P. 1
adminvol1

adminvol1

|Views: 2,030|Likes:
Published by Supriya Babbar

More info:

Published by: Supriya Babbar on Apr 08, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/29/2012

pdf

text

original

Sections

  • Chapter 1 Deploying Domino
  • Chapter 2 Setting Up the Domino Network
  • Chapter 3 Installing and Setting Up Domino Servers
  • Chapter 4 Setting Up Server-to-Server Connections
  • Chapter 5 Setting Up and Managing Notes Users
  • Chapter 6 Setting Up and Managing Groups
  • Chapter 7 Creating Replicas and Scheduling Replication
  • Chapter 8 Setting Up Calendars and Scheduling
  • Chapter 9 Using Policies
  • Chapter 10 Setting Up Domain Search
  • Chapter 11 Setting Up Domino Off-Line Services
  • Chapter 12 Planning the Service Provider Environment
  • Chapter 13 Setting Up the Service Provider Environment
  • Chapter 14 Managing a Hosted Environment
  • Chapter 15 Setting Up the Administration Process
  • Chapter 16 Setting Up and Using Domino Administration Tools
  • Chapter 17 Using Domino with Windows Synchronization Tools
  • Chapter 18 Planning Directory Services
  • Chapter 19 Setting Up the Domino Directory
  • Chapter 20 Setting Up the LDAP Service
  • Chapter 21 Managing the LDAP Schema
  • Chapter 22 Using the ldapsearch Utility
  • Chapter 23 Setting Up Directory Assistance
  • Chapter 24 Setting Up Directory Catalogs
  • Chapter 25 Setting Up Extended ACLs
  • Chapter 26 Overview of the Domino Mail System
  • Chapter 27 Setting Up Mail Routing
  • Chapter 28 Customizing the Domino Mail System
  • Chapter 29 Setting Up Shared Mail
  • Chapter 30 Setting Up the POP3 Service
  • Chapter 31 Setting Up the IMAP Service
  • Chapter 32 Setting Up iNotes Web Access
  • Chapter 33 Monitoring Mail
  • Chapter 34 Setting Up the Domino Web Server
  • Chapter 35 Setting Up Domino to Work with Other Web Servers
  • Chapter 36 Setting Up the Web Navigator

software

Lotus Domino 6

Administering the Domino System, Volume 1

Disclaimer THIS DOCUMENTATION IS PROVIDED FOR REFERENCE PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION CONTAINED IN THIS DOCUMENTATION, THIS DOCUMENTATION IS PROVIDED “AS IS” WITHOUT ANY WARRANTY WHATSOEVER AND TO THE MAXIMUM EXTENT PERMITTED, IBM DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE SAME. IBM SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES, INCLUDING WITHOUT LIMITATION, DIRECT, INDIRECT, CONSEQUENTIAL OR INCIDENTAL DAMAGES, ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO, THIS DOCUMENTATION OR ANY OTHER DOCUMENTATION. NOTWITHSTANDING ANYTHING TO THE CONTRARY, NOTHING CONTAINED IN THIS DOCUMENTATION OR ANY OTHER DOCUMENTATION IS INTENDED TO, NOR SHALL HAVE THE EFFECT OF, CREATING ANY WARRANTIES OR REPRESENTATIONS FROM IBM (OR ITS SUPPLIERS OR LICENSORS), OR ALTERING THE TERMS AND CONDITIONS OF THE APPLICABLE LICENSE AGREEMENT GOVERNING THE USE OF THIS SOFTWARE. Copyright Under the copyright laws, neither the documentation nor the software may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form, in whole or in part, without the prior written consent of IBM, except in the manner described in the documentation or the applicable licensing agreement governing the use of the software. © Copyright IBM Corporation 1985, 2002 All rights reserved. Lotus Software IBM Software Group One Rogers Street Cambridge, MA 02142 US Government Users Restricted Rights — Use, duplication or disclosure restricted by GS ADP Schedule Contract with IBM Corp. List of Trademarks 1-2-3, cc:Mail, Domino, Domino Designer, Freelance Graphics, iNotes, Lotus, Lotus Discovery Server, Lotus Enterprise Integrator, Lotus Mobile Notes, Lotus Notes, Lotus Organizer, LotusScript, Notes, QuickPlace, Sametime, SmartSuite, and Word Pro are trademarks or registered trademarks of Lotus Development Corporation and/or IBM Corporation in the United States, other countries, or both. AIX, AS/400, DB2, IBM, iSeries, MQSeries, Netfinity, OfficeVision, OS/2, OS/390, OS/400, S/390, Tivoli, and WebSphere are registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Pentium is a trademark of Intel Corporation in the United States, other countries, or both. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. All other trademarks are the property of their respective owners.

Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . xv Volume 1 1 Deploying Domino . . . . . . . . . . . . 1-1
Starting and shutting down the Domino server . . . . . . . . . . . . . . . . . .

...

3-46

4 Setting Up Server-to-Server Connections . . . . . . . . . . . . . . . . . . . 4-1

. . . . . . . . 1-1 Building the Domino environment . . . . . . 1-14
Guidepost for deploying Domino

2 Setting Up the Domino Network . . . . . . . . . . . . . . . . . . . . . . 2-1

. . . . . . . . . . . 2-1 Network security . . . . . . . . . . . . . . . . . . 2-6 Planning the TCP/IP network . . . . . . . . . 2-10 Planning the NetBIOS network . . . . . . . . 2-26 Planning the IPX/SPX network . . . . . . . . 2-29 Setting up Domino servers on the network . . 2-32 Server setup tasks specific to TCP/IP . . . . 2-43 Server setup tasks specific to NetBIOS . . . . 2-58 Server setup tasks specific to IPX/SPX . . . . 2-61 NOTES.INI settings for networks . . . . . . . 2-64
Lotus Domino and networks

. . . . . 4-1 How a server connects to another server . . . 4-4 Internet connections . . . . . . . . . . . . . . . 4-21 Passthru servers and hunt groups . . . . . . 4-23 Planning the use of passthru servers . . . . . 4-25 Setting up a server as a passthru server . . . 4-27 Setting up a server as a passthru destination . . 4-28 Planning for modem use . . . . . . . . . . . . 4-33 Commands for acquire and connect scripts . . 4-53 Connecting Notes clients to servers . . . . . . 4-55
Planning server-to-server connections

5 Setting Up and Managing Notes Users . . . . . . . . . . . . . . . . . . . 5-1
Setting up Notes users

...............

5-1 5-38 5-41 5-54 5-85 5-87

3 Installing and Setting Up Domino Servers . . . . . . . . . . . . . . . . 3-1

Adding an alternate language and name to a user ID . . . . . . . . . . . . . .

... Server installation . . . . . . . . . . . . . . . . . . The Domino Server Setup program . . . . . . .
Installing and setting up Domino servers Using Domino Off-Line Services (DOLS) and iNotes Web Access . . . . . .

3-1 3-3 3-8 3-10 3-17 3-28 3-29 3-34

... Setting up client installation for users . . . . Managing users . . . . . . . . . . . . . . . . . . License Tracking . . . . . . . . . . . . . . . . . Custom welcome page deployment . . . . .

... Using the Domino Server Setup program . . The Certification Log . . . . . . . . . . . . . . . Server registration . . . . . . . . . . . . . . . . Optional tasks to perform after server setup . .

6 Setting Up and Managing Groups . . . . . . . . . . . . . . . . . . . . . . . 6-1

..................... Creating and modifying groups . . . . . . . . . Managing groups . . . . . . . . . . . . . . . . . . Assiging a policy to a group . . . . . . . . . . .
Using groups

6-1 6-2 6-8 6-9

iii

7 Creating Replicas and Scheduling Replication . . . . . . . . . . 7-1

Collecting detailed information from user calendars . . . . . . . . . . . . . . . .

........................ How server-to-server replication works . . . .
Replicas Guidelines for setting server access to databases . . . . . . . . . . . . . Setting up a database ACL for server-to-server replication Table of replication settings

7-1 7-3 7-5

......

. . . . . . . . 7-6 . . . . . . . . . . 7-11
7-17 7-20 7-22 7-23 7-24 7-27 7-28 7-29 7-30 7-31 7-31 7-32 7-33 7-34

Specifying replication settings for one replica . . . . . . . . . . . . . . . .

.... Scheduling server-to-server replication . . . Customizing server-to-server replication . . Specifying replication direction . . . . . . . . Scheduling times for replication . . . . . . . . Replicating only specific databases . . . . . . Replicating databases by priority . . . . . . . Limiting replication time . . . . . . . . . . . . Using multiple replicators . . . . . . . . . . . Refusing replication requests . . . . . . . . . . Forcing immediate replication . . . . . . . . . Disabling database replication . . . . . . . . . Forcing a server database to replicate . . . .
Viewing replication schedules and topology maps . . . . . . . . .

. . 8-20 9 Using Policies . . . . . . . . . . . . . . . 9-1 Policies . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Policy hierarchy and the effective policy . . . 9-3 Planning and assigning policies . . . . . . . . . 9-6 Creating policies . . . . . . . . . . . . . . . . . . 9-7 Mail archiving and policies . . . . . . . . . . . 9-22 Managing policies . . . . . . . . . . . . . . . . 9-35 Viewing policy relationships . . . . . . . . . . 9-37 10 Setting Up Domain Search . . . 10-1 Domain Search . . . . . . . . . . . . . . . . . . . 10-1 Planning the Domain Index . . . . . . . . . . 10-4 Creating and updating the Domain Index . 10-14 Customizing Domain Search forms . . . . . 10-18 Setting up Notes users for Domain Search . 10-19 Setting up Web users for Domain Search . 10-20 Using content maps with Domain Search . 10-21 NOTES.INI settings for Domain Search . . 10-23
11 Setting Up Domino Off-Line Services . . . . . . . . . . . . . . . . . . . . . 11-1
Domino Off-Line Services

............

11-1

......

12 Planning the Service Provider Environment . . . . . . . . . . 12-1
Planning the xSP server environment

8 Setting Up Calendars and Scheduling . . . . . . . . . . . . . . . . . . . . 8-1
Calendars and scheduling Setting up scheduling

.... ..

12-1 12-4 12-16

............ ............... ......

8-1 8-5 8-7

Using Domino features in a hosted server environment . . . . . . . . . . . . . . Example of planning a hosted environment . . . . . .

Setting up the Resource Reservations database . . . . . . . . . . . . . . Creating Site Profile and Resource documents . . . . . . . . . .

.........

13 Setting Up the Service Provider Environment . . . . . . . . . . 13-1
Setting up the service provider environment . Installing the first server or additional servers for hosted environments Setting up a hosted organization

. . . . . . . . 8-9 Editing and deleting Resource documents . . 8-13 Creating Holiday documents . . . . . . . . . . 8-17
iv Administering the Domino System, Volume 1

.

13-1 13-2 13-3

... .......

Setting up the Domino certificate authority for hosted organizations Using policies in a hosted environment

.. ...

13-3 13-4

15 Setting Up the Administration Process . . . . . . . . 15-1

What happens when you register a hosted organization? . . . . . . . . . . . . . . .

. 13-5 Example of registering a hosted organization . . 13-8 Registering a hosted organization . . . . . 13-11
Using Internet and Web Site documents in a hosted environment . . . . . . . . . 13-18 Global Web Settings documents and the service provider environment . . Configuring activity logging for billing hosted organizations . . . . . . .

.......... Setting up the Administration Process . . . .
The Administration Process Administration Process support of secondary Domino Directories

15-1 15-5 15-7 15-8 15-13 15-19 15-29 15-35 15-36

..... ..

Processing administration requests across domains . . . . . . . . . . . . . . . . . Setting up ACLs for the Administration Process . . . . . . . . . . . . . . . . .

..

13-21 13-23

...

14 Managing a Hosted Environment . . . . . . . . . . . . . . . . . 14-1
Maintaining hosted organizations

.. The Administration Requests database . . Customizing the Administration Process . Adminstration Process Statistics . . . . . . . Administration request messages . . . . . .

......

14-1

Adding a hosted organization to an additional server to provide new Web applications . . . . . . . . . Deleting a hosted organization Temporarily disabling services for a hosted organization . . . . . .

16 Setting Up and Using Domino Administration Tools . . . 16-1

.... ........ ...... ... ..

14-2 14-3 14-4 14-4 14-5 14-10 14-11 14-12 14-12 14-14 14-14 14-15

Enabling anonymous access to a hosted organization’s database . . . . . .

........... Installing the Domino Administrator . . . . Setting up the Domino Administrator . . . . Starting the Domino Administrator . . . . . Navigating Domino Administrator . . . . . .
The Domino Administrator Selecting a server to administer in the Domino Administrator . . . . .

16-1 16-1 16-2 16-2 16-3

Moving a hosted organization to another server . . . . . . . . . . . . . . . . . . . Removing a hosted organization from a backup or load-balancing server . Restoring a hosted environment after a server crash . . . . . . . . . . . . . Using a browser to access a hosted organization’s Web site . . .

..

...

.....

. . . . . 16-4 Setting Domino Administration preferences . . 16-5 Domino Administrator tabs . . . . . . . . . 16-13 Web Administrator . . . . . . . . . . . . . . . 16-17 Setting up the Web Administrator . . . . . 16-17 Starting the Web Administrator . . . . . . . 16-22 Using the Web Administrator . . . . . . . . 16-23
The Server Controller and the Domino Console . . . . . . . . . . . . . . .

Using the Resource Reservations database in a hosted environment . . . . . . .

. Viewing hosted organizations . . . . . . . . Managing users at a hosted organization .
Using the Web Administrator to manage users at a hosted organization . . .

...

16-28

17 Using Domino with Windows Synchronization Tools . . 17-1
Setting up Windows NT User Manager

... ..

17-1 17-6

.

Setting policy-based registration options for use with Notes synchronization

Contents v

Using the Windows NT Performance Monitor to view Domino . . . Setting up Domino Active Directory synchronization . . . . . . . .

Customizing the Directory Profile

.....

19-16

....

17-23

Scheduling replication of the Domino Directory . . . . . . . . . . . . .

. . . . . 17-25 18 Planning Directory Services . . 18-1 Overview of Domino directory services . . . 18-1
Using directory servers in a Domino domain . . . . . . . . . . . . . . .

..... Planning LDAP features . . . . . . . . . . . . . Planning directory access control . . . . . . .
Planning new entries in the Domino Directory . . . . . . . . . . . . .

18-1 18-3 18-7 18-7 18-9 18-10 18-12 18-15 18-18 18-19 18-20

. . . . 19-17 20 Setting Up the LDAP Service . . 20-1 The LDAP service . . . . . . . . . . . . . . . . . 20-1 How the LDAP service works . . . . . . . . . 20-2 Setting up the LDAP service . . . . . . . . . . 20-7 Starting and stopping the LDAP service . . . 20-8
Customizing the LDAP service configuration . . . . . . .

..... .

Planning the management of entries in the Domino Directory . . . . . . . . . . . . Planning directory services for Notes clients . . . . . . . . . . . . . . . Planning directory services in a multiple-directory environment Directory search order

....

... .............

Planning internationalized directory services . . . . . . . . . . . . . .

.... Planning directory customization . . . . . . Directory services terms . . . . . . . . . . . .

. . . . . . . . . 20-9 Setting up clients to use the LDAP service . 20-34 Using LDAP to search a Domain index . . 20-36 Monitoring the LDAP service . . . . . . . . 20-37 NOTES.INI settings for the LDAP service . 20-41 RFCs supported by the LDAP service . . . 20-42 21 Managing the LDAP Schema . . 21-1 LDAP schema . . . . . . . . . . . . . . . . . . . 21-1 The Domino LDAP schema . . . . . . . . . . . 21-2 The schema daemon . . . . . . . . . . . . . . . 21-5 Domino LDAP Schema database . . . . . . . 21-7 Methods for extending the schema . . . . . 21-10
Extending the schema using the Schema database . . . . . . . . . . . . . . . .

19 Setting Up the Domino Directory . . . . . . . . . . . . . . . . . . . . . 19-1
The Domino Directory

.............. .... .. ..

19-1 19-2 19-2 19-5

Setting up the Domino Directory for a domain . . . . . . . . . . . . . . . .

.. Schema-checking . . . . . . . . . . . . . . . . Searching the root DSE and schema entry .
NOTES.INI settings related to the schema daemon . . . . . . . . . . . . . . . . .

21-13 21-18 21-19

Using a central directory architecture in a Domino domain . . . . . . . . . . . . Managing Domino Directories in a central directory architecture . . . . . . . . Controlling access to the Domino Directory . . . . . . . . . . . Corporate hierarchies

. 21-21 22 Using the ldapsearch Utility . . 22-1
Using the ldapsearch utility to search LDAP directories . . . . . . . .

. . . . . . . 19-9 . . . . . . . . . . . . . 19-13 .
19-15

..... Table of ldapsearch parameters . . . . . . . . Using search filters with ldapsearch . . . . .
Using ldapsearch to return operational attributes . . . . . . . . . . . . . . Examples of using ldapsearch

22-1 22-2 22-4 22-5 22-6

Setting up Notes clients to use a directory server . . . . . . . . . . . . . . . . . . .

.... .........

vi Administering the Domino System, Volume 1

23 Setting Up Directory Assistance . . . . . . . . . . . . . . . . . . . 23-1

Specifying the Domino Directories for the Dircat task to aggregate . . . . . . . Controlling which information is aggregated into a directory catalog Full-text indexing directory catalogs Planning issues specific to Extended Directory Catalogs . . . . . . . Planning issues specific to condensed Directory Catalogs . . . . . . . Multiple directory catalogs Overview of setting up a condensed Directory Catalog . . . . . . . The Dircat task

.

24-15 24-16 24-25 24-26 24-29 24-33 24-34 24-45

. . . . . . . . . . . . . . . 23-1 How directory assistance works . . . . . . . . 23-2 Directory assistance services . . . . . . . . . . 23-3 Directory assistance concepts . . . . . . . . 23-12 Directory assistance and naming rules . . . 23-12 Directory assistance and domain names . . 23-18
Directory assistance Directory assistance and failover for a directory . . . . . . . . . . . . . . . Directory assistance for an Extended Directory Catalog . . . . . . . .

. .... ....

.... ..........

...

23-19 23-22 23-24 23-26 23-29 23-29 23-51 23-60

.... .

..... ..................

Directory assistance in conjunction with a condensed Directory Catalog . . . . Directory assistance for the primary Domino Directory . . . . . . .

Opening the configuration document for a directory catalog . . . . . . . . . . . . . 24-48

..... Number of directory assistance databases . Setting up directory assistance . . . . . . . . Directory assistance examples . . . . . . . . Monitoring directory assistance . . . . . . .

. . . . . . . . 24-49 25 Setting Up Extended ACLs . . . 25-1 Extended ACL . . . . . . . . . . . . . . . . . . . 25-1
Monitoring directory catalogs How other database security features restrict extended ACL access settings . . . . . . . . . . . . . . .

24 Setting Up Directory Catalogs . . . . . . . . . . . . . . . . . . . . . 24-1

................. Condensed Directory Catalogs . . . . . . . .
Directory catalogs Directory catalogs on servers compared to directory assistance for individual Domino Directories . . . . . . . . . .

24-1 24-2

.. Extended Directory Catalogs . . . . . . . . . . Overview of directory catalog setup . . . . . Planning directory catalogs . . . . . . . . . . .
Directory catalogs and client authentication . . . . .

24-4 24-5 24-8 24-9 24-9 24-14 24-14

. . . . . 25-2 Elements of an extended ACL . . . . . . . . . 25-3 Extended ACL access settings . . . . . . . . . 25-3 Extended ACL subject . . . . . . . . . . . . . . 25-9 Extended ACL target . . . . . . . . . . . . . . 25-12 Extended ACL examples . . . . . . . . . . . 25-19 Extended ACL guidelines . . . . . . . . . . . 25-22
Setting up and managing an extended ACL . . . . . . . . . . . . . . . . .

...

25-22

26 Overview of the Domino Mail System . . . . . . . . . . . . . . . . . . . . . . 26-1
Messaging overview

..........

...............

26-1 26-2 26-5 26-17

Directory catalogs and Notes mail encryption . . . . . . . . . .

...... Picking the server(s) to run the Dircat task .

Supported routing, format, and access protocols . . . . . . . . . . . . . . .

.... The Domino mail server and mail routing . .
Overview of routing mail using Notes routing . . . . . . . . . . . . . . . .

...

Contents vii

Overview of routing mail using SMTP The Domain Name System (DNS) and SMTP mail routing . . . . . . . .

...

26-21

Restricting outbound mail routing Mail journaling

. . . . . 28-98 . . . . . . . . . . . . . . . . . 28-105

. . . 26-25 27 Setting Up Mail Routing . . . . . 27-1 The Domino mail router . . . . . . . . . . . . . 27-1 Planning a mail routing topology . . . . . . . 27-2 Sample mail routing configurations . . . . . 27-9
Creating a Configuration Settings document . . . . . . . . . . . Setting up Notes routing

Setting inbound and outbound MIME and character set options . . . . . . . . .

...... ........... . .

27-18 27-20 27-37 27-42 27-58 27-59

Configuring Domino to send and receive mail over SMTP . . . . . . . . . . . . Setting up how addresses are resolved on inbound and outbound mail . . . . Configuring Domino to send mail to a relay host or firewall . . . . . . .

... Routing mail over transient connections .

28 Customizing the Domino Mail System . . . . . . . . . . . . . . . . . . 28-1

. . . . . . . . . . . . . . . . . 28-1 Controlling messaging . . . . . . . . . . . . . . 28-1 Improving mail performance . . . . . . . . . . 28-2 Controlling message delivery . . . . . . . . . 28-8 Setting server mail rules . . . . . . . . . . . . 28-20 Customizing message transfer . . . . . . . . 28-26 Setting transfer limits . . . . . . . . . . . . . 28-33
Customizing mail Setting advanced transfer and delivery controls . . . . . . . . . . . . . . .

. 28-115 29 Setting Up Shared Mail . . . . . . 29-1 Shared mail overview . . . . . . . . . . . . . . 29-1 Setting up shared mail databases . . . . . . . 29-5 Managing a shared mail database . . . . . 29-11 Disabling shared mail . . . . . . . . . . . . . 29-25 30 Setting Up the POP3 Service . . 30-1 The POP3 service . . . . . . . . . . . . . . . . . 30-1 Setting up the POP3 service . . . . . . . . . . 30-2 Setting up POP3 users . . . . . . . . . . . . . . 30-7 31 Setting Up the IMAP Service . . 31-1 The IMAP service . . . . . . . . . . . . . . . . . 31-1 Setting up the IMAP service . . . . . . . . . . 31-4 Customizing the IMAP service . . . . . . . . 31-5 Setting up IMAP users . . . . . . . . . . . . . 31-22
IMAP settings in the server NOTES.INI file . . . . . . . . . . . . . . . . . . . .

..

31-39

32 Setting Up iNotes Web Access . . . . . . . . . . . . . . . . . . . . . . 32-1

... Customizing Notes routing . . . . . . . . . . Customizing SMTP Routing . . . . . . . . . Changing SMTP port settings . . . . . . . . Restricting SMTP inbound routing . . . . .
Preventing unauthorized SMTP hosts from using Domino as a relay

28-39 28-50 28-57 28-58 28-70 28-75 28-86

. . . . . . . . . . . . . . . . 32-1 iNotes Access for Microsoft Outlook . . . . 32-11 33 Monitoring Mail . . . . . . . . . . . . 33-1 Tools for mail monitoring . . . . . . . . . . . . 33-1 Setting up mail monitoring . . . . . . . . . . . 33-3 Viewing mail usage reports . . . . . . . . . 33-16
iNotes Web Access

34 Setting Up the Domino Web Server . . . . . . . . . . . . . . . . . . . . . . . 34-1
The Domino Web server

.............

34-1

.... ..

Enabling DNS blacklist filters for SMTP connections . . . . . . . . . . . . . .

Setting up a Domino server as a Web server . . . . . . . . . . . . . . . . Setting up WebDAV

. . . . . 34-4 . . . . . . . . . . . . . . 34-15

viii Administering the Domino System, Volume 1

................ Web Site rules and global Web settings . . Custom Web server messages . . . . . . . . Improving Web server performance . . . .
Hosting Web sites

34-17 34-34 34-48 34-52

Certificates

..................... ......

39-2 39-4

Password-protection for Notes and Domino IDs . . . . . . . . . . . Verifying user passwords during authentication . . . . . . . .

35 Setting Up Domino to Work with Other Web Servers . . . . . . . . 35-1
Setting up Domino to work with other Web servers . . . . . . . . . . . . .

. . . . . . . 39-8 ID recovery . . . . . . . . . . . . . . . . . . . . 39-14 Public key security . . . . . . . . . . . . . . . 39-22
Using cross-certificates to access servers and send secure S/MIME messages Adding cross-certificates to the Domino Directory or Personal Address Book

....

35-1

. .

39-27 39-29

36 Setting Up the Web Navigator . . . . . . . . . . . . . . . . . . . . 36-1

. . . . . . . . . . . . . . . . 36-1 Setting up a Web Navigator server . . . . . . 36-2 Customizing the Web Navigator . . . . . . . 36-6 The Web Navigator database . . . . . . . . . 36-10 Customizing the Web Navigator database . 36-11
The Web Navigator

40 Controlling User Access to Domino Databases . . . . . . . . . . . . 40-1

Volume 2 37 Planning Security . . . . . . . . . . 37-1
Overview of Domino security The Domino security model The Domino security team Security planning checklists

. . . . . . . . . 37-1 . . . . . . . . . . 37-5 . . . . . . . . . . . 37-8 . . . . . . . . . 37-11

. . . . . . . . 40-1 Default ACL entries . . . . . . . . . . . . . . . 40-2 Acceptable entries in the ACL . . . . . . . . . 40-4 Configuring a database ACL . . . . . . . . . 40-11 Access levels in the ACL . . . . . . . . . . . 40-13 Access level privileges in the ACL . . . . . 40-16 User types in the ACL . . . . . . . . . . . . . 40-19 Roles in the ACL . . . . . . . . . . . . . . . . 40-20 Managing database ACLs . . . . . . . . . . . 40-22
The database access control list Using the Administration Process to update ACLs . . . . . . . . . . .

38 Controlling Access to Domino Servers . . . . . . . . . . . . . . . 38-1
Validation and authentication for Notes and Domino . . . . . . . . . . . . . Server access for Notes users, Internet users, and Domino servers . . . Setting up Notes user, Domino server, and Internet user access to a Domino server . . . . . . . . . . .

.... .

40-23 40-24 40-24 40-25 40-28 40-30 40-30

Setting up the Administration Process for database ACLs . . . . . . . . . . . . . Managing database ACLs with the Web Administrator . . . . . . . . . . . . Editing entries in multiple ACLs

...

38-1 38-2

....

. . . . 38-4 Customizing access to a Domino server . . . 38-7 Physically securing the Domino server . . 38-23
39 Protecting and Managing Notes IDs . . . . . . . . . . . . . . . . . . . . 39-1
Domino server and Notes user IDs

.. ...... Enforcing a consistent access control list . Setting up database access for Internet users .
Maximum Internet name-and-password access . . . . . . . . . . . . . . . . . .

..

41 Protecting User Workstations with Execution Control Lists . . . . . 41-1
The execution control list

......

39-1

............

41-1

Contents ix

The administration ECL

.............

41-6

Default Domino SSL trusted roots SSL port configuration

42 Setting Up Name-and-Password and Anonymous Access to Domino Servers . . . . . . . . . . . . . . . . . . . . . . 42-1
Name-and-password authentication for Internet/intranet clients . . . . . . Session-based name-and-password authentication for Web clients

..... ............. ....... ....

46-11 46-14 46-20

Managing server certificates and certificate requests . . . .

...

42-1 42-6

Authenticating Web SSL clients in secondary Domino and LDAP directories . . . . . . . . . . . . .

46-25

.....

47 Setting Up Clients for S/MIME and SSL . . . . . . . . . . . . . . 47-1
SSL and S/MIME for clients

Multi-server session-based name-and-password authentication for Web users (single sign-on) . . .

..........

47-1

. Managing Internet passwords . . . . . . . . Anonymous Internet/intranet access . . .
Validation and authentication for Internet/intranet clients . .

42-12 42-24 42-25 42-27

Setting up Notes and Internet clients for SSL authentication . . . . . . . . .

. . . 47-3 Internet certificates for SSL and S/MIME . . 47-5 Setting up Notes clients for S/MIME . . . . 47-13
Dual Internet certificates for S/MIME encryption and signatures . .

......

.... ..

47-17 47-18

43 Encryption and Electronic Signatures . . . . . . . . . . . . . . . . . . . 43-1

Setting up Notes and Internet clients for SSL client authentication . . . . . Using SSL when setting up directory assistance for LDAP directories

..................... Mail encryption . . . . . . . . . . . . . . . . . . Electronic signatures . . . . . . . . . . . . . . .
Encryption

43-1 43-4 43-9

. . . 47-23 48 Rolling Out Databases . . . . . . 48-1
Database design, management, and administration . . . . . . . . .

44 Setting Up a Domino Server-Based Certification Authority . . . . . . . . . . . . . . . . . . . . 44-1
Domino server-based certification authority . . . . . . . . . . . Setting up a server-based Domino certification authority . . .

...... Rolling out a database . . . . . . . . . . . . . . Copying a new database to a server . . . . .
Creating a Mail-In Database document for a new database . . . . . . . . . . . . .

48-1 48-1 48-4 48-5 48-7 48-7

....... .......

44-1 44-5

45 Setting Up a Domino 5 Certificate Authority . . . . . . . . . . . 45-1

.. Adding a database to the Domain Index . . Signing a database or template . . . . . . . .

.... Setting up a Domino 5 certificate authority . .
Using a Domino 5 certificate authority

45-1 45-1

49 Organizing Databases on a Server . . . . . . . . . . . . . . . . . . . . . . . 49-1
Organizing databases on a server

.......

49-1

46 Setting Up SSL on a Domino Server . . . . . . . . . . . . . . . . . . . . . . . 46-1

50 Setting Up and Managing Full-text Indexes . . . . . . . . . . . . . . 50-1
Full-text indexes for single databases

..................... Setting up SSL on a Domino server . . . . . .
SSL security

46-1 46-2

....

50-1

x Administering the Domino System, Volume 1

51 Setting Up Database Libraries and Catalogs . . . . . . . . . 51-1
Database libraries

54 Using IBM Tivoli Analyzer for Lotus Domino . . . . . . . . . . . . . 54-1

.................

51-1 51-2 51-3 51-4 51-5

Creating a database library and assigning librarians . . . . . . . . . . . . . . . .

.. Publishing databases in a library . . . . . . . Database catalogs . . . . . . . . . . . . . . . . . Setting up a server’s database catalog . . . .

... Server Health Monitor . . . . . . . . . . . . . . Table of Server Health Monitor statistics . . Table of Server Health Monitor ratings . . . Server Health Monitor configuration . . . . . Using the Server Health Monitor . . . . . . .
IBM Tivoli Analyzer for Lotus Domino Working with Server Health Monitor statistics . . . . . . . . . . . . . .

54-1 54-2 54-3 54-5 54-6 54-8 54-13 54-17 54-18 54-22 54-26 54-27 54-34 54-37 54-48 54-51 54-53 54-61

52 Monitoring the Domino Server . . . . . . . . . . . . . . . . . . . . . . . 52-1

. . . . . . . . 52-1 Monitoring events on the Domino system . . 52-2 Event generators . . . . . . . . . . . . . . . . . 52-3 Event handlers . . . . . . . . . . . . . . . . . . 52-14 Viewing an event report . . . . . . . . . . . . 52-20
Monitoring the Domino system Viewing event messages, causes, and solutions . . . . . . . . . . . . . .

.... Activity Trends . . . . . . . . . . . . . . . . . Setting up Activity Trends . . . . . . . . . .
Activity Trends server and statistics profiles . . . . . . . . . . . . . .

..... Resource balancing in Activity Trends . . .
Setting up resource balancing in Activity Trends . . . . . . . . . . . . . . . . . . Understanding resource-balancing behavior . . . . . . . . . . . . .

....

52-20

.

Customizing the appearance of the Domino server console and Domino Administrator console . . . . . . . .

.....

. Statistics and the Domino system . . . . . . Platform statistics . . . . . . . . . . . . . . . .
Using the Domino Administrator to monitor statistics . . . . . . .

52-21 52-24 52-26 52-31 52-36 52-40 52-43

Analyzing resource-balancing distributions . . . . . . . Domino Change Manager

........ ........... ... ........... ..

..... Charting statistics . . . . . . . . . . . . . . . . Domino server monitor . . . . . . . . . . . . Profiles and the Domino server monitor .

ACLs for the Domino Change Control database . . . . . . . . . . . . . . . Resource-balancing plans

Setting up plan documents for resource balancing . . . . . . . . . . . . . . .

53 Using the Domino SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . 53-1

55 Transaction Logging and Recovery . . . . . . . . . . . . . . . . . . . . 55-1

........... Configuring the Domino SNMP Agent . . .
The Domino SNMP Agent Using the Domino MIB with your SNMP management station . . . . . . . . . Troubleshooting the Domino SNMP Agent . . . . . . . . . . . . . . .

53-1 53-8 53-21 53-24

............... How transaction logging works . . . . . . . . Planning for transaction logging . . . . . . .
Transaction logging Setting up a Domino server for transaction logging . . .

55-1 55-3 55-4 55-5 55-7

.

.....

......... Changing transaction logging settings . . . .

Contents xi

Disabling transaction logging for a specific database . . . . . . . .

. . . . . . 55-8 View logging . . . . . . . . . . . . . . . . . . . . 55-9 Using transaction logging for recovery . . . 55-9 Fault recovery . . . . . . . . . . . . . . . . . . 55-10 56 Using Log Files . . . . . . . . . . . . 56-1 The Domino server log (LOG.NSF) . . . . . . 56-1
Controlling the size of the log file (LOG.NSF) . . . . . . . . . . The Domino Web server log (DOMLOG.NSF) . . .

59 Maintaining Domino Servers . . 59-1

. . . . . . . . . . . . . . . . . 59-1 Decommissioning a Domain Search server . 59-12 Uninstalling a Domino partitioned server . 59-13
Managing servers

60 Improving Server Performance . . . . . . . . . . . . . . . . . 60-1
Improving Domino server performance Tools for measuring server performance

....... Logging Domino Web server requests . . . .

56-1 56-8

... .. .. . ..

60-1 60-2 60-3 60-5 60-6

Improving basic server performance and capacity . . . . . . . . . . . . . . . . .

. . . . . . . . . . . 56-8 Domino Web server logging to text files . . 56-10
57 Setting Up Activity Logging . . 57-1

Improving partitioned server performance and capacity . . . . . . . . . . . . . . . Improving Agent Manager performance Improving database and Domino Directory performance . . . Tips for tuning mail performance

. . . . . . . . . . . . . . . . . . 57-1 The information in the log file . . . . . . . . . 57-1 Configuring activity logging . . . . . . . . . 57-12 Viewing activity logging data . . . . . . . . 57-13 58 Maintaining Databases . . . . . . 58-1 Database maintenance . . . . . . . . . . . . . . 58-1 The Files tab in the Domino Administrator . . 58-2 Monitoring replication of a database . . . . . 58-6 Replication or save conflicts . . . . . . . . . . 58-8 Monitoring database activity . . . . . . . . . 58-11 Updating database indexes and views . . . 58-14 Managing view indexes . . . . . . . . . . . . 58-23
Activity logging Synchronizing databases with master templates . . . . . . . . . . . . .

. . . . . . . 60-9 . . . . . . 60-11 .. ...
60-13 60-14

Improving Windows NT and Windows 2000 server performance . . . . . Improving UNIX server performance

61 Improving Database Performance . . . . . . . . . . . . . . . . . 61-1
Setting advanced database properties Database properties that optimize database performance . . .

....

61-1

.... Fixing corrupted databases . . . . . . . . . . Using Fixup . . . . . . . . . . . . . . . . . . . Moving databases . . . . . . . . . . . . . . . . Deleting databases . . . . . . . . . . . . . . . Database analysis . . . . . . . . . . . . . . . .

58-24 58-25 58-26 58-33 58-36 58-37

. . . . . . . 61-3 The database cache . . . . . . . . . . . . . . . . 61-9 Controlling database size . . . . . . . . . . . 61-12 Tools for monitoring database size . . . . . 61-13 Monitoring database size . . . . . . . . . . . 61-13 Compacting databases . . . . . . . . . . . . . 61-13 Ways to compact databases . . . . . . . . . . 61-16 Database size quotas . . . . . . . . . . . . . . 61-23 Deleting inactive documents . . . . . . . . . 61-25
Using an agent to delete and archive documents . . . . . . . . . . . . Allowing more fields in a database

.... .....

61-27 61-29

xii Administering the Domino System, Volume 1

62 Using Server.Load . . . . . . . . . . 62-1

..................... Server.Load agents . . . . . . . . . . . . . . . . Server.Load metrics . . . . . . . . . . . . . . .
Server.Load Setting up clients and servers for Server.Load . . . . . . . . .

62-1 62-4 62-7

.. Passthru connections — Troubleshooting . Replication — Troubleshooting . . . . . . .
Partitioned servers — Troubleshooting You see the message “Database is not fully initialized yet” . . . . . .

63-78 63-79 63-80

. . . . . . . 62-12 Idle Workload script . . . . . . . . . . . . . . 62-14 R5 IMAP Workload test . . . . . . . . . . . . 62-15 R5 Simple Mail Routing test . . . . . . . . . 62-20 R5 Shared Database test . . . . . . . . . . . . 62-24 SMTP and POP3 Workload test . . . . . . . 62-26 Web Idle Workload test . . . . . . . . . . . . 62-30 Web Mail test . . . . . . . . . . . . . . . . . . 62-31 63 Troubleshooting . . . . . . . . . . . 63-1 Troubleshooting the Domino system . . . . . 63-1 Troubleshooting tools . . . . . . . . . . . . . . 63-2 Overview of server maintenance . . . . . . . 63-6 Server maintenance checklist . . . . . . . . . . 63-6 Backing up the Domino server . . . . . . . . . 63-7
Administration Process — Troubleshooting . .

. . . . 63-89 Server access — Troubleshooting . . . . . . 63-91 Server crashes — Troubleshooting . . . . . 63-96 Transaction logging — Troubleshooting . 63-102
Web server, Web Navigator, and the Web Administrator — Troubleshooting

. 63-104 Server.Load — Troubleshooting . . . . . . . 63-110 Appendix A Server Commands . . A-1 Appendix B Server Tasks . . . . . . . B-1 Appendix C NOTES.INI File . . . . . C-1
Appendix D System and Application Templates . . . . . . . . . D-1 Appendix E Customizing the Domino Directory . . . . . . . . . . . . . . E-1 Appendix F Administration Process Requests . . . . . . . . . . . . . . F-1 Appendix G Novell Directory Service for the IPX/SPX Network . . G-1 Appendix H Accessibility and Keyboard Shortcuts in Domino Administrator . . . . . . . . . . . . . . . . . H-1 Appendix I Server.Load Command Language . . . . . . . . . . . . I-1 Appendix J Server.Load Scripts . . . J-1 Index . . . . . . . . . . . . . . . . . . . . . . Index-1

............

63-8 63-12 63-16 63-21 63-36 63-45 63-48 63-52 63-55 63-74

Agent Manager and agents — Troubleshooting . . . . .

........ Database performance — Troubleshooting . Directories — Troubleshooting . . . . . . . Mail routing — Troubleshooting . . . . . .
Meeting and resource scheduling — Troubleshooting . . . . . . . . . Modems and remote connections — Troubleshooting . . . . . . . .

....

..... Platform statistics — Troubleshooting . . .
Network connections over NRPC — Troubleshooting . . . . . . . . . Network dialup connections — Troubleshooting . . . . .

....

........

Contents xiii

Preface
The documentation for IBM Lotus Notes, IBM Lotus Domino, and IBM Lotus Domino Designer is available online in Help databases and, with the exception of the Notes client documentation, in print format.

License information
Any information or reference related to license terms in this document is provided to you for your information. However, your use of Notes and Domino, and any other IBM program referenced in this document, is solely subject to the terms and conditions of the IBM International Program License Agreement (IPLA) and related License Information (LI) document accompanying each such program. You may not rely on this document should there be any questions concerning your right to use Notes and Domino. Please refer to the IPLA and LI for Notes and Domino that is located in the file LICENSE.TXT.

System requirements
Information about the system requirements for Lotus Notes and Domino is listed in the Release Notes.

Printed documentation and PDF files
The same documentation for Domino and Domino Designer that is available in online Help is also available in printed books and PDF files. You can order printed books from the IBM Publications Center at www.ibm.com/shop/publications/order. You can download PDF files from the IBM Publications Center and from the Documentation Library at the Lotus Developer Domain at www-10.lotus.com/ldd.

Related information
In addition to the documentation that is available with the product, other information about Notes and Domino is available on the Web sites listed here. • IBM Redbooks are available at www.redbooks.ibm.com.

xv

A technical journal, discussion forums, demos, and other information is available on the Lotus Developer Domain site at www-10.lotus.com/ldd.

Table of conventions
This table lists conventions used in the Notes and Domino documentation.
Convention italics
monospaced type

Description Variables and book titles are shown in italic type. Code examples and console commands are shown in monospaced type. File names are shown in uppercase, for example NAMES.NSF. Hyphens are used between menu names, to show the sequence of menus.

file names hyphens in menu names (File - Database - Open)

Structure of Notes and Domino documentation
This section describes the documentation for Notes, Domino, and Domino Designer. The online Help databases are available with the software products. Print documentation can be downloaded from the Web or purchased separately. Release Notes The Release Notes describe new features and enhancements, platform requirements, known issues, and documentation updates for Lotus Notes 6, Lotus Domino 6, and Lotus Domino Designer 6. The Release Notes are available online in the Release Notes database (README.NSF). You can also download them as a PDF file. Documentation for the Notes client The Lotus Notes 6 Help database (HELP6_CLIENT.NSF) contains the documentation for Notes users. This database describes user tasks such as sending mail, using the Personal Address Book, using the Calendar and Scheduling features, using the To Do list, and searching for information. Documentation for Domino administration The following table describes the books that comprise the Domino Administration documentation set. The information in these books is also found online in the Lotus Domino Administrator 6 Help database (HELP6_ADMIN.NSF). The book Installing Domino Servers ships with Domino. The other books are available for purchase, or for free download as PDF files.

xvi Administering the Domino System, Volume 1

Title Upgrade Guide

Description Describes how to upgrade existing Domino servers and Notes clients to Notes and Domino 6. Also describes how to move users from other messaging and directory systems to Notes and Domino 6. Describes how to plan a Domino installation; how to configure Domino to work with network protocols such as Novell SPX, TCP/IP, and NetBIOS; how to install servers; and how to install and begin using Domino Administrator and the Web Administrator. Describes how to register and manage users and groups, and how to register and manage servers including managing directories, connections, mail, replication, security, calendars and scheduling, activity logging, databases, and system monitoring. This book also describes how to use Domino in a service provider environment, how to use Domino Off-Line Services, and how to use IBM Tivoli Analyzer for Lotus Domino. Describes how to set up, manage, and troubleshoot Domino clusters.

Installing Domino Servers

Administering the Domino System, Volumes 1 and 2

Administering Domino Clusters

Documentation for Domino Designer The following table describes the books that comprise the Domino Designer documentation set. The information in these books is also found online in the Lotus Domino Designer 6 Help database (HELP6_DESIGNER.NSF) with one exception: Domino Enterprise Connection Services (DECS) Installation and User Guide is available online in a separate database, DECS User Guide Template (DECSDOC6.NSF). The printed documentation set also includes Domino Objects posters. In addition to the books listed here, the Domino Designer Templates Guide is available for download in NSF or PDF format. This guide presents an in-depth look at three commonly used Designer templates: TeamRoom, Discussion, and Documentation Library.
Title Application Development with Domino Designer Description Explains how to create all the design elements used in building Domino applications, how to share information with other applications, and how to customize and manage applications.

Domino Designer Programming Introduces programming in Domino Designer and Guide, describes the formula language. Volume 1: Overview and Formula Language continued Preface xvii

Title

Description

Domino Designer Programming Describes the LotusScript/COM/OLE classes for access to databases and other Domino structures. Guide, Volumes 2A and 2B: LotusScript/COM/OLE Classes Domino Designer Programming Provides reference information on using the Java and CORBA classes to provide access to databases Guide, Volume 3: Java/CORBA Classes and other Domino structures. Domino Designer Programming Describes the XML and JSP interfaces for access to Guide, databases and other Domino structures. Volume 4: XML Domino DTD and JSP Tags LotusScript Language Guide Domino Enterprise Connection Services (DECS) Installation and User Guide Lotus Connectors and Connectivity Guide Describes the LotusScript programming language. Describes how to use Domino Enterprise Connection Services (DECS) to access enterprise data in real time. Describes how to configure Lotus Connectors for use with either DECS or IBM Lotus Enterprise Integrator for Domino (LEI). It also describes how to test connectivity between DECS or LEI and an external system, such as DB2, Oracle, or Sybase. Lastly, it describes usage and feature options for all of the base connection types that are supplied with LEI and DECS. This online documentation file name is LCCON6.NSF. Describes how to use the LC LSX to programmatically perform Lotus Connector-related tasks outside of, or in conjunction with, either LEI or DECS. This online documentation file name is LSXLC6.NSF. Describes installation, configuration, and migration information and instructions for LEI. The online documentation file names are LEIIG.NSF and LEIIG.PDF. This document is for LEI customers only and is supplied with LEI, not with Domino. Provides information and instructions for using LEI and its activities. The online documentation file names are LEIDOC.NSF and LEIDOC.PDF. This document is for LEI customers only and is supplied with LEI, not with Domino.

Lotus Connector LotusScript Extensions Guide

IBM Lotus Enterprise Integrator for Domino (LEI) Installation Guide

IBM Lotus Enterprise Integrator for Domino (LEI) Activities and User Guide

xviii Administering the Domino System, Volume 1

Installation

Chapter 1 Deploying Domino
This chapter outlines the steps required to deploy IBM® Lotus® Domino™ 6 successfully and introduces important concepts that you need to know before you install Domino servers.

Guidepost for deploying Domino
Whether you’re setting up IBM Lotus Domino 6 and IBM Lotus Notes® 6 for the first time or adding to an established Domino environment, planning is vital. Along with determining your company’s needs, you need to plan how to integrate Domino into your existing network. After planning is complete, you can begin to install and set up Domino servers and the Domino Administrator and build the Domino environment. The following list describes, in order, the process to use to deploy Domino. 1. Determine your company’s server needs. Decide where to locate each server physically, taking into consideration local and wide-area networks and the function of each server. 2. Develop a hierarchical name scheme that includes organization and organizational unit names. 3. Decide whether you need more than one Domino domain. 4. Understand how server name format affects network name-to-address resolution for servers. Ensure that the DNS records for your company are the correct type for the server names. 5. Determine which server services to enable. 6. Determine which certificate authority — Domino server-based certification authority, Domino 5 certificate authority, third-party — to use. 7. Install and set up the first Domino server. 8. Install and set up the Domino Administrator on the administrator’s machine. 9. Complete network-related server setup.

1-1

10. If the Domino server is offering Internet services, set up Internet site documents. There are some instances where Internet Site documents are required. 11. Specify Administration Preferences. 12. Create additional certifier IDs to support the hierarchical name scheme. 13. Set up recovery information for the certifier IDs. 14. Add the administrator’s ID to the recovery information for the certifier IDs and then distribute the certifier IDs, as necessary, to other administrators. 15. Register additional servers. 16. If you did not choose to do so during first server setup, Create a group in the Domino Directory for all administrators, and give this group Manager access to all databases on the first server. 17. Install and set up additional servers. 18. Complete network-related server setup for each additional server. 19. Build the Domino environment.

Functions of Domino servers
Before you install and set up the first Domino server, consider the function and physical location of the servers that your company needs and determine how to connect the servers to each other. The current configuration of local and wide-area networks affects many of these decisions. Consider your company’s need for: • • • • • • • Servers that provide Notes and/or browser users with access to applications Hub servers that handle communication between servers that are geographically distant Web servers that provide browser users with access to Web applications Servers that manage messaging services Directory servers that provide users and servers with information about how to communicate with other users and servers Passthru servers that provide users and servers with access to a single server that provides access to other servers Domain Search servers that provide users with the ability to perform searches across all servers in a Domino domain

1-2 Administering the Domino System, Volume 1

Installation

• • • •

Clustered servers that provide users with constant access to data and provide load-balancing and failover Partitioned servers that run multiple instances of the Domino server on a single computer Firewall servers that provide Notes users with access to internal Domino services and protect internal servers from outside users xSP servers that provide users with Internet access to a specific set of Domino applications

Your decisions help determine which types of Domino servers your require. When you install each server, you must select one of the following installation options: • Domino Utility Server — Installs a Domino server that provides application services only, with support for Domino clusters. The Domino Utility Server is a new installation type for Lotus Domino 6 that removes client access license requirements. Note that it does NOT include support for messaging services. See full licensing text for details. Domino Messaging Server — Installs a Domino server that provides messaging services. Note that it does NOT include support for application services or Domino clusters. Domino Enterprise Server — Installs a Domino server that provides both messaging and application services, with support for Domino clusters. Note All three types of installations support Domino partitioned servers. Only the Domino Enterprise Server supports a service provider (xSP) environment.

Hierarchical naming for servers and users
Hierarchical naming is the cornerstone of Domino security; therefore planning it is a critical task. Hierarchical names provide unique identifiers for servers and users in a company. When you register new servers and users, the hierarchical names drive their certification, or their level of access to the system, and control whether users and servers in different organizations and organizational units can communicate with each another. Before you install Domino servers, create a diagram of your company and use the diagram to plan a meaningful name scheme. Then create certifier IDs to implement the name scheme and ensure a secure system.

Deploying Domino 1-3

A hierarchical name scheme uses a tree structure that reflects the actual structure of a company. At the top of the tree is the organization name, which is usually the company name. Below the organization name are organizational units, which you create to suit the structure of the company; you can organize the structure geographically, departmentally, or both. For example, the Acme company created this diagram for their servers and users:
Acme

West

East

HR

Accounting

IS

Sales

Marketing

Development

Looking at Acme’s diagram, you can see where they located their servers in the tree. Acme decided to split the company geographically at the first level and create certifier IDs for the East and West organizational units. At the next level down, Acme made its division according to department. For more information on certifier IDs, see the topic “Certifier IDs and certificates” in this chapter. Components of a hierarchical name A hierarchical name reflects a user’s or server’s place in the hierarchy and controls whether users and servers in different organizations and organizational units can communicate with each another. A hierarchical name may include these components: • • Common name (CN) — Corresponds to a user’s name or a server’s name. All names must include a common name component. Organizational unit (OU) — Identifies the location of the user or server in the organization. Domino allows for a maximum of four organizational units in a hierarchical name. Organizational units are optional. Organization (O) — Identifies the organization to which a user or server belongs. Every name must include an organization component. Country (C) —Identifies the country in which the organization exists. The country is optional.

1-4 Administering the Domino System, Volume 1

Installation

An example of a hierarchical name that uses all of the components is: Julia Herlihy/Sales/East/Acme/US Typically a name is entered and displayed in this abbreviated format, but it is stored internally in canonical format, which contains the name and its associated components, as shown below: CN=Julia Herlihy/OU=Sales/OU=East/O=Acme/C=US. Note You can use hierarchical naming with wildcards as a way to isolate a group of servers that need to connect to a given Domino server in order to route mail. For more information, see the chapter “Setting Up Mail Routing.”

Domino domains
A Domino domain is a group of Domino servers that share the same Domino Directory. As the control and administration center for Domino servers in a domain, the Domino Directory contains, among other documents, a Server document for each server and a Person document for each Notes user. Planning for Domino domains There are four basic scenarios for setting up Domino domains. The first scenario, which many small- and medium-size companies use, involves creating only one Domino domain and registering all servers and users in one Domino Directory. This scenario is the most common and the easiest to manage. The second scenario is common when a large company has multiple independent business units. In this case, one organization spread across multiple domains may be the best scenario. Then all servers and users are members of the same organization, and each business unit administers its own Domino Directory. For more information on administering multiple Domino directories, see the chapter “Planning Directory Services.” A third scenario is common when multiple companies work closely together yet want to retain individual corporate identities. Then one domain and multiple organizations may work best. Finally, the fourth scenario involves maintaining multiple domains and multiple organizations. This scenario often occurs when one company acquires another. Sometimes the decision to create multiple Domino domains is not based on organizational structure at all. For example, you may want to create multiple Domino domains if you have slow or unreliable network
Deploying Domino 1-5

connections that prohibit frequent replication of a single, large directory. Keep in mind that working with multiple domains requires additional administrative work and requires you to set up a system for managing them. Domains can be used as a broad security measure. For example, you can grant or deny a user access to servers and databases, based on the domain in which the user is registered. Using an extended ACL is an alternative to creating multiple domains, because you can use the extended ACL to specify different levels of access to a single Domino Directory, based on organization name hierarchy. For more information on extended ACLs, see the chapter “Setting Up Extended ACLs.”

Partitioned servers
Using Domino server partitioning, you can run multiple instances of the Domino server on a single computer. By doing so, you reduce hardware expenses and minimize the number of computers to administer because, instead of purchasing multiple small computers to run Domino servers that might not take advantage of the resources available to them, you can purchase a single, more powerful computer and run multiple instances of the Domino server on that single machine. On a Domino partitioned server, all partitions share the same Domino program directory, and thus share one set of Domino executable files. However, each partition has its own Domino data directory and NOTES.INI file; thus each has its own copy of the Domino Directory and other administrative databases. If one partition shuts down, the others continue to run. If a partition encounters a fatal error, Domino’s fault recovery feature restarts only that partition, not the entire computer. For information on setting up fault recovery, see the chapter “Transaction Logging and Recovery.” Partitioned servers can provide the scalability you need while also providing security. As your system grows, you can migrate users from a partition to a separate server. A partitioned server can also be a member of a cluster if you require high availability of databases. Security for a partitioned server is the same as for a single server. When you set up a partitioned server, you must run the same version of Domino on each partition. However, if the server runs on UNIX®, there is an alternative means to run multiple instances of Domino on the server: on UNIX, you can run different versions of Domino on a single computer, each version with its own program directory. You can even
1-6 Administering the Domino System, Volume 1

Installation

run multiple instances of each version by installing it as a Domino partitioned server. For more information on installing Domino on UNIX, see the chapter “Installing and Setting Up Domino Servers.” Deciding whether to use partitioned servers Whether or not to use partitioned servers depends, in part, on how you set up Domino domains. A partitioned server is most useful when the partitions are in different Domino domains. For example, using a partitioned server, you can dedicate different Domino domains to different customers or set up multiple Web sites. A partitioned server with partitions all in the same Domino domain often uses more computer resources and disk space than a single server that runs multiple services. When making the decision to use partitioned servers, remember that it is easier to administer a single server than it is to administer multiple partitions. However, if your goal is to isolate certain server functions on the network — for example, to isolate the messaging hub from the replication hub or isolate work groups for resource and activity logging — you might be willing to take on the additional administrative work. In addition, running a partitioned server on a multiprocessor computer may improve performance, even when the partitions are in the same domain, because the computer simultaneously runs certain processes. To give Notes users access to a Domino server where they can create and run Domino applications, use a partitioned server. However, to provide customers with Internet access to a specific set of Domino applications, set up an xSP server environment. For more information about using Domino in an xSP environment, see the chapter “Planning the Service Provider Environment.” Deciding how many partitions to have How many partitions you can install without noticeably diminishing performance depends on the power of the computer and the operating system the computer uses. For optimal performance, partition multiprocessor computers that have at least one, and preferably two, processors for each partition that you install on the computer.

Certifier IDs and certificates
Certifier IDs and certificates form the basis of Domino security. To place servers and users correctly within your organization’s hierarchical name scheme, you create a certifier ID for each branch on the name tree. You use the certifiers during server and user registration to “stamp” each server ID and user ID with a certificate that defines where each belongs
Deploying Domino 1-7

in the organization. Servers and users who belong to the same name tree can communicate with each other; servers and users who belong to different name trees need a cross-certificate to communicate with each other. Note You can register servers and users without stamping each server ID and user ID if you have migrated the certifier to a Domino server-based certification authority (CA). For more information about server-based CAs, see the chapter “Setting Up a Domino Server-based Certification Authority.” Each time you create a certifier ID, Domino creates a certifier ID file and a Certifier document. The ID file contains the ID that you use to register servers and users. The Certifier document serves as a record of the certifier ID and stores, among other things, its hierarchical name, the name of the certifier ID that issued it, and the names of certificates associated with it. There are two types of certifier IDs: organization and organizational unit. Organization certifier ID The organization certifier appears at the top of the name tree and is usually the name of the company — for example, Acme. During first server setup, the Server Setup program creates the organization certifier and stores the organization certifier ID file in the Domino data directory, giving it the name CERT.ID. During first server setup, this organization certifier ID automatically certifies the first Domino server ID and the administrator’s user ID. If your company is large and decentralized, you might want to use the Domino Administrator after server setup to create a second organization certifier ID to allow for further name differentiation — for example, to differentiate between company subsidiaries. For more information on working with multiple organizations, see the topic “Domino domains” earlier in this chapter. Organizational unit certifier IDs The organizational unit certifiers are at all the branches of the tree and usually represent geographical or departmental names — for example, East/Acme or Sales/East/Acme. If you choose to, you can create a first-level organizational unit certifier ID during server setup, with the result that the server ID and administrator’s user ID are stamped with the organizational unit certifier rather than with the organization certifier. If you choose not to create this organizational unit certifier

1-8 Administering the Domino System, Volume 1

Installation

during server setup, you can always use the Domino Administrator to do it later — just remember to recertify the server ID and administrator’s user ID. For information on recertifying user IDs, see the chapter “Setting Up and Managing Notes Users.” For information on recertifying server IDs, see the chapter “Maintaining Domino Servers.” You can create up to four levels of organizational unit certifiers. To create first-level organizational unit certifier IDs, you use the organization certifier ID. To create second-level organizational unit certifier IDs, you use the first-level organizational unit certifier IDs, and so on. Using organizational unit certifier IDs, you can decentralize certification by distributing individual certifier IDs to administrators who manage users and servers in specific branches of the company. For example, the Acme company has two administrators. One administers servers and users in West/Acme and has access to only the West/Acme certifier ID, and the other administers servers and users in East/Acme and has access to only the East/Acme certifier ID. Certifier security By default, the Server Setup program stores the certifier ID file in the directory you specify as the Domino data directory. When you use the Domino Administrator to create an additional organization certifier ID or organizational unit certifier ID, you specify where you want the ID stored. To ensure security, store certifiers in a secure location — such as a disk locked in a secure area. User ID recovery To provide ID and password recovery for Notes users, you need to set up recovery information for each certifier ID. Before you can recover user ID files, you need access to the certifier ID file to specify the recovery information, and the user ID files themselves must be made recoverable. There are three ways to do this: • • • At user registration, create the ID file with a certifier ID that contains recovery information. Export recovery information from the certifier ID file and have the user accept it. (Only for servers using the server-based certification authority) Add recovery information to the certifier. Then, when existing users authenticate to their home server, their IDs are automatically updated.

For more information, see the chapter “Protecting and Managing Notes IDs.”
Deploying Domino 1-9

/Accounting/West/Acme. and /Development/East/Acme certifier IDs. Acme does the following: • • • Creates /Acme as the organization certifier ID during first server setup. Uses the /Acme certifier ID to create the /East/Acme and /West/Acme certifier IDs. Uses the /West/Acme certifier ID to create the /HR/West/Acme. Uses the /HR/West/Acme. the Acme company created a certifier ID at each branch of the hierarchical name tree: Acme Key: Acme Acme Certifier ID Names West East West/Acme East/Acme HR Accounting cm e IS Sales e Marketing /A cm e Development /A cm e g/ W es t/A es t/A cm as t/A cm e e Ac M To register each server and user. Uses the /East/Acme certifier ID to create the /Sales/East/Acme. Volume 1 D ev el op m en t/ E as t cm IS /W es t/A le s/ E ar ke tin g/ R/ W co un tin Sa H Ea st . and Development/East/Acme certifier IDs to register users and servers in the East coast division. Uses the /Sales/East/Acme. and IS/West/Acme certifier IDs. /Accounting/West/Acme. and IS/West/Acme certifier IDs to register users and servers in the West coast division. • • • • 1-10 Administering the Domino System.Example of how certifier IDs mirror the hierarchical name scheme To implement their hierarchical name scheme. /Marketing/East/Acme. Uses the /East/Acme certifier ID to register servers and users in the East coast offices and uses the /West/Acme certifier ID to register servers and users in the West coast offices. /Sales/Marketing/Acme.

Installation For more information on hierarchical name schemes. which are necessary for the proper operation of the Domino infrastructure. are enabled by default when you set up a Domino server: • • • • • • • • • • • • • • • Database Replicator Mail Router Agent Manager Administration Process Calendar Connector Schedule Manager DOLS (Domino Off-Line Services) DIIOP CORBA Services DECS (Domino Enterprise Connection Services) Billing HTTP Server IMAP Server ISpy LDAP Server POP3 Server These are optional advanced Domino server services that you can enable: Deploying Domino 1-11 . decide which services and tasks to set up on the server.INI file or by starting the server task from the server console. see the topic “Hierarchical naming for users and servers” earlier in this chapter. POP3. Domino server services Before you start the Server Setup program. If you don’t select the services during the setup program. Internet services The Domino Server Setup program presents these selections for Internet services: • • • Web Browsers (HTTP Web services) Internet Mail Clients (SMTP. you can later enable them by editing the ServerTasks setting in the NOTES. and IMAP mail services) Directory services (LDAP) Advanced Domino services These Domino services.

• Use a single word. Notes named network 31 maximum • By default.” Table of Domino naming requirements Consider these guidelines when naming parts of the Domino system. made up of only alpha (A-Z) or numeric (0-9) characters. For more information on activity logging. Organizational 32 maximum* unit There can be up to four levels of organizational units. • Edit Notes named network names to use an identifier such as the location of the Notes named network and the network protocol — for example. Volume 1 . the Server Setup program assigns names in the format port name network — for example. Organization 3-64 maximum* • This name is typically the same as the Domino domain name. Name Domino domain Characters 31 maximum Tips • This is usually the same as the organization name. TCP/IP network. continued 1-12 Administering the Domino System.• • • • • Remote Debug Server SMTP Server Stats Statistic Collector Web Retriever Note It is best to use activity logging instead of the billing service. see the chapter “Planning the Service Provider Environment. TCPIP-Boston. • The organization name is the name of the certifier ID and is appended to all user and server names.

Can have only one alternate name • Use any of these characters: A . Port Country code No maximum 0 or 2 Do not include spaces Optional * This name may include alpha characters (A . and do not use spaces or underscores. 0 . and . On TCP/IP. A through Z. you can nest up to six levels of groups. period. you must recertify the server ID.9. dash (-). use only the characters 0 through 9. On SPX. and underscore (_). you can nest up to five levels of groups. dash. period (.Z). On NetBIOS. but usually not needed. and the ampersand (&).Z.. • Keep in mind that Domino performs replication and mail routing on servers named with numbers before it does those tasks on servers named with alphabetic characters. apostrophe.Installation Name Server Characters 79 maximum Tips • Choose a name you want to keep. For more information on network name requirements and the effect that server name format has on network name-to-address resolution. see the chapter “Setting Up the Domino Network.). and forward slash) • For mail routing.(dash). & . • Choose a name that meets your network’s requirements for unique naming. space. the first 15 characters must be unique. User Alternate user Group 79 maximum* No minimum 62 maximum Use a first and last name.” Deploying Domino 1-13 . underscore. A middle name is allowed. space ( ) . For all other purposes. If you change a server name. the first 47 characters must be unique. numbers (0 .9). _ ’ / (ampersand.

Set up mail routing 4. Consider implementing clustering on servers. 2. dialup support. 3. Register users and groups. 10. 7. Also consider the use of an extended administration server. Volume 1 . 9. and RAS. Set up a mobile directory catalog on Notes clients to give Notes users local access to a corporate-wide directory. 8. 1. This overview lists the features that you may want to include in your Domino environment. Create Connection documents for server communication. 6. If you have mobile users. Customize the Administration Process for your organization. 5. Consider remote server administration from the Domino console or Web Administrator console. For information about clustering. Establish a replication schedule. 11. see the book Administering Domino Clusters.Building the Domino environment After installing the first Domino server and any additional servers. 1-14 Administering the Domino System. Configure incoming and outgoing Internet mail (SMTP). set up modems. you configure the servers and build the environment. Determine backup and maintenance plans and consider transaction logging. 12. Plan and create policies before you register users and groups.

wireless application protocol (WAP) devices. leased telephone line. mid-orbit. or tracked orbit. Internet mail clients. Like a WAN. Lotus Domino and networks A variety of client systems can use wireless technology or modems to communicate with Domino servers over local area networks (LANs). Other client systems. can also communicate with Domino servers. Notes workstations and Domino servers use the Notes remote procedure call (NRPC) protocol running over the LAN’s network protocol to communicate with other Domino servers. which are sets of rules. and metropolitan area networks (MANs).Installation Chapter 2 Setting Up the Domino Network This chapter describes planning concepts and presents protocol-specific procedures required to run Domino on a network. Dialup connections are either to an individual server or to a LAN (through a provider network or your company’s own communications server).11b) to national or international satellite transmission systems that are geostationary. a MAN is usually shared by multiple organizations. A WAN is either a continuous connection — such as a frame-relay. they use one or more protocols. wide area networks (WANs). 2-1 . and personal information management (PIM) devices.11a or 802. Buildings or sites that are geographically close to each other can use a MAN. such as Web browsers. Isolated LANs can be connected by WANs. high-speed connection that can connect corporate LANs or connect a LAN to the WAN. For example. Wireless technology that works with Domino ranges from localized transmission systems (802. To govern how computers share information over a network. or digital subscriber line (DSL) — or a dialup connection over a modem or Integrated Services Digital Network (ISDN) line. The chapter describes using network protocols from a Domino perspective and does not provide general network information. which is a continuous.

Then. Network protocols for NRPC communication To communicate. For dialup connections.If you are planning a network for geographically dispersed locations. use WAN connections. IPX. Placing servers in every location and replicating databases to make the same information available on several LANs requires attention to administration at each location. For more information on dialup connections. To plan a Domino network with sufficient capacity. which can be slow and expensive. see the Release Notes. For detailed information on which protocols are compatible with Lotus Domino for each supported operating system. The functionality of Notes workstations and Domino servers depends on the effectiveness and capacity of networks. Lotus Domino is compatible with the TCP/IP and IPX/SPX protocol suites. The foundation for communication between Notes workstations and Domino servers or between two Domino servers is the Notes remote procedure call (NRPC) service. see the chapter “Setting Up Server-to-Server Connections. In addition. Volume 1 . One effective way to set up a network is to use a hub server at each location to handle communication with hub servers in other locations. Domino provides a list of Notes network ports based on the current operating system configuration. you must consider not only the traffic to and from Domino servers but also any other traffic on the network. NRPC communication Domino servers offer many different services. you can edit the list during setup. Lotus Domino uses its own X. you can use any IETF-compliant PPP communications server to dial into the network on which the Domino server resides or though which the server can be accessed. not every server in the network. and NetBEUI. If these ports are not the ones you want to enable for use with the Domino server. consider how to achieve a cost-effective infrastructure. For NetBIOS connections to work. Notes and Domino also support PPP using either Microsoft Dialup Networking (DUN) or Remote Access Service (RAS) for network dialup. as well as NetBIOS over the lower transports IP. 2-2 Administering the Domino System.PC protocol natively.” On LANs. two computers must run the same network protocol and software driver. Notes network ports During the Server Setup program. both Notes workstations and Domino servers must use the same lower transport. only the hub servers. Placing servers in one location requires that users in other locations access the Domino server across WAN connections.

When a user selects Other to display a list of servers. Also bear in mind that the Notes Network field for each port can contain only one NNN name. servers running on TCP/IP in one location. you can install multiple network interface cards (NICs) and enable additional Notes network ports for each protocol. if a server in their home server’s NNN has a replica of that database. as in the case where the server has two Notes network ports for TCP/IP. be sure to assign each server to the correct NNN. the servers displayed are those on the NNN of the user’s home server for the port on which the Notes workstation communicates with the home server. and no two NNN names can be the same.Installation Because each network protocol consumes memory and processing resources. Also. Lotus Domino expects a continuous connection between servers that are in the same NNN. whereas you need a Connection document to route mail between servers on different NNNs. NNNs affect Notes users when they use the Open Database dialog box. When you set up Server documents.INI file to bind each port to a separate IP address or NetBIOS LANA number. For more information. they can connect to the replica. Note If a server is assigned to two NNNs in the same protocol. A Notes named network (NNN) is a group of servers that can connect to each other directly through a common LAN protocol and network pathway — for example. using the NOTES. Setting Up the Domino Network 2-3 . when users click on a database link or document link. and serious delays in routing can occur if a server must dial up a remote LAN because the remote server is inadvertently placed within the NNN. see the topic “Adding a network port on a server” later in this chapter. you might want to exclude one or more ports and later remove the associated protocol software from the system. Servers on the same NNN route mail to each another automatically. a Notes workstation or Domino server connecting to that server uses the NNN for the port listed first in the Server document. In TCP/IP and NetBIOS. Notes named networks Consider Notes named networks in your planning.

Note If the Net Address field in the Server document contains a physical address — a practice that is not recommended in a production environment— the Notes Name Service performs the resolve directly. the service becomes available to the Notes workstation only after the workstation has successfully connected to its home (messaging) server for the first time. and the workstation is able to connect to the server. Because the Notes Name Service resolves common names by making calls to the Domino Directory. The protocol’s name-resolver service then resolves the protocol-specific name to its protocol-specific address. How name resolution works in NRPC A Notes workstation or Domino server follows these steps to resolve the name of the Domino server to which it is trying to connect over NRPC. adding physical addresses in Connection documents is not discouraged. since only the local workstation/server uses the Connection document. Lotus Notes uses the protocol’s name-resolver service directly. 1. the workstation/server passes the protocol-specific name to the protocol’s name-resolver service. When a Notes workstation or Domino server attempts to connect to a Domino server over a LAN. it uses a combination of the built-in Notes Name Service and the network protocol’s name-resolver service to convert the name of the Domino server to a physical address on the network. The Notes Name Service resolves Domino common names to their respective protocol-specific names. (The protocol name-resolver service normally makes the first connection possible. Note Unlike in Server documents. and then low-priority Connection documents. thus placing the burden of maintaining physical address changes on the Domino administrator. the name that the server is known by in the protocol’s name service — which is stored in the protocol’s Net Address field in the Server document.) When the Notes workstation makes a subsequent attempt to connect to a Domino server. Volume 1 .Resolving server names to network addresses in NRPC Communications between Lotus Notes and Lotus Domino run over the NRPC protocol on top of each supported LAN protocol. the Notes Name Service performs the resolve directly. Note When resolving names of Domino servers that offer Internet services. If the Connection document contains a physical address. If the workstation/server has a Connection document for the destination server that contains the protocol-specific name. Normal-priority Connection documents are checked first. 2-4 Administering the Domino System. the Notes Name Service supplies it with the Domino server’s protocol-specific name — that is.

the workstation/server uses the last-used Notes network port to determine the protocol and passes this value to the protocol’s name-resolver service. the Domino server locates the protocol name of each protocol that it has in common with the destination server and passes each to the appropriate protocol until a resolve is made. If the protocol-specific name is not cached. If the workstation and the destination server are in the same Domino domain but not in the same Notes named network. The home server locates the contents of the Net Address field for the Notes named network that the Notes workstation has in common with the destination server and passes this name to the protocol’s name-resolver service. one of the following occurs. the home server locates the names of each protocol that the workstation has in common with the destination server and passes each to the appropriate protocol until a resolve is made. If the destination server is in the same Domino domain as the Domino server. locates the contents of the Net Address field for the Notes named network that the Domino server has in common with the destination server.Installation 2. If the Notes workstation can’t access its home server. based on the order of the enabled network ports in the Server document. 3. the workstation/server offers the Domino common name of the destination server to the name-resolver service of each protocol. Domino checks the Server document for the destination server. and passes this name to the protocol’s name-resolver service. • For a Domino server. which looks in the Domino Directory for the Server document of the destination server. If Steps 1 through 3 do not produce the server’s network address. which carries out the same actions as the home server. it connects to its secondary Notes name server. based on the list order of enabled Notes network ports: • For a Notes workstation connected to the home (messaging) server. Setting Up the Domino Network 2-5 . but not in the same Notes named network. If the name is cached. To determine if the destination server’s protocol-specific name is cached. 4. Notes gives the common name of the destination Domino server to the home server. the workstation checks the Location document and the server checks its own Server document.

such as a firewall. reverse proxy. the Domino server system may require a second NIC to work around limitations of the VPN solution. you can also enforce encryption on all outbound connections. 2-6 Administering the Domino System. you typically use a network hardware configuration. For both NRPC and Internet protocols. to which you can authorize connections and define access to network resources. Volume 1 . firewalls. If you want to have the Domino server access both a private VPN and the Internet for SMTP mail. or Domino passthru server. use SSL. you can enforce encryption at the server for all inbound and outbound connections. Newer firewall systems offer virtual-private-network (VPN) services. Encrypting connections protects data from access by malicious or unauthorized users. which encapsulate the TCP/IP packet into another IP wrapper where the inner TCP/IP packet and its data are encrypted. For more information. For traffic over Internet protocols. and proxy servers. as the potential exists for malicious or unauthorized users to eavesdrop both on the network where the Domino system resides and on the system you are using to set up the server. see the chapter “Controlling Access to Domino Servers. even if the server to which you are connecting allows unencrypted connections. This is a popular way to create virtual tunnels through the Internet between remote sites. but you must set it up before you set up connection security. In addition. Network access is typically controlled using network hardware — such as filtering routers. Physical network security prevents unauthorized users from breaking through the network and using one of the operating system’s native services — for example. If not. encrypt all Domino and Notes services that connect to public networks or to networks over which you have no direct control. file sharing — to access the server. To prevent data from being compromised. Encrypting the connection channel prevents unauthorized users from using a network protocol analyzer to read data.Network security Physical network security is beyond the scope of this book. In the case of the Notes client. Physical network security also comes into play when any data is exposed. use the Notes port encryption feature.” NRPC and Internet connection security To control connection access. you can encrypt all connections by service type. Be sure to enable rules and connection pathways for the services that you and others will access. To encrypt NRPC network traffic. make sure your solution is able to handle full TCP data packets and that it allows dual connections.

A proxy stops direct access from an untrusted network to services on a trusted network. A proxy can provide detailed logging information about the client requesting the information and the information that was transmitted. A circuit-level proxy is similar to an application proxy. An application proxy can be used with any protocol. LDAP. applications using other protocols can also use the HTTP proxy. For example. If an application proxy is in use.Installation Because encryption adds additional load to the server. SSL uses the HTTP Connect method to get through an Setting Up the Domino Network 2-7 . except the application proxy delivers the packet to the destination. IMAP. except that it does not need to understand the type of information being transmitted. You can use a circuit-level proxy to communicate using Internet protocols with TCP/IP — that is. when the HTTP Connect method is used by an HTTP proxy.” Using a Domino passthru server as a proxy A proxy is a system that understands the type of information transmitted — for example. but it is designed to work with one application. IIOP. POP3. In Domino. but they use it as a circuit-level proxy. For example. NRPC or HTTP-format information — and controls the information flow between trusted and untrusted clients and servers. an SMTP proxy understands only SMTP. then application-specific heuristics can be applied to look at the connections from the untrusted networks and determine if what is being requested is legal or safe. you may want to limit the services for which the server uses encryption. as well as Internet protocols secured with SSL. Other ways to minimize the load that encryption puts on the system include: • • • Using an additional Domino server acting as a passthru server for NRPC connections Using a reverse proxy to manage authentication and encryption outside of Domino servers when using SSL Removing unnecessary or unused protocols or services on the server system as well as Domino server services For more information. An application proxy works the same as a packet filter. HTTP is a special case. It can also cache information so requesters can quickly retrieve information again. An application proxy resides in the actual server application and acts as an intermediary that communicates on behalf of the requester. and HTTP. A proxy communicates on behalf of the requester and also communicates information back to the requester. SMTP. not as an application proxy. see the chapters “Installing and Setting Up Domino Servers” and “Setting Up SSL on a Domino Server. a SOCKS server can act as a circuit-level proxy.

Volume 1 . You set this up in the Proxy setting in the client Location document. For more information on connecting a server to the Internet and passthru servers. The application proxy does not allow Internet protocols — for example. you must specify the passthru server in the Location document for a workstation and in the Server document for a server.DOMAIN and db.” 2-8 Administering the Domino System. For Internet protocols. A passthru server provides all levels of Notes and Domino security while allowing clients who use dissimilar protocols to communicate through a single Domino server. which DNS uses to map host names to IP addresses. which implies that the HTTP proxy is a circuit-level proxy for HTTPS. and LDAP — to use a Domino passthru server to communicate. The same method is used to get NRPC. however. HTTPS (HTTP and SSL) use both the HTTP proxy and the Connect method. see the chapter “Setting Up Server-to-Server Connections. You can set up a Domino passthru server as an application proxy for NRPC.ADDR. must contain the correct host names and addresses. POP3. IMAP. IMAP.application proxy because the data is encrypted and the application proxy cannot read the data. • If you are using the Network Information Service (NIS). LDAP. and SMTP protocols). To set up a Domino passthru server as an application proxy When you set up an application proxy. Hosts files must contain the fully qualified domain name of the servers. HTTP. IMAP. you can use an HTTP proxy with the HTTP Connect method to act as a circuit-level proxy. For information on configuring these settings. you must use the fully qualified domain name and make sure NIS can coexist with DNS. see the documentation for your network operating system. You must first connect the server to the untrusted network — for example. A Notes client or Domino server can also be a proxy client and interoperate with either passthru (NRPC protocol only) or as a SOCKS or HTTP tunnel client (for NRPC. To set up a workstation or server to use the passthru server. make sure the following Domain Name System (DNS) services are correctly configured: • The databases db. the Internet — and then set up Notes workstations and Domino servers to use the passthru server as a proxy when accessing services outside the trusted network. and other protocols through the HTTP proxy.

• Use a block protocol instead of a file protocol. In addition. Common Internet File System (CIFS). To avoid these problems on Domino servers. users can breach security by accessing files through NFS instead of through the Domino server. do not allow file system access to the Domino server or the operating system on which it runs. and low latency for read/write operations to these files is desirable.Installation TCP/IP security considerations In a TCP/IP network. the database can become corrupted. If you use the Network File System (NFS) without maintaining the password file. These links can cause both database corruption and security problems. Setting Up the Domino Network 2-9 . unless you are sure you can properly maintain user access lists and passwords and you can guarantee a secure environment. Domino sometimes needs to open large numbers of remote files. and Network File System (NFS) — and the remote file system can affect the Domino server’s performance. and make sure that the ability to access files through NFS is exclusive to this isolated secure network. • Reduce the number of hops and the distance between hops in the connection pathways between the Domino server and the storage system. configure all Domino servers to reject Telnet and FTP connections. Database corruption If the network connection fails while the Domino server is writing to a database on the file server or shared NAS server. Mapped directory links and Domino data security To ensure data security. • Limit access to the NAS system to the Domino server. If this “back door” access method is needed. consider doing one or more of the following: • Create an isolated network and use cut-through (non-buffering) layer-2 switches to interconnect the Domino server to the NAS system. • Use a private storage area network (SAN) instead of a shared NAS system. Furthermore. the interdependence of the file sharing protocols — Server Message Block (SMB). isolate the network pathway on a LAN NIC and segment. do not create a mapped directory link to a file server or shared Network Attached Storage (NAS) server for a Domino server.

CIFS. leaving it vulnerable to access by unauthorized users. the file I/O between the Domino server and the file server or shared NAS server is not encrypted. For operating system requirements. or AppleShare). Lotus Notes does not support concurrent access to the same “local” database by two clients. NetWare Core Protocol. • If a Notes client’s Domino data directory is on a file server or NAS server. consider doing the following: • Locate Notes workstations so that they are not accessing a remote file server or NAS system over a WAN. meaning that the server listens for connections at the IP addresses of all NICs on the computer. However. To avoid problems with Notes workstations.• Avoid creating any file-access contention between Domino and other applications. • To minimize the risk of database corruption because of server failure when a Notes client’s Domino data directory is on a file server or NAS server. NFS. The default configuration Use these topics to plan how to integrate Lotus Domino with the TCP/IP network when the Domino server has one IP address and is not partitioned: • • NRPC name-to-address resolution over TCP/IP Ensuring DNS resolves in TCP protocols 2-10 Administering the Domino System. Volume 1 . Global binding works as long as the computer does not have more than one IP address offering a service over the same assigned TCP port. Planning the TCP/IP network The default TCP/IP configuration for a Domino server is one IP address that is globally bound. all Domino server and Notes workstation traffic is encrypted. Security problems When “Encrypt network data” is enabled. see the Release Notes. evaluate the reliability of the entire network pathway as well as the remote system’s ability to maintain uninterrupted sessions to the Notes client over the file sharing protocols it is using (SMB. remember that only one user (user session) can have the user data directory files open a time.

and an administrator at Acme maintains those records.Installation Advanced configurations Use these topics to plan how to integrate Lotus Domino with the TCP/IP network when the Domino server has more than one IP address or is partitioned: • • • Advanced Domino TCP/IP configurations Partitioned servers and IP addresses Ensuring DNS resolves in advanced TCP/IP configurations Moving to IPv6 This topic provides the information you need if your company is migrating to IPv6 standard: • IPv6 and Lotus Domino NRPC name-to-address resolution over TCP/IP In the TCP/IP protocol. the NRPC service uses a combination of the Notes Name Service and DNS to resolve server names to network addresses.org in a Web URL represents a top-level domain. In a domain such as acme. the method most commonly used to resolve server names to network addresses is the Domain Name System (DNS).acme. app01. When a Notes workstation or Setting Up the Domino Network 2-11 . When to edit the Net Address field in the Server document The default format for a server’s TCP/IP network address in Lotus Domino is its fully qualified domain name (FQDN) — for example. For example. When you set up a Notes workstation on the TCP/IP network. the .com.com or . a DNS server — that is. you normally rely on DNS to resolve the name of the workstation’s Domino home server the first time the workstation tries to connect to it. For background information on how the Notes Name Service works with name-resolver services such DNS. an Internet directory service developed both to allow local administrators to create and manage the records that resolve server names to IP addresses and to make those records available globally.com — based on the DNS record and the IP address references in the system’s TCP/IP stack. While the POP3. As long as the Notes workstation and Domino home server are in the same DNS domain level. a server running DNS software — in the Acme company stores the records for all Acme servers. LDAP. Within DNS. see the topic “Resolving server names to network addresses in NRPC” earlier in this chapter. “domain” refers to a name space at a given level of the hierarchy. and HTTP services use DNS directly. IMAP. DNS can accomplish the resolve.

as the values returned by the Notes Name Service will not be correct. Secondary name servers To ensure that the Notes Name Service is always available over TCP/IP. For information on policies. do not use IP addresses in Net Address fields. Doing so can result in serious administrative complications if IP addresses change or if Network Address Translation (NAT) connections are used. If you do not want to enter the FQDN in the Net Address field. the TCP/IP resolver passes it to DNS. In this case. Note In companies using multiple DNS domains. Caution In a production environment. a Domino secondary name server ensures that a Notes workstation can connect with its home server even when the home server is in a different DNS domain. you might use the simple IP host name if you are setting up multiple TCP ports for NRPC. and DNS resolves the name directly to the IP address of the destination server. For example. using the simple IP host name ensures that DNS does a lookup in all domain levels within the scope of the domains defined in the requesting system’s TCP/IP stack settings. The user’s home server is not running TCP/IP. app01 — either during server setup or later by editing the Server document. see the topic “Ensuring DNS resolves in NRPC — Best practices” later in this chapter. regardless of the DNS domain level of the requesting system. you can designate a Domino secondary name server that stands in for the home server in these situations: • • • The user’s home server is down. The user’s home server cannot be resolved over TCP/IP. You can use policies to automate the setup of secondary name servers. For more information. see the chapter “Using Policies. you can change it to the simple IP host name — for example.Domino server requests this name. Volume 1 .” Special case: The passthru server By connecting to a passthru server. when you set up a Notes user. If both the Notes workstation and destination server are in a different Domino domain 2-12 Administering the Domino System. a configuration in which using the FQDN for each network address can cause connection failures if the Notes Name Service returns the FQDN for the wrong TCP port. Notes users can access servers that do not share a network protocol with their systems.

