Unless you've been on a cruise for the
last couple of days, you've probably heard about the announcement of LotusLive
Notes (LLN). Whether you take the angle that this pushes IBM into immediate
market leadership, or that they left out the crucial piece of custom applications,
or that Lotus simply isn't as good a hosting provider as their business
partners are -- you probably aren't aware of the key market differentiator
that LLN provides: the hybrid model.
Well, let me amend that: you're probably
aware of it, insofar as you've heard it mentioned. But you probably don't
know how it works. And because this is an IBM offering, you're probably
figuring that integrating an on-premises Domino implementation with the
LLN hosted implementation means putting the IBM Tivoli Cross-Domain Federation
Identity Broker Gateway Server into your DMZ with the custom IBM Lotus
Domino Blarficator Addon pack that can only be installed by a team of 5
architect-level consultants from the Global Services team who charge $300
every 10 minutes and will only install the software on genuine IBM Z series
hardware. So your minimum investment in that integration is $5.3 gagillion
and it takes 17 months.
You're wrong.
Here's what you need to integrate your
on-premises Domino implementation with LLN: an OU certifier and a single
Domino server in the DMZ
Yup. That's it.
Why? Because LLN is built on Domino,
not some mishmash of technologies pretending to be Domino. And because
it's Domino, it uses the Notes PKI and NRPC from the ground up. So when
IBM asked themselves "how can we allow customers to manage the delegation
of identity to our hosted environment?" they looked at how they'd
solved that problem for customers since Notes 3 and said "we just
need a certificate branch that we can control." So you give them an
OU branch from your top-level O certificate, and they spawn all the servers
they need from that.
Because they do it in Domino terms,
that also means that every one of those servers can talk to your Domino
server in the DMZ. You just need to enable it as a pass-thru server. All
the gateway services were built into Domino 4 versions ago. There's
nothing new there -- just 128-bit symmetric key encrypted NRPC travelling
point-to-point between your DMZ and the LLN data center, and reaching from
there into whatever directory and mail servers you've defined in your own
Domino domain.
So what that really means is that when
you use the hybrid features of LotusLive Notes, you're effectively using
a hosted extension to your own existing domain. They even replicate your
NAB.
That's all there is to it. It's
crazy elegant, really, because it doesn't worry about introducing a bunch
of NEW stuff. All these problems were addressed ages ago by the platform
itself, and now there's just a really cool way to implement it with IBM
as a service vendor instead of a product vendor.
And because it doesn't introduce a bunch
of new stuff, it JUST WORKS. Your users get to their new LLN-based servers
in exactly the same way they would if you migrated them from one server
to another in your on-premises environment. They work with calendar
federation, schedule management, directories, authentication, local replicas
and transparent mail routing exactly as they would with a high-quality
Domino implementation: seamlessly. A cloud-based user can run a busy-time
query against on-premises users the same way a pure premises implementation
can -- because the server just proxies the request between all the individual
home servers as defined by the directory.
Now I won't claim that the implementation
is perfect. There are unsupported features. There are quirks. There
are limitations. But on the whole, what IBM has done here is incredibly
innovative and could only be accomplished with a technology like Notes,
where identity and security are built into the DNA of the platform.
Here's the real kicker: IBM doesn't
care if your "on-premises" servers are really on-premises. They
don't even know whether they are. So if you want to, say, put your email
services into the LotusLive cloud, but you're disappointed that you can't
move your custom applications, you should realize: YOU CAN. You just can't
move them to LotusLive. But you can move them to another hosting vendor
that supports custom applications. And as far as IBM is concerned, that's
just part of your "on-premises" Domino environment.
Have I mentioned the GROUP Live Platform-as-a-Service
offering? As many of you saw at Lotusphere, that is our data center middleware
platform that lets you dynamically implement and scale Lotus servers with
a few clicks of a button. Naturally, we're now extending that platform
to allow seamless integration with LLN, using the same fundamental strategy
as the IBM team: exploiting Domino's existing capabilities to seamlessly
extend a cloud-enablement to be cross-vendor. Whether you use it
in your on-premises facilities, outsource your hosting to a third party,
or want specific networks deployments for specific applications, the approach
chosen by IBM will allow maximum flexibility.
Of course, while this addresses the
IT support need of servers & infrastructure, it doesn't address the
business need of end user experience. Whether they're in the cloud or on-premises,
your mission critical custom applications are still whatever you designed
them to be. So the next big question is: how can we make a 10 year old
workflow app not only sit in a hosted data center, but also work better
when it does.
The answer, dear reader, is a tale for
another blog post....