Many companies wish to use Lotus Domino as a mail backend, with Microsoft Outlook as the mail client.
IBM provides a connector for doing this, called DAMO - Domino Access for Microsoft Outlook. It's available on the IBM website, if your company has the necessary contractual arrangements... and if you can find it!
Here's how I went about getting it to run on Windows 7 with the Office Outlook 2010 Technical Preview. It is working for me on the Office 2010 Beta as well.
- Find the DAMO installation software somewhere on the IBM website. It may be available here: http://www.ibm.com/developerworks/lotus/downloads/.
- Run through the DAMO setup software. You will need two pieces of information
* Your Lotus Domino server name (I found this in Lotus Notes 8 by looking in File->Locations->Manage Locations->Edit->Servers); and
* Your Lotus Notes username.id file, which is usually stored in the Lotus Notes application folder, for example C:\Program Files\IBM\Lotus\Notes\Data\username.id . (Replace username with your own username.) - The installation will create a MAPI profile, which is basically a collection of settings for talking to your Lotus Domino server.
- Once installation has completed, Reboot the PC.
- Start Outlook 2010 and select the newly created MAPI profile. If you get an error that Office 2010 cannot access a file, you can work around this by right clicking on the Outlook icon in the start menu, and selecting properties->compatibility, and checking the "run this program as an administrator" checkbox. Please note that running Outlook as an administrator is a bad idea in general, and we'll set it back to normal shortly in step 8.
- The DAMO plugin will launch another setup process and retrieve mails and other settings from your domino server. Here is where I had problems. I had to close and restart outlook about 10 times, as the DAMO plugin would stall after a minute or two. Each time I restarted, it continued from where it had finished. Eventually it had imported all my mail folders and appointments.
- Close Outlook as requested.
- Set the compatibility mode back to normal by right clicking on the Outlook icon in the start menu, selecting properties->compatibility, and uncheck the "run this program as an administrator" checkbox.
- (Optional) continue complaining to colleagues about Lotus Notes' User Interface, and its impact on your productivity. :-)
If you try this out, please let me know how you go!
I've been playing around with the File Classification Infrastructure stuff in Windows 2008 R2 Server.
I was hoping that you could use it to classify files inside SharePoint 2007. Unfortunately, I couldn't find a way to do it.
FCI works by attaching metadata to a new stream inside the NTFS file system. SharePoint doesn't use NTFS for document storage (instead storing files in the database). (This also means that FCI can't classify files stored on FAT32 file systems such as most USB storage devices)
So as far as I can tell, there's no way to hook the file classification infrastructure up to content already stored in SharePoint. However you could use it to classify files on the file system prior to a bulk migration to SharePoint, since SharePoint picks up the classification metadata applied inside MS Office Files.
Will this capability be included in SharePoint 2010?
Introduction
A new "File Classification Infrastructure" service has been introduced into Windows Server 2008 R2. It is used to classify and act upon files based on their business value, and is aimed at reducing administrative burden while increasing policy compliance.
Microsoft say that "Only by enforcing company policies and knowing how storage is utilized can administrators efficiently use their storage and mitigate the risks of data leakage", and that "IT organizations can now define policy that spans across the organization and can better translate business requirements to IT actions."
Description
The File Classification Infrastructure is used to:
- Analyse and classify files; and
- Run tasks informed by the classifications of files.
Classification works by analysing the content of files or their location, and then setting metadata properties to predefined values based on this.
Tasks can be scheduled that take actions based on these metadata properties.
For example, files including the phrase "Commercial-In-Confidence" could be moved to a folder on a different filesystem with more stringent security controls, irrespective of which folder they are in or what type of document they are.
Example process and implementation (use case)
TBD.
- Evaluate information assets and context
- Assess impact on business due to a) unauthorized disclosure, and b) loss of data.
- Determine information sensitivity taxonomy and rules
- Implement properties (taxonomy) and rules.
- Monitor outcomes and review implementation.
SharePoint integration
Microsoft notes that "FCI integrates with Microsoft® Office SharePoint® Server 2007 so that file classification properties defined for Microsoft Office files on a file server persist with those files when they are uploaded into SharePoint."
However, this only applies to Office 2007 documents. Documents in other formats are not labelled in such a way using the out-of-the-box functionality in FCI.
One blog post (http://blogs.technet.com/filecab/archive/2009/05/11/classifying-files-ba...) mentions that the property types provided (for example, a "yes/no" field) are a strict subset of those provided by SharePoint. We take this imply that the file classification infrastructure may be futher integrated with SharePoint (possibly SharePoint 2010) in some way. Deeper Integration with SharePoint 2007 is unlikely, but we will keep watching.
Interpretation
Microsoft are starting to move towards the position that different information has different business value, regardless of its physical representation. Historically, Microsoft's classification has been based on the physical representatinon of information: "which drive on which server ?". In Microsoft's world, actions on files are typically either done in bulk, or at the discretion of anyone with permissions to do something.
A policy-based mechanism is a move away from the 'discretionary' model that Microsoft usually develop, and a move towards what is called mandatory access controls in military security circles. The idea is that irrespective of what a user wants (or even has permission to do) , there are mandatory policies that exist to ensure consistency and compliance.
Indeed, it is the need for better compliance management that is driving the implementation of this kind of functionality, and the decreased administrative overhead that results is an added benefit.
Custom Development
The file classification infrastructure provides a COM interface based around the use of "managers".
- Report manager - for reports and tasks.
- Classification Manager - gives access to classifiers, rules and properties. Assign and enumerate properties.
- File groups
- File management
A number of classes are made available. These include:
- FsrmReportManager
- IFsrmCollection
- IFRsrmReportJob
FsrmClassificationManager. (includes CreatePropertyDefinition method)
IFsrmPropertyDefinition.
Remaining questions
Questions that arise:
- Will the file classification infrastructure be used more deeply by future versions of SharePoint?
- Can it be used for access control policies?
We provide SharePoint templates to meet a range of business scenarios.
The templates are currently under development. Please Contact us if you would like further details.
Template downloads
Risk Management Template
Manage Risks and keep your project under budget and on schedule with the SharePoint2007Security.com Risk Management Template.
Includes
- Risk Log
- Risk Matrix
- Stakeholders
Coming soon.
Microsoft have recently updated their protocols information for SharePoint, incorporating a number of SharePoint 2010 changes. Included in the updates is information about claims based authentication in SharePoint 2010.
As we collect more information, this page will be updated. Some notes so far:
The protocols mentioned are:
SharePoint Claim Provider Service Web Service Protocol Specification
SharePoint Security Token Service Web Service Protocol Specification
As expected both protocols are implemented on top of SOAP over HTTP.
Claim based authentication mode
It appears that SharePoint web applications can be put in to claim-based authentication mode. (IsClaimsMode method.)
Claim providers
There are four types of claim providers: System, AllUsers, Group, and People.
System claims can be of several types: farmId, processidentitylogonname, processidentitysid, windowstoken/handle , processid
Value types appear to be a GUID (persisted as a string) or a string.
API
SPClaim is a claim associated with an entity.
