliance management by simple user counting.
- Adding additional capabilities to the core Domino environment under CCB entitlements from V12 – for example HCL Nomad for Web Browsers and HCL SafeLinx.
CCB entitlements are needed for all employees and contractors of your enterprise needing access to your Domino CCB servers – covering all B2E (Business-to-Employees) scenarios. All CCB entitlements include unlimited external web user access as needed for most B2C (Business-to-Consumer/Citizen) scenarios:
- Guest: unlimited anonymous browser users can freely access your Domino based websites.
- Known Guest: unlimited registered users with credentials to log-in and access applications limited to being a “Reader” with permission to “write public documents” (controlled by Domino application access [ACL] – see Known Guest Use Cases later in this blog post).
For B2B (Business-to-Business) or advanced B2C scenarios, where the external users need to fully engage in applications beyond the access permitted for Known Guests, we introduced the CCX entitlement as an add-on for CCB licensing. (See “Introducing CCX, External User Entitlements“ from September 23, 2020.
Extending CCX entitlement to address additional use cases
CCX users have full functionally to use Domino or Domino Volt [see below] applications and workflows but cannot create applications themselves. CCX users do not have a personal mailbox but can use task/functional mail for workflow routing or applications generating mail.
The CCX Authorized User entitlement is always assigned to a unique person or role, however, can be reassigned after 30 days of inactivity. Consequently, some former Domino Utility Server B2C use cases can now be easily changed from trying to manage/throttle server PVU consumption, to simply ensuring adequate CCX entitlements for actual/expected external users in any 30 day period, with little or no change to existing apps. See later in CCX Use Cases.
CCB Recap: Add-on features for CCB licenses
HCL will continue the “add-on” scheme for CCB licensing, which now includes:
- HCL Domino Volt can be licensed to all CCB users. Licensing HCL Domino Volt as an add-on, includes all CCB and CCX users, as well as enabling use of HCL Enterprise Integrator, HCL SAP Connector and HCL Link on all HCL Domino servers under CCB entitlements.
- HCL Sametime Premium: special add-on price for CCB users to upgrade to full HCL Sametime Premium capabilities from the entitled Limited Chat.
CCB Recap: Access to Domino Servers Licensed under CCB
HCL Domino Servers deployed under CCB Authorized User entitlements can only be accessed by the Licensee’s Enterprise entitled CCB Authorized Users, Guest Users, and CCX Authorized Users. No other user access or Domino Client Access Licensing are permitted access to CCB licensed servers. In addition, the Servers may participate in mail routing (SMTP), directory lookup and authentication (LDAP) for non-HCL Domino programs and permit access to free/busy time information.
Known Guest Use Cases (general B2C)
A Known Guest, as seen from an application, is an authenticated (must be identified) external user listed in the application access control list (ACL) with Reader permission and permitted to write public documents. This access is either granted on a named user basis or by the user being a member of a group or generic association in the ACL.
Content tailored to individual users, subscribing to information
Any Known Guest in an application can read all non-restricted documents in the database and download any attachments from these. Access to specific documents in the database can be controlled by adding users/groups in the ”Reader Name Field” for the document(s). As a result, only the appropriate Known Guests can read/download content. If you have a special Interest Profile or similar for the users, this can be used to filter the information available to relevant individuals.
Submitting a form, starting a workflow, creating content
If a Known Guest is flagged as permitted to “Write Public Documents” this user will be able to see all Forms/actions in the application which are enabled as “Available to Public Access Users”.
For example, using a Form called “Create Interest Profile”, which the user would complete and save to create a special Interest Profile or tailor a mailing list.
Hints for the Admins/Developers: The Save Process can turn off the “$PublicAccess=1” flag to prevent the Interest Profile from being visible to all users of the app, but still available for the app and the originator to access appropriate content.
If/when the Known Guest wants to “Update Interest Profile” later, another Form will be used presenting the update options, maybe pre-populated with some of the existing information, and then processed as above.
Hints for the Admins/Developers: The Known Guest cannot update the initial document directly (being “Reader”), but the app could include a background Agent to manage updating/merging the content.