• Place a hosts file. see the chapter “Setting Up Server-to-Server Connections. On the passthru server. In this case. Keep in mind that the upkeep required for both of these approaches is considerable. • Setting Up the Domino Network 2-13 . Create a Connection document that contains the destination server’s IP address on every Notes workstation and Domino server that needs to access that server. If you must use NetBIOS over IP and use Domino with both the NetBIOS and TCP/IP port drivers. • Direct NetBIOS broadcast — The system sends out a name broadcast message so that all of the systems on the local network segment can register the name and IP address in their name cache. use one of these methods to enable each Notes workstation and Domino server to perform name resolution locally.Installation from the passthru server. For more information on policies. which is a table that pairs each system name with its IP address. you should set up Connection documents for Notes users in locations from which they have difficulty accessing the DNS server.” Internal alternatives to DNS If you don’t use DNS at your site or if a Domino server is not registered with DNS (as is sometimes the case if the server offers Internet services). Set up each system so that it accesses the hosts file before accessing DNS. see the chapter “Using Policies. These methods are not as reliable as traditional DNS and hosts files and can cause name and address confusion. do one of the following: • • On the Notes workstation. on every system that needs private access. For more information on passthru servers.” Alternative IP name services Microsoft networking services offers four additional methods of IP address resolution. do not use these methods when also using the Notes network port for TCP/IP. Tip Use policies to automate the setup of Connection documents for Notes users. For best results. it may not be possible for the passthru server to resolve the name of the destination server. Even if you use DNS. create a Connection document that includes the IP address of the destination server. avoid name-resolution problems by giving the Domino server and the system different names. create a Connection document to the destination server.

For example. use only the characters 0 through 9. see the topic “Ensuring DNS resolves on Windows systems — All TCP protocols. see these topics: • • • Ensuring DNS resolves in NRPC — Best Practices Ensuring DNS resolves in NRPC — Alternative practices Ensuring DNS resolves in NRPC — A practice to use with caution 2-14 Administering the Domino System. You can avoid problems and extra work if you consider the DNS configuration. as well as the effect of other protocol name-resolver services. Within a Domino hierarchical name. see the topic “Server name-to-address resolution over NetBIOS” later in this chapter. • • Caution On a Windows system. the combination of the system’s native NetBIOS over IP name-resolver service and DNS can cause name resolution failure for the Domino server name. A through Z. Ensuring DNS resolves in TCP protocols When you register a new Domino server. not the hierarchical name.• Master Browser cache (for NT domains or SAMBA servers) — Collects broadcasted names and IP addresses and publishes them across the NT domain to other Master Browser systems for Windows® systems to access in their name lookups. the common name is the portion before the leftmost slash. when you choose the format for the common name of the Domino server. which is static in nature. Note that the TCP/IP stacks of Macintosh and UNIX client systems may not be able to access the WINS server. Note When you choose a common name for a Domino server that uses DNS. To avoid name-resolution problems that affect all TCP services on Windows systems. in the name App01/East/Acme. LAN Manager Hosts (LMHosts) — A static hosts file method. WINS is dynamic. For information on avoiding this problem. Unlike DNS. and the dash (-). The common name. the common name is App01. is the name that the Domino server is known by in DNS. you specify a common name for it. Windows Internet Name Service (WINS) — Uses NetBIOS broadcasts.” For procedures to help you avoid DNS problems in NRPC. Note The DNS names held in Lotus Notes and Lotus Domino are not case sensitive. Do not use spaces or underscores. Notes workstations and Domino servers always pass DNS names to DNS in lowercase. Volume 1 .

” Ensuring DNS resolves on Windows systems — All TCP protocols If a Domino server is a Windows system. • On Windows 2000. the name resolving process ends and the DNS record for the Domino server on that system is never found. problems occur only if you enable name services for NetBIOS over IP in order to join an NT domain using Server Message Blocks (SMB). Create a CNAME record in DNS for the Domino server’s name. In the Network dialog box on the Windows NT Control Panel. for IPv6.DNS tab. POP3. In other words. SMTP. because the NetBIOS record for a system’s host name has already been found. or LDAP. 3. To prevent this problem: 1. often two name services exist on the system — NetBIOS over IP and DNS. as these services use DNS directly. linking it with NT-BosMail02. linking it to the system name.to the system name. If you assign the same name to both the Domino server and the system. Note For a Domino server on Windows 2000. Do one: • On Windows NT.com and a CNAME record for BosMail02. If you administer servers that provide Internet services such as HTTP. assign one name as the Domino server common name and then alter that name slightly for the system name by adding a preface such as NT-. 2. client applications that use either the Notes Name Service or DNS can encounter name-space ghosting between the two names. see the chapter “Installing and Setting Up Domino Servers.TCP/IP properties . You name the system NT-BosMail02. the common name is BosMail02. Setting Up the Domino Network 2-15 .com. For example. AAAA record) in DNS for the system name. For naming requirements when using Domino Off-Line Services (DOLs) or iNotes.com.Installation Note that these procedures apply only to servers handling communications between Lotus Notes and Lotus Domino (NRPC services). add a preface such as W2K.acme. using the Network Identification tab on the System Properties dialog box. for the Domino server BosMail02/Acme. The IP address is the same as the one for the Domino server.acme. Create an A record (or. specify the name in two places: the Identification tab and the Protocols .acme. you can skip these topics. You create an A record in DNS for NT-BosMail02.

2. you set up the Domino server App01/Engr/Acme. Thus. regardless of the DNS domain level of the user’s system: 1.acme. the server’s common name. Make sure the Net Address field on the Server document contains the server’s FQDN. set up a secondary name server. 3. and the A record is: app01. when each country in which a multinational company has offices is a subdomain in DNS — doing the following eliminates the need for multiple CNAME records in DNS and ensures that DNS lookups always work. Make sure the Net Address field on the Server document contains the server’s FQDN. doing the following eliminates the need for CNAME records in DNS: 1. Volume 1 . 2-16 Administering the Domino System. 3. Create an A record (or. you register the server with DNS as app01.17. These procedures address the following DNS configurations: • • One DNS domain Multiple DNS domain levels If your TCP/IP configuration has multiple Notes network ports for TCP/IP. see the topic “Ensuring DNS resolves in advanced TCP/IP configurations” later in this chapter.com IN A 192. Create an A record (or. When you have multiple DNS domain levels If your company uses multiple DNS domain levels — for example. When you have one DNS domain If your company uses only one DNS domain. for IPv6.Ensuring DNS resolves in NRPC — Best practices The following procedures provide the best name-resolution practices for a Domino server using the default NRPC configuration on a TCP/IP network (one Notes network port for TCP/IP).168. For example. AAAA record) in DNS.com (the server’s FQDN).acme. The Net Address field in the Server document contains app01. AAAA record) in DNS. 4. Assign the same name as both the Domino server common name and the simple IP host name. Assign the same name as both the Domino server common name and the simple IP host name registered with DNS.10. Place this secondary name server on the same physical network as the users’ systems or on a network that the users can access. for IPv6. If users’ systems are in a different DNS domain than that of their home server or in a DNS subdomain of their home server’s domain. 2.

You set up a secondary name server.com.france.com has no records for the subdomain france.com). Ensuring DNS resolves in NRPC — Alternative practices The following procedures provide alternative name-resolution practices for a Domino server using the default NRPC configuration on a TCP/IP network (one Notes network port for TCP/IP). 5. When the secondary name server supplies the Notes workstation with the FQDN from the Net Address field in the Server document for ParisMail01. DNS resolves the FQDN to an IP address.com does include the records for acme. Parismail01 is the home server for some users in the DNS subdomain spain.com.france.com.com).acme.acme. Nameserver/Acme. use one of the following methods to translate the Domino server’s name to the host name: • Create a local Connection document on each Notes client and Domino server that needs to connect to the Domino server. For example. the connection fails because the DNS subdomain for spain. this approach allows any Notes workstation or Domino server to locate any Domino server.acme. you register the Domino server ParisMail01/Sales/Acme with DNS as parismail01. or set up an individual Notes user.acme. When a user in spain. and the user can access mail.acme.” For more information on setting up an individual Notes user.com.acme. For more information on setting up groups of users. enter redflier. Domino server names that differ from their DNS names When your name scheme for Domino servers is different than that for DNS. regardless of its DNS domain level. register it with DNS as nameserver.com attempts a first connection with the home server (parismail01. see the topic “Setting up a secondary name server” later in this chapter.com. see the chapter “Using Policies.com in the Net Address fields of the Connection documents. Notes then connects successfully with the secondary name server (nameserver. Set up all Notes users or a subset of users affected by Step 4. and ensure that the Location documents of users who need a secondary name server point to this server.acme.acme. and enter the FQDN for the system that hosts the Domino server in the Net Address field. For example. since the DNS subdomain for spain. for the Domino server named App01/Sales/Acme on the system registered with DNS as redflier.acme. As long as all Server documents in the Domino domain have the TCP/IP network address in FQDN format. Setting Up the Domino Network 2-17 .Installation Note Register the secondary name server in the root of the company’s DNS domain.acme.

255. a Notes client accessing the server from the Internet uses the public address.255.255 Class C: 192. The following address spaces have been reserved for internal use.255.1). 2-18 Administering the Domino System. which is a private address (192.168. which converts the private address to one of its static public addresses (130.0 to 172. Internet users must access the Domino server through a NAT router.2). For example.0. These addresses are not accessible over the Internet (non-routable) because network routers within the Internet will not allow access to them.20.255 Class B: 127.0 to 192. Public addresses are assigned to companies by the Internet Corporation of Assigned Names and Numbers (ICANN) or leased from the company’s ISP/NSP.16. • • • Class A: 10. Volume 1 . Public addresses are accessible through the Internet (routable) unless firewalls and isolated networks make them inaccessible.0. use a CNAME record to link the name App01 to the name redflier. It is best to use these IP addresses and not make up your own. Therefore. for the Domino server App01/Sales/Acme on the system registered with DNS as redflier.1.2.255 For example. Network Address Translation (NAT) NAT is a method of translating an IP address between two address spaces: a public space and a private space. users inside a company access the Domino server based on its assigned IP address.31. or having a server on the Internet that you want accessible but for which you can’t use DNS — create Connection documents that directly tell Notes workstations or Domino servers how to access this Domino server by using the server’s IP address in the documents’ Net Address fields.168. When a Notes workstation first accesses this server.255. it obtains the host name from the Net Address field of the Server document and caches it.0 to 10.• Use an alias (CNAME) record in DNS to link the Domino server common name to the simple IP host name.0. thereby making future connections faster.168. Private addresses are IP address spaces that have been reserved for internal use. IP addresses in Connection documents In situations in which you don’t want to use any name-resolver service — such as bringing up a new server system that you don’t want known yet.0.

if followed precisely. each offering an address. if you register a server with DNS as app01. for IPv6. AAAA record) in DNS. as many of them use flat network name services. • • • When you have multiple DNS domain levels If your company uses multiple DNS domain levels — for example. Create an A record (or.acme.germany. If you use network address translation (NAT).com/Sales/Acme. the server’s Domino hierarchical name might be app01.Installation Ensuring DNS resolves in NRPC — A practice to use with caution The following practice. Using this practice has the following disadvantages: • • You can never assign more than one IP address in DNS to the Domino server. but might result in extra work if the infrastructure changes. 2. If the FQDN changes. should ensure good DNS resolves in NRPC for companies with multiple DNS domain levels. You cannot use other network protocols.com. each with its own IP address. thus invalidating the DNS resolve. In this case. Advanced Domino TCP/IP configurations A single Domino server can have multiple IP addresses if you use multiple NICs. Use the server’s FQDN as the Domino server common name. or if one NIC offers multiple addresses.acme. For example. Diagnosing connectivity issues can be much harder.germany. the Domino server name will not match the FQDN. com. You will then need to create a new server and migrate users to it. and those that use hierarchical name systems will not function unless the name hierarchy is exactly the same. when each country in which a multinational company has offices is a subdomain in DNS — do the following: 1.germany. Setting Up the Domino Network 2-19 .acme. you can also assign the Domino server’s common name as app01. Both individual Domino servers and partitioned Domino servers can have multiple NICs. the server’s FQDN must be identical in both instances of DNS (internal and external shadow DNS). Having multiple IP addresses allows the server to listen for connections at more than one instance of the TCP port assigned to NRPC (1352) or at TCP ports that are assigned to other services such as LDAP or HTTP.

replication. machine capacity depends on processors and memory. Volume 1 . Multiple IP addresses with one NIC Reasons to use one NIC to serve multiple IP addresses include: • • • Isolating local versus WAN Notes named networks so local users can see only local Domino servers Preventing independent remote access dialup connections (ISDN dialup router) from being arbitrarily accessed When setting up redundant WAN path connections for server to server access 2-20 Administering the Domino System. For more information on private networks for cluster replication. Note A configuration with multiple NICs does not increase the number of Domino sessions you can have on a server. POP3. used in mission-critical resource access Set up alternate window and/or maximum transmission unit (MTU) settings for satellite uplink and downlink connections isolated from local access connections • • • For a configuration with multiple IP addresses. you must bind each listening port to the appropriate IP address to ensure that each TCP service receives the network connections intended for it. For more information. In TCP/IP. or cluster replication on an alternate path (private network) Partition a Domino server so that more than one partition offers the same Internet service (SMTP. LDAP. a configuration known as a demilitarized zone (DMZ) Use a Domino passthru server as an application proxy Provide network/server failover. each with its own NIC.Multiple IP addresses and NICs on a Domino server Set up a Domino server with multiple IP addresses. see the topics “Binding an NRPC port to an IP address” and “Binding an Internet service to an IP address” later in this chapter. IMAP. Allow access to the Domino server via a TCP/IP firewall system over a different network segment. if you want to: • • • • • Split the client load for better performance Split client-to-server access from server-to-server communication Set up mail routing. see the book Administering Domino Clusters. or HTTP).

LDAP. you can use port mapping. For more information. POP3. it is usually best to assign a separate IP address to each partition and use a separate NIC for each. Both port mapping and PAT require advanced skills to implement correctly. Using a separate NIC for each address can make the computer’s I/O much faster. For more information on port mapping. Lotus Domino is designed to listen for TCP/IP connections on all NICs in a computer system. in which a firewall redirects the TCP port connection to a different TCP port. fine-tune which partitions listen for which connections by associating each service’s TCP port with a specific IP address. Note As an alternative to port mapping. Setting Up the Domino Network 2-21 . If you are unable to assign a separate IP address to each partition. For more information on associating services with IP addresses. you can use a single NIC and still assign a separate IP address to each partition. or HTTP). If more than one partition is hosting the same service (NRPC. you can use port address translation (PAT). Partitioned servers and IP addresses When you set up a Domino partitioned server. see the topic “Configuring a partitioned server for one IP address and port mapping” later in this chapter.Installation • • • When the use of a different TCP/IP port map is needed for firewall connections When offering HTTP services to a different group than NRPC connections As a service provider when offering Domino server access for either Notes or Web clients to different groups/companies For a configuration with multiple addresses and one NIC. As an alternative to using a separate NIC for each IP address. SMTP. see the topics “Binding an NRPC port to an IP address” and “Binding an Internet service to an IP address” later in this chapter. see the topic “Assigning separate IP addresses to partitions on a system with a single NIC” later in this chapter. IMAP. you must configure the TCP/IP stack and bind each listening port to an IP address.

For more information on binding ports to IP addresses. Volume 1 . 6. 4. AAAA records) in DNS.Ensuring DNS resolves in advanced TCP/IP configurations When you have Domino servers with multiple Notes network ports for TCP/IP. (Using CNAME records for the Domino server provides diagnostic fidelity to test the network pathway independently of the server’s name resolve. 5. Use the Bindings tab of the Network dialog box. not its FQDN. set the user’s DNS name lookup scope to the correct DNS subdomain. follow these procedures to ensure server name-to-address resolution by DNS. Assign an IP address to each NIC by creating A records (or. and select the name of the NIC for which you want to disable WINS. Users in different DNS subdomains accessing one Domino server If users are on two isolated networks and the Domino server has a NIC for each network. On the server console. On each Notes workstation. prevent the NetBIOS broadcasts from exiting from both adapters by using the Windows Control Panel to disable one instance of the WINS client. For more information. linking the server’s common name to each NIC name in the A records. 1. use the server’s common name only. Note If the Domino server is running Windows and there is a route between the two networks. use DNS to direct the users to the NIC the server shares with them. Create two CNAME records in DNS for the Domino server. Add a second Notes network port for TCP/IP in Domino. see the book Administering Domino Clusters. This topic covers the following configurations: • • Users in different DNS subdomains accessing one Domino server User-to-server access and server-to-server access via different DNS subdomains For information on servers accessing a private LAN in a Domino cluster. verify that both TCP/IP ports are active and linked to the correct IP address. see the topic “Binding an NRPC port to an IP address” later in this chapter. Use the ping command and the IP address to test the responsiveness of the NIC. select All Adapters. Bind each TCP/IP port to the IP address of the appropriate NIC.) 3. for IPv6. see the topic “Adding a network port on a server” later in this chapter. 2-22 Administering the Domino System. In the Server document’s Net Address field for each TCP/IP port. 2.

1 chi-tokenring 3.acme.west. User-to-server access and server-to-server access via different DNS subdomains If users need to access a Domino server over the LAN and other Domino servers need to access the same server over the WAN. and name the second port TCPIP2. Use the NOTES.com.com for users on the Token Ring network. enter chicago. Then use DNS to direct the users to the NIC for the LAN and to direct other servers to the NIC for the WAN. for IPv6. prevent the NetBIOS broadcasts from exiting from both adapters by using the Windows Control Panel to disable one instance of the WINS client. as follows: chi-tokenring chicago A CNAME 10. select All Adapters. AAAA record) in DNS.com.com. as follows: chi-ethernet chicago A CNAME 10. Create start of authority (SOA) table entries in DNS for the subdomain east. Setting Up the Domino Network 2-23 .acme. Use the Bindings tab of the Network dialog box. set it to west. and select the name of the NIC for which you want to disable WINS. Create SOA table entries in DNS for the subdomain west.com for the users on the Ethernet network and as chicago.INI file to bind TCPIP1 to the IP address for the Ethernet network and to bind TCPIP2 to the IP address for the Token Ring network.east.Installation Example At the Acme company. and on the Token Ring users’ workstations. Change the name of the original Notes network port for TCP/IP to TCPIP1.acme. some users connect to the Domino server Chicago/Sales/Acme over an Ethernet network.20. others over a Token Ring network. Note If the Domino server is running Windows and there is a route between the two networks. 4. add a second NIC to the server. 1. set the DNS name lookup scope to east. 6. 1. In the Server document’s Net Address field for each TCP/IP port. Use the ping command and the IP address to test the responsiveness of the NIC.20.10. On the Ethernet users’ workstations.2 chi-ethernet 2. Assign an IP address to each NIC by creating an A record (or.10. 5.acme. Register the Domino server with DNS as chicago.acme.com.acme.

set the DNS name lookup scope to the correct DNS subdomain. 2-24 Administering the Domino System. Create two CNAME records in DNS for the Domino server.2. For more information. as the Notes Name Service cannot distinguish which NIC a user is accessing and makes the connection based on the content of the Net Address field for the first TCP/IP port listed in the Server document. Set each user’s DNS name lookup scope to the correct DNS subdomain. userportname Where serverportname is the name of the Notes network port for TCP/IP that other Domino servers will use to connect to this server. using the server’s common name and the users’ DNS subdomain. Bind each TCP/IP port to the IP address of the appropriate NIC. 6. 7.) 3. and userportname is the name of the Notes network port for TCP/IP that users will use to connect to this server. 9. Add a second Notes network port for TCP/IP in Domino. edit the PORT setting in the NOTES. Volume 1 .INI file to read as follows: PORT=serverportname. verify that both TCP/IP ports are active and linked to the correct IP address. see the topic “Adding a network port on a server” later in this chapter. On the server console. see the topic “Binding an NRPC port to an IP address” later in this chapter. using the server’s common name and the servers’ DNS subdomain. linking the server’s common name to each NIC name in the A records. In the Server document’s Net Address field for the second TCP/IP port (the port that servers will use). For more information on binding ports to IP addresses. (Using CNAME records for the Domino server provides diagnostic fidelity to test the network pathway independently of the server’s name resolve. In the Server document’s Net Address field for the first TCP/IP port (the port that users will use). 4. enter the FQDN. Note Listing the port that users will use first is important. An initiating server uses its local Domino Directory to detect the Notes named network it has in common with this server. In each server’s TCP/IP stack. enter the FQDN. 5. 8. To direct the Domino server’s first outbound connection to the server-to-server network.

210. and other Domino servers access it privately over the WAN. IPv6 and Lotus Domino Because support for IPv6 by hardware and operating system suppliers and the Internet is still in the early stages. you can enable IPv6 support for SMTP. set the name lookup scope to domino.1 srv-bostonapp04 3. and HTTP services on AIX®.acme.210. On each user’s workstation. Use the NOTES.2 usr-bostonapp04 2.com.com.acme. to bind TCPIP2 to the IP address for the server-to-server network. You register the server with DNS as bostonapp04. Domino supports both IPv6 and IPv4. In the Server document’s Net Address field for port TCPIP1.acme. and Linux systems.boston. and name the second port TCPIP2.domino. set the DNS name lookup scope to boston. Change the name of the original Notes network port for TCP/IP to TCPIP1. 5.com.com.domino. as follows: usr-bostonapp04 bostonapp04 A CNAME 103. the Domino server can still make the connection to that address. as follows: srv-bostonapp04 bostonapp04 A CNAME 103.boston. After you enable IPv6 on a Domino server and add the server’s AAAA Setting Up the Domino Network 2-25 .acme. enter bostonapp04. records that store IPv6 addresses are called AAAA records. and to add the setting PORT=TCPIP2. Create the following SOA table entries in DNS for the subdomain domino.com for the LAN users and as bostonapp04. POP3. In the TCP/IP stacks of the servers that need to connect to this server. Create the following SOA table entries in DNS for the subdomain boston.Installation Example At the Acme company. For port TCPIP2. Thus. 4.com for the server-to-server network over the WAN. IMAP.INI file to bind TCPIP1 to the IP address for the user network. In DNS.acme. moving to the IPv6 standard will be a gradual process for most organizations. if an IPv6-enabled Domino server encounters an IP address in IPv4 format. 6.com. LDAP.acme.acme. users connect to the Domino server BostonApp04/Sales/Acme over the LAN. In Lotus Domino. 1.com. enter bostonapp04.20.acme.41. Solaris®. TCPIP1.

record to DNS. • If only an AAAA record is found. • If both an A record and AAAA record are found. which is the default. Uses DNS to resolve the name: • If only an A record is found. How Lotus Domino decides whether to connect over IPv6 or IPv4 A Domino server evaluates the address format and then. Address format IPv4 Server response Makes an IPv4 connection. These servers can successfully connect to IPv6-enabled Domino servers only if the DNS for the IPv6 servers contain A records. rather than tunnel through the IPv4 network. Domino supports the NetBIOS interface on Windows systems over the following transport protocols: TCP/IP (on systems running TCP/IP). NetBEUI (supplied with all Microsoft network products). NRPC communication does not use them. a set of IBM session-layer LAN services that has evolved into a standard interface that applications use to access transport-layer network protocols. uses the AAAA record. 2-26 Administering the Domino System. connects over IPv6 or waits for the TCP/IP software to make the connection. based on that information. another IPv6-enabled Domino server can connect to it only over IPv6. connects over IPv4. Planning the NetBIOS network The Domino network is compatible with NetBIOS. makes an IPv4 or an IPv6 connection. Servers that don’t support IPv6 can run Domino with IPv6 support disabled. IPv6 Server name Makes an IPv6 connection. and IPX (on systems running IPX/SPX). depending on the remote system’s TCP/IP stack. Volume 1 . set up network devices in the network pathway to connect directly with native IPv6. Note Although you can add some NetBIOS services to Linux and UNIX systems. Using IPv6 in a Domino network For best results when using IPv6 with Domino servers. IPv4 address mapped to IPv6 Attempts to make an IPv6 connection and waits for the TCP/IP software to make either an IPv6 or IPv4 connection.

you can create a data-link switching (DLSw) tunnel to limit the administration access with NetBIOS over NetBEUI. NetBIOS over NetBEUI can provide a secure means to access your server for administration within a flat network. Install an additional NIC on the system for NetBIOS over a private administration network. you can see or access another Windows system’s file system through the Network Neighborhood (indicates Server Message Block/NetBIOS). NetBIOS name and file services might allow users to see or access the server’s file system. NetBIOS over IPX has more. mitigate the security risk by isolating the NetBIOS services. To access the server over a routed IP network. • Setting Up the Domino Network 2-27 . Depending on the access permissions of the operating system and on the transport protocol being used. NetBIOS over NetBEUI has the least overhead. Other Notes/Domino systems can still find the Domino server because Lotus Domino has its own NetBIOS name service to propagate and register the Domino server’s NetBIOS name. Because it is not directly routable. and NetBIOS over TCP/IP has the most. The benefits are as follows: • NetBIOS has low overhead relative to other protocol suites. and disable NetBIOS on the NIC that the Domino server uses. You can register with an NT domain (indicates Server Message Block/NetBIOS). Deciding whether to use NetBIOS services Including NetBIOS in the Domino network has both benefits and risks. Because NetBIOS name-to-address resolution services offer dynamic registration by name broadcasts. If the system on which you run Domino requires NetBIOS name or authentication services. you can use NetBIOS to build a mobile Domino network for temporary or emergency use. When a server provides NRPC services. see the Release Notes. How to tell if NetBIOS is active on a system The following are indications that NetBIOS is active: • On Windows systems. mitigate this risk by disabling the NetBIOS name and file services (SMB/CIFS) on the system so that the system’s name cannot be seen over the network. but access is secure because it is controlled by the authentication and certification features in NRPC. • • The risks of using NetBIOS involve the security of the file system on Domino servers.Installation For detailed system requirements for using NetBIOS with Lotus Domino.

For information on how IPX node numbers are assigned and how to change them. only a Notes or Domino system using the same NetBIOS transport protocol as the destination Domino server can see the destination server’s NetBIOS name. For NetBIOS over TCP/IP. If the Notes or Domino system has more than one NIC for which the NetBIOS transport protocol is enabled. only the NetBIOS port with the same LANA binding as that of the destination server can see the destination server’s name. or both. the NIC’s 32-bit MAC address is used. you can also do one of the following: • Use a WINS server with a static entry. see the Novell documentation.• On Windows 2000 or XP systems. For background information on how the Notes Name Service works with name-resolver services such as the NetBIOS name service. Server name-to-address resolution over NetBIOS When a Notes workstation or Domino server running NetBIOS tries to connect to a Domino server. For NetBIOS over IPX. the SAMBA server service (Windows file server) can offer Server Message Block/NetBIOS or Common Internet File System/IP access. you may need to create a Connection document that includes the physical address of the destination server. • Ways to ensure successful NetBIOS resolves Because NetBIOS broadcasting has a limited range. 2-28 Administering the Domino System. Volume 1 . In most cases. the system’s IP address is used. see the topic “Resolving server names to network addresses in NRPC” earlier in this chapter. which then broadcasts that name and its associated network address over the NetBIOS network. Which physical address is registered for a Domino server depends on the transport protocol: • • For NetBIOS over NetBEUI. When you use the Notes Name Service with the NetBIOS name service. this number is the same as the NIC’s 32-bit MAC address. This process works as long as the network pathway can carry the given lower transport protocol. the initiating system offers the destination server’s common name to the NetBIOS name service. Note On Linux and UNIX systems. For NetBIOS over TCP/IP. the IPX node number is used. “NetBIOS over IP” is selected in the system’s TCP/IP protocol settings.

If the client is not within the same DNS domain level. the Bindery Service or the Novell Directory Service (NDS) — to locate other Domino servers on the IPX/SPX network. In the Network dialog box on the Windows NT Control Panel.DNS tab.Installation • In the initiating system’s TCP/IP stack settings. see Microsoft’s resource kit documentation for the Windows NT and 2000 operating systems. To prevent this problem without making it difficult to manage system files remotely. Planning the IPX/SPX network To use Lotus Domino with IPX/SPX. add a preface such as W2K. Setting Up the Domino Network 2-29 . NetBIOS truncates the name. • On Windows 2000. bridge. do the following: • On Windows NT. the destination server must be registered with DNS. or router and do not have to be on the same LAN. however. Notes workstations and Domino servers access the NetWare server and use its name services — namely. Naming Domino servers on NetBIOS NetBIOS names are limited to 15 characters. even with TCP/IP. For more information on the NetBIOS name service. enable NetBIOS name lookup by DNS. specify the name in two places: the Identification tab and the Protocols . This works even if you are not using any NRPC services. assign one name as the Domino server common name and then alter that name slightly for the system name by adding a preface such as NT-. at least one NetWare server must exist on the network. using the Network Identification tab on the System Properties dialog box. early versions of the resolver may confuse server names if the first eight characters of the names are the same. Note NetBIOS name space is flat. Caution The resolution of a Domino server name can be adversely affected if the server name is the same as the NetBIOS name for a Windows system.to the system name. The NetWare server and a Domino system may be separated by a switch. On NetBIOS over IPX. If the common name of the Domino server is longer than 15 characters.TCP/IP properties . access by name may not be possible.

When you use the Novell Bindery Service with Lotus Domino. 2-30 Administering the Domino System. see the Release Notes. The IPX protocol stack service (Novell or Microsoft) on a Domino server or Notes workstation must point to the local NetWare server as its preferred server and/or preferred tree. note the following: • • The NetWare server must not be more than one hop away from a Domino server. Other Domino servers or Notes workstations do not need to access the same local NetWare server as their preferred server or tree. When naming Domino servers. it is best if the NetWare server is not more than a few hops away from any Notes workstation. Make sure you have not bound the IPX protocol to more than one NIC or frame type on the system that is running the Domino server. consider the requirements of the name service or services you are using. make sure that local routers are not filtering Bindery Service or NDS NetWare Core Protocol (NCP) broadcasts. Volume 1 . Note NDS access is supported only over the IPX/NCP protocol. Server name-to-address resolution over IPX/SPX Notes workstations and Domino servers use NetWare name-resolver services to find a Domino server on an IPX/SPX network. The NetWare server must not be more than one hop away from a Notes workstation when the workstation connects to a Domino server over a WAN. Note The use of TCP/IP tunneling of NRPC-IPX/SPX connections is not supported. • If Lotus Domino and the NetWare server are on different LANs. For detailed system requirements for using Lotus Domino on IPX/SPX. While not required. A Domino server can access only one NIC for the IPX protocol and only one instance of the SPX port driver.

the workstation or server tries a Bindery lookup. Both NDS and Bindery Service — If both services are installed. For background information on how the Notes Name Service works with name-resolver services such those for NetWare. Domino servers use the Bindery Service to advertise their NRPC services on the network. The information stored in the database is persistent. semicolon (. For information on setting up NDS to work with Lotus Domino. plus (+). so a Domino server’s NDS object can always be found in the NDS tree. the Bindery converts multibyte characters to hexadecimal characters. the Domino server name Chicago/Midwest/Acme becomes CHICAGO in the NetWare Bindery. called the Bindery.Installation Lotus Domino supports these NetWare services: • Bindery Service — Network services use the Service Advertising Protocol (SAP) to update the NetWare server’s network database. the Notes workstation or Domino server tries an NDS lookup first. The IPX/SPX port driver is the only port driver that supports NDS. In addition. Since NDS is a static database. which uses SAP broadcasts over IPX/NCP. A Domino server uses the Bindery Service Object ID 0x039B. Novell Directory Service (NDS) — The Novell Directory Service is based on the X. network services update the database only once. colon (:). see the topic “Resolving server names to network addresses in NRPC” earlier in this chapter. • • After you install and set up a Domino server. question mark (?).). comma (. Notes workstations and Domino servers use the Bindery to look up a server’s network address. do not use any of these characters: slash (/). backslash (\). the Bindery detects the entries for that service. Setting Up the Domino Network 2-31 . If the NDS lookup fails. For example. asterisk (*). therefore. see the appendix “Novell Directory Service for the IPX/SPX Network. The Bindery is a dynamic database.” Naming Domino servers on a Netware Bindery Service network The NetWare Bindery Service uses the common name of the Domino server as the server name in the Bindery. When a the common name of a Domino server is added to the Bindery. whether or not the server is currently running. NDS uses less network bandwidth than the Bindery Service. To name a Domino server that uses the Bindery Service.). you use the Domino Administrator to select which NetWare service you want the Domino server to use. if a network service does not update the Bindery within a few minutes. choose a common name that is unique within the Bindery and contains no more than 48 characters.500 directory service.

all systems that use the Bindery Service for name resolution must share one Bindery context name. choose a common name that contains no more than 64 characters. plus (+). Setting up Domino servers on the network Before installing a Domino server. comma (. Separate the Notes named networks based on the Bindery context name that the Notes workstations and Domino server share for Bindery name resolution. Within NDS. colon (:). its NDS name is CN=Chicago. For more information. Do not use any of the following in Domino server names that use NDS: space ( ). converts spaces to underscores. and equal signs. slash (/). Distinguished names can contain up to 256 characters and can include the name types CN. Volume 1 . Although using the NDS distinguished name guarantees uniqueness in NDS — even if two Domino servers have the same common name — it’s best to specify unique common names for Domino servers to ensure uniqueness in all name services you are using. Installed all network drivers in the correct directories. names must be unique. Installed any network software required for the protocols. semicolon (. see the vendor’s documentation. For example. asterisk (*). if a Domino server name is Chicago/Midwest/Acme.1 or later. Note When using Bindery emulation under NetWare 4. and converts all alphabetic characters to uppercase. Naming Domino servers on a Novell Directory Service network In NetWare Directory Services (NDS).). Installed protocol software if necessary. and C. periods. in distinguished name format. O.).OU=Marketing. OU.removes leading and trailing spaces. question mark (?). To name a Domino server that uses NDS. Domino server names are the path from the root of the NDS tree to the Domino server NDS object. you use the Domino Server Setup program to accept network defaults or customize network settings. After you install the server.O=Acme. make sure you have done the following: • • • • Installed one or more NICs on the system. 2-32 Administering the Domino System. backslash (\). Names in NDS are not case sensitive.

see Lotus Notes 6 Help.” Caution Domino assumes that all servers in a NNN have a continuous LAN or WAN connection. enabling. if your company has a TCP/IP network and has LANs in Boston and San Francisco. • For information on connecting Notes workstations to the network.” and change the name of the NNN in San Francisco to “TCPIP SF network. renaming.Installation For more information. After you complete the Server Setup program. 3. the setup program assigns each NNN a default name in the format portname network. see the chapter “Installing and Setting Up Domino Servers. or deleting ports or by enabling network encryption or compression on a port. For example. reordering. Click Current Server Document. change the name of the NNN in Boston to “TCPIP Boston network. or IPX/SPX protocol. Expand the Server section in the view pane. Click the Configuration tab.Notes Network Ports tab. disabling. 5. serious delays in mail routing between servers can occur. If this is not the case. Click Edit Server. 2. you may need to complete one or more of these tasks to finish setting up Lotus Domino on the network: • • Change the default names assigned to Notes named networks to make them consistent with actual network topography. Complete tasks specific to the TCP/IP. Setting up Notes named networks The Domino Server Setup program automatically places all servers that are in a Domino domain and that run the same network protocol in the same Notes named network (NNN). Setting Up the Domino Network 2-33 . NetBIOS. select the server you just set up. and then click the Ports . To change the name of a Notes named network 1. Be careful not to include servers with only dialup connections in an NNN. From the Domino Administrator. It is useful if the name reflects both the location of the network and its protocol. In the Server document.” After you run the setup program. 4. rename the NNN for each network port in the Server document. Fine-tune network port setup by adding.

In the Notes Network field for each port. 1. Volume 1 . enter a new name for the server’s Notes named network. • From the Web Administrator’s Port tool.6. Domino enables ports based on the current operating system configuration. Do one of these: • From the Domino Administrator’s Tools pane. 2-34 Administering the Domino System. see Lotus Notes 6 Help. For information on configuring a communication port for a dialup modem. 3. To conserve system resources. it still appears in the list of available ports so that you can later enable it. Click the Configuration tab. you use the User Preferences dialog box to change port setup. choose Server Setup Ports. disable the ports for protocols that you don’t need.” Use Domino Administrator to make these changes to a server’s network port setup: • • • • • • • • Disable a network port Enable a network port Add a network port Rename a network port Reorder network ports Delete a network port Encrypt network data on a port Compress network data on a port Note On a Notes workstation. click the server on which you want to disable a port. Unless you customize network settings during setup. Click Save and Close. Disabling a network port on a server Even after you disable a port. 2. choose Setup. Fine-tuning network port setup on a server After you install and set up a Domino server. The name can include space characters. review the list of network ports that were enabled by the Server Setup program. see the chapter “Setting Up Server-to-Server Connections. From the Domino Administrator or Web Administrator. For more information on changing port preferences on a workstation. 7.

choose Restart Port. do not use this procedure. see the chapter “Setting Up Server-to-Server Connections.) • From the Web Administrator’s Ports tool. or COMx Options. Do one of these: • From the Domino Administrator’s Tools pane. and specify information as appropriate.” and “Defining a server’s NetWare name service in Lotus Domino” later in this chapter. Click the Configuration tab. To enable a network port 1. SPX Options. Click OK. specify Disabled next to the name of the port you are disabling.” For information on creating a Connection document on a Notes workstation.” 5. 4. LANx Options. see the topics “Changing the TCP/IP connection time-out interval. Save the Server document. 6. For more information on COMx options. Do one of these so that the change takes effect: • From the Domino Administrator’s Tools pane.” 6. 7. Instead. click the server on which you want to enable a port. Setting Up the Domino Network 2-35 . LANx. and then select “Port enabled. 9.Status tab. and then deselect “Port enabled.INI File. make sure you are in the Server Tasks view.” 5. 3. on the Ports . Click the Server . • From the Web Administrator’s Port tool. 2. see the appendix “NOTES.INI file.Installation 4. Select the port you want to enable.” “Defining a NetBIOS LANA number for a Notes network port. choose Server Setup Ports.Notes Network Ports tab. and SPX options. choose Setup. Click OK. choose Restart. For more information. use the Ports setting in the server’s NOTES. see Lotus Notes 6 Help. Click TCP/IP Options. 8. Enabling a network port on a server If the server port you want to enable will be the Notes workstation’s only means of connecting with the server. For more information on TCP/IP. (If you can’t see the Tools pane. Select the port you want to disable. From the Domino Administrator or Web Administrator. In the Server document.

Enter the protocol-specific name of the server — for example. do not use this procedure.7. choose Restart Port. or enter the preceding changes into the Server document on a server that is set up to do the replication.Notes Network Ports tab. (If you can’t see the Tools pane. Enter the name of the Notes named network for the group of Domino servers that are in this location and run on a particular protocol — for example. see the appendix “NOTES. Click the Server . In the Server document. make sure you are in the Server Tasks view.INI file.) • From the Web Administrator’s Ports tool. 10.com. Boston TCPIP. sales. 9. Lotus Domino assigns a default port name to each network protocol detected on the system. The name you use depends on the convention of the network protocol. Space characters are allowed in a Notes network name. 8.Status tab. Volume 1 .acme. Do one of these so that the change takes effect: • From the Domino Administrator’s Tools pane. 2-36 Administering the Domino System.INI File. Save the Server document. Instead. Make sure that this server is set up to replicate its Domino Directory to other servers. 11. Adding a network port on a server If the server port you want to add will be the Notes workstation’s only means of connecting with the server. and edit these fields as necessary: Field Port Action Enter the port name. This field is used to determine the address that other servers use to access this server. choose Restart. use the Ports setting in the server’s NOTES.” For information on creating a Connection document on a Notes workstation. For more information. or other servers will not know that they can connect to this server over the newly enabled port. see Lotus Notes 6 Help. click the Ports . Notes Network Net Address Disabled/Enabled Choose Enabled so that other servers will know the port is enabled.

and SPX options. Space characters are allowed in a Notes network name.” and “Defining a server’s NetWare name service in Lotus Domino” later in this chapter. and edit these fields as necessary: Field Port Action Enter the port name. 8. 9. and specify information as appropriate. choose Server Setup Ports. and click OK. • From the Web Administrator’s Port tool. click the Ports .Status tab. click the server on which you want to add a port. 4. In the Server document. LANx Options. (If you can’t see the Tools pane. 6. 10.” 7. Click New. 5. see the topics “Changing the TCP/IP connection time-out interval. 2. Click the Configuration tab.) • From the Web Administrator’s Ports tool. Click the Server . choose Restart Port. choose Restart. continued Notes Network Setting Up the Domino Network 2-37 . see the chapter “Setting Up Server-to-Server Connections.” “Defining a NetBIOS LANA number for a Notes network port. Click OK. Do one of these: • From the Domino Administrator’s Tools pane. Do one of these so that the change takes effect: • From the Domino Administrator’s Tools pane. 3. make sure you are in the Server Tasks view. or COMx Options. Click TCP/IP Options.Notes Network Ports tab. Specify the port name and driver. choose Setup. For more information on COMx options. LANx. From the Domino Administrator or Web Administrator. Lotus Domino assigns a default port name to each network protocol detected on the system. For more information on TCP/IP. Boston TCPIP.Installation To add a network port 1. Enter the name of the Notes named network for the group of Domino servers that are in this location and run on a particular protocol — for example. SPX Options.

5. 3. Do not use spaces in the port name. Select the port you want to rename.com. From the Domino Administrator or Web Administrator. choose Server Setup Ports. Renaming a network port on a server You might want to rename a port to reflect its function. 2-38 Administering the Domino System. see the topic Creating additional network ports for NetBIOS. choose Setup. 4. 14. If you are adding an additional NetBIOS port on a computer with multiple NICs. Then you might want to might want to rename the original TCP/IP port through which users will communicate with the server USR-TCP. Volume 1 . Click the Configuration tab. 11.acme. click the server on which you want to rename a port. Do one of these: • From the Domino Administrator’s Tools pane. Click Rename. and then enter the new name. see these topics: • Binding an NRPC port to an IP address • Binding an Internet service to an IP address. 2. sales. • From the Web Administrator’s Port tool. or other servers will not know that they can connect to this server over the newly enabled port. For example.Field Net Address Action Enter the protocol-specific name of the server — for example. Save the Server document. 6. This field is used to determine the address that other servers use to access this server. The name you use depends on the convention of the network protocol. suppose you add a second TCP/IP port named SRV-TCP so that clustered servers can communicate over a private network. If you are adding an additional TCP/IP port on a computer with multiple NICs. Make sure that this server is set up to replicate its Domino Directory to other servers. Disabled/Enabled Choose Enabled so that other servers will know the port is enabled. Click OK. 13. 12. 1. or enter the preceding changes to the Server document on a server that is set up to do the replication.

see the topic “Reordering multiple server ports for TCP/IP” later in this chapter.Status tab.Notes Network Ports tab.INI file. 13. If this server is the source server for any Connection documents in the Domino Directory. 9. 4. 5. 14. Click the Configuration tab. choose Setup. 8. List the ports in the order in which you want them to be used — for example. Repeat steps 11 to 13 for each Connection document for which this server is the source. on the Ports . Select a Connection document and click Edit Connection.Connections. Select the port that you want to relocate in the list. • From the Web Administrator’s Port tool. choose Restart Port. list nearest or fastest connections first. Do one of these so that the change takes effect: • From the Domino Administrator’s Tools pane. Click OK. Reordering network ports on a server Changing the order in which ports are listed in the Setup Ports dialog box also changes the Ports setting in the NOTES. make sure you are in the Server Tasks view. change the name of the port to the new name and save the document. click the server on which you want to reorder ports. click Server . Then when a server uses a Notes named network or a Connection document to locate another server. 6. 11. enter the new port name in the “Use the port(s)” field. Click the Server .) • From the Web Administrator’s Ports tool. choose Restart. the port with a close or fast connection will be used as the preferred path. Do one of these: • From the Domino Administrator’s Tools pane.Installation 7. as necessary to relocate the port. 2. Save and close the Connection document. 12. If the Domino server has multiple TCP/IP ports. (If you can’t see the Tools pane. Setting Up the Domino Network 2-39 . 3. On the Basics tab. 10. In the server document. Click the up and down arrows. choose Server Setup Ports. To reorder network ports 1. From the Domino Administrator or Web Administrator.

• From the Web Administrator’s Port tool. make sure you are in the Server Tasks view. 10. In the Server document. 3. choose Restart Port. 4. Note When you create a Connection document on a server. To have different Connection documents reflect different port orders. change the port order again. choose Restart. save another Connection document. and so on. Click the Server . click the server on which you want to delete a port. (If you can’t see the Tools pane. From the Domino Administrator or Web Administrator. whenever the server connects with the destination server. the Connection document takes the port order from the order in the Setup Ports dialog box. Do one of these so that the change takes effect: • From the Domino Administrator’s Tools pane. 5.Status tab. Click Delete. Deleting a network port on a server If you delete a port. the server obtains the port order directly from the Connection document. Click the Server . choose Server Setup Ports. save a Connection document. Click OK. 1. make sure you are in the Server Tasks view.7. change the port order to the new order by cutting and pasting all the necessary fields. Select the port you want to delete. Do one of these so that the change takes effect: • From the Domino Administrator’s Tools pane. 6. change the port order.) • From the Web Administrator’s Ports tool.) • From the Web Administrator’s Ports tool. 8. choose Restart Port. choose Setup. Save the Server document.Notes Network Ports tab.Status tab. 2-40 Administering the Domino System. 7. it no longer appears in the list of available ports in the Setup Ports dialog box. choose Restart. Do one of these: • From the Domino Administrator’s Tools pane. If you change the port order after you create Connection documents. on the Ports . 9. Then. 8. Volume 1 . Click the Configuration tab. (If you can’t see the Tools pane. 2. you must save each Connection document again.

” 6. 2. For protocols other than NRPC. Click the Server . Click the Configuration tab. • From the Web Administrator’s Port tool. 3. network encryption is no longer in effect.Status tab. 4. Encrypting network data has little effect on client performance. After the data is received and stored. Click OK.” To encrypt NRPC communication 1. If you want the server to have one TCP/IP port for Notes traffic over the Internet and another TCP/IP port for internal traffic over NRPC. Be aware that multiple high-speed encrypted connections to a server can affect server performance adversely. you use SSL for encryption. Setting Up the Domino Network 2-41 . 5. on the Ports .Notes Network Ports tab. you don’t need to enable encryption on the TCP/IP ports of workstations or servers that connect to the server. choose Server Setup Ports. 7. In the Server document. Network data encryption occurs if you enable network data encryption on either side of a network connection. if you enable encryption on a server’s Notes network port for TCP/IP. From the Domino Administrator or Web Administrator.Installation 9. 10. Do one of these: • From the Domino Administrator’s Tools pane. choose the server for which you want to encrypt network data. you can encrypt the port for Internet traffic and leave the port for internal traffic unencrypted. Network data is encrypted only while it is in transit. choose Setup. Select “Encrypt network data. For more information. For example. Select the port you want to encrypt. see the chapter “Setting Up SSL on a Domino Server. delete the contents of all the fields next to the name of the port you are deleting. Network encryption occurs at the application layer of a given protocol and is independent of other forms of encryption. Encrypting NRPC communication on a server port You can encrypt network data on a server’s Notes network ports to prevent the network eavesdropping that’s possible with a network protocol analyzer. Save the Server document.

8.PC ports can significantly reduce the time it takes to send and receive data over a remote connection between a Notes workstation and a Domino server or between two Domino servers. enable it on both sides of a network connection. enable network compression for each enabled network port. You benefit from using network compression only if the data being transmitted is not already compressed. The cost of compression might be worth it only for a heavily loaded network. In the case of a network dialup service such as Microsoft’s Remote Access Service (RAS) which includes built-in compression. The same is true of tasks involving data that was compressed using the Lempel-Ziv algorithm (LZ1 compression) — such as replicating a mail file with a large number of compressed attachments. Whether you should enable compression on a network port depends on the type of network connection and the type of data being transmitted. Compressing network data on a server port To reduce the amount of data transmitted between a Notes workstation and Domino server or between two Domino servers. (If you can’t see the Tools pane. you must weigh this gain against increased memory and processor use. enabling compression on Notes network ports does not provide any additional benefit. 2-42 Administering the Domino System. Click the Configuration tab. from the Domino Administrator. choose Restart. since network compression works by buffering data before compressing it. Do one of these so that the change takes effect: • From the Domino Administrator’s Tools pane. For information on policy settings. To enable compression for a network port on a server. see the chapter “Using Policies. From the Domino Administrator or Web Administrator. choose Restart Port.) • From the Web Administrator’s Ports tool. 2. click the server for which you want to turn on network compression. To enable compression on network ports on Notes workstations. For compression to work. use the User Preferences dialog box. To compress data on a server port 1.” WAN connections Enabling network compression on X. make sure you are in the Server Tasks view. use the Server tab in the Domino Administrator. Volume 1 . LAN connections While compression decreases bandwidth use on a LAN. use a setup or desktop policy settings document or from a workstation.

7. assign an IP address to each server partition 6. Set up a secondary name server for Notes clients. choose Setup. For a partitioned server with a single NIC for the entire computer. Select the port for which you want to turn on compression. • Bind an Internet service to an IP address. choose Restart Port. Change a default TCP or SSL port number. Server setup tasks specific to TCP/IP After you run the Domino Server Setup program.Installation 3. Setting Up the Domino Network 2-43 . Select “Compress network data. 4. choose Server Setup Ports. Change the server’s connection-time-out interval. 5. 4. Confirm that TCP/IP is configured properly. 5. 7. complete these procedures: 1. • Bind an NRPC port to an IP address. 2. 8. Click OK.) • From the Web Administrator’s Ports tool. Note Make sure “Port enabled” is selected for that port. Click the Server . Do one of these: • From the Domino Administrator’s Tools pane. For configurations involving multiple NICs on a server or partitioned server: • Reorder multiple Notes network ports for TCP/IP.” 6. choose Restart. • From the Web Administrator’s Port tool. (If you can’t see the Tools pane. enable Domino support for IPv6. For servers that provide services to Internet clients. Do one of these so that the change takes effect: • From the Domino Administrator’s Tools pane. make sure you are in the Server Tasks view.Status tab. 3.

acme. For examples of situations in which the name of a home server cannot be resolved. Note You can use setup or desktop policy settings to assign secondary name servers to groups of users. The name of the user’s home server cannot be resolved over TCP/IP. The user’s home server is not running TCP/IP. In the “Secondary TCP/IP host name or address” field. In the “Secondary TCP/IP Notes server name” field.” 3. (The Advanced tab appears only if you have a location defined as “Local Area Network” or “Both Dialup and Local Area Network. Click “Edit Location. Notesserver1 • The hierarchical name of the Domino server — for example. 197.Mobile . notesserver1 If you specify only the host name in this field. assign a secondary name server in users’ Location documents. and open the location for which you want to designate a secondary name server. The secondary name server is used when: • • • The user’s home server is down. enter one of the following: • IP address — for example.”) 4. see the chapter “Using Policies. Notesserver1/Acme 5. On the Notes workstation.com • The simple host name — for example. Volume 1 .114. Click the Advanced . For more information.33.Locations. see the topic “Ensuring DNS resolves in advanced TCP/IP configurations” earlier in this chapter. the workstation must use the Domain Name System (DNS) or local hosts file to locate the secondary name server.Secondary Servers tab. 2.22 • The fully qualified domain name — for example. When you specify the IP 2-44 Administering the Domino System. choose File .Setting up a secondary name server To ensure that the Notes Name Service is always available to Notes workstations. notesserver1. You can specify a different secondary name server for each LAN location defined.” To set up a secondary name server 1. enter one of the following: • The common name of the Domino server — for example.

1. POP3. Select the TCP/IP port. For example. Lotus Domino resolves the host’s IP address without having to perform a DNS or hosts file lookup. choose Setup. 4. or HTTP service.” Changing the TCP/IP connection-time-out interval You might want to increase the number of seconds that Lotus Domino waits before terminating a connection attempt. • From the Web Administrator’s Port tool. 5.” and enter a number. To enable IPv6. SMTP.INI file determines which port a workstation or server tries first. POP3. 6.INI file: TCP_EnableIPV6=1 Reordering multiple server ports for TCP/IP If a Domino server has multiple Notes network ports for TCP/IP.INI file.INI setting to the server’s NOTES. 6.INI file and the Server document affects how other servers and workstations connect to this server. IMAP. LDAP. as the Notes client or Domino server won’t retry the connection until the timer has expired. choose Server Setup Ports. increasing the time-out interval is often necessary on a server that dials up other Domino servers. add this NOTES. The Ports setting in the NOTES. SMTP. all of these services will try to use the port listed first in the NOTES. the order in which these ports are listed in the NOTES. Enabling support for IPv6 on a Domino server You can enable support for IPv6 on a Domino server that runs the IMAP.Installation address in this field. Do one of these: • From the Domino Administrator’s Tools pane. Click OK. or LDAP service to an IP address. Click “Save and Close. Note Unless the connection is over a dial-on-demand ISDN modem. Click “TCPIP Options. Click the Configuration tab. or router. From the Domino Administrator or Web Administrator. remote bridge. Setting Up the Domino Network 2-45 . In the absence of other settings that bind an NRPC. click the server for which you want to change the time-out interval. 2. it is best to enter a number no greater than 10. The default time-out interval is 5 seconds. 3.

Open.Notes Network Ports tab. To reorder the ports in the Server document.” Workstation-to-server communication If a Domino server has a port for workstations to connect on — for example. click the Ports . If you have enabled more than one Notes network port for TCP/IP (TCP port for NRPC) on either a single Domino server or a Domino partitioned server.INI File. Volume 1 . make sure you have added a Notes port for TCP/IP. Also make sure that each port has a unique name. see the topic “Advanced Domino TCP/IP configurations” earlier in this chapter. and edit the fields in the table. a private network for cluster replication — list this port first in the NOTES. 2-46 Administering the Domino System.INI file so that server-to-server traffic will tend to occur over this connection. you must associate the NRPC ports and IP addresses by binding each port to an address. For information on adding a Notes port. Binding an NRPC port to an IP address By default. see the appendix “NOTES. For more information on the Server_Cluster_Default_Port setting. all TCP/IP-based services on a Domino server listen for network connections on all NICs and on all configured IP addresses on the server.Server-to-server communication If you add a second Notes network port for TCP/IP in order to isolate server-to-server communication — for example. it will not try another port. use the Port Setup dialog box. thus decreasing the data flow on the port for the user network. see the topic “Reordering network ports on a server” earlier in this chapter. To bind an NRPC port to an IP address 1. and replication will not occur.INI file.INI file. For each IP address. over a WAN — list the workstation port first in the Server document so that users see only servers on the LAN when they choose File . For background information on Domino server setups with multiple IP addresses. you must add the setting Server_Cluster_Default_Port to the NOTES. The disadvantage of adding this setting is that if the server encounters a problem connecting over this port. over a LAN — and another port for servers to connect on — for example. Note If you are setting up a private cluster network and do not list the server port first.Database . see the topic “Adding a network port on a server” earlier in this chapter. For more information. To change the port order in the NOTES.

add this line to the NOTES. see the topic “Changing a TCP or SSL port number” later in this chapter. For the Domino Web server (HTTP service).IPaddress Where IPaddress is the IP address of the specific NIC. POP3. In the NOTES.INI file. Binding an Internet service to an IP address If the Domino server has multiple Notes network ports for TCP/IP (NRPC ports) and the server is also hosting the SMTP.130. by default the service will use the port listed first in the Ports setting in the NOTES. 0 Where TCPIPportname is the port name you defined. 15. enclose the address in square brackets.45. as it contains colons.123.INI file. For example: TCPIP_TCPIPAddress=0. You can specify the same NRPC port for multiple Internet services. confirm that these lines appear for each port that you added: Ports=TCPIPportname TCPIPportname=TCP. IMAP. or Internet Cluster Manager (ICM) service.[fe80::290:27ff:fe43:16ac] 4.INI file: TCPIPportname_TCPIPAddress=0. Setting Up the Domino Network 2-47 .INI file. you must specify the NRPC port that you want the service to use in the NOTES. as follows: :1352 Caution Do not change the assigned TCP port number unless you have a way to redirect the inbound connection with Domino port mapping or a firewall that has port address translation (PAT). For example: TCPIP_TCPIPAddress=0. If you do not specify an NRPC port for an Internet service.Installation 2. 0. (Optional) To help you later remember the function of each port. add the default TCP port number for NRPC to the end of the line you entered in Step 3. LDAP. you use the Server document to bind HTTP to a host name IP address. 3. In a situation where you must change the default NRPC port number. For each port that you want to bind to an IP address.1 Note For IPv6.

IMAP SMTP LDAP ICM Example The following example shows the lines (in bold) to add to the Ports section of the NOTES.Notes Network Ports tab. Volume 1 . IMAP. LDAP. click the Ports .10. or ICM service 1. Enter IMAPNotesPort=port name where port name is the name of the NRPC port that you want to link the service to. 15.INI file to bind two NRPC ports to their IP addresses and to specify the second NRPC port for the SMTP service.98. 209.52. and look at the ports associated with the TCP protocol. 0 TCPIP_TCPIPAddress=0. 0. 0. open the Server document. TCP1P2 TCPIP=TCP. Enter SMTPNotesPort=port name where port name is the name of the NRPC port that you want to link the service to. 0 TCPIP2_TCPIPAddress=0. 2. POP3.76. 15. specify the appropriate NRPC port for each Internet service as follows: Note If you don’t know the port name to enter for an NRPC port.33. 2-48 Administering the Domino System. Ports=TCPIP. Service POP3 Action Enter POP3NotesPort=port name where port name is the name of the NRPC port that you want to link the service to. Enter ICMNotesPort=port name where port name is the name of the NRPC port that you want to link the service to.1 TCPIP2=TCP. In the NOTES. Enter LDAPNotesPort=port name where port name is the name of the NRPC port that you want to link the service to. Bind each NRPC port to an IP address.10 SMPTNotesPort=TCPIP2 Note Domino adds the lines that are not bold when you use either the Domino Server Setup program or the Domino Administrator’s Setup Ports dialog box to enable a port.INI file.To bind the SMTP.

The Web site sales. Example 1 — Server partition with Web sites The partition’s host name is app01 and there are two Web sites configured for it: sales.HTTP tab of the Server document. and the Web site accounting.acme. enter the partition’s IP address.acme. For information on Web sites and Internet Site documents.88.acme.113.com and 9.113.88.acme.acme. you can use FQDNs in this field.114 and 9.9.88.acme. Enter the following in the “Host name(s)” field: 9.com).acme.com. On the Internet Protocols .115 where 9.113 is the IP address for both the partition and the virtual host sales.43. Note If the server is a partitioned server and has Web sites configured with separate IP addresses.9.com.115) and one virtual host configured for it.com uses the same IP address as the partition.com.com).43. or has virtual servers (Domino 5) configured for one or more partitions.com has its own IP address.115 is the IP address for virtual server 2 (northeastsales. 9.46.46.46.88.46.88.43. see the chapter “Installing and Setting Up Domino Servers.9.114 is the IP address for virtual server 1 (accounting.88. 2.46.acme.acme.46. enter one or more IP addresses or FQDNs for the server in the “Host name(s)” field. Enter the following in the “Host name(s)” field: 9.113 is the IP address for both the partition and the Web site sales.88.88.Installation To bind the HTTP service 1.88.88.46.” Setting Up the Domino Network 2-49 .46.88.114. Example 2 — Server partition with virtual servers The partition’s host name is app01 and there are two virtual servers (9. Do not list additional Web sites and virtual hosts that have IP addresses that are already listed in this field.43.88. and 9.110 where 9. Alternatively. and each Web site or virtual server’s IP address in the “Host name(s)” field. separated by semicolons.110 is the IP address for the Web site accounting.com and accounting. Select Enabled in the “Bind to host name” field.

and server_name is the name of the partitioned server. Note Using separate IP addresses with a single NIC can have a negative impact on the computer’s I/O performance. The entry for the partition that uses the computer host name should already exist. For background information on partitioned servers and the TCP/IP network. which are based on your operating system. 3. 1. for each server partition. Restart the system if necessary.net file. Remove the corresponding ifconfig command from the system startup /etc/rc. use the netstat command. From another computer. see the topic “Partitioned servers and IP addresses” earlier in this chapter.net). To show the network status. 2. enter this command under the heading “Part 2 -Traditional Configuration” in the startup file (etc/rc. IBM AIX or Linux You must be logged on as root. and test the configuration. 2. Volume 1 . 2-50 Administering the Domino System. /usr/sbin/ifconfig interface alias server_name where interface is the name of the network interface. Do not enter this command for the partition that uses the computer host name. Remove the partition’s name entry from the local host names /etc/hosts file. and server_name is the name of the partitioned server — for example: /usr/sbin/ifconfig en0 alias server2 3. Add one entry in the local host names file /etc/hosts for each server partition.Assigning separate IP addresses to partitions on a system with a single NIC If you use a single NIC with multiple IP addresses. To enable an IP address in IBM AIX 1. use the ping command with the server names. you must complete additional configuration instructions. To enable an IP address. To disable an IP address in IBM AIX or Linux Do not remove the IP address of a server partition that uses the computer host name as its server name. Enter this command at the console: /usr/sbin/ifconfig interface delete server_name where interface is the name of the network interface.

and n is a number that increments for each file name. You must have superuser privileges to configure the NIC. enter: /sbin/ifconfig hme0 plumb /sbin/ifconfig hme0:n IP_address where n is the number you created in Step 2 for each file name. To enable each IP address that you configured in Step 3.Installation Sun Solaris This procedure is for Sun Solaris 2. Add one entry in the local host names /etc/hosts file for each server partition.6.11.hme0 file should already exist and contain the computer host name. At the console.11.96 /sbin/ifconfig hme0:2 111. To verify the IP addresses that you configured. and IP_address is the address assigned to the corresponding server in Step 1. create a file named: /etc/hostname.123.hme0 contains the name Server1. For example: /sbin/ifconfig hme0:1 up /sbin/ifconfig hme0:2 up Setting Up the Domino Network 2-51 . Create the alias for each IP address that goes to the NIC which is hme0. For example. if /etc/hostname.device:n where device is the device name of the NIC. enter: /sbin/ifconfig hme0:n up where n is the number assigned to the file that contains the server name.22 4.123. create: /etc/hostname. The entry for the partition that uses the computer host name should already exist.hme0:2 which contains the name Server3.hme0:1 which contains the name Server2. enter: /sbin/ifconfig -a 5. The /etc/hostname. and /etc/hostname. 2. For example: /sbin/ifconfig hme0 plumb /sbin/ifconfig hme0:1 111. 3. For each partition. To enable an IP address in Sun Solaris 1.

Click the Properties button. use the Network icon on the Control Panel. To configure the NIC to support multiple IP addresses at system startup. use the netstat command. To show the network status. do the following: • On Windows NT. To disable an IP address in Sun Solaris Do not remove the IP address of the server partition that uses the computer host name as its server name. For more information. use the ping command with the server names. Volume 1 . 1. Remove the corresponding /etc/hostname. 2-52 Administering the Domino System. add this ifconfig command to the startup file (probably /etc/rc2. use the Network and Dial-up Connections icon on the Control Panel . see the Windows 2000 documentation.hme0:n file. To disable the IP address. • For Windows 2000.hme0:1 file. which contains the name Server2. and IP_address is the address assigned to the corresponding server in Step 1. Windows To configure a single NIC for multiple IP addresses on Windows systems. remove the /etc/hostname. For more information. From another computer. For example: /sbin/ifconfig hme0:1 down 2. 3.To disable an IP address. Test the configuration. see the Windows NT documentation. For example. to remove Server2. enter: /sbin/ifconfig hme0:n down 6. 7. type: /sbin/ifconfig hme0:n down where n is the number assigned to the file that contains the server name.d/S30sysident): /sbin/ifconfig hme0 plumb /sbin/ifconfig hme0:n IP_address /sbin/ifconfig hme0:n up where n corresponds to the number you created in Step 2 for each file name. Remove the partition’s server name entry from the local host names /etc/hosts file. and then the Local Area Connection icon.

However. from the partition’s NOTES. Setting Up the Domino Network 2-53 . 1. LDAP. you can use the Server document in the Domino Directory to configure IMAP. you must make the port number available to users when they try to connect to the servers. To configure for one IP address and port mapping When you set up port mapping. If the port-mapping partition fails. To do this. 2. or 13524 for the additional server partitions. The port-mapping partition uses the assigned port. Consider adding additional NICs and isolating the data by protocol. you assign a unique TCP port number to each server partition and designate one partition to perform port mapping. With port mapping. In most cases. Port mapping works for NRPC communication only. Notes clients will not be able to open new sessions on any of the partitions. 13522. such as mail routing and replication. you may encounter I/O bottlenecks if you use a single NIC with too many server partitions.INI file. 1352. you use port mapping. the port-mapping partition automatically routes NRPC communication requests to the other server partitions. and POP3 services and Domino Web servers to use unique ports for communication. Note Because Internet protocols carry a large amount of data. because each Notes client maintains information in memory about recent connections. It is best to use port numbers 13520. A client or remote server that has a Connection document containing both the IP address and the assigned port can always access the port-mapping partition. including those redirected by the port-mapping partition. 13521. Choose a unique TCP/IP port number for each server partition on the computer. consider dedicating the partition to this task only. remove all other server tasks. The port-mapping partition listens on port 1352 and redirects Notes and Domino connection requests to the other partitions. However. When you do. Decide which server partition will perform port mapping. a client may be able to connect to a partition even when the port-mapping partition is not running. 13523. Because the port-mapping partition requires extra system resources. existing sessions on the other partitions remain connected.Installation Configuring a partitioned server for one IP address and port mapping To configure server partitions to share the same IP address and the same NIC.

7. 4. include one line for the port-mapping partition and one line for each of the other partitions.INI file of each of the other partitions. Note You must make these port numbers available to users when they try to connect to these servers. 2-54 Administering the Domino System. If there is a break in the sequence. Create an IP address entry for the port-mapping partition in the DNS. include this line: TCPIP_TcpIpAddress=0.IPaddress:TCP/I P port number where TCPIP is the port name. Sales. NIS. unless they have a means to redirect the connection to this port assignment.Notes Network Ports tab in the Server document for each partition. In the NOTES. IPAddress is the shared IP address. sales. users must include acme. and IPAddress is the IP address of the port-mapping partition. and TCP/IP port number is the unique port number you chose for the partition. IPAddress:IPport_number where TCPIP is the port name. In the NOTES. and Mail) on the Ports Internet Ports tab of the Server document. Domino ignores the subsequent entries. 6. if you assign port 12080 to the Web server acme. 5. NN is a number between 00 and 04 assigned in ascending sequence.3. enter the fully qualified domain name — for example. Note You must assign the numbers for NN in ascending order beginning with 00 and ending with a maximum of 04. server_name is the server name of the partition.acme. 8. IPAddress is the shared IP address. Include each partition name as a separate CNAME entry in the DNS. Directory.INI file of the port-mapping partition. or the local hosts file. enter: TCPIP_TcpIpAddress=0. Volume 1 . In the Net Address field on the Ports . org is the organization name.com:12080 in the URL in order to connect to the server. enter: TCPIP_PortMappingNN=CN=server_name/O=org. For example. LDAP. If you also plan to set up the partitions for IMAP.com — or enter the common server name — for example.com. assign to each protocol a unique port number in the “TCP/IP port number” field on the appropriate subtabs (Web. and IPport_number is the unique port number you chose for the partitioned server. NIS. or the local hosts file. For each of the other partitions. and POP3 services and Web server communication. For the port-mapping partition.IPAddress:1352 where TCPIP is the port name.

192.94.Installation Example This example shows the lines you add to the NOTES.192. • You are using Domino port mapping.222. Because the Internet Assigned Number Authority (IANA) assigned Lotus Domino this port number.222.192.169:13524 Changing a TCP or SSL port number The following sections describe the TCP ports that Domino services use and provide guidelines should you ever need to change these ports.222.94. non-Domino applications do not usually compete for this port.222.94.192.94.169:135 21 TCPIP_PortMapping02=CN=Server4/O=Org4.94.169:13521 Partition 4 TCPIP_TcpIpAddress=0. all NRPC connections use TCP port 1352.192.169:13522 Partition 5 TCPIP_TcpIpAddress=0.192.222.192.192.192.94.169:135 23 TCPIP_PortMapping04=CN=Server6/O=Org6.94.94.169:135 24 Partition 2 TCPIP_TcpIpAddress=0.169:1352 TCPIP_PortMapping00=CN=Server2/O=Org2.169:135 20 TCPIP_PortMapping01=CN=Server3/O=Org3.222.222.222.222. Default port for NRPC By default. Partition 1 (the port-mapping partition) TCPIP_TcpIpAddress=0.INI files of the server partitions to set up port mapping for six partitions.222. Do not change the default NRPC port unless: • You can use a NAT or PAT firewall system to redirect a remote system’s connection attempt.94.169:13520 Partition 3 TCPIP_TcpIpAddress=0.169:13523 Partition 6 TCPIP_TcpIpAddress=0.192.222.192.94. Setting Up the Domino Network 2-55 .169:135 22 TCPIP_PortMapping03=CN=Server5/O=Org5.94.

If you can’t ping by host name. If you use a local hosts file. Use the ping command with the remote system’s TCP/IP address — for example. TCP/IP must be working before you can use it. 2-56 Administering the Domino System. the TCP/IP software isn’t properly installed and configured. You may use any number from 1024 through 5000.com. ping 192.1. 3.acme. Default ports for Internet services You may occasionally need to change the number of the TCP or SSL port assigned to an Internet service. TCP ports with numbers less than 5000 are reserved for application vendors. If this is unsuccessful. If this is unsuccessful. ping mail05. use the NOTES.200. Contact the TCP/IP software vendor or operating system vendor if you need assistance.• You create a Connection document that contains the reassigned port number. 2. Use the ping command with the FQDN of the remote server — for example. as long as you don’t install a new application that requires that number.boston. make sure that it contains the server name and IP address of every Domino server with which you want to communicate. use the following tests to confirm that the configuration is properly set up: 1.9. the host-name-to-IP-address translation isn’t working. the server or workstation will not be able to communicate with the server running on the remote system.INI setting TCPIPportname_TCPIPAddress and enter a value available on the system that runs the Domino server. Volume 1 . To change the default NRPC port number. Lotus Domino uses these default ports for Internet services: Service POP3 IMAP LDAP SMTP inbound SMTP outbound HTTP IIOP Server Controller Default TCP port 110 143 389 25 25 80 63148 N/A Default SSL port 995 993 636 465 465 443 63149 2050 Confirming that TCP/IP is configured properly Before you can use TCP/IP for communication.

Note Make sure that your IP host names do not contain illegal characters such as spaces. verify that access is possible from both the internal network and external Internet using the appropriate IP addresses. as well as the Domino server name. • If your Domino server names are different from the DNS host names. 6. If you use DNS. Ensuring DNS resolves in NRPC — Best practices. if needed. • If you are using IP addresses in Connection documents. make sure you have followed the instructions in the topics Ensuring DNS resolves on Windows systems — All TCP protocols. Make sure that your DNS records include the server name and IP address of every Domino server with which you want to communicate. make sure that you have properly configured the UNIX system for NIS. Make sure that the NIS hosts map contains the server name and IP address of every Domino server with which you want to communicate. use the ping command to verify the IP address itself. If you use the Network Information Service (NIS). underscores. If you are using name-resolver services. make sure that you have properly configured the TCP/IP software on this system to query the correct DNS server. and Ensuring DNS resolves in advanced TCP/IP configurations. Depending on your name-resolution practices. 5. see the topic “Ensuring DNS resolves in NRPC — Alternative practices” earlier in this chapter. use the ping command to verify that all of the DNS names which represent the Domino server are responding from the correct network areas. or ampersands. • If you are using network address translation (NAT).Installation 4. Setting Up the Domino Network 2-57 . For more information on the last three practices in Step 6. make sure that the external DNS offers out the public address and the internal DNS offers out the private address. do one of the following: • If your Domino server names are the same as the DNS host names.

after you complete the Server Setup program. From the Domino Administrator or Web Administrator. The NetBIOS LANA number is a logical number that represents a NetBIOS transport protocol stack on a NIC.Server setup tasks specific to NetBIOS After you run the Domino Server Setup program. Use the Domino Administrator to define a NetBIOS LANA number for the NetBIOS port. 2. • From the Web Administrator’s Port tool. IP. or IPX) Notes workstations and other Domino servers are using for NetBIOS within your workgroup or company. and NetBIOS/IPX uses LANA number 1. If you create Connection documents on the server. the LAN port you select must also be for the same transport protocol. If the computer running the Domino server has more than one NIC running the same protocol stack. 2. click the server for which you want to define a LANA number. Click the Configuration tab. Defining a NetBIOS LANA number for a Notes network port To run NetBIOS on a server. you must define a different NetBIOS LANA number for each Notes network port for NetBIOS. complete these procedures: 1. For example. you must determine the NetBIOS LANA number to which the Notes network port will be bound. Depending on how often you configure or reconfigure your system. if the computer has two NetBIOS protocol stacks — such as NetBIOS over NetBEUI and NetBIOS over IPX — NetBIOS/NetBEUI uses LANA number 0. To define a LANA number in Lotus Domino 1. choose Server Setup Ports. create one or more additional Notes network ports for NetBIOS. 3. the LANA numbers may be different than the ones in this example. Volume 1 . NetBIOS systems using the same transport protocol should be in the same Notes named network. Do one of these: • From the Domino Administrator’s Tools pane. choose Setup. If you want the server to connect to different segments of a NetBIOS network. You must know which transport protocol (NetBEUI. 2-58 Administering the Domino System.

lanacfg [options] showlanapaths . Note that the network route linkages shown are the same as in Windows NT.NetBIOS Interface. To find the LANA number for a NetBIOS protocol on a Windows NT server 1. the Network Route entry Nbf->Elnk3 is NetBEUI on a 3Com Etherlink III card. 6. Enter the correct LANA number. 5. and Nbf->NdisWan5 is NetBEUI on a Microsoft Remote Access Service (RAS) connection. 2. Windows NT typically has multiple NetBIOS networks configured in the operating system. one for each network card or dialup network interface. To find the LANA number for a NetBIOS protocol on a Windows 95/98. For Windows 95/98. Select the Portname port. a Windows 95/98. or 2000 systems you can either review the system’s registry bindings or use a Microsoft tool called LANACFG to see and change the LANA number assignments. Select the Network Control Panel .Change the lana number of a bind path Setting Up the Domino Network 2-59 . The NT information appears in the Network Route list. Click “Portname Options. or 2000 system does not have a direct means to see the LANA associations. where Portname is the name of the NetBIOS port for which you are defining a LANA number.Installation 4.Show bind paths and component descriptions for each exported lana setlananumber . or 2000 system Unlike a Windows NT system.” and choose Manual. 7. Click OK. Click the Properties button. XP. For example. XP. The following is an example of the tool’s output from a Windows 2000 server. The most common NetBIOS networks on Windows NT systems are listed below: Name NwlnkNb Nbf NetBT Protocol Novell NetBIOS NetBEUI NetBIOS over TCP/IP (RFC 1001/1002) Some protocols can be associated with multiple LANA numbers. XP.

Dial Out) Lana: 3 -->NWLink NetBIOS Lana: 0 -->WINS Client(TCP/IP) Protocol-->Internet Protocol (TCP/IP)-->3Com EtherLink III ISA (3C509/3C509b) in Legacy mode Creating additional network ports for NetBIOS After you run the Domino Server Setup program. enter C:\>lanacfg showlanapaths You see the following: Lana: 4 -->NetBEUI Protocol-->3Com EtherLink III ISA (3C509/3C509b) in Legacy mode Lana: 7 -->NetBEUI Protocol-->WAN Miniport (NetBEUI. do the following: • • Associate each Notes network port for NetBIOS with a specific NetBIOS interface by defining a LANA identifier for each port. make sure that the server name in DNS or the hosts file is different from the system name. The NetBIOS name service (NetBIOS over IP) can fail if it detects the same system name or Domino name echoing back between the pathways. Make sure that all Domino servers that will access each other have an interface that uses a common transport protocol. In addition to adding each port for NetBIOS. Make sure that the network segments to which the server system’s NICs are attached do not have a pathway in common. • 2-60 Administering the Domino System. The NICs do not need to use the same transport protocol. If you are using both the NetBIOS name service and DNS or a hosts file for name resolution. each can use TCP/IP.rewritelanainfo .Show lana diagnostic info From the DOS prompt. Volume 1 . NetBEUI. you can create network segments for multiple NetBIOS interfaces on the same computer by adding a Notes network port for NetBIOS for each additional NIC. or IPX.Verify and write out lana info to the registry showlanadiag . It is best if they are also in the same Notes named network.

Tip Record any errors that appear on the console while the server is restarting. 2. complete these procedures: 1.Installation Server setup tasks specific to IPX/SPX After you run the Domino Server Setup program. Defining a server’s NetWare name service in Lotus Domino If you enabled the server’s Notes network port for SPX through the Server Setup program. and select “Port enabled” if it is not already selected. choose Setup. For descriptions of supported name services.” and choose a name service. click the server for which you want to select an IPX/SPX name service. 5. From the Domino Administrator or Web Administrator. Use the Domino Administrator to define a NetWare name service for the server. 7. Setting Up the Domino Network 2-61 . (Optional) Control which IPX/SPX address (socket number) the server uses. you must use the Domino Administrator to select which NetWare name service a Domino server uses with IPX/SPX. Do one of these: • From the Domino Administrator’s Tools pane. Click OK. Select the SPX port. 4. Restart either the server or the SPX port in order for the change to take effect. 2. To select a name service 1. If the name service you use is NDS. see the topic “Server name-to-address resolution over IPX/SPX” earlier in this chapter. record the server’s NDS distinguished name in the Server document. 6. choose Server Setup Ports. Click “SPX Options. Click the Configuration tab. 3. • From the Web Administrator’s Port tool. 3.

2-62 Administering the Domino System. 7. the socket is called a persistent dynamic socket. 2.” and then click the Ports . Click Current Server Document. it uses a dynamic socket and then saves the socket number.OU=Chicago. 4. enter the server’s NDS distinguished name. the Domino server lets the IPX/SPX stack assign one. 3. 1. Novell manages the registration of these sockets. If you are using the Novell Directory Service (NDS) for the IPX/SPX network. Click the Configuration tab. Click “Edit Server. enter CN=App04. select the server for which you want to record the NDS distinguished name. Applications using dynamic sockets use whichever socket number the IPX/SPX stack allocates during the registration of the service to the local NetWare server by the application. Connections initiated by a Domino server or Notes workstation use a dynamic socket. In the Net Address field for the SPX port. allocating them from a range of 0x2000 through 0x3FFF. the SPX port driver uses a modified algorithm for allocating sockets and always tries to use the same socket number. For the listener socket. For example. or well-known.Recording a server’s NDS distinguished name The Server Setup program adds the common name of the Domino server to the Net Address field in the Server document. Subsequent invocations of the Domino server use the saved socket number. Novell assigns well-known sockets to products for their exclusive use. If the socket number is unavailable. you must edit this field to contain the server’s NDS distinguished name. Assigning the IPX socket number for a Domino server The IPX/SPX protocol provides two types of sockets: dynamic sockets and static. Dynamic sockets are allocated from a range of 0x4000 through 0x7FFF. Using dynamic sockets usually ensures that a socket number is not used twice.O=Acme Note NDS names are case-sensitive. Volume 1 . 6. Therefore. sockets. Applications using well-known sockets always listen on the same socket number. From the Domino Administrator. When a Domino server using SPX starts for the first time.Notes Network Ports tab. Make sure that the NDS tree object for the Domino server has exactly the same distinguished name as the one you enter here. Click Save and Close. 5. Expand the Server section in the view pane.

Setting Up the Domino Network 2-63 . the Domino server will not start. Check the NetWareSpxSettings setting in the NOTES. use the NOTES.0. If the problem still occurs. the 17393 is the socket’s decimal value.0. To determine the socket number the Domino server is using. either close the application that is using the same socket as Domino or reassign a new socket to the Domino server. NetWareSocket applies only to the listener socket. the Domino server can fail to start. assign the NOTES. in the setting NetWareSpxSettings=0.0.Installation If for some reason this saved socket number is in use — for example. Note If NetWareSocket is set in the NOTES. and another application is assigned that socket number through the dynamic assignment process. This condition may occur if the socket number the server normally uses is in use by another application on the same system.INI file contains the setting NetWareSocket=9135 (which is the decimal value of 23AF).17393. For example.INI setting NetWareSocket to the address of a well-known socket. where SPX is the SPX port driver name. if the NOTES.INI file.3. For example. To minimize the chance of the server’s not starting. if another application using dynamic sockets allocated the socket — the Domino SPX server allocates a new socket number and saves it for future invocations. do one of the following: • • Enter SHOW PORT SPX at the console. Connections initiated by a workstation or server still use a dynamic socket.INI file and the Domino server cannot bind to the specified socket on the local system’s IPX/SPX protocol stack. The number after the last comma in the value is the decimal value of the server’s IPX socket.0. To control the socket number.INI setting NetWareSocket. Assigning a socket number Controlling the socket number used by the Domino server is useful in large IPX/SPX networks because an assigned socket number prevents server name-to-address resolution problems that result when name service records lag behind a dynamic socket number assignment when a server is restarted.

