Over the past yearHCL Digital Solutions has been on a journey to consolidate our customers’ HCL Domino licensing around our modern, per user, licensing model – HCL Domino Complete Collaboration Business Edition (a.k.a. “CCB”) including unlimited Guest Users, and the additional external user capability under the HCL Domino Complete Collaboration eXternal User (a.k.a. “CCX”) entitlement. 

The majority of our customers are now licensed under this model. With the upcoming HCL Domino V12 release, we are further enhancing the CCB/CCX entitlements as described below.  

Additionally, with the release of HCL Domino V12 we are aligning all Domino products on consistent license termswhich will be available imminently and include the compliance rules outlined in “HCL Domino Support Update” from February 3, 2021. 

CCB Recap: Simplifying HCL Domino Licensing

CCB is the key step in our journey to provide one license model for HCL Domino, eliminating the uncertainty of server capacity and sub-capacity (PVU) licensing and ambiguous entitlement rules. 

  • A simple “Per User everything model” – use any client and any protocol for any server capacity to run all applications – including enterprise e-mail. 
  • Transparent license compliance management by simple user counting. 
  • Adding additional capabilities to the core Domino environment under CCB entitlements from V12 – for example HCL Nomad for Web Browsers and HCL SafeLinx. 

CCB entitlements are needed for all employees and contractors of your enterprise needing access to your Domino CCB servers – covering all B2E (Business-to-Employees) scenarios. All CCB entitlements include unlimited external web user access as needed for most B2C (Business-to-Consumer/Citizen) scenarios: 

  • Guest: unlimited anonymous browser users can freely access your Domino based websites. 
  • Known Guest: unlimited registered users with credentials to log-in and access applications limited to being a “Reader” with permission to “write public documents” (controlled by Domino application access [ACL] – see Known Guest Use Cases later in this blog post).

For B2B (Business-to-Business) or advanced B2C scenarios, where the external users need to fully engage in applications beyond the access permitted for Known Guests, we introduced the CCX entitlement as an add-on for CCB licensing. (See Introducing CCX, External User Entitlements“ from September 23, 2020.

Extending CCX entitlement to address additional use cases

CCX users have full functionally to use Domino or Domino Volt [see below] applications and workflows but cannot create applications themselves. CCX users do not have a personal mailbox but can use task/functional mail for workflow routing or applications generating mail.  

The CCX Authorized User entitlement is always assigned to a unique person or role, however, can be reassigned after 30 days of inactivity.  Consequently, some former Domino Utility Server B2C use cases can now be easily changed from trying to manage/throttle server PVU consumption, to simply ensuring adequate CCX entitlements for actual/expected external users in any 30 day periodwith little or no change to existing apps.  See later in CCX Use Cases. 

CCB Recap: Add-on features for CCB licenses

HCL will continue the “add-on” scheme for CCB licensing, which now includes: 

  • HCL Domino Volt can be licensed to all CCB users.  Licensing HCL Domino Volt as an add-on, includes all CCB and CCX users, as well as enabling use of HCL Enterprise Integrator, HCL SAP Connector and HCL Link on all HCL Domino servers under CCB entitlements. 
  • HCL Sametime Premium: special add-on price for CCB users to upgrade to full HCL Sametime Premium capabilities from the entitled Limited Chat.

CCB Recap: Access to Domino Servers Licensed under CCB

HCL Domino Servers deployed under CCB Authorized User entitlements can only be accessed by the Licensee’s Enterprise entitled CCB Authorized Users, Guest Users, and CCX Authorized Users. No other user access or Domino Client Access Licensing are permitted access to CCB licensed servers.  In addition, the Servers may participate in mail routing (SMTP), directory lookup and authentication (LDAP) for non-HCL Domino programs and permit access to free/busy time information. 

Known Guest Use Cases (general B2C)

Known Guest, as seen from an application, is an authenticated (must be identified) external user listed in the application access control list (ACL) with Reader permission and permitted to write public documents.  This access is either granted on a named user basis or by the user being a member of a group or generic association in the ACL. 

