ilug 2010 - deploying plug-ins to the enterprise
Post on 12-May-2015
659 Views
Preview:
DESCRIPTION
TRANSCRIPT
Presenter: René Winkelmeyer Company: Partner Dialog
Deploying plug-ins to the enterprise
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
Agenda
• René Winkelmeyer
• 32 years
• Married, two dogs, two cats
• Consultant for Business Process Optimization and Domino Development at Partner Dialog Unternehmensberatung GmbH
• IBM Business Partner
• Using Notes/Domino since 10+ years
• Member of IBMs Domino NEXT Design Partner program
About me
• OpenNTF Contributor and Committer
• Winner of the “IBM Best Open Source Award 2010”
• Main developer of the well-known “File Navigator” plug-in
About me
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
Agenda
• We’ll take a look how to deploy plug-ins to your enterprise.
• For that I’ll show you what’s to consider when you setup plug-ins within your company.
• And you’ll learn how to avoid some problems (maybe).
• It will be a brief overview !
What’s to expect from this session
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
Agenda
• Since the availability of plug-in provisioning within Lotus Notes there has always been a kind of knowledge gap for administrators (and developers).
• The difference between plug-ins (and features) and widgets is still not clear to anybody.
• If you talk about plug-in deployment – you talk about “widget deployment” (or so).
Talking about plug-ins and widgets
• Plug-ins are java programs
• Plug-ins are able to change the look and feel
• Plug-ins are the core base of the Notes standard client
• Plug-ins are the core base of Sametime
• Plug-ins are, well, everywhere in the Lotus world now.
What are plug-ins?
What are plug-ins?
• Features are the main mechanism for plug-in deployment.
• That’s because plug-ins are always part of a feature
• Features can contain multiple plug-ins
What are features?
• Widgets are … let’s say “gadgets” for the Notes client.
• You can use widgets for displaying several stuff in the Notes client sidebar
• Notes views, forms, pages etc.
• Google gadgets
• Web sites
• And you can use widgets to install plug-ins!
And what are widgets?
• The “functionality” of a widget is described as an XML configuration.
• You can export the XML through a right-click on the widget and send it via E-mail or publish it to a catalog.
• Both ways assume that you allow your users to install widgets (and maybe plug-ins) by themselves!
What are widgets?
<?xml version="1.0" encoding="UTF-8"?> <webcontextConfiguration version="1.1"> <palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="" hideThumbnail="false" id="2016957732" imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false" title="File Navigator Feature" url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl=""> <data> <installManifest><![CDATA[<install> <installfeature id="org.openntf.filenavigator.feature" name="File Navigator Feature" version="1.0.4">
<requirements> <feature id="org.openntf.filenavigator.feature" version="1.0.4" match="perfect" /> </requirements>
</installfeature> </install> ]]></installManifest> </data> </palleteItem> </webcontextConfiguration>
Anatomy of the an extension.xml
<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl="">
Anatomy of the an extension.xml
Set this parameter to „true“ if you don‘t want that users will see the widget icon
<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl="">
Anatomy of the an extension.xml
The id is very important. It identifies the widget. If you change it, Notes will recognize a „new“ widget!
<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl="">
Anatomy of the an extension.xml
If you want a custom image in the widget sidebar you can set the url right here.
<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl="">
Anatomy of the an extension.xml
Setting this parameter to „true“ forces the Notes client to open the widget in the same Sidebar panel (not needed for plug-ins).
<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl="">
Anatomy of the an extension.xml
Just the title of the widget.
<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl="">
Anatomy of the an extension.xml
Here you define the source where to get the plug-in. That‘s the HTTP way…
<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url=“nrpc://domsrv1/C12574550014E1F0" viewImageUrl="">
Anatomy of the an extension.xml
…and that‘s the NRPC way.
<palleteItem contributeToSideshelfOnStartup="false" doubleClickCommandId="“ hideThumbnail="false“ id="2016957732“ imageUrl="" providerId="com.ibm.rcp.toolbox.prov.provider.ToolboxProvisioning" singletonSidebar="false“ title="File Navigator Feature“ url="http://domsrv1/intern/it/updatesite.nsf" viewImageUrl="">
Anatomy of the an extension.xml
If you like custom icons for your sidebar elements – here you can configure them.
<data> <installManifest><![CDATA[<install> <installfeature id="org.openntf.filenavigator.feature" name="File Navigator Feature" version="1.0.4">
<requirements> <feature id="org.openntf.filenavigator.feature" version="1.0.4"
match="perfect" /> </requirements>
</installfeature> </install> ]]></installManifest> </data>
Anatomy of the an extension.xml
That‘s where the features are set which should be installed.
<data> <installManifest><![CDATA[<install> <installfeature id="com.iscoord.isphone.addon.sametime.feature" name="is-phone" version="8.7.3">
<requirements> <feature id="com.iscoord.isphone.addon.sametime.feature" version="8.7.3" match="perfect" /> <feature id="com.iscoord.isphone.core.feature" version="8.7.3" match="perfect" /> <feature id="com.iscoord.isphone.notes.toolbar.feature" version="8.7.3" match="perfect" /> <feature id="com.iscoord.isphone.ui.swt.feature" version="8.7.3" match="perfect" /> </requirements> </installfeature></install>]]></installManifest> </data>
Anatomy of the an extension.xml
Here is a somewhat „bigger“ feature set.