Specifies whether or not to enable Domino for IPv6.NOTES. Specifies which Notes network ports are enabled on a system. Specifies the name of the Notes network port for TCP/IP with which you are linking the POP3 service. Specifies the TCP/IP port number of each partitioned server sharing the IP address of the port-mapping server.INI File. Specifies the name of the Notes network port for TCP/IP with which you are linking the IMAP service. Volume 1 . see the appendix “NOTES. Defines the IP address and the port number for a Domino server. IMAPNotesPort LDAPNotesPort POP3NotesPort SMTPNotesPort TCP_EnableIPV6 TCP/IPportname_PortMappingNN TCP/IPportname_TCPIPAddress 2-64 Administering the Domino System.” Settings for all NRPC networks Setting portname_MaxSessions Ports Description Restricts the number of sessions on a specified port. For more information on these settings.INI settings for networks The following tables contain the NOTES.INI settings that pertain specifically to networks. Specifies the name of the Notes network port for TCP/IP with which you are linking the SMTP service. Settings for the TCP/IP network Setting ICMNotesPort Description Specifies the name of the Notes network port for TCP/IP with which you are linking the Internet Cluster Manager (ICM) service. Specifies the name of the Notes network port for TCP/IP with which you are linking the LDAP service.

NWNDSUserID Setting Up the Domino Network 2-65 . Specifies the user ID for Domino to log in to the Novell Directory Service (NDS) tree on system startup.Installation Settings for the IPX/SPX network Setting NetWareSocket NetWareSpxSettings NWNDSPassword Description Specifies the IPX socket number used by the Domino server. Specifies the password for Domino to log in to the Novell Directory Service (NDS) tree on system startup. Specifies the decimal value of the Domino server’s IPX socket.

.

Use the Domino Server Setup program to set up the server. For more information on Steps 1 through 4. do the following: a. b. you must plan server and organizational naming and security. In addition. If you are adding an additional server to an existing Domino infrastructure. Installing and setting up Domino servers Before you install and set up the first Domino server. will it be a mail server or an application server? The function of the server determines which tasks to enable during configuration. see the chapter “Deploying Domino. you must understand your existing network configuration and know how Domino will fit into the network. For information on system requirements. 2. 4. Install the server program files. To install and set up a server Installing a Domino server — that is. you must have already registered the server and its server ID and password must be available. If this is the first server in a Domino domain. see the Release Notes.Installation Chapter 3 Installing and Setting Up Domino Servers This chapter describes how to plan a hierarchical name tree and how to install. Decide whether the server is part of an existing Domino domain or is the first server in a new Domino domain. and register Domino servers. copying the server program files onto the designated machine — is the first part of deploying a server. Choose a name for the server. Refer to the hierarchical name scheme that you created based on your company’s structure. 3-1 .” 5. 1. The second part is using the Domino Server Setup program to configure the server. set up. Decide where to locate the server physically and decide who administers it. Identify the function of the server — for example. 3.

Always use the following path for entering commands: lotus/bin/server The “server’” portion of the path is a script that initializes a UNIX shell so that Domino programs can run on UNIX. Implement Domino security. as required by the hierarchical name scheme.c. On a Notes workstation. based on the type of services. Distribute certifier IDs to administrators. UNIX operating systems For Domino on a UNIX® server. 3-2 Administering the Domino System. Entering system commands correctly Some of the procedures that follow include instructions for entering commands at the system command prompt. Perform additional configuration procedures. do the following: a. d. For more information on Steps 5 and 6. The instructions tell you to enter the command from the “Domino program directory” or “Notes program directory. e. the Notes program directory is c:\lotus\notes. the Domino program directory is c:\lotus\domino. Use the Domino Server Setup program to set up each additional server.” 7. see the procedures that follow and the chapters “Setting Up the Domino Network” and “Planning Security. b. f. Before entering commands. Install the server program files on each additional server.” depending on whether you are performing the procedure on a Domino server or a Notes workstation. make sure you understand the following definitions of these terms as they apply to your operating system. Windows operating systems On a Domino server. Volume 1 . Complete network-related setup. Create organization certifier IDs and organizational unit certifier IDs. the actual location of the server program files is different from the directory you use for entering commands. and programs that you want to run on this server. unless you installed the program files to a different location. c. If this server is part of an existing Domino domain. tasks. 6. Use the Domino Administrator to register the server. unless you installed the program files to a different location.

• Make sure that all other applications are closed. or you can do a silent install of a local server or remote servers. and then use setup. and the Install program may not run properly. you may corrupt any shared files. Read the Welcome screen. • If you are upgrading to Domino from a previous release. • Read the Release Notes for operating system and network protocol requirements and for any last-minute changes or additions to the documentation. Installing and Setting Up Domino Servers 3-3 . see the chapter “Setting Up the Service Provider Environment. To install Domino.” Installing Domino on Windows systems You can install Domino on a Windows system by following this procedure. do the following: • Make sure that the required hardware and software components are in place and working.exe -s to install the configuration.Installation While by default the actual location of the lotus directory is /opt/lotus. which is on the installation CD. see the Upgrade Guide. use setup. Then read the License Agreement and click Yes. /local/lotus or /usr/lotus. for example. or copying the program files to the system’s hard drive. you can change it to any location. Before you install the Domino server program files on a Windows system. • Temporarily disable any screen savers and turn off any virus-detection software. 2. see the InstallShield documentation.exe -r at the command prompt to record the install configuration to a file. For more information on silent install. 3. Server installation The first step in deploying a Domino server is installation. Otherwise. see the following procedures: Installing Domino on Windows systems Installing Domino on UNIX systems For information on installing servers for hosted environments. To perform a silent install. Run the install program (SETUP. and click Next.EXE). 1.

and then click Next. 3-4 Administering the Domino System. 9. Note that it does NOT include support for messaging services. Select the server type you acquired: • Domino Utility Server — Installs a Domino server that provides application services only. Choose whether you want to install partitioned servers. 10. Read the Release Notes for operating system and network protocol requirements and for any last-minute changes or additions to the documentation. Choose the program and data directory in which to copy the software. Specify the program folder or accept Lotus Applications as the program folder that will contain the software. 7.Programs . Choose Start . 11. 8. Note All three types of installations support Domino partitioned servers. do the following: • • Make sure that the required hardware and software components are in place and working. specify a data directory for each partition. or click Next to accept all components. 12. If you are installing partitioned servers. you choose only a program directory.Lotus Applications . Note that it does NOT include support for application services or Domino clusters. 6. with support for Domino clusters. Installing Domino on UNIX systems Before you install the Domino program files on a UNIX system. See full licensing text for details. Volume 1 . • Domino Enterprise Server — Installs a Domino server that provides both messaging and application services. Enter the administrator’s name and the company name. • Domino Messaging Server — Installs a Domino server that provides messaging services.4.Lotus Domino Server to start the Server Setup program. Only the Domino Enterprise Server supports a service provider (xSP) environment. Click Customize to choose which components to install. The Domino Utility Server is a new installation type for Lotus Domino 6 that removes client access license requirements. 5. with support for Domino clusters. If you are installing partitioned servers. Click Finish to complete the install program.

you can use these keys at the UNIX command prompt: • • • • • Type h for help Type e to exit the Install program Press ESC to return to the previous screen Press the spacebar to change the setting until you get the one you want Press TAB to accept a setting and continue to the next screen Installing and Setting Up Domino Servers 3-5 . To use interactive mode You use interactive mode to install the Domino program and data files on the local machine or to use a Telnet connection to install the Domino program and data files on specified remote systems. When you have multiple instances of the Domino server.” To install the Domino program files on a UNIX system. Then all Domino partitions share one program directory and. If you install a single Domino server and later want to make it a partitioned server. The instances can all be the same release of Domino or different releases. it is best to install a Domino partitioned server. conserve system resources. Otherwise. by doing so. For more information on partitioned servers. see the chapter “Deploying Domino.Installation • • Temporarily disable any screen savers and turn off any virus-detection software. one or more of the instances may be a partitioned server. If you want all instances to be the same release. each with a separate program directory. you can do so without removing the initial installation. read the Upgrade Guide. you can use either interactive mode or script mode. only one instance can be earlier than Domino 6. If you install different releases. you may corrupt any shared files. If you are upgrading to Domino from a previous release. and the Install program may not run properly. Make sure that all other applications are closed. During the interactive mode installation. • You can install multiple instances of the Domino server on a single system.

Enter the following at the root command prompt to run the script: . Choose one: • Yes if this system will have only one Domino installation (program directory) • No if this system will have multiple Domino installations (multiple program directories) Data directory Specify the directory in which Domino will store data files. If you are installing a partitioned server. you may specify a different group for each data directory. Specify the group to which the UNIX User belongs./install 5. Install template files Choose one: • Yes to install new templates • No to retain templates from a previous release Install xSP server (for Domino Enterprise Server only) Program directory Create /opt/lotus soft link Choose one: • Yes if this is an xSP server • No if this is not an xSP server Specify the directory in which Domino will store program files. 2.1. 3. Log in to the root account for Domino Server installation. Change to the directory containing the “install” script. Follow the on-screen instructions and specify these options: Option Action Add data directories Choose one: only • Yes to change a single Domino server into a partitioned server or add data directories to an existing partitioned server • No to keep a single Domino server Domino Server installation type Choose the server type that you acquired. Volume 1 . indicate that and specify multiple data directories. you may specify a different person for each data directory. Specify the person who will own the server configuration data. 4. you must have the Domino Enterprise Server. UNIX User name UNIX Group name 3-6 Administering the Domino System. Make sure the Domino server kit is available from your network or CD ROM drive. If you are installing a partitioned server. If you are installing a partitioned server. For an xSP server.

• Create /opt/lotus soft link — opt_lotus_softlink = 0 • Data directory — Use the directory where Domino stores data files. SCRIPT. including descriptions of each parameter and instructions for using the -script option to install partitioned servers. Switch back to the kit’s install directory (CD-ROM or network). Change the directory to the kit’s install directory on either the CD-ROM or network drive. filename. Log in to the root account from your local system. the default sample script file. Copy SCRIPT.dat. 3.dat Installing and Setting Up Domino Servers 3-7 . • UNIX User name — Person who will own the server configuration data • UNIX Group name — The group to which the UNIX User belongs 4. Open the local script file. as follows: • Install target host name — parameter = target_hosts • Domino server installation type —Choose the server type that you acquired.dat. contains information you need to install the Domino server program files. Save the local file.DAT. • Install template files — template_install_option = 1 • Add data directories only — add_data_directories_only = 0 • Install xSP server — asp_install_option = 0 • Program directory — Use the directory where Domino stores program files.dat Where filename is the name you want to give to the local script file that will contain the installation settings. 2.Installation To use script mode Script mode installation provides silent install functionality for UNIX platforms and allows you to install saved installation settings to a local server or remote servers. 7. and set the parameters as needed. 6.DAT from the kit’s install directory to your local system as filename. enter this command at the UNIX console prompt: install -script filename. 5. filename. 1. To install using the local script file. It is usually best to use the default settings.

Creates a Certifier document. Uses the PUBNAMES.ID. names the directory NAMES. and places it in the Domino data directory. names it LOG. Creates the log file. Setting up the first Domino server in a domain establishes a framework that consists of the Domino Directory.The Domino Server Setup program The Domino Server Setup program guides you through the choices you make to configure a Domino server. Setting up the first Domino server does the following: • • • Creates a Domino domain.ID to the administrator’s Person document in the Domino Directory. • • • • • • • • • • • • • 3-8 Administering the Domino System. When you set up additional servers. Optionally creates an organizational unit certifier ID. names it CERT. which describes the organization certifier ID. Creates an organization certifier ID.NSF. Creates a user ID and password for the Domino Administrator and attaches it as a file named USER. you build upon this framework. Volume 1 . Creates the certification log file. and stores it in the Domino Directory.NSF. and saves it in the Domino data directory. Enables the appropriate network and serial ports. Creates a server ID. names it CERTLOG. names it SERVER.ID. and saves it in the Domino data directory. Creates a Server document in the Domino Directory and includes in it information that you specified during the setup program. in the Domino Directory. names it OUCERT. Creates a Person document in the Domino Directory for the Domino Administrator that you specified during the setup program. ID files. Uses the organization certifier ID to certify the administrator’s user ID. Adds the server name to the LocalDomainServers group in the Domino Directory. Gives the administrator and the server Manager access in the ACL of the Domino Directory. and saves it in the Domino data directory.NSF. Uses the organization certifier ID to certify the server ID. and saves it in the Domino data directory. and documents.ID.NTF template to create the Domino Directory for the domain.

or the existing Domino server’s directory. Creates the log file. names it DOLADMIN. either from a file. Dials the existing Domino server if the connection is made through a modem (possible only on Windows systems). if a file location was specified during the setup program. Creates a Connection document to the existing Domino server in the Domino Directory. If “DOLS Domino Off-Line Services” was selected during the setup program.NSF. and saves it in the Domino data directory.ID. and saves it in the Domino data directory.NSF. Copies the server’s ID from the location specified during the setup program. names it ADMIN4. Retrieves the Domain name and Administrator name from the Server document in the Domino Directory. if selected during the install program.NSF. Configures xSP Service Provider information.NSF.NSF. Creates the Reports file. and saves it in the Domino data directory. and saves it in the Domino data directory. a copy of the directory. Updates network settings in the Server document of the Domino Directory. and saves it in the Domino data directory. names it SERVER. Copies the Domino Directory. Copies or replicates the Monitoring Configuration file. if selected during the setup program. depending on the selections made during the setup program. and saves it in the Domino data directory.Installation • • • • • Creates a mail directory in the Domino data directory and creates a mail file in that directory for the Domino Administrator. Replicates the Domino Directory. Updates the Access Control List in all databases and templates in the Domino data directory tree to remove Anonymous access and/or add LocalDomainAdmin access. and saves it in the Domino data directory. Copies or replicates the Administration Requests file. names it REPORTS. names it NAMES. if it doesn’t already exist.NSF. names it LOG.NSF. Configures SMTP. names it EVENTS4. creates the Off-Line Services file. and saves it in the Domino data directory. • • Setting up an additional Domino server does the following: • • • • • • • • • Installing and Setting Up Domino Servers 3-9 . names it NAMES.

disconnected from the network.NSF. • • • • Using Domino Off-Line Services (DOLS) and iNotes Web Access To provide iNotes™ Web Access users with the ability to work off line.NSF. Configures SMTP. you must enable DOLS when you set up the server. creates the Off-Line Services file. and saves it in the Domino data directory. names it REPORTS. If you rename a user. accept the name change using a Notes client. depending on the selections made during the setup program. if selected during the setup program. Users require a Notes ID so that DOLS can synchronize the offline mail file with the server.ID attachment from the Domino Directory. see the chapters “Setting Up Domino Off-Line Services” and “Setting Up iNotes Web Access. if applicable. DOLS enables users to work off line.” 3-10 Administering the Domino System. The default DOLS configuration will prompt the user for a Notes ID the first time they go offline with iNotes Web Access. For more information. the user must wait for the old Notes ID and password to stop working. Volume 1 . if any. Removes the SERVER. and provides many replication features that Notes users expect when working in the Notes client. If “DOLS Domino Off Line Services” was selected during the setup program. Replicates changes made to the Server document with the existing server. the user must reinstall the DOLS offline subscription in order for the offline mail file to synchronize with the server.• • • • Creates the Reports file. After a name change. then log on to iNotes Web Access with the new Notes ID and password. Configures xSP Service Provider information. Updates network settings in the Server document of the Domino Directory. Updates the Access Control List in all databases and templates in the Domino data directory tree to remove Anonymous access and/or add LocalDomainAdmin access. names it DOLADMIN. and saves it in the Domino data directory. if selected during the install program.

NTF). In the “Domino tasks” list. look at the Host field. Then choose Network Neighborhood properties .” If you deselect this option. when you have the option to create an access control list entry. • The Internet host name — Open the Server document and look at the “Fully qualified Internet host name” field. • The server name — Open the Server document and look at the Server name field. you can configure DOLS manually by editing the Server document. Make sure the following names are identical: • The TCP/IP DNS host name — In Windows.NTF) Discussion . add the group LocalDomainAdmins to all databases and templates. To configure DOLS during Domino Server Setup 1. 2.TCP/IP properties. 4. On the DNS Configuration tab.HTTP.” and then click Customize. choose Start Programs . 1. At the end of setup. The following templates are enabled for DOLS by default: • • • • iNotes Web Access (iNOTES60. Note DOLS runs on Domino servers configured to work through a Microsoft IIS server. Open the Server document. 5. To configure DOLS manually If you do not configure DOLS during Domino Server Setup. you must open the ACL for each DOLS application and assign No Access to Anonymous. You can enable any application for DOLS. Accept the default option “Prohibit Anonymous access to all databases and templates.Notes and Web (R6) database (DISCSW6.NTF and the R5 version) iNotes Web Access for Outlook (MAIL6EX.” 3.Windows Explorer.Installation Setting up DOLS on a server Domino Off-Line Services (DOLS) must be configured on the Domino server for users to be able to take applications off-line and use only a browser to work with them.NTF) Extended Mail (MAIL6EX. Under “Setup Internet services for. Installing and Setting Up Domino Servers 3-11 . Click Internet Protocols .” select “Web Browsers (HTTP services). select “DOLS Domino Off-Line Services. 2.

make sure that: • The Domino server is either a Domino Utility Server or Domino Enterprise Server. restart the Domino administrator and click the Configuration tab. To configure DOLS on a server that uses Web Site documents If you create a Web Site Document (a type of Internet Site document) on the Domino server. The name of the DOLADMIN. For more information on configuring an iSeries server with DOLS. the Server document is updated when a new server is configured or an existing server is modified using the CFGDOMSVR or CHGDOMSVR CL command with DOLS(*YES) specified. After the database is created.3.NTF. see the Lotus Domino 6 for iSeries Release Notes.libdolextn • Solaris/Sparc .libdolextn • S390® . this name cannot be different on a different server in the cluster. 5. Create a DOLADMIN.libdolextn Note On the iSeries platform. For example.libdolextn • AIX® . and then restart the server: • Win32 .ndolextn • Linux . Volume 1 . In the “DSAPI filter file names” field. enter the DSAPI filter file name that corresponds to the operating system that the server is running. 4. • All servers in the cluster run the same release of Domino with DOLS • Clustered server management is running to handle both failover of replication and HTTP • Internet Cluster Manager is running • Subscription directories must have the same name on every clustered server.libdolextn • iSeries® .NSF is an option in the Navigation pane. 3-12 Administering the Domino System. you must add the appropriate DOLS DSAPI filter filename to the DSAPI field in the Web Site document for DOLS to be enabled. if a subscription is under \data\Webmail user\7CD5957CB669AE2285256BDF00567AD8\.NSF database from the template DOLADMIN. To set up DOLS on clustered servers Before using DOLS on a clustered Domino 6 server.

ndolextn Linux . invite people to meetings. Click the Configuration tab. In the Domino Administrator. and then restart the server: Win32 . which appears on the DNS tab of the Network properties .lotus. To set up iNotes Web Access. choose “Web Browsers (HTTP Web services)” during Server Setup. create to do lists. In the “DSAPI filter” field. DOLS is not required to run iNotes Web Access. see the topic “Configuring Internet sites with Web Site and Internet Site documents. 2. view the calendar. and work off line.TCP/IP properties box. For example.Installation If there are several Web Site documents. which appears on the Basics tab of the Server document. Open the Web Site document. a user can send and receive mail. also choose Domino Off-Line Services (DOLS). “acme” is the machine name.libdolextn AIX . Using iNotes Web Access. keep a notebook. enter the DSAPI filter file name that corresponds to the operating system that the server is running.” Setting up iNotes Web Access on a server iNotes Web Access provides Notes users with browser-based access to Notes mail and Notes calendar and scheduling features. the host name for DNS. The server’s common name. you must add the DSAPI filter filename to each one.libdolextn For more information on Internet Site documents. 3. which appears on the Basics tab of the Server document The machine name of the fully qualified Internet host name. make sure the following names are identical: • • • The server’s TCP/IP name. If you want to give users the ability to work off line.libdolextn Solaris/Sparc .com is the fully qualified Internet host name.libdolextn S390 . if acme.libdolextn iSeries . Installing and Setting Up Domino Servers 3-13 . To add the DOLS DSAPI filter filename to a Web Site document: 1. and Domino server common name.

then click People. 4.” For more information on Connection documents. Enter the Sametime server’s name in the “Destination server” field. 8. Select the iNotes Web Access server’s Domino Directory in the “Use Directory on” field. Register users with the iNotes Web Access (R6. Part 2 . For complete information on installing Sametime. Select the iNotes Web Access Domino directory. Click Edit.0) mail template. Enter the source domain of the iNotes Web Access server and the destination domain of the Sametime server.” Part 3 . The domain must be the same in both fields. Set up iNotes Web Access on a server by making the appropriate selections during Server Setup. see the Sametime Installation Guide. 5. Sametime is called “Chat” in iNotes Web Access. Sametime must be installed on a dedicated server. 3. see the chapter “Setting Up Server-to-Server Connections. 3-14 Administering the Domino System.Create a Connection document on the iNotes Web Access server 1.Setting up iNotes Web Access with Sametime iNotes Web Access integrates Sametime® so that users can send and receive instant messages. 4. 3. Part 1 . 2. For example: Sametime/Acme. and then click Connections. click the Configuration tab. Do not install Sametime and iNotes Web Access on the same Domino server. 2. click the People & Groups tab. Click “Save & Close. Click Add Connection. 7. 6. Select Local Area Network in the “Connection type” field. 2. From the Domino Administrator.Edit each user’s Person document and specify the Sametime server in the “Sametime server” field 1.Set up iNotes Web Access on a Domino server 1. Double-click a name to open the user’s Person document. Click Server. From the Domino Administrator. Volume 1 .

nsf 4. 2. Enter the name of the Sametime server (for example. Click Add Connection. 1. Click Server. Choose File -Replication . For example. Sametime/Acme). Select the Sametime server’s Domino Directory in the “Use Directory on” field. From the Domino Administrator. the canonical format for the server Sametime/Sales/Acme/UK is: CN=Sametime/OU=Sales/O=Acme/C=US where: CN is the common name. Click “Save & Close. Enter the name of the Sametime server in canonical format in the “Sametime server” field. 7. Click Open. Make sure that the installation uses the same Domino domain in which the iNotes Web Access server resides.” 7. Select Local Area Network in the “Connection type” field. This security policy involves the Secrets (stauths. 4. Part 5 . Part 4 . 8. Enter the iNotes Web Access server’s name in the “Destination server” field. and then click Connections. 2.Create a Connection Document on the Sametime server 1.Create a one-time replica of the Tokens database on the iNotes Web Access server The Sametime server implements a security policy to ensure Sametime clients that establish connections to the Sametime services are authenticated. Repeat Steps 3 though 6 for each person.Set up the Sametime server Follow the instructions in the Sametime Installation Guide for installing Sametime in a Domino domain on a dedicated server. 6. and C is the country code 6. Using a Notes client.nsf) database on the Sametime server. 5. choose File .” Part 6 . O is the organization.Database . 3. 3. Click “Save & Close.Open. OU is the organizational unit. Enter the Secrets database filename: stauths. click the Configuration tab. 5.Installation 5. Installing and Setting Up Domino Servers 3-15 . Enter the source domain of the Sametime server and the destination domain of the iNotes Web Access server.New Replica.

Ensure that the database is replicated to the data directory: . Following the instructions in the Sametime Installation Guide for logging into the Sametime server using the Sametime Connect Client. At a DOS prompt on the Sametime server. the applets are located in the “sametime” directory: <data directory>\domino\html\sametime 2.Copy the Sametime applets to the Sametime server 1. Enter the name of the iNotes Web Access server (for example. Click OK to create the replica. Make sure that replication is complete and the Person documents exist on the Sametime server. Volume 1 . Part 7 . For example: push Sametime/Acme names. Click the Server Console.. create the folder: >mkdir <data directory>\domino\html\SametimeApplet Note The folder name is case-sensitive and must be named “SametimeApplet”. iNotes/Acme) 7. On the iNotes Web Access server.nsf. Launch iNotes Web Access in a browser and click “Chat” to test the Sametime connection.. From the Domino Administrator. Create a folder on the Sametime server in which to copy the iNotes Web Access Sametime applet files. 5. Enter a push command to replicate the Secrets database to the Sametime server. Part 8 .nsf 4. 3. For example: push Sametime/Acme stauths. Enter a push command to replicate the Domino directory to the Sametime server. 3-16 Administering the Domino System.Verify that Sametime works with iNotes Web Access 1. 2. Part 9 . 2. Copy the contents from the Sametime applets folder on the iNotes Web Access server to the Sametime server.\domino\data\stauths.nsf 6.Push replication changes from the iNotes Web Access server to the Sametime server 1. Click Send. click the Server tab.6. 8. Click Send. 3. Sametime must be functioning properly before you can test whether it is working with iNotes Web Access clients.

Verify that the name of the Sametime server in the Sametime server field is correct. the alphabet that displays is that of the default language. check the user’s Person document in the Domino directory. • • • • • Use the Server Setup program on the server you are setting up Use the Server Setup program from a client system or from another server Create a setup profile by recording your choices during the Server Setup program Use a setup profile to set up multiple servers with the same requirements Use a setup profile without viewing the setup screens (“silent” setup) Indic language support in the Domino Server Setup program You can change both the font and the alphabet that displays when you enter text in a field on a Server Setup program screen.Installation Note If the chat link does not appear in iNotes Web Access. The Domino Server Setup program supports the following alphabets: Bengali Devanagari Gujarati Gurmukhi Kannada Malayalam Oriya Tamil Telugu Installing and Setting Up Domino Servers 3-17 . Normally. Using the Domino Server Setup program The following procedures describe the ways you can use the Server Setup program.

Repeat the preceding procedure for each screen on which you want to use a different alphabet. you can use either a Windows client system or another Domino server to run the Server Setup program remotely. you need the Java runtime environment plus some files from the program directory of an installed Domino server. 5. 3.” 4. see the topic “Entering system commands correctly” earlier in this chapter. you can run the Domino Server Setup program locally by starting the server. and Linux operating systems only. Enter text in one or more fields on the screen. Note Clicking Next to go to the next screen restores the alphabet to that of the default language. Start the setup program by starting the Domino server. Select the alphabet that you want to use. see the following procedure. On the Welcome screen. For more information. 1. 3-18 Administering the Domino System. 4. as the default font does not work with it. 2. To select an alphabet different from that of the default language. Right-mouse click on the title bar of the screen in which you want to enter text that uses an alphabet different than that of the default language. Running the Server Setup program from a Windows client is easier if the client has Domino Administrator installed — to run the program from a client without Domino Administrator. To change the alphabet Changing the alphabet is supported for the Windows. Volume 1 . 1. 2. Select a font that will work with the alphabet you plan to use. Start the setup program by starting the Domino server. Select “Select Input Method. click Font.To change the font Note Changing the font is required for the Devanagari alphabet. Using the Domino Server Setup program remotely After you install the program files for a Domino server on a system. Online Help is available during the process. Using the Domino Server Setup program locally After installing the Domino server program files on a server. 3. AIX. The Server Setup program asks a series of questions and guides you through the setup process.

On the client system.Lotus Applications Remote Server Setup. enter nserver -listen • On a UNIX server. Install the Domino server program files on a server system. Install the Domino server program files on a server system. from the Domino program directory. On the client system. but do not run the Domino Server Setup program.Lotus Applications and see if Remote Server Setup appears in the list) • Know the host name or network address of the remote system 2. Make sure that you: • Selected “Remote Server Setup” when you installed Domino Administrator on the client system (on the Windows desktop. 7. 3.Programs . from the Domino program directory. 3. Create a temporary directory on the client system. Click OK to start the Domino Server Setup program. Make sure that you know the host name or network address of the remote system. do one of the following: • On a Windows server.Installation To run the Server Setup program from a Windows client with Domino Administrator 1. choose Start .Programs . enter server -listen 4. At the command prompt on the server. enter /lotus/bin/server -listen • On a Windows server. To run the Server Setup program from a Windows client without Domino Administrator. 5. click Ping to ensure that you can connect to the remote server. At the command prompt on the server system. install the Java runtime environment. but do not run the Domino Server Setup program. enter nserver -listen 4. choose Start . do one of the following: • On a UNIX server. For example. enter the following at the command prompt: • On a Windows client: mkdir c:\temp • On a UNIX workstation: mkdir /temp Installing and Setting Up Domino Servers 3-19 . or from a UNIX workstation 1. 2. Enter the host name or network address of the remote server. In the Connect to Remote Domino Server dialog box. 6. 5.

click Ping to ensure that you can connect to the remote server. Enter the host name or network address of the remote server.JAR. These files are in C:\Domino program directory on the server. In the Connect to Remote Domino Server dialog box.JAR. At the command prompt on the local server system. enter nserver -listen • On a UNIX server. do one of the following: • On a Windows server.6. Volume 1 . At the command prompt on the client system. In the Connect to Remote Domino Server dialog box. JHALL. To run the Server Setup program from another server system 1.cmd • On a UNIX workstation. Click OK to start the Domino Server Setup program. copy the remote setup files CFGDOMSERVER. 10. enter server -listen 4. click Ping to ensure that you can connect to the remote server.JAR.JAR. Make sure that you know the host name or network address of the remote system. 6. 3-20 Administering the Domino System. Do one of the following: • From a Windows client. Install the Domino server program files on both server systems. 3.CMD from the server to the directory you created on the client system. • From a UNIX workstation. Do one of the following: • On a Windows server. enter nserver -remote • On a UNIX server. enter server -remote Tip Entering nserver -help or server -help displays all parameters available for working with remote server setups. and /Domino program directory/lotus/ notes/latest/sunspa/ on a Solaris server. JHALL. copy the remote setup files CFGDOMSERVER. 5. enter remotesetup 8. do one of the following: • On a Windows client. enter remotesetup. but do not run the Domino Server Setup program. 2. Click OK to start the Domino Server Setup program. from the directory you created. 7. These files are in /Domino program directory/lotus/notes/latest/ibmpow/ on an AIX server. from the Domino program directory. 9. /Domino program directory/lotus/notes/latest/ linux/ on a Linux server. Enter the host name or network address of the remote server. and REMOTESETUP. 7. and REMOTESETUP from the server to the directory you created on the workstation.

Make sure that you selected “Remote Server Setup” when you installed Domino Administrator on the client system. Enter a name and description for the profile. enter server -record Tip Entering nserver -help or server -help displays the parameters available for working with server setup profiles. do one of the following: • On a Windows server. Continue through the setup program. 3. To create a setup profile from a Windows client with Domino Administrator 1. enter nserver -record • On a UNIX server. 2. from the Notes program directory. see the topic “Entering system commands correctly” earlier in this chapter. Creating a server setup profile from a Windows client is easier if the client has Domino Administrator installed — to create a profile from a client without Domino Administrator. you run the Server Setup program in record mode. Enter a name and description for the profile. To create a setup profile at a server 1. 2. 3. Install the Domino server program files on the server system. By default this file is created in the Domino program directory. 5. For more information. Domino saves your selections in a file with the name you specified in Step 3. either at the server you are setting up or from a Windows client. 4. Continue through the setup program.Installation Creating a server setup profile A server setup profile is a file that you use to quickly configure servers. Domino saves your selections in a file with the name you specified in Step 4 and stores the file in the Notes program directory on the client system. To create a server setup profile. from the Domino program directory. Install the Domino server program files on the server system. Installing and Setting Up Domino Servers 3-21 . but do not run the Domino Server Setup program. you need the Java runtime environment plus some files from the program directory of an installed Domino server. but do not run the Domino Server Setup program. At the command prompt on the server. enter serversetup -record 4. At the command prompt on the client system.

JAR. Create a temporary directory on the client system. For example. Do one of the following: • From a Windows client. At the command prompt on the client system.JAR. Volume 1 . JHALL. Using a server setup profile from a Windows client is easier if the client has Domino Administrator installed — to use a profile from a Windows or UNIX client without Domino Administrator.To create a setup profile from a Windows client without Domino Administrator. Using a server setup profile You can use a server setup profile at the server you are setting up or from a client system. and REMOTESETUP from the server to the directory you created on the workstation. but do not run the Domino Server Setup program. enter: remotesetup -record 6. Domino saves your selections in a file with the name you specified in Step 6 and stores the file in the client-system directory that you created in Step 3. On the client system.JAR. Enter a name and description for the profile. or from a UNIX workstation 1. These files are in /Domino program directory/lotus/notes/latest/ibmpow/ on an AIX server. 3.CMD from the server to the directory you created on the client system. and REMOTESETUP. enter the following at the command prompt: • On a Windows client: mkdir c:\temp • On a UNIX workstation: mkdir /temp 4. Continue through the setup program. 2. These files are in C:\Domino program directory on the server. install the Java runtime environment. from the directory you created. /Domino program directory/lotus/notes/latest/linux/ on a Linux server. and /Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server. copy the remote setup files CFGDOMSERVER. JHALL. • From a UNIX workstation. 3-22 Administering the Domino System. Install the Domino server program files on the server system. 7.JAR. copy the remote setup files CFGDOMSERVER. you need the Java runtime environment plus some files from the program directory of an installed Domino server. 5.

7. Install the Domino server program files on a server system. Make sure that you selected “Remote Server Setup” when you installed Domino Administrator on the client system. enter server -listen 4. At the command prompt on the Windows client. but do not run the Domino Server Setup program. If you don’t see the profile you want in the list. 2. To use a setup profile from a Windows client with Domino Administrator 1. Install the Domino server program files on a server system. but do not run the Domino Server Setup program. If you don’t see the profile you want in the list. click Ping to ensure that you can connect to the server. click Browse to locate the directory that contains the profile. you choose whether or not to view the setup screens as you run the profile. 4.Installation When you use a setup profile. from the Domino program directory. Choose the profile to use. enter server -playback Tip Entering nserver -help or server -help displays the parameters available for working with server setup profiles. select “Modify selected profile. Installing and Setting Up Domino Servers 3-23 . To use a setup profile at the server 1. 2. click Browse to locate the directory that contains the profile. do one of the following: • On a Windows server. do one of the following: • On a Windows server. from the Notes program directory. Click OK. enter: serversetup -playback 5. from the Domino program directory. 8. enter nserver -listen • On a UNIX server. At the command prompt on the server system. enter nserver -playback • On a UNIX server. 6. To change the existing profile. Running a profile without viewing the screens is sometimes referred to as a “silent” setup. 3. Enter the host name or network address of the server. 3. For more information. see the topic “Entering system commands correctly” earlier in this chapter. Choose the profile to use. At the command prompt on the server. In the Connect to Remote Domino Server dialog box.” Click OK to start the server setup.

do one of the following: • On a Windows server. In the Connect to Remote Domino Server dialog box. To change the existing profile instead of running it to set up a new server. 8. Create a temporary directory on the client system.JAR. enter server -listen 3. 9. JHALL. enter nserver -listen • On a UNIX server.JAR.” 10. enter: remotesetup -playback 7. or from a UNIX workstation 1. At the command prompt on the client system. JHALL. select “Modify selected profile. Install the Domino server program files on a server system.JAR. To use a setup profile from a Windows client without Domino Administrator. from the directory you created. • From a UNIX workstation. On the client system. and REMOTESETUP from the server to the directory you created on the workstation. install the Java runtime environment. 2. These files are in /Domino program directory/lotus/notes/latest/ibmpow/ on an AIX server. copy the remote setup files CFGDOMSERVER. copy the remote setup files CFGDOMSERVER.CMD from the server to the directory you created on the client system.9. Volume 1 . For example. Click OK. 3-24 Administering the Domino System. At the command prompt on the server system. These files are in C:\Domino program directory on the server. Do one of the following: • From a Windows client. and /Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server. but do not run the Domino Server Setup program. Enter the host name or network address of the server. 6. from the Domino program directory. enter the following at the command prompt: • On a Windows client: mkdir c:\temp • On a UNIX workstation: mkdir /temp 5. Click OK to start the server setup. click Ping to ensure that you can connect to the server. /Domino program directory/lotus/notes/latest/linux/ on a Linux server.JAR. 4. and REMOTESETUP.

select “Modify selected profile. enter server -silent /myprofile. Create a text file that contains the passwords for the existing IDs. Choose the profile to use. from the Domino program directory. but do not run the Domino Server Setup program. see the topic “Entering system commands correctly” earlier in this chapter. Install the Domino server program files on a server system. or administrator IDs that require passwords. certifier. enter nserver -silent c:\myprofile. Tip Entering nserver -help or server -help displays the parameters available for working with server setup profiles. 3.Installation 10. use the profile’s full path in the command. If the profile uses existing server. click Browse to locate the directory that contains the profile. To change the existing profile. For more information. If you don’t see the profile you want in the list. do one of the following: • On a Windows server. Tip When doing a silent setup. 2. You can do a silent setup at the server you are setting up or from a client system. To do a silent setup at the server 1. Note If the profile file is not in the root directory. The keywords in this are: Server= AddServer= Certifier= OUCertifier= Administrator= Installing and Setting Up Domino Servers 3-25 .pds • On a UNIX server. Doing a silent server setup A “silent” setup is one in which you do not view the setup screens as you run the server setup profile. At the command prompt on the server.” 11. Doing a silent setup from a Windows client is easier if the client has Domino Administrator installed — to do a silent setup from a Windows or UNIX client without Domino Administrator.pds where myprofile is the name you gave to the profile file. Click OK to start the server setup. display a progress bar (Windows) or have percent-complete written to the command line (UNIX) by adding the -pb parameter to the end of the command. do the following: a. you need the Java runtime environment plus some files from the program directory of an installed Domino server.

2. or administrator IDs that require passwords. certifier. At the command prompt on the server system. do the following: a. Check the ERRORLOG. enter: serversetup -silent c:\myprofile. 3. For example.ini 5.INI file in this partition’s Domino data directory.pds c:\passwd. enter nserver -listen • On a UNIX server. from the Domino program directory. For example. Create a text file that contains the passwords for the existing IDs. If the profile uses existing server. do one of the following: • On a Windows server. on Windows enter: nserver -silent c:\myprofile. Install the Domino server program files on a server system.TXT file in the Domino data directory to confirm that the setup is complete. on Windows enter: nserver -silent c:\myprofile.txt 4. At the command prompt on the client system. Volume 1 . Note If the profile file is not in the root directory. Add a parameter in the command line for the name of the password file. add the = parameter to the command line to specify the NOTES. 5.pds -remote serveraddress Where myprofile is the name you gave the setup profile and serveraddress is the host name or network address of the server you are setting up. To do a silent setup from a Windows client with Domino Administrator 1. use the profile’s full path in the command. Make sure that you selected “Remote Server Setup” when you installed Domino Administrator on the client system. or to view any error messages that were generated during setup. enter server -listen 4. but do not run the Domino Server Setup program. from the Notes program directory.b.pds =c:\lotus\domino\data2\notes. The keywords in this are: Server= AddServer= Certifier= OUCertifier= Administrator= 3-26 Administering the Domino System. If this is a partitioned server setup.

CMD from the server to the directory you created on the client system. Installing and Setting Up Domino Servers 3-27 . 2. and /Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server.txt -remote serveraddress 6.Installation b. install the Java runtime environment. copy the remote setup files CFGDOMSERVER. For example. or to view any error messages that were generated during setup. 4. from the Domino program directory. copy the remote setup files CFGDOMSERVER. or from a UNIX workstation 1. For example. For example.JAR. on Windows enter: serversetup -silent c:\myprofile. but do not run the Domino Server Setup program.JAR. These files are in C:\Domino program directory on the server. enter server -listen 3. To do a silent setup from a Windows client without Domino Administrator.TXT file in the Notes data directory to confirm that the setup is complete. Install the Domino server program files on a server system. Check the ERRORLOG. JHALL. enter nserver -listen • On a UNIX server. These files are in /Domino program directory/lotus/notes/latest/ibmpow/ on an AIX server. Add a parameter in the command line for the name of the password file. Do one of the following: • From a Windows client. add the = parameter to the command line to specify the NOTES. on Windows enter: serversetup -silent c:\myprofile. On the client system. do one of the following: • On a Windows server. If this is a partitioned server setup.pds -remote serveraddress =c:\lotus\domino\data2\notes. Create a temporary directory on the client system.INI file in this partition’s Domino data directory. and REMOTESETUP from the server to the directory you created on the workstation. and REMOTESETUP. At the command prompt on the server system.JAR. enter the following at the command prompt: • On a Windows client: mkdir c:\temp • On a UNIX workstation: mkdir /temp 5. /Domino program directory/lotus/notes/latest/linux/ on a Linux server.ini 7.pds c:\passwd. • From a UNIX workstation.JAR. JHALL.

or to view any error messages that were generated during setup. from the Notes program directory.INI file in this partition’s Domino data directory. you can recreate it. add the = parameter to the command line to specify the NOTES. If this is a partitioned server setup. For example. Check the ERRORLOG. on Windows enter: remotesetup -silent c:\myprofile. use the profile’s full path in the command.txt -remote serveraddress 8. If the profile uses existing server. Note If the profile file is not in the root directory.pds -remote serveraddress =c:\lotus\domino\data2\notes.6. but be aware that the new log will not contain the information it previously stored. Add a parameter in the command line for the name of the password file. At the command prompt on the client system. If you delete the log. Volume 1 . certifier.pds c:\passwd. or administrator IDs that require passwords. the Server Setup program creates the Certification Log.pds -remote serveraddress Where myprofile is the name you gave the setup profile and serveraddress is the host name or network address of the server you are setting up. The keywords in this are: Server= AddServer= Certifier= OUCertifier= Administrator= b. 7. 3-28 Administering the Domino System. Create a text file that contains the passwords for the existing IDs.ini 9. on Windows enter: remotesetup -silent c:\myprofile. For example. The Certification Log When you set up the first Domino server in a domain. do the following: a.TXT file to confirm that the setup is complete. enter: remotesetup -silent c:\myprofile.

the HTTP service. the Certification Log maintains a record of how you registered them. the Certification Log stores a document containing the following information: • • • Name and license type Date of certification and expiration Name. The server registration process creates a Server document for the server in the Domino Directory and creates a server ID. Before you register servers. Server registration Before you install and set up additional servers. user-management actions will fail. make sure that you have access to each certifier ID. In addition. renaming and recertifying users. the additional server must be on the network in order to communicate with the registration server. For each registered server and user. and have created ID recovery information for it. plan and understand your company’s hierarchical name scheme. If the server whose Domino Directory replica you are using does not have a Certification Log. The name scheme defines which certifier ID to use when you register each new server. Note When setting up an additional server. know its password. and ID number of the certifier ID used to create or recertify the ID Create a replica of the Certification Log on every server that is a registration server and on every server that stores a Domino Directory that is used for user management — for example.Installation The Certification log records information related to recertification and name changes. the Mail Router. you must register them. If you have decided to use the Domino server-based certification authority (CA). When you add servers and users to Domino. obtaining the Domino Directory from the registration server via dialup over a modem is possible for Windows systems only. In effect. and so on. registering a server adds the server to the system. For other operating systems. Installing and Setting Up Domino Servers 3-29 . license type. you can register servers without access to the certifier ID file and its password. you use the Server Setup program to obtain a copy of the Domino Directory for the new server and to set up the server to run particular services and tasks — for example. After registering and installing a server.

you must have access to the registration server and have at least Author access with the Server Creator and Group Modifier roles in the ACL of the Domino Directory.” The registration server. see the chapter “Protecting and Managing Notes IDs. you can choose to configure the new server to support SSL connections by providing a server key ring password and the server’s host name. the “create SSL key ring” request creates the server key ring file and an “enable SSL ports” request for the administration server of the Domino Directory The “enable SSL ports” request enables all the SSL ports on the new server and creates a “monitor SSL status” request for the new server The “monitor SSL status” request restarts all of the Internet tasks currently running on the new server so that the tasks will accept SSL connections • • • • 3-30 Administering the Domino System. see the chapter “Deploying Domino. must be up and running on the network. Volume 1 . To register servers from your workstation.” For information on ID recovery.NSF Once you set up and start the new server and the “create SSL keying” request has replicated to it.NSF) If you have a Domino server-based CA for issuing Internet certificates.For more information on the hierarchical name scheme. Domino does the following: • The registration process creates a certificate request in the Administration Requests database (ADMIN4.” For more information on using the Domino server-based CA. Domino does the following: • • • • • Creates a server ID for the new server and certifies it with the certifier ID Creates a Server document for the new server in the Domino Directory Encrypts and attaches the server ID to the Server document and saves the ID on a disk or in a file on the server Adds the server name to the LocalDomainServers group in the Domino Directory Creates an entry for the new server in the Certification Log (CERTLOG. which is the server that initially stores changes to documents in the Domino Directory until the Domino Directory replicates with other servers. Then.NSF) to be processed by the server’s Internet CA The registration process creates a “create SSL key ring” request in ADMIN4. see the chapter “Setting Up a Domino Server-based Certification Authority. When you register a server.

Then click “Certifier ID” and locate the certifier ID file.INI file The Administration server 1. make sure that you have access to it and that you know its password. For more information on these requests.NSF) that will be updated with the request for the new certificate. continued Installing and Setting Up Domino Servers 3-31 .” select a CA-configured certifier from the list. and the copy of the Administration Requests database (ADMIN4.Server. c. click the Configuration tab. If you are using the Domino Administrator. click Registration . this server is by default: • • The server specified in the NewUserServer setting in the NOTES. click Certifier and you return to Step 4. and click OK. Then click “Use the CA Process. In the Register Servers dialog box. If you are supplying the certifier ID. 4. make sure that you have an Internet CA configured. otherwise. From the Domino Administrator or Web Administrator. enter the password for the certifier ID. 5. do the following: a. 2. Click OK. select the registration server.Installation Note You must use the Domino Administrator if you want to use this server registration process to configure a new server for SSL. From the Tools pane. If you are supplying the certifier ID. click Server and select a server that includes the Domino Directory that contains the Certificate Authority records. If the certifier ID displayed is NOT the one you want to use for all servers registered in this session. complete these fields: Field Registration Server Certifier Action Click Registration to specify the registration server. and click OK. 3. see the appendix “Administration Process Requests. b. If you are using the Domino Administrator and would like the new server to support SSL. If you are using the CA process. click Continue if you want to apply the current settings to all servers registered in this registration session.” Registering a server Note If you have not specified a registration server in Administration Preferences. or if you want to use the Domino server-based CA instead of a certifier ID.

The password is case-sensitive and characters you use will depend on the level you set in the Password quality scale. there is no difference between a North American and an International ID type. Optional if you store the server ID in a file. complete these fields for each server that you want to register: Field Server name Server title Action Enter the name of the new server. Domino domain name Server administrator name ID file password Password quality Choose the level of complexity for the password. Volume 1 . If you are using the Web Administrator.NSF) that will be updated with the request for the new certificate. d. the level is 0. enter the date in mm-dd-yyyy format in the Certificate Expiration Date box. select an Internet CA from the list. Required if you are going to store the server ID in the Domino Directory. In practice. 7. which appears on the Configuration tab in the All Server Documents view and in the Server Title field of the Server document. where 16 is the highest. Security type Choose either North American (default) or International. By scale default. b. and the copy of the Administration Requests database (ADMIN4. The default domain name is usually the same as the name of the organization certifier ID. continued 3-32 Administering the Domino System. Select a CA-configured certifier from the list. Enter the server title. Click Continue. In the Register New Server(s) dialog box. Certificate expiration date (Optional) To change the expiration date of the Server Certificate. and click OK. minus allowances for leap years. do the following: a. The default date is 100 years from the current date. Enter the name of the person who administers the server.Field Internet Certificate Authority Action If you want the server to support SSL. Select a registration server that includes the Domino Directory that contains the Certificate Authority records. 6.

12.” and complete the following fields: • Server key ring password — Enter a password for the server key ring • Server host name — Enter the fully qualified domain name of the server. Installing and Setting Up Domino Servers 3-33 . storing server ID • Select “In File” to store the server ID file in a file. To display the settings for a server.acme. 10. install it and then run the Server Setup program to configure it. Do one: • Click the green check box to add the server to the registration queue.com 9.” select the name and path for the file.Installation Field Action Location for • Select “In Domino Directory” to store the server ID in the Domino Directory. select the server name in the queue. Then click “Set ID File. 11. and click Save. Note You don’t see this field from the Web Administrator. app01. click Advanced. 8. select “Enable SSL ports. (Domino Administrator only) If you chose an Internet CA in the Register Servers dialog box and you want the server to support SSL connections. The server registration queue displays the servers ready to be registered. Click one: • New Server — To clear fields in the Register New Server(s) dialog box • Register All — To register all servers in the registration queue • Register — To register the highlighted server in the registration queue • Remove — To remove the highlighted server from the registration queue • Done — To close the Register Server(s) dialog box. After you register a server. Any servers remaining in the registration queue will not be registered. for example. as the server ID is stored in the Domino Directory. • Click the red X to clear the fields.

click the Configuration tab. If your hierarchical name scheme calls for having multiple organizations but only one Domino Directory. If you have not specified a registration server in Administration Preferences. Be sure to keep the certifier ID file in a secure place so that it is readily accessible to register new servers and users. depending on the needs of your company: • • • Create an additional organization certifier ID.Organization. if there is one and it contains a Domino Directory • The server specified in the NewUserServer setting in the NOTES. choose Registration . see the chapter “Deploying Domino. Create an organizational unit certifier ID. you create an organization certifier. and then click OK. select the correct server. 3-34 Administering the Domino System. From the Tools pane. Use Internet Site documents to configure Internet protocol server tasks: • Enable the Internet Sites view • Create an Internet Site document • Set up security for Internet Site documents Creating an additional organization certifier ID When you set up the first server in a domain. (Optional) Click Set ID file to change the location where Domino stores the certifier ID. 3. click Registration Server. By default.INI file • The Administration server 4.Optional tasks to perform after server setup After running the Server Setup program. From the Domino Administrator. but safe from misuse. the certifier ID is stored in C:\. 2. which is the server that initially stores the Certifier document until the Domino Directory replicates. (Optional) To change the registration server. you may want to perform one or more of the following tasks. you must create an additional organization certifier ID.” 1. the registration server is by default: • The local server. Volume 1 . For more information on organization certifier IDs.

In practice. Enter the country or region code only if you have registered your organization name with a national or international standards body. Click Register. see the chapter “Deploying Domino. Security type Choose either North American (default) or International.Installation 5. (Optional) Adding an organizational country or region code for the country or region where the organization’s corporate headquarters are located minimizes the chance that another organization has the same organization name as yours. where 16 is the highest. as long as the organization name is registered there. For background information on OU certifier IDs. To create first-level OU certifier IDs. (Optional ) Enter text that appears in the Comment field of the Certifier document.” Installing and Setting Up Domino Servers 3-35 . The characters you use for this password depend on the level set in the “Password quality scale” field. you can enter a country or region in which the company has offices. The name specified here requests to (Administrator) appears in the Certifier document in the Domino Directory. Enter a name different from the one used on the organization certifier ID created when you set up the first Domino server. and so on. Mail certification Enter the name of the administrator who handles recertification requests. there is no difference between a North American and an International ID type. Enter a case-sensitive password for the certifier. Location Comment (Optional) Enter text that appears in the Location field of the Certifier document. By scale default. For multinational companies. Certifier password Password quality Choose the level of complexity for the password. Creating an organizational unit certifier ID You can create up to four levels of organizational unit (OU) certifiers. Complete these fields: Field Organization name Country code Action Enter the name of the organization. enter that administrator’s name in this field. the level is 8. If you are creating a certifier ID for an off-site administrator. you use the first-level OU certifier IDs. To create second-level OU certifier IDs. you use the organization certifier ID. 6.

6. (Optional) Click “Set ID File” if you want to change the location where Domino stores the certifier ID. From the Domino Administrator. Volume 1 . 3. click the Configuration tab. Enter the ID password and click OK. click Registration Server. see the topic “Certifier IDs and certificates. Enter the ID password. click Open. Do one: • Select “Supply certifier ID and password. select the certifier ID.Organizational Unit. From the Tools pane. select the correct server. 2.For background information on OU certifier IDs. click Open. (Optional) To change which certifier ID to use to register the new certifier ID: a. and click OK. 8. the registration server is by default: • • • The local server if there is one and it contains a Domino Directory The server specified in NewUserServer setting of NOTES. Click OK. (Optional) To change the registration server. and then click OK. select Registration .INI The Administration server To create an organizational unit certifier ID 1.” Click Certifier ID. Select the certifier ID. 5. (Optional) To change the registration server. If you have not specified a registration server in Administration Preferences. b. select the correct server. 7. 4. click Registration Server. Be sure to keep the certifier ID file in a secure place so that it is readily accessible to register new servers and users. and then click OK. and click OK. enter its password and click OK. Click Certifier ID. c. 3-36 Administering the Domino System. If you are supplying the certifier ID. and click OK. By default the ID is stored in C:\. • Select “Use the CA Process” and then choose a CA certifier from the list. but safe from misuse.” Note The registration server is the server that initially stores the Certifier document until the Domino Directory replicates.

By scale default. the level is 8. you can create: • • • Web Site documents. If you are creating a certifier ID for an off-site administrator. Enter a case-sensitive password for the certifier. Installing and Setting Up Domino Servers 3-37 . or for multiple servers in a Domino organization. Internet Site documents Internet Site documents are used to configure the Internet protocols supported by Domino servers. SMTP Inbound. Security type Choose either North American (default) or International. Specifically. Enter the name of the administrator who handles recertification requests. A separate Internet Site document is created for each protocol — Web (HTTP). POP3. Password quality Choose the level of complexity for the password. (Optional) Enter text that appears in the Location field of the Certifier document. where 16 is the highest. and IIOP — which is then used to provide protocol configuration information for a single server. LDAP. You create a Web site document for each Web site hosted on the Domino server. Complete these fields: Field Organizational Unit Certifier password Action Enter a name for the new organizational unit. In practice. and SMTP Site documents. The name specified here appears in the Certifier document in the Domino Directory. there is no difference between a North American and an International ID type. (Optional) Enter text that appears in the Comment field of the Certifier document. LDAP Site documents. Mail certification requests to (Administrator) Location Comment 10. The characters you use for this password depend on the level set in the “Password quality scale” field. enter that administrator’s name in this field. IMAP. You create an LDAP site document for LDAP protocol access to an organization in a directory. Click Register. IMAP.Installation 9. POP3. You create an individual Internet Site document for each mail protocol for which you enter an IP address.

Web realms. it was necessary to configure each Domino server in the domain with Mapping documents. Internet Site documents are created in the Internet Sites view. The ability to dynamically create. Have enabled SSL on your server and want to use Certificate Revocation Lists to check the validity of Internet certificates used to authenticate with the server. the server defaults to Server document settings to obtain configuration information for Internet protocols. Internet Site documents make it easier for administrators to configure and manage Internet protocols in their organizations. or after you modify or delete an existing one. For example. You must use Internet Site documents if you: • • Want to use Web-based Distributed Authoring and Versioning (WebDAV) on a Domino Web server. This task allows Domino and the browser client to use the Domino Object Request Broker (ORB) server program. and Web realm authentication information. In Domino 6. if you wanted to set up a Web site in your organization. modify. you can configure a Web Site document so that all servers and hosts use it to get configuration information for a Web site. If you had virtual servers and virtual hosts. you had to do the same thing for them. Are using a service provider configuration on your server (see “For service providers only” below). which is used to help manage Internet protocol configuration information by listing the configured Internet Site documents for each organization in the domain. Changes generally take effect minutes after the change is made. so that existing hosted organizations are not interrupted when a new hosted organization is configured. 3-38 Administering the Domino System. The Domino server is configured to use Internet Site documents if this option is enabled on the server document.• IIOP Site documents. • Modifications to Internet Site documents (including the creation of new Site documents) are dynamic. and File Protection documents. If the option is not enabled. prior to Domino 6. The server or protocol does not need to be restarted after you create a new Site document. including mapping information. You create an IIOP Site document to enable the Domino IIOP (DIIOP) task on the server. file protection information. or delete Internet Site documents is especially valuable in service provider environments. Volume 1 .

Create Internet Sites document for the Internet protocols you want to use. Enable Internet Site documents on the server. you must also use Internet site documents for all Internet protocols on that server. For more information on server access settings. While most protocol settings are configured in Internet Site documents.” Setting up Internet Site documents on a Domino server Do the following to set up basic Internet Site functionality on a Domino server. or unique IP addresses may be set up for each hosted organization. you have the option to create Internet Site documents during hosted organization registration. Internet Site documents link IP addresses to the individual hosted organizations for each Internet protocol. Installing and Setting Up Domino Servers 3-39 . These documents control each hosted organization’s use of Internet protocols. For service providers only Internet Site documents are required for hosted organizations. there are some settings that need to be configured in the Server document to support Internet protocol configurations. or you can choose to create them later. see the chapter “Controlling Access to Domino Servers. 3. Accessing the server — such as who can access the server and how. you cannot set up an LDAP Internet Site document and. Set up security for each Internet Site document. on the same server. 1. A hosted organization can only use an Internet protocol if the hosted organization has an Internet site document for that protocol. These include settings for: • • • Enabling and configuring the TCP/IP port. 2. For example. Enabling and configuring the SSL port (including redirecting TCP to SSL). When registering hosted organizations. use the Server document to configure HTTP.Installation Caution If you use an Internet site document to configure one Internet protocol on a server. A shared IP address may be used for all hosted organizations.

the Web Site document must contain the name of the DSAPI filter file name.Internet Sites. LDAP. To create an Internet Site document 1.Web . LDAP. SMTP Inbound. From the Domino Administrator. To enable SSL for a hosted organization. POP3. POP3. and IIOP Internet protocols. 2. For more information. and SMTP are the available protocols. In a hosted environment. • • • • Creating an Internet Site document You can create Internet Site documents for Web. Anonymous access to LDAP is not supported in this configuration. so that the server knows the organization of which each user is a member. and select the type of Internet Site document to create. Volume 1 . You must create this initial Web Site document to activate the HTTP protocol. POP3. If your configuration has one IP address that is shared by multiple hosted organizations. With DIIOP. If you have multiple Web sites. the name provided during authentication must be the user’s Internet e-mail address. you must enter the server IP address in the field “Host names or addresses mapped to this site” on the Basics tab of the Internet Site document. you can use any Java® code running on any server on the network. see the topic To configure DOLS on a server that uses Web Site documents in this chapter. Domino IIOP (DIIOP) can use the information in the IIOP Internet site document to define the scope of the Domino Directory used to validate users. You must create one mail protocol Site document (IMAP. you need one individual Web Site document for each additional Web site for each organization. 3-40 Administering the Domino System. IMAP. or SMTP) for each protocol used by each organization. For IMAP. If the hosted organization supports DOLS. click Configuration . IMAP. POP3. and SMTP users. You create one document at a time.Service providers need to consider the following when using Internet Site documents: • Each hosted organization has one Web Site document that can be created during hosted organization registration. LDAP. Click Add Internet Site. HTTP.

this name can be any suitable word or phrase. Server1/Sales/Acme) as well as wildcards (for example. The name must correspond to the organization’s certifier. which means that all servers in the domain can host this site. • No (default) — This Web site does not process incoming HTTP requests for which Domino cannot locate a Web site. */Acme). Host names or (Required for all Internet Site documents) Enter the addresses mapped to target host names or IP addresses that trigger a this site connection’s use of this Internet Site document. You can use any variation of distinguished name (for example. If the site is set up for SSL.com) Organization (Required for all Internet Site documents) Enter the name of the registered organization that hosts the Internet Site document.acme. Domino servers that host this site (Required for all Internet Site documents) Enter the name of one or more Domino servers that host this site. For example: POP3 Site: (www. the Internet Site will not be loaded on any Domino server.acme. If you leave the field blank. For example: Web Site: MyWebSite (www. the descriptive name. The default is (*). Use this Web site to handle requests which cannot be mapped to any other Web sites (Web Site documents only) Choose one: • Yes — This Web site processes incoming HTTP requests if Domino cannot locate the Web sites that were entered in the “Host names or addresses mapped to this site” field. Click the Basics tab. and complete these fields: Field Descriptive name for this site Action (Optional) Enter a name that differentiates this site from all others that you create. This name appears in the Internet Sites view in this format: the type of Internet Site. you must specify IP addresses. and the host name or address. Note For Web Sites set up in a non-service provider configuration.com) If you do not enter a name. Installing and Setting Up Domino Servers 3-41 .Installation 3. the default name is the type of Internet Site document with the host name or address appended.

complete the settings on the Security tab. but are created for different protocols. you can enable SSL server and client authentication. you must create a server key ring file for each Internet Site document. To set up SSL authentication. Document Web Site IMAP Site IIOP Site Complete Configuration tab Domino Web Engine tab Public Folder tab Configuration tab 6. To enable SSL for a hosted organization. Be sure to enter the server key ring file name in the appropriate field on the Security tab of each site document. 5. Note For Web sites. the common name on the server key ring must match the DNS name to which the IP address in the Web Site document is mapped. the server must be using a Domino server-based certification authority for issuing Internet certificates. If you want to use Certificate Revocation Lists (CRL) for Internet certificate authentication. Volume 1 . If you enable Redirect TCP to SSL in a Web Site document. In order to enable SSL for Internet Sites.” which is located on the Web Site document.4. 3-42 Administering the Domino System. Some Internet Sites require additional configuration. name-and-password authentication. Setting up security for Internet Site documents To set up security for Internet Site documents. you must use the server IP address in the field “Host names or addresses mapped to this site” on the Basics tab of the Internet Site document. The table below indicates the Internet Site documents that require additional configuration. if the Internet site documents are for the same organization. or anonymous access for Internet and intranet clients. Save and close the document. For all Internet Site documents. both the host name and the IP address must be stored in this field. However. a single server key ring file can be used. and the locations for settings in those documents for enabling additional configuration information unique to those protocols. you must configure the SSL port on the Server document and set up SSL on the server by obtaining a server certificate and key ring from an Internet certificate authority. The IP address must be stored in the field “Host name or addresses to map to this site.

Web . and anonymous access before completing these steps. and TCP anonymous access. From the Domino Administrator. it is possible to effectively prohibit access to an Internet Site by selecting “no” for all authentication options in an Internet Site Document. 1. These options include TCP authentication. see the chapter “Setting Up Name-and-Password Authentication and Anonymous Access on a Domino Server. see the chapter “Setting Up SSL on a Domino Server. except IMAP and POP3) Choose one: • Yes — To allow anonymous access to this site • No — To prohibit anonymous access Name & password Choose one: • Yes — To require a user to authenticate with the user’s name and Internet password to access the site • No — To not require name and password authentication Redirect TCP to SSL (Applies to Web Site only) Choose one: • Yes — To require clients and servers to use the SSL protocol to access the Web site • No — To allow clients and servers to use SSL or TCP/IP to access the Web site continued Enter Installing and Setting Up Domino Servers 3-43 .” For more information about name-and-password authentication and anonymous access.Installation You should be familiar with SSL authentication. click Configuration . Choose the Internet Site document to modify. name and password authentication. For more information about SSL authentication. 2. and click Edit Document. and complete these fields: Field TCP Authentication Anonymous (Applies to all Internet sites. Click Security. 3. SSL authentication.” To set up security for Internet Site documents Note In Domino 6.Internet Sites.

0 only — Allows only SSL 3. • V3.0. Use this setting unless you are having connection problems caused by incompatible protocol versions. and LDAP) Choose one: • Yes — To require a client certificate for access to this site • No — To not require a client certificate SSL Options Key file name Protocol version Enter the name of the server key ring file.0.0 handshake — Attempts an SSL handshake. attempts to use SSL 2.0 with V2.0 connection if possible. • Negotiated (default) — Attempts an SSL 3. which displays relevant error messages. even if the server does not have a certificate in common with the protocol server • No (default) — To prohibit the acceptance of SSL site certificates for access continued 3-44 Administering the Domino System.0 connection. except IMAP and POP3) Choose one: • Yes — To allow users access over the SSL port without authenticating with a name and password • No — To deny users anonymous access Name & password Choose one: • Yes — To require a user to authenticate with user name and Internet password in order to access this site using SSL • No —To not require a name and password Client certificate (Applies to Web Site. • V3. attempts to connect using SSL 2.0 connection. Makes an SSL 3.0 connections. IMAP. Choose one: • V2.0 connections. POP3. If this fails.Field SSL Authentication Anonymous Enter (Applies to all Internet sites.0. Volume 1 . • V3.0 handshake — Attempts an SSL 3.0 only — Allows only SSL 2. If this fails and the requester detects SSL 2. Accept SSL site certificates Choose one: • Yes — To accept the certificate and use SSL .

comparable Server document settings are used to obtain protocol configuration information. reject the certificate. Enabling Internet Sites on a server If you enable the use of Internet Sites on a Domino server. Comparable configuration settings in the Server document are not used. Installing and Setting Up Domino Servers 3-45 . the server obtains Internet protocol configuration information from site documents. SSL Security SSL ciphers Click Modify to change the SSL cipher settings for this site document. If “Trust expired CRLs” is set to Yes. an expired CRL is valid. • No — To not use Certificate Revocation Lists Trust expired CRLs Choose one: • Yes — To use expired but otherwise valid Certificate Revocation Lists when attempting to validate user certificates • No — To reject expired Certificate Revocation Lists Allow CRL search to Choose one: fail • Yes — If the attempt to locate a valid Certificate Revocation List fails. proceed as if “Check for CRLs” is set to No. SSL v2 ciphers cannot be changed. even if the client certificate is expired • No — To prohibit client access using expired SSL certificates Check for CRLs Choose one: • Yes — To check the certifier’s Certificate Revocation List (CRL) for the user certificate you are attempting to validate. If the use of Internet Sites is not enabled. Save the document. These settings apply only to SSL v3. the user certificate is rejected.Installation Field Accept expired SSL certificates Enter Choose one: • Yes — To allow clients access. Choose Yes to enable SSL v2 for this site document. If a valid CRL is found and the user certificate is on the list. the authentication will fail for every user certificate for which a matching valid CRL is not located. Enable SSL V2 4. • No — If a valid Certificate Revocation List for the user certificate is not found. If “Trust expired CRLs” is set to No.

3-46 Administering the Domino System. enter: /opt/lotus/bin/server To shut down the server Enter either exit or quit at the console. because no server services take place until you press a key to continue. 5. For example.” 4. Do not enter keystrokes or click the mouse while the Domino server is starting or shutting down. Save the document.Programs . Servers running Domino 5. if you installed Domino in the /opt directory. 3.0x or earlier do not have the option for enabling the Internet Sites view. 2. Volume 1 . and click Edit Server. a console message indicates whether the HTTP task is using Internet Sites or the Server document (Web Server Configurations view) to obtain Internet protocol configuration information.Lotus Applications Lotus Domino Server. Restart the server. To start the server Operating system Windows NT and 2000 UNIX Action Choose Start . Click the Basics tab. It may take ten seconds or more for the server to shut down. enable “Loads Internet configurations from Server/Internet Sites documents. To enable Internet Sites on a server 1. Enter the path for the Domino program directory. Starting and shutting down the Domino server Start the Domino server so users can access shared databases and obtain other server services. Open the Server document you want to edit. Note The HTTP task is backward-compatible with the Web Server Configurations view. Note If the server program is running. do not use CTRL+S to stop scrolling the console. In the Basics section.You can only use the Internet Sites view for Domino 6 servers. Note Each time you start or restart HTTP.

or performing cluster replication with a given destination server requires immediate access to a remote server. Connection documents can also specify when to contact the destination server. using a passthru server. a server looking up a name on. In addition to providing the network information required to contact a destination server. a calling server may attempt to establish contact with the remote server immediately. administrators create Connections documents in the Domino Directory to store information about how to connect to a destination server. and. phone number. the network addresses. replication. without any administrative intervention. Depending on the type of communications required.Chapter 4 Setting Up Server-to-Server Connections After you configure servers. the calling server must be able to obtain this information by some other method. The information about how to contact the destination server includes the network to use to reach the target server. For example. which is a server that acts as an intermediary server between a client and its destination. However. and other information needed to make the connection. the information needed to make the connection is readily available and the connection occurs automatically. when two servers don’t share a common network. or over the Internet. create Connection documents to enable mail transfer. You can create connections between servers across a local area network (LAN) or wide area network (WAN). using a dialup modem or remote access service. In a Domino network. it requires information about how and when to contact the destination server. 4-1 . For a calling server to connect to a given destination server. or only at scheduled intervals. Configuration Planning server-to-server connections Servers must connect to each other to exchange data. depending on the type of network. When a server needs to connect to a destination server on the same Notes Named Network. and remote access between servers on different networks. for example to replicate databases and exchange mail.

In other words. does it have a fast processor. Connections between servers — that is. non-adjacent domains? • • • • • 4-2 Administering the Domino System. the number of between the connecting and destination servers — to a minimum. a calling server can use the network information in a Connection document to contact a specified destination server when contacting that server for reasons other than mail routing or replication. while minimizing connection-related costs. The Domino domain location of the servers — Are servers in the same domain. Web server. Network information in a Connection document is used to create the connection to the specified destination server. maximizing the capacity of the physical network. When creating Connection documents for scheduled operations or to enable contact with a destination server. and enough disk space? Does the server require multiple NICs? Is there enough bandwidth between servers to support the anticipated traffic? Keep the number of Connection documents and the number of “hops” — that is. When setting up a Connection document for a task that doesn’t require immediate access. sufficient memory. Volume 1 . or Directory server? Does the server provide passthru or dialup access to connect remote or disparate networks? Tasks running on the server — Does the server require Connection documents for both replication and mail routing? Access requirements — Does the server need to be reached over a modem connection or as a passthru destination? Does the planned connection topology make the best use of the available network infrastructure? It the server hardware adequate to support its role in replication or routing? For example. or different Notes named networks? Function of the server — What is the primary role of the server? For example. if a server is to be used as a replication hub. adjacent domains. is it an application server. to perform tasks such as routing mail or replicating databases. keep the following factors in mind: • • The physical network to which the servers belong — Are servers in the same. your connection topology — should enable servers to exchange information reliably and efficiently. you can specify when the calling server attempts to make the connection.On the other hand. a calling server may require only periodic access to the destination server. whether or not the connection is related to a task defined in the schedule part.

Configuration Hub-W Mail routing requires one Connection document on each server Hub-E Replication requires one Connection document on either server Hub-W Hub-E For more information on configuring replication. see the chapter “Scheduling Replication. When you configure a server. To create a topology for remote servers. When you create a Connection document. enables mail routing. As an administrator. whether you store mail files and/or application databases on it — you must create a minimum of one or two Connection documents.” Servers can also use information gathered from an External Domain Network Information (EDNI) document to make a connection. see the topic “Setting up external domain lookups” later in this chapter. For example. Depending on how you use the server — that is. the Server document. think about how you want to route mail and replicate databases.” For more information on mail routing. servers in remote field offices can establish modem connections with servers in a central office to route mail or replicate databases. see the chapter “Scheduling Replication. For more information on EDNI documents.” Setting Up Server-to-Server Connections 4-3 . In particular. consider these methods to make the databases available: • Create replicas of the databases on a remote server For information about using database replicas. Remote (modem) access and server topology Servers that are not on the same LAN or WAN can use modem connections to communicate with each other. If so. see the chapter “Overview of the Domino Mail System. first determine which databases the workstations and servers access frequently.The number of Connection documents that you create for a server depends on whether the server is running the replication task and/or the mail task. by default. replication is enabled. Determine if users and servers in remote locations need access to certain mail and other databases. you configure this document to retrieve names and addresses of servers in another domain so that users and servers do not require Connection documents to connect to servers in that domain.

Creating replicas of frequently used databases on that server enables remote users to access multiple databases over a single dialup connection. For information about setting up passthru servers. they can connect to that one server only. If multiple normal-priority Connection documents exist for the same destination 4-4 Administering the Domino System. The connecting server tries to connect using the same method it used the last time it made a successful connection to the destination server. A normal-priority Connection document is one that has Normal selected in the “Usage priority” field. the server conducts a new path search if it is the first attempt of the day. • If the server has connected previously. Setting up a passthru server enables remote workstations or servers that connect to one Domino server to access additional Domino servers also. • Because users who connect to a remote server over a Notes Direct Dialup connection typically have only one modem on their workstations. 3. For information about connecting servers by modem. Using a passthru server consolidates modem resources on a few Domino servers and centralizes administration and troubleshooting. by default. see the topic “Setting up a server as a passthru server” later in this chapter. As soon as the connecting server successfully connects to the destination. 1. the server searches for a path (consisting of a network port and any passthru servers) to the destination server. Set up a passthru server for use by remote servers or users. 2. The server examines normal-priority Connection documents in the Domino Directory for information on what path to use to connect to the destination server. How a server connects to another server A connecting server uses the following steps to determine how to connect to a destination server. it stops searching for additional connection methods.• Place modems on local servers that remote users need to access. see the topic “Planning for modem use” later in this chapter. but the connection now fails. The connecting server checks to see if it already has a WAN port connection to the destination server. Note these two exceptions: • If the server never connected to the destination server. Volume 1 .

For more information on log files. To change the amount of information Domino records about connections in the log file. the server chooses the Connection document to use based on the type of connection in the following order: • Local Area Network • Network Dialup • Notes Direct Dialup • Passthru server • Hunt group of passthru servers Note A server that uses a passthru connection to reach the destination server must first be able to connect to the passthru server. To provide information on how to connect to the passthru server. It uses this information to define a path to the destination server. 5. you may have to create an additional Connection document.NSF). The connecting server checks information stored in memory about other servers in the server’s Notes named network. The server reads this information from Server documents in its local Domino Directory. To display information about how a server makes a connection. 4. the search logic is the same except that the workstation tries to use the passthru server listed as default in the Location document to make the connection if Steps 1 through 5 fail. If the Location document does not define a default passthru server and the workstation is already connected to a server over a Notes Direct Dialup connection. If the connecting server still cannot find a path to the destination server. open the Miscellaneous Events view in the log file (LOG. 6. A low-priority Connection document is one that has Low selected in the “Usage priority” field. If the connecting server’s local Domino Directory does not contain information about the destination server. change the log level. see the chapter “Using Log Files. Note For workstations connecting to servers. the workstation uses that server as a passthru to reach the destination server. it issues a message that a connection is not possible. it tries to connect directly to the destination server on the LAN by using the server common name as its address.server.” Configuration Setting Up Server-to-Server Connections 4-5 . The connecting server checks the low-priority Connection documents. 7.

and the hub in turn updates each spoke. In many cases. consider setting up some servers as dedicated replication servers. as well as the extent to which you want to re-use existing Connection documents created for mail routing. and guaranteeing that all changes are replicated to all spoke servers.Replication and server topology As the number of Domino servers on your network increases. instead of having to replicate with every server that maintains a copy of a given database. you create Connection documents that specify which servers to replicate with and when. overseeing system resources. servers can become so overloaded with replication requests that it interferes with their ability to respond to client requests. plan how servers connect to perform replication. so does the amount of replication required to distribute information across the network. the hub server acts as the traffic manager of the system. Hub-and-spoke replication establishes one central server as the hub. To provide for efficient replication. If you allow servers to replicate at random. Volume 1 . including the layout of physical network and the size of your organization. 4-6 Administering the Domino System. because it minimizes network traffic. Using a hub-and-spoke topology to manage replication A hub-and-spoke topology is generally the most common and efficient replication topology in larger organizations. Because replication uses memory and processing time. ensuring that replication takes place with each spoke in an orderly way. or spokes. Hub servers replicate with each other or with master hub servers in organizations that use more than one hub. The spokes update the hub server by replication (and mail routing). so that a given server replicates a single database with multiple servers. To control replication. How you connect servers for replication depends on many factors. or topologies. because the database servers have to replicate with the replication servers only. Using dedicated servers to handle replication greatly reduces the amount of work that database servers have to devote to replication. you’ll use different topologies in different parts of the network. you can use to control how replication occurs between servers: • • • Hub-and-spoke Peer-to-peer Ring Choose the replication strategy that provides the most efficient replication performance. which schedules and initiates all replication with all of the other servers. In short. or perhaps replicates different databases with different servers. There are several different configurations.

standardize database ACLs. Hub servers can connect multiple Notes named networks. 8. Connect remote sites with a hub server. you conserve resources on spoke servers. you create one Connection document for each hub-and-spoke connection. Centralize data backup at the hub. By backing up databases on the hub only. and pull-push as the replication method. network traffic increases on the hub LAN segment. The major drawback of hub-and-spoke topology is that it is vulnerable to single point of failure if the hub is not working. regional offices. another source of efficiency. and limit access to the hub.To set up replication in a hub-and-spoke system. 2. If you have more than 25 servers per hub. If you have a large site. 6. This places hub servers in multiple Notes named networks. two hub-and-spoke arrangements and one peer-to-peer arrangement between the two hub servers. Benefits of a hub-and-spoke topology 1. you can use a combination of topologies — for example. Place server programs such as message transfer agents on hubs to make them easily accessible. To ensure that the replication task on the hub. 9. A hub-and-spoke topology can be especially useful at large. in each Connection document specify the hub server as the source server. where a single hub server and its spoke servers often make up one Notes named network. rather than the spokes. 4. 7. Designate hubs by role — for example. a LAN and a WAN. the spoke server as the destination server. Improve server load balancing. Minimize network traffic and maximize network efficiency. 5. Centralize administration of the Domino Directory. 3. Install multiple protocols on hub servers to enable communication in a Domino system that uses more than one protocol. replication hubs and mail hubs. Bridge parts of a network — for example. Configuration Setting Up Server-to-Server Connections 4-7 . However. You can designate the hub with Manager access and the spokes with Reader access so that you make those changes on one replica on the hub to synchronize the spokes. Deploying a backup server that replicates the hub and can quickly be reconfigured into a hub server if the primary hub goes down can alleviate this shortcoming. assumes most of the work always. multiple-server sites or in a centralized office that needs to connect via phone or leased lines to smaller.

End-to-end replication is less efficient than ring replication but is useful in situations where information needs to travel in only one direction. the potential for replication problems decreases. Because peer-to-peer replication quickly disseminates changes to all servers. data can be obtained from other servers in the cluster. This ensures constant access to data. Ring . If the primary server becomes unavailable. If a hub goes down. schedule replication for these databases to occur separately from other replications. but connects servers in a circle so that replication occurs within a closed loop. • 4-8 Administering the Domino System. Instead. with every server being connected to every other server. replication for that hub and its spokes is disabled until the hub is repaired or replaced. it is often the best choice for use in small organizations. Using a peer-to-peer topology to manage replication In a peer-to-peer topology. connects two or more servers in a chain. because data on one server is duplicated on one or more cluster mates. and prevents you from standardizing ACL requirements. because only two servers communicate for each replication and no hub or intermediary servers are involved. increases administration since you must avoid overlap in replication schedules. For more information on using clusters. However. However. In a peer-to-peer topology. or for sharing databases locally among a few servers. Other topology strategies Another method of managing replication is to use Cluster replication. Note Do not use hub-and-spoke replication for databases larger than 100MB that have replicas on less than four servers.Similar to an end-to-end topology.Also known as a chain topology. Ring replication can be useful in a large organization for replicating information between hub servers. peer-to-peer replication requires many Connection documents.establish tiers of hubs. Information travels in one direction along the chain and then travels back in the other direction. Other replication topologies include: • End-to-end . replication is less centralized than in a hub-and-spoke configuration. Volume 1 . it can be inefficient when a database resides on more than a few servers. see the book Administering Domino Clusters.

Information travels down the pyramid and then back up. By using hub servers. replication between servers works in both directions. and requires only one Connection document between each pair of servers. and so on. only two servers. Using existing mail routing connections for replication As you plan for replication. Unlike mail routing. consider re-using the connections you may have already set up for Notes mail routing. not every server in the organization. you can easily enable the replication task on that document. Controlling communication through hub servers is beneficial because it centralizes administration for connections that may be costly or time consuming. If you previously created a Connection document for mail routing. need to make the remote connection. Configuration Examples of server topology This topic provides examples of the following server topologies: • • • • • • Example of hub server topology Hub-and-spoke topology Hub-and-spoke with peer-to-peer topology Application server topology Mail and directory server topology Remote server topology Example of hub server topology Hub-W/West/Acme Firewall-W/West/Acme Firewall-E/East/Acme Hub-E/East/Acme The hub servers at Acme Corporation handle server communication between servers located on the East and West Coasts. add the replication task to the document on the more powerful server in the pair. These servers are geographically distant and connect over the Internet using a modem or ISDN line. each of which connects to two servers below.Connects servers in a pyramid fashion: the top server connects to two servers below. Setting Up Server-to-Server Connections 4-9 . if decide to add replication to one of the Connection documents already used for mail routing between two servers.• Binary tree . which works in one direction and requires a pair of Connection documents to enable two-way routing. Because the server that initiates replication takes on the larger share of the replication workload.

and employees in the South access a replica of the application on HR-S/South/Acme. Example of hub-and-spoke topology HR-W/West/Acme Hub-E/East/Acme HR-E/East/Acme HR-S/South/Acme In this example. HR-S/South/Acme. Making the application available to East. the hub server performs the replication. Volume 1 . Hub-E/East/Acme. West. the hub servers can use Domino features. Because the firewall server uses Domino instead of some other type of firewall software. such as mail and replication. With the three Connection documents that Acme created. Employees on the East Coast access the application on HR-E/East/Acme. employees on the West Coast access a replica of the application on HR-W/West/Acme. the Acme Corporation has one hub server. Any changes to the application replicate through Hub-E/East/Acme to the HR servers. and HR-W/West/Acme — contain an Employee Benefits application. to send and receive information.The firewall server is a Domino server that protects Hub-E/East/Acme and Hub-W/West/Acme from outside users. The spoke servers — HR-E/East/Acme. reducing the load on the spokes. and three spoke servers. and South users prevents them from making costly WAN connections to the application. 4-10 Administering the Domino System. which then sends changes back to the HR servers. The HR servers send changes to the hub.

Example of application server topology Hub-W/West/Acme Firewall-W/West/Acme Firewall-E/East/Acme Hub-E/East/Acme Web/East/Acme Webstage-W/West/Acme HR-W/West/Acme (Benefits application) HR-E/East/Acme (Benefits Webstage-E/East/Acme application) Firewall Depending on where you locate applications. Webstage-W/West/Acme uses a Setting Up Server-to-Server Connections 4-11 . To be available to browser users. The spoke servers send changes to the hub. Web/East/Acme stores a Web application for the organization’s Web site. Any changes replicate through the hubs to the spoke servers. The application is accessible to browser users who are outside the Acme Corporation. Webstage-E/East/Acme and Webstage-W/West/Acme have replicas of the Web application. Users can make changes to the Web application on Webstage-E/East/Acme and Webstage-W/West/Acme. Each hub server replicates with several spoke servers. or to both Notes and browser users. an application must be on a Domino Web server. and then the hubs replicate with each other and send changes back to the spoke servers.Example of hub-and-spoke with peer-to-peer topology Hub-W/West/Acme Hub_E/East/Acme Configuration HR-W/West/Acme Webstage-W/West/Acme HR_E/East/Acme Webstage_E/East/Acme Directory-W/West/Acme Directory_E/East/Acme In this example. In this example. to browser users. the Acme Corporation has two hub servers — Hub-W/West/Acme and Hub-E/East/Acme — connected peer-to-peer. they can be accessible to Notes users.