Content tailored to individual users, subscribing to information

Any Known Guest in an application can read all non-restricted documents in the database and download any attachments from these.  Access to specific documents in the database can be controlled by adding users/groups in the ”Reader Name Field” for the document(s). As a result, only the appropriate Known Guests can read/download content. If you have a special Interest Profile or similar for the users, this can be used to filter the information available to relevant individuals. 

Submitting a form, starting a workflow, creating content

If a Known Guest is flagged as permitted to “Write Public Documents” this user will be able to see all Forms/actions in the application which are enabled as “Available to Public Access Users”.  
For example, using a Form called “Create Interest Profile”, which the user would complete and save to create a special Interest Profile or tailor a mailing list.   

Hints for the Admins/Developers: The Save Process can turn off the “$PublicAccess=1” flag to prevent the Interest Profile from being visible to all users of the appbut still available for the app and the originator to access appropriate content. 

 If/when the Known Guest wants to “Update Interest Profile” later, another Form will be used presenting the update options, maybe pre-populated with some of the existing information, and then processed as above. 

Hints for the Admins/DevelopersThe Known Guest cannot update the initial document directly (being “Reader”), but the app could include a background Agent to manage updating/merging the content. 

When B2C requires higher level of access than the Known Guest

The above simple rules should permit implementation of most B2C use cases, however, HCL have found a number of existing B2C apps hosted on Domino Utility Server which do not adhere to the above rules. HCL has decided to enable the reuse of these apps rather than mandating a rewrite (which you can of course always do). This is accomplished by relaxing the usage requirements for the CCX entitlement and permitting an entitlement to be reassigned after 30 days of inactivity See examples below. 

CCX Use Cases

CCX Authorized User as seen from an application is an authenticated (must be identified) external user listed in the application access control list (ACL) with a maximum permission of Author. 
This access is either granted on a named user basis or by the user being a member of a group or generic association in the ACL. Any of these authenticated users can contribute documents to a Domino app/database, and edit own or other designated content. 

Some CCX B2B users will have a permanent, continuous, use of applications under the CCX entitlement.  
In B2C scenarios, with full use of app capabilities, user access is more sporadic. HCL have found that many customers with Domino Utility Server licensing, largely ignored the volume of users that were created as the user count was not a factor in licensing. These same customers struggled with server sub-capacity PVU management under fluctuating capacity needs and often had to throttle use to stay within licensed capacity (PVU) limits for their B2C apps, resulting in reduced customer satisfaction. 

Most applications written to work on a Domino Utility Server (using Author access) are now viable to deploy under CCX licensing, unchanged, by licensing the maximum volume of expected/planned users for any 30 day period. HCL still recommends that you optimize your B2C apps for the Known Guest model, which is included, with no limits, with even a single CCB entitlement. 

 Two examples of how to use short term/occasional external user engagement apps under the CCX model

Example 1: Job Postings

New Applicants register for web credentials and submit an initial Job Application Package.  They then: 

  • Update Packages during interview cycles and eventually progress into on-boarding workflows 
  • If not on-boarded, Job Application docs still exist and can be resumed/updated later by Applicants 
  • When there is no activity with a particular Applicant for 30 days, the CCX entitlement can be reassigned to another Applicant/External user – effectively, you need entitlements for any active/expected users within any 30 days period. 
Example 2: Citizen/Government Interactions 

Many countries are creating authentication facilities for citizens based on government issued individual credentials.  Any user based licensing counting all permitted users, would be totally prohibitive for using these public IDs.  However, many apps exist or are being written to submit public forms, to obtain information from Government/Municipalities, etc under the Government ID: 

  • The revised CCX is perfectly designed for many existing apps coded for user permission as Author. 
  • The app must use the Government provided means of authentication, and then have appropriate ACL set-up to allow these external users access up through Author for the app.  Data can be kept around as app scenarios dictate, and user affiliation with the app likewise.   
  • If there is no activity with a particular CCX Citizen for 30 days, the entitlement can be reassigned to another Citizen/External user – effectively, you need entitlements for any active/expected users within any 30 day period. 

