Chapter 7. Hierarchical and structural considerations between Domino Document
7.1 Hierarchy structure
7.1.3 Hierarchy comparison
The biggest difference between how the DDM and Quickr hierarchies work is in the
placement of files. With Quickr, you can place a file at any level in the hierarchy. With DDM, you can only place a file in a binder (lowest hierarchy level). In other words, having an hierarchy is mandatory in DDM, but it is optional in Quickr. This opens up a lot of new opportunities when determining how to migrate your DDM data into a Quickr environment, but it also means you need to spend time analyzing and evaluating.
The hierarchy in Quickr is much more flexible than it is in DDM. DDM requires a library to have file rooms, cabinets, categories, and binders, Quickr gives you the flexibility to have anything from a single level (the Place) to dozens of nested levels of rooms and folders. This means that you have choices. If you are using the full DDM hierarchy only because it was required, you might choose to flatten your hierarchy. Or, you might expand the number of levels if your organization requires even more levels than DDM originally offered.
The following sections discuss some considerations that you might take into account to determine what would apply best to your organization when you design a hierarchy in Lotus Quickr for your DDM migration.
Hierarchy dependency
Today, a lot of information is stored in non-structured environments. Finding the right information is based on performing search queries, not on navigating through extensive hierarchy structures. In fact, storing information in a hierarchy structure might even be counter-productive because it limits data to a specific location even though it might be applicable to more than one location in the hierarchy.
Note: The ability to specify folder-level security is a function that is commonly requested by
Lotus Quickr customers. IBM intends to provide this capability in the next version of Lotus Quickr, currently planned for the first half of 2010. Refer to Chapter 1, “Introduction” on page 3 for more information (and cautions) about IBM plans for future releases of Lotus Quickr.
A good example of hierarchy independency is the Internet. The information about the Internet is not structured in a consistent way overall but is fragmented over millions of sites and locations. To access the information, you use a search engine like Google or Yahoo to find the specific information you are after. If you do not find what you are seeking right away, you refine or redefine your search query until you find what you are seeking.
Removing your dependency on a hierarchy for locating information might sound revolutionary if you are accustomed to the DDM way of thinking (which mandates that everything must be in a hierarchy of up to seven levels deep), but it actually opens up a lot of new possibilities. For instance, you now have the possibility of consolidating the contents of multiple binders, file cabinets, and libraries into one place. Alternatively, you could also chose to split them up into multiple places.
Another big advantage of Quickr is that information can now be stored at any level within the hierarchy. This means that you are no longer required to store all data at the lowest level (binders in DDM) but can distribute data throughout the whole hierarchy tree.
Static content versus non-static content
Static content is content that is not changed often (for example of regulations, archives, manuals, and so forth). This content is often accessed through the Web browser interface by using search functionality. You know what you are seeking and you find it by entering the search criteria. A hierarchy for this type of information is usually of lesser importance. Users are more likely to access content that is frequently changed (non-static content), like project documentation through a connector directly from applications like MS Word or Symphony. For this kind of content, a hierarchy is more important and advisable, because it will help your users more easily locate the content through the connectors.
Most likely, you will find that both types of content (static and non-static) within your
organization. If so, you could consider splitting the content into multiple places or rooms. Use a flatter hierarchy model for the static content and a more extensive hierarchy model for the non-static content.
Security dependencies
Another consideration as you think about Lotus Quickr compared to DDM is that in Quickr security is not restricted to specific parts of the hierarchy like it was in DDM (binders and cabinets). Instead, in Quickr, you can set security at any level of a room (or folders in the next release of Lotus Quickr). This gives you much more flexibility
Whether you require security on multiple levels of content is an important factor in determining how you will organize your information in Quickr. If all your content is readily available to everyone then this is easy. You could create a single place and deposit all files into the index of the place.
If information is sensitive, consider using rooms and secured folders to restrict access to the content. Review 7.3, “Database structure” on page 101, to get a good idea of the effect of using folders and rooms to the server.
Example: Where do you store the annual sales report? Do you store it in the management
Chapter 7. Hierarchical and structural considerations between Domino Document Manager and Quickr 95
Data relations
Each place in Quickr has its own data storage. By default, searching happens within the place. Methods are available, of course, to search across places, but, in general, users will search within a specific place.
It is important to determine how you organize your content into places because the place layout will most likely determine where your users will start their search.
A Quickr Place is much more than just a document storage facility. It also forms a team’s working area. While creating places, it is important to take into account how your
organization’s teams are organized. Are they function-driven (as in departments) or goal-driven (as in project teams), or both?
As you can see the possibilities are numerous. The choices really depend on your organization’s current situation, needs, and goals.
7.1.4 Mapping example
So how do the hierarchy elements compare? That depends on what you want to do. If you want to recreate your current DDM environment into Quickr, then a migration could look like Table 7-1.
Table 7-1 Mapping example between DDM and Quickr
However, you are not required to keep the same hierarchy. Keep in mind that certain things (like categorization under multiple categories) are not available in Quickr.