When B2C requires higher level of access than the Known Guest
The above simple rules should permit implementation of most B2C use cases, however, HCL have found a number of existing B2C apps hosted on Domino Utility Server which do not adhere to the above rules. HCL has decided to enable the reuse of these apps rather than mandating a rewrite (which you can of course always do). This is accomplished by relaxing the usage requirements for the CCX entitlement and permitting an entitlement to be reassigned after 30 days of inactivity. See examples below.
A CCX Authorized User as seen from an application is an authenticated (must be identified) external user listed in the application access control list (ACL) with a maximum permission of Author.
This access is either granted on a named user basis or by the user being a member of a group or generic association in the ACL. Any of these authenticated users can contribute documents to a Domino app/database, and edit own or other designated content.
Some CCX B2B users will have a permanent, continuous, use of applications under the CCX entitlement.
In B2C scenarios, with full use of app capabilities, user access is more sporadic. HCL have found that many customers with Domino Utility Server licensing, largely ignored the volume of users that were created as the user count was not a factor in licensing. These same customers struggled with server sub-capacity PVU management under fluctuating capacity needs and often had to throttle use to stay within licensed capacity (PVU) limits for their B2C apps, resulting in reduced customer satisfaction.
Most applications written to work on a Domino Utility Server (using Author access) are now viable to deploy under CCX licensing, unchanged, by licensing the maximum volume of expected/planned users for any 30 day period. HCL still recommends that you optimize your B2C apps for the Known Guest model, which is included, with no limits, with even a single CCB entitlement.
Two examples of how to use short term/occasional external user engagement apps under the CCX model
Example 1: Job Postings
New Applicants register for web credentials and submit an initial Job Application Package. They then:
- Update Packages during interview cycles and eventually progress into on-boarding workflows
- If not on-boarded, Job Application docs still exist and can be resumed/updated later by Applicants
- When there is no activity with a particular Applicant for 30 days, the CCX entitlement can be reassigned to another Applicant/External user – effectively, you need entitlements for any active/expected users within any 30 days period.
Example 2: Citizen/Government Interactions
Many countries are creating authentication facilities for citizens based on government issued individual credentials. Any user based licensing counting all permitted users, would be totally prohibitive for using these public IDs. However, many apps exist or are being written to submit public forms, to obtain information from Government/Municipalities, etc under the Government ID:
- The revised CCX is perfectly designed for many existing apps coded for user permission as Author.
- The app must use the Government provided means of authentication, and then have appropriate ACL set-up to allow these external users access up through Author for the app. Data can be kept around as app scenarios dictate, and user affiliation with the app likewise.
- If there is no activity with a particular CCX Citizen for 30 days, the entitlement can be reassigned to another Citizen/External user – effectively, you need entitlements for any active/expected users within any 30 day period.
Both of these scenarios could, generally, be written/updated to work within the Known Guest model.
HCL Domino V12 products will be provided to customers on active Support consolidated under the four categories and License Information documents below. Note, that all current entitlements, support subscriptions and part numbers remain unchanged.
Program Name: HCL Domino Complete Collaboration Business Edition 12.0 includes:
- HCL Domino Complete Collaboration Business Edition 12.0
- HCL Domino Complete Collaboration External User 12.0
- HCL Nomad for Web Browsers (eliminating desktop upgrades for the future) is a supporting program uniquely provided with the CCB entitlement from V12. Any customer needing this feature must migrate to the CCB/CCX license model.
Program Name: HCL Domino Enterprise 12.0 consolidating the following 3 models:
- HCL Domino Enterprise 12.0 Client Access
- HCL Domino Enterprise 12.0 Processor Value Unit
- HCL Domino Collaboration Express 12.0
Program Name: HCL Domino Messaging 12.0 consolidating the following 3 models:
- HCL Domino Messaging 12.0 Client Access
- HCL Domino Messaging 12.0 Processor Value Unit
- HCL Domino Messaging Express 12.0
Program Name: HCL Domino Utility 12.0 consolidating the following 2 models:
- HCL Domino Utility 12.0 Processor Value Unit
- HCL Domino Utility Express 12.0 Processor Value Unit
Acquiring Entitlements and Support for above products is fully supported for CCB/CCX and for all other products as described in “HCL Domino Support Update” from February 3, 2021, under the following rules:
- No partial renewals permitted for any licensing.