Employees on the East Coast access the application on HR-E/East/Acme. a third firewall protects Webstage-E/East/Acme from attacks that might come from the Internet through Web/East/Acme. a second firewall protects the hub server at the East Coast office. so once changes to the Web application are complete. and employees on the West Coast access a replica of the application on HR-W/West/Acme. users manually replicate changes from Webstage-E/East/Acme to Web/East/Acme. three firewalls on Domino servers are used to protect the Acme network from external intruders: one firewall exists between the hub server in Acme’s West Coast office and the public network over which it communicates with the East Coast Office. All users send mail using a mail database located on either Mail-E/East/Acme or Mail-W/West/Acme. when 4-12 Administering the Domino System. Volume 1 . POP3. IMAP. In this example. Example of mail and directory server topology Hub-W/West/Acme Firewall-W/West/Acme Firewall-E/East/Acme Hub-E/East/Acme Mail-W/West/Acme Mail clients Mail clients Mail-E/East/Acme The Acme Corporation uses two mail servers — one for each geographic location. and browsers. Making the application available to East and West Coast users prevents them from making costly WAN connections to the application. Any changes to the application replicate through the hub servers to the HR servers. the mail servers route messages through the hub servers to the mail server in the other location. Webstage-E/East/Acme does not have a replication schedule.schedule that sets up replication through the hub servers to Webstage-E/East/Acme. For example. Routing mail messages is similar to replicating changes made in databases. The Acme Corporation also has two servers that do not host Web applications — HR-E/East/Acme and HR-W/West/Acme. These servers contain an Employee Benefits application that only internal employees who use a Notes workstation can access. This replication makes the changes available to users outside the Acme Corporation. The mail databases are accessible to all mail client software — Notes workstations. In this example.

Hub-W/West/Acme. Directory servers provide users and servers with information about other users and servers — for example. and then from Hub-W/West/Acme to its final destination Mail-W/West/Acme. users access directories only on the mail servers. which is the process by which Domino updates one directory database with changes from a directory database on another server. The replication schedule determines how long it takes for changes to appear on the directory servers. replication occurs automatically at a scheduled time. At Acme Corporation. Susan Salani/HR/West/Acme reads the message on her mail server. Hub-W/West/Acme. Mail-W/West/Acme. Domino checks the Domino Directory. Again. Directories contain information about how to communicate with all Notes and Internet users and Domino servers. a firewall using a Domino server lets you use Domino features to send information across the WAN — in this case. clients check the local directory catalog first. and Mail-W/West/Acme. you can set up a mail server as a directory server. Configuration Setting Up Server-to-Server Connections 4-13 . if a change is made on Mail-E/East/Acme. if the name is not there. a condensed directory catalog is on each Notes client and a Domino Directory is on each server — Mail-E/East/Acme. the message routes from Mail-E/East/Acme to Hub-E/East/Acme. and Mail-W/West/Acme. information needed to address or send mail. In many cases. from Hub-E/East/Acme to Hub-W/West/Acme. Domino uses replication. In this example. the change is sent to the replicas on Hub-E/East/Acme. For example. you use the mail routing and replication features. To resolve names.Alan Jones/Sales/East/Acme sends a message to Susan Salani/HR/West/Acme. Users cannot access the directories on the hub servers. Hub-E/East/Acme.

Acme’s phone infrastructure is set up so that multiple modems can have one phone number. Because this server makes its connection in the early morning hours. As most of Acme’s users who dial in remotely have only one modem on their system. Then users can work in their local replicas and dial in and replicate occasionally with the server replicas. the connection does not conflict with users trying to access the system. To reduce traffic on the passthru server. Acme does not need to create a Connection document to set up the hunt group. For this type of hunt group (all modems are on one server). The remote server also dials into one of these modems for replication. the server does not contain application or mail databases. 4-14 Administering the Domino System. Acme dedicated five modems to the passthru server. Acme uses a hunt group configuration for its modems so that users have only one phone number to dial when connecting. Users who work remotely dial in through the passthru server and can access any server in the system. Acme uses the passthru to function only as a bridge between the remote user or server and the rest of the system. To keep the load on the passthru to a minimum. Volume 1 . using the passthru server allows them to access multiple servers with one connection.Example of a remote server topology Webstage-E/East/Acme Mail-E/East/Acme Modems on a hunt group of telephone lines HR-E/East/Acme Local Area Network Passthru/East/Acme Notes Clients Remote Server Remote Notes Clients The Acme company chose this remote server topology so that remote users and servers have access to the entire system by connecting to one server (the passthru server). Acme recommends that its remote users replicate databases and then work on the local replicas.

2. A LAN Connection document can also be used to provide the information needed for servers to make other types of connections. 4. Setting Up Server-to-Server Connections 4-15 . Employees who work in this office focus on marketing and use this server to access various marketing related databases. click the Configuration tab. continued Connection Type Select Local Area Network. Click Server. By using the remote server. You might also need to create a Connection document to provide the information needed to ensure a server uses a certain protocol when connecting to another server on the LAN. and it replicates once a day to update the databases. The name of the network ports (or protocols) that the connecting or source server uses to connect to the destination server. users in the Ohio office save time and resources because they don’t have to dial into Acme’s system as often. Click Add Connection. 1. 5. Configuration Creating a LAN connection You must create a Connection document to schedule mail routing to and replication between servers on a LAN. 3.The remote server is in Acme’s satellite office in Ohio. This field is required only for mail routing. and then click Connections. Select Local Area Network in the “Connection type” field. Select the connecting server’s Domino Directory in the “Use Directory on” field. From the Domino Administrator. 6. The remote server contains replicas of relevant databases. such as constant connections to Internet servers. The name of the connecting server’s domain. Complete these fields: Field Source server Source domain Use the port(s) Description The name of the connecting server.

The usage priority specified in a Connection document determines the order in which Domino selects the Connection document when searching for how to connect a source server to a destination. The name of the answering server’s domain. For more information about the effect of specifying the usage priority for a connection. or system services that search the local hosts file or DNS to resolve the name. 8. it’s best to use host names in Connection documents. Enter a fully-qualified host name or IP address — for example. Domino attempts to determine the address of the destination server from the following sources: the server’s memory cache. an External Domain Network Address document. and select the times you want the server to contact its destination. HR-E. if the IP address changes. This field is required only for mail routing. Destination server Destination domain Optional network Provide an optional network address to facilitate attempts to locate the destination server over a TCP/IP address connection.Select this option to define a backup path to a server. you can specify which protocol to use by setting the usage priority in a Connection document describing how the source server contacts the destination.22. see the topic “Forcing a server connection to use a specific protocol” later in this chapter.36. Because IP addresses are subject to change.Acme. Click the Replication/Routing and Schedule tabs to define the tasks you want to run.Field Usage priority Description Choose one: Normal (default) . 7. When a host name is used. If the field contains no entry. for ease of management. Low .256. The name of the answering server. Forcing a server connection to use a specific protocol If multiple protocols are available for connecting a source server to a given destination. the connecting server obtains the updated IP address from the DNS. you can 4-16 Administering the Domino System. Volume 1 .com or 192.Select this option if this document defines the primary path to a server. If multiple ports are enabled on the two servers. Click Save & Close.

Server A first checks the Domino Directory for a normal-priority Connection document governing the connection. Notes Direct Dialup. If multiple normal-priority Connection documents exist for the same destination server. the connecting server chooses one based on the type of connection in the following order of preference: 1. Network Dialup. and then click Connections. For more information on how a server determines the route to a destination. the destination server. and click Edit Connection.force Domino to use a specific port by specifying it in the Connection document and setting the Usage priority field to Normal. For example. Network Dialup 3. From the Domino Administrator. Server A learns that the TCP/IP port is specified. Local Area Network 2. 3. see the topic “How a server connects to another server” earlier in this chapter. After locating the document. suppose that both SPX and TCP/IP are enabled on Server A. When determining how to connect to Server B. Select the Connection document for which you want to set the usage priority. To set the usage priority for a connection 1. click the Configuration tab. and Server B. Click Server. Setting the usage priority works for all types of Connection documents: LAN. Passthru. 2. When you set the usage priority for a Connection document to Low. the source server. and proceeds to use that port to attempt a connection to Server B. the connecting server only uses the information in the document to connect to the destination server as a last resort. Notes Direct Dialup 4. Configuration Setting Up Server-to-Server Connections 4-17 . after it has exhausted all other possible means of locating connection information. and so forth. Hunt group of passthru servers You can also use the usage priority setting to configure a backup path to a destination server. Passthru server 5. You create a Connection document from Server A to Server B specifying that Server A uses the port TCP/IP to contact Server B and set the usage priority in this document to Normal.

and then click Save & Close: Field Usage priority Enter Choose one: Normal . GETADRS returns the address information it obtains to an AdminP request for processing. In many cases.4. Low .This Connection document defines a primary path to the destination server. The EDNI document works in conjunction with a server task called GETADRS to import address information from another Domino domain so that Notes users can connect to servers in the external domain. You also specify a server in your local domain that requests the information (Requesting Server) and a server in the external domain that supplies the information (Information Server). Volume 1 . which asks the specified information server for a list of the servers in the external Domino domain. After AdminP adds the server address information to the local Domino Directory users attempting to open databases on servers in the external domain can use the information from this document to make the connection without requiring a connection document. the requesting server runs the GETADRS program. In the EDNI document. Setting up external domain lookups By default. When the Administration server processes the request. Complete this field. or in the Domino Directory on their home server that describes how to reach the target server. TCP/IP is the only protocol for which you may need a document. 4-18 Administering the Domino System. can do so only if there is a Connection document in either their Personal Address book. it places the information in the Domino Directory as a response document to the original EDNI document. you specify the external Domino domain containing the servers you want users to connect to and the protocols for which you want connection information. The connecting server attempts to use this Connection document to make the connection to the destination server. The connecting server uses this Connection document only as a last resort when trying to connect to the destination server. To gather information.This Connection document defines a backup path to the destination server. a Notes user who wants to open a database on a server outside the local Domino domain. you can create an External Domain Network Information (EDNI) document in the Domino Directory. To enable Notes users to connect more easily to servers outside of their domain.

eliminating those that are not required for replication or routing. Because each protocol has its own restraints. a direct connection to the external domain may not be possible even if you have the network address of the server in an EDNI document. Click Add Ext Domain Net Info. you can reduce the number of Connection documents in the Domino Directory. 3. To set up an External Domain Network Information document 1.Using EDNI documents. if you are using the NetBIOS protocol. if an external domain server has multiple TCP/IP ports. 2. 4. Open the Server folder. For example. Verify that the local domain is cross-certified with the external domain. you should thoroughly research and test the external domain lookup capability using the network system configuration at your organization before using it. For example. click the Configuration tab. but a document with only the server common name may not (unless that common name were a full host name). Also. Configuration Setting Up Server-to-Server Connections 4-19 . the Domino domain requesting the information must be cross-certified with the external domain. The data from an external domain server lookup resolves client requests for a server address only. these documents need to be configured properly to enable successful server name lookups. which isn’t a routable protocol. To share information across domains. From the Domino Administrator. Before creating an EDNI document. a document with a fully qualified host name or IP address would enable a successful lookup. and then click External Domain Network Information. Because the Requesting Server gathers information from Server documents in an external domain. the host name or address returned to the EDNI document may not be the address of the appropriate port to use. determine if the connection information is useful for the domain. it does not add additional server names to a client’s request for a list of servers.

You run GETADRS using any of these methods: • Run the program manually from the server console by entering: LOAD GETADRS • Create a program document to run the program as a scheduled task. Running GETADRS as a scheduled task ensures that information in the local Domino Directory remains synchronized with updates from the external domain. This server runs the GETADRS task to obtain information from the information server in the external domain.INI file of the requesting server. Complete these fields. Run the GETADRS program on the Requesting server. 6. Each response document contains the names and addresses of the servers in the queried domain that use that protocol. AdminP creates an External Domain Network Address document as a response document to the original EDNI. Information server Protocols to query Domain to query The name of the external domain. Volume 1 . or at the specified time. for each protocol specified in the EDNI.” For information about Tell commands used with AdminP. You can run AdminP manually to force it to process the request immediately. “Server Tasks. and then click Save & Close: Field Requesting server Description The name of the local domain server that performs the request for external domain information. By default.” 4-20 Administering the Domino System. After GETADRS obtains information from the external domain. The name of one or more protocols in the external domain to query. AdminP processes the information returned by GETADRS to create the External Domain Network Address documents at the interval scheduled in the Server document. see the appendix “Server Commands. the task runs at server startup.” • Add GETADRS to the ServerTasks or ServerTasksAt lines in the NOTES. Specify only protocols that are used in both domains. see the chapter “Setting Up the Administration Process. For more information about scheduling AdminP requests. see the appendix. For information about running server tasks in a program document. respectively.5. The name of the server in the external domain from which the requesting server obtains information.

add and enable the port.” Direct (leased-line) connection A leased-line connection is considered a direct connection to the Internet. create a LAN Connection document to the target server. so that while there is a connection between the internal LAN and the firewall. If TCP/IP is not already installed on the Domino server. install the protocol using the installation instructions included with the operating system. there’s no direct connection between the Internet and the local network. For information about adding a network port to a Domino server. Most firewalls work by hiding the IP addresses of computers on your internal network from the Internet. Domino servers on the internal LAN connect to the Internet through a firewall or router over a leased phone line. thus breaking the connection between the internal and external networks. Setting Up Server-to-Server Connections 4-21 . you must establish Internet access with an Internet Service Provider (ISP) and register an Internet domain name with the ISP — for example. see the chapter “Setting Up the Domino Network. If you do not have a Domino TCP/IP port enabled for the server. Servers can connect to the ISP using a direct connection or by way of a Domino or non-Domino proxy server.Internet connections To enable a Domino server to connect to another server across the Internet.com. If you have a leased-line connection. If the local network uses a proxy server to connect to the Internet. the calling Domino server does not need to connect to the ISP directly. To connect a Domino server to an Internet server over a direct connection. create Connection documents to instruct the local Domino servers how to contact the target server. Leased-line Corporate LAN Configuration ISP Firewall/router Webstage-E A firewall filters traffic passing between the internal network and the Internet and is usually part of a TCP/IP router. Servers connecting to the Internet require networking software that is compatible with the Internet. because the proxy server establishes this connection to the ISP. After you contract Internet service. and from the firewall to the Internet. acme.

4-22 Administering the Domino System. From the Domino Administrator. you create a LAN Connection document. 2. You set up a Domino passthru server as a proxy for the Internet the same way that you set up a passthru server for internal Domino communication. click the Configurations tab and expand the Server view. Because the proxy server establishes the connection with the ISP. A proxy server usually runs in conjunction with firewall software to pass incoming and outgoing requests between servers on either side of a firewall.For more on how to create a LAN Connection document. in turn. However. connect to your ISP. If your organization uses a proxy server for its Internet connection. when a server is connected through a proxy server. Proxy connections A proxy is a server that provides indirect access to the Internet. rather than having a direct connection. the Domino server does not connect to the Internet directly. you must complete the proxy information in the Server document of the calling server as described in the following procedure: 1. You do not need to configure the server differently for Internet connections. each can use the IP address of the other to contact it as though both servers were on the same LAN. To define the connections between the two. Creating a server-to-server Internet connection through a proxy server When two Domino servers both have direct. Select the Server document of the server to connect to the Internet through the proxy. which. Volume 1 . and click Edit Server. The proxy server does not have to be a Domino server. constant connections to the Internet. a Domino server on the internal LAN connects to the Internet through the proxy and firewall servers. Corporate LAN ISP Leased-line Firewall/router Proxy server Webstage-E A Domino proxy server is one type of proxy server. after you create a LAN Connection document to define the connection. see the topic “Creating a LAN connection” earlier in this chapter.

enter the proxy’s fully-qualified domain name or IP address and specify the port to use for the connection. suppose that Server A. Internet protocols such as HTTP. Passthru connections use an intermediary server as a “stepping stone” to connect the two servers.168. IMAP.com:8080 or 192.company.company. Passthru is useful in two instances: • When two servers connect directly — When a client (in this case.Proxies tab on the Server document. You can specify the users and servers that can access a server as a passthru destination. which runs only TCP/IP.77. you can set up an intermediary server that runs both protocols as a passthru server to enable the client to connect to the destination. • Setting Up Server-to-Server Connections 4-23 .com:1080 or 192. as well as those that can use a server to make passthru connections to another server.3. For example. Note By default. Note If you enter values for both fields. Click the Ports . 4. and LDAP cannot use a Domino passthru server to communicate with a destination server. which runs only NetBIOS. and then do one of the following: • To connect through an HTTP proxy. needs to connect to Server C. • To connect through a SOCKS proxy.34:8080.77.Proxies tab. enter httpproxy. enabling you to use passthru connections to act as an proxy server for filtering NRPC traffic. enter the proxy’s fully-qualified domain name or IP address of the SOCKS proxy and specify the port to use for the connection. Click Save & Close.34:1080. When you want to provide additional security — Domino lets you apply additional access controls to passthru connections. For example. enter the server names in the “No Proxy for these hosts or domains” field on the Ports . if the server is configured to use a proxy. To prevent use of the proxy for connections to certain servers. Server B can act as a passthru server to allow communication between Server A and Server C. in the HTTP Tunnel proxy field. it uses the proxy for all connections.168. in the SOCKS proxy field. enter socks. Configuration Passthru servers and hunt groups Passthru is a process that runs on a server and establishes connections between the users and servers connected to that server and other servers. If Server B runs both NetBIOS and TCP/IP. For example. Domino uses the HTTP Tunnel proxy. either a Notes client or a Domino server) does not share a common protocol with a destination server.

the log records information about users who access this server for to make passthru connections to other servers. When you provide a Notes client with access a to a passthru server. this enables access to multiple destination servers on the same LAN over a single phone connection. you can chain together multiple passthru connections to enable a client to pass through several servers until it connects to a given target server. For more information about server log files. 4-24 Administering the Domino System.” Hunt groups If your telecommunications infrastructure supports a hunt group — that is. the incoming call is routed to the first available modem in the group. see Lotus Notes 6 Help. For example. For mobile users. For more information about configuring Lotus Notes clients to use a passthru server. You can use a hunt group with one or more passthru servers. a pool of modems that are connected to different phone lines but that use a single phone number — you can configure Domino servers and Notes client users to connect to a hunt group on a passthru server. Passthru Logging To enable to monitoring of passthru traffic for security reasons. Volume 1 . see the chapter “Using Log Files. Passthru access is valuable to Notes client users as well. after you configure a server as a passthru server.NSF) records information about passthru sessions established through that server. Thus. the server log (LOG. the calling server or user must use a Hunt Group Connection document. If more than one passthru server is used in the hunt group.You can set up a passthru server so that it leads to additional passthru servers as well as directly to a passthru destination server. Using a passthru server this way saves the time and expense of configuring many individual servers to support modem connections and of requiring Notes client users to use multiple phone calls to access multiple servers. Whenever a call is made to the hunt group number. to allow any passthru server in the hunt group to receive a call and route it to the destination server. the client user can connect to a single server to access other network servers.

create a dedicated passthru server. Be sure to set up all passthru servers in a hunt group to pass through to the same destination servers. A dedicated passthru server does not contain applications and mail databases. 3. List the destination servers that the workstations and servers need to access. If you have many Notes client users. and the load is automatically spread among the passthru servers. determine if you want to use more than one passthru server in a hunt group. 2. If you anticipate high traffic through the passthru server. If you plan to use hunt groups. Determine the users and servers whose access to the passthru servers and destination servers you need to restrict. 4. create user setup policies to evenly assign them among the default passthru servers to ensure optimal server performance. For more information about using policies to manage server access. Also list the protocols that the workstations and servers run. List the Notes client users that need to use a passthru server and determine a default passthru server for each. It functions solely to provide workstations and servers with access to destination servers. the passthru server must have enough modem connections to handle the anticipated dial-in traffic. 5. In a hunt group. Record the name and phone number of the hunt group and the names of all the destination servers that members of the hunt group pass through to. one phone number represents all passthru servers in the group.” Configuration Setting Up Server-to-Server Connections 4-25 . In addition. see the chapter “Using Policies. Also.Planning the use of passthru servers Perform these steps to set up passthru servers: 1. List all the workstations and servers that need to access a passthru server. as well as all of the protocols of the destination servers. The passthru server must run all of the protocols that the workstations and servers that access it run. list which Notes client users will connect to each hunt group. Determine where in the topology to locate the passthru server based on which workstations and servers need access and which servers are the destinations. Create policy settings documents that include setup and desktop settings to prevent access to the servers. Also list the protocols that the destination servers run.

Connection documents on the remote server for connection to each destination server. Modified Location document on local Notes clients to specify name of passthru server. Volume 1 . For example. but because they do not share any protocols.Example of a passthru server topology TCP SPX TCP Webstage-E Mail-E TCP SPX XPC HR-E TCP Local Area Network Passthru Remote Notes Client TCP XPC TCP XPC Remote Notes Clients Remote Server Remote Notes Clients The Acme company has a dedicated passthru server that functions only to provide workstations and servers with access to destination servers. This server does not contain any databases. some of the Notes clients in the above diagram are on the same LAN as Webstage-E and HR-E. 4-26 Administering the Domino System. Notes Direct Dialup Connection document on remote Notes clients for connection to passthru. they cannot access these servers without using passthru. Passthru Connection documents on remote Notes clients to specify passthru connection. Note that passthru can benefit users and servers on the same network as the passthru server as well as remote users and servers. The passthru runs all the protocols that the destination servers run so that users and servers that connect to it have access to the entire system. The above topology requires the following configuration: • • • • • • Notes Direct Dialup Connection document on the remote server for connection to passthru server. Passthru Connection document on the remote server to specify passthru.

and servers allowed to connect to a destination server through this server. and in the Passthru Use section. Specifies the names of the users.• Modified Server documents (to allow appropriate access rights) on passthru and destination servers. Enter an asterisk (*) to provide passthru access for all users and servers. When this field is blank (the default). Click Server . Open the Server document for the server that you want to set up as a passthru server. groups. Click the Security tab. From the Domino Administrator. 4. Entries in this field are granted passthru access. Separate multiple entries with commas or semicolons. the entry */Acme allows access to all users in the Acme organization. For example. 2. 1. even those not listed in the Domino Directory. the server does not allow passthru connections.All Server Documents. Setting up a server as a passthru server Set up a server as a passthru server to enable users and other servers to route through it to connect to a passthru destination server. click the Configuration tab. For information about setting up a server as a passthru destination. Enter a hierarchical name with an asterisk as the common name to provide access for all users and servers certified by a particular organization or organizational unit. leave this field blank. continued Configuration Route through Setting Up Server-to-Server Connections 4-27 . see the topic “Setting up a server as a passthru destination” later in this chapter. even if denied general access to the server in the Server Access section of the Server document Security tab. 3. and click Edit Server. complete these fields and then click Save & Close: Field Access this server Description If this server is not a passthru destination.

Destinations allowed 5. 3. Volume 1 . and click Edit Server. Click Server . 4-28 Administering the Domino System. Set up servers as passthru destinations.Field Cause calling Description Specifies the names of users. Open the Server document for the server that you want to set up as a passthru destination. rather than specifying the name of the source. 2. Specifies the names of the remote servers this server can connect to as passthru destinations. If you allow incoming connections from any source to initiate calls. click the Configuration tab. Create Connection documents as necessary to connect the passthru server to destination servers that do not share the same LAN. Setting up a server as a passthru destination Set up a server as a passthru destination to enable users and servers to access it through a passthru server. Domino indicates only that the connecting client was not authenticated. see the topic “Setting up a server as a passthru destination” later in this chapter. For information about setting up a server as a passthru destination. this field is blank and the server allows routing to all servers configured as passthru destinations. By default. 6. and servers allowed to use the modem on this server to connect to a remote destination server. 1. this field is blank and the server prohibits all incoming connections from generating calls to other servers.All Server Documents. From the Domino Administrator. Enter an asterisk (*) to allow incoming connections from any source to initiate a call to a destination server. By default. groups. Adding entries to this field restricts passthru access from this server to the specified destination servers only. when recording the event in the Passthru Connections view of the Notes Log.

However. verify that the current server is not configured to use a default passthru server. For example. Creating a passthru connection After you set up the passthru and destination servers. the passthru attempt places an unnecessary load on both servers.4. If the named server is not set up to allow passthru connections to the requested destination server. Separate multiple entries with commas or semicolons. Configuration Note Access to a passthru destination is subject to restrictions set in the Server Access section of the Server document’s Security tab. if you deny a user or server general access to a server. groups. Note The passthru Connection document specifies the server to use for passthru. Creating a passthru connection enables the server to forward requests from users and other servers to connect to a specified destination server. If a server does not have a direct connection to the passthru server over the LAN. An asterisk followed by a certifier name provides access for all users and servers certified by a particular organization or organizational unit. enter values in this Passthru Use field. You can grant a user or server general access to a server and prohibit access to the same server as a passthru destination. Before creating a passthru connection. Click the Security tab. and servers allowed to access the server as a passthru destination. the entry */Acme allows access to all users in the Acme organization. even those not listed in the Domino Directory. When this field is blank (the default). These fields define general access to the server. When a server is configured to use a default passthru server and it receives a request to connect to a destination server for which no other connection is defined. Setting Up Server-to-Server Connections 4-29 . the server is not available as a passthru destination. Enter an asterisk (*) to provide access for all users and servers. but does not define how to connect to the passthru server. those users and servers cannot access the server as a passthru destination. and then save the document: Field Access this server Description Specifies the names of the users. you must create a separate Connection document to define the path to the passthru server. you can set up servers to connect to passthru servers. it attempts to route through the named server to the requested destination.

Destination server The name of the destination server to connect to through the passthru server. click the Configuration tab. and select the times you want the server to call its destination. Select the connecting server’s Domino Directory in the “Use Directory on” field. 3. Click Server. Volume 1 . 5. 7. From the Domino Administrator.Current Server document. Click the Replication/Routing and Schedule tabs to define the tasks you want to run. 4-30 Administering the Domino System. Destination domain The name of the destination server’s domain 6. Click Add Connection. From the Domino Administrator. and then click Connections. click the Configuration tab.Select this option to define a backup path to a server. 4. 4. see the topic “Forcing a server connection to use a specific protocol” earlier in this chapter. • Low . Click Save & Close.To verify that a server is not configured to use a default passthru server 1. 2. Complete these fields: Field Connection type Source server Source domain Description Select Passthru server The name of the server connecting to the passthru server The name of the connecting server’s domain Use passthru server The name of the passthru server or hunt group that or hunt group this connection uses to reach the destination server Usage priority Choose one: • Normal (default) . Click the Basics tab and expand the Server Location Information section. 2. For more information about the effect of specifying the usage priority for a connection.Select this option if this document defines the primary path to a server. 3. Verify that the “Passthru server” field is empty. To create a passthru connection 1. Click Server .

(default) The server includes the area code only when dialing numbers outside the local area code. The modem port Connection type Hunt group Configuration Use the port Always use area Specifies when the modem on the source server includes the area code to dial a number. rather than a hunt group Connection document. Complete these fields and then click Save & Close: Field Source server Source domain Description The name of the server connecting to the hunt group The name of the connecting server’s domain. Click Add Connection. 5. create a Network dialup Connection document to define the connection. Choose one: code • Yes . To create a Hunt group connection document 1. 3.The server always includes the area code to dial.Connecting a server to a hunt group A hunt group is a collection of telephone extensions that is assigned one phone number. continued Setting Up Server-to-Server Connections 4-31 . After you set up a hunt group. Required only if the source server and destination server are in different Domino domains. Each call that comes in to that number is assigned to the next free line in the group. and then click Connections. From the Domino Administrator. If your telecommunications infrastructure supports hunt groups. create a Hunt Group Connection document to enable servers to connect to the hunt group servers. any passthru server in the hunt group can receive a call and route it to a specified destination server. If a hunt group has a single passthru server. Select the connecting server’s Domino Directory in the “Use Directory on” field. even when dialing numbers in the local exchange. A Hunt group connection document is required whenever a hunt group has multiple passthru servers. 4. 2. • No . Click Server. click the Configuration tab.

The name you enter name here is also used to apply commands to the hunt group servers. Destination country code Destination area The area code to use when dialing the number of the code hunt group modem. Required only if the source server and destination server are in different Domino domains. Arguments required during processing of the specified login script. If you create passthru Connection documents that use this connection. to replicate a database that is located on a hunt group server. the calling server initiates the modem connection to the designated hunt group and then replicates the specified database on each server where it resides. the hunt group name you enter in them must match the name entered here. Enter a domain name to ensure that the hunt group connects to a server in the specified domain. for example. The country code to use when dialing the number of the hunt group modem.Select this option if this document defines the primary path to a server. for example. • Low . Volume 1 .Field Usage priority Description Choose one: • Normal (default) . enter: rep hunt_group_name database In this case. For more information about the effect of specifying the usage priority for a connection. Enter arguments from left to right in the order of use. The name of the login script file to use when connecting to the hunt group. Hunt group Enter a unique name to identify the hunt group. AcmeEastHuntGroup. 4-32 Administering the Domino System. see the topic “Forcing a server connection to use a specific protocol” earlier in this chapter. name and password.Select this option to define a backup path to a server. Destination phone number Login script name Login script arguments The phone number of the hunt group modem. Destination domain The name of the domain to connect to through the hunt group. For example.

Configuration Installing modems The number of modems that you can use on a server is dependent on the operating system and system resources — for example. see the topics “Creating a Notes Direct Dialup connection” and “Creating a Network Dialup connection” later in this chapter. The type of connection required depends on whether each server is directly connected to a modem. the number of available communication ports. Domino uses either a Notes Direct Dialup connection or a Network Dialup Connection to communicate with another server over a modem. then connect to the central server to exchange new and updated documents with the central server’s database. install additional modems or install a multiple-port communication board to connect multiple modems to multiple communication ports on a single board. Create a dialup modem connection from the calling server to the receiving server. work on them without a dialup modem connection. Configure the communication port. Use these questions to help you determine the number of modems: 1. If you expect heavy dialup use. 3. What types of users connect to this server? If the server supports a high number of users who connect exclusively over dialup connections — for example. Do users take advantage of workstation-to-server replication when accessing the server? To reduce server demand. you must • • • Install one or more modems on the calling and receiving servers. For information about creating dialup connections. 2. Consider the expense of purchasing more modems against server accessibility. when a server’s primary users are field personnel who are always on the road — Setting Up Server-to-Server Connections 4-33 .Planning for modem use For a Domino server to communicate with a remote Domino server by modem. encourage users to keep local replicas of databases on their workstations. Each modem needs its own communication port. How many users and servers do you want to be able to use the server simultaneously? The number of modems that you install on a remote server determines the number of users and servers that can access it simultaneously.

does not work If you cannot obtain a modem file that works with your modem from IBM support Creating a Notes Direct Dialup connection When both the local and remote Domino servers have their own modems. which have the file extension MDM. Domino provides a generic all-speed modem file. For information on modem command files and instructions on modifying them.MDM.PC protocol provided with Domino. If none of the available modem types matches your modem. AUTO.dialup demand for the server is higher than on a server where users only occasionally use modem connections.MDM. it can perform tasks. Modem command files. Modify a modem command file only under the following circumstances: • • • • If you need additional commands that a Domino modem command file does not provide If Domino does not provide a modem command file that is compatible with your modem If the default modem command file. Domino comes with specific modem command files for a wide variety of modems. Commands in the modem command file are arranged as required by the X. tell the modem how to operate. A modem command file is a text file containing commands that Domino issues to the modem. Specifying a modem type automatically associates a modem with a modem command file. Domino installs modem files in the Domino Data\Modems subdirectory. Use this file in conjunction with the documentation that came with the modem to modify modem command files. you must select a matching modem file.MDM. Volume 1 . you can modify a generic modem command file or contact IBM support to obtain the appropriate modem file. configure the communication port by specifying the modem type and port number. GEN_ALL. They are specific to Domino and the type of modem you are using. use a text editor to read the file TEMPLATE. When you choose a modem type. After the local server connects to the remote server. you can use a Notes Direct Dialup (dialup modem) connection to connect them. 4-34 Administering the Domino System. such as route mail and replicate databases. which you can modify. Modems and modem command files After you install a modem on a server.

PC protocol driver is installed automatically when you install a Domino server. The name of the communications port that the calling or source server uses. and then click Connections. 5. • Low . Notes Direct Dialup connections use Domino security and thus offer tighter security than Network Dialup connections to a remote access server. even when dialing numbers in the area code defined in the source server’s Server document. Select Notes Direct Dialup in the “Connection type” field. Complete these fields: Field Source server Source domain Use the port(s) Description The name of the calling server. For more information about the effect of specifying the usage priority for a connection. Click Server. click the Configuration tab. It links Domino to a computer’s operating system and the hardware devices that handle the communication.PC protocol driver.Select this option to define a backup path to a server. 2. see the topic “Forcing a server connection to use a specific protocol” earlier in this chapter.When using Notes Direct Dialup connections. Usage priority Choose one: • Normal (default) . From the Domino Administrator. The name of the calling server’s domain. Use this option if your phone system requires an area code for local calls. Always use area Specifies whether the source server always uses the area code when dialing. 3. 6.The server always includes the area code to dial. The X. Configuration 1. continued Setting Up Server-to-Server Connections 4-35 . Domino uses the X. Choose one: code • Yes .Select this option if this document defines the primary path to a server. Make sure that you already installed a modem and that one exists on the destination server.(default) The server includes the area code only when dialing numbers outside the local area code. • No . 4. Click Add Connection.

negating the benefits of the modem compression. Enter this number code only if it’s required to complete the call. Values entered in this field are not encrypted and are displayed in the clear. Login script arguments 7. Supply this file name only if additional information is required to authenticate with the destination server after dialing completes. 8. Destination area The remote server’s area/city code. and select the times you want the server to call its destination. Enter this number only if it’s required to complete the call. create a Network dialup connection. After establishing the connection. Between 1 and 4 values used by the login script when authenticating with the destination server. Volume 1 . enter a login name and password if the login scripts must provide these elements when connecting to the destination server. For more information about encrypting data on an NRPC port. the local server uses the remote access service to communicate with the destination 4-36 Administering the Domino System.Field Destination server Destination domain Destination country code Description The name of the remote server. The name of the remote server’s domain. The name of the connect script to use when connecting to the remote server. Click Save & Close. The country code for the remote server. Click the Replication/Routing and Schedule tabs to define the tasks you want to run. the modem’s hardware compression techniques can increase it. Destination phone number Login script file name The phone number of the remote server. Rather than reducing the size of the transmitted data.” Creating a Network Dialup connection To connect a local Domino server with a remote server that does not have its own modem. For example. Domino uses Microsoft Dial-Up Networking (DUN) and the Microsoft Remote Access Service (RAS) to make a dialup connection to a non-Domino server on the remote network. The script uses the values in the order in which they are entered. see the chapter “Setting Up the Domino Network. Note To ensure the best performance for connections that use data-compressing modems. don’t apply Domino network data encryption to ports using these modems.

Configure the modem port on the source server. Make sure that the remote access service is properly set up on the local Domino server and on the remote network server. Notes clients and Domino servers who establish a Network Dialup connection to a Remote Access Server can access the entire remote Domino network over the remote LAN. After establishing a connection. TCP/IP and Netbios. To create a Network dialup connection 1. Click Add Connection. Domino compression should not be used with RAS. The name of the connecting server’s Domino domain. 5. For example. configure DUN to dial out to the RAS server. 2. routing mail and replicating databases with servers on the remote network. Domino can interact with resources on the other network as if it were connected directly to the network. 4. the calling client or server can communicate with servers on the remote LAN using the network protocols defined in RAS only. Required only if the source server and destination server are in different Domino domains Connection type Network Dialup Configuration Use LAN port(s) Specifies the port that the server uses to establish the network dialup connection using the remote access service. that is. configure RAS to answer calls.server. 6. 3. and then click Connections. On the non-Domino remote server. Server1/Sales/ACME. Because RAS uses its own compression. For details on how to configure RAS. continued Setting Up Server-to-Server Connections 4-37 . refer to the documentation provided with the operating system. From the Domino Administrator. Click Server. Complete these fields: Field Source server Source domain Description The fully-distinguished Notes name of the connecting server. On the local server. click the Configuration tab.

if the IP address changes.Field Usage priority Description Choose one: • Normal (default) .Acme.22.isp. • Low . Volume 1 .com.com or 192. Destination domain Optional Provide an optional network address to facilitate network address attempts to locate the destination server over a TCP/IP connection. Destination server The fully-distinguished Notes name of the Domino server you want to access. Because IP addresses are subject to change. When a host name is used. Required only if the source server and destination server are in different Domino domains. Enter a fully-qualified host name or IP address — for example. For more information about the effect of specifying the usage priority for a connection. the connecting server obtains the updated IP address from the DNS. Leave this field blank when configuring SMTP routing to an ISP server. 4-38 Administering the Domino System.Select this option if this document defines the primary path to a server.256. If the field contains no entry. HR-E. For SMTP routing connections. Domino attempts to obtain the destination server’s IP address from the IP protocol stack. for ease of management.36. internet. see the topic “Forcing a server connection to use a specific protocol” earlier in this chapter. for example. The name of the destination server’s Domino domain. enter the host name of the destination server.Select this option to define a backup path to a server. it’s best to use host names in Connection documents.

Click the Network Dialup tab and complete the following fields: Field Description Choose a Select Microsoft Dial-up Networking service type Configure service Lets you specify the Dial-up Networking entry that the server uses when connecting to this destination. and complete this field in the Microsoft Dial-up Networking dialog box: • Dial-up Networking name . the settings override those configured in the specified Dial-up Networking entry on the server. • Domain . before storing the document Domino encrypts the password with the public keys of the source server and the users and servers listed in the Owners and Administrators fields of the document. If the server uses pulse dialing.Area code of the remote access server.The Windows logon domain of the remote access service Configuration The remaining fields on this tab are read-only and display information only if you completed the corresponding field in the previous step.The name that the server uses to log in to the remote access server. Also. • Phone number . Setting Up Server-to-Server Connections 4-39 .The password the server uses to log in to the remote access server. be sure to select Pulse in the server’s modem configuration options and in the Microsoft Dial-up Networking dialog. If the remote access server has call-back enabled. do not enter a phone number in this field. Optionally. it appears as a series of asterisks. • Password . These settings are used by the remote access service.Country code of the remote access server. Click Edit Configuration.7. provide a phone number and check the Use Telephony dialog properties box. • Dial-back phone number . you can complete the following additional fields in the dialog box. it calls this number after authentication completes. not by Domino.The phone number of the remote access server. • Area code . After you save the Connection document. • Country code . If you complete these fields.Name of the Microsoft Dial-up Networking phonebook entry on the source server containing the information on how to dialup the remote server. when you enter the password.The phone number of the source server. For security reasons. Complete the fields and then click OK • Login name .

When both servers have constant connections to the Internet. AutoDialer connections honor the timeout settings specified for the modem communication port. it can be difficult to schedule tasks to coincide with times when both servers are available. If a connection is idle for the amount of time specified. a powerful server with a direct connection to the Internet. Pluto. To automate the coordination of dialup schedules. Jupiter. Click Save & Close. scheduling these tasks is easy. share a common Domino Directory and must replicate once a day with each other.” Coordinating dialup ISP connections between servers When two geographically distant servers are both connected to the Internet. they can use the Internet connection to replicate databases or route mail. is located at company headquarters in New York.8. Note To ensure the best performance for connections that use data-compressing modems. Domino closes the connection. Example of using an AutoDialer connection Two remote servers. 9. An AutoDialer task on both servers tracks the task schedule set in the source server’s Connection document and prompts the destination server to come online in time to receive requests from the calling server. see the chapter “Setting Up the Domino Network. Volume 1 . But if either server’s Internet connection is intermittent. and one document that controls when the destination server dials up an ISP to establish an Internet connection. it must assign the server the same IP address every time the server connects to the ISP. Domino lets you create an AutoDialer connection. that is. the destination server’s ISP must provide static IP addresses. Rather than reducing the size of the transmitted data. and select the times you want the server to call its destination. Jupiter and Pluto. don’t apply Domino network data encryption to ports using these modems. negating the benefits of the modem compression. An AutoDialer connection provides a link between two Connection documents: one document that controls when a source server initiates the given replication or mail routing task. Because this requires a stable IP address. the modem’s hardware compression techniques can increase it. Click the Replication/Routing and Schedule tabs to define the tasks you want to run. For more information about encrypting data on an NRPC port. for example. The source server uses the destination server’s IP address to establish the connection. a much less powerful 4-40 Administering the Domino System. if one server uses a dialup connection to an ISP.

4. the administrator creates an AutoDialer connection for the two server by doing the following: 1. located at a branch office in San Francisco.” After it finds the matching documents. • Enables AutoDialer and assigns the AutoDialer connection in this document the same name as the AutoDialer connection in the Pluto-to-ISP Connection document: “PlanetReplication” This name provides the link between the two documents. the administrator chooses to have it serve as the source server and initiate the replication. Jupiter.INI file to start the AutoDialer task on Pluto. 3. To enable replication. The administrator on Pluto then adds the AutoDialer task to the ServerTasks item in the NOTES. connects to the Internet by dialing up a local ISP number.computer. Creates a Pluto-to-ISP Network Dialup connection document that provides information on how to connect the destination server. the Domino Directory must be replicated so that both servers are aware of the change. The administrator on Pluto dials the server into the ISP and then issues the replicate command from the server console to replicate the Domino Directory between the two servers. Because a direct dialup connection between the servers would require a costly long-distance call. To enable Jupiter to assume the greater share of the workload. to the ISP.” 2. specifies Pluto’s IP address in the Optional Network Address field. • Sets the schedule on the Jupiter-to-Pluto connection document to begin replication at 10:00 AM. Creates a Jupiter-to-Pluto LAN connection document that provides information on how the source server. and sets this Setting Up Server-to-Server Connections 4-41 Configuration . the administrator then does the following: • To enable Jupiter to locate Pluto on the Internet. • Assigns the AutoDialer connection the name “PlanetReplication. Domino calculates when Pluto must dial up its ISP to answer the replication request from Jupiter. In the Jupiter-to-Pluto LAN connection document. the administrator decides to connect the servers over the Internet to perform the replication. the administrator then does the following: • Enables AutoDialer and specifies that Pluto will begin to dial up the ISP three minutes before the scheduled replication with Jupiter. After saving both documents. connects to Pluto. Pluto. Domino then searches the available Connection documents to locate any that have the AutoDialer connection name “PlanetReplication. In the Pluto-to-ISP connection document. using a local phone number.

InternetReplication. The name you enter in this field must also appear in the AutoDialer connection name field in the Connection document that provides the schedule for this task (see Step 5). it must dial up the ISP at 6:57 AM local time to come online three minutes before Jupiter. To ensure availability. Enter connection name any unique name. On the Replication/Routing tab of the Connection document you created in Step 1. For more information. see the topic “Coordinating Notes Direct Dialup connections between servers” later in this chapter. 4-42 Administering the Domino System. Click Save & Close. For information on creating a Network Dialup connection. At 6:57 AM the AutoDialer on Pluto requests the dialup information from the Pluto-to-ISP connection document and dials the ISP. Three minutes later. 3. see the topic “Creating a Network Dialup connection” earlier in this chapter. In this example. It’s best to use a name that’s short and descriptive. specify a time value that enables the server to be online several minutes before the start of the scheduled action. complete the following fields in the AutoDialer section: Field Description AutoDialer Task Select Enabled AutoDialer Specifies a name for this AutoDialer connection. Create a Network Dialup connection document that defines how the destination server for the scheduled task connects to its ISP. Volume 1 . you can also use AutoDialer to enable a remote Domino server to dial directly into another Domino server. or into a passthru server. 2. for example.schedule in the Pluto-to-ISP connection document. in the time zone GMT -05:00. Connect remote server to network Specifies how many minutes before a scheduled action that this server will dial up to connect to the Internet. because Pluto is in the time zone GMT -08:00. Jupiter sends a replication request over the Internet to Pluto. initiates replication at 10:00 AM local time. To set up an AutoDialer connection 1. Using AutoDialer with Notes Direct Dialup connections Although AutoDialer is intended primarily for use in coordinating connections over the Internet between two servers.

to connect remote server to network The AutoDialer connection name AutoDialer connection name specified in the Network Dialup connection document you created in Step 2. 5.4. InternetReplication. Connect the destination server (the dialing server) to the Internet by having it dial up the ISP. or replication. for example. Configuration Days of week 6. Schedule Schedule Select Enabled Connect at times Specify the time to replicate with or route mail to the destination server. Use AutoDialer Select Enabled. Add the AutoDialer task to the ServerTasks item in the NOTES. not a time range. Repeat interval Leave this field blank. Enter the following information in the Connection document you created in Step 4 and the click Save & Close: Tab Basics Replication/ Routing Field Description Optional Enter the IP address of the destination network address server. Domino does not support repeat intervals for AutoDialer connections. 7. Create a LAN Connection document that defines how the source server for the scheduled task connects to the destination server. for example. and directoryfile is the filename of the Domino Directory database.NSF 8. Enter a specific time only.INI file to start the AutoDialer task on Pluto. enter: Replicate Jupiter NAMES. From the server console of the destination server. For example. Specify the days when the calling server attempts to make this connection. Setting Up Server-to-Server Connections 4-43 . server. enter the command: Replicate servername directoryfile Where servername is the name of the source. 10:00 AM.

to be the destination server. The process for creating an AutoDialer connection for use with a Notes Direct Dialup connection is similar to the one used to create an AutoDialer connection for a Network Dialup connection. and the less powerful server. in addition to this Notes Direct Dialup connection document. Create a Notes Direct Dialup connection document that defines how the dialing. generally the server with the dialup connection. Note The AutoDialer section on this Passthru connection document is not used. In addition. If the dialing server dials into a passthru server. Volume 1 . To set up an AutoDialer connection for use with Notes Direct Dialup connections 1. If the dialing server connects into a passthru server rather than connecting directly to the replication server. rather than directly into the source server. set up the more powerful server to be the source server. as passthru destinations. In most cases you use an AutoDialer connection to schedule tasks over Internet dialup connections. see the topic “Creating a passthru connection” earlier in this chapter. or destination. For information on creating a Notes Direct Dialup connection. you must also create a Passthru connection document if one doesn’t already exist. 4-44 Administering the Domino System. For replication tasks. You must also set up the source server as a passthru destination. For information on creating a Passthru connection document. or into a passthru server. you must also configure the dialing server. as well as the replication server. The replication server cannot locate the dialing server on the network except with the help of the passthru server and so requires a Passthru connection document to provide this information.Coordinating Notes Direct Dialup connections between servers To enable two servers to perform scheduled tasks when one or both of them uses a dialup connection to access the network. see the topic “Creating a Notes Direct Dialup connection” earlier in this chapter. server connects to the Domino server initiating replication (the source server). you can create an AutoDialer connection to automatically coordinate the dialup schedule with the task time. all communications between the dialing server and the replication server occur through the passthru server. but an AutoDialer connection can also enable a remote Domino server to dial directly into another Domino server.

for example. 5. To ensure availability. The name you enter in this field must also appear in the AutoDialer connection name field in the Connection document that provides the schedule for this task (see Step 5). AutoDialReplication. Schedule Schedule Select Enabled Connect at times Specify the time to replicate with or route mail to the answering server. It’s best to use a name that’s short and descriptive. Enter AutoDialer connection name any unique name. Enter a specific time only. to connect remote server to network AutoDialer The AutoDialer connection name connection name specified in the Notes Direct Dialup Connection document in Step 2. for example. Specify the days when the calling server attempts to make this connection. Click Save & Close. Enter the following information in the Passthru connection document you created in Step 4: Tab Replication/ Routing Field Description Use AutoDialer Select Enabled. Click Save & Close. 10:00 AM. Create a Passthru connection document describing how the replication server connects to the destination server. On the Replication/Routing tab of the Connection document you created in Step 1. Setting Up Server-to-Server Connections 4-45 . 4. not a time range. specify a time value that enables the server to be online several minutes before the start of the scheduled action. Repeat interval Leave this field blank. Domino does not support repeat intervals for AutoDialer connections. AutoDialReplication. complete the following fields in the AutoDialer section: Field Description AutoDialer Task Select Enabled Specifies a name for this AutoDialer connection. Days of week 6. Connect remote server to network Specifies how many minutes before a scheduled action that this server will dial up to connect to the Internet. Configuration 3.2. for example.

1. select the Server . 5. 4. On platforms. From the Domino Administrator. From the Servers pane. such as UNIX. 5.Status tab. In the “Public Encryption keys” field. Select the connecting server’s Domino Directory in the “Use Directory on” field. and then click OK. From the Tools pane. 1. click the Configuration tab. Select the name of the port on which you installed the modem. 4. 2. 3. Install the modem on the server communication port and ensure that the operating system recognizes the port. Use these steps to encrypt a Connection document created prior to Release 5 so that only the users and servers you specify can use the document to make a connection and view the settings in the document. and then save the document. for which there is no Domino Administrator client. From the Domino Administrator. Choose File . and deselect “All readers and above. If the communication port name does not exist. select New. You configure an additional communication port only when you add an additional modem or other device to a server or when you need to adjust the settings for a port currently in use. click Server . you can set up ports remotely. and then click Connections. Configuring a communication port If you specified a communication port when you configured the server.Document Properties. COM1. Volume 1 . 4-46 Administering the Domino System.Encrypting Network Dialup Connection documents Domino can hide and encrypt the parameter part of the Network Dialup Connection document by using the public keys of specific user or server IDs.Setup Ports. only users and servers with those IDs can make connections using the document and can view the parameters in the document.” 7. select XPC for the driver. Click Server. 6. type the name of the communication port on which you installed the modem. 2. for example. Open the Network Dialup Connection document. you do not need to specify the port again. When completed. Click the Security tab (the key icon). select the server on which to set up the port. enter the names of users and servers who need access to the document. 3.

Because the Auto Configure modem file does not provide optimal performance. you may wish to adjust some of the settings. see the topic “Modifying a modem command file” later in this chapter. 8. For information about your modem. Select “Compress network data” to enable Domino network data compression. as needed and then click OK. Never apply Domino network data encryption to ports that use data-compressing modems. Modify default port settings. the modem’s hardware compression techniques can increase it. For more information about setting up network data encryption for a port. The following settings are available: Field Modem type Description Associates a modem with a modem command file. If you want to enable Domino network data encryption. you may need to edit an existing modem command file or create a new one. If none of the listed modems is an exact match for the installed modem. However. especially for connections that use data-compressing modems.MDM) for Domino to determine the modem type automatically and select the appropriate Hayes command file. 10. Click portname Options. Rather than reducing the size of the transmitted data. Select Port Enabled. not cable or DSL modems. where portname is the name of the port whose settings you want to change. select “Encrypt network data.” Note Enabling network encryption can slow performance. see the topic Encrypting network data on a server port. use it only as a temporary measure while obtaining an appropriate modem If there’s no match and your modem is not 100% Hayescompatible. 7. 9. continued Configuration Setting Up Server-to-Server Connections 4-47 . see your modem documentation. if you are performing troubleshooting. If compression is not enabled on the server being connected to. For information about editing modem command files. data will not be compressed.6. select the closest match by brand and speed. If the modem is 100% Hayes-compatible. negating the benefits of the modem compression. The default port settings work in most situations. Note These settings apply to digital-analog modems only. select “Auto Configure” (AUTO. Network compression occurs only if it is enabled on both sides of the connection.

Choose the volume that best allows you to monitor call progress: Low Medium. Volume 1 . the maximum port speed on both computers must match. • Pulse . When deselected. Default value is 19200. Select a lower port speed if you are having trouble with a noisy phone line or cannot establish the carrier. To conserve disk space. or High. The server records script file responses and replies in the Miscellaneous Events view of the server’s Notes Log (LOG. To conserve disk space. Log script I/O Select this option to help troubleshoot communication problems between servers that occur after the modem establishes a connection.Field Maximum port speed Description Specifies the maximum speed at which the communication port on the computer sends data to the modem and receives data from the modem. deselect this option to prevent the extra information from being recorded.For rotary phone lines or modems that do not support touch-tone dialing.For touch-tone phone lines. Specifies how data is sent between the computer and the Hardware flow control modem.NSF).NSF). Choose one: • Tone . Select this option (the default on operating systems other than UNIX) to enable data flow control.NSF). deselect this option to prevent the extra information from being recorded. When using a null modem. Domino selects a maximum data transmission speed based on the modem type you select. The maximum speed is limited by the maximum speed specified in the modem’s command file and may also be limited by the server’s operating system. after the problem is fixed. Deselect this option only if you’re using a modem or external serial port that doesn’t support flow control. messages about errors and retransmissions can appear in the Phone Calls view of the log file (LOG. or choose Off to mute the modem. after the problem is fixed. Specify the highest value supported by your modem hardware. Specifies how loudly to amplify modem tones during connection attempts. continued 4-48 Administering the Domino System. Speaker volume Dial mode Log modem Select this option to help troubleshoot modem connection I/O problems by recording modem control strings and responses in the Miscellaneous Events view of the server’s Notes Log (LOG.

Status tab. For more information on acquire scripts.Setup Ports. Modifying modem command files and acquire scripts When you modify a modem command file or acquire script. select the Server . if COM7 is the port name. 3. select the script in the Acquire Script dialog box. Setting Up Server-to-Server Connections 4-49 . Configuration Port number Specifies the port number for the current port type. see the topic “Writing and editing acquire and login scripts” later in this chapter. Increase the dial time-out period when using pulse dialing or when calling overseas. To apply a modified modem file to a remote server. that the source server continues attempting to connect to the destination server before it cancels the attempt.Field Wait for dialtone before dialing Description Select this option (the default) to require the modem to detect a dialtone before dialing. From the Domino Administrator. click Server . in seconds. click Acquire Script. in minutes. Then restart the server so that the modifications take effect. From the Tools pane. Hangup if idle Specifies the time. you can only modify the file on the local server. and then click OK. Dial timeout Specifies the time. the port number is 7. see the topic “Modifying modem command files and acquire scripts” later in this chapter. 11. specify a longer idle time so users have time to read or compose long documents. Use the documentation that came with the modem to determine which additional commands you must add to the modem command file. For ports that workstation users dial into. If necessary. The default value is 15. To specify an acquire script for this port. you can edit acquire scripts and modem command files. 2. Domino automatically sets the port number to the number specified in the port name — for example. Deselect this option on phone systems where dial tone detection is a problem. The default value is 60. For information about editing modem command files and acquire scripts. 12. edit the file locally and copy it to the Domino Data/Modems subdirectory on the remote server. 1. On UNIX systems. specify a port number N that matches the /dev/cuaN device file that you linked to the asynchronous port. that the modem on the source server waits before hanging up if there is no data passing through the connection.

Refer to the comments at the top of the file for instructions. in the Modem type field. COM1. Rather than reducing the size of the transmitted data. When the server makes a call using the specified port. Domino runs the commands in the acquire script before running the commands in the modem script. Click Save to save the file using the current name. Login script 4-50 Administering the Domino System. Click Done to close the Edit dialog box. Domino uses the specified login script. and the click Save. the modem’s hardware compression techniques can increase it. Type of script Acquire script Steps Specify the script when you set up the communication port. click Save As. For more information about setting up network data encryption for a port.” 7. Click portname Options. where portname is the name of the communications port you selected in step 4. Generic All-Speed Modem File and click Modem File. for example. Volume 1 . Specify a login script in the Notes Direct Dialup Connection document for connecting to a specified server. Or. don’t apply Domino network data encryption to ports using these modems. To edit an acquire script. 9. 8. click “Acquire Script. enter a new name for the modified file in the File name field. to save the file under a new name. Note To ensure the best performance for connections that use data-compressing modems. negating the benefits of the modem compression.4. Domino uses that acquire script to obtain a modem from a modem pool. and then click OK to close each of the remaining open dialog boxes. When making a call to that server.” Using acquire and login scripts How you specify a script when making a call depends on the type of script. To edit a modem file. select the modem communications port. 5. select the modem command file that you want to modify — typically. From the Communication Ports box. 6. Edit the content of the file as necessary. see the chapter “Setting Up the Domino Network.

2. You specify the acquire script to use when configuring the modem port. ^4. You can edit an existing acquire or login script or create new ones from scratch using any text editor. A Domino server that doesn’t have its own modem can use an acquire script to obtain a modem from a modem pool on a communications server. Check the documentation that came with the communications server to see if the server includes an acquire script. use ^^M for CARET+M. or ^4 in the script when you make each call. Raise the data terminal ready (DTR) signal at the start of script file processing. 6. the script uses only the first eight. use the appropriate script commands. The server runs the commands in the acquire script prior to running the commands in the modem file used to make the connection. you enter values for these arguments. Setting Up Server-to-Server Connections 4-51 Configuration . ^2. If you specify more than eight characters. Start lines with a colon to indicate a branch label. make sure you save the file with an SCR extension and copy it to the Notes Data/Modems subdirectory of every workstation and the Domino Data/Modems subdirectory of every server that uses the script. The values you enter replace the ^1. Do not exceed the maximum line length of 80 characters. If the modem does not automatically raise this signal. For example. ^3. The server runs the commands in the login script after running the modem command file. For example. 3. When editing or writing scripts. Login scripts provide information required to access a destination server and are required by some Direct dialup connections. 5. 4. The script commands execute sequentially. Start lines with a semicolon to indicate a comment line. General rules for writing script files 1. or you enter them permanently in the Connection document in the Domino Directory or Personal Address Book. Embed control characters 0 . and comments. you must use the DTR_HIGH command. The keywords identify and classify the script file.20H in strings. keywords. use ^M for CTRL+M. Any time you change a script. Then. ^3. ^2.Writing and editing acquire and login scripts Domino uses acquire and login scripts to make certain connections. Do not exceed the maximum branch label length of eight characters. Use double carets for a literal caret. The keywords you use depend on the device that the script sets up. Specify up to four optional arguments for login scripts: ^1. when you make a call on the workstation or server.

None entered: ARG3 3. None entered: ARG1 is a keyword and “1. For example. you can also open an acquire script for editing from the Port Setup dialog box during the process of setting up a server’s communications port.Editing script files Script files are ASCII text files with the extension SCR that Domino stores in the Modems subdirectory of the Domino data directory. and ARG4 are 4-52 Administering the Domino System. if you open the Acquire Script dialog box while setting up a communication port.. ARG2. ARG3. You can open and edit login scripts and acquire scripts using any text editor. You may write scripts using from 0 through 4 arguments. mobile users who use login scripts when configuring dialup communications from a Notes client.SCR): Acquire a modem via a communications server Similarly. In addition. Script keywords Use these keywords when you write a script file. these optional keywords precede a description of each of the four script arguments. Volume 1 . TYPE Tells whether the script is an acquire or connect script. you might use the following script arguments and descriptors in a connect script file: ARG1 1. DESC A one line description of the script file’s purpose. Always include a DESC line in a script file to provide users with information about the script. the following text appears for the default acquire script (COMSERV. None entered: ARG4 4.. REMOTE DTE ADDRESS:” is the description that appears in the Call Setup dialog box. For example: TYPE CONNECT ARG.ARG4 For connect scripts only. Dialog boxes for selecting the script display the text associated with this keyword. see the value of the DESC keyword in the login script. For example. REMOTE DTE ADDRESS: ARG2 2. see the topic “Configuring a communication port” earlier in this chapter. For information about how to edit an script from the Port Setup dialog box.

select More Options. If no label is specified. continued Setting Up Server-to-Server Connections 4-53 . Timing of breaks is not exact.Mobile . and then select Call Setup. Maximum is 2000ms. Lowers the DTR signal on the selected port. Default is 500ms. If the modem or other communication device does not automatically raise data terminal ready (DTR) at the start of script file processing. The optional text string is logged in the log file (LOG. but no branch occurs. If the label does not exist. Commands for acquire and connect scripts The available script commands are described in this table. Command BREAK Description Sends a communications break. Terminates execution of the current script. FAIL [text string] FAIL GOTO Branches unconditionally to the GOTO label specified label.Call Server. or they can enter arguments in the Notes Direct Dialup Connection document in the Domino Directory or Personal Address Book. Users can enter arguments when they choose File . “X. use the DTR_HIGH script command or configure DTR on your modem or communication device. Syntax BREAK [time] Configuration DTR_HIGH Raises the DTR signal on the DTR_HIGH selected port. and the error is logged in the log file (LOG. Time is specified in 100ms intervals.keywords. None entered:” lets users enter arguments when making the call.NSF). the ERROR condition is cleared. the script file terminates. DTR_LOW DTR_LOW ERROR Tells the script file to branch to ERROR label the specified label if an error previously occurred.NSF).

waits a maximum of 60 seconds.NSF). WAIT [time] [FOR “string”] WAIT WATCH Same as WAIT.Command LOG OFF Description Turns off informational logging if you have Log modem I/O selected (for execution of this script only).). If a time is not specified. Waits a given amount of time for the case-sensitive specified string. Turns on informational logging if you have Log modem I/O deselected. REPLY PROMPTUSER“Dialog box title” [“Title1”“[initializer]” “Title2”“[initializer]” “Title3”“[initializer]” “Title4”“[initializer]”] Sends a string to the serial port. The user needs to run a script with this command from a Notes client. which must be enclosed in quotes. 4-54 Administering the Domino System.] Carriage return/line feed is sent at the end of the string unless you include a semicolon (. Syntax LOG OFF LOG ON LOG ON PROMPTUSER Displays an interactive dialog box to prompt a user from a script. Any data other than a matched string is passed along. The “string1” statement WATCH command terminates “string2” statement ENDW (continues to the next instruction) when one of the strings is matched or when time-out occurs. Volume 1 . REPLY “string” [. This command logs execution of only this script. but with multiple WATCH [time] [FOR] responses and actions. Uses the log file (LOG.

documents. For connections through a passthru server the Location document must specify the name of the passthru server Notes Direct Dialup Connection document Connections through a passthru server require a Passthru Connection document Additional files and information required Notes user ID Name of a server containing a Domino Directory Name and port number of proxy server. and other data. The methods used to establish connections from clients to servers on remote networks are similar to those used when connecting one server to another. cable data network. To connect to a remote Domino server. might also require a modem. For connections through a passthru server the Location document must specify the name of the passthru server Connections through a passthru server require a Passthru Connection document Home (Notes Direct Dialup) Location document.Connecting Notes clients to servers After you set up a server to accept inbound connections. if any Configuration Notes client connecting directly to Domino network over dialup line Notes user ID Name of a server containing a Domino Directory Dialup phone number Modem and COM port information continued Setting Up Server-to-Server Connections 4-55 . Requirements for connecting Notes clients to remote servers over various access media Type of client and connection Required documents in the to Domino network Personal Address Book Notes client connecting directly to Domino network over LAN. clients may require Connection documents. or digital subscriber line (DSL) Office Location document. You can also connect clients to non-Domino Internet servers. and depending on the type of connection. COM port information. it can accept them from both servers and clients. The following table provides information on other types of information required to create client-to-server connections. and files.

Volume 1 . cable. 4-56 Administering the Domino System. or DSL connection Notes IMAP or POP3 mail client connecting to an Internet mail server over a dialup connection Home (Network Dialup) Location document Account document Network Dialup Server document Additional files and information required E-mail address Incoming and outgoing mail server addresses Proxy server information Internet mail address ISP account and password Incoming and outgoing mail server addresses Dialup telephone number To connect to Domino through a passthru server.Type of client and connection Required documents in the to Domino network Personal Address Book Notes IMAP or POP3 mail Internet Location document client connecting directly Account documents to an Internet mail server over LAN. users must specify the name of the passthru server in the current Location document and set up Passthru Connection documents.

Default settings make user registration easy and fast and ensure that user settings are consistent. a mail file. 4. and desktop and user preferences. you may want to specify default settings that apply to all users you register.” 5-1 . Specify default user settings in the Register Person dialog box. 2. you can set up Lotus Notes 6 users. and. For more information on policies and settings documents. 3. Create a Desktop Settings document to make dynamic changes on user workstations. Create a Registration Settings document to define default user registration settings. see the chapter “Using Policies. Specify default user registration settings in Administration Preferences. such as what mail server users have or what certifier ID to use for user registration. Before you register new Lotus Notes 6 users. if they use Notes Mail. Create a user Setup Settings document to populate the user’s Location document and bookmarks. You can define many default settings. Setup settings include Internet browser and proxy settings.Chapter 5 Setting Up and Managing Notes Users After setting up and configuring the first Lotus Domino 6 server. 6. use any of these tasks: 1. To define default settings. You can also specify a default workstation execution control list (ECL) to protect data from unauthorized workstation access. Configuration Setting up Notes users Lotus Notes 6 users are people who use the Notes client to access Domino servers and databases and have a Notes ID. 5. applet security settings. Create a default workstation execution control list (ECL) to set up workstation security. a Person document.

you must have the appropriate access to each server that you use. If you intend to implement policies in your organization. which generates a user ID and certificates that allow users appropriate system access. you can sort. Based on the name scheme. you need to prepare the installation files so users can install Notes on their workstations. When you exit the Register Person dialog box. User registration You need to register users before they can install Notes on their workstations. you can register them in Notes or migrate them from an external mail system or directory. When you access the dialog box again. Before you begin to add users. A mail file (Optional). it is best to specify default settings that Notes applies during registration. the registration process creates: • • • A Person document in the Domino Directory. If you use the Register Person dialog box to register users. To add users. If you use Advanced user registration. When you register users. A user ID that is stamped with appropriate certificates (does not apply to non-Notes users). For each user.To set up Notes users. you can save all users pending registration and register them later. You can also register users by importing them from a text file or migrating them from a foreign directory. view. create policies and settings documents before you register users so that you can assign policies during registration. and you must know the password for each certifier ID that you use. and on which server to store the user’s mail files. you can assign more advanced settings. such as adding a user to a Windows NT or an Active Directory group. and modify user settings in the view of the User Registration Queue (USERREG.NSF) that appears in the dialog box. After registering Notes users. you know which certifier ID to use to register users. 5-2 Administering the Domino System. Before you register users. using Basic user registration is fast and easy because it automatically assigns many default settings to users. the User Registration Queue automatically opens to display all users pending registration. you register them and use the Lotus Domino 6 server-based certification authority which issues the appropriate certificate or use the appropriate certifier ID and password. For example. Volume 1 . This database contains information on users pending registration. Notes offers different options for registering users. which server to use as the registration server. review your organization’s hierarchical name scheme and decide where each user fits into that scheme.

Setting Up and Managing Notes Users 5-3 . the administrator uses the Sales/East/Acme certifier ID to register him. To give Alan appropriate access within the system and to place him appropriately in the hierarchy. For more information on the Domino server-based certification authority.For more information on creating non-Notes users. User registration and the server-based certification authority When registering users. you have the option of using the traditional certifier ID and password combination or using the Domino server-based certification authority (CA). An administrator can be designated as a Registration Authority (RA) for the server-based certification authority (CA). Acme Configuration West East HR Accounting IS Sales Marketing Development Robin Rutherford Registered with HR/West/Acme certifier ID Hierarchical name: Robin Rutherford/HR/West/Acme Alan Jones Registered with Sales/East/Acme certifier ID Hierarchical name: Alan Jones/Sales/East/Acme Alan Jones works in the Sales department in Acme’s East Coast division. and know how to use the Domino server-based CA. Prior to registering users. This allows one administrator to register users with certificates issued by the server-based certification authority. be familiar with the benefits of using the CA. the role of RA. you need to understand the Domino server-based CA. see the chapter “Setting Up a Domino Server-Based Certification Authority. You can now assign to the administrator responsible for user registration.” Example of registering two Notes users Here is an example of how administrators at the Acme Corporation registered two users based on each user’s place in the organization’s hierarchy. Alan Jones’ full hierarchical name then becomes Alan Jones/Sales/East/Acme. see the topic “Creating non-Notes. The users work in different locations and departments. Internet Users” in this chapter.

he can connect directly to the server that stores his mail file. If you choose to use a certifier ID and password instead of the Lotus Domino 6 server-based certification authority (CA). Domino uses the certifier ID specified in Administration Preferences.Register. Enter the password for the certifier that you are currently using. • Create document access to CERTLOG. The administrator uses the Accounting/West/Acme certifier ID to register Robin. 5. • GroupModifier role or at least Editor access to add users to groups.The administrator specifies Mail-E. 1. or if there is none. as Alan’s mail server. if you are not using a certifier enabled for the CA process. Customizing user registration You can define specific options to customize how Domino registers users. Select Domino Directories. click People . • Create new databases access on the mail server to create user mail files during registration. UserCreator role is required regardless of your access level.NSF on the registration server.NSF using the File Database . • Access to the Domino Directory from the machine you work on. Volume 1 . 4. so that when he receives and sends mail. Make sure to have the following before you begin customizing user registration: • Access to the certifier ID and its password. 2. click the People & Groups tab. it uses the ID specified in the CertifierIDFile setting in the NOTES. and then click People. 3. and her full hierarchical name is Robin Rutherford/Accounting/West/Acme. • Editor access or Author access with Create Document role and the UserCreator privilege in the Domino Directory. From the Servers pane. Mail-W is Robin’s mail server.NSF. which is located on the East Coast Acme LAN. Use the User Registration Database Access button on the Advanced Person Registration Options dialog box. From the Domino Administrator. Robin Rutherford works in the Accounting department in Acme’s West Coast division.INI file. 5-4 Administering the Domino System. choose the server to work from. Note Do note modify the ACL for USERREG. Local or remote access to USERREG. Then Alan’s mail server is on the same LAN as his workstation.Access Control menu commands. From the Tools pane.

or with a certifier ID and password. This selection is made on the ID Info panel in advanced user registration. Checks every directory to see if the user’s name already exists. these additional options appear. you can specify whether you want to register the user with the server-based CA. 6. Enforce short name Forces all short names to be different from one uniqueness another. The default is not to register previously registered Notes users. The default is to remove successfully registered users from the queue. For example. continued Setting Up and Managing Notes Users 5-5 .Note While registering a user. Choose one: • Skip the person registration — Skips the user registration for both short name and full name single matches. Keep successfully registered users in the queue Keeps successfully registered users in the queue. Allow registration of previously registered people Search all directories for duplicate names Allows registration of users who were previously registered in Notes. if you error status choose this option. The default is to continue on registration errors. Don’t prompt for a duplicate person If you choose this option. Short name uniqueness is then required. Configuration Try to register Tries to register queued users. and then choose any of these options: Option Purpose Do not continue on Stops registration if you have multiple users selected registration errors and the registration encounters an error. • Update the existing address book entry — Overwrites the existing user if the single match found is on the full name. The default is to prompt for duplicate users. The default is not to register queued users who have error status. a user whose password is insufficiently complex will be registered. even if their queued people with registration status contains errors. Click the Options button.

to a non-unique roaming file name until a unique name is found. Choose one: • Skips the person registration. • Generates a unique mail file name by appending a number beginning with 1. you do not need to specify passwords for the users you are registering. where you can add or remove members from the access control list as well as change access control settings. The default is to prompt for a duplicate roaming directory. Volume 1 . Choose one: • Skips the person registration. then 2. then 2. etc. • Generates a unique roaming directory name by appending a number beginning with 1. or if the current ID does not have delete access to the mail file that is being replaced.. etc. Generate random user passwords User Registration Database Access 7. these additional options appear. Don’t prompt for a duplicate roaming directory If you choose this option..option does not apply when the mail file is being created in the background via the Administration Process. to a non-unique mail file name until a unique name is found. The default is to prompt for a duplicate mail file. Registering users You can use any of these methods to register Notes users: • • • • • Basic user registration Advanced user registration Text file registration Registration settings Migration tools (for people using an external mail system or directory) registration 5-6 Administering the Domino System. these additional options appear. Click OK. Displays the Registration Database Access Control Settings dialog box. • Replaces the existing mail file .Option Don’t prompt for a duplicate mail file Purpose If you choose this option. If you select this option. Click this check box to automatically set random passwords for the users you are registering.

such as user name and password. whether you want to assign users more advanced options (such as alternate names). use the Basic user registration options. Text file registration To register users from a text file — that is. whether you need to import users from a foreign mail system or directory. You can choose to view and perform Advanced registration at any time by clicking the Advanced check box in the Register Person dialog. You can also assign users to specific groups. All settings available in Basic registration are also available in Advanced registration. including whether you have defined default settings. the Internet address is not generated. Setting Up and Managing Notes Users 5-7 . Basic registration requires you to define user-specific settings.• • Basic user registration from the Web Administrator Advanced user registration from the Web Administrator The method you use to register people depends on a number of issues. Some of the non-default settings you define in Basic registration include the user name and password. a file that contains information on one or more users — import them into the registration queue from the Register Person dialog box. If one or more characters cannot be converted to ASCII. or you can use Notes default settings. and whether your user settings are in a text file. This action creates an entry for each user in the User Registration Queue and allows you to modify user settings individually. You can define default settings in the Registration preferences (found in the Administration Preferences dialog). you can define settings in the Register Person dialog. Notes attempts to convert non-ASCII characters to ASCII. assign an alternate name to a user or add the user to a Windows NT or Active Directory group. Configuration Note When registering users with non-ASCII characters in their user names. Advanced registration Advanced registration offers all the settings included in Basic registration and also allows you to change default settings and define advanced or specific settings — for example. but also offers you the convenience of applying some default settings to users. Basic registration For fast and easy registration. You need to be aware of this when registering users whose names cannot be converted to ASCII characters because you will need to create those Internet addresses manually.

If you are a service provider.” Registration Settings To simplify the process of registering users. users who work in Human Resources may have different registration settings than users who work in Sales. you can modify their settings. For more information on registering users with the Web Administrator. Migration from external mail system or directory You can migrate users who use an external mail system or directory into Notes. In addition. the same registration settings apply. You register users via the Web in a manner that is very similar to user registration done with the Domino Administrator. and use them to register everyone with the proper settings. For example. you can create policies and Registration Settings documents to preset registration settings for different types of users.Web registration User registration can now be done using the Domino Web Administrator. You register them using migration tools accessed through the Migrate People button in the Register Person dialog box. see the topic “Using the Domino Web Administrator to register users” in this chapter. After migrating them. The following list details the types of users you can migrate into Notes: • • • • • • • Lotus cc:Mail Microsoft Exchange LDIF (from an LDAP directory) LDAP Microsoft Mail Windows NT/Windows 2000 Active Directory 5-8 Administering the Domino System. for more information on registering users from the hosted organization site. Note Registration settings do not apply to user registration done with the Web Administrator. Volume 1 . when you add new users to either group later. see the chapter “Managing a Hosted Environment. You can create Registration settings for both groups of users.

see the chapter “Setting Up and Using Domino Administration Tools.New Entry dialog box. where these files are stored. if you have already added users to the user registration queue. The default settings can originate from a variety of sources: • • Notes includes a set of default settings. When a roaming user logs on from a different Notes client. Data for these users. For more information on registration preferences. If you import or migrate users while in this mode. The registration preferences do not offer all the default settings. the non-user-specific settings that were applied to the last user. Setting Up and Managing Notes Users 5-9 . replicates between the user’s machine and a roaming user server. Configuration Using default user settings when registering users When you use default settings. Similarly.New Entry dialog box. bookmarks. Personal Address Book.” • You can define default settings through the user registration interface using either of two methods: one method uses settings for a user previously added to the user registration queue. All other default settings return to Notes defaults each time you begin a new registration session. This enables the roaming user to have a consistent experience from any Notes client. Only settings you define as registration preferences remain from session to session. and the other method uses settings defined on the Register Person . such as designating the Registration server. only some of the more basic ones. users inherit settings you defined. Any changes the user makes in these files replicate to the roaming user server. the user registration process is fast and easy. For example. Define these settings before registering users. you can define settings on the Register Person . known as roaming users.Roaming users Users who access Notes from more than one Notes client can access their customized settings and personal information automatically from any Notes client in the domain. You can define default settings in the registration preferences in the Administration Preferences dialog box. it automatically retrieves the user’s ID file. now serve as defaults for the next user. and journal from the roaming user server.

server specified in NewUserServer setting of the NOTES. The values in this table appear only under these conditions: • • Previous values have not been set in Registration preferences Previous values have not been set in the Register Person dialog box User registration fields that do not appear in this table do not have default values. 8 Password Quality Scale Internet address Internet Domain Mail server Mail file template Create file now Mail system Mail file name Create full text index Set database quota Set Internet password Off FirstnameLastname@Internet domain — for example. Current TCP/IP host domain Local server if it contains a Domino Directory or Administration server Mail(R6) On Lotus Notes mail\<firstinitial><first7charactersoflastname>. Otherwise.com.INI file. RobinRutherford@Acme.Default Notes user registration settings This table lists all the default user registration settings that Notes provides.nsf Off Off Address name format Firstname Lastname Mail file owner access Editor with Delete documents rights Set warning threshold Off Create a Notes ID for On this person Let this person roam Off continued 5-10 Administering the Domino System. Volume 1 . Field Registration Server Default Local server if it contains a Domino Directory. or the Administration server.

such as a name and password. Notes uses the certifier ID specified in Administration Preferences. see the topic “Using Advanced user registration” in this chapter. To make registration fast and easy. Setting Up and Managing Notes Users 5-11 . select the names in the queue and then make changes. Either North American or International Configuration Security type Certificate expiration Two years from current date date Location for storing user ID Local administrator In Domino Directory None Put roaming user files On on mail server Personal roaming folder Sub folder format Create roaming files now Clean-up action roaming\ FirstName LastName Selected Do not clean up Using Basic Notes user registration with the Domino Administrator Perform Basic user registration to assign users basic settings. or if there is none. If you want to assign advanced and/or specific settings to a user — such as giving users alternate names or adding users to Windows NT groups — use Advanced user registration. Basic registration uses default values for all other user settings. If you have selected the Advanced option. To modify certain settings for multiple users at once. If you are working in a hosted environment and registering users to a hosted organization. be sure that you are working with a certifier that was created for that hosted organization. select the user from the queue and then make your changes.Field Certifier ID Default If you are not using the server-based certification authority (CA). it uses the ID specified in the CertifierIDFile setting of the NOTES. and to add users to existing groups. Note To modify user settings after you add the user to the User Registration Queue. you are using Advanced user registration. not Basic user registration.INI file. For more information on Advanced user registration.

To use Basic registration with the Domino Administrator 1. or with a certifier ID and password. or accept the default. user names can consist of multiple-byte characters. the server is one of these by default: • The local server if it contains a Domino Directory 5-12 Administering the Domino System. Hosted Environments If you are working in a hosted environment. and underscore (_). Make sure you have the following before you begin registration using the Domino Administrator: • Access to the certifier ID and its password. uppercase and lowercase alpha characters (A . • Editor access or Author access with Create Documents and the UserCreator role in the Domino Directory on the registration server. Note While registering a user. Select Domino Directories. From the Servers pane. • Access to the Domino Directory from the machine you work on. and the ampersand (&). click People .Z). dot (.). From the Domino Administrator click the People & Groups tab. Enter the password for the certifier that you are currently using.9). 2.Naming conventions When adding users. This selection is made on the ID Info panel in advanced user registration. ensure that you are using a certifier that was created for the hosted organization into which you are registering the users. 4. space ( ) .NSF) on the registration server.Register. numbers (0 . choose the server to work from. • Create new databases access on the mail server if you plan to create user mail files during registration. dash (-). if you are not using the Lotus Domino 6 server-based certification authority (CA) and are using the Domino Administrator. you can specify whether you want to register the user with the server-based CA. and then click OK. when registering users. 3. If you have not defined a registration server in Administration Preferences. Volume 1 . 5. 6. and then click People. Click the Registration Server and then select the server that registers all new users. • Access to the certification log (CERTLOG. From the Tools pane. This applies regardless of whether you are using a certifier and password or the server-based CA.

13. Note You can modify user settings at any time once you add the user to the User Registration Queue by selecting the user from the queue and then making changes.” 9. and then click OK. Click the green check mark. The user’s Short name and Internet address are automatically generated.” For more information on password quality scale. 12. The user name appears in the Registration status view (the user registration queue). (Optional) Click the Policy Synopsis button to see an overview of this user’s effective policies. Choose the group to which you are adding the user. The password you specify must correspond with the password quality that you select in “Password Options. Or click the red X to clear all fields and start over. select one from the Explicit policy list. 8. 1. click the “Let this person roam” check box. click the appropriate space and enter the new text. Using Advanced Notes user registration with the Domino Administrator Advanced registration offers all the settings included in Basic registration and also allows you to change default settings and apply advanced settings to users. The default level is 8. see the chapter “Using Policies. and last name. To change the Short name or Internet address.” 10. and click Add. You can also modify certain settings for multiple Setting Up and Managing Notes Users 5-13 . 11. Configuration To add the user to a group during user registration You can add a user to a group during user registration. Enter a first name. Continue the registration process as usual. 3. Criteria for this password is based on the level set in the Password Quality Scale in the Password Options dialog box. For more information on policies. see the chapter “Protecting and Managing Notes IDs.INI file • The administration server 7.• The server specified in NewRegServer setting of the NOTES. middle name (if necessary). Click Advanced. and then click Groups. Click Register. (Optional) To enable roaming capability for this user. 2. (Optional) To assign a policy to this user. Enter the password for the user ID.

users at once by selecting the users in the queue and making changes. Click Advanced. • Access to the Domino Directory from the machine you work on. 5. From the Domino Administrator. • Access to the certification log (CERTLOG. 7. Volume 1 . 2. if you are not using the Lotus Domino 6 server-based certification authority (CA). This applies regardless of whether you are using a certifier and password or the server-based CA. To use Advanced registration with the Domino Administrator 1. You can cancel user registration and clear all fields at any time by clicking the red X. From the Servers pane. Make sure you have the following access before you begin registration: • Access to the certifier ID and its password. Review the information in the dialog box. click People . 3. choose the server to work from. 5-14 Administering the Domino System.Register. Select Domino Directories. From the Tools pane. 4. and then select People. click the People & Groups tab.NSF) on the registration server. • Editor access or Author access with Create Documents role and the UserCreator privilege in the Domino Directory on the registration server. 6. • Create explicit policies and settings documents if you plan to use policy-based system administration. select the check box and click OK. when registering users. Enter the certifier password and click OK. ensure that you are using a certifier that was created for the hosted organization into which you are registering the users. Hosted Environments If you are working in a hosted environment. Note The Certifier Information Recovery Warning dialog box appears. • Create new databases access on the mail server if you plan to create user mail files during registration.

8. From the Basic tab, complete these fields:
Field Registration Server Enter Click Registration Server to change the registration server (which is the server that initially stores the Person document until the Domino Directory replicates), select the server that registers all new users, and then click OK. If you have not defined a registration server in Administration Preferences, this server is by default one of these: • The local server if it contains a Domino Directory • The server specified in NewUserServer setting of the NOTES.INI file • The administration server First name, Middle name, Last name The user’s first and last names and (if necessary) middle name. The user’s Short name and Internet address are automatically generated. To change the Short name or Internet address, click the appropriate space and enter the new text. A short name in the format FirstInitialLastName is automatically created as you enter the user’s name. For example, JSmith is the short name for John Smith. You can modify this field. A password for the user ID. Click Password options to set a level for the password in the Password Quality Scale. The default level is 8. For more information, see “Understanding the password quality scale.” Click the check box “Set Internet password” to give Internet users name and password access to a Domino server and to set an Internet password in the Person document. This field is automatically selected if you select the Other Internet, POP, iNotes, or IMAP mail types. Click “Synch Internet password with Notes ID password” to make the Internet password in the Person document the same as the Notes password. This is a requirement for users who want to use iNotes Web Access to read encrypted mail or work offline. Click to change the user’s mail system from the default of Lotus Notes to an Internet-based system or iNotes Web Access. continued Setting Up and Managing Notes Users 5-15

Configuration

Short name

Password Password options

Mail system

Field Explicit policy Policy synopsis Let this person roam Create a Notes ID for this person

Enter Select the explicit policy to apply to this user. For more information on policies, see “Policies.” Click to see a summary of this user’s effective policies. Click to enable roaming capabilities for this user. Doing so enables the Roaming tab. Click to create a Notes ID for this person during the registration process.