 Both of these scenarios could, generally, be written/updated to work within the Known Guest model.

Aligning all Domino V12 Licenses

HCL Domino V12 products will be provided to customers on active Support consolidated under the four categories and License Information documents below.  Note, that all current entitlements, support subscriptions and part numbers remain unchanged. 

Program Name:  HCL Domino Complete Collaboration Business Edition 12.0 includes: 

  • HCL Domino Complete Collaboration Business Edition 12.0 
  • HCL Domino Complete Collaboration External User 12.0 
  • HCL Nomad for Web Browsers (eliminating desktop upgrades for the future) is a supporting program uniquely provided with the CCB entitlement from V12. Any customer needing this feature must migrate to the CCB/CCX license model. 

 Program Name:  HCL Domino Enterprise 12.0 consolidating the following 3 models: 

  • HCL Domino Enterprise 12.0 Client Access 
  • HCL Domino Enterprise 12.0 Processor Value Unit  
  • HCL Domino Collaboration Express 12.0 

 Program Name:  HCL Domino Messaging 12.0 consolidating the following 3 models: 

  • HCL Domino Messaging 12.0 Client Access 
  • HCL Domino Messaging 12.0 Processor Value Unit  
  • HCL Domino Messaging Express 12.0 

 Program Name:  HCL Domino Utility 12.0 consolidating the following 2 models: 

  • HCL Domino Utility 12.0 Processor Value Unit  
  • HCL Domino Utility Express 12.0 Processor Value Unit 

Acquiring Entitlements and Support for above products is fully supported for CCB/CCX and for all other products as described in “HCL Domino Support Update” from February 3, 2021, under the following rules: 

  • No partial renewals permitted for any licensing. 
  • For HCL Domino Enterprise Client/Server:  If the current configuration is compliant for both client and server side, Support can be renewed as-is, or you can migrate to CCB, on attractive terms.  In all other circumstances, to renew or adjust volumes, HCL require that you negotiate a migration to the CCB/CCX license model.  
  • For HCL Domino Collaboration Express:  A compliant configuration can be renewed as-is, or you can migrate to CCB on attractive terms.  HCL also recommends migrating to CCB to increase footprints, or to take advantage of HCL Domino Volt, however, you are permitted to acquire additional perpetual entitlements for a compliant configuration. 
  • All compliant standalone Utility Server entitlements can be renewed as-is (use of Domino Designer requires appropriate Domino Enterprise Client Access licences). To increase footprints, HCL require that you migrate to the CCB/CCX license model, which now supports all Utility Server use cases. 
  • For HCL Domino Messaging product models: A compliant configuration can be renewed as-is.  Also, you can increase the footprint for a compliant configuration by acquiring appropriate new entitlement parts. 

 HCL has updated all formal HCL Domino V12 License Information Documents now available here

Managing the upgrade/coexistence scenario from Domino Utility Server to CCB/CCX

An existing Domino Utility Server PVU or Utility Express PVU configuration with appropriate Domino Enterprise Client Access licenses for app maintenance can be renewed as-is.  However, many customers want to grow their application volume (hence, deployed server capacity) or want to take advantage of moving to CCB/CCX and the CCB add-on capabilities.

If you replace your Utility Server Support Subscription with appropriate CCB/CCX Authorized User volume to cover the current users, you can leave the installation as-is and just use your new CCB licensing.

