This year, HCL Digital Solutions has delivered a modern, per user, licensing model for Domino – HCL Domino Complete Collaboration Business Edition (a.k.a. “CCB”). CCB has helped facilitate the growth in the Domino customer base and new user adoption and we’re proud to announce the completion of CCB licensing with the introduction of an eXternal user entitlement – the “CCX” Authorized User. 

CCB: Simplifying HCL Domino Licensing 

CCB is a key step in our journey to provide one license model for HCL Domino, eliminating the uncertainty of server capacity and sub-capacity (PVU) licensing.

  • A simple “Per User everything model” – use any client and any protocol for any server capacity to run all applications – including enterprise e-mail (HCL Verse).
  • Transparent license compliance management by simple user counting.
  • Adding additional capabilities to the core Domino environment under CCB entitlements – like HCL SafeLinx 1.1 which is now entitled for all CCB users.
  • We recently added a Guest user entitlement to permit web applications to run on CCB licensed servers – vastly improving the value of CCB. (This blog post contains updates to the announcement, “HCL Complete Collaboration (CCB) Guest Licensing” from July 29, 2020)

More capabilities will be provided using a simple “add-on” scheme for CCB licensing, which now includes:

  • Domino Volt: can be licensed to all CCB users at renewal or new CCB license sale
  • Sametime Premium v11.5: special price add-on to all CCB users , as soon as Sametime 11.5 goes eGA in November. (Sametime Premium stand-alone will also be available at full price.)
  • CCX: per user add-on for external users, from the end of September.

Introducing CCX  

CCX is an add-on to a CCB entitled Domino environment extending applications to external users at an attractive per user price. We now distinguish between internal users – who must be licensed under CCB – and CCX entitled external users.

Employees or contractors must be CCB users. You must have CCB licenses to enable all code install/download & product support. Where Domino Volt has been added to the CCB entitlement, the Domino Volt entitlement is also extended to any CCX users at no additional cost.

CCX users are functionally restricted to using Domino or Domino Volt applications and workflows but cannot create applications themselves. CCX users do not have a personal mailbox but can use task/functional mail for workflow routing or applications generating mail.

CCB Guest Users: What’s New 

Since the announcement in July 2020, we have thoroughly analyzed and discussed many customers’ use cases and now enhanced the value of authenticated/logged-in web users to permit a predefined maximum level of Domino application access (ACL) as “Reader.”

Counting Users for License Compliance  

CCB/CCX require Authorized User entitlements for any user who has credentials to access the system.  For both CCB and CCX, the required license volume for compliance is determined by counting directory entries in the Domino directories and accessible LDAP directories permitting users to log-in. Simple mail routing entries or credentials on the Domino Denied Access list are not included in the counts.

As of now, you simply count the entries in the Domino Directories/linked LDAPs permitting users to log-in. Any entry or LDAP tagged as “External” will be counted as a CCX user and all other credentials make up the CCB count.  If Guest user log-in credentials are in the same directories/LDAP they must be tagged as “Guest” and excluded from the count.

No employee or contractor in the Enterprise can be CCX or Guest but must be licensed as a CCB user. It is our intention to automate the counting for Domino v12 by enhancing the included Domino License Tracker to produce an internal license compliance report. The report is not automatically shared with HCL but can be used to assist with license compliance.

CCB/CCX Users’ Rights and Capabilities

Access to Domino Servers Licensed under CCB Authorized User Entitlement

Effectively immediately, customers with HCL Domino Servers deployed under CCB Authorized User entitlements can be accessed by Licensee’s entitled CCB Authorized Users and Guest Users as well as CCX Authorized Users.

In addition, HCL Domino Servers deployed under CCB Authorized User entitlements may participate in mail routing (SMTP), directory lookup and authentication (LDAP) for non-HCL Domino programs and permit access to free/busy time calendar information.

More Information 

HCL has made the following changes to the CCB license based on customer and partner requests to facilitate:

  • A read-only external website for Guest Users.
  • A simple way of providing tailored content to specific Guest Users.
  • Eliminating the need for server capacity (PVU) based licensing through the introduction of a specific External User license.
  • Permitting External Users in the Enterprise B2B value chain to participate in Domino based applications and workflows.
  • Using Domino Volt for External Users in general, as well as for data collection through surveys for anonymous Guest users.
  • Clarifying licensing for mail and calendar interoperability in multi-vendor scenarios involving our partners’ solutions.  

HCL plans to update the formal CCB/CCX V11.0.1 License Information that can be found here when CCX becomes available later in September 2020.

This announcement reinforces CCB/CCX as the licensing platform for Domino customers, allowing more customers to upgrade to CCB and as the model for all new customers.

If you have any questions about this announcement or have any licensing questions, please contact your HCL product specialist or Business Partner.

Useful Links:  

Related Blog Posts: 

Frequently Asked Questions

Q: How are CCB/CCX users counted?

A: You simply count the entries in the Domino Directories/linked LDAPs permitting users to log-in. Count entries/LDAP tagged as “external” as the CCX user count and deduct this number from the total number of entries which becomes the CCB count. The Denied Access List is excluded from the counts.