9. Click the Mail tab and complete any of these fields. Domino uses default values (if available) for any fields you do not modify.
Field Mail system Enter Choose one of the available mail types and complete the necessary associated fields: • Lotus Notes (default) • Other Internet • POP • IMAP • iNotes • Other • None If you select Lotus Notes, POP, or IMAP, the Internet address is automatically generated. If you select Other Internet, POP, or IMAP, the Internet password is set by default. If you select iNotes (iNotes Web Access), you can change other user registration selections to iNotes Web Access defaults by clicking Yes when prompted. If you select Other or Other Internet, enter a forwarding address. This address is the user’s current address, where the user wants mail to be sent. For example, if a user temporarily works at a different location and/or uses a different mail system, the user can have her mail forwarded to that new address. Or, a user may resign from the company but leave a forwarding address so that mail addressed to the old address is forwarded to the new location. continued

5-16 Administering the Domino System, Volume 1

Field Mail server

Enter The user’s mail server. If you have not defined a mail server in Administration Preferences, this server is (by default) the local server if it contains a Domino Directory; otherwise, it is the Administration server. The file name of the mail file. By default, the path and file name are mail\<firstinitial><first7charactersoflastname>.nsf. Choose one: • Create file now (default). • Create file in background - Creating mail files in the background forces the Administration Process to create the files and saves time during the user registration process. When you migrate users who have mail to convert, this field is automatically set to Create file now. A mail template from the list of available mail templates. For a description of the template, select the template and click About. The default is Mail(R6) (MAIL6.NTF). Click to generate a full-text index of the mail database. Click to open the Mail Replica Creation Options dialog box on which you can select the servers to which the mail file will replicate. This option only applies to clustered servers.

Mail file name

Configuration

Create file now/Create file in background

Mail file template

Create full text index Mail file replicas

Mail file owner access Select the level of access in the access control list to assign to the user of the mail database from the Mail file owner access list. By default, mail users have Editor with Delete documents access to their own mail files; all other users have no access. This option can be used to prevent mail users and/or owners from deleting their own mail file. If the mail owner access is Designer or Editor, the administrator ID currently being used is added to the mail file ACL as Manager. Set database quota Click to enable, and then specify a size limit (maximum of 10GB) for a user’s mail database.

Set warning threshold Click to generate a warning when the user’s mail database reaches a certain size, and then enter the warning size (maximum of 10GB).

Setting Up and Managing Notes Users 5-17

10. Click the Address tab, and enter values in any of these fields. Domino uses default values (if available) for any fields you do not modify.
Field Internet address Internet Domain Address name format Enter The Internet e-mail address assigned to this user. The domain to be used in the Internet address — for example, Acme.com. The format of the Internet address. The default format is FirstNameLastName@Internet domain without a separator — for example, RobinRutherford@Acme.com. The character inserted between names and initials in the Internet address. The default is None.

Separator

11. Click the ID Info tab, and enter values in any of these fields. Domino uses default values (if available) for any fields you do not modify.
Field Enter Create a Notes ID Click to create a Notes ID for this user. for this person Certifier Name list Choose a certifier ID to use when creating the user name during user registration when a Notes user ID is not being created for the user. This field appears if the check box “Create a Notes ID for this person” is not selected. If you are working in a hosted environment and are registering a user to a hosted organization, be sure to register that user with a certifier created for that hosted organization. Click to use the Lotus Domino 6 server-based certification authority (CA) to register this user. The certifier ID and password will not be needed to complete the user registration process if you use the Lotus Domino 6 CA. If you are working in a hosted environment and are registering a user to a hosted organization, be sure to register that user with a certifier created for that hosted organization. This field appears if the check box “Create a Notes ID for this person” is selected. continued

Use CA process

5-18 Administering the Domino System, Volume 1

Field Certifier ID

Enter Click if you want to use a certifier ID and password instead of the server-based CA. To change to a different certifier ID, click Certifier ID, select the new ID, enter the password, and then click OK. If you are working in a hosted environment and are registering a user to a hosted organization, be sure to register that user with a certifier created for that hosted organization. This field appears if the check box “Create a Notes ID for this person” is selected. Choose either North American or International. The security type determines the type of ID file created and affects encryption when sending and receiving mail and encrypting data. North American is the stronger of the two types. This field appears if the check box “Create a Notes ID for this person” is selected. The expiration date of the user ID in mm-dd-yy format. The default is two years from the current date. This field appears if the check box “Create a Notes ID for this person” is selected. Choose one: • In Domino Directory (default). The ID file is stored as an attachment to the user’s Person document. • In file (default location: <datadirectory>\ids\people\user.id). Click Set ID file to change path. • In mail file. This option is only available with iNotes Web Access and allows Notes users to read their encrypted mail while using iNotes Web Access. This field appears if the check box “Create a Notes ID for this person” is selected.

Configuration

Security type

Certification expiration date

Location for storing user ID

12. (Optional) To add the user to an existing group: • Click the Groups tab with the user highlighted (you can highlight multiple users also). • Select the group or groups to assign and click Add. For more information on adding users to groups, see the chapter “Setting Up and Managing Groups.”

Setting Up and Managing Notes Users 5-19

13. (Optional) If you have enabled roaming capabilities for the user, click the Roaming tab, and complete any of these fields. The fields do not appear if you did not click “Let this person roam” on the Basic tab and “Create a Notes ID for this person.” Domino uses default values (if available) for fields you do not modify.
Field Enter Put roaming user files Click to store the user’s roaming information on on mail server the same server used for mail. Roaming Server Click Roaming Server to open the Choose Roaming User Files Server dialog box on which you specify the server that stores the user’s roaming information. If you select Put roaming user files on mail server, the Roaming Server defaults to the user’s mail server. The subdirectory that contains the user’s roaming information. By default, this is based on the sub-folder format you specify, but you can customize it. The method used to name roaming subdirectories on the roaming server. This determines the default Personal roaming folder for each user. Choose one of these: • Create file now - Default. • Create roaming files in background - Click to create the user’s roaming files the next time the Administration Process runs. Creating roaming files in the background forces the Administration Process to create the files and saves time during the user registration process. continued

Personal roaming folder

Sub-folder format

Create roaming files now/Create roaming files in background

5-20 Administering the Domino System, Volume 1

Field Clean-up option

Enter Choose one of the following roaming user client clean-up options. Clean-up will only occur on clients that have been installed and configured for multiple users. • Do not clean-up (default). — Roaming user data will never be deleted from the Notes client workstation to which the user roamed. • Clean-up periodically. — Enables the “Clean up every N days” field on which you specify the number of days that should pass before roaming user data is deleted from the Notes client workstation. • Clean-up at Notes shutdown. — Roaming user data will be deleted from the Notes client workstation immediately upon Notes shutdown. • Prompt user — The user is prompted on exiting the client as to whether they want to clean up their personal files. If the user chooses Yes, the data directory on that client workstation is deleted. If the user chooses No, the user is prompted as to whether they want to be asked again on that client. If the user chooses No, the user is not prompted again. If the user chooses Yes, the user is prompted again the next time the user exits the client on that workstation.

Configuration

Roaming Replicas

Click this button to open the “Roaming Files Replica Creations Options” dialog box on which you can designate to which servers a user’s roaming files should replicate. This option only applies to clustered servers.

14. Click the Other tab, and complete any of these fields. Domino uses default values (if available) for fields you do not modify.
Field Setup profile Enter Name of an R5 User Setup profile to assign. Note If you are using policies, you cannot use a user setup profile. Unique org unit A word that distinguishes two users who have the same name and are certified by the same certifier ID. Departmental or geographical location of the user. continued

Location

Setting Up and Managing Notes Users 5-21

Field Local administrator

Enter The name of a user who has Author access to the Domino Directory but who does not have the UserModifier role. This setting allows the local administrator to edit Person documents. A comment about the user, regarding the user’s registration. Choice of alternate name language. The certifier ID used to register this user must contain the alternate name language for it to appear here. The alternate name of the user. The certifier ID used to register this user must contain the alternate name language for it to appear here. A word that distinguishes two users who have the same name and are certified by the same certifier ID. The certifier ID used to register this user must contain the alternate name language. Choose a preferred language for the user, that is, the language that the user prefers to use. Click to set user options for Windows NT or Windows 2000. Opens the “Add Person to Windows NT/2000” dialog box on which you can specify whether to add the user to Windows NT and/or the Windows 2000 Active Directory. Enter the Windows account name for the user, and select the name of the Windows NT or Windows 2000 group to which you are adding the user.

Comment Alternate name language Alternate name

Alternate org unit

Preferred language Windows User Options

15. Click the green check mark. The user name appears in the Registration status view (the user registration queue). 16. Click Register and then click Done.

Registering users from a text file
When registering users from a text file, you can import them through the Import Text File button on the Register Person dialog box, which places users as entries in the User Registration Queue and allows you to modify user settings individually. If you want to add the text file to the NOTES.INI file so that Notes does not prompt you to browse for the text file, enter BatchRegFile= filename to the NOTES.INI file.

5-22 Administering the Domino System, Volume 1

You can also define a separator for the text file by adding BatchRegSeparator = character to the NOTES.INI file. The separator character cannot be a character used in any of the user parameter settings in the text file. If you do not specify a BatchRegSeparator, a semicolon (;) separator is used. For more information on this NOTES.INI variable, see the appendix “NOTES.INI File.”

Configuration

Settings applied to a group of users These user settings are available for you to modify before using the menu (choose People - People - Register) to import and register users. Notes applies these settings to all users in the group. • • • • • • • • • • • • • • • • • • • • Registration Server Password Quality Scale Set Internet password Internet address Internet Domain Format Mail server Mail file template Mail system Mail file name Mail file owner access Set database quota Set warning threshold Certifier ID Security type Certificate expiration date Store user ID in Domino Directory or File Add users to selected groups Local administrator Add NT User Accounts

Setting up the text file To set up a text file, create a line in the text file for each user. Enter the parameters for each user in exactly the order shown in the table below. Use one semicolon to separate parameters, and use one semicolon to take the place of each contiguous parameter that you decide not to specify.
Setting Up and Managing Notes Users 5-23

For example, this line in a text file specifies only a last name and password:
Alexis;;;;password1

This line in a text file specifies a complete name, home server, and User Setup policies:
Alexis;Catherine;R.;;password1;;;Marketing / Acme;;;;;;Marketing Profile

Note that only the last name and password parameters are required.
Order Parameter 1 2 3 4 Last name First name Middle initial Enter The last name of the user. This parameter is required. The first name of the user. The middle initial of the user.

Organizational A name for another level to add to the hierarchical unit name. This name distinguishes between two users who have the same name and are certified by the same certifier. Password A password for the user. This parameter is required. ID file directory The directory in which you want to store the user’s ID. You can store the ID in this directory in addition to or instead of as an attachment in the Domino Directory. You must create the directory before registration. For this parameter to take effect, select the In File option on the ID Info panel for storing the user ID. This parameter overrides the default ID directory shown in the Register Person - New Entry dialog box. ID file name The name you want to assign to the ID file. This file name applies only if you store an ID in an ID file directory. If you do not specify a user ID file name, the name on the ID is based on the person’s name. The name of the user’s mail server. This parameter overrides the one you select during registration. The mail file directory for the user. The name for the user’s mail file. If you do not use this parameter, the name is based on the person’s name if the person uses Notes mail. continued

5 6

7

8 9 10

Mail server name Mail file directory Mail file name

5-24 Administering the Domino System, Volume 1

Order Parameter 11 Location

Enter Descriptive location information that is added to the user’s Person document. If someone addresses mail to this user and there is another user with the same name, Notes displays the location to help the sender distinguish the two users. An identifying comment that is added to the user’s Person document. The full route to the user — for example, JSmith@acme.com. If you don’t enter this information in the text file, you can edit the Forwarding address field in the user’s Person document. This parameter is required for Other and Other Internet mail users. The name of the user setup profile. The name of a user who has Author access to the Domino Directory. This person can modify the user’s Person document. The Internet address of the user. This parameter is required for Lotus Notes, POP3, iNotes, and IMAP mail. This name is entered by default. A short name is used to create a return Internet address if the Internet address is not entered.

12 13

Comment Forwarding address

Configuration

14 15

Profile Local administrator Internet address Short name

16

17

18

Alternate name The alternate name of the user. Note that the certifier ID used to register this user must contain the alternate name language. Alternate org unit A word that distinguishes two users who have the same name and are certified by the same certifier ID. Note that the certifier ID used to register this user must contain the alternate name language. The file name of the mail template you want to use.

19

20

Mail template file

Setting Up and Managing Notes Users 5-25

To register users from a text file Notes uses the certifier ID specified in Administration Preferences; or if there is none, it uses the ID specified in the CertifierIDFile setting of the NOTES.INI file. 1. Make sure that you have the following before you begin registration: • Access to the certifier ID and its password if you are not using the Lotus Domino 6 server-based certification authority (CA) • Editor access or the UserCreator role in the Domino Directory on the registration server • Create new databases access on the mail server if you plan on creating mail files 2. Use a text editor to create a text file that contains ID information for each user. 3. From the Domino Administrator, click the People & Groups tab. 4. From the Servers pane, choose the server to work from. 5. Select Domino Directories and then click People. 6. Complete Step 7 or Step 8, depending on how you want to import and register users. 7. To register users and apply individual settings: a. From the Tools pane, click People - Register. Enter the certifier password and click OK. The Certifier Information Warning dialog box may appear. Click OK. b. Click Import Text File, select the text file, and click Open. c. To modify user registration settings, select a user from the User Registration Queue and make your changes on the Register Person user interface. d. Click Register to register the highlighted user or select multiple users in the registration queue and click Register All. Click OK. For more information on specifying registration settings, see the topic “Using Advanced Notes user registration” earlier in this chapter. 8. To register users and apply settings to them as a group: a. Set the registration Administration Preferences and create the policies that you want to apply to a group of users. b. From the Tools pane, click People - Register.

5-26 Administering the Domino System, Volume 1

c. Enter the certifier ID password and click OK. d. Choose the Explicit Policy that you want to apply to the users you are registering. e. Click Import Text File, select the text file, and click Open. f. Click Register or Register All. For more information on setting Administrator Preferences and Registration Preferences, see the chapter “Setting Up and Using Domino Administration Tools.” For more information on the settings you can modify, see the topic “Using Advanced Notes user registration” earlier in this chapter.

Configuration

Registering users with the Web Administrator
Registering users with the Domino Web Administrator is almost identical to registering users with the Domino Administrator. Before reviewing this information and before attempting to register users via the Web Administrator, you need to be familiar with using the Web Administrator and with Notes user registration in general. Note The Registration Preferences (from File - Preferences Administration Preferences) that can be set for user registration with the Domino Administrator do not apply to user registration with the Web Administrator. During user registration on the Web, only registration settings set through policies or through the server-based CA apply. Other settings are entered manually or are defaults. For more information on using the Web Administrator, see the chapter “Setting Up and Using Domino Administration Tools.” Web registration and the server-based certification authority Web registration for Notes users requires the use of the Domino server-based certification authority (CA). You need to understand what the Domino CA is, as well as how to set it up and use it. To register users with the Web Administrator, the Web administrator must be listed as an RA for that certifier. The server that is running the Web Administrator should also be listed as an RA but that role is not required for the server. It is required for the administrator. If the server is not listed as an RA, the administrator that is an RA will need to open the Administration Requests database and approve the administration request to register the user. You must assign the RA role in the Domino Administrator client, not in the Web Administrator. To assign the RA role, use the Modify Certifier tool on the Configuration panel. For more information on the server-based certification authority, see the chapter “Setting Up a Domino Server-Based Certification Authority.”
Setting Up and Managing Notes Users 5-27

Web registration and policies Web user registration, like user registration done from the Domino Administrator, can be simplified by assigning policies during the registration process. Create the policies and related policy settings documents, prior to initiating Web user registration. Before registering users, familiarize yourself with polices in Lotus Domino 6 as well as with using policies with the Web Administrator. The use of policies for user registration with the Domino Web Administrator is optional. For more information on policies, see the chapter “Using Policies.” For more information on using policies with the Web Administrator, see the chapter “Setting Up and Using Domino Administration Tools.”

To register users with the Web Administrator
Follow the instructions to register a user, with basic or advanced registration, in these procedures: • • Using Basic user registration with the Web Administrator Using Advanced user registration with the Web Administrator

Using Basic user registration with the Web Administrator
Perform Basic user registration from the Web Administrator to assign users’ basic settings, such as a name and password, and to add users to existing groups from a Web browser instead of from the Domino Administrator. When using the Web Administrator client, you need to have set up a server-based certification authority (CA) to register Notes users. The Web administrator, as well as the server on which the Web Administrator database resides, must be listed as a registration authority (RA) for that certifier. You must assign the RA role in the Domino Administrator client, not in the Web Administrator. To assign the RA role, use the Modify Certifier tool on the Configuration panel. For more information on the server-based CA and the RA, see the chapter “Setting Up a Domino Server-Based Certification Authority.” Note The Registration Preferences (from File - Preferences Administration Preferences) that can be set in user registration with the Domino Administrator do not apply to user registration with the Web Administrator. During user registration on the Web, only registration settings set through policies or through the server-based CA apply. Other settings are entered manually or are defaults.

5-28 Administering the Domino System, Volume 1

To use Basic user registration with the Web Administrator 1. Make sure you have the following before you begin registration: • The [UserCreator] role in the Domino Directory. • The registration authority (RA) designation for whatever CA (Certificate Authority) that is selected for user registration. The Domino Web Administrator requires the user of the server-based CA.

Configuration

2. From the Web Administrator click the People & Groups tab. 3. From the Servers pane, select Domino Directories, and then click People. 4. From the Tools pane, click People - Register. 5. Choose a CA Certifier. 6. (Optional) Choose an Explicit policy. 7. (Optional) If you would like the selections for CA Certifier and Explicit policy to be set as the default, click the check box “Save as default.” 8. Click OK.
Field Action First name, Middle name, Enter a first name, middle name (if necessary), Last name and last name. Short name The user’s Short name is automatically generated. To change the Short name, enter the new text. Enter the password for the user ID. Criteria for this password is based on the level set in the Password Quality Scale in the Password Options dialog box. Choose a password quality. The default level is 8. The password you specify must correspond with the password quality that you select in “Password Options.” continued

Password

Password quality

Setting Up and Managing Notes Users 5-29

Field Mail System

Action Choose one of the available mail types and complete the necessary associated fields: • Lotus Notes (default). • Other Internet — choosing this option automatically selects the “Set Internet password” check box. • POP — choosing this option automatically selects the “Set Internet password” check box. • IMAP — choosing this option automatically selects the “Set Internet password” check box. • iNotes — You are prompted to make other registration selections for iNotes. • Other If you select Lotus Notes, POP, or IMAP, the Internet address is automatically generated. If you select Other Internet, POP, or IMAP, the Internet password is set by default. If you select iNotes (iNotes Web Access), you can change other user registration selections to iNotes Web Access defaults by clicking Yes when prompted. If you select Other or Other Internet, enter a forwarding address. This address is the user’s current address, where the user wants mail to be sent. For example, if a user temporarily works at a different location and/or uses a different mail system, the user can have her mail forwarded to that new address. Or, a user may resign from the company but leave a forwarding address so that mail addressed to the old address is forwarded to the new location.

Set Internet password Synch Internet password with Notes ID Create a Notes ID for this person Explicit policy

Click to set an Internet password. Click to synchronize the Internet password with the Notes ID password. Click to create a Notes ID. (Optional) To assign a policy to this user, select one from the Explicit policy list.

For more information on password quality scale, see the chapter “Protecting and Managing Notes IDs.”
5-30 Administering the Domino System, Volume 1

9. Click the green check mark. The user name appears in the Registration status view (the user registration queue). Or, click the red X to clear all fields and start over. 10. Click Register, and then click OK.

Using Advanced user registration with the Web Administrator
Advanced user registration from the Web Administrator offers all of the registration settings that are included in Basic user registration from the Web Administrator, and also allows you to change default settings and apply advanced settings to users. When using the Web Administrator client, you need to have set up a server-based certification authority (CA) to register Notes users. The Web administrator, as well as the server on which the Web Administrator database resides, must be listed as a registration authority (RA) for that certifier. You must assign the RA role in the Domino Administrator client, not in the Web Administrator. To assign the RA role, use the Modify Certifier tool on the Configuration panel. Note The Registration Preferences (from File - Preferences Administration Preferences) that can be set in user registration with the Domino Administrator do not apply to user registration with the Web Administrator. During user registration on the Web, only registration settings set through policies or through the server-based CA apply. Other settings are entered manually or are defaults. To use Advanced user registration with the Web Administrator 1. Make sure you have the following before you begin registration: • The [UserCreator] role in the Domino Directory. • The registration authority (RA) designation for whatever CA (Certificate Authority) that is selected for user registration. The Domino Web Administrator requires the user of the server-based CA. 2. From the Web Administrator, click the People & Groups tab. 3. From the Servers pane, select Domino Directories, and then click People. 4. From the Tools pane, click People - Register. 5. Choose a CA-configured certifier. 6. (Optional) Choose an Explicit policy. 7. (Optional) If you would like the selections for CA Certifier and Explicit policy to be set as the default, click the check box “Save as default.”
Setting Up and Managing Notes Users 5-31

Configuration

8. Click OK.
Field Action First name, Middle Enter a first name, middle name (if necessary), and name, Last name last name. Short name Password The user’s Short name is automatically generated. To change the Short name, enter the new text. Enter the password for the user ID. Criteria for this password is based on the level set in the Password Quality Scale in the Password Options dialog box. Choose a password quality. The default level is 8. The password you specify must correspond to the password quality that you select in “Password Options.” Choose one of the available mail types and complete the necessary associated fields: • Lotus Notes (default). • Other Internet — choosing this option automatically selects the “Set Internet password” check box. • POP — choosing this option automatically selects the “Set Internet password” check box. • IMAP — choosing this option automatically selects the “Set Internet password” check box. • iNotes — You are prompted to make other registration selections for iNotes. • Other. If you select Lotus Notes, POP, or IMAP, the Internet address is automatically generated. If you select Other Internet, POP, or IMAP, the Internet password is set by default. If you select iNotes (iNotes Web Access), you can change other user registration selections to iNotes Web Access defaults by clicking Yes when prompted. If you select Other or Other Internet, enter a forwarding address. This address is the user’s current address, the address to which the user wants mail to be sent. For example, if a user temporarily works at a different location and/or uses a different mail system, the user can have her mail forwarded to that new address. Or, a user may resign from the company but leave a forwarding address so that mail addressed to the old address is forwarded to the new location. continued 5-32 Administering the Domino System, Volume 1

Password quality

Mail System

Field Set Internet password Synch Internet password with Notes ID Create a Notes ID for this person Explicit policy

Action Click to set an Internet password. Click to synchronize the Internet password with the Notes ID password. Click to create a Notes ID.

Configuration

(Optional) To assign a policy to this user, select one from the Explicit policy list.

For more information on password quality scale, see the chapter “Protecting and Managing Notes IDs.” 9. Click the Advanced check box to enable advanced settings. 10. Click the Mail tab and complete any of these fields.
Fields Mail System Action Choose one of the available mail types and complete the necessary associated fields: • Lotus Notes (default) • POP • IMAP • iNotes • Other Internet • Other • None If you select Lotus Notes, POP, or IMAP the Internet address is automatically generated. If you select Other Internet, POP, or IMAP, the Internet password is set by default. If you select iNotes (iNotes Web Access), you can change other user registration selections to iNotes Web Access defaults by clicking Yes when prompted. If you select Other or Other Internet, enter a forwarding address. This address is the user’s current address, the address to which the user wants mail to be sent. For example, if a user temporarily works at a different location and/or uses a different mail system, the user can have her mail forwarded to that new address. Or, a user may resign from the company but leave a forwarding address so that mail addressed to the old address is forwarded to the new location. continued Setting Up and Managing Notes Users 5-33

Fields Mail Server Mail file name

Action Choose a server to be assigned as the user’s mail server. The file name of the mail file. By default, the path and the file name are mail\<firstinitial><first7charactersoflastname>.nsf. Choose a mail template from the list of available mail templates. For a description of the template, select the template and click About. The default is Mail(R6) (MAIL6.NTF). Click to generate a full-text index of the mail database. Select the level of access in the access control list to assign to the user of the mail database from the Mail file owner access list. By default, mail users have Editor with Delete documents access to their own mail files; all other users have no access. This option can be used to prevent mail users and/or owners from deleting their own mail file. If the mail owner access is Designer or Editor, the administrator ID currently being used is added to the mail file ACL as Manager.

Mail template

Create full text index Mail file owner access

Set database quota Click to enable, and then specify a size limit (maximum 10GB) for a user’s mail database. Set warning threshold Click to generate a warning when the user’s mail database reaches a certain size, and then enter the warning size (maximum of 10GB).

11. Click the Address tab, and enter values in any of these fields.
Field Internet address Internet Domain Address name format Action The Internet e-mail address assigned to this user. The domain to be used in the Internet address — for example, Acme.com. The format of the Internet address. The default format is FirstNameLastName@Internet domain without a separator — for example, RobinRutherford@Acme.com. The character inserted between names and initials in the Internet address. The default is None.

Separator

5-34 Administering the Domino System, Volume 1

12. Click the ID Info tab, and enter values in any of these fields.
Field Create a Notes ID for this person Certifier name list Action Click to create a Notes ID for this user. Choose a certifier from the list if you are not creating a Notes ID for this user. This field is visible only if you do not select the check box “Create a Notes ID for this person.” Choose a CA-configured certifier to use to register the user. This field is only visible if you select the check box “Create a Notes ID for this person.” Choose one: • Months — Enter the number of months during which the certifier is valid. • Date — Specify the date on which the certificate expires. The default is two year’s from the current date. This field is only visible if you select the check box “Create a Notes ID for this person.” Security type Choose either North American or International. The security type determines the type of ID file created and affects encryption when sending and receiving mail and encrypting data. North American is the stronger of the two types. This field is only visible if you select the check box “Create a Notes ID for this person.”

Configuration

CA-configured certifier

Certificate expiration

Location for storing user Non-modifiable field that displays the location in which the user’s ID will be stored. ID This field is only visible if you select the check box “Create a Notes ID for this person.”

13. (Optional) Click the Groups tab, and complete these options as desired: • Enter a group name, or click Search to locate the group name, to which you want to add this user as a member. • Select the group or groups to which you want to add the user and click Add. For more information on adding users to groups, see the chapter “Setting Up and Managing Groups.”

Setting Up and Managing Notes Users 5-35

14. Click the Replica tab and enter values in any of these fields.
Field Create replica(s) of mail database. Select options for creation of mail database replicas Actions Click this check box to create replicas of the mail files on additional servers that you specify. Use these options as necessary: • Add — Click to open the Server for Mail File Replica Creation dialog box. Use this dialog box to choose the server(s) on which to create mail file replicas. • Remove — Choose one or more servers to remove from the list of servers on which to create mail file replicas, and then click Remove. • Remove All — Click to remove all servers from this list. These options are available only if the check box “Create replicas of mail database” is selected.

15. Click the Roaming tab and enter values in any of these fields.
Field Roaming user Put on mail server/ Choose a server Action Click to activate the roaming user registration options to register this user as a roaming user. Choose one of these: • Put on mail server — Click to place the user’s roaming files on the user’s mail server. • Server name — Click to store the user’s roaming file on the “Current Server” or select another server of your choice. Personal roaming folder The subdirectory that contains the user’s roaming information. By default, this is based on the sub-folder format you specify, but you can customize it. The method used to name roaming subdirectories on the roaming server. This determines the default Personal roaming folder for each user. continued

Sub-folder format

5-36 Administering the Domino System, Volume 1

Field Clean-up options

Action Choose one of the following roaming user client clean-up options. Clean-up will only occur on clients that have been installed and configured for multiple users. • Do not clean-up (default) — Roaming user data is not deleted from the Notes client workstation to which the user roamed. • Clean-up every — Enables the “Clean up every N days” field on which you specify the number of days that should pass before roaming user data is deleted from the Notes client workstation. • Clean-up at Notes shutdown — Roaming user data is deleted from the Notes client workstation immediately upon Notes shutdown. • Prompt user — The user is prompted on exiting the client as to whether they want to clean up their personal files. If the user chooses Yes, the data directory on that client workstation is deleted. If the user chooses No, the user is prompted as to whether they want to be asked again on that client. If the user chooses No, the user is not prompted again. If the user chooses Yes, the user is prompted again the next time the user exits the client on that workstation.

Configuration

16. Click Register and Done.

Registering non-Notes, Internet users
Use the Domino Administrator to create non-Notes, Internet-only users. Internet-only users do not have Notes IDs or certified public keys. The procedure for creating a non-Notes, Internet-only user requires the use of the User Registration interface as well as many of the security features such as the Certificate Requests database and the Domino server-based CA. During this procedure, the user must open the Certificate Requests database to accept the certificate authority in their browser and request a client certificate. The user must be logged on to the workstation and browser that needs to establish the trust with the CA. After the request has been approved and processed, the user picks up the certificate, using the same browser on the same workstation used to make the request. The user then needs to export the certificate. The final step is importing the Internet certificate into the user’s Person document. Before completing this procedure, read the chapter “SSL and S/MIME for Clients.”
Setting Up and Managing Notes Users 5-37

To set up an Internet user
1. From the Domino Administrator, click the People & Groups tab. 2. Select Domino Directories, and then click People. 3. From the Tools pane, click People - Register. 4. Complete the fields in the User Registration user interface, following the instructions in the topic Using Advanced Notes user registration with the Domino Administrator with these exceptions: • On the Basics tab, in the Mail System field, do not select Lotus Notes as the mail system. Choose an Internet-based mail system instead. • On the Basics tab, do not select the check box “Create a Notes ID for this person.” • (Optional) On the Address panel, for users with a mail system of “Other Internet” enter a forwarding address. The forwarding address is the Internet address to which this user would like their e-mail forwarded in the event they leave the company. • On the ID Info panel, ensure that you do not select the check box “Create a Notes ID for this person.” • The Roaming panel does not apply to Web-only users because roaming users are required to have Notes IDs. Internet-only users do not have Notes IDs. 5. When registration is complete, add an Internet Certificate to the user’s Person document by completing the procedures in the topic “To obtain an Internet certificate for an Internet client.”

Adding an alternate language and name to a user ID
The alternate naming feature allows you to assign two names to a user: a primary name and alternate name. The primary name is internationally recognizable; the alternate name is recognizable in the user’s own native language. Before you can add an alternate name to a user, add an alternate language and name to the certifier ID by recertifying the certifier ID. You cannot add alternate names to servers. Alternate names are helpful because they let users use their native language and character set for display and name lookup purposes. For example, a user can type in a name in a native language and character set when sending mail or choose to display all documents in a database in a native language and character set.

5-38 Administering the Domino System, Volume 1

Each alternate name is associated with a language specifier that identifies the native language of the name. Typically, the alternate name is specified in a character set consistent with the specified language; whereas the primary name is specified in an internationally recognizable character set. Both types of names provide the same security within the Domino system. For example, you can use alternate or primary names in an ACL or a group. You can add multiple alternate names to an organization certifier (as many alternate names as there are language specifiers recognized by Notes). An organizational unit certifier may also contain multiple alternate names, but each name must correspond to one of the language specifiers assigned to its parent certifier. The organizational unit certifier does not need to contain all the language specifiers that its parent contains. For example, /Acme may contain five language specifiers, while its child certifier Sales/Acme contains a subset of those. A user ID may contain only one alternate name. The language specifier associated with the alternate name must correspond to a language specifier in the parent certifier ID. When you assign an alternate name to a user, the alternate name and language specifiers are added to the user ID, to the Notes certificates issued to the user, and to the user’s Person document.

Configuration

To add an alternate name to a certifier ID
In this procedure, you assign an alternate name and its associated language to the organization certifier ID and its organizational unit (child) certifiers through the certification process. You first recertify the organization certifier, and then use the certifier to recertify its organizational unit certifiers. 1. Have the certifier ID to which you want to add the alternate name accessible, if you are not using the Lotus Domino 6 server-based certification authority (CA). 2. From the Domino Administrator, click the Configuration tab. 3. Choose Certification, and then click Certify. 4. If the server name that is shown is not the registration server, click Server, choose the server you want to use and click OK. 5. Do one of these: • To use the server-based CA, click Use the CA process and select a CA-configured certifier from the list. • To use a certifier and password, click Supply certifier ID and password, click Certifier ID, select the certifier ID, and then click OK. Enter the password and click OK.
Setting Up and Managing Notes Users 5-39

6. Select the ID you want to recertify and then enter the password and click OK. To add an alternate language and name to the organization (root) certifier, select the same ID that you chose in the previous step. 7. Click Add. 8. Choose the alternate language in the Language field. If you are recertifying an organizational unit certifier, the available languages include all languages associated with the organization (root) certifier ID. 9. (Optional) Enter a country code for the organization. This option is available only for organization certifier IDs. 10. Enter a name for the organization/organization unit in the Organization/OrgUnit field. 11. Click OK. 12. (Optional) To add another alternate language, click the Add button and repeat Steps 7 through 11. 13. Click Certify.

To add an alternate name to an existing user ID
Use the Lotus Domino 6 server-enabled certification authority (CA) or the certifier ID to recertify the user. 1. Make sure that the certifier contains an alternate name with the language specifier you want to use. 2. From the Domino Administrator, click the People & Groups tab. 3. From the Servers pane, choose the server to work from. 4. Click the Configuration tab. 5. Choose Tools - Certification - Certify. 6. If you are not using the Lotus Domino 6 server-based certification authority (CA), select the certifier ID that certified the user ID to which you are assigning an alternate name and enter the password. Click OK. 7. Select the user ID to which you are assigning an alternate name and enter the password. Click OK. 8. Click Add. Select a language from the list and enter a new Common Name for that language, and click OK. 9. (Optional) Specify a new certifier expiration date and a new password quality. 10. Click Certify. 11. You are prompted as to whether you want certify another, click Yes or No, accordingly.
5-40 Administering the Domino System, Volume 1

To add an alternate name while registering a new user
Before you add an alternate name to a new person, make sure you have a certifier that contains the alternate name and language specifier you want to use. You assign the name and language in the Other pane of the Register Person dialog box during advanced user registration. For more information on advanced user registration, see the topic “Using Advanced Notes user registration” earlier in this chapter.

Configuration

Setting up client installation for users
Depending on the size of your enterprise, you may need to provide an installation method for only a few users or for thousands of users. In addition, you may need to customize the installation process so that users install only the features they need. After you register users, decide how to deploy client installations for users. Users can install all three clients — the Notes client, Domino Administrator client, and Domino Designer® — or they may install only one or two clients. As an administrator, you can customize the installation process for your users so that they install the features that they need. The installation information in this section ranges from installing the Domino clients using the installation CD to creating transform files to customize the installation process.

Before you install Lotus Notes clients
Before you begin installing Lotus Notes clients, make sure that you or your users do the following: • • If the computer on which you are upgrading runs anti-virus software, close the application. If you are upgrading Lotus Notes on an Apple computer running OS X, turn off all options in the Application Sharing tab of the Shared System Preferences panel to avoid any errors. To successfully install, upgrade, and use Lotus Notes 6, users must be allowed both Write and Modify permissions to the Program directory, Data directory, and all associated subdirectories. If you are upgrading Lotus Notes on a Windows NT, 2000, or XP computer, you must have administrator rights to the system. On a Windows NT 4.0 computer, log in as an administrator or set administrator-level privileges for All Users. This can be done from the command line.

Setting Up and Managing Notes Users 5-41

• Single-user client installation — This installation is usually done from the CD or from files placed on the network. For more information on shared installation. • • • • 5-42 Administering the Domino System. and XP users should log onto their computers with administrative rights to install Lotus Notes 6. For more information on installing the Domino administration client. see the chapter “Setting Up and Using Domino Administration Tools. Batch file installation — This option enables users to install the clients by running a batch file that you create for them. For cases in which administrative rights are not available. see the topic “Multi-user installation” in this chapter. see the topic “Installing the Domino clients in a shared network directory” in this chapter. Installation with command line utilities — This option allows users to install the clients using a command line utility that you provide for them. Customized installations — This option uses the transform file to customize the installation process. For more information on multi-user installation. 2000. Multi-user installation is not available for installing the Domino Administrator client or Domino Designer.” • Multi-user installation — This option is available only for Notes client installation. enable the setting “Always install with elevated privileges. • Shared installation — This option installs all program files to a file server while the users’ data files reside on their local workstations.” Refer to the Release Notes for the most current information on permissions required when installing as a non-administrator. • Automated client installations (silent installation) — This option can be used with or without a transform file depending on whether you want to customize the silent installation.• Windows NT. Options for installing the Lotus Notes client on Restricted or Standard/Power User computers are described in the Microsoft Windows 2000. Volume 1 . Windows XP.INI file to provide information to the client setup wizard. and Windows Installer documentation. Review options for customizing the Notes client installing and set up. • • Installation methods Domino offers several methods or types of installation that you can make available to the Domino Notes users in your enterprise. Scriptable setup — This option uses a setting in the NOTES.

and the users’ data files reside on their local workstations. Before you install the client program files on a Win32 system. users can run a shared version of the software. Domino Administrator and Domino Designer client installs from one set of program files on a file server. Single-user client installation To perform a basic single-user installation. Note To perform a shared installation and run the transform file. Configuration Installing the Domino clients in a shared network directory As an administrator. Or. all program files for Lotus Notes. In a shared network installation. and the Install program may not run properly.EXE). Otherwise. go to http://www. 2. you create multiple transform files. Domino Administrator. Run the client install program (SETUP. and Domino Designer are installed. • Temporarily disable any screen savers and turn off any virus-detection software. After you install the program files to a directory on a server. do the following: • Make sure that the required hardware and software components are in place and working. you use the Lotus Domino 6 CD to install the Notes client. Setting Up and Managing Notes Users 5-43 . see Sharing a Computer with other users[[ if you have installed Lotus Notes 6 Help. 1. all program files are installed on a file server. • Read the Release Notes for disk-space requirements and for any last-minute changes or additions to the documentation. see the Upgrade Guide. During the installation of the network image. you can offer a shared network installation to your users.lotus. Multi-user installation is neither supported in a shared file configuration nor available for use on Macintosh computers.com/LDD/doc to download or view Lotus Notes 6 Help. end-users must have the Windows Installer service on their workstations. you may corrupt shared files. which is on the installation CD. To run Lotus Notes. the Domino Administrator client or the Domino Designer client directly onto the user’s workstation. • Make sure that all other applications are closed. • If you are upgrading to Domino from a previous release.For information on multi-user installations. thereby saving on disk space usage.

users cannot run Notes. 5. Every client option is installed. Upgrading shared installations Do not attempt to upgrade over existing network image files.NTF. delete all files in the existing network image and install the new network image files to the same location. BOOKMARK. Enter the name of the directory that will store the installed files. • Make sure that all other applications are closed. drive E represents the drive on which the client installation files are located. To set up the shared network installation 1. the program files are read into memory on their workstations. click Change. Assign to those users who install Notes client software from the file server “Read” access to the directory containing the files. When users install Notes from this directory. 3. Volume 1 . this directory is the first network drive accessible from your workstation. The program files remain on the server. Before you begin this installation process. A directory structure that is useable and understandable by the operating system is 5-44 Administering the Domino System. • Temporarily disable any screen savers and turn off any virus-detection software. only the data files (DESKTOP.DSK. and all local databases) are copied to their workstations. use this syntax to run setup and create the administrator image on the network: E:\path to install kit\setup /A In this example. 2. if the server is unavailable.However. As users run Notes. To upgrade an existing network image. The /A creates the administrator image on the network. 4. To specify a network drive and directory other than the default. By default. you may corrupt shared files. Otherwise. Click Install. and the Install program may not run properly. Log on as administrator on the drive on which you are installing the program files. do the following: • Make sure that the required hardware and software components are in place and working. From the command line. which is usually the drive letter of the CDROM drive containing the Domino CD. • Read the Release Notes for disk-space requirements and for any last-minute changes or additions to the documentation. where they are shared among all users.

use the + parameter as follows: Setup. use a transform file with the silent install. Setting Up and Managing Notes Users 5-45 . Read the Release Notes for disk-space requirements and for any last-minute changes or additions to the documentation. Otherwise.created. 6. Temporarily disable any screen savers and turn off any virus-detection software. and the Install program may not run properly. Make sure that all other applications are closed. the shortcut icons appear on the desktop.exe /s/v"qn+" Running a silent install provides users with the default installation options. To display a prompt when the installation is complete or when it fails. do the following: • • • • Make sure that the required hardware and software components are in place and working. see the topic “Creating a transform file” in this chapter. For more information on creating a transform file. Users can run the install program directly from this directory structure that you provide using the Lotus Notes 6.exe /s/v"/qn" When the installation is complete. you can instruct users to use the transform file to install the client on their own workstations. Configuration Providing an installation tool (method) for the users After successfully installing all client files to a shared directory on the network. Create a transform file for the installation of the end user’s local data files. Automating client installation Automated client installation supports all three Domino clients and simplifies installation for end users because it presents very few or none of the installation windows. To customize the type of installation or to specify options to install on the user’s system. Before you begin this installation process. you may corrupt shared files. thus. To use silent installation Use this format to run the install in silent mode: Setup.msi file created in the root of the directory structure. it is called a silent installation.

The actual location varies as follows according to operating system: • • • Example 1 — c:\Documents and Settings\user\Local Settings\Application Data\Lotus\Notes Data Example 2 — c:\winNT\Profiles\user\Local Settings\Application Data\Lotus\Notes Data Example 3 — c:\Bin\Win95\Profiles\user\Local Settings\Application Data\Lotus\Notes Data Each user’s individual data files are created when the user logs on to the workstation. Volume 1 . 5-46 Administering the Domino System. they run the Lotus Notes 6 client setup and their own personal data files — that is. Each user has their own data directory located in the system’s application data directory for the current user. BOOKMARK. Use the multi-user installation if your enterprise has multiple users who share a single workstation. This installation option is not enabled for other users. it is not supported for installing the Domino Administrator client or the Domino Designer. users are dependent on the availability of shared network drives. User’s can then install the client by running the batch file. NAMES.NSF. This allows for access to the Notes client regardless of which network drives are available. Then when users log onto the system. as compared to previous releases where individual Location documents had to be created for each user when multiple users attempted to use the same Notes client installation on a workstation. The multi-user installation is only supported for the Notes client installations. the multi-user option is only available in the Notes installation kit. The multi-user installation differs from a shared installation in that Program files are located on the local system in a multi-user install. In a multi-user installation.Multi-user installations Multi-user installation applies to Microsoft Windows (Win 32) users only. and completes the client setup. and other files are created. Therefore. which can be an advantage. Providing a Batch file for installing the Domino Notes clients Create a batch file that installs the Domino clients to a user workstation.NSF. install the Domino Program files to a central location on the local system. In a shared installation. The multi-user option is only visible to those users with administrative privileges on the local system. launches the Lotus Notes 6 client. Note Individual Location documents are no longer needed for each user that utilizes the Notes client on the same workstation.

For more information on what you can customize. see the topic “Installation options available using the transform file” in this chapter.Sample batch file msiexec /i "Lotus Notes 6. Lotus Domino 6 contains a version called InstallShield Tuner for Lotus Notes.mst” msiexec /i “Lotus Notes 6.mst" Providing command line utilities for installation Provide command line utilities so that users can install one or more clients on their workstations. For more information on transform files. Use transform files to deselect options — for example. You also use transform files to hide the options that you do not want users to change — regardless of whether you choose to install a particular option. you can allow the user to see and complete most of the fields on numerous windows that can be displayed during the installation process. This table presents sample command line utilities that you can modify to suit your needs.msi” TRANSFORMS=“custom.exe /v“/L*v” c:\temp\install. modem files — that you don’t want to install by default. Modify the Visible and Initial State settings for each installation option that you want to designate as hidden or not hidden. that you can use with Domino to create a transform file to customize the installation process.msi” /qn+ setup. to control the options that are installed and/or available to users. Configuration Type of install Transform install Transform silent install Silent install with fail/success prompt Silent install Verbose logging Sample command line utility msiexec /i “Lotus Notes 6. the administrator. see the topics “Creating a transform file” and “Using transform files for end-user installations” in this chapter.exe /s /v“/qn” setup.log Customizing client installations Client installs can be customized to allow you. Setting Up and Managing Notes Users 5-47 . Creating a transform file Creating a transform file requires a third-party tool such as InstallShield Tuner OEM Edition.mst” msiexec /i “Lotus Notes 6.msi” /qn TRANSFORMS=“custom.msi" TRANSFORMS="custom. If you prefer.

SETUP. 1. Click Create. In the New project name and location field for the Windows Installer Transform option.itw configuration file is located in the same directory with the Notes installation that you want to configure. The installation process then uses the values that you set in the transform file in place of default values. see the topics “Installation options available using the transform file” and “Using transform files for end-user installations” in this chapter.msi). 2. For more information on transform files. Access their Web site at http://www. see the topic “Installing the Domino clients in a shared network directory” in this chapter. Users can then apply the transform file when installing clients. Click Create a new transform file.installshield. 4. 6. not with other products. Click Save. After creating the transform file. How to create a transform file Use this procedure to create a transform file with InstallShield Tuner for Lotus Notes. 3. 5. Invoke the InstallShield Tuner program and browse to locate the configuration file that has a .itw file name extension. For more information on shared installations. You can use transform files to set up shared and customized installations. run the setup file. enter the custom transform name. Make any other desired modifications to the default settings provided. The . in the Apps/InstallShield Tuner for Lotus Notes directory.Note The version of InstallShield Tuner for Lotus Notes that is included with Domino works only with Lotus Domino 6. 7. you apply the transform file to the installation process. 5-48 Administering the Domino System. select the msi file (Lotus Notes 6. Volume 1 . Save the file to the same path on which the install kit resides.com for further information. How to install the InstallShield Tuner for Lotus Notes From the Lotus Domino 6 installation CD. In the Select an MSI file field for the Windows Installer Package option.EXE.

End-users must also have Administrator rights to upgrade an existing multi-user installation. 2. 4. For more information on multi-user installation. When specifying directory names. Change the DATADIR property to the location in which you are storing the data files. Customizing the location of the Install directories Use this procedure to specify a location other than the default location in which to store the installation directories. 1. Click Add/Remove Program Settings. From Application Configuration. Each user has their own data directory located in the system’s application data directory for the current user.Files. select Setup Properties. Change the value in the ApplicationUsers property to AllUsers. select Setup Properties. the administrator installs the Domino Program files to a central location on the local system.TXT feature that was available in previous releases of Lotus Domino. create a transform file. PathToInstallKit\AllClient\CopyFiles\custom. 1. 1. Note This customization option replaces the COPYFILE. see the topic “Multi-user installations” in this chapter.Installation options available using the transform file Using a transform file. Setting Up and Managing Notes Users 5-49 .mdm. Change the PROGDIR property to the location in which you are storing the program files. Note End-users must have Administrator rights to choose a multi-user installation and must only install the Notes Client. This is the new default data directory. use names that contain eight or fewer characters. Copy the custom files to the install directory or place them in a directory within the install directory — for example. From Application Configuration. Configuration Setting the installation to Multi-User by default In a multi-user installation. Click Target System Configuration . 2. Adding custom files to a client installation To add custom files to a client installation. 3. By default the installation is now a multi-user installation. 2. you can customize installation for the users in your enterprise.

Using transform files for end-user installations After creating a transform file. which is the directory from which you are copying the custom files.mst. select the destination directory. The first set explains how to apply a transform file for a user interface (UI) installation — that is. Change to the install directory that contains both the Lotus Notes 6. There is also a section on using a batch file to launch the command.3. an installation that presents a user interface.msi and the transform. ProgramFiles\Lotus\notes\Data\modems. the “installdir” parameter and the “datadir” parameter are used to overwrite the default settings designated by the transform file. the network installation should not be the first installation of Notes that you perform unless you are certain that all of the client workstations contain the Windows Installer Service. for example. you can use that file for end-user client installations. 5-50 Administering the Domino System. In the top pane. Drag and drop the custom file from the source directory to the destination directory. click Browse and locate the source directory. In the bottom pane. 5. Volume 1 . For installations using the transform file (and for silent installations) using the msiexec commands. User interface (UI) installation In this example. The second set explains how to apply a transform file for a silent install — that is. Note The command line path is the default installation path or the path for the transform file. files. *. 1. 4. an installation that does not present a user interface and therefore does not require any user interaction. To apply a transform This section contains two sets of instructions.

Using this method prevents the end user from having to enter a command line parameter or from using a batch file.mst" • If you want to overwrite the default Program and Data directories with the ones you specify.msi" TRANSFORMS="custom. enter this command from the command line: msiexec /i "Lotus Notes 6.2. Change directory to the install directory that contains both the Lotus Notes 6. Setting Up and Managing Notes Users 5-51 .INI file in the install directory to apply one transform file to all installs. *. Do one of these: • To install to the default Program and Data directories. enter this command from the command line: msiexec /i "Lotus Notes 6.mst" For more information on silent installations. Do one of these: • If you want to install to the default Program and Data directories. files. Using a batch file to enter the command You can also create a batch file that the user launches to start the command. enter this command from the command line: msiexec /i "Lotus Notes 6.msi" TRANSFORMS="custom.msi" INSTALLDIR=C:\Test DATADIR=C:\Test\Data TRANSFORMS="custom.msi and the transform.mst.mst" • To overwrite the default Program and Data directories with the ones you specify.INI file setting to apply one transform file to all client installs Use a setting in the SETUP. A sample batch file is shown below: Sample batch file msiexec /i "Lotus Notes 6. enter this command from the command line: msiexec /i "Lotus Notes 6. see the topic “Automating client installation” in this chapter. 2.msi" /qn INSTALLDIR=C:\Test DATADIR=C:\Test\Data TRANSFORMS="custom.mst" Using the SETUP.msi" /qn TRANSFORMS="custom.mst" Configuration Silent install 1.

xxx Port type. to connect to the server.acme. The user is able to bypass the wizard screens for which parameters have been provided by the text file.mst The transform file is applied when SETUP.Server AdditionalServices AdditionalServices.Modify the command line in the SETUP. The NOTES. An address for the Domino server. the Additional Services panel lists Internet.NetworkDial To configure a network dialup connection to Internet accounts created via Additional Services dialog box Mail. Volume 1 . proxy.INI to read as follows: CmdLine+/l*v %TEMP%\notes6.Name Incoming mail (POP or IMAP) server name continued 5-52 Administering the Domino System.TXT) file that contains the parameters that the wizard needs. such as TCPIP 1 to connect to the Domino server. c:\program files\lotus\notes\data\jsmith. Setting up Notes with a scriptable setup The scriptable setup option uses a setting in the NOTES. server.INI setting ConfigFile= points to a text (.Port Domino. and replication settings. such as the IP address of the server. For example.com or 123.Name Domino.EXE is launched.Incoming.log TRANSFORMS=custom.xxx. John Smith/Acme Directory path to the user’s ID file name —for example.124.Address Domino. 0 for no connection 1 forces display of the “Additional Services” panel even if sufficient information is provided for these services. You do not need to enter a hierarchical name. The wizard reads the text file and completes the setup. if needed.INI file to provide information to the client setup wizard.id Domino server in the same domain as the user name. The settings and parameters that you can use in the text file are listed in this table: Setting Username KeyfileName Description User’s hierarchical name — for example. Domino. During installation. the wizard displays only the panels that users need to set up the Notes client.

com Internet Mail domain name such as isp. 2 for IMAP Mail account user name or login name Mail account password An address — such as the IP address — of the home server.Address Mail. if needed to connect to server 1 to use SSL.Password NetworkDial.Port DirectDial. proxy.Server NetworkDial.FTP Proxy.Prefix DirectDial.com Directory account name.Domain DirectDial. 0 not to use SSL Outgoing mail account name. 9 to access an outside line. proxy.Username NetworkDial. COM port to which the modem is connected File specification of modem file HTTP proxy server and port — for example.Incoming.Gopher Description 1 for POP.Incoming.com:8080 continued Setting Up and Managing Notes Users 5-53 Configuration .SSL Mail.Outgoing.isp.Server Mail.Protocol Mail. if required.isp. For example.Name Mail.Setting Mail. a friendly name used to refer to these settings News (NNTP) server name Name of remote network dialup phone book entry Dial-in number Remote network user name Remote network password Remote network domain Phone number of Domino server Dialup prefix.Server News.com:8080 FTP proxy server and port — for example.com:8080 Gopher proxy server and port — for example.Outgoing. a friendly name used to refer to these settings Outgoing mail (SMTP) server name User’s Internet mail address.HTTP Proxy. a friendly name used to refer to these settings Directory (LDAP) server name News account name.Phonenumber DirectDial.Username Mail.EntryName NetworkDial. such as user@isp. proxy.Name Directory.Incoming.Name News.isp.Modem Proxy.Server Mail.Incoming.Phonenumber NetworkDial.InternetDomain Directory.Password Mail.Outgoing.Incoming.

The rename tasks are: • • • • • Change a Notes user’s common name Notify a user of a change to private design elements during a name change Rename a Web user Move a user name in the name hierarchy Upgrade a user name from flat to hierarchical 5-54 Administering the Domino System. Gopher. proxy. the name hierarchy becomes part of the user’s name. in databases.SOCKS Proxy. if you rename a user.SSL Proxy.com:8080 HTTP tunnel proxy server and port — for example.com:8080 No proxy for these hosts or domains Use the HTTP proxy server for FTP. then that too is considered renaming.Username Proxy.Password Replication. So if a user is moved and certified by a new hierarchy. However.Threshold Replication.Schedule Description SSL proxy server and port — for example. Rename a user There are several ways in which you “rename” a user.HTTPTunnel Proxy. in Domino Notes. the Administration Process automates changing the name throughout databases in the Notes domain by generating and carrying out a series of requests. the Administration Process can be used only if the database is assigned an administration server. proxy.None Proxy.com:8080 Socks proxy server and port — for example.NSF). Volume 1 . Usually they involve changing a user’s common or alternate name.UseHTTP Proxy.isp. for example. and SSL security proxies User name if logon is required User password Transfer outgoing mail if this number of messages held in local mailbox Enable replication schedule Managing users The Administration Process helps you manage users by automating many of the associated administrative tasks. in the Person document.isp. However.Setting Proxy. For example. in ACLs and extended ACLs. which are posted in the Administration Requests database (ADMIN4. Changes are made. proxy.isp.

and from the Windows 2000 Microsoft Management Console. To do so. or another user-related task.Change user roaming status You can change a user’s roaming status via the following tasks: • • Change a roaming user to nonroaming Change a nonroaming user to roaming Move a user's files In contrast to moving a user from one hierarchy to another. You can also manage Notes users from the Windows NT User Manager. which is a simple renaming action. The Administration Process helps you automate the following tasks: • • Delete a user name Deleting a user name with the Web Administrator User maintenance In addition to the tasks listed above. Setting Up and Managing Notes Users 5-55 . you may also need to move a user’s actual files. recertify a user’s ID. while denying the user access to them. there may be times when you need to locate a user. you have the option of maintaining some of the files. Use the following procedures: • • • • • • Changing a user’s Internet address Finding a user name in the domain with the Domino Administrator or Web Administrator Recertifying user IDs Monitoring user licenses Recertifying a user ID Recertifying a certifier ID While managing users. you use the following task: • Moving a user’s mail file and roaming files from the Domino Administrator or the Web Administrator Configuration Delete a user name When you delete a user name. Synchronizing Windows NT or Windows 2000 Active Directory and Notes users You can synchronize Notes users with users in Windows NT and in Windows 2000 Active Directory. you may also need to recertify a certifier ID.

For more information on assigning an administration server.” Viewing user name change requests To review the administration requests that are generated when renaming a user name. the Domino Directory must contain Certifier documents for /ACME. 5-56 Administering the Domino System. database ACLs. see the chapter “Deploying Domino. For more information on processing renaming requests in the Administration Requests database. the databases must have an assigned administration server. open the Administration Request (ADMIN4. alternate name. the certifier ID you use and any ancestor of the certifier must have a Certifier document in the Certificates view of the Domino Directory. you can change the name of one or more users in the following ways: • • • • Change a user’s common or alternate name Add an alternate name to a user if one is not yet assigned Move a user to a new hierarchy Upgrade a user name from flat to hierarchical Administration Process requirements In order for the Administration Process to facilitate the name changes. In addition. when you change the common name. and Extended ACLs. For example. and /Sales/NYC/ACME.” Changing Notes user names with the Administration Process When you change the name of a user. see the chapter “Setting Up the Administration Process. or hierarchical name of a user. see the topic “Changing Notes user names with the Administration Process” in this chapter. /NYC/ACME. Using rename.For more information on synchronizing Notes users with Windows NT users. see the chapter “Using Domino With Windows Synchronization Tools. In the Domino Administrator. the Administration Process implements the name change by initiating requests to the affected documents. if you use the certifier ID for /Sales/NYC/ACME.” For more information on certifiers.NSF) database in your Domino Directory. you “rename” them. Volume 1 . databases.

3.05 or more recent servers and sends e-mail to Notes Release 5. 5. click Server . Troubleshooting name changes The public key in the Person document must match the one on the user ID. you see this message in the Administration Requests database: “The name to act on was not found in the Address Book. Choose Actions . Note The AdminP Mail Notification agent runs only on Domino Release 5. Enable the Mail Notification agent from within the administration requests database (ADMIN4.05 or more recent clients.NSF). 1. 2. 4. Locate the administration request to rename the user and then open the request.” Configuration Renaming a Notes user’s common or alternate name Use this procedure to make any of the following changes to a user or to more than one user name: • • • • Change the common name Change or add an alternate name Delete the alternate name Synchronize the name change between Notes and Windows NT. The agent is enabled and automatically sends to the user an e-mail message containing links to databases in which the user created or modified design elements such as a folder or view. To update the private design elements with the user’s new name. Click Administration Requests (6). see the chapter “Setting Up the Administration Process. This update to the user name allows the user to maintain access to their own private design elements.Enable/Disable User Notification. or Notes and Active Directory Setting Up and Managing Notes Users 5-57 . the user must then open the database via the database links in the e-mail notification.Notifying users of changes to private design elements during a name change You can enable an agent that sends to the user an e-mail message notifying the user of a name change and containing links to databases in which the user created or modified design elements such as a folder or view.Analyses. If a public key has been changed or corrupted in some way.” For more information on correcting this problem. From the Domino Administrator. Click OK.

4. the user’s workstation. 5. In the Rename Selected Notes People dialog box. You can change that value if desired. click People . Click People and select a user name. see the topic “Changing a user’s Internet address” in this chapter. You can change a user’s Internet address as part of a change to the user’s common or alternate name.2 or later must be running on all servers involved with the name change. or UserModifier role to the Domino Directory • At least Author with Create documents access to the Certification Log 2.Rename. but you cannot use this rename procedure to change only the Internet address. From the Domino Administrator.When a user is renamed. 3. To rename a user's common name 1. you must have: • Editor with Create documents access. From the tools pane. and the administrator’s workstation. verify the number of days you want to honor the old name. If you attempt to use this procedure to change only a user’s Internet address. For information on using an agent to notify a user of changes to private design elements during a name change.” 5-58 Administering the Domino System. The default is 21 days. To rename a user. the user’s Internet address often needs to be changed accordingly. Note To use the Domino alternate name functionality. you will generate an error. click the People & Groups tab.0. 6. For more information on changing only a user’s Internet address. Volume 1 . see the topic “Changing Notes user names with the Administration Process” in this chapter. Click “Change Common Name. Domino R5.

In this dialog box you have the option of synchronizing Windows NT user names or Active Directory user names. • If you are supplying a certifier ID. use the certifier ID named SALES. Use the CA process Choose this option if you have configured the Lotus Domino 6 server-based CA. Middle. complete the following fields as appropriate. • Enter the password for the certifier ID and click OK. choose the server that is used to access the Domino Directory to look up the list of certifiers. Field Action New Primary Name Information First . Configuration 8. Supply certifier ID and password Choose this option if you are using a certifier ID and password. and This is the name with which the user was registered. In the Rename Person dialog box. to rename Joe Smith/Sales/NYC/ACME. The default certificate expiration date is two years from the current date. • Select a CA configured certifier from the list and click OK. and changing primary and alternate name information where appropriate. In the “Certificate Expiration Date” dialog box. Last Name Make changes to the user’s name as appropriate. This is also the server on which CERTLOG. • Choose the certifier ID that certified the user’s ID and click Open. • Click “Certifier ID” to select an ID other than the one displayed. The “Edit or inspect each entry before submitting request” check box is selected and cannot be modified. For example.NSF is updated. In the “Choose a Certifier” dialog box. 9. do the following: Field Server Action Do one of these: • If you are using the Lotus Domino 6 server-based CA. select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. enter a new certification expiration date if desired. continued Setting Up and Managing Notes Users 5-59 .ID.7.

Field Qualifying Org. To delete an alternate name. Qualifying Org. certified by the same certifier. Unit Original Language New Language 11. If you are not working with alternate names. skip this step and go to Step 11. It does not change automatically based on changes to the primary name fields. • Skip . Check NT User Account this box if you want to synchronize the name change in both the Domino Notes and Windows NT or Active Directory account.to submit the name change. The alternate language currently assigned to the user. simply delete the name and do not enter a new one. Common Name Enter the common name in the alternate language.if you are renaming more than one user’s common name and you want to continue to the next name without submitting a name change for the current name. You must make this change manually. (Optional) A name to differentiate this user from another user with the same user name. Select one of the following: • OK . 5-60 Administering the Domino System. It does not change automatically based on changes to the primary name fields. (Non modifiable) Select from the list to assign a new alternate language. You must make this change manually. last name. last name. certified by the same certifier. the default is first initial. (Optional) Created at registration. (Optional) Created at registration. You can change this name. Complete this step only if the user has an alternate name or if you are assigning alternate names. This adds a differentiating component that appears between the common name and the certifier name. Available only if you are renaming a user whose New Alternate Name Information certifying organization has alternate names assigned. the default is first initial. Volume 1 . You can change this name. 10. Unit Action (Optional) A name to differentiate this user from another user with the same user name. Short Name Internet Address Rename Windows Available to Windows NT User Manager only. This adds a differentiating component that appears between the common name and the certifier name.

see the chapter “Protecting and Managing Notes IDs. When the Processing Statistics dialog box appears. your Domino Directory must contain cross-certificates between the Organizations involved. review the information to verify that all name changes have succeeded. 12. for example. Setting Up and Managing Notes Users 5-61 . 2. you can certify her ID with the /AcmeSub certifier so that her name becomes Alice Brown/AcmeSub. There are two parts to moving a user name: 1. in effect. moves her to that Organizational Unit. For example. the certifier changes. see the topic “Changing Notes user names with the Administration Process” in this chapter. So. which. if Alice Brown/Marketing/Acme leaves a job at Acme to work for the Acme subsidiary AcmeSub that has its own Organization Certifier.” For information on using an agent to notify a user of changes to private design elements during a name change. see the chapter “Setting Up the Administration Process. Click OK. Her full hierarchical name then becomes Alice Brown/Sales/Acme. you can certify her user ID with the /Sales/Acme certifier. when you move a user to a different certifier you have essentially changed the user’s name.to cancel this name change and name changes for any other names you selected and have not yet submitted. 13. check the Certifier Log (CERTLOG. If any fail. For more information on the Administration Process.NSF) to determine the reason for the failure. Since the name hierarchy in Domino Notes is part of the user’s name. You can use the Administration Process to move a user name to a different location (Organizational Unit) in the organization’s hierarchical name scheme or to move a name to a different Organization altogether. if Alice Brown/Marketing/Acme leaves a job in the Marketing department for a job in Sales. Complete the move by using the target (new) certifier to approve the request and issue the new certificate. Using this example. Configuration Moving a user name in the name hierarchy When you move a user to a different Organizational Unit.• Cancel Remaining Entries . Request the move using the originating certifier. thus the user’s name hierarchy changes. however to do so.” For more information on cross-certificates. You can also move a user to another Organization. the Domino Directory must have cross-certificates between /Acme and /AcmeSub.

From the tools pane. select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. • If you are supplying a certifier ID. choose the server that is used to access the Domino Directory to look up the list of certifiers. 4. To move a user name in the name hierarchy 1.Changing primary and alternate name information during the move If an alternate name has been assigned. 5. If an alternate name has not been assigned. To move a user name in the name hierarchy. This is also the server on which CERTLOG. you must have: • Access to the certifier you are using • At least Editor access to the Administration Requests database 2. continued 5-62 Administering the Domino System. click People . The “Honor old names for up to <x> days” field is set to 21 days by default. select “Rename NT user account” on the Rename Person dialog box. and the administrator’s workstation. 3.” 7. click the People & Groups tab.0. Volume 1 . In the Choose a Certifier dialog box.NSF is updated. To use the Domino alternate name functionality. Click “Request Move to New Certifier. complete these fields: Field Server Action Do one of these: • If you are using the Lotus Domino 6 server-based CA. the administrator who performs the approval phase of the move automatically has the option to change primary name information. Synchronizing the name change between Notes and Windows NT or Notes and Active Directory While completing the move. you can designate whether the administrator who completes the move can modify primary name fields. You can change that value if desired. the user’s workstation.Rename. To do so. Click People and select a user name. you also have the option of synchronizing the name change between Notes and Windows NT or Notes and Active Directory. 6.2 or later must be running on all servers involved with the name change. Domino 5. From the Domino Administrator.

” 9. For example. cancel the procedure and begin again. For example. Review the processing information that displays to verify that all name changes were successful. • Choose the certifier ID that certified the user’s ID and click Open. do the following: Field Old Certifier New Certifier Action Verify the information. The Rename Person dialog box submitting request appears with non-modifiable fields of Primary and Alternate Name information. Go to Step 10.ID.Field Action Choose this option if you are using a certifier ID and Supply certifier ID and password password. Review the information for accuracy. to rename Joe Smith/Sales/NYC/ACME. Enter or select the new certifier. If any fail. Configuration 8. This is the name hierarchy that issues a certificate for the user in the new hierarchy. Selected by default. • If you do not want to verify each entry. use the certifier ID named SALES. • Enter the password for the certifier ID and click OK. Go to Step 9. If it is incorrect. Use the CA process Choose this option if you have configured the Lotus Domino 6 server-based CA. Do one: Edit or inspect each entry before • Keep selected. • Select a CA-configured certifier from the list and click OK. (Optional) Click the “Allow the primary name to be changed when the name is moved” check box if you want the opportunity to change the user’s name when you approve the move. In the Request Move For Selected People dialog box. check the Certifier Log to determine the reason for the failure. • Click “Certifier ID” to select an ID other than the one displayed. then complete the procedure “To approve the name change. clear the check box. to certify Joe Smith from /Sales/NYC/ACME into /Service/NYC/ACME. Setting Up and Managing Notes Users 5-63 . enter /Service/NYC/ACME or select from the list.

For each name selected. Select the name(s) to move.NSF is updated. Each name awaiting approval is listed under its new certifier. This view categorizes submissions by certifier. • Click “Certifier ID” to select an ID other than the one displayed. select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors.Analysis Administration Requests (6).if you are renaming more than one user name and you want to continue to the next name without submitting a name change for the current name. • Skip .to submit the name change. Supply certifier ID and password Choose this option if you are using a certifier ID and password.to cancel this name change and name changes for any other names you selected and have not yet submitted. Choose the Name Move Requests view. For example. • Choose the certifier ID that certified the user’s ID and click Open. use the certifier ID named SALES. choose the server that is used to access the Domino Directory to look up the list of certifiers. This is also the server on which CERTLOG. To complete the move. 2. choose one of the following: • OK . • Select a CA-configured certifier from the list and click OK. Volume 1 . in the Choose a Certifier dialog box. 3. Click Complete move for selected entries.ID. Use the CA process Choose this option if you have configured the Lotus Domino 6 server-based CA. • Cancel Remaining Entries . 5-64 Administering the Domino System. From the Domino Administrator. 4. • If you are supplying a certifier ID. click Server . to rename Joe Smith/Sales/NYC/ACME. To complete the name change 1. make the following selections: Field Server Action Do one of these: • If you are using the Lotus Domino 6 server-based CA. • Enter the password for the certifier ID and click OK.10.

You must make this change manually. In the Rename Person dialog box. (Optional) A name to differentiate this user from another user with the same user name. do the following and then click OK: Field Certifier New certificate expiration date Edit or inspect each entry before submitting request Action Configuration The name hierarchy of the certifier that will issue the new certificate (non-modifiable). Field First. If your local Domino Directory does not contain a cross certificate for the certifier. last name. Setting Up and Managing Notes Users 5-65 New Primary Name Information Short Name Internet Address Rename Windows NT User Account . In the “Certificate Expiration Date” dialog box. You can change this name optionally. 7. last name. the default is first initial. You can change this name optionally. Selected by default. (Optional) Created at registration. Unit Action This is the name with which the user was registered. a cross certificate is required. Available to Windows NT User Manage or Active Directory users only. you are prompted to create one.5. (Optional) Specify a certifier ID expiration date other than the default two years from the current date. certified by the same certifier. (Optional) Created at registration. You can remove the check mark if you do not want to verify the entries. make changes to the primary name as needed. 6. the default is first initial. and Last Name Qualifying Org. It does not change automatically based on changes to the primary name fields. Click Yes. This adds a differentiating component that appears between the common name and the certifier name. Middle. You must make this change manually. It does not change automatically based on changes to the primary name fields. If you are moving a user name from one hierarchy to another hierarchy. Make changes to the user’s name as appropriate. Check this box if you want to synchronize the name change in both the Domino Notes and Windows NT or Domino Notes and Active Directory accounts.

click the People & Groups tab. Common Name The common name in the alternate language. certified by the same certifier. 3. The Administration Process generates an administration request to rename the user. check the Certifier Log (CERTLOG. The “Rename Selected HTTP. 1. New Alternate Name Available only if you are renaming a user whose certifying organization has alternate names Information assigned. Choose one of the following: • OK — to submit the name change approval. This option is available only if the user is moving into an Organizational Unit or Organization that has an alternate language assigned.8. Complete the following fields as desired. From the Tools pane. • Skip — if you are renaming more than one user and you want to continue to the next name without submitting a name change for the current name. These modifiable fields display only if the user ID has an alternate name assigned to it.NSF) to determine the reason for the failure. Qualifying Org. POP3. Click OK. and IMAP People” wizard is activated.Rename. From the Domino Administrator. Unit (Optional) A name to differentiate this user from another user with the same user name. 10. When the Processing Statistics dialog box appears. 5-66 Administering the Domino System. • Cancel Remaining Entries — to cancel this name change and name changes for any other names you selected and have not yet submitted. 9. Volume 1 . Select from the list to assign a new alternate language. If any fail. 2. Click People and then select the Web user you are renaming. Original Language New Language The alternate language currently assigned to the user (non-modifiable). Renaming a Web user Use the Domino Administrator to rename a Web user. This adds a differentiating component that appears between the common name and the certifier name. click People . review the information to verify that all name changes have succeeded.

6. either accept the default or enter a value between 14 and 60 days. Select each name whose common name components you want to change. 5. Internet user. Domino 5. In the “Honor old names for up to <21> days” field. To rename a user you must have: • Editor with Create documents access. Note This procedure does not apply to roaming users. Configuration Upgrading a user name from flat to hierarchical In order to use the Administration Process to expedite name changes. and the administrator’s workstation. or the UserModifier role to the Domino Directory • At least Author with Create documents access to the Certification Log 2. Click “Upgrade to Hierarchical. 5. Use this procedure to upgrade a user name from a flat format to a hierarchical format. Click People and select a user name.2 or later must be running on all servers involved with the name change.0. and then change the name as desired. your organization must use hierarchical names.” Setting Up and Managing Notes Users 5-67 . 8.Rename. For information on creating a non-Notes. From the Domino Administrator. 7. Click Next.4. see the topic “Registering non-Notes. 3. To use the Domino alternate name functionality. To upgrade a user name from flat to hierarchical 1. From the tools pane. Click Finish. A message displays indicating the number of Web user names that will be changed. click People . Upgrading a user name from flat to hierarchical affects both the primary and alternate name information. click the People & Groups tab. the user’s workstation. Internet users” in this chapter. Click Next. Repeat for each name you are changing. 4.

to cancel this name change and name changes for any other names you selected and have not yet submitted. In the “Choose a Certifier” dialog box. use the certifier ID named SALES. Tip The “Edit or inspect each entry before submitting request” check box is selected and cannot be modified. • If you are supplying a certifier ID. • Cancel Remaining Entries . choose the server that is used to access the Domino Directory to look up the list of certifiers.6. In the “Certificate Expiration Date” dialog box. In the Rename Person dialog box.ID. accept or change the new certification expiration date. • Skip . you have the option of changing the primary or alternate name information. to rename Joe Smith/Sales/NYC/ACME. Then choose one of the following: • OK .NSF is updated. Supply certifier ID and password Choose this option if you are using a certifier ID and password. Use the CA process Choose this option if you have configured the Lotus Domino 6 server-based CA. • Enter the password for the certifier ID and click OK.if you are upgrading more than one user name and you want to continue to the next name without submitting a name change for the current name. select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. 5-68 Administering the Domino System. 8. This is also the server on which CERTLOG. • Select a CA-configured certifier from the list and click OK. The default certificate expiration date is two years from the current date. 7. For example. • Choose the certifier ID that certified the user’s ID and click Open. make the following selections: Field Server Action Do one of these: • If you are using the Lotus Domino 6 server-based CA. Volume 1 . • Click “Certifier ID” to select an ID other than the one displayed.to submit the name change approval.

Click Edit Person to open the user’s Person document. Changing a roaming user to nonroaming. 1. To verify the change The procedure changes the user’s status in their Person document from roaming to nonroaming. 3. <n> is the number of roaming users selected. the Administration Process changes the user’s status in their Person document from roaming to nonroaming and deletes the user’s roaming files and replicas from the servers on which those files reside. The “User Can Roam” field should display No. Changing a roaming user to nonroaming When you change a user from roaming to nonroaming. 2. check the Certifier Log (CERTLOG. To approve the mail file deletion If you chose to change a roaming user to nonroaming. 2. Select the Pending Administrator Approval view. click the People & Groups tab. From the tools pane. 4. To verify that the change has been made: 1.Analysis Administration Requests (R6). Click People and then select the user you changed to nonroaming. From the Domino Administrator. Setting Up and Managing Notes Users 5-69 Configuration . click People . Click the check box “Perform updates in background” to process each user in the background. click the People & Groups tab. the Mixed Roaming Profile dialog box appears and prompts you to select either roaming or non-roaming. choose Server . If any fail. Click the Roaming tab. Tip Run the process in the background so that you can use the Administrator client while requests are processed.NSF) database. Note If you selected a mixed group of roaming and nonroaming users. Click OK. From the Domino Administrator. Choose People and select one or more roaming user name(s) you are changing to nonroaming. From the Domino Administrator. 1. 3. Click the check box “Remove roaming profiles from <n> selected users. 2.9. you must approve the deletion requests in the Administration Requests (ADMIN4. review the information to verify that all name changes have succeeded.” In this case.NSF) to determine the reason for the failure. 4.Roaming. When the Processing Statistics dialog box appears. requires that the user’s roaming files and replicas are deleted.

and click Approve Selected Requests and then click OK. or choose Reject Replica Deletion.Roaming. review the detail information. unless you specify another location. 3. select the requests. 4. Note If you selected a mixed group of roaming and nonroaming users. To change a nonroaming user. From the Domino Administrator. click the People & Groups tab. Click the check box “Assign roaming profiles to <n> selected users. Changing a nonroaming user to roaming When you change a user from nonroaming to roaming.3. by default.” In this case. do one of these: • If you are certain that you want to approve one or more deletion requests without looking at detail information for those requests. Depending on your choices when you changed the user from roaming to nonroaming. Before changing a nonroaming user to roaming. This personal subdirectory contains the roaming user’s files and. then choose Approve Replica Deletion. Click Save and Close. Volume 1 . read the roaming user information in the topic “Using Advanced user registration” in this chapter. select and open the request. From the Tools pane. Select one or more nonroaming user name(s). the Mixed Roaming Profile dialog box appears and prompts you to select either roaming or non-roaming. is placed in the Domino/data path. <n> is the number of nonroaming users selected. 4. 5-70 Administering the Domino System. click Edit Request. • If you would like to see detail on one or more requests before approving the deletion of roaming files. you must have the following: • Editor with UserModifier access or Author with Create documents role and UserModifier privilege to the Domino Directory 2. the Administration Process changes the user’s status in their Person document from nonroaming to roaming and creates a personal subdirectory for each roaming user. To change a nonroaming user to roaming 1. You can optionally choose a separator character if you want to include one in the user’s directory name. click People .

Complete these fields: Field Action Where should the Choose one: user’s roaming • Store on user’s mail server — Places the user’s files be stored? roaming files on the user’s mail server. If folder exists Choose one: • Skip person — if a folder already exists. For example. if you want the base folder to be called Roaming for all your roaming users. By default the user’s base folder is located in the Domino\data directory. A personal folder (subfolder) is created in the Base folder for each user you upgrade to roaming user. (The user’s mail server was designated during user registration. • Sub-folder format — The format to use when naming the roaming user’s personal subfolder. enter Roaming to create the Domino\data\Roaming directory. User’s personal roaming folder Choose one: • Base folder — Name of the folder in which to store the user’s roaming files. • Generate folder name — to create a new folder. continued Configuration Setting Up and Managing Notes Users 5-71 . You can change this format if desired and you can optionally choose a separator character. • Store user ID in personal address book — (Optional) Places the user’s ID in their own local personal address book. By default this is the user’s short name format.5.) • Roaming Server — Click the button to specify the server on which you want to store the user’s roaming files.

6. A message displays indicating the number of users successfully upgraded from nonroaming to roaming. the user is not prompted again. If the user chooses Yes. the user is prompted as to whether they want to be asked again on that client. If the user chooses Yes. If the user chooses No. the data directory on that client workstation is deleted. • Cleanup every <number> days — Specify a number between 0 and 365. Click “Edit Person” to open the user’s Person document. the Administration client is busy until the Administration Process completes the upgrade.Field Roaming user client clean up options Action Choose one: • Do not cleanup — No cleanup is performed on roaming user files. • Cleanup at Notes shutdown — Cleans up files when Notes is shut down. Perform updates in background Processes requests in the background leaving the administration client available for other administration activities. 5-72 Administering the Domino System. 3. 2. click the People & Groups tab. Click the Roaming tab. To verify the change The procedure changes the user’s status in their Person document from nonroaming to roaming. Note If you do not choose this option. • Prompt user — The user is prompted on exiting the client as to whether they want to clean up their personal files.” The “In Progress” status displays until replication has occurred and all replicas of the user’s files are updated. the user is prompted again the next time the user exits the client on that workstation. Click OK. 4. Select the user you promoted to roaming. From the Domino Administrator. Volume 1 . To verify that the change has been made: 1. If the user chooses No. The “User Can Roam” field should display “In Progress” or “Yes.

For more information on the administration requests that are generated when you delete a roaming user. However. you can delete the user’s Windows NT or Active Directory account as well. That option is available to you when you delete a user name. you must approve replica deletions. see the appendix “Administration Process Requests. see the topic “Renaming a Notes user’s common or alternate name” in this chapter. 4.” If the server is running Windows NT or Active Directory. such as the short name. Click Save and Close. you must also modify another component of the user’s name. You can also modify a user’s Internet name when performing a user rename. such as changing a user’s common name.Changing a user’s Internet address To modify only a user’s Internet address. Setting Up and Managing Notes Users 5-73 . you may want to add that user to a “termination” group to prevent the user from accessing servers. 2. There may be times when you want to maintain a user’s mail file even though you have deleted the user from the Domino Directory. For more information on renaming a user with the options on the Tools pane. When you create a termination group. by using the Web Administrator. 3. Configuration Deleting a user name with the Domino Administrator You can delete a user name with the Administration Process by initiating a delete person command from the Domino Administrator. click the Files tab and open the Domino Directory (NAMES. if you choose to delete the user’s mail file.NSF). modify the user’s Person document. Select the user name and click Edit Person. On the Mail tab. assign the group type “Deny Access” to the group.NSF). To modify the user’s Internet address using the Tools -> People -> Rename feature. you must approve the mail file deletion in the Administration Request database (ADMIN4. When you delete a user name. If you delete a roaming user name. 1. or by using the Windows NT User Manager or Windows 2000 Active Directory. You can also use this procedure to delete a roaming user name. at the same time that you are modifying the Internet address. From the Domino Administrator. modify the name in the Internet Address field as necessary.

For more information on Domino and Windows NT or Active Directory directory synchronization.” For more information on the Web Administrator. From the tools pane. 2. Delete user from this Select this option to remove the account from the Domino Directory Domino Directory immediately. Click Groups. Add deleted user to Deny Access Group (This option is active only if one or more groups of type Deny Access exists. click People . • Delete the mail database on the user’s home server — to delete mail files on the user’s home server only. 5. you must have: • Author with delete documents access and the UserModifier role. Click People and select the user names you are deleting. Names fields. see the chapter “Using Domino with Windows Synchronization Tools.) Delete user’s Windows NT/2000 account. Complete these fields: Field Enter What should happen Choose the appropriate option(s): with the user’s mail • Do not delete the mail database — to delete the database(s)? Person document but leave the user’s mail files intact. From the Domino Administrator. Volume 1 . Select a Deny Access Group from the list. 3. 4. see the chapter “Setting Up and Using Domino Administration Tools.Delete. while initiating immediately Administration Process requests to remove the user’s name from ACLs. etc. 3. • Delete mail replicas on all other servers — this option is active only if Delete the mail database on the users home server was chosen.” To delete a user 1. This option deletes all mail database replicas on other servers. Select this option to delete the corresponding user account in Windows NT or Windows 2000 Active Directory account. Click OK. or Editor access to the Domino Directory • Author with Create documents access to the Certification Log 2. 5-74 Administering the Domino System. click the People & Groups tab. To delete a user. if existing To deny a user access to servers immediately: 1.

choose Server . Configuration Deleting a user name with the Web Administrator You can delete user names via the Web Administrator. Depending on your choices when you deleted the user name. 1. select the request.Delete. 4. as well as from the Domino Administrator. 2. click Edit Request. Select the Pending Administrator Approval view. Review the introductory information in the procedure “Deleting a user name with the Domino Administrator” before initiating this procedure. click the People & Groups tab. From the tools pane. 2. and click Approve Selected Requests and then click OK.NSF) database. 1. From the Domino Web Administrator. 3. Make sure you have the following before you begin deleting user names: • At least Author access and “Delete documents” privileges in the Domino Directory. For more information on shared mail databases. Click People and select the user names you are deleting. Click OK. 3. review the detail information. Click Save and Close. 6. do one of the following: • If you are certain that you want to approve one or more requests without looking at detail information for those requests. Setting Up and Managing Notes Users 5-75 . or choose Reject Replica Deletion. From the Domino Administrator.” To approve the mail file deletion If you chose to delete any mail databases. click People . select and open the request.Analysis Administration Requests (R6). see the chapter “Setting Up Shared Mail.Note If you choose to delete a user’s mail file. • If you would like to see detail on one or more requests before approving the deletion. you must have at least Editor with delete documents access to the Administration Requests database and delete documents access to the Domino Directory. you must approve the requests in the Administration Requests (ADMIN4. then choose Approve Replica Deletion. including replicas. 4.

