The Future of Notes #2 - Why a Notes App Store will fail (and how to fix that) »
PHILIP STORRY - JUN 24, 2010 (01:34:56 PM)
This is the second part of the Future of Notes Series, which stems from the recent frank discussions in the Notes community.
One of the big ideas that keeps coming up is just how people are going to get Apps. And perhaps understandably, people keep going back to the idea of an App Store.
As a concept, it's fine. But it's become painfully obvious that this discussion is going nowhere, probably because the people discussing it are very technically adept.
To be blunt, THERE WILL NOT BE A WORKING CENTRAL APP STORE FOR LOTUS NOTES.
It won't work, for one very good reason.
I won't let it work.
Not just me. Every Administrator.
Go ahead, try and make an app store. It's not going to work.
Your first problem is the signatures on the templates. I'll have to re-sign everything, or it won't work in the anvironment I administer. And I won't sign it unless I'm pretty certain it won't harm the environment I administer, so I'll probably need to investigate the App. Which takes time.
But that's a trivial issue compared to the next problem: Provisioning.
People discussing the App Store seem to have this wonderful idea that it's going to be like it is on a smart phone. You pop along, pick your apop, it's downloaded, installed, and then ready to run.
Which works because it's your device, and you're the only user of it, so its security model is based on physical access more than anything else.
Notes is a multi-user client/server system, and is a bit more secure than the average phone. This security will get in the way of the App Store idea.
There are other issues with an App Store as people are currently thinking about it. Like how does my company meet Regulatory and Compliance demands? As a user, I may not be allowed to use certain types of App, because there is an existing system that I'm required to use for that. An App Store potentially allows the bypassing of this.
Which is why a central App Store would probably be blocked in most large companies. It will not be allowed to work the way people are saying it should work.
That's a huge problem.
The Notes App Store is not something on the Internet. That's an Application Catalog, for businesses and Administrators to use to determine which applications they offer their users.
The Notes App Store, as far as a user is concerned, should be an Application on the server. For the sake of argument, we'll call it "Applications", and it's regular Notes database with a special template from IBM.
As an Administrator, I have populated this database with a range of Applications. Each Application is a document which contains a correctly signed NTF file, prefixes and suffixes for ACL groups, whether a mail-in database record is required, and details of the target destination for the App (e.g. Apps\Discussions\$appname$).
As an end user, I am unaware of this. I just come along, open the database, and say "I want a discussions database, and I want it to be called "Project App Store Discussions". I fill in some details as to who has Reader and Editor access.
When I hit save, the application checks that the name does not conflict with any existing Apps, mail-in database names (if required), and group names. As a user, I am unaware of this unless there is a conflict.
Once saved, a new task on the server - a binary task just like the router or http that we choose to load or not load as Administrators - spots the new document (almost immediately, as it watches the DB for changes) and goes to work.
It creates the Application NSF file, creates the group documents, populates the group documents (including adding the requestor on as an Owner/Administrator if required), creates a mail-in database record if required, and then fires off an email to the user with doclinks to the App and, if required, the groups it created.
(If the App is a web App, the links are obviously URIs rather than doclinks)
So the net effect for the user is that I create a new "request", and moments later I get an email saying "yep, that's done", and my App is ready to roll.
For the Administrator, this "App Manager" task also checks daily for apps that no longer have a valid owner/requestor, and produces stats (from Activity Trends?) to show which apps are used and which aren't. Apps can be marked for removal via the Apps.nsf database. The server task takes care of removal, using the Application document as a reference for what to delete.
If we don't have this kind of automated application provisioning, then a shiny online catalog of Apps is going to be useless.
It'll be a nine-foot ladder in front of an eighteen foot wall.
"App Stores", as the end user thinks of them, must be local to the organisation. They are controlled by, and for, the organisation that pays for the Notes licenses.
This allows organisations to offer as wide or as limited a range of apps as they like, without fear of apps getting too out of hand - the whole process is controlled and audited, and gives basic lifecycle management for applications. Which may not sound important, but I invite you to look over any long-running Notes Application Server and count the number of Apps being used on the server versus the number of Apps on the server...
Any solution that doesn't include Provision is merely window shopping, because you know you won't be able to actually walk away with usable goods.