CCB and CCX can reside on same server or as administrator decides – counting is always across all Domino Directories in Licensee’s enterprise.  CCB includes an unlimited entitlement for Guest users. If logged-in Guest user credentials are included in the Domino Directories tagged as “guest” they are excluded from CCB/CCX counts. No employee or contractor in Licensee’s Enterprise can be CCX or Guest. 
(The current Domino License Tracker for v12 will produce an internal report to assist you with license compliance, but it is not automatically shared with HCL.)

Q: I am using an earlier Domino license model. How do I switch to CCB/CCX?

A: CCB licensing is a superset of prior Domino licensing. When CCB licensing is established replacing active Domino licensing, CCB can provide the entitlements that were in place for the Domino Servers and various clients. To support the user constituents, you may need both CCB/Guest and CCX entitlements to match your current use cases, but you can continue to use deployed software.

Q: I just need a Domino server for apps, no need for mail or other features.

A: Mail routing is intrinsic to Domino and to many apps that run on the platform. For simplicity, full mail functionality is included with CCB and functional/workflow mail is included with CCX. You don’t have to use the mail functionality but it is part of your entitlement.

Q: Can I still just license mail?

A: The mail-only licensing of Messaging CAL/PVU, Messaging Express will remain as such. However, you can fully replace your mail entitlements with CCB and include Domino Volt to gain significant additional value for your users.

Q: What is included with CCB and what are add-ons?

A: CCB licensing includes entitlement to HCL SafeLinx 1.1 for all CCB servers and CCB/CCX users as well as limited use Sametime and Connections Files & Profiles for all CCB users. 
Add-ons include:  

  • Sametime Premium when v11.5 becomes available around November 2020
  • Domino Volt for all CCB users at a simple uplift (also extend to all CCX users for no additional charge).  Domino Volt includes HCL Enterprise Integrator and HCL SAP Connector which is entitled for all CCB servers when upgraded with Domino Volt !
  • CCX on a per External User basis

Q: What is a CCB user permitted to do?

A: CCB users are entitled to all aspects of Domino applications and enterprise e-mail and purchased add-ons per above, without license restrictions on what users are permitted to do. CCB users can create and participate in apps and workflows to any level set by Domino Administrators.

Q: How do you restrict CCX and Guest users’ access to applications?

A: We use the Domino “Access Control List” (ACL) – all Domino databases/applications has an ACL which map access levels to users. The access level is a classification limiting which tasks a user can perform in the database  – Manager, Editor, Author, Reader, Depositor, No Access – these classes are just labels, not verbatim. To fully understand permitted use cases, refer to the product documentation of ACL.
Learn about Domino Access Control Lists (ACL)
(Note: Existing applications and standard templates may need customisation to fully support Guest users.)

Q: Why is a CCX user permitted ACL level up through Author?

A: CCX users can fully participate in, and use (not create) Domino apps and workflows (including Domino Volt if added to CCB.)  Hence, maximum ACL level is “Author” access, which is typically assigned to users who need to contribute documents to a Domino database – and authenticated users can edit their own or other designated content.
CCX is for authenticated, external users only and not permitted for any employee or contractor in the Licensee’s Enterprise!

Q: Why is an anonymous Guest permitted ACL level up through Author?

A: Anonymous Guests are web users, who beyond browsing a web site are permitted actions like submitting a contact form, participating in a web survey, posting anonymous blog content, etc. “Author” access is typically assigned to users who need to contribute documents to a Domino database just like CCX users, however, being anonymous they cannot edit any content, nor access individualised content.

Q: Why is a logged-in Guest permitted ACL level up through Reader?

A: Under ACL control, “Reader” access allows controlled creation of documents by using public access forms. Logged-in Guests authenticating with HTTP/LDAP are typically a dynamic, ever increasing volume of users visiting your web site, registering to gain access to community content, special interest forums, initiating workflows, etc.  “Reader” access is typically assigned to users who are only permitted to read documents in a database and/or using public forms to create documents. This case is for authenticated, external, limited use only, and not permitted for any Employee or contractor in the Licensee’s Enterprise!
For external users needing any higher level of access, you must purchase CCX entitlements.

Disclaimer – HCL’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at HCL’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard HCL benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multi programming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.