- For HCL Domino Enterprise Client/Server: If the current configuration is compliant for both client and server side, Support can be renewed as-is, or you can migrate to CCB, on attractive terms. In all other circumstances, to renew or adjust volumes, HCL require that you negotiate a migration to the CCB/CCX license model.
- For HCL Domino Collaboration Express: A compliant configuration can be renewed as-is, or you can migrate to CCB on attractive terms. HCL also recommends migrating to CCB to increase footprints, or to take advantage of HCL Domino Volt, however, you are permitted to acquire additional perpetual entitlements for a compliant configuration.
- All compliant standalone Utility Server entitlements can be renewed as-is (use of Domino Designer requires appropriate Domino Enterprise Client Access licences). To increase footprints, HCL require that you migrate to the CCB/CCX license model, which now supports all Utility Server use cases.
- For HCL Domino Messaging product models: A compliant configuration can be renewed as-is. Also, you can increase the footprint for a compliant configuration by acquiring appropriate new entitlement parts.
HCL has updated all formal HCL Domino V12 License Information Documents now available here.
Managing the upgrade/coexistence scenario from Domino Utility Server to CCB/CCX
An existing Domino Utility Server PVU or Utility Express PVU configuration with appropriate Domino Enterprise Client Access licenses for app maintenance can be renewed as-is. However, many customers want to grow their application volume (hence, deployed server capacity) or want to take advantage of moving to CCB/CCX and the CCB add-on capabilities.
If you replace your Utility Server Support Subscription with appropriate CCB/CCX Authorized User volume to cover the current users, you can leave the installation as-is and just use your new CCB licensing.
If you need to maintain coexistence between Utility Server and CCB environments, you need to observe the following guidelines:
- Any entitlements included with CCB are only available to the CCB environment, e.g. Safelinx/Nomad Web. If HCL Domino Volt was added to CCB, the HCL Enterprise Integrator, HCL SAP Connector, and HCL Link are only available for the CCB environment.
- Any existing HEI/SAP Connector in the Utility Server environment must be continued/renewed as-is and cannot be replaced by the CCB entitled programs.
- Users defined on Utility Servers must be on the Denied Access List for all CCB servers to separate them from CCB licensing counts, whereas any CCB user is permitted access to the Utility Servers.
- The V12 Entitlement Reporting Tool provides a report for all of your Domino Domains, however, you can drill down on specific servers or groups of servers to understand user volumes by server.
This announcement further enforces CCB/CCX as the licensing platform for Domino customers, allowing all customers to upgrade to CCB and with CCB as the only model for all new customers.
If you have any questions about this blog post and announcements or have any licensing questions, please contact your HCL product specialist or Business Partner.
- HCL Software License Information Documents
- HCL Domino V12 Entitlement Tracker Tool
- Learn about Domino Access Control Lists (ACL)
Related Blog Posts:
- HCL Complete Collaboration (CCB) Guest Licensing
- Licensing Update: Introducing CCX, External User Entitlements
- HCL Domino Volt: April Release with New Integration Possibilities
- Exciting New HCL Sametime Features Released Today
- HCL SafeLinx 1.1 included with CCB
Frequently Asked Questions
Updated since September 23, 2020, “Introducing CCX, External User Entitlements”
Q: How are CCB/CCX users counted?
A: The Domino V12 Entitlement Tracker Tool produces an internal report to assist you with license compliance. (This report is not collected by HCL)
- You simply count the entries across all Domino Directories and Authentication Sources permitting users to log-in. The count of credentials permitting log-in equals the number of Authorized Users.
- Keep separate track of “external” users and exclude from the CCB count. A user on all Denied Access Lists are excluded from the counts.
- CCB includes an unlimited entitlement for Guest users. If logged-in Known Guest user credentials are included in the Domino Directories identified/separated out as “guests”, simply exclude from CCB/CCX counts.
- Needed CCX entitlements are established from the maximum number of log-in’s used or to be used in any 30 day period.
- CCB and CCX can reside on same server or as administrator decides – counting is always across all Domino Directories in Licensee’s enterprise.
- No employee or contractor in Licensee’s Enterprise can be a CCX or Guest user.