• Delete the mail database on the user’s home server .to delete mail files on the user’s home server only.5. Select this option to delete the user’s corresponding Windows domain account. Volume 1 . 1. and then click Save and Close. Complete these fields: Field Enter What should happen Choose the appropriate option(s): with the user’s mail • Do not delete the mail database . Add user to Deny Access Group (This option is active only if one or more groups of type Deny Access exists. 3. Select a Deny Access Group from the list. • Delete mail replicas on all other servers . 5-76 Administering the Domino System. while initiating immediately Administration Process requests to remove the user’s name from ACLs. 2. do one of the following: • If you are certain you want to approve one or more requests without looking at details for those requests.this option is active only if “Delete the mail database on the users home server” was chosen. Click OK. Click Groups. and click Approve Selected Requests. Delete user from this Select this option to remove the account from the Domino Directory Domino Directory immediately. To approve the mail file deletion If you chose to delete any mail databases. choose Server . select those requests. or click Cancel.) Delete user’s Windows domain account To deny a user access to servers immediately: 1. including replicas. • If you want to view detail on one or more requests before approving the deletion. review the detail information.to delete the Person database(s)? document but leave the user’s mail files intact. etc. Click OK and then click Close. select and open the request. Names fields. 6.Analyses Administration Requests (R6). 3. From the Web Administrator. 2.NSF) database. This option deletes all mail database replicas on other servers. Select the Pending Administrator Approval view. click Edit Document. you must approve the requests in the Administration Requests (ADMIN4. Depending on your choices when you deleted the user name.

To move a user’s mail files. From the Domino Administrator or Web Administrator. Moving a mail database archive You can move a mail database archive when you move a mail database to another server if the archive is located on the same server as the mail file. then issues a request to delete the old mail file from its original mail server. 5. therefore. To move only a mail file 1. You can also click the server name to specify paths for each server. click the People & Groups tab. 7. Mail databases are often moved for resource balancing purposes. Moving a user’s mail file to a Lotus Domino Release 6 clustered server allows you to choose additional servers on which to create replicas. it appears “checked” in the Additional mail server field on this dialog box. Configuration Setting Up and Managing Notes Users 5-77 . the Administration Process first moves it to a new server. if a mail database archive is on a different server there is typically no reason to move the archive. The Administration Process also changes the information in the “Mail file name” and “Mail server” fields in the user’s Location document. (Optional) Enter a new directory to which the mail file should be moved. 4. You can accept the default of mail\. The user interface provides a list of all the servers (cluster mates) you can choose from. Mail archiving is usually done to save space on mail servers. (Optional) Click Link to Object Store if you are using shared mail and want to link the mail file to the object store. Click Move to Another server.Moving a user’s mail file and roaming files from the Domino Administrator or the Web Administrator You may need to move mail files when you need more space on a server or when users change jobs. You must approve this mail file deletion. Choose a destination server to which you are moving the mail file. When a mail file is moved. Click People and select the person whose mail file you are moving. or Author access with the UserModifier role in the Domino Directory 2. 3. 6. you must have: • Editor access with Create documents role. If the destination server you choose is a clustered server.

” Review the request. whether they are roaming users or not. 1. Click Save and Close.NSF. click Server . However. 4. Click OK.Administration Requests (6). 3. click Remove all mail replicas if the server is in a cluster and you want all mail replicas to be deleted. 5-78 Administering the Domino System. To select additional servers.” 6. you must complete the procedure twice — once for the roaming files and then once for the mail files. and NAMES. Choose the Pending Administrator Approval view. The roaming files that are moved are JOURNAL.NSF. 9. 5. To approve the mail file deletion When the mail file is on the new mail server. 2. Click “Edit Document. click the check box next to the server name in the Additional mail server field. If you are working with clustered servers. • From the Web Administrator.Analysis . To move a user's mail file and/or roaming files You can move a user’s roaming files and mail files at the same time to the same destination server. BOOKMARK. 11. You can use this procedure to move any user’s mail files.NSF). Click Close. Locate the Approve mail file deletion request and open that request. you must approve the mail file deletion in the Administration Requests database (ADMIN4. Click “Approve Mail File Deletion. if you want to move a user’s roaming files to one server and the mail files to another server.8. (Optional) Choose one of theses: • From the Domino Administrator. you can selected additional servers in the cluster to which the mail database can be moved. Volume 1 .NSF. click Delete old replicas if the server is in a cluster and you want to delete mail file replicas from a cluster. From the Domino Administrator or the Web Administrator. 10.

1. This is active only if you are moving mail files.The files are moved by the Administration Process in the background so that you can continue to perform administration activities while the files are being moved. Complete these fields: Field Destination Action Enter the name of the server to which you are moving the user’s mail and/or roaming files. Move mail files Select this check box if you are moving a user’s mail files. click the check box next to the server name in the Additional mail server field.Move to Another Server. select this check box to link the mail file to the object store. Click OK. Select this check box to remove all replicas of mail as well. From the tools pane. If the destination server you choose is a clustered server. 5. into this folder Accept the directory that is displayed or click the folder on <server> icon to choose another directory. To select additional servers. it appears “checked” in the Additional mail server field on this dialog box. Setting Up and Managing Notes Users 5-79 . If you are working with clustered servers. 3. click the People & Groups tab. Click People and select a user name. or Author access with the UserModifier role to the Domino Directory • At least Author with Create documents access to the Certification Log (for roaming files move) • CreateReplica access to the destination server 2. during a move for example. Configuration Move roaming Select this check box if you are moving a user’s roaming files into this files. you must have: • Editor with Create documents access. click People . Accept the directory that is displayed or click the folder icon to choose another directory. 4. To move a user’s mail and/or roaming files. Link to Object Store Remove all mail replicas when moving off cluster If shared mail is enabled on the destination server. 7. There may be instances. when a user might need access to a replica for a short time. From the Domino Administrator or the Web Administrator. This check box is not active if you are moving a folder nonroaming user. you can select additional servers in the cluster to which the mail database can be moved. This is active only if you are moving mail files. 6.

3.nsf . you must have: • Author with Create documents access and the UserModifier role. locate the “Approve file deletion” requests for the roaming files in ADMIN4.” Note To recertify a user ID using a certifier other than the certifier used to create the user ID.” Review the request. 1.Administration Requests (6). Access this view from Files . click Server .Certlog. 1. From the Domino Administrator.” 6. recertify the user ID using the original certifier ID. 4. and repeat steps 4 and 5 to approve the deletion of the roaming files. Locate the Approve mail file deletion request and open that request. or Editor access to the Domino Directory • At least Author with Create documents access to the Certification Log (CERTLOG.NSF and approve them.By Expiration date. For more information on certifiers and certification. When the roaming files are on the new roaming server. see the chapter “Deploying Domino. Locate the roaming file approval requests. click the People & Groups tab. All certifiers are listed by expiration date. 3. Choose the Pending Administrator Approval view. Click Save and Close. From the Domino Administrator or the Web Administrator. Click “Approve Mail File Deletion. be sure to open the Administration Requests database (ADMIN4. Locate the “Approve file deletion” request and approve the request. Recertifying a user ID Before a user ID reaches its expiration date. see “Moving a user name in the name hierarchy” in this chapter. Use the Certificate expiration view to determine which certifiers need to be recertified. 7.NSF) 2. 2. Volume 1 .NSF). 5-80 Administering the Domino System. 5.Analysis .To approve the requests When the mail file is on the new mail server. The user ID is recertified without renaming the user. Click “Edit Document. Select the user to be recertified with the same certifier. To recertify a user ID. To recertify a user ID Follow these steps to use the Administration Process to recertify a hierarchical ID that is about to expire.

NSF is updated. This is also the server on which CERTLOG. select People . Complete these fields: Field Server Action Do one of these: • If you are using the Lotus Domino 6 server-based CA. • If you are supplying a certifier ID. Supply certifier ID and password Choose this option if you are using a certifier ID and password. Use the CA process Choose this option if you have configured the Lotus Domino 6 server-based CA. • Click “Certifier ID” to select an ID other than the one displayed. Verify the certifying ID information and complete the following fields: Field Action New certificate expiration date (Optional) Specify a certifier ID expiration date other than the default two years from the current date. Configuration 6. according to their current expiration dates. • Enter the password for the certifier ID and click OK. select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors.ID.Recertify. • Choose the certifier ID that certified the user’s ID and click Open.4. For example. • Select a CA configured certifier from the list and click OK. 5. Only renew certificates that will expire before Edit or inspect each entry before submitting request (Optional) Enter a date to recertify only a subset of selected user IDs. Setting Up and Managing Notes Users 5-81 . (Optional) Select the option to edit or inspect each entry before submitting the request if you want to view each certificate before it is renewed. to rename Joe Smith/Sales/NYC/ACME. From the tools pane. choose the server that is used to access the Domino Directory to look up the list of certifiers. use the certifier ID named SALES.

Volume 1 . review the information to verify that all name changes have succeeded. When the Processing Statistics dialog box appears. • Cancel Remaining Entries . Click OK. we recommend using the Rename tool. Review the information that displays. ACME is the certifier for NYC. in this case ACME. you are renaming the user. Certifier IDs are used to certify other certifiers. in the Organizational Unit Sales/NYC/ACME. Recertifying a certifier ID or a user ID Use this procedure to recertify a certifier ID or a user ID with the same certifier ID that was used previously to certify the certifier ID or user ID.NSF) to determine the reason for the failure. and requesting a move to a new certifier — see the topic “Moving a user name in the name hierarchy” earlier in this chapter. Recertifying a user ID with a different certifier does not invoke the Administration Process. can certify itself. then select one of the following: • OK . NYC is the certifier for Sales.if you are recertifying more than one user ID and you want to continue to the next without submitting a recertification for the current name.to cancel this recertification. check the Certifier Log (CERTLOG. server or certifier that is on the hierarchical level immediately below the certifier. If you selected the option to view each entry prior to its being submitted. • Skip .7. it is not recommended that you do so using this procedure. as well as those for any other names you selected and have not yet submitted. Although recertifying a user ID with a different certifier is allowed. and users. 8. The Organization certifier. To recertify a user with a different certifier ID. and other related entries. that is. the Recertify Person dialog box appears with non-modifiable information in the primary and common name fields. changes to lists of group members. a certifier ID other than the one used to previously certify the user ID. If any fail. so all changes need to be made manually. 5-82 Administering the Domino System. servers.to submit the name change. You can also recertify a user ID with a different certifier ID. A certifier ID issues a certificate to another user. In this case. For example. which is a very complex process involving changes to ACLs for various databases.

• Enter the password for the certifier ID and click OK. 2. For example.ID.” To recertify a certifier ID or a user ID 1.Certify. to recertify the certifier ID for /Sales/NYC/ACME.When you recertify an ID you can: • • • Provide a new expiration date for certificates about to expire Add a new alternate name to the certifier ID Change the minimum password quality Types of IDs you can recertify You can recertify any of the following types of IDs: Configuration • • • • Organizational unit Server User Organization certifier (when it is used to certify itself) For more information on certifier IDs. you can choose a different certifier ID to recertify a user ID. Supply certifier ID and password Choose the certifier ID that issued the original certificate. In the “Choose a Certifier” dialog box. 3. which is NYC. Note Although not recommended. Setting Up and Managing Notes Users 5-83 . • Select a CA-configured certifier from the list and click OK. choose the server that is used to access the Domino Directory to look up the list of certifiers.NSF is updated. select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. make the following selections: Field Server Action Do one of these: • If you are using the Lotus Domino 6 server-based CA. From the Domino Administrator. This is also the server on which CERTLOG. choose the /NYC/ACME certifier ID. • If you are supplying a certifier ID. click Certification . click Configuration. see the chapter “Deploying Domino. • Click “Certifier ID” to select an ID other than the one displayed. From the tools pane. Use the CA Choose this option to use the server-based certification process authority (CA). instead of using the original certifying ID.

(nonmodifiable) Certifier ID(s) you are working with. International key Subject name list Add Rename Remove Password quality 7. Removes the alternate name selected in the Subject name list.4. (nonmodifiable) (Optional) Specify a certifier ID expiration date other than the default two years from the current date. choose SALES. (nonmodifiable) The name hierarchy of the certifier that issued the certificate. This key pair is also used for network authentication. For example. 5. country code (optional). Rename the alternate name selected in the Subject name list. This key pair is used for mail encryption when either the sender or recipient are running with an International Notes license. select the certifier ID or user ID that you want to recertify. Select the alternate language. This button is enabled only when alternate languages have been assigned. (nonmodifiable) The public half of the international RSA key pair. Click Certify. In the Certify ID dialog box.” 5-84 Administering the Domino System. to recertify Sales/NYC/ACME. Click to add and certify an alternate name. complete the following fields as necessary: Field Current Server Current certifier Expiration date Primary key Enter The registration server for the current certifier ID. 6. Enter the password and click OK. For more information on alternate names.ID. This button is not available when recertifying user Ids. Volume 1 . see the chapter “Setting Up and Managing Notes Users. Public half of the primary RSA key pair stored in the Notes ID file. and on mail encryption when both the sender and the recipient have a North American Notes license. and the organization identifier for the language. This RSA key pair is used for electronic signatures on documents and certificates. Move the slider to change the level of complexity and variety of characters entered for the password. In the “Choose ID to Certify” box.

Select one or more user name(s) that you want to locate in the domain. 2. From the Domino Administrator. Click Send. 2. 3.Finding a user name in the domain with the Domino Administrator or the Web Administrator You can search for a user name in the domain and obtain logs that include document links and directory links to each occurrence of the user name.Find Users. 4. Click Yes to initiate the Administration Request to locate all the occurrences of the selected name(s) in the enterprise. From the Domino Administrator or the Web Administrator.Log document. Enter the name of the user whose name you are trying to find. Click Done. click the People & Groups tab. 2.Administration Request (6). From the tools pane. Note License Tracking cannot be used in a hosted environment. Configuration License Tracking License Tracking allows you to monitor the number of active Notes users within a Notes domain. whether you need to purchase additional licenses. 3. To find references to a user's name with the Web Administrator 1. Double-click the report to access the Administration Process . Select the All Requests by Action view and locate the “Find Name in Domain” request. and when you need to purchase them. 4. Setting Up and Managing Notes Users 5-85 . click People .Analysis . This procedure can be performed from the Domino Administrator or from the Web Administrator. (Optional) Continue adding user names that you want to search for. 3. 5. You can use License Tracking to determine how many client licenses you have. To view the results of the name search To view the log of locations where the user name(s) are located: 1. click the People & Groups tab. To find references to a user's name with the Domino Administrator 1. From the Web Administrator. click Server .

in the License Tracking field. Note If a user is deleted from the Domino Directory. The administration process running on the administration server processes the request. 5-86 Administering the Domino System. SMTP. 1. the corresponding User License document is deleted from the User Licenses database. 4. 3. or the LDAP protocol. administrators have Manager access to the User Licenses database and users have no access. click the Configuration tab. HTTP. After the administration process updates USERLICENSES. Once each day. Click Save and Close.NSF. Enabling or disabling license tracking Use this procedure to either enable or disable License Tracking. The administration process creates a new User License document in the UserLicenses database (USERLICENSES. IMAP. When a user authenticates with a server using the Notes client. If a user is renamed. Existing administration requests are used to maintain this user information. the License Tracking document in the Domino Directory is updated with the total number of users whose information was tracked that night. From the Domino administrator.NSF) for each new user reported in the administration request. These daily updates enable you to review this information at any time to obtain an up-to-date report on the number of client licenses that you have available for use. the corresponding document is also renamed accordingly. click Disabled or Enabled according to what you want to do. Note The Server/Licenses view that displayed in Domino R5 is not part of the License Tracking feature. 2. information regarding new users and information regarding users who have not accessed the server within the last 30 days. POP3. 5. an administration request sends to the administration process. The License Tracking document is updated once each day. Volume 1 . Documents are updated with the new time and date for those users who already have a document in the User Licenses database. the user’s full canonical name. the corresponding User Licenses document is deleted. Select the server and click Edit Configuration.Configurations.How license tracking works Client usage is tracked on each server. On the Basics tab. and time and date of access are collected. protocol. If a user does not access any servers in the Domino domain for one full year. Choose Server . By default.

From the Domino Administrator. select Local. enter the name of the new database. create that page first to make sure it will be available for selection on the desktop settings menu. In the Server field.New. However. This keeps users from seeing your changes in progress. and then deploy them to users through policies and desktop settings documents.Calculating the number of licenses in use Use this procedure to recalculate the number of Notes and/or iNotes Web Access users in your domain. 2. you can create custom welcome pages. Setting Up and Managing Notes Users 5-87 . In the Title field. depending on the character length of the welcome page titles. The file name can be anything except BOOKMARK. and then copy it to the server when you are finished. ensuring that they only see finished pages. or for entire organizations by using organizational policies. The limit only affects how many welcome pages appear in the desktop settings menu. This limit is approximately ten pages. From the Domino administrator. 4. Create and work on your corporate welcome page database locally. or sophisticated pages with multiple frames and many different types of content. Creating the welcome page database 1. listing the number of Notes and iNotes Web Access users on each server. They can be as simple as a background with a company logo. 3. custom appearance across a company or organization.Database . there is a limit to the number of welcome pages that will display in the Default Welcome Page menu in the desktop settings. Configuration Custom welcome page deployment For a consistent. 3.By Server and click Recalculate Licenses. A document is created for each server in your domain. click the Files tab. no matter how many there are. The file name is entered by default. 2. Designate a default welcome page for individual users by deploying it in an explicit policy. Tip To ensure that a custom welcome page is available to set as the default for users. but you can modify it. choose File . Open the License Tracking database. All welcome pages will be deployed to the user’s bookmarks. 1. Choose Licenses or Licenses .NSF. In the Template Server field select Local. You can create as many welcome pages as you want.

(optional) Click “Do not allow users to change their home page” to prevent users from creating or selecting a home page other than the default.5. and use it to work on any changes you might want to make later. Implement these desktop settings in one or more policies. 3. 7. 6. Click the Bookmarks (R6) template.” Modifying and redeploying welcome pages Keep your local copy of the welcome page database. 5.Policy Settings . Once this is complete. From the Domino Administrator task bar. Click OK. Creating welcome pages You create corporate welcome pages the same way you create them in the Notes client. The changes will deploy to users the next time they log in. Open the welcome page database on the server. click the welcome page database and drag it to the Corporate Welcome Pages database field. Once the changes to the local database are complete.Desktop Settings. Deploying welcome pages using desktop settings 1. Click Save and Close. From the Domino Administrator click the People & Groups tab. Click Show advanced templates. From the menu. see the chapter “Using Policies. copy the welcome page database to a server to make it available to users. choose Create . 2. When you finish working on welcome pages locally. open your welcome page database in the Domino Designer and run the “Toggle advanced configuration editor” agent. select a welcome page to appear automatically when users log in. the changes will deploy to users the next time they log in. For even more options and control over your welcome pages. For more information on policies. 5-88 Administering the Domino System. You will then need to go back into each of the desktop settings documents that point to the welcome page database and create new database links to the new version. Volume 1 . save the database and copy it to the server again. (optional) From the Default Welcome Page menu. 4. 7. and then assign them to users to finish deploying your custom welcome pages. 6. This creates a database link.

OtherDomainServers might include the names of servers in other companies with which your company communicates. split a large list of users into two or more groups. groups. you create a Group document in the Domino Directory. There is no limit to the number of names that you can add to a group. 6-1 . By default. If you set up a connection to a server in another company or domain. and servers that have common traits. Using groups can simplify administration tasks. When an employee leaves the company. Using a Terminations group saves you the time and effort of manually adding individual employee names to each Server document when employees leave the company. if you create a group called “Terminations” that lists all former employees. you add the employee’s name to the Terminations group and then force replication of the Domino Directory to prevent the employee from having access to all servers in the domain. They are useful for mailing lists and access control lists. Domino automatically adds servers that you register in the current domain to the LocalDomainServers group. LocalDomainServers includes all servers in the current domain. Configuration Using groups Groups are lists of users. the total number of characters used for names in the group cannot exceed 15KB. the Domino Directory contains two groups: LocalDomainServers and OtherDomainServers.Chapter 6 Setting Up and Managing Groups This chapter describes how to create and manage groups. However. For example. To keep groups manageable. To create a group. you can enter the Terminations group name in the “Not access” field in the Server Access section of the Security tab on each Server document. You can add registered users to the group as you create the Group document and you can add new users to a group as you register them. For example. add the server name to the OtherDomainServers group. OtherDomainServers includes all servers that are not in the current domain.

that is.Z. Make sure that you have Editor access or Author access with the GroupCreator role in the Domino Directory. period. Complete these fields on the Basics tab: Field Group name Action Enter a name for the group. & . click the People & Groups tab. dash. _ ’ (ampersand. 2. Hierarchical names are required in a hosted environment. using any of these characters: A . underscore. Creating and modifying groups Create and modify groups from the Domino Administrator. space. you can nest up to five levels of groups. create a group and then add one or more existing groups as members of the new group. You can nest one or more groups within an existing group. 4. and then select Groups . From the Domino Administrator. For all other purposes. A group name can be a maximum of 62 characters in length. For mail-routing. may reside in the Domino Directory if the “Add LocalDomainAdmins group to all databases and templates” check box was selected during first server setup for a domain.. LocalDomainAdmins. Volume 1 . 0 . Select Domino Directories. and apostrophe) for the name.A third group. use a name without spaces. You can also use the Web Administrator to create and modify groups. you can nest up to six levels of groups. Each group must have an owner — usually an administrator or database manager. Note Do not create group names containing a / (slash) unless you are working in a hosted environment. Creating a group with the Domino Administrator 1. continued 6-2 Administering the Domino System. 3. Do not use a name that is in use as the name of an organizational unit in the hierarchical name scheme. For easier administration. The LocalDomainAdmins group contains names of the domain administrators. select the server to work from.9. From the Servers pane. 5. Using the / in group names in a non-hosted environment causes confusion with hierarchical naming schemes.Add Group.

servers. The group type specifies the purpose of the group and determines the views in the Domino Directory where the group name appears. Enter the Domino domain in which this group’s mail address will reside in the Mail Domain field. Click Members. • Servers only — Use in Connection documents and in the Domino Administration client’s domain bookmarks for grouping. and then click OK. Using specific group types improves performance by reducing the size of view indexes in the Domino Directory. Use the category field to categorize groups in any way that you need to. Enter the Internet e-mail address for this group in the Internet Address field. For example. mailing list groups appear in the Mail Users view. (Optional) Enter a description of the group in the Description field. The Administration Process cannot delete any member of the group. click Add. ACLs. and so on. • Deny List only — Use to control access to servers. • Access Control List only — Use for server and database access authentication only. but this type of group can be used to prevent any user from accessing particular servers. Configuration Category (Optional) Choose a Category if you have created any. or groups to add. Typically used to prevent terminated employees from accessing servers. • Mail only — Use for mailing list groups. This is the default. Description Mail Domain Internet address Members Setting Up and Managing Groups 6-3 . and access control groups appear in the Access Control view. select users. • Multi-purpose — Use for a group that has multiple purposes — for example. mail.Field Group type Action Select a group type.

Provides the hierarchical name of the last administrator that made changes to the Group document. 6-4 Administering the Domino System. and then select Groups. 4. Make sure that you have Editor access or Author access with the GroupCreator role in the Domino Directory. 1. and the Domino Directory • No — To prevent synchronization between a post office directory.6. 3. such as the cc:Mail post office directory or a Microsoft Exchange Address Book. Creating a group with the Web Administrator Create groups from the Web Administrator. From the Web Administrator. click the People & Groups tab. and the Domino Directory Last modified Non-modifiable field. 7. Choose one: • Yes — To allow synchronization between a post office directory. Add an administrator name or modify the list of group administrators. Click Add Group. Click the Administration tab and make changes to these fields as necessary: Field Owners Administrators Allow foreign directory synchronization Action Add an owner name or modify the list of group owners. just as you would from the Domino Administrator. Volume 1 . Click Save and Close. 2. Select Domino Directories. such as the cc:Mail post office directory or a Microsoft Exchange Address Book.

(Optional) Enter a description of the group in the Description field. mail. Using the / in group names in a non-hosted environment causes confusion with hierarchical naming schemes.Z. Typically used to prevent terminated employees from accessing servers. use a name without spaces. • Deny List only — Use to control access to servers. • Multi-purpose — Use for a group that has multiple purposes — for example. • Servers only — Use in Connection documents and in the Domino Administration client’s domain bookmarks for grouping. This is the default. Complete these fields on the Basics tab: Field Group name Action Enter a name for the group.5. Using specific group types improves performance by reducing the size of view indexes in the Domino Directory. Do not use a name that is in use as the name of an organizational unit in the hierarchical name scheme. A group name can be a maximum of 62 characters in length. _ ’ (ampersand. but this type of group can be used to prevent any user from accessing particular servers.9. Group type Select a group type. ACLs. dash. For easier administration. using any of these characters: A .. mailing list groups appear in the Mail Users view. 0 . • Access Control List only — Use for server and database access authentication only. Hierarchical names are required in a hosted environment. and apostrophe) for the name. and access control groups appear in the Access Control view. Note Do not create group names containing a / (slash) unless you are working in a hosted environment. continued Setting Up and Managing Groups 6-5 Configuration Description . For example. underscore. The Administration Process cannot delete any member of the group. • Mail only — Use for mailing list groups. & . The group type specifies the purpose of the group and determines the views in the Domino Directory where the group name appears. Use the category field to categorize groups in any way that you need to. and so on. space. Category (Optional) Choose a Category if you have created any. period.

and then click OK. servers.Field Mail Domain Internet address Members Action Enter the Domino domain in which this group’s mail address will reside in the Mail Domain field. and the Domino Directory • No — To prevent synchronization between a post office directory. such as the cc:Mail post office directory or a Microsoft Exchange Address Book. Field Owners Administrators Allow foreign directory synchronization Action Add an owner name or modify the list of group owners. or groups to add. Click the arrow to the right of the Members field. 7. Click the Administrator tab and complete these fields as necessary. Choose one: • Yes — To allow synchronization between a post office directory. Enter the Internet e-mail address for this group in the Internet Address field. Modifying groups with the Domino Administrator or Web Administrator Use the Domino Administrator or the Web Administrator to modify groups. click Add. (Optional) Click the Comments tab and enter comments as desired. 6-6 Administering the Domino System. 6. select users. Provides the hierarchical name of the last administrator that made changes to the Group document. Volume 1 . Add an administrator name or modify the list of group administrators. Click Save and Close. such as the cc:Mail post office directory or a Microsoft Exchange Address Book. and the Domino Directory Last modified Non-modifiable field. 8.

and click Edit Group. 2. Click Add. Select Domino Directories. select the users. Omit this step if you are using the Web Administrator. Configuration Deleting members from a group with the Domino Administrator or Web Administrator 1. select the users. or groups to add. Make sure that you have Editor access or Author access with Create Documents role and GroupModifier privilege in the Domino Directory. 4. and then click OK. Do one of these: • From the Domino Administrator.Adding members to a group with the Domino Administrator or Web Administrator 1. and then select Groups. Click Save and Close. From the Domino Administrator or Web Administrator. • From the Web Administrator. from the Servers pane. click Members and then select users. and then select Groups. Select the group from which you are deleting one or more members. click the People & Groups tab. Do one of these: • From the Domino Administrator. and click Edit Group. Select the group to which you are adding members. From the Domino Administrator or Web Administrator. click Members and then select users. 6. From the Domino Administrator. Select Domino Directories. from the Servers pane. • From the Web Administrator. Omit this step if you are working with the Web Administrator. 3. From the Domino Administrator. choose the server to work from. or groups to add. or groups to delete. 4. 2. Setting Up and Managing Groups 6-7 . Make sure that you have Editor access or Author access with GroupModifier privilege in the Domino Directory. servers. 5. servers. or groups to delete. servers. click the People & Groups tab. 8. 6. 3. servers. 5. choose the server to work from. 7.

see Creating a group with the Domino Administrator or Creating a group with the Web Administrator. Continue the delete process as usual. For more information on deleting a user name. and then click OK. Click Save and Close. follow instructions for deleting a user name. and then click OK.” 3. We only suggest the name “Terminations” for clarity. Note From the Domino Administrator. This is particularly useful for preventing terminated employees from accessing servers. do not select any members. Create a group named Terminations and assign it a group type of Deny List Only. When you are deleting a person from the Domino Directory. 8. Setting Up and Managing Groups Note Groups of the type “Deny List Only” do not have to be named Terminations. you can then add that person’s name to a Terminations group that is assigned a group type of Deny List Only. locate the “Add deleted user to Deny Access Group” field and then click Groups. Volume 1 . see the chapter “Setting Up and Managing Notes Users. assign any name that you choose. you can do the following tasks: • • • • Assign a policy to a group Edit a group Deleting a group with the Domino Administrator or the Web Administrator Finding a group member 6-8 Administering the Domino System. 2. From the Domino Administrator or Web Administrator.7. For more information on creating groups. Click Remove and click OK. 1. Managing groups To manage groups. to remove all members from the group. just click Remove All. Creating a Terminations group with the Domino Administrator or Web Administrator You may want to create a group for employees who no longer have access to specific servers in your organization. but on the Delete Person dialog box.

Groups . see the topic “Planning and assigning policies.• • Finding a group name in the domain with the Domino Administrator or Web Administrator Use the Manage Groups tool to add and remove group members While managing groups.” For more information on policies and policy settings. Choose Groups and select the group to which you are assigning a policy. Prior to assigning policies to groups. Displays the name of the selected directory and the server on which the directory resides. Configuration Assiging a policy to a group To apply policy settings to an entire group. click People & Groups tab. 4. familiarize yourself with all aspects of policies and how they are applied.” To assign a policy to a group 1. Displays the number of groups you have selected. you can assign a policy to the group. An Explicit policy combined with an Organizational policy creates an effective policy for the group.” For more information on applying policy settings. From the Domino Administrator. This field is blank prior to finalizing the assignment of a policy. 2. see the topic “Policies. You can use the Policy Synopsis tool to view how an effective policy affects the members of a group. Complete these fields: Field Selected For: Action Non-modifiable field.Assign Policy. see the chapter “Using Policies. 3. To do so. see Recertifying a certifier ID or a user ID. Non-modifiable field. For more information on policies. you may also need to recertify a certifier ID. continued Setting Up and Managing Groups 6-9 . Choose Tools . Assign an Explicit policy or assign both an Explicit policy and an Organizational policy.

Updates are done directly to the Domino Directory without using the Administration Process. the Choose Organizational Policy dialog box opens. if a group name changes in the Domino Directory before it has a chance to change in a database ACL. The synopsis shows the net effect of the two policies. With group renaming.” After the policy is applied. administrator. Click OK. and specify whether foreign directory synchronization is allowed. group membership. and the Domino Directory. description. this field displays a value. When you click this check box. Choose an explicit policy from the list. For example. the group settings according to what is specified in the policies. (This 6-10 Administering the Domino System. Performing all updates in the background allows you continue using the Domino Administrator client while updates are being performed. Prior to finalizing the assignment of the policy. group owner. the old group name in the database ACL is invalid. Volume 1 . this field displays “Unknown. Policy Allow replacement of policies View Policy Synopsis Perform updates in background 5. You can modify the group name. such as the cc:Mail post office directory or a Microsoft Exchange Address Book. If this field displays “None Available. A policy synopsis is composed of an explicit policy and an organizational policy. Editing a group Use this procedure to edit any of the group attributes that are listed on the Group document in the Domino Directory. Foreign directory synchronization allows synchronization between a post office directory. Click this check box only if you also assigning an organizational policy to the selected groups. Choose the Organizational policy that applies and click OK. Click this check box to update in the background. Click this check box to allow policies that have already been applied to users in the selected groups to be replaced by the policy you are now assigning. group type. there isn’t any tolerance for simultaneous occurrences of the new and old names while the name change makes its way across databases in the domain. Displays the number of users in the selected groups who already have policies applied to them.” you have not created any explicit policies that can be applied to a group.Field Users with an existing policy Action Non-modifiable field. The Policy Synopsis document appears.

you must have: Configuration • Editor with Create documents access. and so on. and then select Groups. you can initiate the group rename action during non-peak work hours — for example. rather than waiting for the changes to occur according to Administration Process schedules. click the People & Groups tab. use a name without spaces. underscore. dash. Mail only — Use for mailing list groups.Z. but can be used to prevent any user from accessing particular servers. during the weekend — or you can immediately process the requests. Servers Only — Use in Connection documents and in the Domino Administration client’s domain bookmarks for grouping Deny List only — Use to control access to servers. 4.) As a workaround. space. and apostrophe) for the name. period. To edit a group. 3. 5.limitation doesn’t occur with user and server renaming. A group name can be a maximum of 62 characters in length. mail. 0 . For easier administration. Typically used to prevent terminated employees from accessing servers. From the Domino Administrator. Group type Select one of these: Multi-purpose — Use for a group that has multiple purposes — for example. Access Control List only — Use for server and database access authentication only. The Administration Process cannot delete any member of the group. using any of these characters: A . This is the default. Note Do not create group names containing a / (slash). continued Setting Up and Managing Groups 6-11 . ACLs. or the UserModifier role to the Domino Directory • At least Author with Create documents access to the Certification Log 2. To edit a group 1. Select the group that you want to edit. Do not use a name that is in use as the name of an organizational unit in the hierarchical name scheme. and click Edit Group. Select Domino Directories. Make changes to any of the following fields on the Basics tab: Field Action Group name Enter a name for the group. _ ’ (ampersand. Using the / in group name causes confusion with hierarchical naming.. & .9.

Internet Address Members Enter the Internet address that applies to the group. Description Mail Domain Enter the name of the mail domain for the group. If the category that you want to use is not listed in the dialog box. The Category field can be used to categorize your groups in any manner that you want. typing the member name. Type a member name in the field or double-click this field to open the Select Names dialog box.Field Category Action (Optional) Select a category to which you are adding the group and click OK. add the category name in the New Keyword field and click OK. Volume 1 . Add or remove group members. This is especially useful for enterprises that have more than one mail domain. Enter a description of the group. and clicking OK • View detailed information by selecting a person or group and clicking Details • Copy an entry from the open address book to the Local address book by selecting the name and clicking the Address Book icon • Open another Group document by selecting the group name and clicking Open 6-12 Administering the Domino System. and then do any of the following: • Open another address book by selecting • Find names that begin with a specified string if you are unsure of the spelling or the complete name • Add a person or group to the group by selecting the person or group and clicking Add • Remove a group member by selecting the member in the right pane and clicking Remove • Remove all members of a group by clicking Remove All • Add a member to a group by clicking New.

see the appendix “Server Commands. such as the cc:Mail post office directory or a allowed Microsoft Exchange Address Book. click Sort Member List. To immediately change the name of a group throughout the domain 1. and the Domino Directory Last modified Non-modifiable field. 4. Click Save and Close. To force processing of the “Rename Group in Access Control List” and “Rename Group in Reader/Author fields” requests on each server.6.” Setting Up and Managing Groups 6-13 . enter the command: tell adminp process all For more information on server commands. and the Domino Directory • No — To prevent synchronization between a post office directory. enter the command: tell adminp process daily 3. To immediately process the “Rename in Person Documents” request. Click the Administration tab and make changes to any of these fields: Field Owners Administrators Action Add an owner name or modify the list of group owners. such as the cc:Mail post office directory or a Microsoft Exchange Address Book. Provides the hierarchical name of the last administrator that made changes to the Group document. To process the “Rename Group in Address Book” request immediately. on each server in the domain. (Optional) To sort the list of group members before saving the Group document. Replicate the modified Domino Directory and Administration Requests database from the administration server for the Domino Directory to all other servers in the domain. Add an administrator name or modify the list of group administrators. from the administration server for the Domino Directory. 8. Choose one: Foreign directory • Yes — To allow synchronization between a post office synchronization directory. choose the group rename action from the administration server for the Domino Directory and then enter this server command: tell adminp process new 2. Configuration 7.

” To delete a group with the Domino Administrator 1. 4. and database ACLs and Extended ACLs. If the server is running Windows NT or Active Directory. 6. • No . you can delete that group account. From the Domino Administrator. To delete a group. For more information about synchronizing Domino and Windows NT or Domino and Active Directory. If the server is running Windows NT or Active Directory and contains a group account for this group. Select one of the following: • Yes . 2. Click Yes to delete the group account. Volume 1 .to immediately delete all references to the group in this replica of the Domino Directory. see the chapter “Using Domino with Windows Synchronization Tools. or Editor access to the Domino Directory. Click Delete Group and click Yes to continue. Click OK. 6-14 Administering the Domino System.Deleting a group with the Domino Administrator or the Web Administrator Follow these steps to use the Administration Process to delete a group from the Domino Directory and from database ACLs and Extended ACLs. Select the name of the group you are deleting. • Cancel . 7.to cancel the request entirely. you must have at least Author with delete documents access and the GroupModifier role. Tip You can also delete a group from the Tools panel using Groups Delete. click the People & Groups tab. 5. 3. too.to post a “Delete in Address Book” request in the Administration Requests database and have the Administration Process delete references to the group in the Domino Directory. Domino prompts you to delete the corresponding group account from the Windows domain.

3.Groups . click the People & Groups tab. From the Web Administrator. From the Domino Administrator. Action Click this check box to immediately delete all references to this group in this replica of the Domino Directory. Select the name of the group you are deleting.Delete. click the People & Groups tab. Choose any of these options on the Delete Groups dialog box. Setting Up and Managing Groups 6-15 . 3. Field Delete group from this Directory immediately. Click Tools .Find Group(s). To delete a group. database ACLs. This is especially useful when moving groups to other servers or domains or when verifying that you have completely deleted a group name from your domain. a “Delete in Address Book” request is posted in the Administrator Requests database and the Administration Process deletes references to the group in the Domino Directory. 7. you must have at least Author with delete documents access and the GroupModifier role. Finding a group name in the domain with the Domino Administrator or Web Administrator Use this procedure to locate every occurrence of one or more specific group names within a domain. To find a group name with the Domino Administrator 1. If you do not choose this option. Click Yes to initiate the Administration Request to locate all the occurrences of the selected group(s) in the enterprise. 2. Click Close. 4. 2. From the Tools pane. 6. or Editor access to the Domino Directory. Click this check box to delete the group’s corresponding Windows domain account if one exists.To delete a group with the Web Administrator 1. and Extended ACLs. 5. click Groups . Select one or more group name(s) that you want to locate in the domain. Configuration Delete the groups Windows domain account. 4. Click OK.

Locate the “Links to items found within Domino Directory documents:” field. 2. From the Domino Administrator. click the People & Groups tab. continued 6-16 Administering the Domino System. From the Tools pane. click the People & Groups tab. To use the Manage Groups tool 1. From the Web Administrator. and you can then add or remove people and groups from groups as necessary. Click Done. Using the Manage Groups tool to manage groups The Manage Groups option on the tools pane provides a quick and easy method for managing existing Domino groups. To view the log of locations To view the log of locations where the group name(s) are located: 1. 3.Log document. 2. 2.Manage. 4.To find a group name with the Web Administrator 1. From the Domino Administrator.Find Group(s). click Server . A list of all users and groups in the directory is displayed. The directory containing the group you are managing. click Groups . You can also view details on groups. Enter a group name in the Find Groups dialog box and click Send.Analyses Administration Requests (6). (Optional)Continue adding group names that you want to search for. Double-click the request to access the Administration Process . Complete these fields as necessary: Field People and Groups Look In Group Hierarchies Look in Enter The directory that you want to open. This field contains the links to the Group documents located using the Find Groups action. click Groups . 3. From the tools pane. You can open any Domino Directory to which you have access. Volume 1 . Select the view All Requests by Action and access the “Find Name in Domain” request. 5. 3.

select the group from the Group hierarchies pane and click Details. all people and groups in the selected directory. select the group in the Group hierarchies pane. mail. When you finish managing groups. click Done. and click Add. Configuration 4. Do any of the following: • To add a member to a group. and so on. 5.To display all of the group hierarchies in the selected directory. The Administration Process cannot delete any member of the group.To display all of the groups in which the selected user is a member. Mail only — Use for mailing list groups. Setting Up and Managing Groups 6-17 . To remove all members from a group. Multi-purpose — Use for a group that has multiple purposes — for example. Lists by organization. all people and groups in the selected directory. and click Remove All. ACLs. and then click OK. click the Member field. Typically used to prevent terminated employees from accessing servers. select the member from the Group hierarchies pane. Access Control List only — Use for server and database access authentication only. This is the default. but can be used to prevent any user from accessing particular servers.Field Show me Enter Choose one: • All group hierarchies . • To view a group document. then select the user or group from the People & Groups list. • To remove a member from a group. do not select any members. and click Remove. Deny List only — Use to control access to servers. Servers Only — Use in Connection documents and in the Domino Administration client’s domain bookmarks for grouping. List alphabetically List by organization Show group type Lists alphabetically. • Only member hierarchies .

Finding a group member You can quickly locate a group member by completing the following procedure. Groups view. 1. Volume 1 . Note You may have to scroll to the right to reveal the button. From the Domino Administrator. click Find Group Member. and then click Groups. 3. On the Action bar. If the group member is found. a check mark appears next to the group or groups in which the member name is located. click the People & Groups tab. Jane Doe) and click OK. Tip You can also find a group member from the Domino Directory. 2. 6-18 Administering the Domino System. Enter the common name (for example.

and each replica can contain different documents or have a different database design. you can set up a Web staging area where you design and test new pages. they can access a replica of that database on one or more local servers. replication can occur between them. you use Connection documents to schedule replication between the servers that store the replicas. The file names of two replicas can be different. To ensure that the content in all replicas remains synchronized. and delete documents in different replicas of a database. on different networks. you prevent Web users from seeing your “work-in-progress. On one server. if their replica IDs are identical. Configuration Replicas To make a database available to users in different locations. If one server is unavailable. and users can make changes to a database and share those changes with everyone else who has access to that database. All replicas share a replica ID which is assigned when the database is first created. Instead. teams. By using replicas and replication this way. When the design changes are tested and ready to be released. you create replicas. Users never need to connect to a single central server that stores the only replica of a particular database. As users add. You can also use replicas to help manage ongoing Web site design. users can access another replica of the database on another server. using replicas and scheduling replication reduces network traffic. you can replicate this server with the server storing the replica of the Web site that is available to users. Then users aren’t dependent on one server when they attempt to access critical applications over the Internet.” 7-1 . These distributed replicas can also be Web sites that are hosted on different Lotus Domino 6 servers. or in different time zones. however. Then multiple sites.Chapter 7 Creating Replicas and Scheduling Replication This chapter explains how to set up replicas and schedule replication. the content in the replicas is no longer identical. In addition. edit.

In a cluster. Then tell users and application developers to send their requests for new replicas to these administrators. you can create replicas on clustered servers and then set up replication in clusters. the greater the demand on server and network resources and the greater the need for additional maintenance.Copy. If users need access to the most up-to-date information in a database. Deciding when to create a replica Plan your replica strategy carefully. Keep a database that you’re redesigning separate from a production version of the database. The more replicas. since corrupted data often replicates. and create replicas on servers only when necessary. assign Create Replica server access to only a few administrators. and other critical system databases. the Administration Requests database. Volume 1 . Keep a database available even if one server goes down.Database . Create a replica of a database to: • • • • • • • Improve performance of a heavily used database. all replicas are always identical because each change immediately replicates to other servers in the cluster. Distribute network traffic. Make a database available to users in remote locations. you must create replicas of the Domino Directory. To prevent unnecessary proliferation of replicas. see the topic “Creating replicas using the Administration Process” in this chapter. Although a copy of a database may look the same as the original database. For more information on setting up individual databases for replication. Place a replica of a master template on each server that stores a database that inherits from the master template.A replica of a database isn’t the same as a copy of a database that you make by choosing File . use this only as a secondary backup method. 7-2 Administering the Domino System. Create a backup database from which you can restore information if data becomes corrupted. • • Keep in mind that two replicas will contain slightly different content between replications. Set up Domino system administration — for example. a copy doesn’t share a replica ID with the original database and so it can’t replicate with it. Provide a replica containing only a subset of information that is relevant to a particular workgroup.

and delete documents in a database. Because replication transfers only changes to a database. You can also use the server commands Pull. Push. see the chapter “Setting up Server-to-Server Connections. The server console commands include replicate. To schedule replication between servers. you can schedule replication so that the initiating server and destination server each pull changes or so that the initiating server pulls changes only or pushes changes only. the replicas contain slightly different information until the next time the servers replicate.How server-to-server replication works For server-to-server replication. and load replica. You may need to create Connection documents to enable server connections. the network traffic.” 1. • A replication command to replicate immediately is issued at the server console. server time. Creating Replicas and Scheduling Replication 7-3 . you need to be familiar with the information in the topics “Guidelines for setting server access to databases” and with “Setting up a database ACL for server-to-server replication” in this chapter.” Configuration Replication. As users add. by default. and Replicate to initiate replication between servers. During scheduled replication. the initiating server first pulls changes from the destination server and then pushes changes to the destination server. the Replicator is loaded at server startup. You also need to fully familiarize yourself with the information on replication in the appendix “Server Commands. The Program document starts a new task on the server rather than sending work to an existing task. step-by-step To fully-understand replication. push. the Replicator on one server calls another Domino server at scheduled times. pull. the servers must be able to connect to each other in order to update replicas. • Settings in a Program document. By default. For more information on server connections and Connection documents. edit. As an alternative. depending on your server topology. and connection costs are kept to a minimum. Replication is initiated by a server or a workstation in one of the following ways: • Replication schedule settings in a Connection document take effect.

• Scheduled replication from a Notes client. For more information on server console replication commands. it looks at the replication history to find the last time the replicas replicated. the Replicator has to search all documents in the source database. • If the data in the source database has not changed since last successful replication to the destination database. for a push. one for each direction (push/pull).• A replication command to replicate immediately is issued by an end-user working in the Notes client user interface.” For more information on the Program document. The Replicator uses the history in the local database which is the destination database when “pulling” and is the source database when “pushing.” Typically there are two such entries. see the appendix “Server Commands. • If there is no entry in the replication history. 3. replication fails. or if it cannot search the remote server (Server B). no replications take place and the replication history is not updated. the source is the database on the remote server. The servers authenticate each other by finding a certificate in common and testing to be sure that certificates are authentic. Volume 1 . (For a pull. not from a server. not just those that have changed since the last replication. This is done from a workstation only. Note If the server initiating the replication cannot connect to the remote server. The Replicator constructs a list of local files to replicate and asks the remote server to find those that have a match with the list of local files. • The Replicator constructs a list of documents in the source database that have changed since the last successful replication. or if the selective replication settings have changed. if access rights have changed. The time that the search begins is recorded in the replication history so that succeeding replications do not process changes that have been replicated. see the appendix “Server Tasks. the source is the database on the local server. This is done from a workstation only. 4. The Replicator searches the source replica for changes that have occurred since the last replication. 7-4 Administering the Domino System. When the Replicator finds a match.” 2.) The list is restricted by the Selective Replication Settings.

the replication history is not updated and the next replication will search the same databases again. include Server B in the read access list and give Server B at least Reader access in the ACL to allow Server B to pull new documents and changes to documents created with the form. Include servers in read access lists for database design elements If a database design element has a read access list associated with it that allows access only to certain users with Reader access. the intermediate server acts first as a destination server. you must assign servers the appropriate access in the database ACL. design changes made to the replica on Server A replicate to Server B only if the replica on Server B gives Server A at least Designer access. include the names of replicating servers in the read access list in addition to the server names with Reader access in the database ACL. Configuration Guidelines for setting server access to databases For replication to occur properly. Follow these guidelines when you set server access to databases. replication history for both the source and destination databases is updated. then as a source server and must have the access level necessary to pass along the changes. For example. Creating Replicas and Scheduling Replication 7-5 . Replication history is updated fro replication from source database to destination database. Assign an access level that is at least as high as the highest user access level For example. Replication between the source database and the destination database occurs. Assign appropriate access to intermediate servers If replication occurs through an intermediate server. For example. If access is sufficient. and Server C’s replica must give Manager access to Server B. if a replica on Server A includes a form access list that limits who can read documents created with the form. Server B’s replica must give Manager access to Server A. • If replication is not successful. if you want ACL changes on Server A’s replica to replicate to Server C by way of Server B.5.

The access level given to a server in an ACL determines what. For example. For more information on setting up a database ACL. changes that server can replicate to the replica.Assign Reader access for one-way replication Give a server Reader access to a replica when you want to allow the server to receive information from the replica but not to send changes back. OtherDomainServers This group represents servers that are not included in the Domino domain of the server that stores the replica. For example. a server must have at least Editor access. if any. every database ACL includes the server groups LocalDomainServers and OtherDomainServers. assigning this group Reader access in the ACL ensures that the local Domino domain retains control over the database. to replicate these modifications. Setting up a database ACL for server-to-server replication You add the names of servers to a database ACL in the same way that you add the names of people. to allow Server B to receive changes from a replica on Server A but not to send changes to Server A. not Author access. Typically you assign this group a higher access level in the database ACL than the OtherDomainServers group. 7-6 Administering the Domino System. see the chapter “Controlling User Access to Domino Databases. For example. Assign Editor access to allow author changes to replicate If a replica includes an Authors field that allows authors to modify their own documents. Typically you assign this group a lower access level in the database ACL than LocalDomainServers. give Server B Reader access to the replica on Server A. LocalDomainServers This group represents servers that are in the same Domino domain as the server that stores the replica. changes made to Server A’s replica by someone with Author access only replicate to Server B if Server B’s replica gives Server A at least Editor access.” Default server groups in an ACL By default. Volume 1 .

However. for servers. see the chapter “Controlling User Access to Domino Databases. For more information on setting up database ACLs. you can deselect a particular privilege for a server entry in the ACL.” Then add this group to database ACLs as needed. for example. see the chapter “Setting Up and Managing Groups. Both these groups are included in all databases by default and may have a high access level in some cases. For example. Then when users who have “Delete documents” access in the ACL delete documents. enable all the privileges that the selected access level allows.” Configuration Access level privileges For each access level. you can select or deselect these privileges: • • • • • • • • Create documents Delete documents Create personal agents Create personal folders/views Create shared folders/views Create LotusScript/Java agents Read public documents Write public documents In general. the deletions don’t replicate. create a group specifically for the external servers with which your company communicates. For more information on setting up groups. to prevent all document deletions made in a database on a particular server from replicating. to prevent certain changes from replicating without deselecting privileges for each user.” Creating Replicas and Scheduling Replication 7-7 . This ensures that the server has access that is as high as users might have and can replicate all user changes.Note Do not add the names of servers from outside companies to LocalDomainServers or to OtherDomainServers. deselect “Delete documents” in the ACL entry for the server. Instead. create a group called “External Servers.

Servers in the OtherDomainServers group are often given Reader access. Servers that should never make changes. Volume 1 . Also prevents the server from pulling changes. Servers to which you want to deny access. Use Manager access instead if you want one server to control ACL and design changes. In a hub-and-spoke server configuration. Servers you want to use as the source for design changes. You don’t typically use this access for servers. server can only pull changes Depositor New documents. give this access to as few servers as possible. Servers in the OtherDomainServers group are sometimes given No Access. from the highest access to the lowest. Servers that users use only to add and modify documents. you typically give the hub server Manager access. This allows the Administration Process on a server to update names in the ACL when names in the organization change. you typically give the spoke servers Editor access. Access level Allows a server to push these changes Manager ACL settings Database encryption settings Replication settings All elements allowed by lower access levels Assign to Servers you want to use as a source for ACL changes. No servers.” 7-8 Administering the Domino System. For tight database security. Also prevents the server from pulling changes. Note A database that doesn’t replicate should have at least one server in its ACL to serve as the administration server for the database. In a hub-and-spoke configuration. No Access No changes. Designer Design elements All elements allowed by lower access levels Editor All new documents All changes to documents Author Reader New documents No changes. For more information on administration servers. No servers. You don’t typically use this access for servers. see the chapter “Setting Up the Administration Process.Server access levels This table describes access levels in terms of server access.

NSF) on the source server that allows the Administration Process to export Create Replica requests to the destination server. 2. You should make sure that Connection documents are in place to schedule replication between the source and destination servers. • You’ve set up cross-certification if servers in the two domains do not share a common certifier. 3. You can create replicas on servers in the same domain or in another domain. Make sure that the source server: • Is running the Administration Process. If you are creating a replica on a destination server in another domain. • There is an inbound Cross Domain Configuration document in the Administration Requests database on the destination server that allows the Administration Process to import Create Replica requests from the source server’s domain.Creating replicas using the Administration Process Through the Domino Administrator you can use the Administration Process to initiate the creation of one or more replicas. Make sure that you: • Have Create Database access in the Server document of the destination server(s). • Have at least Reader access in the ACL of the databases on the source server. Note Do not use the wild card character (*) in the “Create Replica” field of the destination server’s Server document because this character causes the request to fail. in which case this is not strictly necessary. Configuration Creating Replicas and Scheduling Replication 7-9 .” 1. unless the servers are members of the same cluster. • Has Create Replica access in the Server document of the destination server(s). • Connection documents enabled for mail are in place that allow the source server to send mail to at least one server in the destination server’s domain. For more information on the administration requests that processed while creating a replica see the appendix “Administration Process Requests. make sure that: • There is an outbound Cross Domain Configuration document in the Administration Requests database (ADMIN4.

type the directory name. This method uses the Administration Process to automate creation of the replica. 1. To expand the server pane. choose Database . select one or more databases for which you want to create replicas. In the files window. Select one or more destination servers. preexisting directory on the destination server. 12. backslash. Click OK. 5. 11. From the Domino Administrator. • Has at least Reader access in the ACL of the source replica.4. and then click OK. 2. 8. JOBS\POSTINGS. To select a server if it doesn’t appear in the list. the database is stored on the destination server in the same location as on the source server. Select one or more databases you want to replicate in the files pane. click the Files tab. 10. Domino creates it for you. Volume 1 . Creating replicas by dragging databases to a destination server You can drag and drop databases to a destination server icon to create replicas on that server. select the source server in the server pane on the left. 9. then click OK. Drag the selected databases to a destination server in the server pane on the left. From the Tools pane. (Optional) Select a destination server. To put the replica in a directory below the data directory. click “Show only cluster members” to display only destination servers that are members of the cluster. select Other. specify the hierarchical server name. 6. store all replicas in one. click “File Names” to choose a custom file path on the destination server for any database you’re replicating. click the servers icon in the server pane. drag the selected database(s) to the Create Replica tool. 7. A dialog box shows the number of databases processed and indicates if any errors occurred. When you use this method. If you don’t choose this option. Make sure each destination server: • Is running the Administration Process. and then the file name — for example. Click the Files tab. 7-10 Administering the Domino System. You can repeat this procedure for each destination server. Or.Create Replica. 3. If the specified directory does not exist. From the Domino Administrator. (Optional) If the current domain includes a cluster.

This table summarizes the available replication settings. select “Create replica. then click OK. However. you can prevent the transfer of documents that are not pertinent to your site. you can customize replication. unmodified documents The cutoff date. two replicas exchange all edits. Setting Remove documents not modified in the last x days Controls When Domino purges document deletion stubs and. Table of replication settings By default. For example. Caution Replication settings are not intended to be used as a security measure. and deletions if the servers the replicas are on have the necessary access. In the dialog box that appears.” select a directory on the destination server in which to store the replica(s). You must have Manager access to a replica to set replication settings for it. You can specify replication settings on a new replica as you create it or on an existing replica. additions.4. so that a replica only receives documents created or modified since the date. to save disk space. You can specify some replication settings for multiple replicas at once from a central source replica. optionally. Which documents are scanned during the first replication after clearing the replication history Panel option Space Savers Configuration Only replicate incoming documents saved or modified after: date Other Receive summary and 40KB of The size of documents rich text only that a replica receives Replicate a subset of documents Replicate Which documents a replica receives Which non-document elements this replica receives Space Savers Space Savers Advanced Advanced continued Creating Replicas and Scheduling Replication 7-11 .

For more information. and if so it 7-12 Administering the Domino System. 90 days. Remove documents not modified in the last x days The number of days specified here. It checks for deletion stubs that require removal at 1/3 of the purge interval. see the topic “Specifying replications settings for multiple replicas from one source replica” in this chapter. known as the purge interval. Domino checks if it has been at least 30 days since it removed deletion stubs. Deletion stubs are markers that remain from deleted documents so that Domino knows to delete documents in other replicas of the database. Volume 1 . Limiting the contents of a replica Use the following replication settings to limit the size of a replica or to display a subset of information relevant to a particular group of users. For example. controls when Domino purges deletion stubs from a database. when a user opens a database.Setting Controls Panel option Send Do not send deletions made in Whether a replica can this replica to other replicas send document deletions to other replicas Do not send changes in database title & catalog info to other replicas Whether a replica can Send send changes to the database title and Database Catalog categories to other replicas Whether a replica can Send send changes to the Encryption database property (in the Basics tab of the Database Properties box) to other replicas Whether a replica can replicate Other Do not send changes in local security property to other replicas Temporarily disable replication Scheduled replication priority The replication priority of Other a database used in Connection documents for scheduling replication The publishing date for a database on a CD-ROM Other CD-ROM publishing date You can manage these settings for multiple replicas from a central source replica. Because deletion stubs take up disk space. Domino regularly removes deletion stubs that are at least as old as the value specified. assuming the default value.

Caution If you select the check box on a non-replicated database.removes any deletion stubs that are at least 90 days old. so the documents aren’t deleted in other replicas. but be sure to replicate more frequently than the purge interval. if Domino purges deletion stubs on 1/1/99 and the “Remove documents not modified in the last x days” setting is 90. also removes deletion stubs. These documents are purged. which runs by default at 2:00 AM. during the next replication. The Updall task. documents are lost and you can only recover them from a system backup. Use this option in conjunction with clearing the replication history to solve replication problems. when Domino removes deletion stubs it also removes documents that haven’t changed within the specified number of days. The “Only Replicate Incoming Documents Saved or Modified After: date” setting prevents the purged documents from reappearing through replication. similar document purging occurs in them. otherwise. If you clear the date before clearing the replication history. Only Replicate Incoming Documents Saved or Modified After: date A replica can only receive documents created or modified since the date specified. meaning no deletion stubs remain for the documents. If you select the check box. you can select the check box to remove documents in the replica that haven’t changed within the purge interval. If you clear the database replication history. If the other replicas have this check box selected. it resets the date to correspond to the number of days specified in “Remove documents not modified in the last x days” setting. If the check box is selected in the “Remove documents not modified in the last x days” setting — meaning documents that meet the purge interval criteria are purged as well as deletion stubs — this automatic date reset insures that the purged documents aren’t replicated back into the replica. Domino scans only documents created or modified since the date specified here. deleted documents can be replicated back to the replica. if you want. when Domino next purges deletion stubs. Configuration Creating Replicas and Scheduling Replication 7-13 . You can shorten the purge interval. on 1/1/99 Domino resets the date to 10/1/98. If you clear or change this date. Note Domino regularly removes deletion stubs according to the purge interval even if you don’t select the check box. Domino scans all documents in the database. Optionally. For example.

Replication formulas are similar to view selection formulas. If you use @AllChildren or @AllDescendants. such as the author and subject. Keep in mind the following points when you use replication formulas: • • You cannot use @DbLookup. make sure the database performance property “Don’t support specialized response hierarchy” is not selected. When users open a shortened document. Domino prevents large attachments from replicating and shortens the documents that this replica receives. 7-14 Administering the Domino System.Receive summary and 40KB of rich text only If you select this setting. To view the entire document. To avoid this.Retrieve Entire Document. and the first 40K of rich text. Agents don’t work on shortened documents. Using @IsResponseDoc in a replication formula causes all response documents in a database to replicate. The shortened documents contain only a document summary that includes basic information. use @AllChildren or @AllDescendants instead. Shortened documents do not replicate unless the destination replica also has this option selected. they see “(TRUNCATED)” in the document title. Keep the following points in mind when using this setting: • • • Users can’t categorize or edit shortened documents. or @Now in a replication formula. @UserName. Replicate a subset of documents Use this setting to specify that a replica receives only the documents in a specific directory or view or only documents that meet selection criteria specified in a formula. not just those that meet the selection criteria. @Environment. users open it and choose Actions . Volume 1 .

allows a replica to receive agents. Alternatively. Creating Replicas and Scheduling Replication 7-15 . and so on Default Selected Description If selected. the replica receives all fields in each document received. but users assigned “Delete documents” access in the replica ACL can still delete documents from the replica. views. allows the replica to receive document deletions. Access control Selected list Deletions Selected Fields Not selected If deselected. but you should only do this if you have a thorough knowledge of application design. you select a subset of fields to receive. views. If deselected. this replica won’t receive deletions from the source replica. prevents a replica from receiving design changes. allows the replica to receive ACL changes from any server that has Manager access in the replica’s ACL. Configuration Agents Selected Replication formula Not selected If selected. If selected.Replicate Use this setting to control which non-document elements a replica receives. however. If selected. regardless of this setting. prevents the replica from receiving agents. doing so prevents agents from replicating. allows a replica to receive design changes. although the replica still receives changes made by the agents. If selected. This table describes the options: Replicate Forms. you can assign source servers Editor access or lower in the ACL. the replica won’t receive deletions through replication. This option is required if you’re using a central source replica to manage replication settings for multiple replicas. ensures that replication settings specified for multiple destination replicas from one source replica can replicate. If deselected. Note If “Do not send deletions made in this replica to other replicas” (on the Send panel of the Replication Settings dialog box) is selected for the source replica. and folders from a source replica. such as changes to forms. If deselected. If selected. Don’t select this option when you first create the replica because the new replica won’t contain any design elements for displaying information.

If a database is on a cluster server. if this setting is selected and you disable the Encryption property on a local replica.Limiting what a replica sends Use these settings to limit what one replica sends to other replicas. As an alternative. For example. Medium. Volume 1 . Then in a Connection document. the priority of the replica on the server that initiates the scheduled replication takes precedence. you can deselect the ACL option “Delete documents” for the server storing this replica. disabling replication suspends both cluster replication and scheduled replication. you can schedule replication so that databases of a particular priority replicate at specific times. the property remains selected on a server replica. or if you use the Domino Administrator. You can select this for one database. For more information on clusters. or Low to a database. Do not send changes in database title & catalog info to other replicas This setting prevents changes made to this replica’s database title or Database Catalog categories from replicating. see the book Administering Domino Clusters. Temporarily disable replication Select this to temporarily suspend replication while you troubleshoot a problem. Do not send deletions made in this replica to other replicas This setting prevents deletions made in this replica from replicating. you can disable replication of multiple databases. you can schedule low-priority databases to replicate less frequently and schedule high-priority databases to replicate more frequently. Scheduled replication priority You can assign a priority of High. 7-16 Administering the Domino System. If you assign a different priority to two replicas. For example. Use this primarily to prevent changes made to this property on a local replica from replicating to a server. Assigning miscellaneous replication settings The Other panel of the Replication Settings dialog box includes these miscellaneous settings. Do not send changes in local security property to other replicas This setting prevents changes to the database Encryption property (set by choosing Encryption on the Basics tab of the Database Properties box).

Click the Space Savers panel and then select/deselect options. 6.” Ignore the options above “Replicate. publishing companies — distribute databases on CD-ROM rather than replicate them. 4. • To modify replication settings on an existing replica. which can be a slow process. 3. Make sure you understand replication settings. Click the Advanced panel and then select/deselect any of the options under “Replicate. Creating Replicas and Scheduling Replication 7-17 . 2. Configuration Specifying replication settings for one replica 1. 5.Replication . Cluster replication occurs whenever a change occurs. especially if it occurs over a dial-up connection. click Replication Settings in the New Replica dialog box. 7. Do one of the following: • To specify replication settings for a replica as you create it. the initial replication unnecessarily scans the entire database. not according to schedules in Connection documents. Click the Send panel and then select/deselect options to limit what the replica can send to other replicas.” These are used for managing replication settings for multiple replicas of a database from one central source replica.Settings. The users specify the date the information was published on the CD-ROM so that the first replication with the organization’s replica scans only documents created or modified since the publishing date. CD-ROM publishing date Some organizations — for example. To receive updates. open the replica and choose File . If users do not specify the date. users replicate with a replica on the organization’s server. Click OK.Replication priority doesn’t apply to replicas on a cluster of servers. Click the Other panel and then select/deselect options. This requires Manager access.

Or accept the default entry. and “Replicate. To specify a destination server. To specify the name of a Notes client as a source server. To delete a server. to force the new settings to take effect if the source database isn’t updated. The only replication settings you can specify using centralized management are “Replicate a subset of documents.Replication . then click OK. To specify a source server.” specify the name of a source server.” to control which documents a replica receives. 3. Make sure you understand replication settings. and then choose File . clear the replication history. Or accept the default entry. enter the Notes user’s hierarchical name. enter the Notes user’s hierarchical name. click the computer icon next to “Receives from. 5. Note that changing centrally-administered replication settings requires two replications for the changes to take effect: the first replication to replicate the new settings from the source server to the destination servers and a second replication to replicate based on the new settings. then click OK. 6. select a server. Do one of the following: • Click Replication Settings in the New Replica dialog box to specify replication settings for a new replica. 7.” to control which non-document elements a replica receives.Settings to modify existing replication settings. Volume 1 . Make sure that the central source replica has Manager access in the ACL of all destination replicas. select Add Server. 4. Make sure you have Manager access in the ACL of the central source replica. 2.” specify the name of the destination server. select Delete Server. Click the Advanced panel. click either computer icon. • Open the central source replica. The second replication doesn’t occur until the source database is updated in some other way. 1. then click OK. This approach to customizing replication allows you to centralize replication management and requires that you know the replication requirements for each replica. select Add Server.Specifying replication settings for multiple replicas from one source replica You can customize replication settings for multiple replicas of a database from one central source replica and then replicate these custom settings to the appropriate replicas. 7-18 Administering the Domino System. click the computer icon next to “When computer. To specify a Notes client as a destination server.

Philadelphia. Creating Replicas and Scheduling Replication 7-19 . Note that although the “When computer” box shows only Sales-Bos-E/East/Acme. 11. click “Replicate a subset of documents” and then specify the views/folders to replicate or specify a replication formula. select appropriate options under “Replicate. Each document in the Sales Leads database includes the field “Office” with one of these keywords selected: Boston. To accomplish this.8. Acme replicates only the contents of the Customer Suggestions view to these servers.” 10. Click OK. and Sales-Hart-E/East/Acme. and Sales-Hart-E/East/Acme. Sales-Phil-E/East/Acme. Hartford. To specify which non-document elements the replica should receive. Sales-Phil-E/East/Acme. Acme sets up replication from Sales-E/East/Acme to Sales-Phil-E/East/Acme and to Sales-Hart-E/East/Acme in a similar fashion. Each satellite sales office is only interested in leads pertaining to its area. Configuration Examples of specifying replication settings for multiple replicas Using the same replication settings for all destination servers The Acme Corporation has a database called Technical Support on the server Support-E/East/Acme. it completes the replication settings dialog box on the Technical Support database on Support-E/East/Acme as follows. Using separate replication settings for each destination server The Acme Corporation has a database called Sales Leads on the server Sales-E/East/Acme. Repeat Steps 5 through 9 for each additional destination/source server combination. Acme has three servers at satellite sales offices: Sales-Bos-E/East/Acme. Acme completes the replication settings dialog box on the Sales Leads database on Sales-E/East/Acme. Therefore. which it uses to post information about customer problems and problem resolutions. The database displays customer suggestions made during the support calls in a view called Customer Suggestions. To replicate only sales leads pertaining to Boston to Sales-Bos-E/East/Acme. there are similar settings for Sales-Phil-E/East/Acme and Sales-Hart-E/East/Acme. To have the specified destination replica receive a subset of documents. The satellite sales offices are only interested in customer suggestions and not in other details of technical support calls.” You must select “Replication formula. Acme has three servers at satellite sales offices: Sales-Bos-E/East/Acme. 9.

4. You can connect servers for replication over a Local Area Network (LAN) or over an intermittently connected serial line. or the repeat interval for replication and mail routing separately. and then click Connections. Both mail routing and replication are enabled by default. specify Notes users’ hierarchical names as destination servers. you can use passthru servers for replication. your server needs a certificate in common with the other server. For example. 1. but you can change this setting and use separate Connection documents to schedule each task. In addition. To accomplish this. salespeople could replicate directly with the source replica and receive only leads pertinent to their areas. Creating unnecessary Connection documents increases network traffic and congestion. you create a Connection document that specifies how and when the information exchange occurs. Volume 1 . If it’s not. • The Domino Directory is replicating properly. Use only one Connection document at a time to handle all replication between each pair of servers.Although these examples describe server-to-server replication. click the Configuration tab. How you connect servers for replication depends on the location of the servers. such as a dial-up modem or Remote access service connection. 3. and increase or decrease these settings. Click Server. Select the connecting server’s Domino Directory in the “Use Directory on” field. From the Domino Administrator. Replicating over the Internet is performed identically as with a LAN using TCP/IP. This way. To set up Connection documents for replication Schedule only one server to connect at a time. Connection documents are stored in the Domino Directory. The Domino server must be in the same Notes domain as the Domino server with which you want it to replicate. 7-20 Administering the Domino System. as needed. you can control the specific time(s). you could use similar settings to configure replication between a central source replica and replicas on Notes clients. Make sure that: • Each pair of servers can connect to each other. time range(s). Scheduling server-to-server replication For replication to occur between two servers. 2.

don’t list any ports in the Use the Port(s) field in the LAN Connection document. Click the Replication/Routing tab. The name of the answering server. and specify “Servers only” as the group type. Domino uses all the information it has. The group cannot contain the names of other groups of servers. complete these fields: Field Usage priority Enter Choose “Normal” to force the server to use the network information in the current Connection document to make the connection. The name of the network port (or protocol) that the calling server uses. The name of the calling server. Click the connection you want to work with. If you don’t want to specify the actual port for making a local area network connection. Configuration Source server Source domain Use the Port(s) Destination server Destination domain 7.5. and then click Edit Connection. but would prefer to have Domino determine the port used. and then complete these fields: Field Replication task Replicate databases of Priority Enter Choose Enabled. To do this. Choose one: • High • Medium & High • Low & Medium & High (default) • • • • Pull Pull Pull Push (default) Pull Only Push Only continued Creating Replicas and Scheduling Replication 7-21 Replication type Choose one: . to determine the best path to use to connect with the other server. The name of the calling server’s domain. You can also specify a Group name that contains server names so that the Source server replicates with each server listed in the group you specify. The name of the answering server’s domain. including all enabled LAN ports and all enabled or disabled Connection documents. On the Basics tab. you create a group that contains servers only. 6.

the default is 8 AM . The days of the week to use this replication schedule. Fri. and then complete these fields: Field Schedule Call at times Repeat interval of Days of week Enter Choose Enabled. that replication has to complete. EAST\SALES. If the database is in a subdirectory to the data directory. To specify all files within a directory and any of its subdirectories. Mon. you can: • Specify replication direction • Schedule times for replication • Replicate only specific databases • Replicate databases by priority • Limit replication time • Use multiple replicators • Refuse replication requests • Force immediate replication 7-22 Administering the Domino System.) and specify the names as they exist on the calling server. You can’t use wild cards (*). 9. Click the Schedule tab.Field Enter Files/Directories The names of specific databases or directories of to Replicate databases that you want to replicate. Separate entries with semicolons (. Wed. Tue. the default is 360 minutes. The number of minutes between replication attempts. in minutes.10 PM. Customizing server-to-server replication To customize replication. include the path relative to the data directory — for example. the default is Sun. Volume 1 . The times between which you want replication to occur each day. Replication Time Limit The amount of time. for example EAST\. Sat.NSF. Thu. enter the directory name relative to the data directory with the directory slash. Click Save and Close. 8.

and then click Connections. To change the replication direction: 1.Specifying replication direction When you choose replication direction. • Pull-only is a one-way process in which the calling server pulls updates from the answering server. 5. • Pull-Pull is a two-way process in which two servers exchange updates. 4. see the topic “Forcing immediate replication” later in this chapter. Click the connection you want to work with. 2. two replicators — one on the calling server and one on the answering server — share the work of replication. Domino uses Pull-Push as the replication direction. Using Pull-Push. you could use the Push-only or Pull-only method from the server console when there is an update in a Domino Directory on one server and you want to manually propagate that change to the other servers. You can also specify replication direction when you force replication. From the Domino Administrator. For example. 3. Select the connecting server’s Domino Directory in the “Use Directory on” field. click the Configuration tab. you identify which server(s) send and receive changes. Creating Replicas and Scheduling Replication 7-23 . • Push-only is a one-way process in which the calling server pushes updates to the answering server. Click Server. One-way replication always takes less time than two-way replication. Configuration • Pull-Push. However. The direction you choose does not affect or restrict the functionality of the replication process itself. the default replication direction. and then click Edit Connection. you can specify a different replication direction. For information on forcing immediate replication. Using Pull-Pull. One-way replication always takes less time than two-way replication. Select the new replication direction from the Replication Type menu. By default. the replicator task on the calling server performs all the work. 6. is a two-way process in which the calling server pulls updates from the answering server and then pushes its own updates to the answering server. Click the Replication/Routing tab.

when daily updates of databases are sufficient. You might want to replicate low-priority databases at night when the rates are less expensive or there is less load on the system. For example. schedule replication between 3 AM and 1 PM Eastern Standard Time (EST) to correspond to Germany’s business hours. 7-24 Administering the Domino System. Be sure to consider time zones when you schedule replication between servers in different countries. For example. Click the connection you want to work with. You want to replicate the documents created during each time zone’s peak business hours and schedule replication for an off-peak time. Volume 1 . 2. By scheduling replication for a time range. Hub-E/East/Acme does not place the next call until 10:30 AM. on different networks at the same site. suppose a Connection document schedules Hub-E/East/Acme to call HR-E/East/Acme from 8 AM until 5 PM with a repeat interval of 120 minutes. After the server makes a successful connection. You can schedule server-to-server replication to happen at specific times. with a repeat interval of 360 minutes.Scheduling times for replication Whenever possible. If Hub-E/East/Acme calls and replicates successfully with HR-E/East/Acme at 8:30 AM. Select the connecting server’s Domino Directory in the “Use Directory on” field. click the Configuration tab. or when you’re certain that attempts by the server to connect are successful after just a few retries — for example. 1. and then click Connections. Click Server. 3. and then click Edit Connection. or you can specify a time range with a repeat interval. 5. you ensure that the servers exchange information several times a day. Scheduling replication for one specific time Use a specific time when you schedule replication of low priority databases. 4. it waits the amount of time specified in the “Repeat interval of” field on the Connection document before calling the other server again. to schedule replication between a server in New York and a server in Germany. Click the Schedule tab. schedule replication for times when there is less activity on the network — before or after work or at lunch time. which are six hours later than EST. From the Domino Administrator. The default replication time setting is 8 AM to 10 PM.

In the “Repeat interval of” field. and then click Connections. the next call occurs at the next scheduled time. 8 AM. Select the connecting server’s Domino Directory in the “Use Directory on” field. click the Configuration tab. In the “Connect at times” field. 1 PM. 8 AM. Creating Replicas and Scheduling Replication 7-25 . In the “Connect at times” field. until 9 AM. enter 0. 1. the server tries to connect for an hour. In the “Repeat interval of” field. 2. until 2 PM. 7. 7. The server calls and attempts to connect at the exact time you specified. 2. Click Server. This process continues for each specific time you specify. Click the Schedule tab. enter 0. From the Domino Administrator. 8 AM. Select the connecting server’s Domino Directory in the “Use Directory on” field. Click Save and Close. the server retries for up to an hour. 1 PM. and then click Edit Connection. 8. click the Configuration tab. If unsuccessful. for a connection on different networks at the same site. 6. the server retries for up to an hour. Whether or not the connection succeeds. Whether or not the call succeeds. 4 PM. the next call does not occur until 8 AM the next morning. Scheduling replication for a time range with a repeat interval Specify a time range when you schedule replication for high priority databases. 3. 1. 8. From the Domino Administrator. Click the connection you want to work with. Configuration Scheduling replication for a list of times Use a list of times to schedule replication for medium and low priority databases and for when a few daily updates of databases are sufficient or when you’re certain that connection attempts will be successful after just a few retries — for example.6. If unsuccessful. 5. 4. enter a specific time — for example. enter a list of specific times — for example. If unsuccessful. The server calls at the first time specified. Click Save and Close.

Also use a time range without a repeat interval when daily updates of a database are sufficient or when you know that a long retry period is necessary — for example.5 PM. it calls again at the specified repeat interval after the previous call ended. Click Save and Close. The server attempts the first call at the start of the time range. 4. Click Save and Close. enter a time range — for example. 6. From the Domino Administrator. Scheduling replication for a time range without a repeat interval Use a time range without a repeat interval for medium and low-priority databases. 8. and then click Connections. it keeps trying until the end of the time range.5 PM. Click the connection you want to work with. 5. Click Server. 8 AM . If the server successfully replicates. 6. The server retries the call for the entire range or until a connection is made. In the “Connect at times” field. the server retries periodically for the entire call range. 3. Select the connecting server’s Domino Directory in the “Use Directory on” field. and then click Connections. If unsuccessful. Volume 1 . Click Server. and then click Edit Connection. 7-26 Administering the Domino System. However. 2. The time between call attempts increases with each unsuccessful attempt. If the server cannot connect. Click the Schedule tab. 7. Click the connection you want to work with. In the “Connect at times” field. 7. it does not call again after a successful exchange of information. 8 AM . In the “Repeat interval of” field. 8. enter a time range — for example. If the first call is unsuccessful. and then click Edit Connection. 4. click the Configuration tab. Click the Schedule tab. if you have busy phone lines and you know it will take several attempts to make the connection.3. the server retries periodically until it successfully establishes a connection and replicates. In the “Repeat interval of” field. 5. 1. the server tries again and again. enter how frequently replication should take place — for example. enter 0. 120 minutes. After a failed call.

and then click Edit Connection. enter the days on which you want replication to occur. Click the connection you want to work with. Click the Replication/Routing tab. You can create a simple round-robin schedule for a hub server and its spokes. you could schedule the first server to replicate from 8 AM to 10 AM. 4. click the Configuration tab. Select the connecting server’s Domino Directory in the “Use Directory on” field. and then click Edit Connection. Configuration Staggering schedules You can use staggered schedules on hub-and-spoke topology. For example. Select the connecting server’s Domino Directory in the “Use Directory on” field. and so on. 5. and another that schedules replication for Saturday and Sunday. repeating as often as is practical. 4. and then click Connections. the second server from 8:05 AM to 10:05 AM.Scheduling replication for different days of the week You can create a different replication schedule for different days of the week. From the Domino Administrator. 2. 3. Click Server. This process spreads all data within a hub’s sphere of influence quickly. Click the Schedule tab. To replicate only specific databases: 1. Click the connection you want to work with. For example. Click Save and Close. Domino replicates all databases that two servers have in common. you could create two Connection documents — one that schedules replication for Monday to Friday. Replicating only specific databases By default. 3. 7. 2. 1. Click Server. Creating Replicas and Scheduling Replication 7-27 . In the “Days of week” field. 6. 5. click the Configuration tab. and then click Connections. From the Domino Administrator.

and then click Connections.NSF. only the connecting server receives the specified databases during replication. To replicate databases by priority: 1.). Click Server. enter the directory name relative to the data directory with the directory slash. Click Save and Close. If the replication type is Pull-Pull.6. To specify an individual database. Click the connection you want to work with. If the database is in a subdirectory of the data directory. EAST\SALES. the Domino Directory — to replicate frequently. including the NSF extension. 2. Domino automatically replicates all databases that two servers have in common. To specify all files within a directory and any of its subdirectories. Select the connecting server’s Domino Directory in the “Use Directory on” field. Click Save and Close. 4. for example EAST\. Separate entries with semicolons (. You can schedule low-priority databases to replicate during off-hours. 7. 7-28 Administering the Domino System. 7. Replicating databases by priority Database managers assign a replication priority to databases so that Domino administrators can schedule replication for databases based on priority. In the “Replicate databases of” field. The other server still receives all databases in common with the calling server. you can schedule high-priority databases that are critical to business operations — for example. For example. 5. click the Configuration tab. enter the database names or directory names of specific databases you want to replicate. and then click Edit Connection. include the path relative to the data directory — for example. Volume 1 . enter the file name of the database. 6. select the priority of databases to replicate. 3. In the “File/Directories to Replicate” field. You can’t use wild cards (*). The default setting is Low & Medium & High. Click the Replication/Routing tab. From the Domino Administrator.

To limit the time a server has to replicate: 1. Caution If you specify an inappropriately low value and the databases do not have time to replicate completely.INI file to include the ReplicationTimeLimit setting. you can limit how long the replication period lasts. The replication history isn’t updated so that the next replication takes place after the last complete replication event. ask the database manager to increase the priority level of that database. Configuration Creating Replicas and Scheduling Replication 7-29 . then replication will begin where it left off once it restarts. In the “Replication Time Limit” field. If the “Replication Time Limit” field has a value in it and the replication isn’t complete at the end of the specified time or if the server crashes. enter the maximum connection time in minutes. The log file (LOG.NSF) records a message indicating that termination has occurred but that the replication was successful. 3. Click Server. Click Save and Close. 4. if any. replication terminates upon reaching the time limit. For example. and then click Connections. Select the connecting server’s Domino Directory in the “Use Directory on” field. When the field is blank. if replication depends on a long-distance phone call and the database takes time to replicate. 5. Limiting replication time Limiting the time a server has to replicate with another server prevents extensive replication sessions and allows you to control the cost of replication with servers in remote sites. edit the NOTES. 2.If two replicas are assigned different priorities. 6. regardless of how little progress. Click the connection you want to work with. Domino uses as much time as it needs to complete the replication session. From the Domino Administrator. 7. If you schedule databases to replicate by priority and a particular database isn’t replicating often enough. click the Configuration tab. Click the Replication/Routing tab. To limit replication time for all servers. and then click Edit Connection. occurred. Domino uses the priority assigned to the replica on the server that initiates the replication.

Multiple replicators efficiently use server resources. you can use the Tell command to stop all replicators. if Hub-E/East/Acme is scheduled to replicate with HR-E/East/Acme and with Hub-W/West/Acme simultaneously. Examine the Connection documents that schedule replication on each server. you can schedule one or more additional cycles per day. After you start multiple replicators. if you use one replicator. however. do not schedule a server to call another server on different ports at the same time. set up multiple replicators to handle the replication sessions simultaneously. and save replication time. you can’t use the Tell command to stop a specific replicator. each replicator handles only one replication session at a time. one replicator handles replication between Hub-E/East/Acme and HR-E/East/Acme. Volume 1 . With this shortened cycle. do not schedule Hub-E/East/Acme to call Hr-E/East/Acme on COM1 and Hub-E/East/Acme to call Hub-W/west/Acme on COM2 simultaneously. while a second replicator handles replication between Hub-E/East/Acme and Hub-W/West/Acme. if both Database 1 and Database 2 on Hub-E/East/Acme need to replicate with Hub-W/West/Acme. only one replicator handles each replication session. which means fewer database updates and speedier replications per cycle. For example. 7-30 Administering the Domino System. By adjusting the schedules and enabling multiple replicators. you can shorten the time it takes to complete a replication cycle. If you do not enable multiple replicators. Multiple replicators do not handle replications of multiple individual databases on a source server with a single destination server. When you use multiple replicators. Multiple replicators handle multiple replications between one source server and multiple destination servers simultaneously. one at a time. shorten replication cycles (especially in hub servers).Using multiple replicators If you create Connection documents that schedule a server for multiple simultaneous or overlapping replications with different destination servers. For example. For example.