This doesn't mean we don't need a central catalog of applications. The business still needs to know what it can put in its App Store(s) in the first place. But to imagine that an App Store will be of any use without some automated provisioning is just wishful thinking.
Because without automated provisioning, the App Store experience works like this:
You find this site on the internet, find an App, and download it. Then you log a call, mail the App to someone, and wait for them to get around to setting it up. Which takes a while, as they have to go and check that the App is OK, so you're not going to get your App within the next week or so.
Meanwhile, you've given up and are thinking about switching to Sharepoint, because you heard that works out of the box.
Domino/Notes 9 needs to address this provisioning problem. Without it, we'll end up with an App Store that's pretty much a cart without a horse.
Comments: 10
COMMENT: FRANK PAOLINO
JUN 24, 2010 - 03:21:43 PM
Philip, you have mentioned the one key point that is currently lacking: Provisioning. And you are correct.
Which is why we are releasing a provisioning ability for the NotesAppStore. We have code named it "Easy App Install", but provisioning is what it does. It works like this:
1. The Easy App Install feature allows you to securely identify servers that you manage.
2. You can then select products from vendors of the NotesAppStore site and they will automatically be installed (provisioned) onto these servers. This includes signing the templates with the server's signature.
3. An email will be sent to the Administrator when the installation is completed and the administrator can then finish any configuration settings needed for the App.
We are currently testing this functionality and plan to release it on a test basis in the next few weeks.
What this does for an Administrator is take the hassle out of installing and testing new Apps. This will work on enterprise Apps that typically require 1-2 hours of Administrator time just to get it on the machine properly.
Of course there will be debate about this feature, but I, as an administrator, hate installing new apps due to the time required for provisioning.
Easy App Install uses a standard installation methodology that can be configured based on the specific requirements of an individual App. The design goal is a unified installation approach done from a single entry point, which for most ISVs will be http://www.notesappstore.com «
COMMENT: NATHAN T. FREEMAN
JUN 24, 2010 - 03:29:06 PM
I won't let it work."
And that is why you will eventually be replaced by a SaaS provider who doesn't get in the way of your business users getting added value from their software.
"Meanwhile, you've given up and are thinking about switching to Sharepoint, because you heard that works out of the box."
You don't see the causal relationship between your starting statement and your ending one? YOU are the one that kept it from working.
That being said, it's also possible, though I know it sounds crazy, that applications for the Notes clients might not be shipped as templates. They have this fancy-dancy new thing called a "plugin" that can also provide a UI and manipulate data. They have all kinds of cool ways to work with data that doesn't need to be on a Domino server where administrators like yourself can prevent people from getting value out of it.
Instead, they can do things like work with "web sites" over the "internet." A little casual browsing should lead you to existing ones like TwitNotes, Tungle, Gist, Wildfire and even LinkedIn. You should really check it out. «
COMMENT: HENNING HEINZ
JUN 24, 2010 - 17:31:38
But I really like the idea combining SaaS with an App Store. XPage applications, in many cases, run in the browser like they do in the client anyway. «
COMMENT: PHILIP STORRY
JUN 24, 2010 - 17:55:46
That looks like the kind of thing I'm thinking of, certainly. I hope your tests go well!
Phil «
COMMENT: FRANK PAOLINO
JUN 24, 2010 - 06:14:34 PM
COMMENT: PHILIP STORRY
JUN 24, 2010 - 18:39:27
I hear you.
I won't let people do it because I'm not allowed to. We all know of apps that have taken servers down, in various ways. We all know downtime has costs.
If there was a way to avoid that downtime - say a virtualised API "sandbox" instance or Amgr that each app had - it would help. But there are still management issues with regards to storage, for example.
These are the same with any system. If I were a Sharepoint administrator in my company, I'd still only be able to deploy approved and tested apps. The restrictions you mention are no different to my employer than the websites blocked by the proxy, the fact I can't use a USB Key that's not approved and encrypted by Security, or that our network uses a GPO to stop me from doing some things to my workstation.
So no, I don't see a causal relationship between my opening and closing statements, because my closing statement was - frankly - an attention getter. As you've said, they might also go to SaaS or other solutions.