If you need to maintain coexistence between Utility Server and CCB environments, you need to observe the following guidelines: 

  • Any entitlements included with CCB are only available to the CCB environment, e.g. Safelinx/Nomad Web. If HCL Domino Volt was added to CCB, the HCL Enterprise Integrator, HCL SAP Connector, and HCL Link are only available for the CCB environment.  
  • Any existing HEI/SAP Connector in the Utility Server environment must be continued/renewed as-is and cannot be replaced by the CCB entitled programs.  
  • Users defined on Utility Servers must be on the Denied Access List for all CCB servers to separate them from CCB licensing counts, whereas any CCB user is permitted access to the Utility Servers. 
  • The V12 Entitlement Reporting Tool provides a report for all of your Domino Domains, however, you can drill down on specific servers or groups of servers to understand user volumes by server. 

This announcement further enforces CCB/CCX as the licensing platform for Domino customers, allowing all customers to upgrade to CCB and with CCB as the only model for all new customers.

If you have any questions about this blog post and announcements or have any licensing questions, please contact your HCL product specialist or Business Partner. 

 Useful Links:  

 Related Blog Posts:

Frequently Asked Questions

Updated since September 23,  2020, “Introducing CCX, External User Entitlements 

Q: How are CCB/CCX users counted?

A: The Domino V12 Entitlement Tracker Tool produces an internal report to assist you with license compliance. (This report is not collected by HCL) 

  • You simply count the entries across all Domino Directories and Authentication Sources permitting users to log-in.  The count of credentials permitting log-in equals the number of Authorized Users. 
  • Keep separate track of “external” users and exclude from the CCB count.  A user on all Denied Access Lists are excluded from the counts. 
  • CCB includes an unlimited entitlement for Guest users. If logged-in Known Guest user credentials are included in the Domino Directories identified/separated out as “guests”, simply exclude from CCB/CCX counts. 
  • Needed CCX entitlements are established from the maximum number of log-in’s used or to be used in any 30 day period.  
  • CCB and CCX can reside on same server or as administrator decides – counting is always across all Domino Directories in Licensee’s enterprise.   
  • No employee or contractor in Licensee’s Enterprise can be a CCX or Guest user.   
     

Q: am using an earlier Domino license model. How do I switch to CCB/CCX?  

A: CCB licensing is a superset of prior Domino licensing. When CCB licensing is established replacing active Domino licensing, CCB can provide the entitlements that were in place for the Domino Servers and various clients. To support the user constituents, you may need both CCB/Guest and CCX entitlements to match your current use cases, but you can continue to use deployed software. In most cases, if you have a compliant installation, the move to CCB is cost neutral. 

Q: I just need Domino apps, no need for mail or other features. 

A: Mail routing is intrinsic to Domino and to many apps that run on the platform. For simplicity, the full mail application is included with CCB and functional/workflow mail is included with CCX – both HCL Verse, the traditional Notes user interface, and mobile access. The mail function is always part of your entitlement, whether you use it or not. 

Q: Can I still just license mail? 

A: The mail-only licensing of Domino Messaging CAL/PVU, Messaging Express is still available. However, you can fully replace your mail entitlements with CCB and include Domino Volt to gain significant additional value for your users. (See also Aligning all Domino V12 Licenses in this blog.) 

Q: What is included with CCB and what are add-ons? 

A: The CCB license includes entitlements to  

  • HCL Nomad for Web Browsers for all CCB/CCX users 
  • HCL SafeLinx  for all CCB servers and CCB/CCX users  
  • HCL Sametime Premium Limited Chat 
  • You must have a CCB license to enable any code install/download & product support for the above functions. 

Add-ons include:   

  • Full HCL Sametime Premium at a special, reduced, price 
  • HCL Domino Volt for all CCB users at a simple uplift (which is also extended to all CCX users for no additional charge).  The HCL Domino Volt add-on includes HCL Enterprise Integrator, HCL SAP Connector and HCL Link which are entitled for all CCB entitled servers with Domino Volt 
  • CCX on a per External User basis as described elsewhere in this blog. 

Q: What is a CCB user permitted to do? 

A: CCB users are entitled to all aspects of Domino applications and enterprise e-mail and purchased add-ons per above, without license restrictions on what users are permitted to do. CCB users can create and participate in apps and workflows to any level set by their Domino Administrators. 