When you force immediate server-to-server replication.INI file.INI file to include the setting ServerNoReplRequests. Use this method if you need more replicators and you don’t want to shut down the server to change the NOTES. without waiting for a scheduled connection. Creating Replicas and Scheduling Replication 7-31 . you can use a server command to force immediate replication.INI file From the console Steps Edit the Replicators or ServerTasks setting in the NOTES. such as the Domino Directory. see the appendix “Server Commands.INI file. Or you may want to force the calling server to cover the time and cost of the entire replication process. you may want to update a database immediately.To enable multiple replicators Method From the NOTES. without waiting for scheduled replication to occur. For example. or you might need to replicate with a different server because the usual server is unavailable. Forcing immediate replication You can replicate changes to critical databases. You can use this feature to reduce the replication workload on a particular server or to isolate a server for troubleshooting.” For more information on entering server commands. see the appendix “NOTES. you can initiate replication in one or in both directions. Enter the Load Replica command at the console. After you create Connection documents to schedule server-to-server replication. the server loads another replicator. edit the NOTES. Configuration For more information on settings in the NOTES.INI File.INI file. There are many situations when forcing replication is necessary. If this setting is set to 1. the called server refuses all replication requests. Each time you enter this command.” Refusing replication requests To prevent a server from accepting a request for replication. You can force immediate replication to trace replication and mail routing problems or to force changes to critical system databases — such as in the Domino Directory — to spread quickly through the domain.

Replication .” 7-32 Administering the Domino System. 4. To disable replication of one database 1. Pull Push Disabling database replication You can disable replication of a database — for example. click the servers icon in the server pane. and in Step 3 deselect “Temporarily disable replication. From Tools. To expand the server pane.Command Replicate Result Replicates changes to databases in both directions.” and then click OK. enable replication again. To enable replication again. From the Domino Administrator. 5. repeat Steps 1 and 2. 3. drag the selected databases to the Replication tool. Then. select the server in the server pane on the left that stores the databases. Replicates changes to databases in one direction where the initiating server pulls changes from the other server. 3.Settings. 2. or if you use the Domino Administrator. after you correct the problem. Select “Temporarily disable replication” and then click OK.4. Or. Select the databases for which you want to disable replication. Click the Files tab. you can disable and enable replication of multiple databases at once. To enable replication again. and in Step 5 select “Enable replication. You can disable and enable replication of one database. click Database . repeat Steps 1 . 2. Domino performs Pull-Push replication. Replicates changes to databases in one direction where the initiating server pushes database changes to the other server. Select “Disable.” To disable replication of multiple databases 1. Select Other. Open the database and choose File . Volume 1 . to stop replication while you troubleshoot problems.Replication.

5. 2. Open the database. there are times when you want to force replication between two replicas. Pull. Select “Send documents to server” to send updates from the replica you selected on your workspace to the server you selected in Step 4. 4.nsf Creating Replicas and Scheduling Replication 7-33 . Replicating from the server console You can use a database option with the Replicate. • • • Use the Replicate command to send changes to and receive changes from a specified server Use the Pull command to receive changes from a specified server Use the Push command to send changes to a specified server For example. 6. For example.NSF from the server Webstage-E/East/Acme to the server Web/East/Acme. Select the server that stores the replica with which you want to replicate. Select “Replicate with options” and click OK.Forcing a server database to replicate Replication between database replicas on servers typically occurs according to schedules in Connection documents. to send changes to the database PRODUCTS. However. rather than wait for replication to occur on schedule. you might force replication when you want to test replication settings or troubleshoot replication problems. Select “Receive documents from server” to send updates from the server you selected in Step 4 to the replica selected on your workspace. 3. Configuration Replicating from the database 1. Choose File . 7.Replication . or Push server commands to force replication of a specific database that two servers have in common. Click OK. enter the following command from Webstage-E/East/Acme: Push Web/East/Acme Products.Replicate.

Volume 1 . Replication topology maps are most useful for quickly displaying the replication topology and for letting you easily follow connections between servers. click the Servers . even if the server is a member of a group listed in the “Destination server” field in a Connection document. and cc:Mail Post Office has its own icon. Schedule isn’t complete. You can also see a graphical representation of your replication topology. You only need to run this task on one server in your domain. The information it gathers will replicate to the other servers. click the Replication tab. Click Replication schedule. cluster. Click Done. To view replication schedules 1.Viewing replication schedules and topology maps You can see a graphical representation of each server’s replication schedule at a glance with the Domino Administrator. network. A line represents each replication connection. A replication connection between two servers appears as a broken red line. Each server. 2. 3.Start. This task refreshes topology information nightly. Patterns represent the replication status of each server: Schedule is being performed. To see replication topology information. To start the topology Maps task The Maps task enables you to view replication topology from the Domino Administrator. From the Domino Administrator. as long as it has permission to do so. Each server’s replication schedule appears separately. Schedule is complete. enable the Maps task manually. This task is not enabled by default. Multiple connections between servers appear as lines superimposed on each other. 2. 7-34 Administering the Domino System. From the Domino Administrator. 4. Select Maps Extractor from the menu and then click Start Task. Click Tools . 1.Status tab. 3.

To focus on a specific area of the topology map. 4. (Optional) Double-click a line connecting any two servers to open the corresponding Connection document in the Domino Directory. Configuration Creating Replicas and Scheduling Replication 7-35 . (Optional) Double-click any server in the topology map to make that server the center of the map. select the server for which you want to create a topology map. Click the Replication tab.To display the replication topology map 1. Do one of the following: • Click “Replication topology by connections” to view connections between the server you selected and all of the servers connected to it. • Click “Replication topology by clusters” to view all server clusters and their replication patterns. 2. 5. 3. use the plus (+) and minus (-) keys to zoom in and out. From the Bookmarks pane.

.

Each user can keep a personal calendar and create a Calendar Profile that identifies who may access the user’s free time information and specifies when the user is available for meetings. and nnotes tasks) to operate. the Free Time system performs the free-time lookups. When users invite other users to meetings.INI file. When you install Lotus Domino 6 on a server (any server except a directory server). the Calendar Connector (Calconn task). schedule meetings with them. such as conference rooms and equipment. As an administrator. Calconn. and the Free Time system (a combination of Sched. By default. 8-1 . The calendar and scheduling features use the Schedule Manager (Sched task). Configuration Calendars and scheduling The calendar and scheduling features allow users to check the free time of other users. and reserve resources.Chapter 8 Setting Up Calendars and Scheduling You can set up the calendar and scheduling features to allow users to schedule meetings and reserve resources.NSF for clustered mail servers) and creates an entry in the database for each user who has filled out a Calendar Profile and whose mail file is on that server or on one of the clustered servers.NSF for non-clustered mail servers and CLUBUSY. If the lookup involves searching in Free Time systems on different servers or scheduling applications. Users import this information directly into their personal calendars. the Schedule Manager has access to the Free Time database. the Schedule Manager task collects and updates that information in the Free Time database. the Schedule Manager creates a Free Time database (BUSYTIME. When users schedule appointments in their calendars and reserve resources. which you can modify. the Calendar Connector sends out the queries. so you do not have to define the ACL for this database. Lotus Domino 6 includes a set of default Holiday documents. you can define holidays that are particular to your organization or country. the Sched and Calconn tasks are automatically added to the server’s NOTES. When you start the server for the first time. The Free Time system also searches for and returns information on the availability of resources.

A benefit of clustered scheduling is that schedule information is always available. Other advantages of using clustered scheduling include improved performance and reduced server traffic.NSF.NSF and creates BUSYTIME. who uses a different scheduling application (Lotus Organizer®). who is in the same domain as Kathy. The clustered version of the Free Time database works the same as the Free Time database (BUSYTIME. and use different scheduling applications. This validation also occurs once each day (at 2 AM) to update free-time information for users whose mail files have been added to or removed from a mail server. Each clustered server has a replica of the clustered Free Time database.NSF).NSF database on that server and creates CLUBUSY. the opposite occurs: Schedule Manager deletes CLUBUSY. the Schedule Manager deletes the BUSYTIME. which stores information about users whose mail files exist on servers in the cluster. the Schedule Manager creates the clustered Free Time database (CLUBUSY. With non-clustered scheduling. Because the Free Time database is available from other members in a cluster.Using clustered Free Time databases For clustered mail servers. Example of scheduling a meeting This section describes the process of scheduling a meeting when users share the same mail server and domain.NSF) the first time a server starts. If you add a previously non-clustered server to a cluster. Kathy wants to check the free time of and schedule a meeting with three users — Bob. In the following examples. the clustered Free Time database contains information about users whose mail server you removed from the cluster. and Susan. have different domains. Robin. If you remove a server from a cluster. which then replicates to all cluster members. You can update the information at any time by entering the Tell Sched Validate command at the console. the server that receives a user’s query does not have to search another server’s Free Time database for schedule information about a user whose mail server is in the cluster. Until the Schedule Manager validates the database by checking to see if the location of users’ mail files has changed. even when users’ home servers are down.NSF. the Free Time database is not available for searching. if users’ home servers are not available. who is in a different domain. 8-2 Administering the Domino System. Volume 1 .

Users in different domains 1. In addressing the invitation.Users in the same domain 1. Kathy creates a meeting invitation and chooses to search for Robin’s free time. Setting Up Calendars and Scheduling 8-3 . Kathy’s Domino Directory is checked for Bob’s Person document. a message appears indicating that the server is unavailable. Kathy specifies Robin’s domain. 4. it converts Bob’s name into a fully qualified name. the name of which is listed in Bob’s Person document. When the Person document is found. and the Find Time dialog box indicates that Bob’s information is unavailable.NSF or CLUBUSY. Kathy creates a meeting invitation and chooses to search for Bob’s free time. the Free Time system finds the information and returns Bob’s free time to Kathy.NSF) on Kathy’s mail server. • If the Free Time system finds an Adjacent Domain document. it looks at the Calendar server name field of the document for the name of a server that accepts calendar queries for Robin’s domain. If the Free Time system doesn’t find any information. The Free Time system on Bob’s mail server looks in its Free Time database and returns the information to Kathy via the Calendar Connector. The Free Time system looks for Bob’s name in the Free Time database (BUSYTIME. 4. The Free Time system then forwards the query to this server for processing. 2. Kathy’s Domino Directory is searched for a document that matches Robin’s domain. A query is sent to Kathy’s mail server. 5. and the Find Time dialog box indicates that Bob’s information is unavailable. The Free Time system looks for Robin’s name in the Free Time database on Kathy’s mail server. the query fails. It determines Robin’s mail server is in a different domain. Configuration • If Bob and Kathy have the same mail server or if Bob’s and Kathy’s mail servers are part of a cluster. the Calendar Connector sends the request to Bob’s mail server. 3. • If the Free Time system does not find any information on Bob. 3. A free time query is sent to Kathy’s mail server. 2. • If Bob’s mail server is unavailable and his Free Time database is not clustered.

• If the Free Time system finds a Non-adjacent Domain document with an empty “Route requests through Calendar server” field. the “Calendar system” field identifies the name of the add-in program — for example. The Free Time system finds a Foreign Domain document for Susan’s calendar domain. The Free Time system forwards the query to the appropriate server (the server listed in the Calendar server field) for processing. 3. The Free Time system then looks for a Domain document for the calendar domain. Because Susan is using Lotus Organizer as her scheduling application. so it converts Susan’s name into a fully qualified one. Kathy’s Domino Directory is searched for Susan’s Person document. The Free Time system looks in Susan’s Person document and locates the name of her mail server in the Mail server field and the name of her calendar domain in the Calendar Domain field.• If the Free Time system finds an Adjacent Domain document with an empty Calendar server name field. The Calendar server field in the Foreign Domain document identifies the name of the server that accepts queries for Susan’s domain. it fails. 4. The Free Time system then forwards the query to this server for processing. • If the Free Time system finds a Non-adjacent Domain document. The Free Time system looks for Susan’s name in its Free Time database. it fails. 8-4 Administering the Domino System. 5. Users in other calendar domains 1. It does not find the information. 6. 2. and the Find Time dialog box indicates that Robin’s information is unavailable. Volume 1 . and the Find Time dialog box indicates that Robin’s information is unavailable. Organizer or IBM® OfficeVision® — that actually does the free-time lookup on Susan’s server. and the Find Time dialog box indicates that Robin’s information is unavailable. it looks at the “Route requests through Calendar server” field of the document for the name of the server (which is in a domain adjacent to Kathy’s and Robin’s) that accepts calendar queries for Robin’s domain. the Free Time system finds that her calendar domain does not match her mail server domain. Kathy creates a meeting invitation and chooses to search for Susan’s free time. 7. • If the Free Time system doesn’t find any domain documents. the query fails. A query is sent to Kathy’s mail server.

4. 5. in the same Domino domain or in different Domino domains — and whether users use alternate scheduling applications. the query fails. For users in adjacent Domino domains 1. For more information on Adjacent Domain documents. Setting Up Calendars and Scheduling 8-5 . 6. and then open each appropriate Adjacent Domain document. see the chapter “Setting Up Mail Routing. and save the document: Field Calendar server name Enter The name of the server in the adjacent domain that accepts and processes all scheduling queries for that domain. Configuration For users in the same Domino domain Scheduling is automatically set up for non-clustered and clustered Free Time databases. complete this field.Domains. Click the Calendar Information tab. Click Messaging . such as Lotus Organizer and IBM OfficeVision. click the Configuration tab. Make sure that you have set up Adjacent Domain documents in the Domino Directory to establish communication between the domains. Set up the Resource Reservations database if you want to allow users to search for and reserve resources. From the Domino Administrator.” 2. Choose the Domino Directory in the “Use Directory on” box. and the Find Time dialog box indicates that Susan’s information is unavailable. You need to create the Resource Reservations database so that users can search for and reserve resources. Setting up scheduling How you set up scheduling depends on where users are located — that is. 3.If the Free Time system doesn’t find a Foreign Domain document.

Make sure you already set up a Foreign Domain document in the Domino Directory for each alternate scheduling application. Choose the Domino Directory in the “Use Directory on” box. set up scheduling to include them. 1. Set up the Resource Reservations database if you want to allow users to search for and reserve resources. Click the Calendar Information tab. click the Configuration tab. This server accepts and forwards free time queries from the source to the target non-adjacent domain. see the chapter “Setting Up Mail Routing.For users in non-adjacent Domino domains In order for two non-adjacent domains to do free-time lookups between each other. From the Domino Administrator. 3. If users want to keep their schedules in either program.” 2. Click Messaging . From the Domino Administrator. and then open each appropriate Non-adjacent Domain document. complete this field. For more information on Non-adjacent Domain documents. Note Free-time lookups require reasonable network response time and direct LAN connections from the intermediate domain to the two separate non-adjacent domains. You need to create a Foreign Domain document for each alternate scheduling application. 1. 8-6 Administering the Domino System. click the Configuration tab. and save the document: Field Route requests through calendar server Enter The name of a calendar server that is in a domain adjacent to both the querying and the target domains.Domains.” 2. 6. For users of Lotus Organizer or IBM OfficeVision Lotus Domino 6 scheduling works with both Lotus Organizer® and IBM OfficeVision®. Make sure that you have set up Non-adjacent Domain documents in the Domino Directory to establish communication between the domains. see the chapter “Setting Up Mail Routing. you need to define a Calendar server in an intermediate domain that is adjacent to both the querying and the target domains. 4. Volume 1 . For more information on Foreign Domain documents. 5.

the Schedule Manager tracks the free time of a resource the same way it tracks free time for users. Resource. Users can select a particular resource and reserve a time for it. A Site Profile document identifies the site where particular resources are located. Click Messaging . Click the Calendar Information tab. Configuration 6. To reserve a resource. Choose either Organizer or OfficeVision from the list. Setting Up Calendars and Scheduling 8-7 . Choose the Domino Directory in the “Use Directory on” box. and save the document: Field Calendar server name Calendar system Enter The name of the server that is running the alternative scheduling program. and then open each appropriate Foreign Domain document.3.Domains. a user can either create a Reservation document or add the resource to a meeting invitation. Setting up the Resource Reservations database The Resource Reservations database is where users schedule and manage meeting resources. 5. enter the name of the foreign domain in the Calendar Domain field of each user’s Person document. A Resource document defines the resource name — for example. and Reservation. For Notes mail users who use a different scheduling application. After you create Site Profile and Resource documents. 4. the name or number of the conference room. The Resource Reservations database contains three types of documents: Site Profile. 7. complete these fields. such as overhead projectors and video machines. Resources may include conference rooms and equipment. Set up the Resource Reservations database if you want to allow users to search for and reserve resources. or they can choose a time and let the Resource Reservations database display resources available during that time.

Use the file name extension nsf. 2. Enter the name of the database. For more information on setting database ACLs. set up the ACL for the database.Database .Database .Access Control. Click OK. Enter a file name for the database. 4. 2. Field Server Title File Name Template server Show advanced templates Action Enter the name of the server on which you are creating the database. From the Domino Administrator. Setting up the database ACL for the Resource Reservations database After creating the Resource Reservations database. 8-8 Administering the Domino System.NTF) template. choose File . List the names of all users who are authorized to create Resources and Site Profile documents and assign to them the [CreateResource] role. see the chapter “Controlling User Access to Domino Databases. Choose the template server from which you will be copying the template.NTF) template. Inherit future design changes 3. Complete these fields on the New Database dialog box. choose File . Volume 1 .To set up the Resource Reservations database 1.New. Click this check box to display additional templates including the Resource Reservations (RESRC60. The CreateResource role is required.” 3. Click the check box if you want the database to inherit design changes that will be made to the template in the future. Assign the CreateResource role to anyone who needs to create a site or a resource. From the Domino Administrator. Select the Resource Reservations 6 (RESRC60. Click OK. 1.

type. There are three types of resources: • Room — Typically a conference room that you want to allow users to reserve for meetings. When setting up rooms as resources. and availability. Lotus Domino 6 looks up rooms according to how they have been added to the Resource Reservations database — either by name or by number. When you create a Resource document. Setting Up Calendars and Scheduling 8-9 . When a user reserves a conference room with type-ahead enabled. enter the room information in a consistent format. see the IBM Lotus Sametime 3. but that you want to make available for users to reserve Configuration • After you set up resources. and you specify who can reserve the resource.notes. When you set up this resource. You must create at least one Site Profile document before you can create Resource documents. Online Meeting Place — Meeting held “online” via Sametime 3.Creating Site Profile and Resource documents A Site Profile document defines a particular site where a resource exists and associates that site with a Resource Reservations database and the Domino Directory. you must enter the seating capacity of the room. the Administration Process creates a corresponding Resource document in the Domino Directory. Go to http://www. During a free-time query. either by name or by number. Setting up all room resources by room name or by room number helps eliminate this type of error.net/doc to download documentation. but not by both. an error is generated and the room is not located. users can search for the free time of a resource and schedule the resource for a meeting while searching for free time and inviting users to the meeting. the Free Time system searches the Free Time database to find the location of these resources and returns information on the availability of both the resource and the invitees.0 running with Domino Release 6. you define the resource name. If a user enters a room name and the room resource is set up by room number. For each Resource document you create. Lotus Domino 6 searches for the conference room by room number or by room name. • Other — Resources that are not rooms or online meetings.0 Administrator’s Guide. For more information on setting up Sametime. Doing so will limit the number of errors caused when a room cannot be located in the database.

Make sure that you have the [CreateResource] role in the ACL of the Resource Reservations database and that at least one Site Profile document has already been created. click the Files tab.When you create a Site Profile or Resource document. select the server from which you want to work. To create a Site Profile document 1. Volume 1 . click the Files tab. and select any view except Calendar. Make sure that you have Manager access and the [CreateResource] role in the ACL of the Resource Reservations database. To create a Resource document 1. By default. your current Domino domain is entered in this field. Open the Resource Reservations database. 50 West Lincoln Building. select the server from which you want to work. 3. My Reservations. Click Save and Close. 2. From the Domino Administrator. From the Servers pane. The name of the domain where the Resource Reservations database resides. the new resource is not available for users to schedule until the Administration Process adds the resource to the Domino Directory and the addition replicates to all replicas that are on servers used for scheduling resources of the Domino Directory. From the Servers pane. 8-10 Administering the Domino System. 5. Click New Site. and Reservations Waiting for Approval. 5. 7. Open the Resource Reservations database. From the Domino Administrator. 6. Complete these fields: Field Site name Domain name Enter The name of the site where the resource exists — for example. 4. 2. 4. Click New Resource. 3.

The Internet Address field is not visible for Online Meeting Place. for example. and then choose one. Click to display a list of available sites. from which you can choose. Name for category of Resource — for example. This field also displays names of all previously entered Category values. A description of the resource — for example. large conference room with a video monitor. a room number. Choose one of these Resource Types: • Room — if the resource is a room • Other — if the resource is not a room • Online Meeting Place — if you will be meeting via Sametime server. The capacity of the resource. An Internet address that iCalendar users can use to reserve the resource. Electronic or AV. and complete these fields: Configuration Field Name Site Category (Appears when you select Other as Resource Type) Capacity (Appears when you select Room as Resource Type) Description Internet address Enter A unique name that identifies the resource — for example.6. Setting Up Calendars and Scheduling 8-11 . Click the Resource Information tab. 7. the seating capacity of a room.

Availability Choose one of these: settings • 24 hours everyday — The resource is available 24 hours each day. Field Enter Choose one: Owner restrictions • None — Click if no owner is assigned to the resource and anyone can reserve the resource. The owner is the person or group to whom requests from other users (those not listed in the List of names field) are forwarded for approval and processing. but you can specify others as applicable. such as Eastern Time. Only the Resource owner can process Resource requests without special approval. Volume 1 . The owner is the person or group to whom requests from other users (those not listed in List of names field) are forwarded for approval and processing. • Owner only — Click to assign a Resource owner. Other comments (Optional) Enter additional comments as necessary. • Autoprocessing — Click to allow only specified users and groups access to the resource and to assign a resource owner. • Disable reservations — Click to prevent users from reserving a resource from a meeting notice and directly from the Resource Reservations database. • Time zone — Specify the time zone for the resource. • Days of week and hours of days — Select the days of the week that the resource is available.8. 8-12 Administering the Domino System. Enter the name of the resource owner in the Owner’s name field. Specify availability start time and end time for each available day selected. go to Step 9. The default is Local Time. When you select this availability setting. Enter the following Owner Options for resources of type Room or Other. If you chose a resource type of Online Meeting Place. other availability settings are disabled. Enter the names of users allowed to reserve this resource in the List of names field. Enter the names of users allowed to reserve this resource in the List of names field. • Specific people — Click to allow only specified users access to the resource. Enter the name of the resource owner in the Owner’s name field.

Setting Up Calendars and Scheduling 8-13 . an Administration Process Request document for the resource deletion is created in the Administration Requests database (ADMIN4. Field Online meeting database Enter The default database. Do not complete Step 9. and Ownership Options fields. Other Comments. Sametime server Name of the Sametime server hosting the meeting. Capacity. Audio Video Support Choose one: • Audio — Voice only • Audio and Video support — Voice and video display Configuration 10. External address Name of the mail-in database on the Sametime server. Note that to approve requests you need the appropriate access in the ACL of the Administration Requests database. To change any other information about the resource. stconf. If you chose a resource type of Room or Other. you must delete the Resource document and then create a new one containing the new information. Enter the following Online Resource data for resources of type Online Meeting Place. you must open the Administration Requests database and approve the request for deletion. This field cannot be modified. is entered by default.nsf.9. To delete the resource and remove it from the Domino Directory. Editing and deleting Resource documents After you create a Resource document. complete step 8 and then Step 10. Online resource data.NSF). the information that you can change includes the Availability Settings. If you delete a resource from the Resource Reservations database. The name you enter here must be identical to the name of the Sametime Mail-in database in the Domino Directory. New resource information is not available until the Administration Process updates the Resource document in the Domino Directory and the change replicates to all relevant replicas of the Domino Directory that are on servers used for scheduling resources. Description. Click Save and Close.

To edit a Resource document 1. select the server from which you want to work. do not complete Step 6. This field also displays names of all previously entered Category values. From the Domino Administrator. • Owner only — Click to assign a Resource owner. if it has one — for only) example. Open the Resource document you want to edit and click Edit Resource. 6. from which you can choose. • Autoprocessing — Click to allow only specified users access to the resource and to assign a resource owner. the seating capacity of a room. Open the Resource Reservations database. Field Description Enter Description of the resource. Category (for Other only) Name for category of Resource — for example. 3. and then click Resources. Make sure that you have the [CreateResource] role in the ACL of the Resource Reservations database. Non-modifiable field. go to Step 7. If you are editing a resource of type Online Meeting Place. Only the Resource owner can process Resource requests. • Specific people — Click to allow only specified users access to the resource. 4. Enter the names of users allowed to reserve this resource in the List of names field. Electronic or AV. Enter the names of users allowed to reserve this resource in the List of names field. continued 8-14 Administering the Domino System. Volume 1 Owner restrictions . 2. • Disable reservations — Prevent users from reserving a resource from their mail file. Choose one: • None — Click if no owner is assigned to the resource and anyone can reserve the resource. click the Files tab. The owner is the person to whom requests from other users (those not listed in List of names field) are forwarded for approval and processing. Capacity (for Rooms The capacity of the resource. From the Servers pane. Enter the name of the resource owner in the Owner’s name field. Edit any of the following fields for resources of type Room or Other. 5. Enter the name of the resource owner in the Owner’s name field.

Field Description Online Meeting Database External address Enter Description of the resource. The name you enter here must be identical to the name of the Sametime Mail-in database. is entered by default. other availability settings are disabled. Choose one: • Audio — voice only • Audio and Video — Voice and video display Modify or enter comments regarding the resource as desired. • Days of week and hours of days — Select the days of the week that the resource is available. Do not complete step 7. Sametime server Audio Video Support Other comments 8.NSF. Click Save and Close. The default database. such as Eastern Time. If you are editing a resource of type Other or Room go to step 8. 7. Name of the Sametime server hosting the meeting. Specify availability start time and end time for each available day selected. Name of the mail-in database on the Sametime server.Field Enter • 24 hours everyday — The resource is available 24 hours each day. Setting Up Calendars and Scheduling 8-15 . but you can specify others as applicable. Edit any of the following fields for resources of type of Online Meeting Place. When you select this availability setting. The default is Local Time. STCONF. • Time zone — Specify the time zone for the resource. Availability settings Choose one: Configuration Other comments Internet address Enter additional comments about the resource as necessary. This field cannot be modified. An Internet address that iCalendar users can use to reserve the resource.

Click Yes and click OK. After deleting the resource in the user interface. and then click Resources. 4. 3. 2. assign Editor access to that user in the database ACL of the Resource Reservations database. Click Pending Administrator Approval. the Move to Trash and the Empty Trash buttons are then enabled. To approve the resource deletion To process the deletion. and click Delete Resource. Open the Resource Reservations database. assign Editor access to that user in the database ACL of the Resource Reservations database.Analysis Administration Requests (6). 5. open the Administration Requests database and approve the deletion there. via a Web browser. From the Domino Administrator. 1.To delete a resource When you delete a resource. Complete these steps to approve the “Approve Resource Deletion” administration request. 2. Open the Approve Resource Deletion request document and click Edit Document. In a Web view. 4. 3. The Delete Reservation button is then enabled. select the server from which you want to work. Choose Yes and then click OK to approve the deletion. To allow a Web user to delete a reservation in the Resource Reservations database. Setting user access rights to edit and delete reservations To allow a user to delete a reservation in the Resource Reservations database on a Notes Client. Volume 1 . Open the Resource document that you are deleting. Make sure that you have the [CreateResource] role in the ACL of the Resource Reservations database. 6. 5. 1. Instructions for both procedures are included here. 8-16 Administering the Domino System. From the Servers pane. an administration request that requires the administrator’s approval is also generated. the request needs approval in the Administration Requests database. From the Domino Administrator. click Server . Click Approve Resource Deletion. click the Files tab.

Configuration Creating Holiday documents Holiday documents provide a way for your organization to have a centrally managed collection of documents that contain information on scheduled holidays and events. United States or Italy — and the groups contain documents specific to holidays in each country. can be deleted by a requester with Editor access to the Resource Reservations database. with Editor access to the Resource Reservations database. non-repeating reservations that are created manually in the Resource Reservations database can be edited by the requester of the reservation. or by a database manager with Editor access to the Resource Reservations database and the CreateResource role. you may have a group named “Full-time” that contains all the company holidays for full-time employees. To add a document to an existing group. As an administrator. To create new groups. Then you can advise all users to import a specific group of Holiday documents. Lotus Domino 6 includes default Holiday documents that you can modify or delete. enter a new group name in the Holiday document. Repeating room or resource reservations that are created manually cannot be edited.Reservations that are created manually or with Calendaring and Scheduling. Remember that your users import Holiday documents according to group name. Setting Up Calendars and Scheduling 8-17 . a resource owner with Editor access to the Resource Reservations database. so be sure to plan the organization of documents in groups. Users select the type of Holiday documents to import and add the information to their personal calendars. you may want to modify or delete these documents to reflect your organization’s needs. not document name. if the reservation has a status of “waiting for approval” or if the reservation has been accepted. You categorize Holiday documents according to a group name. Single-room. For example. Holiday documents are stored in the Domino Directory. select the group when you create a new Holiday document. you can also add Holiday documents specific to your organization’s needs. The default Holiday documents included with Lotus Domino 6 have group names associated with countries or religions — for example.

3. Field Start date Action Enter the date when the holiday first occurs. 5.To create a Holiday document 1.Holidays. Complete these fields on the Basics tab: Title Group Action Do one of these: • Select a group from the list • Add a new group in the New keyword field and then click OK Title Repeat Enter the name of the holiday — for example. Click Miscellaneous . Volume 1 . do not complete Step 6. Repeat until (Displays if you select Until in the Continuing field. Choose one: • Until — Click Until and then enter a specific date in the “Repeat Until” field. enter June 1 as the Start Date and select “For” from the Continuing field to specify an end date of August 31. From the Domino Administrator. 6. If you chose Custom in the Repeat field in Step 5. Instead. go to Step 7. Click Add Holiday. if your organization gives employees every other Friday off from June through August. Select the Domino Directory server in the “Use Directory on” field.) Enter the last date on which the Holiday should repeat. This date may be the actual date of the holiday (such as New Year’s day) or it may be the date from which to start the holiday. Christmas Specify how often the holiday repeats: • • • • Monthly by Date Monthly by Day Yearly Custom — If you choose Custom. click the Configuration tab. 4. enter one or more dates on which the holiday repeats. • For — Click For and then specify the number of months or years during which the holiday repeats in the “Repeat For” field. Continuing continued 8-18 Administering the Domino System. For example. 2.

01/02/2003. Complete this step only if you chose Custom in the Repeat field in Step 5. 8. Complete these fields: Field Mark time as Action Choose how each user’s calendar will record this holiday: • Busy — This holiday will appear as Busy time in the user’s schedule so that meetings cannot be scheduled on the holiday. • Free — This holiday will appear as Free time in the user’s schedule. (Applies to Monthly by Date and by Day) If the date falls on a weekend (Applies to Monthly by Date only) Choose one: • • • • Don’t Move Move to Friday Move to Monday Move to Nearest Weekday Configuration 7.) Enter Enter the date or dates when the holiday occurs — for example. Click Save and Close. Setting Up Calendars and Scheduling 8-19 .Field Action Repeat For Enter the number of months or years during which the holiday should repeat. Field Repeat Dates (Applies only to Custom. 01/01/02.) Repeat Interval Choose how often the holiday repeats by month and day. (Displays if you select For in the Continuing field. so that meetings can be scheduled on that holiday. Detailed description (Optional) Enter a detailed description of the holiday. 9.

1. You can enable or disable this feature across the entire Domino domain from the server’s Configuration Settings document. 5. see the topic “To create a Holiday document” in this chapter. Select the Domino Directory server in the “Use Directory on” field. Volume 1 .NSF. additional detailed data is available to other users. 3. Click Miscellaneous . For clustered servers. Collecting detailed information from user calendars If a user requests it. To modify an existing Holiday document After you modify or delete an existing Holiday document.To view the default Holiday documents Lotus Domino 6 includes default Holiday documents that contain information on holidays observed around the world. 4. From the Domino Administrator.NSF. do not enable the server to collect this data. This information is stored in the Freetime database. the Italy group contains documents specific to Italian holidays. 8-20 Administering the Domino System. Click Miscellaneous . 6. For example. The Holiday documents are organized into groups by country or religion. To limit growth of this database. or you can set it for specific servers. Modify fields as you wish. For more information on the individual fields. 2. BUSYTIME. 2. for non clustered servers. 3.NSF or CLUBUSY.Holidays to see all the default Holiday documents. From the Domino Administrator. the database is CLUBUSY. the database is BUSYTIME.Holidays. click the Configuration tab. Select the Domino Directory server in the “Use Directory on” field. Select the desired Holiday document and click Edit Holiday.NSF. 1. click the Configuration tab. users receive the modifications only when they choose to run import from their mail files. Choose the geographical/religious category for the Holiday.

Configurations. From the Domino Administrator. 3. click the check box “Extract calendar details. click the Configuration tab. Choose any of these calendar details to extract: • Chair — Allows other users to see who will chair the meeting • Location — Allows other users to see the site location of the meeting • Room — Allows other users to see the name or other identifier for the room 6. Configuration Setting Up Calendars and Scheduling 8-21 . Select the Server Configuration document you want to modify. 2. On the Basics tab. Choose Server .To collect detailed calendar information from user calendars 1.” The feature is enabled. 5. 4. Click Save and Close. and click Edit Configuration.

.

and security. Mail archiving — Use archive policy settings to control mail archiving.Chapter 9 Using Policies Using policies. Setup — If a policy including setup policy settings is in place before you set up a new Notes client. For example. Desktop — Use desktop policy settings control and update the user’s desktop environment or to reinforce setup policy settings. Once a policy is in place. Configuration Policies Using a policy. the next time users authenticate with their home server. and mail. Each of these policy settings documents defines a set of defaults that apply to the users and groups to which the policy is assigned. if a change is made to any of the policy settings. and it will automatically apply to those users to whom the policy is assigned. roaming user designation. you can distribute and control a standard set of administrative settings for user registration and setup. these settings are used during the initial Notes client setup to populate the user’s Location document. these settings set default user registration values including user password. Archive settings control where archiving is performed and specify archive criteria. and desktop and user preferences. A policy is a document that identifies a collection of individual policy settings documents. Policy settings documents cover these administrative areas: • Registration — If a policy including registration policy settings is in place before you register Notes users. Setup settings include Internet browser and proxy settings. Internet address format. applet security settings. • • • 9-1 . mail archiving. desktop configuration. you can easily change a setting. you control how users work with Notes. the desktop policy settings restore the default settings or distribute new settings specified in the desktop policy settings document.

For example.” later in this chapter. Volume 1 . all settings defined in the desktop. For example. that user automatically receives the settings in the corresponding organizational policy. Organizational policies An organizational policy automatically applies to all users registered in a particular organizational unit. because the user transfers from the Sales department to the Marketing department — the organizational policy for the corresponding certifier ID is automatically assigned to the user. 9-2 Administering the Domino System. see the topic “Assigning an explicit policy. Understanding the differences between the types helps you plan the implementation. and security policy settings documents associated with the */Marketing/Acme organizational policy are assigned to the user. if you move the user from Sales/Acme to Marketing/Acme. Organizational and explicit policies There are two types of policies: organizational and explicit. including the synchronization of Internet and Notes passwords. For information on assigning an explicit policy. If you move a user within the hierarchical structure — for example. create an organizational policy named */Sales/Acme. archiving.• Security — Use security settings to set up administration ECLs and define password-management options. create an explicit policy and then assign it to each contract employee or to the group that includes all contract employees. by editing the user’s Person document. to set a six-month certification period for contract workers in all departments. Then when you use the Sales/Acme certifier ID to register a user. to distribute default settings to all users registered in Sales/Acme. or by using the Assign Policy tool. Explicit policies An explicit policy assigns default settings to individual users or groups. The new policy settings become effective the first time users authenticate with their home server. For example. There are three ways to assign an explicit policy: during user registration.

the order of resolution is that all organization policy settings are resolved first. The field values in an effective policy may originate from many different policy settings documents. However. Policy hierarchy and the effective policy The effective policy for a user is a set of derived policy settings that are dynamically calculated at the time of execution. Once you have set this value. possibly because of their position or job requirements. they can override the database quota setting. if you want all users to use the same Internet mail name format. you can create an explicit policy that applies to the select group only. you specify only the settings that will not be enforced. When you create an exception policy. a small group of employees in Acme need to exceed this quota. When this exception policy is assigned to users. that does not set a quota limitation on the mail database. stepping up through the organizational hierarchy. then any explicit policy settings are resolved. Each hierarchical level can have an associated policy. You simply “inherit” this value from the parent by selecting the inherit option. The combination of the explicit and organizational policies together provide the control and the flexibility you need. However. so users may have a combination of policy settings that include the values set at their OU level. it exempts users from enforcement of those settings only. users may also have explicit policies assigned to them.Using Exceptions You can assign an exception attribute to either an organizational or explicit policy. and those inherited from a parent policy. Using Policies 9-3 . For example. You use an exception to allow the user to override a policy setting that is otherwise enforced throughout an organization. you do not have to change it or reenter it in subsequent child policies. For example. determines the effective policy for each user. use them sparingly. if you have a select group of international users for whom this setting is a problem. the */Acme policy includes a Registration policy setting that enforces a mail database quota of 60 MB. In that case. Because exception policies defeat the enforcement of policy settings. Then when you assign the exception policy. The resolution of those settings. Configuration Exception policies are a way to give someone in an organization special treatment. set that value in the Registration policy settings document for the top-level policy. The solution is to create an “exception” policy that includes only a Registration policy settings document. In addition to organizational policies.

the policy at each organizational level has set its own password quality setting. when you create explicit policies. based on the naming structure. Through the parent-child relationship. to inherit only some of those settings. In a policy hierarchy. You create a child explicit policy called Short term/Contractors. The policy */Sales/Acme is the child policy of */Acme. employed for only one or two weeks. In this hierarchy. The following figure shows a policy hierarchy.There are two tools that help you determine the effective policy governing each user. if you create an explicit policy named /Contractors that includes several settings that apply only to contract employees who may be employed for six month to a year. you control the default settings. you build in the hierarchy. Using field inheritance and enforcement. the hierarchy of policies is determined automatically based on the Organization’s hierarchy. and a Policy Synopsis report shows the policy from which each of the effective settings was derived. and policy settings documents determine the value of the fields based on their position in the hierarchy. In organizational policies. policy documents build the relationship. Policy */Acme RegSetting PQ =8 Reg Reg Reg PQ =8 PQ =8 PQ =7 */Acme */Sales/Acme */NE/Sales/Acme Policy */Sales/Acme Reg RegSetting =8 PQ PQ =8 Policy */NE/Sales/Acme Reg RegSetting =8 PQ PQ =8 Reg Reg Reg PQ =8 PQ =8 PQ =6 Joe User/NE/Sales/Acme PQ=6 9-4 Administering the Domino System. you create a hierarchy of policies to set your administrative practices across the enterprise. The Policy Viewer shows the policy hierarchy and associated settings documents. Since explicit policies do not follow the organizational structure. For example. Volume 1 . However you want short-term temporary employees. Inheritance and the child policy relationship Inheritance plays an important role in determining a user’s policy settings in both organizational and explicit policies.

If settings are enforced in a parent policy.In the following figure. Inheriting a setting occurs in the child policy at the field level in a policy settings document. Policy */Acme */Acme */Sales/Acme RegSetting PQ =8 Configuration */NE/Sales/Acme Policy */Sales/Acme Reg RegSetting =8 PQ PQ =8 Reg Reg Reg PQ =8 PQ =8 PQ =9 Joe User/NE/Sales/Acme PQ=9 Policy */NE/Sales/Acme Reg RegSetting =8 PQ PQ =8 RegSetting Reg Reg Reg PQ =8 PQ =8 PQ =8 PQ =9 Enforce Inherit Another way that a user “inherits” field-level settings is through enforcement. In the illustration below. the password quality setting is enforced in the parent policy at the field level in the Registration policy settings document. */Acme */Sales/Acme Policy */Acme Reg Reg Reg PQ=8 PQ =8 PQ =8 Reg RegSetting =8 PQ PQ =8 RegSetting */NE/Sales/Acme PQ =8 Enforce Enforce Joe User/NE/Sales/Acme PQ=8 Policy */Sales/Acme RegSetting PQ =8 Reg Reg Reg PQ =8 PQ =8 PQ =9 Policy */NE/Sales/Acme Reg RegSetting =8 PQ PQ =8 Using Policies 9-5 . Joe User inherits a password quality setting from a parent policy. the settings at the child policy level do not apply.

3. assign explicit policies by editing the Person document or using the Assign Policy tool. When temporary employees are registered. during user registration and setup. For these settings. An organizational policy for Sales/Acme (*/Sales/Acme) that sets roaming options and specifies a custom mail template. Volume 1 . this explicit policy is applied along with the organizational policy that correlates to the organizational unit in which the employees are registered. you can plan and create policies. assign the policies. create explicit policies. To plan and assign policies 1. Then. For these settings. For users who are already registered. These default policy settings include a 24-month certification expiration period. If users are already registered. (Optional) Create and assign exception policies. create organizational policies. To accomplish these goals. An explicit policy for temporary employees that specifies a 6-month certification expiration. the administrator creates these policies: • • Planning and assigning policies Before you register and set up users. during user registration. plan and create policies. Determine which settings to assign to all users in specific organizational units. Register users and assign explicit policies during registration. but you cannot assign any registration and setup policy settings. 4. 5. 9-6 Administering the Domino System. since those apply only once. 2.Example of using policies The administrator at the Acme company wants to use policies to: • • • • • • Set the same Internet address format for all users Set users in Acme/Sales to be roaming users Set a custom mail template for employees in Acme/Sales Set a 24-month certification expiration for permanent employees Set a 6-month certification expiration for temp An organizational policy for all Acme employees (*/Acme) that includes a registration policy settings document that specifies the Internet mail format and other default settings that will populate the registration dialog. Determine which settings to assign to individual users or groups.

which identifies specific policy settings. Organization policy — When you are registering a hosted organization. If you create an explicit policy. you assign it manually during user registration. If you use an organizational policy. Create a Policy document. For more information on assigning explicit policies. many registration settings are filled in for you. 1. If you create an organizational policy. Create one or more of the following policy settings documents to define default settings that you want to assign to users: • Registration policy settings • Setup policy settings • Desktop policy settings • Security policy settings • Archive policy settings 2.To plan and assign policies for a hosted organization When you use policies for hosted organizations. when you register users. in the Person document or by using the Policy Assignment tool. your policy must include registration policy settings. you select the policy during registration. do one of the following: • • Explicit policy — Create an explicit policy that includes a registration settings document before you register the hosted organization. Configuration Creating policies Creating a policy is a two-step process. you create the policy either before you register the hosted organization or during registration. If you use an explicit policy.” later in this chapter. that policy is automatically applied. For a hosted organization. Creating a registration policy settings document If you include a registration policy settings document in a policy. create an organizational policy and a registration settings document when you are prompted to do so. when you register users with the corresponding certifier ID. You can use either an organizational or explicit policy. see the topic “Assigning an explicit policy. Using Policies 9-7 . it automatically applies—when you register users. Depending on the type of policy you use.

Volume 1 . see the chapter “Protecting and Managing Notes IDs. If you are a service provider. 9-8 Administering the Domino System. Make sure that you have Editor access to the Domino Directory and one of these roles: • PolicyCreator role to create a settings document • PolicyModifier role to modify a settings document 2. 3. see the chapter “Setting Up and Managing Notes Users. If you are a service provider. password quality is governed by security settings. complete these fields: Field Name Action Enter a name that identifies the users that use these settings. From the Domino Administrator. Click “Add Settings. if specifying a number. On the Basics tab. This password gives users access to Internet services. 4.” and then choose Registration.For more information on user registration settings. level 2. Set Internet password Check the “Set Internet password” check box to set the password that is stored in each user’s Person document.” To create registration settings 1. Description Choose a registration server Select the registration server from the list. Enter a description of the settings. you must select a minimum password quality of “Any Password” or. If you are a server provider. Choose a password quality Select a password quality level. you must complete this field.” For more information about the password quality scale. select the People & Groups tab. enter the name of the hosted organization. and then open the Settings view. After users authenticate with their home servers.

NTF — if the organization uses Lotus Notes. choose a DOLS-enabled server. • Your organization’s custom mail template continued Using Policies 9-9 . Click the Mail tab. Other Internet. If you are setting up roaming users. • If your organization supports DOLS. Configuration • Deselect and enter the name of the server to store the user’s roaming information.5. choose “Roaming User. Mail server Choose the server that stores the user’s mail file. • If you are a service provider.NTF — if the organization uses iNotes. or IMAP. Field Use mail server for roaming server Create roaming files options Action Do one: • Select to store the user’s roaming information on the same server used for mail. POP3. and complete these fields: Field Mail system Action Choose a mail system.” and then complete these fields. • If you choose Other. • INOTES5. Cleanup options Choose one: • Do not clean up — to not clean up roaming user files. note that “Roaming User” is not supported for hosted organizations. Mail template Choose one: • MAIL6. • Clean up at Notes shutdown — to clean up files when Notes shuts down. If you are a service provider. continue with Step 8. choose Lotus Notes only if you run Domino Off-Line Services (DOLS) in the hosted organization. • Clean up every N days — and enter a number between 0 an 365. 6. Choose one: • Create roaming files now — to create the user’s roaming files during user registration. or None. • Create roaming files in background — to use the Administration Process to create the user’s roaming files after user registration.

Under Advanced Mail Options. The change was made to prevent users from accidentally deleting mail files. 9-10 Administering the Domino System. Full-text indexing is supported for Lotus Notes. and then enter a size in MB. Create full text (Optional) Check this option to allow users to perform a index full-text search on their mail files. • Create mail file in the background — to use the Administration Process to create the mail file. Note This is a change from previous versions of Domino in which the default mail owner access was Manager. POP3. IMAP. full-text indexing is supported for only IMAP and iNotes Web Access. 7. if you are a service provider. Under Internet Address options. Internet address format Choose an Internet address separator Choose the separator character to use in the user’s name portion of the Internet address. Volume 1 . The default is Editor with delete rights. complete these fields: Field Internet Domain Action Enter the Internet domain (or. This domain becomes part of the Internet address that is added to the Person document for each user who receives Internet mail. (Optional) Check this option (default is unchecked) to notify users automatically when their mail files are nearing the maximum size quota. Choose an Choose the address format for Internet mail. and then enter a size in MB. If you are a service provider. and iNotes Web Access. 8. Set database quota Set warning threshold (Optional) Check this option (default is unchecked) to enforce a database size quota on mail databases.Field Create mail file Action Choose one: • Create mail file now — to create the mail file immediately. complete these fields: Field Mail file owner access Action Choose the access level. Choose this option if you are creating many mail files at once. The default is unchecked. the Internet domain for the hosted organization).

If you are a service provider. In the “Create a Notes ID” field. Location for storing user Choose one or more: ID • In Domino Directory — to store the ID in the user’s Person document. • In Mail File — to store the ID in the user’s mail file. Enter the name of the administrator. see the chapter “Protecting and Managing Notes IDs. do one: • Uncheck the field if you do not want to create Notes IDs for users.” 10. The default is 24 months. Then complete these fields: Field Security Type Certificate Expiration Date Action Choose North American or International Configuration Choose one: • Static date — and then enter an expiration date. For more information on security types. Click the Miscellaneous tab. • Check the field to create Notes IDs. see the chapter “Encryption and Electronic Signatures. Click the ID/Certifier tab. • In File — and then click “Set ID File” to select the path and specify the location to store the ID. and then continue with Step 9. • Months from user creation — and then enter the number of months.9.” For more information on the password quality scale. The default static date is 24 months from the creation. and complete any of these fields: Field Group assignments Action Choose the group to which you will add all users you register using these registration settings. enter the name of the administrator at the hosted organization in this format: administrator name/certifying hosted organization Local administrator 11. Save the document. Using Policies 9-11 . Leave this field blank if you are not registering all users into one group.

specify the same settings in a desktop policy settings document. Volume 1 . 3. Among the settings you can specify are the user preferences. Click “Add Settings. These are preferences that Notes users can usually specify for their desktop environment. and remote servers TCP/IP and NDS Notes name servers Host domains where Java applets are assumed to be safe Proxy servers To create setup policy settings 1. Before you create a setup policy settings document. To maintain these settings. Internet servers. during user setup.Creating a setup policy settings document Use a setup policy settings document to define the default look and content of the user workspace and create Location and Connection documents that simplify server connections. Setup policy settings are applied only once. the desktop policy settings will reinforce the setup settings the next time users authenticate with their home server. If a change is made to any policy setting. Notes users will be able to change their preferences. 9-12 Administering the Domino System. From the Domino Administrator. Make sure that you have Editor access to the Domino Directory and one of these roles: • PolicyCreator role to create a settings document • PolicyModifier role to modify a settings document 2. If you set these preferences in a policy and then reinforce them using desktop policy settings. but the change will be only temporary. and then open the Settings view. LAN servers.” and then choose Setup. set up the Domino system for any or all of the following: • • • • • • • • Domain search server Web Navigator and InterNotes server Databases you want to add to the user’s bookmarks in the Favorites folder Mobile directory (or client directory) catalogs Passthru servers. select the People & Groups tab.

4. Using Policies 9-13 .” Field Action Default databases Create a link for each database to add to the user added to workspace. see the chapter “Organizing Databases on a Server. enter the default account information for Internet servers. bookmarks If the server that stores a database is down during setup. Choose this option to create a local copy of the user’s mail file. a bookmark will not be created. On the Databases tab. If you chose Notes or Notes with Internet Explorer as the Internet browser. choose the location from which to run the Web Retriever process. Description Catalog/Domain Search server Directory server Sametime server Local mailfile Internet browser Retrieve/open pages Configuration 5. Create As new Create a link for each database to add as a new replica replicas on user’s to the user workspace. enter information about the default passthru and other remote servers. complete these fields: Field Name Action Enter a name that identifies the users (and. On the Basics tab. On the Dial-up Connections tab. On the Accounts tab. 7. Choose the Internet browser used from this location. Enter the name of the server used to connect to Sametime. complete one or more of these fields to add databases to the user’s workspace: Note You cannot use the Web Administrator to create links. the hosted organization) that use these settings. For information on creating a link. Choose the name of the server used for domain searches. Enter the name of the server whose Domino Directory you want users to use. Enter a description of the settings. 6. if you are a service provider. machine Mobile directory catalogs Create a link for each mobile directory catalog to add automatically to the user workspace.

specify the same settings in a desktop policy settings document. On the Mail tab. On the Name Servers tab. On the Applet Security tab. see Lotus Notes 6 Help. Users receive updates to the settings when any of the policy settings change. choose user preferences. 9-14 Administering the Domino System. Volume 1 . you can use them to update the user’s desktop settings or to reinforce setup settings desktop settings. To use a desktop policy settings document to enforce the settings specified in the setup policy settings document. 12. Save the document. enter the names and addresses of secondary TCP/IP and NDS Notes name servers. 9. to ensure that the Sametime server specified in the setup policy settings document remains the same each time the user logs in. Creating a desktop policy settings document You use a desktop policy settings document to control the user’s workspace. and then the desktop policy settings are enforced the next time users authenticate with their home server. After the initial setup. 11. Choose one: • • • • • Network access for untrusted hosts Disable Java No access allowed Allow access only to originating host Allow access to any trusted host Allow access to any host Choose one: • Disable Java • No access allowed • Allow access only to originating host Choose one: • Yes • No Trust HTTP proxy 10. On the Preferences tab. For information on user preferences. Desktop settings are enforced the first time a user logs in to Notes and runs setup. On the Proxies tab. enter the default proxies to assign to users. enter the Sametime server name in both the setup and desktop policy settings documents. complete these fields: Field Trusted hosts Network access for trusted hosts Action Enter the name of trusted hosts.8. choose the format to use for messages to Internet addresses. For example. 13.

but the changes will be only temporary. Click “Add Settings. To create Desktop settings 1. and URL links. such as More Bookmarks. select the People & Groups tab. see the Upgrade Guide. You also use a desktop policy settings document to manage and update bookmarks. for example. To add bookmarks to an existing folder on the user’s desktop. The next time the desktop policy is enforced. Notes users will still be able to change their preferences.To use a desktop policy settings document to add to or update the user’s desktop workspace. include the folder in the bookmark outline. you can use a desktop policy settings document to define the settings used when converting previous mail file templates to the Domino 6 mail template. 3. customizing the welcome page. You can also create a folder called “Startup” that includes links that open automatically every time the user logs in to Notes. and open the Settings view. document links. set up a bookmark hierarchy for Notes users by creating an outline of bookmarks that includes folders and links such as database links. Configuration Using Policies 9-15 . If you are updating from a previous version of Domino. For more information on seamless mail upgrades. and specifying how and when Smart Upgrade runs to upgrade the Notes client. Make sure that you have Editor access to the Domino Directory and one of these roles: • PolicyCreator role to create a settings document • PolicyModifier role to modify a settings document 2. change the setting in the desktop policy settings document. If you set user preferences. You can create folders that have links within the folders. Any links included in that folder are merged with the corresponding folder in the Notes client. specify a different server in the desktop policy settings. mail6.” and then choose Desktop. their preferences will be reset to the original policy settings. to change the Sametime server specified in the setup policy settings document. For example. usually set by Notes users. You can also set user preferences. You can.ntf. From the Domino Administrator. Other changes you can make to the user’s desktop workspace that do not reflect setup policy settings include setting up a default home page. upgrading the mail template. All of the folders and bookmarks in the outline are then placed on the Bookmark Bar of the Notes client.

complete these fields if you are converting from a previous Domino mail template: Field Action Prompt user before Do one: upgrading mail • Check yes to inform users before upgrading their file mail files. the upgrade happens automatically. Sametime server Local mailfile Deploy version Enter the name of the server used to connect to Sametime. enter the Notes version to which you want users to upgrade. Old design The default asterisk (*) uses any mail template. Under Server Options. • Uncheck (default) to upgrade without notification. use mm/dd/yyyy format to enter the date by which users must upgrade. Enter the new mail template file name. 5. continued Use this Mail template 9-16 Administering the Domino System.4. Upgrade deadline If you use Smart Upgrade. if you are a service provider. If running this version of notes: Enter the build version of the Notes client in the format Build Vnn_mmddyyyy (example. use Help . If users to do not upgrade by this date. Volume 1 . To upgrade all versions. To find the build version. Under Basics. complete these fields: Field Catalog/Domain Search server Action Choose the name of the server used for domain searches. Allows users to defer upgrade. the hosted organization) that use these settings. • Description — Enter a description of the settings. Check the field Create local mailfile replica to create a local copy of the user’s mail file. complete these fields: • Name — Enter a name that identifies the users (and. Build V60_06282002). template name for (Optional) Enter the name of the current template you your mail files are using.About Domino Administrator. Under Mail Template Information. use an asterisk *. 6. If you use Smart Upgrade. Domino Directory Enter the name of the server whose Domino Directory server you want users to use.

Upgrade the design of custom folders The conversion does not upgrade private folders automatically. Mail file to be used Do one: by IMAP mail • Check if mail file will be used by an IMAP mail clients client. Do one: • Check yes to include custom folders in the design upgrade (default). • Uncheck (default) to upgrade folder design without notifying users. Allows users to defer upgrade. Configuration Using Policies 9-17 . • Uncheck to exclude custom folders in the design upgrade. Notify these administrators of mail upgrade status If you chose to notify users before updating mail template or folders. Do one: • Check yes to override that limit and create as many folders as necessary (default).Field Ignore 200 category limit Action By default the number of folders created during conversion is limited to 200 folders. enter the names of administrators who should receive status information. • Uncheck if IMAP will not be used (default). Prompt before upgrading folder design Do one: • Check yes to inform users before upgrading their mail folder design. • Uncheck to enforce the limit.

For information on creating a link. Drag and drop or copy links to add to the user’s bookmarks. complete one or more of these fields to add databases to the user’s workspace: Note You cannot use the Web Administrator to create links. • Uncheck (default) to allow users to change their home page. However. 10. For more information on welcome pages. 9. • Select “No default Welcome Page” if there is no default welcome page. Volume 1 .” Field Create As new replicas on user’s machine Mobile directory catalogs Bookmarks to merge with users’ bookmarks Enter Create a link for each database to add as a new replica to the user workspace. Create a link for each mobile directory catalog to add automatically to the user workspace. see the chapter “Organizing Databases on a Server. 9-18 Administering the Domino System. enter information about the default passthru and other remote servers. Under Internet Browser. do not add any links above the Favorites folder. Default Welcome page Do one: • Select the welcome page users see when they start Notes.7. because they will be added to the bottom of the user’s bookmarks list.” 8. (default) Homepage selection For the field “Do not allow users to change their home page” do one: • Check to prohibit users from choosing their own home page. Arrange links in the order you want them to display. Note You cannot use the Web Administrator to create links. choose the location from which to run the Web Retriever process. On the Dial-up Connections tab. On the Databases tab. choose the Internet browser used from this location. see the chapter “Setting Up and Managing Notes Users. If you chose Notes or Notes with Internet Explorer as the Internet browser. Specify the Homepage/Welcome Page options: Field Corporate Welcome Pages database Action Add the database link to the database containing custom welcome pages.

choose user preferences. see Lotus Notes 6 Help. complete these fields: Field Trusted hosts Network access for trusted hosts Action Enter the name of trusted hosts. 17. enter the names and addresses of secondary TCP/IP and NDS Notes name servers. enter the default account information for Internet servers. 16. Creating a security policy settings document A Security policy settings document controls the Administration ECL as well as Notes and Internet passwords. Choose one: • • • • • Disable Java No access allowed Allow access only to originating host Allow access to any trusted host Allow access to any host Configuration Network access for untrusted hosts Choose one: • Disable Java • No access allowed • Allow access only to originating host Choose one: • Yes • No Trust HTTP proxy 14. choose the format to use for messages to Internet addresses. Make sure that you have Editor access to the Domino Directory and one of these roles: • PolicyCreator role to create a settings document • PolicyModifier role to modify a settings document 2. 12.11. From the Domino Administrator. To create Security settings 1. 15. Save the document. select the People & Groups tab. On the Applet Security tab. On the Accounts tab. 13. enter the default proxies to assign to users. and then open the Settings view. For information on user preferences. On the Name Servers tab. On the Preferences tab. On the Proxies tab. On the Mail tab. Using Policies 9-19 .

complete these fields: Field Action Choose one: Allow users to change Internet • Yes (default) — to allow users to use a Web password over HTTP browser to change their Internet passwords. Click “Add Settings. Check Notes password Choose one: • No (default) • Yes — to require a password for Notes authentication. On the Basics tab. Description 5. • Notes only — to enable password expiration for only Notes passwords. complete these fields: Field Name Action Enter a name that identifies the users (and. In the “Enforce password expiration” field. Volume 1 .3. 9-20 Administering the Domino System. if you are a service provider. 4.” and then choose Security. • Notes and Internet — to enable password expiration for both Notes and Internet passwords. Enter a description of the settings. This means that Internet passwords can be used with other Internet protocols (such as LDAP or POP3) indefinitely. the hosted organization) that use these settings. choose one: • Disabled (default) — to disable password expiration. Caution Do not enable password expiration if users use Smartcards to log in to Domino servers. • No Synchronize Internet Choose one: password with Notes • No (default) password • Yes — to allow users to use the same password to log in to both Notes and the Internet. On the Password Management tab. 6. • Internet only — to enable password expiration for only Internet passwords. Note Internet password expiration settings are recognized only by the HTTP protocol.

Otherwise. complete these fields: Field Admin ECL Action The default administration ECL is the default value for this field.7. If you enabled password expiration. Enter the name of the new ECL and choose options in the Workstation Security: Execution Control List dialog box. see the chapter “Protecting and Managing Notes IDs. the administration ECL setting overrides the workstation ECL setting. • Replace — to overwrite the workstation ECL with the Administration ECL.” 9. For more information on password quality. • Use length instead — and then enter a number from 0 to 16 to require that users create passwords of a specific length. Choose one: • Edit — to edit the default administration ECL. • New — to create a new administration ECL. complete these fields. continued Using Policies 9-21 . go on to Step 9: Field Required change interval Allowed grace period Password history (Notes only) Action Enter the number of days a password can be in effect before it must be changed. If a setting appears in both the administration and workstation ECL. On the Execution Control List tab. The name of the new ECL appears in this field. Choose one of the following to specify Password Quality Settings for IDs: • Required password quality — and then choose the quality level required when users create passwords. Storing passwords prevents users from reusing old passwords. This option overwrites all workstation ECL settings. Update Mode Choose one: • Refresh — to update workstation ECLs with changes made to the Administration ECL. Enter the number of expired passwords to store. Configuration 8. Enter the number of days users have to change an expired password before being locked out.

Volume 1 . the entire document hierarchy is archived. you define the criteria for old documents. and then simply delete them from the mail database without archiving them. • When Admin ECL Changes — to update the workstation ECL when the client authenticates with the home server and the administration ECL has changed since the last update. • Never — to prevent the update of the workstation ECL during authentication. Archiving is particularly useful for mail databases because when a user sends a mail message.” For more information on administration and workstation ECLs. Notes automatically saves a copy of it in the Sent view. and can be accessed like any other Notes database. see the chapter “Protecting User Workstations With Execution Control Lists. Save the document. causing the mail file to increase in size. You can also use archiving policy settings to define a document retention policy for your mail files. administrators can centrally control mail file archiving using policies.” Mail archiving and policies For the first time in Lotus Domino 6. The mail archive database is a Notes database. With document retention. Archiving the mail file frees up space and improves the performance of the mail database by storing documents in an archive database when they are old or not in use anymore. The views in a user’s mail archive mirror the views in the mail file and includes all the folders that exist when mail is archived. see the chapters “Protecting and Managing IDs” and “Setting Up Name-and-Password and Anonymous Access to Domino Servers. When a document has one or more responses. 10. So users can find and retrieve archived messages easily from within their archive database. 9-22 Administering the Domino System.Field Update Frequency Action Choose one: • Once Daily — to update the workstation ECL when the client authenticates with the home server and either it has been a day since the last ECL update or the administration ECL has changed. For more information on Notes and Internet passwords.

Mail file clean up — reducing the size of the source mail file by deleting archived documents or reducing them in size. You can then archive all documents that match that criteria. Client-based archiving — Using this option the individual workstations process mail file archiving. For example. see the chapter “Improving Database Performance. archiving will not occur. either on a mail server or on their individual workstations. copying files to an archive database. or you can archive only documents in specific folders that match that criteria. Notes users can still archive mail files using database archive settings in the Notes client. If archiving is scheduled at a time during which the workstation is not running. You can archive mail files to the following: • Server-based archiving — Using this option. • • Client-based and server-based archiving When you use policies to manage archiving. Copying — copying selected documents from the source mail file to an archive database destination. In either case you can archive to a server. however. you can define an old document as a one that has not been modified for 365 days. the mail server archives to the mail server itself. the workstation must be running in order to archive documents. How mail file archiving works Mail file archiving is a three-step process that includes document selection.If you choose not to include archiving policy settings in your policies. mail is archived to the mail server. and then leaving only the header information or leaving the header information and a portion of the mail document. If you choose to archive on a server. You can reduce the size of the document by first removing attachments. • For more information on using a program document to run the Compact server task. Depending on where the mail file resides. you must create a program document to run the Compact server task. The terms server-based or client-based refer to where the archiving process occurs. If you choose client-based archiving. either on a server or on the client’s workstation. or to another server that you designate as the archive server. you use either server-based archiving or client-based archiving. Configuration • Document selection — choosing which documents to archive based on activity and on folder selection. a designated server. or to their local workstations.” Using Policies 9-23 . and mail file cleanup.

and the locations of the original mail file source and archives destinations. where archive is the default name for the archive directory. Lotus Notes 6 clients will not be rolled out immediately. where l_ is the prefix and xxxx is the name of the user’s mail database. you can access the archived document from within the archive log. • • • • Using the mail archive log To monitor mail document archiving. Archiving cannot occur during peak work hours. Acme needs a centralized archive server.nsf. to track a document you thought was deleted. the archive log database is stored in c:\notes\data\archive. The designated archive server is a Domino 6 server so that policies can be enforced in a mixed environment. Information stored in a user’s Archive Log include the log date. users are prohibited from changing or creating archive settings. Archiving is scheduled to occur during off hours. You can use the mail archive log. the number of documents stored in the archive database and deleted from the mail file. you can log archiving activity to an archive log database. • Archive settings are centrally managed and enforced by the administrator. Server-based archiving is enabled from a mail server to a designated archive server. To resolve the problems to Acme’s archiving issues. The name 9-24 Administering the Domino System. The default name format for a user’s archive log database file is l_xxxx. the administrator uses these Archive policy settings. for example. Optionally.An example of using policies to manage mail file archiving Acme’s administrator is happy to learn of policy-based archiving because of these issues with archiving mail files: • • • • • Space is tight on the mail server. depending on how tight space is on the mail server. pruning (removing attachments and body of mail. archive failures. via organizational policies. Volume 1 . and applies them to all users. End users must not be allowed to control their archive settings. Specifying the name and location for the Archive Log database By default. You can easily scan the Archive Log to see if the document was archived. but leaving header information intact) might be helpful. And since the archive log provides links to archived documents.

to specify source and destination archive servers. then that is your archive policy setting. and you must include it in your policy.” Creating an archive policy settings document Configuration To set up mail file archiving. for the end user John Smith. then the Archive Settings policy document determines how documents in the user’s mail file are archived and users cannot change these settings or create private archive settings. (Optional) Under Archiving options. if you are a service provider.of the log database is based on a specified number of characters (the default is 6) from the user’s ID. For example. and to set the archive schedule. which specifies the criteria for document selection and defines how to clean up the mail file. You can also change the name and location of the default archive log file if you choose. To create archive policy settings 1. Make sure that you have Editor access to the Domino Directory and one of these roles: • PolicyCreator role to create a settings document • PolicyModifier role to modify a settings document 2. whose ID is jsmith. 4. • Prohibit archiving — to prohibit all archiving. you use both archive and archive criteria policy settings documents. The archive policy settings document specifies whether or not to allow archiving either centrally by administrators or privately by Notes users. 3.” and then select Archive. 5. use the archive policy settings document to define whether archiving is server-based or client-based. For more information about the type of information stored in an Archiving Log. complete these fields: • Name — Enter a name that identifies the users (and. If you allow archiving. • Description — Enter a description of the settings.nsf. choose one of the following if you want to prohibit archiving. the archive log database name is l_jsmith. If you prevent private archiving. If you prevent all archiving. Click “Add Settings. select the People & Groups tab. Using Policies 9-25 . Each archive policy settings document requires at least one archive criteria policy settings document. and then open the Settings view. On the Basics tab. see the chapter “Improving Database Performance. From the Domino Administrator. the hosted organization) that use these settings. Then save the document. The default is to allow both.

If you allow private archiving.” specify the server or workstation on which of the archive database will reside. • Mail server — to create the mail archive database on the mail server. Volume 1 . and then choose an archive criteria settings document to add criteria. Under “Destination database is on. Then specify the name of the server. • Click Add Criteria. Under “Archive source database is on. For more information on using a program document to run the Compact server task. 8. Choose one: • Local — if the mail file is on the user’s workstation (available for client-based archiving only). On the Selection Criteria tab.” 7. 9-26 Administering the Domino System. • Mail server — if the mail file is on a mail server (default). click Add Criteria and select your newly defined criteria document. • Specific server — to create the mail archive database on a server other than the mail server. choose one: • Archiving will be performed on user’s local workstation — to use the Notes client workstation to perform the archive process (the default). 6. you must give the user Create access on the destination server to create an archive database. Choose one: • Local — to create the mail archive database on the user’s workstation (available for client-based archiving only). Then. • Archiving will be performed on a server — to use a server to perform the archive process. Under Archive locations. Then specify the name of the server.” specify the server or workstation on which the mail file that will be archived is located. 9. see the chapter “Improving Server Performance.” you must create a program document to run the compact task. • Specific server — if the mail file is on a server other than the mail server.• Prohibit private archiving settings — to prohibit Notes users from creating private archive settings or modifying the archive settings defined in this settings document. do one or more of the following: • Click New Criteria to create a new Archive Criteria Settings document. Note If you choose “Archiving will be performed on a server.

13. followed by an underscore (_). and then specify the schedule. Under Archive Logging. Enter a new name if you want to change it. enter the number of characters you want to use from the user’s ID to create the archive log name. check the field “Log all archiving into a log database” to log archiving activity to a log database (the default). For information on creating an archive criteria settings document. The default is the letter l. In the field “Enable client-based scheduled archiving” do one: • Check (default) to set up a schedule for client-based archiving. In the field “Include document links to archived documents. Using Policies 9-27 . users can open archived documents from within the log database. Field Log Directory Log Prefix Log Suffix Number of characters from original filename Action The default is archive. If you include links. Enter a suffix for the archive log database name if you want to add one.• Click Remove Criteria. 10. (Optional) Change any of these fields if you want to change the location of the log directory and log file name. The default is 6. see the topic “Creating Criteria for mail archiving. Enter a new prefix if you want to change it. users must open the archive database to view archived documents. The default is no suffix. If you chose client-based archiving. click the Schedule tab. Click the Logging tab.” later in this chapter. If you exclude links. and then choose an archive criteria settings document to remove criteria. To change this. • Uncheck the field to exclude links to archived documents in the log. 12.” do one: • Check the field to include links to archived documents in the log (default). • Uncheck to allow users to set their own schedule for archiving. Configuration 11.

You create an Archive Criteria policy settings document from within an Archive policy settings document. Save the document. The default is 12:00 pm. if you are using client-based archiving. you 9-28 Administering the Domino System. specify the locations from which to archive. • Weekly (default). On the Advanced tab. 17. you may want to archive only from a user’s office workstation. • Uncheck (default) to prohibit users from modifying the archive schedule. Volume 1 . 15. Choose one: • Any location — to archive from any location. When you specify archive criteria. • Specific location — and then specify one or more locations. you determine what to do with old documents in a user’s mail file. Under Location. the field “Don’t delete documents that have responses” do one: • Check (default) to archive but not delete documents that have responses. Do you archive them (copy them to an archive database) or just delete them? If you archive them. Frequency Choose one: • Daily and then select the days of the week on which to archive. After you create archive criteria. Field Allow end user to modify schedule settings Action Do one: • Check to allow users to modify the archive schedule. Creating criteria for mail archiving You use an Archive Criteria policy settings document to define sets of criteria to use when archiving a Notes user’s mail documents. Note The Notes client must be running for scheduled archiving to occur. 16. you can use it in one or more archive policy settings documents. You can enable this setting even though private archive settings are prohibited. and then choose the day of the week on which to archive.14. Run at Specify the time. • Uncheck to archive and then delete documents that have responses. For example. not from an island or if the user has dialed in. (optional) If you checked “Enable client-based scheduled archiving” complete one or more of these fields.

and then applying that age criteria either to all documents or all documents in specified folders.” Using Policies 9-29 . Archive is the default name for the archive directory. or just deleting them How should documents be cleaned up? Once documents have been copied to an archive database. The default name format for a user’s archive database file is a_xxxx. the archive database name is a_jsmith. Mail file criteria answers these questions: • How should documents be archived? Archiving can be a combination of copying old documents to an archive database and then performing clean-up tasks on the users mail file. For example. where a_ is the prefix and xxxx is the name of the mail database. The name of the archive database is based on a specified number of characters (the default is 6) from the user’s mail file. Configuration • • Specifying the name and location for the Archive database By default. and then open the Settings view.determine how to “clean up” the copies of the archived mail documents that remain the user’s mail file.nsf. and then click “Edit Settings. located in the data directory. To create archive criteria policy settings 1. and then click “New Criteria. you define what an old document is. Which documents should be cleaned up? You provide a definition of an “old document” by specifying age criteria. the archive mail database is stored in the directory archive. 3. for the end user John Smith. you can either delete the copies that remain in the user’s mail file. Do one: • Select the Archive policy settings document for which you want to create archive criteria settings. 2. select the People & Groups tab.” • Click “Add Settings” and then select Archive to create a new Archive policy settings document. whose mail file is jsmith. From the Domino Administrator.nsf. And finally. Select the Archive Criteria tab. or reduce the size of the document.

This will truncate large documents only. 7. When you add criteria to a criteria policy settings document. 6. • Reduce the size of the documents in the database — to truncate copies of the archived documents that remain in the user’s mail database. Under “Which documents should be cleaned up?” specify the criteria that defines an “old” document. Description Archiving is enabled 5. For “How should documents be archived?. 9-30 Administering the Domino System.” choose one: • Delete older documents from the database — to delete copies of archived documents that remain in the user’s mail database.” the copies that remain in the user’s mail file. this is the name that appears in the selection box.4. Then choose one: Leave summary — to leave only the header information on the mail document. Use this setting to enforce document-retention policies that delete all documents after a specified time. Then specify the age criteria. Enter a description of the criteria. for “How should documents be cleaned up?. Leave summary + 40KB — to leave the header information and 40KB of the body of the mail document. • Uncheck if you are creating archive criteria to use later. (Optional) If you chose to archive documents and then “clean up. This criteria determines which documents are candidates for archive and cleanup. then clean up database — to archive (copy) documents to the archive database and then clean up (delete those documents) from the user’s mail database. Volume 1 . Field Name Action Enter a name that identifies the archive criteria. For the field “All documents” do one: • Check this option to include all documents that meet the age criteria (default).archive. Provide the following information on the Basics tab. This name also appears in the user’s mail folder outline under tools . • Clean up database without archiving — to delete documents from the user’s mail database without copying them into an archive database.” choose one: • Copy old documents into archive database. or deletion. Do one: • Check to enable this archive criteria.

9. enter the number of characters to use from the user’s mail file to create the archive database name. Marked expired — to specify documents that the Notes user has marked expired. Notes does not consider a document accessed even if it is opened. • Choose template — select the name of your custom mail template. 8. (Optional) Click the Destination tab and change any of these fields if you want to change the location of the archive database. • If you did not specify age criteria for All documents. 10. If this property is not set. Configuration Archive suffix Number of characters from original filename 11. (Optional) If you use a custom mail template. Using Policies 9-31 . The default is 6. Enter a suffix for the archive database name if you want to add one. complete these fields • Change template server — select the name of the server on which your mail template is stored. Do not use this option unless the database property Maintain LastAccessed is in set. followed by an underscore (_). check this option to apply the all documents age criteria to the documents in the selected views and folders. with no age criteria applied.Not accessed — to specify documents not opened in the specified time frame. check this option to clean up all documents in the selected views and folders.—To change this. Not modified — to specify documents that have not been modified in the specified time frame (default). Enter a new prefix if you want to change it. Save the document. • Uncheck this option to include documents based only on location in selected views and folders. instead of age criteria. This is the recommended setting. Then specify a time period. Enter a new name if you want to change it. Field Archive Directory Archive Prefix Action The default is archive. The default is no suffix. The default is the letter a. For “In views or folders” do one: • If you checked “All documents” in step 7. Then specify a time period.

you use a Policy document to specify which policy settings documents to include. you do not have to include the asterisk (*) or slash (/) when you enter a policy name. and then open the Policies view. When the effective policy settings are resolved. or you can create them while you create the Policy document. Exceptions are made at the policy setting level. any settings you specify in the exception policy apply. From the Domino Administrator. include only the policy settings documents that have settings whose values you do not want to enforce. click the People & Groups tab. If you are creating an exception policy. Volume 1 . For each setting you do not want to enforce. Make sure that you have Editor access to the Domino Directory and one of these roles: • PolicyCreator role to create a policy document • PolicyModifier role to modify a policy document 2. However. Policy document names The names of Policy documents must be in one of the formats below. but can be assigned at any organizational level To create a policy document 1. change the value as required. Domino adds them for you depending on the type of policy you specify. */organization — an organizational policy that is automatically applied at the organization level */organizational unit/organization — an organizational policy that is automatically applied to an organizational unit */hosted organization — an organizational policy that is automatically applied to a hosted organization * — an organizational policy that is automatically applied to everyone in the Domino Directory /policyname — an explicit policy that must be assigned manually. 3.Creating a policy document When you create a policy. when you create a Policy document. 9-32 Administering the Domino System. Click Add Policy. You can create policy settings documents before you create the policy document.

Then. Press F9) 7. • The name of the organization or organizational unit. To specify the policy settings documents to include in this policy. select it from the list. see the topic “Organizational and explicit policies. do not enter a policy name. Description Enter a description of the policy. • Organizational — to create a policy that is automatically assigned to all users in the part of the organization specified in the Policy name field. you may need to refresh.” earlier in this chapter. Under Basics.4. You can save the child policy document and return to it at a later time. Using Policies 9-33 . such as Acme or Sales/Acme • The name of the hosted organization • To create a policy for all hosted organizations in the Domino Directory. Note If the name of the new policy settings document does not appear as a selection.” Caution Be cautious when creating an exception policy. Save the document. (Optional) To create an exception policy. An exception policy allows a user to override enforced policy settings. for each type of settings do one: • Select a policy settings document from the list. When you close this document you return to the parent policy document. 8. click the Administration tab and enable “Exception Policy. Configuration 5. for an explicit policy. 6. after you create the policy settings document. complete these fields: Field Policy name Action Enter one: • A unique name. • Click “New” to create a new policy settings document. By default Domino will enter the asterisk for you. Policy type Choose one: • Explicit — to create a policy to assign to specific users and groups. (Optional) Click Create Child to create a child policy document that includes the name of the parent policy. For more information on exception policies.

In explicit policies. In organization policies. For example. 3. Make sure that you have Editor access to the Domino Directory and one of these roles: • PolicyCreator role to create a policy document • PolicyModifier role to modify a policy document 2. followed by the Organization or the Organizational unit that displays in the Parent Policy field. you create a child policy by setting up the child/parent name structure. Complete the remaining fields using the same procedure you used to create a policy document. When the policy is saved the name will be /Short term/Contractors. the policy /Contractors may have a child policy called /Short term/Contractors. 4. Select the name of the policy for whom you want to create a child policy and click Edit Policy. and then open the Policies view. So the child of */Acme is */Sales/Acme. When the policy is saved. click the People & Groups tab. From the Domino Administrator. click Create Child. child policies follow the hierarchy of the organization.Creating a child policy document When you create a child policy. In the Policy Name field do one: • Organizational policy — enter the name of the organizational unit. if */Acme is in the Parent policy field and you want to create a child policy for the Sales/Acme organization unit. Volume 1 . For example. For example. 6. 9-34 Administering the Domino System. enter Sales/Acme. • Explicit policy — enter a name for the child policy followed by the text that displays in the Parent policy field. To create a child policy 1. you use a Policy document to specify which policy settings documents to include. Under Basics. 5. enter Short term/Contractors. the name will be */Sales/Acme. if the Parent policy field is /Contractors and you want to create a child named Short term.

Deletes references to the policy settings document from all policy documents. and choose one of these views: • Policies — to edit a policy document. Organizational policy Settings document Using Policies 9-35 . This table describes the result of each type of deletion: Deletion Explicit policy Result An Administration Process request searches the Person documents of all users in the domain and deletes all references to the deleted policy. Deletes the policy document from the Domino Directory. you must use the Policy . • Settings — to edit a policy settings document. 4. Open the Domino Directory. 3.Delete tool on the Configuration tab to remove all occurrences of the policy and its settings. All settings documents named in the deleted policy remain intact. Make sure that you have at least Editor access to the Domino Directory and the PolicyModifier role. and then save the document. Deletes the settings document from the Domino Directory. From the Domino Administrator. 1. edit. Deleting policies Use this procedure to delete policy and policy settings documents. 2. click the People & Groups tab. Open. you can do any of the following: • • • • • Edit policies Delete policies Create a report of the effective policy View policy relationships Assign an explicit policy or change a policy assignment Configuration Editing policies Use this procedure to edit existing policy and policy settings documents. Although you can delete a policy from the Domino Directory.Managing policies To manage policies.

Select the People view. 2.” Using the Policy Synopsis tool to determine the effective policy To determine the effective policy governing a selected user. Under Select Report Type choose one: • Summary Only — (default) to produce a report that lists the hierarchy of policy documents used to derive the effective policy for the specified user. click the Configuration tab. For more information on deleting policies in the Web Administrator. 6.To delete a policy 1. From the Domino Administrator. Select the policy or settings document you want to delete. double-click the report to open it. select Policy Synopsis. and the policy and policy settings documents from which the value was derived. 3. Under Results Database choose one: • Append to this database — (default) to add to the list of previous reports. From the Tools pane. 9-36 Administering the Domino System.Delete. • Detailed — to produce a report that lists the hierarchy of policy documents of the effective policy for the specified user. 3.Policies . • Overwrite this database — to remove reports in the database and write the new reports.NSF).NSF) opens. The policy tools are not available in the Web Administrator client. Then select the policy settings documents for which you want details. Volume 1 . click the People & Groups tab. Note The policy tools are not available in the Web Administrator client. see the chapter “Setting up and Using Domino Administration Tools. and then open the Policies . 7. 4. Click Tools . To use the Policy Synopsis tool 1. 5. The default is Policy Synopsis Database on local. 2. (Optional) Click Results Database to change the name or location of the results database. use the Policy Synopsis tool to generate a report that is written to the Policy Synopsis Results database (POLCYSYN. and then select one or more users. Click OK. When the Policy Synopsis Results database (POLCYSYN. and includes the actual values.Hierarchy view. From the Domino Administrator.

or the settings assigned to a specific users. Example of using the By Settings view The administrator at the Acme company wants to use the policy viewer to: • View all policy settings documents in a domain • View all policies that use a selected policy settings document • View and edit a policy settings document • View the effective policy settings To view this information the administrator performs these tasks: • Selects the By Settings view in the policy viewer and looks in the upper left pane to view all policy settings documents. the settings associated with each policy. based on your selections in the top two panes. grouped by administrative area. the settings by functional area. and how they relate to each other. you can view the settings for each policy. where it can be edited. • In the top right pane. The actual policy settings document displays in the bottom pane. Depending on your selection in the top left pane.Viewing policy relationships The policy viewer is a convenient tool you can use to view each policy. which helps you to understand the impact of changing a policy setting. the results in the right top pane differ. For example. You can also view effective policies on different levels in the policy hierarchy. Using Policies 9-37 . All policies that use that policy settings document display in the upper right pane. The policy viewer is also versatile because of the number of ways in which you can view policy documents. By Hierarchy and By Settings. Configuration How to use the policy viewer The policy viewer has three panes. You cannot edit an effective policy because the settings are derived settings. The effective policy settings display in the bottom pane. selects one of the policies. These cannot be edited. You can edit a policy settings document in the policy viewer. • Selects one of the policy settings in the upper left pane. The bottom pane always shows either an actual policy settings document or an effective policy settings document. You can view policy documents using one of two views.