SaaS isn't much different. So you have a SaaS solution for, say, Document Storage. And then you find this neat little CMS - what do you think the SaaS supplier is going to say if you wander up and tell them to host it?
Yes, they'll more than likely either tell you to go jump or point you at their nearest equivalent.
Just like me, they want to provide a stable, reliable service. The individual administrators of the SaaS provider are just as constrained and as I am.
The only difference with SaaS is that if you're using one, you're likely to just go to a SaaS provider who does provide that CMS solution...
Widgets/plugins are interesting. They'll be OK so long as they only crash clients. The moment a badly written one takes out a server, the same controls will be demanded.
This is just a fact of life.
(Oh, and half the plugins you list may not work anyway. I can't get to Twitter through my work's proxies, nor a number of other websites. It sucks.)
That's why we need to fix provisioning - and provide both choice and service to the user WITH the reliability and management that the larger organisation always ends up demanding.
I'm not trying to be a roadblock. I'm doing the job that my employer pays me for, and I'm doing it on the terms that they dictate. I don't have much of a choice.
Surely it's better that our App Store plans take this into account and work with it, rather than against it? «
COMMENT: PHILIP STORRY
JUN 24, 2010 - 18:41:12
Thanks for the feedback. I can only hope IBM are listening!
The OpenNTF community does an excellent job, and if I had a provisioning tool I'm sure many of their efforts would be in it.
«
COMMENT: PHILIP STORRY
JUN 24, 2010 - 18:50:43
I'll happily review the security procedures, but I'm afraid I can't test it. I don't have the time at work, as it'd take a long time to get the app approved.
(It's a fairly locked down environment.
)
Feel free to email the procedures to me, and I'll try to have a look at them over the weekend. «
COMMENT: CHRIS TOOHEY
JUN 25, 2010 - 01:57:58 AM
Let me ask you this:
Where is an admin, developer, or someone in IT that's put in charge of a given Domino instance to turn when a user says "hey, we need to do XYZ -- is there an app for that?".
Today, there's really nothing outside of a catalog of vendors that they can turn to.
Imagine then if they could access an App Store specific to the platform they're looking to use, that not only allowed them to browse based on types of applications, read honest and trusted expert reviews, and actually purchase the app in question?!
Well, that would be a glorious thing. Hell, that might be the type of thing that takes a platform from being a success to being a world-wide *must have* technology.
Y'know... like a lot of people see having an iPhone is today.
I'll tell you something right now, the iPhone would be nothing today if it wasn't for the Apple App Store. It not only defined the product, but quite frankly changed the way software developers write their applications.
Gone are the days where applications cost as much as the platform they run on. Don't believe me, look at the rousing success story of the Blackberry App Store. (note the sarcasm...)
For an App Store to *truly* succeed, it needs two things:
1) It needs to know it's true audience.
2) You need to be able to purchase the solution within a mouse-click.
This opens an entire line of business for not only established big-name ISVs, but also for the independents out there that can produce some really great solutions.
If I could add a 3rd thing to the list of things needed to succeed it would be trust of the App Store "vendor", and trust that the purchased product will do what it says it's going to do.
The old days of users groveling to IT like Oliver begging for some scraps of gold in the form of a Ctrl+N'ed template are over. Customers -- y'know, the people whose job it is for you to support -- are becoming more tech savvy, and the expectation that "there's an app for that" is now mashed into their frontal lobe.
It's when you can't provide a solution that meets their needs (or actually stand in it's way) that there's something wrong... and if not corrected (or the understanding of the potential of the platform "evolved") you will immediately see your customers flee for easier solutions (outside vendors, SaaS providers, etc.). «
COMMENT: PHILIP STORRY
JUN 28, 2010 - 12:31:02
Apologies for the delayed reply - the weekend happened!
I agree that there are important issues about audience here. It seems to me that the "App Catalog" would be what the business/administrator would look at on the internet, then download/buy from.
The "App Provisioner" is the step I'm focused on, being an Admin. Because one app becomes two apps, then four, and so on.
I absolutely agree that nobody should need to come grovelling to me - or anyone else - for an app. That's what I want to avoid. I want to be able to offer high-quality apps for no real hassle, and have it done in a manageable manner.
I don't disagree with anything you've said, but do hope that IBM are listening to this discussion and beginning their planning accordingly. «