Q: How do you restrict CCX and Guest users’ access to an application? 

A: Based on your settings in the Domino “Access Control List” (ACL) – all Domino databases/applications have an ACL which maps access levels to users. The access level is a classification limiting which tasks a user can perform in the database  – Manager, Editor, Author, Reader, Depositor, No Access – these classes are just labels, not verbatim. To fully understand permitted use cases, refer to the product documentation on ACLs found here  
Learn about Domino Access Control Lists (ACL)

Hints for the Admins/DevelopersExisting apps and standard templates may need customisation to support Known Guest users (free with CCB), whereas CCX users should have appropriate support with no changes to apps. 

Q: Why is a CCX user permitted ACL level up to Author? 

A: CCX users can fully participate in, and use (not create) Domino apps and workflows (including Domino Volt if added to CCB.)  The maximum ACL level allowed is “Author” access, which is typically assigned to users who need to contribute documents to a Domino database – and authenticated users can edit their own and other designated content.  
CCX is for authenticated, external users only and not permitted for any employee or contractor in the Licensee’s Enterprise. 

Q: Why is an anonymous Guest permitted ACL level up to Author? 

A: Anonymous Guests are web users, who beyond browsing a web site are permitted actions like submitting a contact form, participating in a web survey, posting anonymous blog content, etc. “Author” access is typically assigned to users who need to contribute documents to a Domino database just like CCX users, however, being anonymous they cannot edit any content, nor access individualised content and no details are retained as to who contributed to the database. 

Q: Why is a logged-in Guest only permitted ACL level up to Reader? 

A: Under ACL control, “Reader” access allows controlled creation of documents by using public access forms. Logged-in Guests authenticating with HTTP/LDAP are typically a dynamic, ever increasing volume of users visiting your web site, registering to gain access to community content, special interest forums, initiating workflows, etc.  “Reader” access is typically assigned to users who are only permitted to read documents in a database and/or using public forms to create documents. This case is for authenticated, external, limited use only, and not permitted for any Employee or contractor in the Licensee’s Enterprise.  
For external users needing any higher level of access, you must purchase CCX entitlements. 

Disclaimer – HCL’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at HCL’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard HCL benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multi programming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.  