A library could become a place but could also become a room or even a folder within another place that contains content from multiple libraries. The same goes for every other level. You are therefore not restricted to the above example. This is the time to re-evaluate your current hierarchy structure and make choices as to how you want to proceed into the future.
If you get frustrated that you cannot duplicate your DDM hierarchy exactly, do not forget that you are also getting a lot more functionality, particularly when it comes to collaboration. If you use the additional features of Quickr, like having the possibility of adding information into all levels of the hierarchy instead of just one, this could benefit your organization and users.
Example: Take for instance a manufacturer. They service multiple clients. To do so, they
have multiple departments and cross-department project teams. Their information could be organized in several ways. They could simply create a place per department and each keeps their own data. Or they could chose to create a place per customer, customer-group, or project in which people of several departments can collaborate on that project or customer. They could chose both and create a department place in which each department can store information that is not project-related and separate places per customer or project for the project-related information.
DDM Quickr
Library Place
File Room Room
File Cabinet Room
Binder Category Folder
Figure 7-5 shows the various containers available to both DDM and Quickr along with the mapping possibilities.
Figure 7-5 Various containers available to both DDM and Quickr along with the mapping possibilities Notice that Quickr has fewer containers than DDM. In reality, that is not true, because a fileroom is simply a category used to further classify a file cabinet and a binder category is a category used to further classify a binder. Quickr supports the concept of subcontainers (subrooms and subfolders), allowing you to mimic your DDM hierarchy in Quickr more closely. The decisions on how to map containers from DDM to Quickr should not be taken lightly. In determining the most appropriate mapping strategy, consider both your security and your navigational requirements.
7.2 Security
As an application built on IBM Lotus Domino (well known of its unique, robust security infrastructure), DDM provides excellent security features. Lotus Quickr services for Domino uses the same infrastructure, and the security features provided by this product are similar. In this paragraph we will explain how they compare and how we can map security levels of both products to each other.
7.2.1 DDM security
In this section, we begin discussing the key aspects which define DDM security.
User directory
DDM supports two types of repositories for user identify information:
Domino Directory
LDAP Directory
Like most of the applications using external user directories, DDM does not provide any of its own user management functionality and does not modify directory content, except for creating and maintaining a set of user access groups when adding new libraries.
Chapter 7. Hierarchical and structural considerations between Domino Document Manager and Quickr 97
DDM security levels and roles
DDM gives administrators and users the ability to set access on the following levels, for the predefined roles listed in Table 7-2.
Table 7-2 Levels at which you can set security in DDM
Permissions can be inherited from the file cabinet and binder levels, or set explicitly on file cabinet, binder, and document levels.
DDM typically generates access control list groups in the user directory (Domino Directory or LDAP), for newly created libraries. Group membership is typically automatically maintained. DDM also uses a Domino.Doc Site Administrators group in the Domino Directory. This group is used to store all global Domino.Doc administrators.
7.2.2 Quickr Security
Now that we have defined the key aspects of DDM security in the previous section, we discuss the model for Quickr for the sake of comparison.
User Directory
Lotus Quickr supports two different types of user repositories:
Domino Directory
LDAP Directory
Additional users can be added to a local directory within a place. LDAP can be connected directly and used as an LDAP, or used through Domino Directory Assistance. The first option is recommended if you want to benefit from using the real LDAP user repository.
Although Lotus Quickr allows administrators to create new users from its administration interface, this functionality is usually disabled, and user management is done on the Directory level (Lotus Domino or LDAP server).
Level Reader Editor Manager Binder Creator
File Cabinet View binders and read documents
View and potentially create binders if binder creator level is not used. Also allowed to view, create, and edit documents
View, create, edit, and delete binders as well as create, edit and read documents. Can also set security on the file cabinet
If used, has the same abilities as editor and is allowed to create binders
Binder View binders and
read documents.
View, edit, and optionally create binders. Also allowed to view, create, and edit documents
Create, edit, and delete binders as well as
documents. Also allowed to change security settings for the binder
If used, has the same abilities as editor and is allowed to create binders
Document Read documents Read and edit documents
Read, edit, delete, and set security on documents.
Quickr Security Levels and Roles
Lotus Quickr allows administrators and users to set an access at the following levels, using the following predefined roles:
System (global settings)
– Quickr Administrator: Administers Quickr, allowed to create places – Place Creator: Allowed to create places
Roles available at hierarchy levels
Table 7-3 illustrates a detailed view of the levels of security which can be set within Lotus Quickr.
Table 7-3 Levels of security which can be set within Lotus Quickr
Level Reader Author Editor Manager Owner
Place Allowed to
access place and read pages
Allowed to access place, read pages, create new pages, and edit their own pages
Allowed to access place, read, create, and modify pages.