Q: I am using an earlier Domino license model. How do I switch to CCB/CCX?
A: CCB licensing is a superset of prior Domino licensing. When CCB licensing is established replacing active Domino licensing, CCB can provide the entitlements that were in place for the Domino Servers and various clients. To support the user constituents, you may need both CCB/Guest and CCX entitlements to match your current use cases, but you can continue to use deployed software. In most cases, if you have a compliant installation, the move to CCB is cost neutral.
Q: I just need Domino apps, no need for mail or other features.
A: Mail routing is intrinsic to Domino and to many apps that run on the platform. For simplicity, the full mail application is included with CCB and functional/workflow mail is included with CCX – both HCL Verse, the traditional Notes user interface, and mobile access. The mail function is always part of your entitlement, whether you use it or not.
Q: Can I still just license mail?
A: The mail-only licensing of Domino Messaging CAL/PVU, Messaging Express is still available. However, you can fully replace your mail entitlements with CCB and include Domino Volt to gain significant additional value for your users. (See also Aligning all Domino V12 Licenses in this blog.)
Q: What is included with CCB and what are add-ons?
A: The CCB license includes entitlements to
- HCL Nomad for Web Browsers for all CCB/CCX users
- HCL SafeLinx for all CCB servers and CCB/CCX users
- HCL Sametime Premium Limited Chat
- You must have a CCB license to enable any code install/download & product support for the above functions.
- Full HCL Sametime Premium at a special, reduced, price
- HCL Domino Volt for all CCB users at a simple uplift (which is also extended to all CCX users for no additional charge). The HCL Domino Volt add-on includes HCL Enterprise Integrator, HCL SAP Connector and HCL Link which are entitled for all CCB entitled servers with Domino Volt
- CCX on a per External User basis as described elsewhere in this blog.
Q: What is a CCB user permitted to do?
A: CCB users are entitled to all aspects of Domino applications and enterprise e-mail and purchased add-ons per above, without license restrictions on what users are permitted to do. CCB users can create and participate in apps and workflows to any level set by their Domino Administrators.
Q: How do you restrict CCX and Guest users’ access to an application?
A: Based on your settings in the Domino “Access Control List” (ACL) – all Domino databases/applications have an ACL which maps access levels to users. The access level is a classification limiting which tasks a user can perform in the database – Manager, Editor, Author, Reader, Depositor, No Access – these classes are just labels, not verbatim. To fully understand permitted use cases, refer to the product documentation on ACLs found here
Learn about Domino Access Control Lists (ACL).
Hints for the Admins/Developers: Existing apps and standard templates may need customisation to support Known Guest users (free with CCB), whereas CCX users should have appropriate support with no changes to apps.
Q: Why is a CCX user permitted ACL level up to Author?
A: CCX users can fully participate in, and use (not create) Domino apps and workflows (including Domino Volt if added to CCB.) The maximum ACL level allowed is “Author” access, which is typically assigned to users who need to contribute documents to a Domino database – and authenticated users can edit their own and other designated content.
CCX is for authenticated, external users only and not permitted for any employee or contractor in the Licensee’s Enterprise.
Q: Why is an anonymous Guest permitted ACL level up to Author?
A: Anonymous Guests are web users, who beyond browsing a web site are permitted actions like submitting a contact form, participating in a web survey, posting anonymous blog content, etc. “Author” access is typically assigned to users who need to contribute documents to a Domino database just like CCX users, however, being anonymous they cannot edit any content, nor access individualised content and no details are retained as to who contributed to the database.
Q: Why is a logged-in Guest only permitted ACL level up to Reader?
A: Under ACL control, “Reader” access allows controlled creation of documents by using public access forms. Logged-in Guests authenticating with HTTP/LDAP are typically a dynamic, ever increasing volume of users visiting your web site, registering to gain access to community content, special interest forums, initiating workflows, etc. “Reader” access is typically assigned to users who are only permitted to read documents in a database and/or using public forms to create documents. This case is for authenticated, external, limited use only, and not permitted for any Employee or contractor in the Licensee’s Enterprise.
For external users needing any higher level of access, you must purchase CCX entitlements.
Disclaimer – HCL’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at HCL’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard HCL benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multi programming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.