Comment wrap
Further Reading
article-img
Digital Solutions | August 23, 2021
Introducing Domino v12.0.1 and HTMO 3.0.3 Beta Program!
After the successful launch of HCL Domino v12.0 in June 2021, we are approaching the next milestone: We’re happy to announce two new beta programs at once, HCL Domino 12.0.1 and HTMO 3.0.3 have both launched a Beta Program today! You are invited to join the beta program to test our latest release and provide feedback to development teams.   We’re calling on our community to share open, effective, and thoughtful review and testing of our software product. Your input is essential to how we develop our products, and we will continue to listen to you every step along our roadmap.  What you can expect from this first beta of Domino v12.0.1: HCL Notes Client Domino Online Meeting Integration The Notes Client 12.0.1 is providing native integration of online meeting platforms like Zoom, Webex, GoToMeeting, Teams and of course Sametime Meetings. So, from within the Notes calendar users can now more easily schedule online meetings on their preferred platform without having to install a plug-in. Improved Workspace Design with High Resolution Icons The new Notes client is finally allowing to use high resolution icons for your databases, which makes a big difference to the look and feel of your workspace! No need to stick to small and old style 32x32 pixel database icons anymore. We have already updated our standard templates with new icons, will you update yours? Advanced Properties Box You have asked for it, we have delivered: an all-new and resizable document property box: Thanks to Panagenda, the new "advanced properties" box allows to search for field names or values, it also provides the requested ability to copy to clipboard or export to a CSV file: What's new in Notes v12.0.1? https://help.hcltechsw.com/notes/beta/12.0.1/whats_new_01.html HCL Domino Designer We have already provided a 64Bit Notes client (in beta as of now), and based on your request are now providing a 64Bit Domino Designer client. Also, Domino Designer v12.0.1 provides the ability to include high quality icons for rendering and enables developers to optimize the database full...
article-img
Digital Solutions | August 18, 2021
New Tech Updates for HCL Domino, Notes, Traveler, Verse, and Connections
While you may have been on a summer vacation, we at HCL have been busy improving our products! Here is a small overview of what happened in the last couple of weeks and what you can expect soon from your most favorite collaboration platform.  Group 3 Language Translations for Notes and Domino 11.0.1  Good news for many of our customers: HCL Notes 11.0.1 is now available in more languages.   You asked for it (DOMINO-I-831 and NTS-I-842) - In addition to the 16 languages the Notes client was already providing, we are delivering the following language translations:  Danish  Finnish  Norwegian Catalan Hebrew Hungarian Slovenian Thai Turkish  Install kits for the HCL Notes Standard and Basic Client V11.0.1 in those languages can be found at our License and Download Portal under the Notes/Domino version 11.0.1.   Of course, we are also providing the Multilingual User Interface (MUI) kit for those languages, as well as the Install Shield Tuner files to customize your installation.  Group 3 language translations for the Notes Client v12 are being worked on. Level up for our Domino Rest API  In June, we started the beta program for our new Domino Rest API. Now in August, it’s time for the next iteration. Shifting gears to Beta 2 will introduce several improvements customers were asking for:  ODATA support was added for reading/writing from/to Domino, which is especially of interest for e.g., Salesforce customers who want to store data in Domino A new Domino server add-in task is provided to start/stop/reload the Domino Rest APIs and show its status from the Domino server console An installer is now allowing to install the Domino Rest APIs on a Domino Linux server. Previously only a docker container was provided  For more details, about the new features please refer to the changelog of this project.  Please note: The Domino Rest APIs are still in beta — the first eGA release is scheduled to be shipping with Domino v12.0.1 later this year. Customers interested in joining the beta program can find the required files available for download at our License and Download Portal.  HCL Traveler 12.0 updated with Fix Pack 1  Fix Pack 1 for...
article-img
Digital Solutions | June 11, 2021
Announcing the Domino REST API Beta Program  
Today, we’re announcing the start of the beta program for our new Domino REST API, formerly known as “Project Keep.” This is the latest addition to our ongoing Domino Early Access Program. The Domino REST API will introduce hundreds of new APIs that aperture to information on Domino — further extending access to your Domino data. It’s a modern take on the REST API for opening Domino access to a world of standards — and API-first developers. What is it?   Domino REST API is a new feature that runs alongside the server and allows you to expose your Domino data in the form of standardized Open-API-based methods securely and easily. Using a browser-based admin UI, application owners can define which data will be made available for view or update on a REST API. It extends the Domino principles of reader/author document access definitions into the world of Internet protocols.  It also includes Swagger UI which allows the visualization and interaction with APIs without having any of the actual implementation logic in place. The APIs are automatically generated from an OpenAPI (formerly Swagger) specification with visual documentation, making it easier to later implement the back-end code.  What is special about the new Domino REST APIs?  Secure by default, with fine granular controls per form, field and user basis  Implements latest open standards  HTTP/2-ready, for server-to-server or client-to-server communication API-first design with full interactive documentation  Low barrier to entry as it runs on a Domino server and/or your Notes client  Admin UI and Postman samples included  State-of-the-art JWT access token integrated with your existing IdP infrastructure What can be accessed via the Domino REST APIs? You can access content like views, documents, and fields, as well as database design, agents, and ACL settings. And, of course, featuring DQL queries to quickly access the data you are looking for.  Built-in declarative security ensures the API will only allow access to fields the caller is authorized to see or update. This can effectively prevent computed fields to be overwritten and limits participants in a workflow to update their fields only.   How to participate   The Domino REST API is now available as a...
Close