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• The plug-in deployment tool (got still no name for it)
• Conclusion
Agenda
• Security is important – as always
• Would your OS administrators allow your users to install any software by themselves?
• So - why would you allow users to install plug-ins by themselves??!
• The next steps will show you the security preparations for plug-in deployment. You just need to set them up once!
Security, security, security
• It’s highly recommended that you only deploy signed plug-ins. Without that you won’t be able to deliver a real silent installation – and it is more secure!
• Step 1: Create a keystore
%JAVA_HOME%\bin\keytool -genkey -dname "cn=signer, ou=ca, o=partner-dialog, c=DE“ -alias “codesigner" -keypass mypassword -keystore c:\yourfolder\keys -storepass secret -keyalg "RSA" -validity 360
Digitally sign your plug-ins
• Step 2: Export your certificate
%JAVA_HOME%\bin\keytool -export -alias “codesigner" -file pdcacert.cer -keystore c:\yourfolder\keys -storepass secret
Digitally sign your plug-ins
• Step 3: Import the certificate into your Domino directory
Digitally sign your plug-ins
• Step 4: Create a cross-certificate
• You need to open the internet certificate document!
Digitally sign your plug-ins
• Step 5: Deploy the certificate to your users with an Security policy setting
Digitally sign your plug-ins
You can use this to deploy any kind of certificate from your Domino directory into the users local address book
• Please configure the policy setting for signed plug-ins!
Setup plug-in policy settings
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
Agenda
• Consider five steps for plug-in deployment
Deployment in Lotus Notes / Domino
Configure plug-in settings
Import the plug-in to your updatesite
Add the plug-in to your toolbox
Deploy the widget
Sign the features and plug-ins
• Remember the security part?
• We setup internet cross-certificates and deployed them to our users.
• We set plug-in security to only allow the installation of signed plug-ins.
• Now we need to sign the features and plug-ins (every single jar file).
%JAVA_HOME%\bin\jarsigner -verbose -keystore C:\myfolder\keys -storepass secret -keypass secret C:\dev\updatesite\features\org.openntf.filenavigator.feature_1.0.5.jar codesigner
Digitally sign your features and plug-ins
• Please configure the policy setting for signed plug-ins!
Using the widget catalog
Make use of RUN_IN_BACKGROUND=true in org.eclipse.ui.workbench – that is nescessary for silent deployment
Using the widget catalog
Remove means „Remove from the policy setting“ – it doesn‘t mean „Remove from the users workspace folder“
All those Eclipse settings are stored in <notesdata>\workspace\.metadata\.plugins\org.eclipse.core.runtime\.settings Content of org.openntf.filenavigator.prefs #Mon Sep 13 13:41:43 CEST 2010 org.openntf.filenavigator.activity.PreferencePageFavFolder=true pref_question_roots_refresh=true org.openntf.filenavigator.activity.PreferencePageRoots=true org.openntf.filenavigator.activity.PreferencePageShares=true pref_question_eml_open=systemdefault pref_initial_setup=true prefmgmt_allow_shares=true eclipse.preferences.version=1 pref_roots_active=\#C\:\\\#D\:\\\#E\:\\\#F\:\\\#P\:\\\#G\:\\\#I\:\\\#Z\:\\\#H\:\\ pref_unzip_files=true org.openntf.filenavigator.activity.PreferencePageMail=false
Using the widget catalog
• IBM has provided a database for plug-in deployment.
• You’ll find it as an advanced template on your Domino server.
• This database allows you to have a single storage for your features and plug-ins.
Import into the Updatesite
It‘s a Notes database – so think about setting the ACL properly.
Import into the Updatesite
Feature name Feature ID Feature version Views for different sortings
Import mechanisms You can‘t delete single documents!
• IBM has provided a database for plug-in deployment.
• You’ll find it as an advanced template on your Domino server.
• This database allows you to have a single storage for widgets.
Using the widget catalog
It‘s a Notes database – so think about setting the ACL properly.
Using the widget catalog
All widgets are stored as Notes documents
Using the widget catalog
You need to set a category for the deployment with policies
This nice button imports some of the extension.xml data into the document.
The widget catalog assumes, that you already have an extension.xml
The desktop policy setting
The client will look at this server
Define the categories which should be installed
Should your users be able to see the widget sidebar?
The desktop policy setting
• At client start-up the client searches for the Widget catalog on the server.
• It then replicates the local widget catalog (if it doesn’t exist a new one is created).
• The client then searches in the local replica for changes.
• Note: a periodical replication of 24h is automatically enabled
How does the client provisioning work
• Just delete the corresponding document in the Widget catalog.
How do I uninstall a widget?
That will affect all users!
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
Agenda
• About me
• About you
• What’s to expect from this session
• We are talking about plug-ins – and so we have to talk about widgets
• Security, security, security
• Deployment in Lotus Notes and Domino
• Conclusion
Agenda
• Plug-ins are a very powerful – handle them with care!
• IBM has provided a good set of tools to administrate and deploy plug-ins – use them!
• You should always consider about security!
Conclusion
Thank you!
Thank you very much for attending my session !
René Winkelmeyer
Questions and – hopefully good – answers can now be placed !
top related