Allowed to read, create, modify, and delete pages, create and delete rooms and sub-rooms, manage
membership, set ACL on all levels and delete a place Allowed to read, create, modify and delete pages, create and delete rooms and sub-rooms, add members, set ACL on all levels, delete a place Room and sub-room Allowed to access room or sub-room, and read all pages
Allowed to access room or sub-room, read pages, create new pages, and edit their own pages Allowed to access room or sub-room, read pages, create and modify pages Allowed to read, create, modify and delete pages, create sub-rooms, add members, set ACL on all levels and delete a room Allowed to read, create, modify and delete pages, create and delete rooms and sub-rooms, add members, set ACL on all levels, delete a room Folder and sub-folder (security functionality planned for next version of Lotus Quickr) Allowed to access folder or sub-folder, read all pages Allowed to access folder or sub-folder, read pages, create new pages, and edit their own pages Allowed to access folder or sub-folder, read pages, create and modify pages and files
Allowed to read, create, modify and delete pages, create sub-folders, add members, set ACL on all levels and delete a Folder Allowed to read, create, modify and delete pages, create and delete folders and sub-folders, add members, set ACL on all levels, delete a Folder Document Allowed to read
pages Allowed to read, modify, and delete page, restrict access to page.
Chapter 7. Hierarchical and structural considerations between Domino Document Manager and Quickr 99
7.2.3 Security Comparison
The following sections address how to think about security level settings between DDM and Lotus Quickr.
User directories
When migrating from DDM to Lotus Quickr, or any other product, you will be moving secured data. Some of the elements that you migrate will have access control lists (ACLs) containing names of users and groups that are stored in the user directory set on DDM. Therefore, if you want to keep permissions, you have the following options:
Set the same user directory on the target product (for example, Lotus Quickr).
Re-create the user directory on a new user repository.
Manipulate the DDM data during migration to match the target user directory content.
The Migration tool (described in Chapter 10, “Overview of the migration tool Lotus Quickr Migrator: Domino Document Manager Edition” on page 177) allows you to manipulate security entries during migration. For example, you write code to change the base distinguished name (that is, o=ITSO,c=US to o=IBM,c=US), or you can completely replace selected user or group distinguished names with the new ones.
Lotus Quickr supports the Domino Directory user registry that DDM uses. However, if you have never used LDAP in your organization, your migration to Lotus Quickr might provide a good opportunity to switch from the Domino Directory to LDAP. LDAP has benefits, such as the ability to integrate Lotus Quickr with other IBM collaboration and social software, as well as with third party applications that use LDAP as their user registry.
Security levels and roles
As already mentioned, DDM and Lotus Quickr both use the security infrastructure of the underlying Lotus Domino platform. Therefore, both products provide a similar set of security levels and roles. However, they cannot be mapped precisely one to one. In the next section, we provide an example of mapping roles from DDM to Quickr.
7.2.4 Security mapping
Due to differences between DDM and Lotus Quickr, we cannot map all security elements of one product to the other. You need to make decisions in cases where exactly corresponding elements aren’t available. Table 7-4 on page 100 shows a mapping example that you can use for your migration planning. Mapping is based on one possible migration scenario. More scenarios are described in Chapter 11, “Migration Tool: Operational scenarios” on page 187.
Table 7-4 Security mapping table
As for the ACL groups used by DDM, Lotus Quickr provides one group by default,
QuickPlaceAdministratorsSUGroup, used for storing the names of global Lotus Quickr super user administrators.
When integrated with LDAP, Lotus Quickr allows you to set a global super user administrator, that has full access and management authority for all places hosted by the Quickr server. For more on how to configure Lotus Quickr security, refer to the Quickr product documentation, see the following Web page:
http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp
DDM Lotus Quickr
Element Role Element Role
System DDM Administrator System Quickr Administrator
File Cabinet and Document/Binder Types Creator
Place Creator
File Cabinet Reader Place Reader
Editor Binder Creator Author/ Editor Manager Manager/ Owner
Binder Reader Room (see Note
below) Reader Editor Author / Editor Manager Manager/ Owner
Document Reader Document Reader
Editor Author
Manager Ownera
a. Can not be modified
Note: The ability to specify folder-level security is a function that is commonly requested by
Lotus Quickr customers. IBM intends to provide this capability in the next version of Lotus Quickr, currently planned for the first half of 2010. If binder-level security is an important aspect of your DDM implementation, you might considering postponing your migration until folder-level security is availability in Lotus Quickr. This will allow you to more easily map DDM binders to folders instead of rooms in Quickr.
Chapter 7. Hierarchical and structural considerations between Domino Document Manager and Quickr 101
7.3 Database structure
When migrating from DDM to Quickr, you need to understand how the on-server database structure works for both products. If you do not plan and manage your imported DDM environment correctly, you could have scalability or performance issues in your Quickr environment.
This IBM Redbooks publication does not describe the best practices for installing and setting up the basic Quickr servers and DAOS support. Refer to the Quickr installation guide and online Wikis for information. This chapter focuses on the specific issues that accompany a migration from DDM to Quickr from the point of view of database planning.
7.3.1 DDM database Structure
A DDM implementation changes and adds certain information, settings, and databases to a Domino server during installation and use of the application. The design elements and all the