Comment wrap
Further Reading
article-img
Digital Solutions | June 11, 2021
Announcing the Domino REST API Beta Program  
Today, we’re announcing the start of the beta program for our new Domino REST API, formerly known as “Project Keep.” This is the latest addition to our ongoing Domino Early Access Program. The Domino REST API will introduce hundreds of new APIs that aperture to information on Domino — further extending access to your Domino data. It’s a modern take on the REST API for opening Domino access to a world of standards — and API-first developers. What is it?   Domino REST API is a new feature that runs alongside the server and allows you to expose your Domino data in the form of standardized Open-API-based methods securely and easily. Using a browser-based admin UI, application owners can define which data will be made available for view or update on a REST API. It extends the Domino principles of reader/author document access definitions into the world of Internet protocols.  It also includes Swagger UI which allows the visualization and interaction with APIs without having any of the actual implementation logic in place. The APIs are automatically generated from an OpenAPI (formerly Swagger) specification with visual documentation, making it easier to later implement the back-end code.  What is special about the new Domino REST APIs?  Secure by default, with fine granular controls per form, field and user basis  Implements latest open standards  HTTP/2-ready, for server-to-server or client-to-server communication API-first design with full interactive documentation  Low barrier to entry as it runs on a Domino server and/or your Notes client  Admin UI and Postman samples included  State-of-the-art JWT access token integrated with your existing IdP infrastructure What can be accessed via the Domino REST APIs? You can access content like views, documents, and fields, as well as database design, agents, and ACL settings. And, of course, featuring DQL queries to quickly access the data you are looking for.  Built-in declarative security ensures the API will only allow access to fields the caller is authorized to see or update. This can effectively prevent computed fields to be overwritten and limits participants in a workflow to update their fields only.   How to participate   The Domino REST API is now available as a...
article-img
Digital Solutions | June 7, 2021
HCL SafeLinx 1.2 is Live with Nomad Web
We are pleased to announce the release of HCL SafeLinx 1.2 for general availability. Starting today, customers can try out new features by downloading the package from Flexnet. In the past few months, we have been focusing on providing you a more user-friendly enterprise VPN platform with reverse proxy capabilities which aims to boost your middleware security at work.  SafeLinx and Nomad web  As part of the Domino v12 launch, this version comes with improved functionalities for Nomad Web Proxy:  New resources container specifically for Nomad, inherited from the generic http access service but only providing attributes needed for NWP  Modified initial configuration wizard to streamline NWP creation as part of initial setup  Ability to serve the Nomad web application static files directly from SafeLinx (event driven), without the need for an additional http server  Support for HCL Verse application integration when the Nomad app launches from a mail link  SAML as an authentication option  Configurable buffer size for NRPC flow  Configurable attribute for querying the User CN to use in Nomad client configuration.  Nomad-branded login screens  Other new features of this release include support for Mac OS administrator, MS-SQL Linux, and My SQL (Linux and Windows), and a new splash screen. To see the full list, please refer to SafeLinx 1.2 release notes.  Getting started: pricing and licensing For Notes/Domino Complete Collaboration (CCB) customers, SafeLinx is now available as a FREE entitlement and will be listed under supporting programs. CCB customers can use SafeLinx’s server component without the need for an additional VPN client to securely access their Domino apps from mobile. With this release, we’d like to provide our customers the opportunity to evaluate SafeLinx VPN for broader usage. Please contact your HCL Software representative or HCL Business Partner for more information on how to get SafeLinx 1.2.  SafeLinx is also available as a standalone to non-Notes-Domino Complete Collaboration customers. Contact us for more details. Our team has put in many hours turning your ideas into reality and we’d love for our customers to continue submitting ideas and improvements in our Ideas Portal. (Make sure you select “SafeLinx” under the Workspace before submission.)  Domino v12 Launch Missed the v12 live event yesterday? The launch is not over! We’ve just started rolling out the Domino Dozen which includes 12 days of...
article-img
Digital Solutions | June 3, 2021
Making a Smooth Upgrade to HCL Notes v12
The big day is coming soon! HCL Notes / Domino v12 will be launched  globally on June 7th (it’s already available for download on HCL FlexNet since May 27th). For those customers planning to upgrade, we have some great news. Whether you have been keeping pace with the rollouts of new HCL Notes client versions, or are WAY behind, there is a path for a seamless and smooth transition to v12. The MarvelClient Upgrade solution empowers organizations to optimize their HCL Notes client management and standardize all client versions with a consistent configuration during the automated upgrade process.  Common Upgrade Challenges What we have heard consistently from organizations around the world is that they want to reduce the complexity of their HCL Notes client installations and lessen the administration support tasks required. It is an ongoing challenge for IT support groups to keep pace with the upgrade cycles provided by their vendors. The following list is a showcase of some challenges that organizations face during an upgrade process:  Creation of Notes Client Install Package (with standard configurations)  Upgrade Package Deployment for Remote Users (with or without VPN)  Installation / Upgrade Process Execution Trigger for Automation  Migration of Notes Data Folder  Automated Upgrades for Different Deployment Models (Laptops, Desktops, Citrix, VDI, different OS versions, etc.)   The MarvelClient Upgrade solution handles all those requirements and more. The centralized tracking and reporting environment allows administrators to monitor the client deployments for all employees. And if any modifications are made through user error, they will be rectified and reset to the standard, supported settings on the next restart of the HCL Notes client. These automated, self-healing functions enable any organization to ensure a consistent environment for their users and reduce the number of IT support calls from HCL Notes client installation issues.  In addition, the MarvelClient Upgrade automates the entire process. This makes it easy to perform regular upgrades in the future as new software versions become available. If your organization is preparing to upgrade HCL Notes/Domino in the near future, please access this best practices list to avoid common project pitfalls.  Review of HCL Notes / Domino v12 We recently hosted a co-webinar with an expert from HCL on April...
Close