Volume 1 . the administrator can edit the policy settings document and then switch views in the bottom pane. Looks in the upper left pane to view the policy hierarchy.Example of using the By Hierarchy view The administrator at the Acme company wants to use the policy viewer to: • View the policy hierarchy for the Acme domain • View the policy hierarchy for a Notes user in the Acme domain • View the settings documents used by each policy • View the differences between the effective policy and the policy settings for a policy settings document To view this information the administrator performs these tasks: • Selects the By Hierarchy view in the policy viewer and in the field “Show policy hierarchy for. The administrator can switch from the effective policy settings to the actual policy settings document in the bottom pane. Open the Policies view.” and then selects the name of a user to view the user’s policy hierarchy in the upper left pane. 9-38 Administering the Domino System. From the Domino Administrator. and then select the By Settings view. Using the policy viewer You use the policy viewer to view the relationships of policies and policy settings documents in a policy hierarchy. • In the top right pane. 2. selects one of the policy settings documents. click the Configuration tab. • To see how changing a policy setting affects the effective policy. • In the field “Show policy hierarchy for. • Selects a policy in the left pane to view the policy settings documents used by the selected policy in the upper right pane.” selects Acme domain.” selects “Specific User. By Settings view 1.

and then select the By Hierarchy view. Select a policy settings document in the left pane. Select a policy settings document in the left pane. that use a policy settings document (display in the 2. settings for a functional area (displays in the 2.3. Choose any of the following tasks: Task View a list of all policy settings documents in your domain Action Expand the functional areas in the left pane. Configuration View the effective policy 1.” select a domain. select a policy settings document. The selected policy settings document displays in bottom pane. View a list of all policies 1. By hierarchy view 1. View the domain’s policy hierarchy in the upper left pane. bottom pane) 3. In the left pane. View the settings 1. 2. View the policy settings documents used by the selected policy in the upper right pane. documents used by each 2. 2. right pane) View and edit a policy settings document 1. Choose any of the following tasks: Task View the policy hierarchy for the a domain View the policy hierarchy for a Notes user Action 1. Double-click the document to edit it. continued 2. 3. 1. 2. Open the Policies view.” select Specific User. View the effective policy in the bottom pane. View the policy hierarchy for the user in the upper left pane Select a policy in the left pane. In the field “Show policy hierarchy for. policy Using Policies 9-39 . Select a policy document that uses those settings in the right pane. and then select the name of a Notes user. click the Configuration tab. View the policies that use that policy settings document display in the right pane. In the field “Show policy hierarchy for. From the Domino Administrator.

Changes to the Desktop. or in the person document. Volume 1 . In the bottom pane choose one of the “Show” options to view either the effective policy settings or the actual policy settings document. Changes to a user’s settings that were previously defined using Registration and Setup policy settings are not made retroactively. assign them during user registration so that you can take advantage of these settings. Security. or Archive policy settings that are defined in explicit policies using this tool. so you would need to make any changes to those settings manually in the Person document. If your policies include setup and registration settings. roaming user settings can be defined in a Registration policy setting document. But you cannot change a user’s roaming user status by changing the Registration policy setting document for that user. you have the option of 9-40 Administering the Domino System. In the top right pane.Task View the differences between the effective policy and the policy settings for a policy settings document Action 1. or remove an explicit policy assignment to an individual Notes user in the Person document. or you can change the explicit policy assignment using the Assign Policy tool. during user registration. When you change the explicit policy for a user or group using this tool. You can distribute changes to the Desktop. Assigning explicit policies in the Person document You can assign or change a user’s explicit policies in the Person document. using the Assign Policy too. Note The Assign Policy tool is not available in the Web Administrator. For example.NSF). Security. Use the Assign Policy tool to apply explicit policies to existing Notes users or to groups. or Archive policy settings that are associated with an explicit policy can be distributed this way. Assigning explicit policies using the Assign Policy tool You can assign an explicit policy to a user or group. All changes to policy assignments are recorded in the log file (LOG. You can also add. or to change the assignment from one explicit policy to another. selects a policy settings document and make any changes to the settings. Assigning an explicit policy You assign explicit policies manually in one of three ways. Use this tool when you want to make changes to multiple users or groups. change. 2.

5. For the field “Allow replacement of an existing policy. 4. 3. click the People & Groups tab. In the Person document. Save the document. Do one: • Open the People view. in the Assigned policy field. • To remove an explicit policy assignment.” do one: • Check this option to replace an existing explicit policy with a new one. 5. click the People & Groups tab. Configuration Using Policies 9-41 . • Open the Groups view. do one: • To assign or change an explicit policy assignment. Make sure that you have at least Editor access to the Domino Directory or that you have Author access with the UserModifer role. • This option is not available if the selected user or if no users in the selected group have an explicit policy currently assigned. select one or more groups. From the Domino Administrator. From the Domino Administrator. Check the “Perform updates in background” option when you are assigning policies to a large number of users. 6. In the Policy field. Under Policy Management. Select the name of the person whose policy assignment you want to change. select one or more users.” 4. 2.viewing the way the policy assignment change impacts the effective policy for that user or group. 7. Choose Assign Policy. From the Person document 1. click the Administration tab. select the name of the explicit policy and delete it. 3. select a policy from the list. 6. click Groups. Make sure that you have at least Editor access to the Domino Directory and the ObjectModifier role. select the explicit policy you want to assign from the list. From the Assign Policy tool 1. and then from the Tools pane. click People. and click “Edit Person. and then open the People view. and then from the Tools pane. 2.

In the “Choose Organizational Policy” dialog box. (Optional) Click “View policy synopsis” to see the new effective policy.8.” 9-42 Administering the Domino System. 9. The policy tools are not available in the Web Administrator client. Volume 1 . For more information on deleting policies in the Web Administrator. choose the organizational policy you want to combine with the explicit policy to create the new effective policy. see the chapter “Setting up and Using Domino Administration Tools.

files. Even multiple-language documents can be indexed. or crawls. In order for the indexing server to build the index.” 10-1 . you must first create a Domain Catalog on the server — a database that controls which databases and file systems get indexed. and attachments that match a search query. you can index and search on documents regardless of their language. You can use the NOTES. which builds a domain wide index that all Domain Search queries run against. If users choose to display document summaries in their search results. Domain Search cannot create these summaries in all languages. When a user submits a query. To support Domain Search. files. and attachments from a centralized server.INI setting FT_Summ_Default_Language to specify which language the summary should default to in these cases. If the indexing server is set up as a Domino Web server. which Lotus Notes or Web users can use to search an entire Domino domain for documents. The indexing server then spiders.INI File. see the appendix “NOTES. you need to designate a Domino server as the indexing server. the results that the indexing server returns contain only database documents to which that user has appropriate access. For more information.Chapter 10 Setting Up Domain Search This chapter describes how to set up Domain Search. the servers that contain the content to be indexed. Configuration Domain Search Notes and Web users can use Domain Search to search an entire Domino domain for database documents. Support for multiple languages With Domain Search. it can support searches from both Lotus Notes and Web browsers.

problem-tracking databases. the Domain Catalog uses pull replication from the local catalogs rather than spiders every database. That way. and so on. discussion databases. or in cases where users already know what database they want to search in.Domain Search and single-database full-text search Single-database full-text indexing and domain indexing are distinct processes in Lotus Notes/Domino. You can shorten the time it takes to run the Catalog task by splitting it among several servers: Server A catalogs servers 1 to 25. If you have a very large number of databases to catalog. For information on setting up full-text indexes for single databases. and most likely you will want to use both. you can decrease network traffic by running the Catalog task nightly on all servers. or any database used for generating reports.” Implementing Domain Search Implementing Domain Search in a Domino domain involves these major tasks: • • • • • Planning the Domain Index Creating the Domain Index Customizing Domain Search forms Setting up Notes users for Domain Search Setting up Web users for Domain Search Server configurations for Domain Search This topic describes required and optional configurations for the servers you use for Domain Search. Server C catalogs servers 51 to 75. You might also want to have single-database full-text indexes on servers with restricted user access. Use Domain Search for less active databases such as archives and product specifications. Use full-text indexes for single databases for active databases such as mail files. see the chapter “Setting Up and Managing Full-text Indexes. Volume 1 . You can also limit the scope of the Domain Catalog by using the “Limit domain cataloging to the following servers” field. 10-2 Administering the Domino System. when the Catalog task runs on the server that contains the Domain Catalog. Configuration for the Domain Catalog It is best to set up the Domain Catalog on the same server that indexes the Domino domain. Server B catalogs servers 26 to 50.

Domain Search over a WAN If your organization is geographically dispersed. powerful.NSF). create a replica of the Domain Catalog on each of those clustered servers. Configuration Setting Up Domain Search 10-3 . To index data in different locations. If your organization has more than six Domino servers. If you use clustered indexing servers. Multiple processors. The cataloging server should access the WAN directly rather than through a hub server. and multiple high-volume drives will increase the efficiency and capabilities of searches. The indexing server should be fast. For indexing servers running Windows NT or Windows 2000. For more information. and have a large amount of disk space. a large amount of RAM.Configurations for the Domain Index The indexing server must be capable of handling the load of creating indexes and handling user queries. see the topic “Estimating the size of the Domain Index” later in this chapter. cataloging databases over a WAN is the only way that different locations can share a single Domain Index. thus eliminating the need for the indexing server to spider over the WAN. you can choose to replicate all databases to be indexed to servers in the same location as the indexing server. databases on servers with slow LAN connections should be replicated to ones with fast connections. the following minimum configuration is required: • • • An Intel Pentium II 350MHz processor 256MB RAM Free disk space equal to approximately 30 percent of the size of the data being indexed For information on estimating the size of the data to be indexed. dedicating one server as the indexing server provides optimal performance. Even within the same location. The servers containing the databases to be indexed should be ones with fast LAN connections. Consider clustering indexing servers to ensure greater reliability and fault-tolerance and to balance the load from user queries. see the book Administering Domino Clusters. because cataloging uses large amounts of processing resources. Tip You can use replication events in the Notes Log as a guide for determining which servers have fast connections by looking at the information for the Domain Catalog database (CATALOG.

use the “Limit domain wide indexing to the following servers” field to limit indexing to these servers. 6. 1. database catalogs. Use the Domain Catalog to control settings for which databases to index. and server statistics databases. At a minimum. Here is a methodology for planning the Domain Index. because this setting does not always replicate. database libraries. Event message databases. 10-4 Administering the Domino System. Analyze any security issues that implementing Domain Search in your organization might raise. Planning the Domain Index Because the initial process of spidering databases and file systems and creating a full-text index for an entire Domino domain can take days or even weeks. depending on hardware and the content being indexed. Use the Domino Administrator to assign each database to be indexed to one or more categories in the Domain Catalog and the search form. The more you have thought about what data sources should be indexed. and how much space your Domain Index requires. 2.Determine which servers the Catalog was able to do pull replication with in an average time of less than 1 minute. When you create the Domain Index. how they should be categorized in the Domain Catalog and search form. avoid indexing the following types of databases: Administration Requests databases. and adds time to the indexing process. 4. it is important to plan carefully before starting the indexing server. portfolio databases. mail databases. which indexes about 700MB to 1GB of information per hour. log databases. the less work you will have to do. Note Indexing unnecessary databases causes users’ search results to be less meaningful. takes up space on the server. Volume 1 . 3. (Optional) Prevent attachments from being indexed. (Optional) Use the Domain Catalog to control settings for which file systems to index. Reset the “Include in multi database index” database property for each replica on the servers to be indexed. 5. (Optional) Estimate the size of the Domain Index.

) These settings are saved to the Domain Catalog when the Catalog tasks runs.” Configuration Setting Up Domain Search 10-5 . Even if your organization is not implementing Domain Search. as well as the forms used to search the index. is rebuilding the views in the Domain Catalog after an update. Administrators specify which file systems to index by adding a File System document to the Domain Catalog for each file system on a server. The portions of the Domain Catalog of interest to the Domain Search administrator are those that indicate which databases and file systems the indexing server will include in the Domain Index. What can be time consuming.NTF template. Administrators can also control which databases are included in the Domain Index by customizing the selection formula for a hidden view ($MultiDbIndex) in the Domain Catalog.” (Administrators can configure this setting for multiple databases using the Domino Administrator. Because the Catalog task creates the Domain Catalog by using pull replication of the database catalogs on individual servers. Database designers and managers select a database for indexing by enabling the database property “Include in multi database indexing. updating the Domain Catalog is usually not a lengthy process if you have already created a database catalog on every server. see the chapter “Maintaining Databases.The Domain Catalog The Domain Catalog. controls which databases and file systems get indexed for Domain Search. see the chapter “Setting Up Database Libraries and Catalogs. a database that uses the CATALOG. the Domain Catalog is a useful administrative tool for such tasks as keeping track of the location of database replicas. however. For more information on creating database catalogs.” For more information on rebuilding views. You create the Domain Catalog by enabling the Catalog task on the server that will index the Domino domain.

and users in the Domino domain. The Catalog task uses pull replication to create the Domain Catalog from the individual catalogs you have created on servers throughout the Domino domain. 2. Hierarchy. Volume 1 . Creating the Domain Catalog You create the Domain Catalog by enabling the Catalog task on the server that hosts the Catalog for the Domino domain. The hidden views $MultiDbIndex and $FileSystem are the work queues for the Domain Indexer task. Use this view to see who has what level of access to the different databases in the domain. Level. Last-time indexed for databases included in the Domain Index. From the Domino Administrator. Server. select the server that you want to contain the Domain Catalog.Domain Catalog views The Domain Catalog’s views provide information about the databases. You can replicate the Domain Catalog to other Domain Catalog servers (such as those in a cluster). These views show which databases and file systems will be spidered to create the Domain Index. and Name. and server to ensure that the most recent replica (the one containing the greatest number of documents) is the one included in the Domain Index. Documents in the domain by Author. 3. View Access control lists Displays ACL information by Database. 10-6 Administering the Domino System. Click Current Server Document. Expand the Server section in the view pane. Replica ID. and Title. Content Databases Domain Indexer Status File Systems Hidden views You can display hidden views in the Domain Catalog by holding down CTRL-SHIFT as you open the Catalog. Databases in the domain by Category. The $MultiDbIndex view is sorted by replica ID. 4. Server tasks use hidden views to access information quickly. File systems and servers included in the Domain Catalog. Click the Configuration tab. Category. number of documents in the replica. servers. by both Server and Indexing Server. 1. and Date (if your organization has implemented document content categories).

or if important databases are missing from the view. Setting Up Domain Search 10-7 Configuration . Domino creates the Domain Catalog database based on the CATALOG. Tip Use this field to limit the scope of the Domain Catalog to regional locations or to expand its scope to multiple Domino domains by cataloging multiple Domain Catalog servers. Make sure the Catalog task is included in the ServerTasksAt1 setting in the server’s NOTES.” 10. Click OK. In the Domain Catalog field. The Administration Process creates the group LocalDomainCatalogServers in the Domino Directory and adds the server that contains the Domain Catalog to that group. Using $MultiDbIndex to view which databases will be indexed 1. 6. select Enabled. 7. all servers in the domain are cataloged.Database . either customize the $MultiDbIndex view’s selection formula or use the Domino Administrator to include or exclude databases. Select the cataloging server for the domain. select the servers that you want to include in the “Limit domain cataloging to the following servers” field. choose File .INI file. or use another method (start the Catalog task at the console or create a Program document) to run the task. Use wildcard characters to index all servers certified with a specific certifier — for example */Sales/East/Acme. If the field is blank (default).Domain Catalog tab. and then click the Server Tasks . and then select Domain Catalog.NTF template and adds entries to the ACL so the database replicates properly within the domain. 8. 9. Begin by using the hidden view $MultiDbIndex in the Domain Catalog to see which databases have already been selected to be included in the Index by database managers. Click Edit Server. Hold down CTRL-SHIFT and click Open. When the Catalog task starts for the first time. To change the scope of the Domain Catalog.5.Open. 3. such as personal mail databases or databases of limited interest. From the Domino Administrator. If you see databases in the view that should not be in your Domain Index. Click “Save and Close. Selecting which databases to include in the Domain Index The indexing server spiders databases that have the option “Include in multi database indexing” selected on the Design tab of the Database Properties box. The Domain Catalog opens and displays its hidden views. 2.

Domain Search selects the replica containing the greatest number of documents. Note If multiple replicas of a database were selected for indexing. Make sure you have Manager access in the ACL for each database you want to include or exclude. 2. followed by a line of information about each replica. Using $MultiDbIndex to change which databases will be indexed Customizing the selection formula for the $MultiDbIndex view is the simplest and best way to control which databases are included in the Domain Index. 10-8 Administering the Domino System. The following is an example of a custom selection formula. even if the “Include in multi database index” database property was set in the original databases. click $MultiDbIndex. "smoketestdata") & @Contains((server). 3. "hub") Using Domino Administrator to change which databases will be indexed You can use the Domino Administrator to select or deselect the “Include in multi database indexing” option on multiple databases at the same time. Volume 1 . Tip On the Files tab. make sure that the LocalDomainServers or LocalDomainCatalogServers group has at least Reader access to each database you want to include. Note If you want to include databases whose ACLs restrict default access. SELECT @IsAvailable(ReplicaID) & @IsUnavailable(RepositoryType) & @Contains((pathname).Manage to display its ACL. you might need to select those replicas now. In the view pane. In this example. Select the databases you want to include or exclude. From the Domino Administrator. Note If you plan to limit the servers to be indexed and have placed replicas on those servers. because this setting does not always replicate. select the server that contains the databases you want to include in or exclude from the Domain Index. The view displays the replica ID of each database that will be included in the Domain Index. 4.4. you can right-click a database and choose Access Control . the indexing server will ignore “Include in multi database indexing” settings and index only databases in the smoketestdata directory on servers that contain “hub” in the server name. Click the Files tab. 1.

click File Systems. the indexing server must also be set up as a Domino Web server. 5. Select Enable or Disable. Select the server that contains the file system you want to index. Assign categories for each database that you included. Choose File .” 7. select the server that contains the Domain Catalog. you can create a File System document in the Domain Catalog to specify which file system directories to include in the Domain Index. You can index any file system that resides on the indexing server or on a network resource mapped to that server. 2. 3. Setting Up Domain Search 10-9 Configuration . see the topic “Domain Search security” later in this chapter. For more information on file system security and Domain Search. This allows the server to return links to documents in the file system and to return those documents in response to queries from both Notes and Web clients.” Caution Domain Search filtering of results to users based on access works only with Domino databases. Select the Domain Catalog and click Open. Start the Domino Administrator or Notes client. see the topic “Assigning database categories for the Domain Search form” later in this chapter. 8. In the Tools pane on the right. Click OK.Database . 6. Selecting which file systems to include in the Domain Index For each server in a domain. Click “Add File System. For information on assigning categories. For information on setting up a Web server. see the chapter “Setting Up the Domino Web Server.Multi-Database Index. In the view pane. Complete the following steps for each server that has file systems you want to index.5. To select which file systems to include Add a reference to each file system in the File System document. as long as the server has at least Read access to the file system. 1.Open. For file system searches. 4. 6. 7. select Database . and then map the URL path to the file system directory so that the Domino Web server can retrieve the found documents for users. In the Server field.

click Add. as the portion of the incoming URL pattern that follows the forward slash (/). Whenever a user specifies a category on the search form. 12. Repeat Steps 8 through 11 to add more file systems to the list. Note Searching within categories is supported only for Domino databases. Use the Categories view in the Domain Catalog to see whether database managers have assigned databases to appropriate categories. select View . Create a Web Site Rule document for the Web site for this file system. Beside the “Current file system list” box. for example c:\lotus\domino\data\files. click Databases and then click By Categories to view a list of categories. use Database Properties for each database.8. 9. This step is needed to map the incoming URL pattern to the file system directory on the target server. 3. These categories appear on the search form to provide a user with a way to narrow a search. click “Save and Close. You must have Manager access to a database to create the categories. 13.” to associate with the file system. For more information. 2. To see information on the databases that have been included in each category. When you have completed the list. 10. Categories are also displayed in views of the database catalog and Domain Catalog. Click OK to add the file system to the list. In the view pane. Open the Domain Catalog. such as “files. see the chapter “Setting Up the Domino Web Server. Enter a keyword.” 15. To view the search categories 1. You need to use this keyword in Step 14. search results will not include any documents from file systems. 11. Volume 1 . To edit or add categories. In the Add File System dialog box. or enter this command at the server console so that the mapping settings take effect: tell http restart Assigning database categories for the Domain Search form On the Design tab of the Database Properties box. you can assign one or more categories to each database to be included in the Domain Index.” 14. Restart the server. 10-10 Administering the Domino System. enter the location of a file system to include.Expand All.

Database .Manage to display its ACL. From the Domino Administrator. Make sure “List in Database Catalog” is selected. Click the Files tab. 2. 2. In the view pane.To add or change search categories 1. In the Categories box.Properties. 3. 3. A small database with a lot of text can generate a larger index than a large database that has a lot of design elements. Choose File . choose File .Open. You can also use this view to find out which of these databases have already been indexed individually by their database managers — and use full-text index size as a more accurate indicator of the space a database will take up in the Domain Index. There is no easy way to measure the data in a database. Click the Design tab. 5. you can right-click a database and choose Access Control . From the Domino Administrator. 7. Hold down CTRL-SHIFT and click Open. Select the database that you want to categorize. 8. Select the cataloging server for the domain. 1. Separate category names with a comma. 4. not to the size of the database. 6.Database . Tip On the Files tab. You can use the hidden view $MultiDbIndex in the Domain Catalog to find the sizes of all databases selected for indexing. enter one or more categories for the database. but you can use a percentage of database size to estimate the size of the Domain Index. Configuration Estimating the size of the Domain Index The size of a Domain Index is related to the size of the data being indexed. 4. select the server that contains the databases to which you want to assign categories. Make sure you have Manager access in the ACL for each database to which you want to assign a category. and then select Domain Catalog. Setting Up Domain Search 10-11 . click ($MultiDbIndex).

the Domain Catalog contains a listing for all databases that includes each database’s ACL. . If this field is blank.exe. 40 percent if it is heavy on text. For each database listed. Volume 1 .mov.nsf.wav. .cca. .wpl. .pag.tif.dll. the indexing server indexes the replica on the server you include in the “Limit domain wide indexing to the following servers” field when you create the index. .jpg. For Domino to include a link to a result document in a user’s result set. . double-click the database entry to display the Database Entry document. .ntf. divide by 1024 twice. .mpg. . have at least Reader 10-12 Administering the Domino System. Add the values from Step 6 to obtain an estimate of the Domain Index in bytes. record a number between 20 and 40 percent of the value in the Database size field on the Database tab.mp3. . Excluding attachments from the Domain Index The following types of attachments are excluded from the Domain Index by default: . 6.dbd.img. . • If there is no value in the “Number of bytes indexed” field.zip. . . Record 20 percent if the database is heavy on design.p7m. 7.INI variable for the indexing server: FT_Index_Attachments=2 Domain Search security When a user performs a Domain Search on Domino databases.tar. .p7s. . set the following NOTES. .gif.5. Note If more than one replica of a database is listed. . Domain Search checks each result against the ACL of the database in which the result was found to verify that the user has access to read the document. . . To exclude all other types of document attachments.sys. the indexing server indexes the replica with the greatest number of documents. .au. To perform this check. . Do one of the following for each database set to be part of the Domain Index: • If there is a value in the “Number of bytes indexed” field on the Full Text tab. the user must have the necessary access to read the document — that is. record it. Tip To convert your estimate to megabytes.

a search might return a result to a user who cannot access the result document. Domino checks whether the user is included in the Readers field. If not. Tip If you want to index file systems for which security is a high priority.entry in the database access control list. If not.access to the database that includes the document and be included in the Readers field. • If the result document does not have a Readers field. you can attach the files to Notes documents in a database selected for indexing. the user can read the document. Otherwise.entry has less than Reader access. The security check works as follows: 1. • If the -Default. Domino checks whether the result document has a Readers field. users may not be able to access all search results or they might be able to discern confidential information from the existence of a particular search result. • If the result document has a Readers field. the user can read the document.entry has Reader access or greater. In some cases. If the user has Reader access or greater. and Domino returns the result in the result set. Thus. Caution The security checking works only for search results from Domino databases. Be sure to set file system security properly and index only file systems for which security is not a high priority. the user can read the document. • If the -Default. Search security and server access lists If you use server access lists within a domain to limit access to information. Configuration Setting Up Domain Search 10-13 . Results from file system searches depend on file system security — users see the search result even if they are not authorized to view the document. and Domino returns the result in the result set. Domino does not include the document in the result set because the user is not authorized to read that document. • If the user is included in the Readers field. and Domino returns the result in the result set. 2. Domino checks the -Default. if the document has one. Domino checks whether the user has Reader access or greater in the ACL. users might be able to discern confidential information from a search result. you might need to check the ACLs of databases on those servers to ensure that results are filtered. Domino does not include the document in the result set because the user is not authorized to read that document.

You use the Server document to enable the Domain Indexer task and set a schedule for it to run. 10-14 Administering the Domino System. the Acme corporation has two application servers.INI variable to FTG_No_Summary=1. To do this. (On Windows systems. Databases on the server have the -Defaultsetting in their ACLs set to Reader to ensure that /West/Acme users cannot access those databases. If you are running Domino on Windows and are not sure that you can properly maintain database ACLs. check the ACLs for databases that are protected by server access lists to ensure that they are set to filter correctly. Creating and updating the Domain Index The indexing server relies on the Domain Catalog to tell it which databases and file systems to include in the Domain Index. Note This example assumes that the indexing server has a certificate that allows access to both App-E/East/Acme and App-W/West/Acme. This ensures that when Domain Search checks the database ACL. Volume 1 . Acme users are certified with one of two organizational unit certifiers: /East/Acme or /West/Acme. App-E/East/Acme and App-W/West/Acme. By default. the Domain Indexer task runs once an hour. the database would be secured appropriately. document summaries are included in the search results if users select the Detailed Results option. in the absence of a server access list. App-E/East/Acme does not allow access to any user with a /West/Acme certificate. because /West/Acme users cannot access documents from those links. Change the ACL so that. To avoid this issue. it filters out results that users cannot access. assume that the server access list does not exist.) The server access lists continue to maintain database security in this environment.For example. /West/Acme users who query Domain Search might receive search results that include links to and summaries of documents in databases on App-E/East/Acme. but the mere existence of links and summaries could reveal confidential information to the /West/Acme users. you might want to prevent anyone from seeing document summaries by setting the indexing server’s NOTES. When Acme implements Domain Search. because the ACLs of those databases do not prohibit /West/Acme users from seeing those results.

” and then click the Server Tasks . make sure you have set up the indexing server. Click “Edit Server. b. Note The Catalog task that creates the Domain Catalog must have finished before you start the Domain Indexer task. enter the fully qualified name of the computer that serves as the indexing server. select the server that you want to be the indexing server. 5. 9.com. 4. Use wildcard characters to index all servers certified with a specific certifier — for example */Sales/East/Acme.acme. 7. Click the Internet Protocols . Configuration Setting Up Domain Search 10-15 . Click the Configuration tab.Domain Indexer tab.HTTP tab. c. Expand the Server section in the view pane. for example. Set the indexing schedule to meet the needs of your organization. Click OK. as well as each server to be spidered by the indexer. Click the Domino Web Engine tab. 3. 6. If you have Web clients. select Enabled. 10.To set the Domain Indexer task 1. For the host name. 8. For more information. If the field is blank (default). see the topic “The Domain Catalog” earlier in this chapter. servername. do the following to allow the indexing server to form valid URLs when the results of a search are displayed in a browser: a. 11. Make sure you have created the Domain Catalog on the indexing server. For more information on setting up a Domino Web server. see the chapter “Setting Up the Domino Web Server. Select the servers that you want to include in the index in the “Limit domain wide indexing to the following servers” field.” 2. 12. In the Schedule field. From the Domino Administrator. as a Domino Web server. If you have Web clients. the Domain Indexer indexes all databases for which the “Include in multi database indexing” property is enabled. Click Current Server Document.

13. Greater frequency results in more up-to-date indexes. the indexing server can index more databases simultaneously.” 14. enter the information for the indexing server. With fewer indexing threads.d. Volume 1 . By default. it looks in the Domain Catalog for new databases that have the “Include in multi database indexing” property enabled. Under Conversion/Display. select “By Database. e. Under Generating References to this Server. the Domain Indexer task runs every 60 minutes. but changes are not reflected in the index as quickly. but this requires more CPU utilization. Experiment with different indexing frequencies to yield the best results for your organization. adjust the frequency with which the Domain Indexer runs. response to queries is faster because of greater CPU availability. With a greater number of threads. It then looks for documents and files in existing databases and file systems that are new or changed since the last time it ran. 10-16 Administering the Domino System. You can also enhance search performance by tuning the number of indexing threads used by Domain Search. Click “Save and Close. Restart the server by entering this command: restart server The Domain Indexer runs when next scheduled. Make sure you use the server’s fully qualified domain name in the Host name field. Tuning Domain Indexer performance Each time the Domain Indexer task runs. Note The indexing server must complete the initial indexing pass before users can perform searches. and adds them to the Domain Index. it checks with the Domain Catalog to locate a replica of the database.” Selecting “By Database” allows the indexing server to resolve more URLs for users. but consumes greater CPU resources. and response to search queries may be slow. Each indexing thread indexes one repository at a time. If the indexing server can’t resolve the database link in a URL. To meet the specific needs of your organization. in the “Redirect to resolve external links” field. Check the Domain Indexer Status view in the Domain Catalog to be sure the initial pass is complete.

even on servers with more than four CPUs.INI setting: FT_Domain_Directory_Name=directory Deleting databases from the Domain Index You must have Manager access to a database to delete it from the Domain Index. select the server that contains the databases that you want to delete from the Domain Index. 7. You can change the location of the Index files by specifying a different directory in the following NOTES. By adding the variable FT_Domain_Idxthds=n to the NOTES.By default.DI in the Domino data directory of the indexing server. 2. 1. Setting Up Domain Search 10-17 . The database will be deleted from the index after the next update has been performed by both the Catalog task and the Domain Indexer task. Configuration Changing the location of Domain Index files By default Domain Index files are placed in a directory named FTDOMAIN. you can right-click a database and choose Access Control . 3. click Database and then select Multi-Database Index. you can control the total number of threads used for indexing on that server. Note Do not exceed eight threads per server or you may degrade the performance of the server.INI file of the indexing server. Select Disable. For example. 5. Make sure you have Manager access in the ACL for each database you want to delete. From the Domino Administrator. so a server with two CPUs uses four indexing threads when indexing. Select the databases you want to delete. In the Tools pane on the right. Note Removing a database from the Domain Catalog or deleting every copy of a database also has the effect of deleting the database from the Domain Index. 6. by adding “FT_Domain_Idxthds=8” to the NOTES.Manage to display its ACL. Tip On the Files tab. the indexing server uses two indexing threads per CPU.INI file of an indexing server with two CPUs. Click the Files tab. 4. Click OK. you change the number of indexing threads to eight.

users might use one form to search only Human Resources databases. see the book Application Development with Domino Designer.NSF) in the databases for transaction logging. Volume 1 . For more information on transaction logging. and presenting results. add a corporate logo to either form. For more information on using policy settings. and you can use setup policy settings (for new users) or desktop policy settings (for existing users) to provide bookmarks to the new forms to users.DI subdirectory on the indexing server as soon as the server has completed building the index for the first time. Backing up the Domain Index Make sure you back up the entire FTDOMAIN. see the chapter “Transaction Logging and Recovery. However.Backing up the Domain Index and Catalog Back up the Domain Index and the Domain Catalog as often as necessary to be useful to your organization. including forms for searching. An application developer can. Caution Before you back up the Domain Index. do not back up the Catalog while the Catalog task is running. for example. For more information on customizing search forms. see the chapter “Using Policies. Backing up the Domain Catalog You can include the Domain Catalog (CATALOG. catastrophic data loss can result. Both the search and results forms can be customized to suit organization-specific needs. Weekly backups are probably sufficient for most organizations. or use another form to store searches for future use.” 10-18 Administering the Domino System. The developer can create additional search forms. The bookmarks for search forms appear in the user’s More Bookmarks folder.” Customizing Domain Search forms Domain Search includes several default forms. For example. or rearrange the fields. specifying file systems. check the Domain Indexer Status view in the Domain Catalog to make sure that the Domain Indexer task has finished — if you attempt to back up the Domain Index while the Domain Indexer task is running.

Headline. Whenever existing users authenticate with their home server. record the name of the Domain Search server in setup policy settings.Results forms — where do the document titles come from? When viewing a Domain Search results form. If the Indexer can’t find any of these items. record the server’s name in desktop policy settings. For more information on policy settings. you can use policies to automate the process of setting up Domain Search for new or existing Notes users in that domain. “Document has no title” is displayed in the results. For information on how users perform domain searches. and view summary (using the default form and default view). Setup policy settings populate the new user’s Location document at registration. For HTML files. The Indexer checks each document for the following Notes fields or items that might represent the document’s title: Title. window title (as designated by the developer of that Domino application).INI file: FT_No_Compwintitle=1 In file systems such as IBM Lotus SmartSuite® or Microsoft® Office. see Lotus Notes 6 Help. Subject. TITLE and AUTHOR tags are used. the title and author are extracted from the document properties fields. Note Computing the window title for large numbers of documents requires CPU utilization. Using Policies After you set up a Domain Search server for a Domino domain. Lotus Notes checks desktop policy settings and updates the current Location document with the name of the Domain Search server. see the chapter “Using Policies. Setting Up Domain Search 10-19 . For new users. it can be helpful to know where the Domain Indexer finds the document titles that it displays in the results. for existing users.” Manual setup from a Notes workstation The following circumstances require users to set up Domain Search at their workstations. Configuration Setting up Notes users for Domain Search Notes users can perform domain searches as soon as you add the designated indexing server to the “Catalog/Domain Search server” field in their Location documents. You can omit this computation by adding the following setting in the indexing server’s NOTES. and Topic field.

Click Save and Close. must be set up as Domino Web servers. the indexing server. the “Catalog/domain search server” field reverts to the policy setting the next time the users authenticate with their home server. 10-20 Administering the Domino System. enter the name of the indexing server. b. the Web application developer must add to the site’s home page a link to the search form.• • • A new user wants to do a domain search before the workstation has authenticated with its home server.Mobile . 3. users can bookmark the search form from that server while they are performing a search. Notes returns an error. Do the following for each location for which you want to use Domain Search: a. In the “Catalog/domain search server” field.” When you are ready to roll out Domain Search to Web users. A user wants to do a domain search in a Domino domain other than the one to which the user belongs. Tip If users enter the name of an indexing server in a Domino domain other than their own but you have included the name of their indexing server in the desktop policy settings applied to them. Click the Servers tab.Edit Current Location. see the chapter “Setting Up the Domino Web Server. For information on setting up a Domino Web server. c. which is contained in the Domain Catalog on the indexing server. as well as all the servers being spidered by the indexer. Note If the user enters the name of the indexing server incorrectly or specifies a server that is not an indexing server. Choose File . To perform the setup: 1. Start the Notes client. A user wants to be able to do domain searches from alternate Notes locations. 2. Setting up Web users for Domain Search For Web users to have access to Domain Search functionality. Volume 1 . To preserve links to an indexing server in another Domino domain.

• To assign the document to a new category. Configuration Using content maps with Domain Search Content maps let users browse for information rather than search for it using full-text search.Document Properties. Click the Meta tab (plus sign). or content. navigate to the Web page by clicking the Open URL icon (top right) and entering the URL in the Address field. You assign content categories from a Lotus Notes client. into categories that are similar to the categories on sites such as AltaVista and Yahoo! You can assign document content categories for documents in the Domain Catalog to organize information in a content map. and click OK. Do one of the following: • To assign the document to an existing category. Choose File . 4. in the Lotus Notes client. Content maps organize documents by topics. select one or more categories. Setting Up Domain Search 10-21 . Then. • To categorize a Web URL. your search results display links that can be successfully followed to each document found.nsf?domainquery When the search form displays. substituting the common name of your indexing server for servername: http://servername/catalog. 1. click Categorize. Enter the following command in your browser. make sure that the default browser in your Location document is set to Lotus Notes. navigate to the document. 3. and you must have Author access to the Domain Catalog database.To see for yourself what performing a domain search is like for a browser user. Start the Lotus Notes client. You must have at least Editor access to the document (or Author access if you created the document). To assign content categories You can assign content categories to both Lotus Notes documents and Web URLs. Do one of the following: • To categorize a Notes document. If you have properly configured the indexing server and the servers holding the data. you can use a URL command in your browser to simulate such a link. 5. type the category name in the Keywords field. you can define your search. 2.

to enable it. 4. Click the arrow to the right of the search icon: 3. try clicking another field on the Meta tab. To view content categories The Domain Catalog displays content categories in the Content . Click “Post to Catalog. or click another tab and then return to the Meta tab. click Content and then click By Category.By Category view. Double-click a document or URL title to open a link to the document or URL. To change content categories You change content categories by editing the DocContent Link documents in the Domain Catalog. 6. Start the Lotus Notes client. 5. 7. see the book Application Development with Domino Designer. click Content and then click By Category. 2. 4. Click Browse Catalog. 2. Volume 1 . You can customize the Content by Category view to suit organization-specific needs. click this button to add a content categories document for the URL to the Content by Category view in the Domain Catalog. In the view pane. 1. Start the Lotus Notes client. 1. For a Lotus Notes document. Click Browse Catalog. For a Web URL. Choose Domain Search. Expand the categories to display document and URL titles. 10-22 Administering the Domino System. You must have Editor access to the Domain Catalog. 5. 3. 6.” Note If the “Post to Catalog” button is dimmed. Click the arrow to the right of the search icon.6. Choose Domain Search. For more information on customizing views. Expand the categories to display document or URL titles. In the view pane. click the “Post to Catalog” button to add content category information to hidden meta fields in the document header and to add a content categories document for the document to the Content by Category view in the Domain Catalog.

7. This displays the DocContent Link document for the entry. Click “Save and Close. Specifies the language for document summaries in search results whenever the language in the document is not supported by the summary feature. Select an entry to re-categorize and choose Actions . Setting FT_Domain_Directory_Name FT_Domain_Idxthds FT_Index_Attachments Description Specifies the directory for the Domain Index files on the indexing server. 9. Configuration NOTES.INI settings that pertain specifically to Domain Search. For more information on these settings.INI File” appendix. see the “NOTES. Specifies the total number of threads used for indexing by the indexing server. 8. Specifies whether to compute the window titles for documents that are returned by a search.” Note This procedure updates the category information for this entry in the Domain Catalog but does not change the category information saved in the meta fields of the document itself. Specify a new category in the Keyword field. FT_No_Compwintitle FT_Summ_Default_Language FTG_No_Summary Setting Up Domain Search 10-23 . Specifies whether to exclude document attachments not already excluded by default from the Domain Index.Edit Document. Specifies whether to display document summaries in search results.INI settings for Domain Search The following table describes the NOTES.

.

sort. delete. edit. Users can compose. retains application logic. The developer copies a number of elements into the subscription. Configuration Domino Off-Line Services Domino Off-Line Services (DOLS) provides a way for users to take IBM Lotus Domino Release 6 Web applications offline. makes changes to the Offline Subscription Configuration Profile document if necessary. agent execution. makes design changes if necessary.Chapter 11 Setting Up Domino Off-Line Services This chapter explains how to enable an application to go offline with Domino Off-Line Services (DOLS) and how to administer DOLS applications on the Domino 6 server. 11-1 . Nearly all Notes functionality is retained when a DOLS-enabled application (called a subscription) is taken offline. and supports the full Notes security model. work in them. The administrator makes sure DOLS is installed properly on the server. and synchronize the changes with an online replica on the Domino server. and workflow. Users are not required to have IBM Lotus Notes 6 client because the applications are accessed with a browser. DOLS subscriptions can make full use of Java applets. and configures the subscription in the Offline Subscription Configuration Profile document. DOLS also supports full data replication. and categorize Notes documents. and perform full-text searches. and helps users install the subscription. sets security for the subscription. sets up agents. The developer and administrator must set up and configure a DOLS subscription for offline use.

4. 3. Creating a DOLS Offline Security Policy document.Once the subscription is enabled. see the chapter “Installation. If the offline security policy is “Prompt for ID. Users can open subscriptions online or offline. the subscription is installed on their computer. Overview of DOLS administrator tasks Developers and administrators perform different tasks to prepare a DOLS subscription for users. 11-2 Administering the Domino System. For more information on setting up DOLS on a server. Send users the URL of the subscription. Also installed on their computer is the Lotus iNotes™ Sync Manager. When the user selects “install” from the menu. The user clicks in a new frame on the subscription’s main page to open a JavaScript menu. synchronize. Increasing security for DOLS subscriptions. Increasing the server’s output timeout for DOLS downloads.” 2. Configuring the DOLS subscription. Volume 1 . Setting up agents for the DOLS subscription. For more information. 7. Administrators perform the following tasks: 1. Setting up DOLS on a server. 6. a utility for managing DOLS subscriptions. see the Lotus iNotes Sync Manager Help (available from the Help menu of the Lotus iNotes Sync Manager).” also make sure they have a Notes user ID and Internet password so they can open the subscription. users can access it on the server using a browser. 5. and set subscription properties with the Sync Manager.

If the Web application has appropriate security levels set in the ACL. This authentication is also handled by the Web Server. the user is prompted to log into the Web application using their name and Internet password. Domino Server nHTTP 1b Configuration Web App Network 1a Network Browser PC Client Typically. also called the nHTTP task (1a). Setting Up Domino Off-Line Services 11-3 . along with the path and name of a DOLS-enabled Web application on that server.How DOLS works The following diagrams show how the iNotes Sync Manager gets installed. and how it supports Web applications offline. and the Web Server then communicates with the Web application (1b). The browser contacts the server through the Web Server task. the first step is for a user to enter the URL of a Domino server. into their browser.

. If not.” to start downloading the application to their computer.. Volume 1 . notices the OCD request. These file sets are used to install the iNotes Sync Manager software.Domino Server nHTTP DOLS File Sets Network 2b DOLS Filter 2c 2a Network Browser 2d DOLS File Sets PC Client If the application is DOLS-enabled. the user sees the DOLS Web Control when they open the application.. listening for URL Web server requests.” the application requests the OCD (2a). When the user selects “Install Subscription... the filter tells the browser to begin downloading a set of DOLS File Sets to the client over the HTTP connection (2b). and an Offline Configuration Document (OCD) was created and saved. The filter queries the client to determine if the iNotes Sync Manager (iNSM) client software is already installed. 11-4 Administering the Domino System. The user clicks the Web control and selects “Install Subscription. A special DSAPI filter file on the server.

Setting Up Domino Off-Line Services 11-5 . they are uncompressed. Domino replication connection performs a number of operations to download and initialize the application on the client (4b).Domino Server Web App Network 4a Network nRPC Configuration Browser iNotes Sync Mgr 4b 3 Web App PC Client DOLS File Sets Once the DOLS File Sets are downloaded. which initiates a Remote Procedure Call (nRPC) connection with the Domino server (4a). and the iNotes Sync Manager launches (3). This secure. as well as security information to ensure that the user on the client has access to only the data to which they had access on the server. full-text indexes of all offline databases can be created if the user requests it. a subscription of the application exists on the client. Their contents are adjusted according to Administrator and user settings. and launches a Sync Task. A subscription includes all databases that were listed in the OCD as making up the application. The Sync Manager then configures the client for the incoming application. Also. When synchronization is complete.

Any data the user creates. Volume 1 . The local Web Server then validates the user’s login and password information. The Sync Manager tells the local Web server to connect with the local browser (5b). and displays the application offline (locally) just as it would display it online (on the server).” The Sync Manager launches a local copy of the Web Server and the local browser (5a). they select it from a list in the Sync Manager and click “Open Offline. 11-6 Administering the Domino System.Domino Server Network Network 5b Browser 5a Local nHTTP 5c iNotes Sync Mgr Web App PC Client When the user wants to open the application offline. and saves while using the offline application is stored in the local version of the application. modifies. and with the offline copy of the application (5c).

Any outgoing e-mail which has accumuIated in the local mail. you can generate IDs automatically for users inside the company. To create an Offline Security Policy Document. For example. Creating a DOLS Off-line Security Policy document Use Offline Security Policy documents to set different ID policies for users in different domains. The Sync Task then replicates any or all data between the client copy of the application to the server copy.Domino Server Web App Network 6a Network nRPC Configuration iNotes Sync Mgr 6b Web App PC Client In order to synchronize the data between the offline and online versions of the application. Open Lotus Domino Administrator 6. do the following: 1. Any changes to the security levels of the online application are synchronized offline. but require users in a domain outside the company to provide IDs you have given them. either by the user’s command or automatically on a schedule. Setting Up Domino Off-Line Services 11-7 . the user may disconnect from the network and continue using the application offline. Click the Configuration tab. which again creates an nRPC connection to the Domino server (6a). the Sync Manager.box file is copied to the server and dispatched to the mail router task for delivery. 3. Click Offline Services. launches the Sync Task. When synchronization is complete. 2.

Use the Domino Directory for ID lookup Before installation. you should automatically generate a user ID against a subcertifier (for example. This is the default ID deployment policy. All users in this domain are subject to the deployment policy you set in this document. You may also want to generate the user ID in a new domain. set the password. Before the subscription installs. Fill out the following fields in the Basics tab: Field Security domain Description Enter the domain that this policy affects. It is recommended that you do not attach the absolute root certifier for your organization (for example. /Cambridge/Lotus includes users in /Security/Cambridge/Lotus and /Dev/Cambridge/Lotus. or /Company (include the leading slash). The Lookup tab appears when this option is selected. Prompt for ID during download Automatically generate Before installation. continued 11-8 Administering the Domino System. Click Security. users are asked to specify where on their computer their user ID is stored.4. the server looks for an existing user ID in the Domino Directory (formerly called the Names and Address book). For example. Instead. a certifier ID is generated for the user automatically. /NewUsers/Lotus). 5.” 6. Enter the relative path for the Domino Directory that contains the IDs. user IDs The Automatic tab appears when this option is selected. Click “New Security Policy. /Lotus). Volume 1 . The administrator must provide an ID to the user. /US/Company. The domain specified in this field includes users one level down from the root. For example. Click this tab and attach the certifer ID to be generated. and set the ID expiration date.

Configuration ID Management 7. The certifier ID file attached here must share the same root certifier as the server’s ID for DOLS. 03/31/2006. Overwrite existing user IDs. Caution This setting should not be turned on in an enterprise that uses encrypted subscriptions. Select this box to set the Domino server to behave appropriately with “Roaming users” who access the subscription. The password.Field Roaming User Description Override security policy for roaming users.nsf). The certifier ID must support the Security domain specified in the “Security domain” field. then either /A/B/C. Password for certifier ID Expiration date to set on created user IDs Setting Up Domino Off-Line Services 11-9 . For example. Enter the password for the certifier ID. For example. the user may receive replication errors about a lack of cross-certifiers. and find the user’s ID on the user’s home server. must be correct or the user will not be able to install. If they do not share the same root certifier. ignore the current security policy. or /C would be acceptable certifiers. Select or enter an expiration date for the ID. Select this box to have user’s offline ID overwritten with a new ID each time they install a subscription. Users whose IDs are overwritten will not be able to open an offline subscription encrypted with a key from the previous ID. If you selected “Automatically generate user IDs.” fill out the following fields in the Automatic tab: Field Certifier ID to use Description Attach a certifier ID to this rich text field. if the Security domain is /A/B/C. which is case-sensitive. Make sure you protect stored passwords by appropriately restricting the ACL of this database (doladmin. /B/C. The server will recognize the user as a Roaming user.

open the subscription’s “DOLS Offline Configuration” form in Lotus Domino Designer 6 and change security settings in the Form properties. encrypt the subscription in the Offline Subscription Configuration Profile document.NTF. If you selected “Use NAB for ID lookup.” fill out the following fields in the Lookup tab: Field Address book to look up ID files from Description Enter the database filename. make sure the subscriptions are set to inherit design changes from the DOLS Resource template (DOLRES.” Tighten security on offline data Tighten security for all subscriptions on the server 11-10 Administering the Domino System. see the topic “Synchonizing databases with master templates.” Tighten security on the configuration document To limit who can open and edit the Offline Subscription Configuration Profile document for a particular subscription. with relative path. of the directory where your server’s user IDs reside. change the setting in DOLRES. Increasing security for DOLS subscriptions You have several options for increasing security on DOLS subscriptions: Option Description Tighten access to the database Open the ACL for the subscription and add the users and groups to whom you want to grant access. To propagate a security setting to all the existing DOLS subscriptions on a server. Anonymous must have “No Access.8. For more information on the Designer task. with ID files attached to each person document.NTF). then run the Designer task. The target database must have standard NAB views and documents. To ensure that unsanctioned users cannot access the subscription data offline using another software product. Volume 1 .

Choose Actions . then the HTTP tab. 2. Copy the appropriate design elements into the main database. 3. enter it. 4. Change this accordingly. In the navigation pane. even if the subscription has multiple databases.Edit Offline Configuration to open the document. Click the Basics tab. Open the database in Notes. Note that some of the fields have default values. which you can change. click Server . To increase the server output time: 1. Open Lotus Domino Administrator 6. The name of the main database should be in the “Subscription title” field. The main database is the database in the subscription from which the user downloads the subscription. Click the Internet Protocols tab. You can change configuration settings even after users have downloaded the subscription. depending on the speed of your connection. Change the “Output timeout” field to 18000 seconds to allow enough time for downloads. 3. If it is not. Configuration Configuring the DOLS subscription You choose configuration settings for the subscription in the Offline Subscription Configuration Profile document. Setting Up Domino Off-Line Services 11-11 .Current Server Document. The configuration document must be stored in the main database. You can use wild card characters in any field.Increasing the server’s output timeout for DOLS downloads DOLS administrators should increase the output timeout time if users will be installing the DOLS file set over a phone line. 2. You must edit and save a configuration document in every subscription even if you make no changes to the document. A subscription can have only one configuration document. To edit the configuration document 1.

NTF) for Web Mail or iNotes • Default Language Access for Microsoft Outlook users.exe -z -r -u For more information on custom file sets. separate the services with commas. • Java classes and applets MAPI enablement is available only when you • Custom Services use the Extended Mail Template • MAPI enablement (MAIL6EX.exe [SetupArguments]]. LotusScript and unscheduled agents (such as Web open).5. see the topic “Creating custom file sets for a DOLS subscription. MAPI (required) enablement. Custom services to install offline This field is available only when you select the “Custom services” box. Volume 1 . Custom services have the following syntax: CustomServiceName [Setup. Click the Services tab and fill in the following fields.exe -z -r -u.” 11-12 Administering the Domino System. Choose a default language for the Web Control menu and the iNotes Sync Manager. For example: mycustomname mysetupfile. For example: mycustomname mysetupfile. Enter the name of custom service files to be unpacked and executed on the user’s computer during installation of the subscription.exe -z -r -u If you specify more than custom service. mycustomname2 mysetupfile2. or custom services. • Full-Text Indexing Select the appropriate boxes so that only files • LotusScript and the users actually need are downloaded to unscheduled agents their machine. Java • Basic services back-end classes and applets. Name of Field Action Domino services to install The offline subscription may need support for offline full-text indexing. Users can override this setting by selecting a different language from the Web Control menu.

then specify the day of the month you want the synchronization to occur. The user can override this setting in the offline synchronization properties. Select this field. Click the Schedule tab and complete the following fields. you can enter 180 minutes or 3 hours. Select this field. Note that the user can override most of these fields from within the Subscription Properties box of the iNotes Sync Manager. The subscription only synchronizes once. For example. when it is installed. Enter a number and then choose either minutes or hours. then check the days you want the synchronization to occur. Action Configuration Interval Limitations Stop synchronization at Recurrence exceptions Schedule disabled Select this box to make a disabled synchronization schedule the default state. Setting Up Domino Off-Line Services 11-13 . Specify the time between repeating synchronizations. Name of Field Type of schedule Daily Weekly Monthly Start time Frequency Repeating schedule Select this box if you want synchronization to repeat at certain intervals after the initial start time. Specify the time you want the synchronization to stop. then specify the time of day you want synchronization to occur. Select this field.6. Enter the time of day for the subscription to start scheduled synchronization.

Click the Sync Options tab and complete the following fields: Name of Field File Rules Required files to replicate Enter the subscription’s required files. For example. you may want to download a related Help database or an archived discussion database as an optional file. templates or directories that are automatically installed offline. continued Description Optional files to replicate 11-14 Administering the Domino System. and are replicated every time the subscription is synchronized. templates or directories that can be enabled or disabled in the sync manager for offline installation and replication. the new databases are automatically downloaded and synchronized. and the data is removed at next synchronization.7. Volume 1 . For example. Enable replication of optional files by default: Select this box to automatically download and synchronize new databases found in the subscription’s directories on the server. Optional files are databases. if one of the optional databases is designed to create new databases.” meaning only the design is replicated. see the topic “Creating multiple database DOLS subscriptions. Users can open Sync Properties. users can disable an optional file. All optional files and directories must be specified relative to the server’s data directory. The data is then replicated at the next synchronization. select the database. in addition to the required file(s). click the Sync Options tab.” Enter the subscription’s optional files. Required files are databases. Optional databases replicate as “stubs. All required files and directories must be specified relative to the server’s data directory. and deselect the disable box. For tips on using directory names and wildcards when you specify more than one Required file or Optional file. To save disk space.

In order for iNotes Access for Outlook users.INI file. you can leave this field blank and the server’s default offline catalog is replicated with the subscription. Encryption prevents an unauthorized user from accessing the offline subscription’s data using another software product. Do not encrypt the database from the Database Properties box. Then select the level of encryption. continued Setting Up Domino Off-Line Services 11-15 Configuration . An unencrypted subscription may not be able to open an encrypted file. dircats\mydircat.nsf). Then enter the file name. Using strong encryption causes a database to open more slowly than it would using a weaker encryption or no encryption. If the server administrator has specified a default offline directory catalog for the server by adding $DOLSDirectoryCatalog = nameofcatalog.Name of Field Description Directory catalog Synchronize directory catalog: Select this box to install a directory catalog with the subscription. including the NSF extension. For more information on using directory catalogs with DOLS. If the subscription has multiple databases. including directory path. If the subscription has a shared file. all of these databases are encrypted. Choose the “Replicate as an optional file” checkbox to specify the catalog as an optional file. Use the Offline Subscription Configuration document to prevent unauthorized users from reading subscription data using other applications. or iNotes Access for Web Mail users. to take a directory catalog offline. the “Enable replication of optional files by default” checkbox must be checked for the catalog to replicate the first time. to the $DOLSDirectoryCatalog setting in the server’s NOTES. Encryption Encrypt this subscription: Select the box to enable encryption. you must encrypt all susbcriptions sharing the file.INI on the server. If the directory catalog is specified an optional file.nsf to the NOTES. of the catalog database on the server (for example. A catalog filename specified here will override the server’s default offline directory catalog. you must add the name of a directory catalog. see the topic “Adding a directory catalog to the application” before adding one to your subscription.

The user can override this setting. If warnings are displayed during the synchronization process. Limit subscription size to [number] MB: Select this box to specify the maximum size in megabytes of the entire offline subscription. continued Route mail on client shutdown 11-16 Administering the Domino System.Name of Field Sync Options Date Filtering Description Only sync documents modified within the last [number] days: Select this box to preset a default. The user can override this setting. Be careful not to specify a size that may be too limiting. Compact Select this box to force the subscription to compact after subscription after synchronization. sync Notify on completion of sync Select this box if you want the user to receive a message when synchronization is complete. Halt Conditions Sync Options: Optional actions Full-Text Index Select this box to force full-text indexing of the subscription after subscription after synchronization. You cannot specify a number less than 10. each warning message will display. Once installed. Volume 1 . only documents created or modified in the last 30 days will synchronize. if you specify 30 days. For example. You cannot specify a number less than 10. users can reset this for each subscription file using the iNotes Sync Manager. The user can override this setting. The offline subscription may not be fully operational if synchronization is interrupted prematurely. Limit database size to [number] MB: Select this box to specify the maximum size in megabytes of the offline database. The user can sync override this setting. You can preset an automatic halt to the offline synchronization when a database exceeds a particular size. Select this box so that pending outgoing mail messages are sent before the user exits from the iNotes Sync Manager. and this option is selected. or when the subscription as a whole exceeds a particular size. date-based filter on all databases created offline.

Not selecting this box allows users to prevent the changes from occurring on their subscriptions. The user can override this setting. Click the Admin tab and complete the following fields: Name of field Push subscription settings: Action Push subscription settings to iNotes Sync Manager. If the user then installs another subscription that uses dircat1. This box is only visible when “Push subscription settings to iNotes Sync Manager” is selected. continued Setting Up Domino Off-Line Services 11-17 . Configuration Allow per-user Select this box to allow the subscription to share a file with another subscription.nsf.nsf. The following are the only settings and actions that cannot be changed on the user’s computer unless the user deletes and reinstalls the subscription. 8. as long as as the same user shared subscription data has installed both files.. down to the iNotes Sync Manager (on the client). Select this box so that the subscription can be installed to a client with a Notes multi-user setup. Select this box to force the user to accept changes in the Offline Subscription Configuration Profile document. Subscription data is stored in the user’s personal profile data directory. For example. All subscriptions that share the same file must be either encrypted or not encrypted. the two subscriptions share dircat1. Encryption Per-user shared subscriptions Multi-user data directories Passthru server settings Optional TCP/IP addresses A change in the subscription title Adding new services or custom filesets Deleting or moving the main.nsf Force user to accept subscription changes.nsf. Non-encrypted subscriptions may not be able to share a file that is encrypted. without requiring a reinstallation of the subscription. and also selects this option. a user installs this subscription with the directory catalog dircat1.Name of Field Replicate on client shutdown Use multi-user data directory Description Select this box so that synchronization occurs before the user exits from the iNotes Sync Manager. Select this box to push changes made to the active Off-Line Subscription Configuration Profile Document (on the server).

Sync Options tab of the subscription on the user’s computer.Name of field Read only subscription settings: Action Make schedule read-only. Make sync options read-only. If users connect to the host server through a passthru server. the addresses must be for the passthru server. Select this box to provide primary and/or secondary TCPIP addresses for the destination Domino server hosting the subscription. or by using the “Push subscription settings” feature. the iNotes Sync Manager tries the secondary address to connect to the server. This is especially useful for users who access the server through both an intranet and an extranet. If the primary address is not reachable. Alternatively. Use optional TCP/IP address to connect to destination server. Select this box to dim the scheduled replication settings in the Properties dialog Schedule tab of the subscription on the user’s computer. Use passthru server to connect to destination server. an administrator can configure these settings for all the subscriptions hosted on a particular server by adding addresses to the $DOLS_TCPIPAddress and $DOLS_TCPIPAddress2 settings in the server’s NOTES. Select this box to use a passthru server to connect to the Domino server that hosts the subscription. You must enter the name of the passthru server. Passthru server settings: Network Settings: 11-18 Administering the Domino System. or by using the “Push subscription settings” feature. Volume 1 . Select this box to dim the Sync Options settings in the Properties dialog . Then enter the name of the primary and secondary addresses.INI. You can push this to users by selecting it before they install the subscription. You can push this to users by selecting it before they install the subscription.

The download page is what users see while they’re installing a subscription. HTML.” An agent’s signer can be the user who created it.9. such as a new mail document arriving. Because they can be powerful tools. (Optional) Customize the subscription. warnings. This provides more control and security. or images in the rich-text field below the default text and graphics. or a user or organization designated by an administrator. Save and close the configuration document. company graphics. see the topic “Optional tasks for DOLS developers. For more information on customizing the subscription. Save and close the subscription. HTML. or images. Setting Up Domino Off-Line Services 11-19 . on a schedule. Triggered agents are activated by a user action. they must have permission from the server to perform their actions. Scheduled agents run automatically. Note There are also two kinds of agents: triggered and scheduled. You can add text. 12.” Configuration Setting up agents for the DOLS subscription Agents are small programs that perform actions in a subscription. 11. For an agent to perform actions on a server an administrator must add its signer. (Optional) At the bottom of the configuration document. Agents inherit the permissions of their “signer. Only triggered agents work offline. or a group the signer is in. because the dummy user won’t do anything the administrator doesn’t want done. to the Server document (Security Agent Restrictions). An administrator can also register a “dummy” user on the server and make it the signer of agents. like clicking a button or selecting a menu item. so administrators must be careful about the permissions of agents that perform restricted actions. 10. • Select “Display only the custom contents below” to create a download page. select whether to display the default download page or create your own download page. Restricted actions can potentially cause serious damage to the server. or when events happen inside a database. A rich-text field appears in which you can add text. Agents can perform both unrestricted actions and restricted actions. It’s useful for showing instructions. or tips. Do one of the following: • Leave “Display default download page contents” selected to have the download page contain the default text and graphics.

ID is cross-certified with the DOLCERT. NewDevelopment/IBM).id creates cross-certificates issued by “O=DOLS. Use the DOLCert. If the subscription uses unrestricted agents. Otherwise.Run as web user). You can use the ID file or public key for the agent user and organization to generate cross-certificates. In the Server document. Add the full names of the signers of the restricted agents to the “DOLS_Restricted_Agents” group. Otherwise. do the following to make them work offline. 4. DOLCert. Volume 1 . NewDevelopment/IBM). 3.ID. Add the full names of the signers of the unrestricted agents to the “DOLS_Unrestricted_Agents” group.id (in the Domino data directory) as the certifier ID to create cross-certificates for each user or organization you specified as being able to execute agents. Note If a database uses agents. use the full name of its signer.Agent Restrictions section. make sure they’re all signed and that the server’s CERT. use the full name of the signer who modified it last (for example. 7. 5.Design tab .Design tab . If an agent has been configured to run as a Web user (Agent Properties . Make sure agent signers have at least Editor access in the ACLs of all databases where the agent runs. 11-20 Administering the Domino System. use the full name of the signer who modified it last (for example. on the Security tab . create a group called “DOLS_Unrestricted_Agents” in the Domino Directory. If the subscription contains restricted agents. 1. use the full name of its signer.Run as Web user).” There may already be cross-certificates issued by the Lotus Domino 6 server for these names. Add “DOLS_Unrestricted_Agents” to the “Run unrestricted LotusScript/Java agents” field. add “DOLS_Restricted_Agents” to the “Run restricted LotusScript/Java agents” field. If an agent has been configured to run as a Web user (Agent Properties . 2.If a subscription contains triggered agents. 6. create a group called “DOLS_Restricted_Agents” in the Domino Directory.

Once you do this. open the NOTES. • Adding a catalog means more for a user to download. 3. Enter the name of the catalog in the “Directory Catalog” field in the Rules tab. you may want to create a directory catalog specifically for offline users.nsf (nameofcatalog being the actual name of the catalog). Open the Offline Subscription Configuration Profile document. you can create a field that looks up a catalog’s name on the server record and populates the “Directory catalog to replicate” field with that name.INI file on the server and add the line $DOLSDirectoryCatalog=nameofcatalog. 2. You must add a default catalog for iNotes Access for Outlook users. • To add a default catalog. Read the following. • From the DOLS Customize subform. To add a directory catalog to a subscription: 1.Optional tasks for DOLS administrators In addition to required administration tasks. which contains only the information they absolutely need. Configuration Setting Up Domino Off-Line Services 11-21 . there are a few optional tasks for the administrator: Adding a directory catalog to the subscription Viewing DOLS download information Reducing DOLS download time with the client installation CD Reducing DOLS download time with selective replication Web Control instructions for DOLS users Adding a directory catalog to a DOLS subscription Adding a directory catalog to a DOLS subscription allows users to take Domino Directory information offline. To keep download time reasonable. you don’t need to specify a catalog in the “Directory catalog to replicate” field in the Offline Configuration Profile document.

Choose replication settings: For example. offline users will not be able to open their offline applications: |Form="DOLSOfflineConfiguration" The following example shows a selective replication formula with the required text: SELECT From=@UserName|Form="DOLSOfflineConfiguration" 7. 5. the names of the applications downloaded. click OK. Open the Database Properties box. Note DOLS requires that you add the following text to any selective replication formula that you create.Settings apply to that user only.Settings apply to all users of the subscription. Reducing DOLS download time with selective replication By controlling what is replicated offline. To set limits on what users take offline. In the “Replication Settings” dialog box. In the Users view. you can check “Replicate a subset of documents” and choose the folders and views you want synchronized to the user’s machine. Open a document to see all the information on a particular download. 2. Then click Offline Services . click the Configuration tab in Lotus Domino Administrator 6. you can control the size of a subscription and reduce download time for remote users who may have a slow connection. Open the main subscription. do the following: 1. 11-22 Administering the Domino System. Enter one of the following in the “When computer” field: • “OfflineSync/DOLS” . To save the settings. 3. and the download dates and times. • User/Domain . 6. you can check “Select by Formula” and enter a formula so that only selected users are able to synchronize a selected folder.” 4. For example. you can see the name of each user who has installed a subscription. You can also have the documents synchronized by formula.Viewing DOLS download information To view information on subscription use. From the Database Basics tab.Users. Volume 1 . If you forget to add this text. the names of the security domains. Note Individual user settings take precedence over “OfflineSync/DOLS” settings. Click a column header to change the order of the data in the view. click “Replication Settings. click Advanced.

Press TAB to move the focus to different frames until the focus is on the image or words “Go Offline. synchronize.” This is the Web Control. 3.NSF (found in the \Program Files\Lotus iNotes\Data directory on the client machine). Click once anywhere on the Web page. Press ENTER.” or an image in a frame on the main Web page of the subscription. For more information on customizing how users install the subscription. 4. and open the subscription online or offline. users click on either the words “Go Offline. (Optional) Press the up and down arrow keys to navigate to the Language menu item. Press the up and down arrow keys to navigate to a language and press ENTER. you may want to look at the following log files: • • DOL. Note There are no keyboard shortcuts for the Languages menu. LOG. 2.LOG (found in the \Program Files\Lotus iNotes directory on the client machine). To open the pop-up menu. Press the up and down arrow keys to select Install Subscription.0. enter http://127. The list of languages opens. choose a language for the interface text. you may want to send these instructions to users who want or require alternative access to software features. 5. and address. To access the Web Control menu using shortcuts The following are instructions on installing a DOLS subscription with minimal use of a mouse.1:89/LOG. This is the language the subscription interface appears in offline.NSF.0. see “Customizing how users install the DOLS subscription” in the Lotus Domino Designer 6 Help. Configuration DOLS troubleshooting and error messages If you have problems configuring a subscription to go offline. 7. then press the right arrow key. Setting Up Domino Off-Line Services 11-23 . Along with a username.Web Control instructions for DOLS users The Web Control is a pop-up menu in the subscription from which users can install the subscription. Open the pop-up menu again. password. 6. Open the subscription online. To take a subscription offline: 1. To open this file from a browser while offline. The pop-up menu opens.

The Offline Subscription Configuration Profile document may be missing. Open LOG. The remote server is not a known TCP/IP host. To open this file from a browser while offline.NSF to see the corresponding server error message.NSF. Volume 1 . You can locate LOG. Error Message Description Error requesting offline configuration The Offline Subscription Configuration Profile document is missing or you may from the server. Synchronization failure. Unable to download file set component information for this subscription. An error occurred during download.1:89/LOG.NSF to see the corresponding server error message.NSF under Miscellaneous Events. have a connection error. 11-24 Administering the Domino System.Error messages The following table lists client and server error messages you may see as you use DOLS. Open LOG.0.NSF to see the corresponding server error message. These error messages are logged in LOG. Open LOG. This is an HTTP request error and involves an access restriction. enter http://127. This subscription is not configured correctly to go offline.NSF in the \Program Files\Lotus iNotes\Data directory on the client machine. HTTP Error 404.0.

protocol and database servers — as well as any Domino clusters and network routers. and management — to name just a few. 12-1 .Chapter 12 Planning the Service Provider Environment This chapter describes the server and IP configurations and discusses configuration-related decisions that you will make before you set up an xSP server. To those hosted organization. include maintaining both the server environment at the host site and to varying degrees. Service Provider The Domino service provider administrator The responsibilities of a service provider administrator. or multiple hosted organizations from a single Domino domain. This portion of the documentation focuses on the decisions you will be making when planning and setting up your xSP server environment. the service provider offers Internet protocol-based access to a specific set of applications running on Domino servers. storage. Planning the xSP server environment The generic term “xSP” can refer to many different types of service providers — application. a company can outsource the administration of applications and services that were formerly run on the company’s computer infrastructure. the service provider administrator is responsible for setting up and maintaining xSP servers — that is. You can then use your xSP server to host small and medium businesses. First and foremost. the hosted organizations. Internet. A Domino service provider delivers services to small-and medium-sized businesses. By using a service provider.

iNotes Web Access is such an application. Ways to set up a service provider environment There are two ways to set up a service provider environment. In a service provider environment. At a minimum. Use Domino partitioning to offer a Domino server where the customer can have Notes Client access and can create and run their own Domino applications. which features a shared Domino Directory or you can user server partitioning. as well as a completely separate Domino Directory. For more information on partitioned servers. see the chapter “Setting Up the Domino Network. Using an xSP server reduces the total cost of ownership for a designated set of services. A second option is Domino server partitioning. In addition. The term “shared Domino Directory” indicates that there is one Domino Directory shared by multiple hosted organizations. offered to several customers accessing the server through standard Internet protocols. For example. Set up an xSP server to offer pure Internet protocol-based access to a specific set of applications on Domino servers. Volume 1 . you are hosting multiple companies in one Domino domain. Partitioning provides a completely separate server for each customer. the service provider administrator is responsible for registering and maintaining hosted organizations and controlling which applications the hosted organization uses.Although the hosted organization administrator can perform some of the user and group maintenance. You can set up an xSP server. Setting up a partitioned server is particularly effective when the partitions are in different Domino domains. the service provider administrator performs a significant amount of the administrative tasks required to maintain a hosted organization. All data is secured and accessible only by the small or medium business that owns the data. the service provider administrator must create and maintain a mechanism that the hosted organization’s administrators use to communicate problems and issues that require the intervention of the service provider administrator. which you use to run multiple instances of the Domino server on a single computer.” 12-2 Administering the Domino System.

In addition. the service provider configuration uses extended ACLs in the Domino Directory to protect the data of each hosted organization from access by users in other hosted organizations. see the chapter “Setting Up Extended ACLs” and for more information on ACLs. For more information on how directory links work and how to create them. The authentication controls in Site documents control only who can authenticate and use the Internet protocols. Exceptions are the “help” and “common” subdirectories of the Domino data directory which contains databases accessible to users in all hosted organizations. The extended ACLs required to support the xSP security model are automatically established when new hosted organizations are created. To provide users with access to databases outside that of the hosted organization’s subdirectory. see the chapter “Controlling User Access to Domino Databases.” Service Provider Planning the Service Provider Environment 12-3 . For more information on extended ACLs. see the chapter “Organizing Databases on a Server. After authentication. An xSP environment that has multiple hosted organizations has potentially thousands of users whose access must be restricted to their own data only.” A user in a hosted organization cannot directly access databases in any subdirectories other than the hosted organization’s directory. create a directory link within the hosted organization’s directory.Securing the service provider environment The Domino service provider environment uses all of the standard Domino security features to ensure complete security for the service provider and the hosted organizations that subscribe to the service provider services. ACLs and extended ACLs control the data that can be read from and written to the Domino Directory. Plan and test carefully if you want to modify ACLs and extended ACLs in an xSP environment — security is extremely important.

Before registering a hosted organization. you must use the Domino certificate authority (CA). For example. a hosted organization may require Notes IDs for its users if it uses a third-party application that uses the C API to perform a function. Volume 1 . enterprise environment. If a hosted organization uses the Web Administrator to manage their own users and groups. see the chapter “Setting Up a Domino Server-Based Certification Authority. the service provider administrator must decide which policy settings to implement. For more information on setting up and using the Domino server-based CA and creating the Certificate Requests database. you must do the following for each hosted organization: • • Create a new Domino server-based Certificate Authority (CA). the hosted organization must use certifiers issued by the Domino server-based CA.Using Domino features in a hosted server environment There are several Domino features that need to be set up for a hosted environment. Two or more hosted organizations cannot share the same Domino CA. Create a Certificate Requests database.” Policies Policies are required when using the Domino service provider software. Domino certificate authority For some Internet certificates and for Domino Off-Line Services (DOLS). Before registering a hosted organization. or the service provider administrator can create the documents during the hosted organization registration process. The Domino CA is required only if a hosted organization uses DOLS or wants to generate Notes IDs. they can be registered with certifier IDs and passwords or with the Domino server-based CA. If a hosted organization’s users are registered at the service provider site. 12-4 Administering the Domino System. This section describes the features are required in a hosted environment and explains when to set them up. Using SSL in a hosted environment To use SSL in a hosted environment. the service provider administrator can create policy documents and policy settings documents and then assign those documents during registration. just as they would need to be set up in a non-hosted.

Service Provider Planning the IP Address configurations in a hosted environment A crucial step in planning an xSP configuration is to determine which of the following IP address configurations to use: • One IP address that is shared by multiple hosted organizations • One IP address for each individual hosted organization • A combination of the above two configurations The IP address configuration that you choose will have an impact on your entire xSP configuration. www. Domino Off-Line Services Domino Off-Line Services (DOLS) is supported in a hosted environment.ibm.For more information on policies. Planning the Service Provider Environment 12-5 . If the Extension Manager must provide different services for each hosted organization. If a hosted organization uses DOLS. see the C API User’s Guide and the C API Reference Guide on the IBM Web site. For more information. For more information on Domino Off-Line Services (DOLS). see the chapter “Setting Up Domino Off-Line Services. however. the hosted organization must be registered with the Domino server-based CA.” Using the C API Extension Manager in a hosted environment The C API Extension Manager is fully supported in a hosted environment.com. there can be only one Extension Manager on a server. The registration process for hosted organizations that support DOLS is almost identical to the setup and registration of hosted organizations that do not support DOLS. see the chapter “Using Policies” and see the topic “Using Policy Documents in a hosted environment” later in this chapter. program the Extension Manager to do the filtering.

The POP3. 12-6 Administering the Domino System. each IP address entered on the Internet Site documents must be the same for each protocol. LDAP and Domino IIOP are the available protocols. IMAP.32. In this configuration.2.2. www.0 www.CompanyA.com 92. If the configuration features one IP address shared by multiple hosted organizations.2. SMTP. and LDAP users must use their Internet e-mail addresses to authenticate.32.2.32.0 CompanyA home page CompanyB home page xSPserver1 IP Address 92. IMAP. Volume 1 . xSPserver1 supports three hosted organizations with one shared IP Address.One IP address that is shared by multiple hosted organizations The following figure shows xSPserver1 supporting multiple hosted organizations sharing IP address 92.com 92. HTTP.CompanyC.32.com 92. This configuration does not support anonymous access to LDAP.0 HTTP protocol server Database server Application server CompanyC home page Note SSL is not supported in this configuration because Domino does not provide server authentication on a per-hosted-organization basis. POP3.0.32.0 www.CompanyB.2.

4 CompanyA home page Service Provider CompanyB home page xSPserver2 IP Address 92. To use this configuration.CompanyB.2.32.2.32.One IP address for each individual hosted organization If you are using SSL. For more information on binding an IP address to a hosting server.2. each with its own unique IP address.com 92.32.2.1 HTTP protocol server Database server Application server CompanyC home page Planning the Service Provider Environment 12-7 .CompanyC.3 www. use a unique IP address for each hosted organization. Multiple hosted organizations on one server. Individual IP addresses for each hosted organization.CompanyA. www. you must bind the IP address to the xSP server.com 92.32.2 www.com 92. see the chapter “Setting Up the Service Provider Environment.” The following figure shows xSPserver2 supporting three hosted organizations.

CompanyD.3.32.2 www.32.6 12-8 Administering the Domino System.5 www.7 CompanyI home page CompanyG home page xSPserver12 IP Address 92.1 www.32.3.com 92.CompanyG.3.CompanyH.3.com 92.3. The following figure shows three servers that collectively host many hosted organizations.com 92.com 92.5 www.5 CompanyH home page xSPserver11 IP Address 92. Volume 1 .com 92.CompanyI.32.32.3.32.32.Combination of IP address configurations You can use a combination of the two IP address configurations shown above.3 CompanyD home page CompanyE home page CompanyF home page www.3.3.CompanyE.CompanyF.32.3. xSPserver10 IP Address 92.32.com 92.4 www.

One hosted organization with all data on one server. the server to which the hosted organizations are connecting. Hosted organization data on one server All of a hosted organization’s data can reside on one server. you can easily add additional servers. databases must reside on the xSP server — that is. Service Provider Data for Hosted Organization CompanyJ xSPserver1 Planning the Service Provider Environment 12-9 . When you configure a hosted environment. servers may be added.Planning the distribution of hosted organization data The following four configurations are supported for distributing hosted organization data within the service provider environment. As the number of hosted organizations increases. As the customer base increases.

Data for the hosted organizations resides on the server with the application.Multiple organizations on one server with a shared application Multiple hosted organizations can share an application that is served from a single server. Three hosted organizations sharing one application from a single server. xSPServer2 Order entry application resides on server Data for Hosted Organization CompanyA Data for Hosted Organization CompanyB Data for Hosted Organization CompanyC 12-10 Administering the Domino System. Volume 1 .

One hosted organization's data is distributed across three servers. each offering the same applications to provide hot backups and load distribution. All servers are part of a Domino cluster.A hosted organization's data distributed across multiple servers A hosted organization’s data can be distributed across multiple servers that all run the same set of applications on each server to provide load distribution and hot backups. You can include Domino clusters and network routers in this configuration. Data for Hosted Organization CompanyB xSPServer3 Data Distribution Application Data for Hosted Organization CompanyB xSPServer4 Data Distribution Application Service Provider Data for Hosted Organization CompanyB xSPServer5 Data Distribution Application Planning the Service Provider Environment 12-11 .

Combined configuration You can use any combination of the above configurations. Combined Configuration Data for Hosted Organization CompanyA Data for Hosted Organization CompanyJ xSPserver6 CompanyA Server xSPserver8 xSPserver7 CompanyJ Server Contains workflow application for CompanyA and for CompanyJ Data for Hosted Organization CompanyA Data for Hosted Organization CompanyJ 12-12 Administering the Domino System. Volume 1 .

Lightweight Directory Access Protocol (LDAP) is a standard Internet protocol for accessing and managing directory information.Deciding which protocols and services to offer in the xSP environment Another aspect of planning a hosted environment is determining which services to offer to customers. they retrieve mail. SMTP is required to enable POP3 and IMAP users to send mail. Additionally. Service Provider POP3 and IMAP SSL Planning the Service Provider Environment 12-13 . or SMTP protocols. Domino IIOP is required to run Java code. POP3 and IMAP are access protocols only. If you use POP3 or IMAP and the client mail application supports LDAP. you can also use LDAP to provide the mail clients with addressing services. the LDAP protocol must be started. Note SSL is supported only for hosted environments that use a unique IP address configuration. SSL supports data encryption to and from clients and provides message-tampering detection and optional client authentication. you do not need the POP3. There are some considerations unique to the Lotus Domino service provider environment that you will need to take into consideration when determining which protocols (services) you are offering to hosted organizations. you must provide the protocols to support them. IMAP. If you do not offer mail services. enable HTTP on the server that stores the mail file. If you are offering mail services. If LDAP will be used with the Domino Directory. that is. Protocol/Service HTTP with iNotes Web Access IIOP LDAP Requirement When sending mail via iNotes Web Access. the POP3 or IMAP client must be configured to send mail via an SMTP server. SSL can be used in addition to Domino’s security services.

in addition to other types of DNS names. LDAP clients use server host names when performing directory lookups. The log file (LOG. Volume 1 .com SMTP mail transactions use the domain portion of an Internet e-mail address.Resolving mail addresses in a hosted environment IP addresses are resolved via the Domain Name System (DNS). the corporation. serverA. 12-14 Administering the Domino System. user activity on a POP3 server — and server activity not generated by users . For information on the Domain Name Service (DNS) and MX records. www.” For more information on the Domain Name System (DNS) and MX records.such as. or a combination of the two. local host file. Name Server host name For example.corporation.NSF) records activity logging data.corporation. The domain portion of an Internet e-mail address.com site name. replication of a hosted organization’s databases. Web browsers can use server host names in URLs.com portion of the e-mail address JUser@corporation. write a Notes API program to access the information in the log file. Using activity logging for billing at hosted organizations Using activity logging. This domain name must also be entered in the Global Domain document. For ease-of-access and ease-of-administration. you can collect data about the server activity generated by users — such as. For example.com Protocol POP3 and IMAP clients use server host names to locate host servers when retrieving mail. The following table indicates which names are used by each protocol. Web site name HTTP transactions are resolved via Web For example. you can use host names and Web site names to resolve mail addresses and to process transactions. MX records must designate the IP addresses for the servers receiving SMTP mail. Inbound HTTP transactions can use server host names when resolving transactions. see the topics The Domain Name System (DNS) and SMTP mail routing and Examples of using multiple MX records. see the chapter “Overview of the Domino Mail System. To create reports of activity data.

You need only review the most recent checkpoint record for any activity because each checkpoint record shows all logged activity data. Consider one of these billing methods: • • • Number of users at the hosted organization site. six checkpoint records and one close record. a two-hour Notes session creates eight records: one open record. see the chapter “Setting Up Activity Logging. assuming that the default checkpoint interval of 15 minutes is used. you can offer a combination of the two. Billing methods You will want to consider various billing methods based on your business requirements. many activity types generate regular checkpoint records. To avoid losing activity information. plus disk space usage. Actual use. Service Provider Deciding which applications to offer multiple hosted organizations In addition to deciding which protocols and services to offer. Planning the Service Provider Environment 12-15 . You can make a single application available to multiple hosted organizations. or. For more information on activity logging. you can bill each hosted organization accordingly.Note The activity logging C API is included in the Lotus C API Toolkit for Domino and Notes 6.” Activity records Many sessions that the Domino server hosts last for an extended period of time. Number of users at the hosted organization site. This public C API can be used to read activity data. For example. you can offer individual applications to each hosted organization. To collect activity data by database. To collect the data by individual hosted organization. you must decide which applications to host. Then. use the activity logging API to write a custom application that sorts the data by hosted organization. use activity logging.

Is the application reliable or does it cause the server to stop or crash? Determine the impact. allowing them to define physical storage locations. 12-16 Administering the Domino System. do the following: 1. They begin by installing two servers in their Domino domain: Server1 and Server2. Evaluate the reliability of the application. xSP International plans to support SSL. 5. for their hosted organizations. Test each application on a non-production server before installing it on an xSP server. it may be a Java application. the data for each individual hosted organization will reside on only one server. it may need to access external files. Evaluate applications. Determine if the application presents any security risks. 6. If needed. Identical applications will run on each server. Example of planning a hosted environment xSP International is a Domino service provider that plans to host Web applications and offer services and protocols to many hosted organizations. For example. Lotus Notes/Domino 6 does not include an application to track installed applications. xSP International can add additional servers to this configuration. other than the default. 2. Although each server will contain data for multiple hosted organizations.Suggested criteria Prior to choosing and installing applications for hosted organizations. xSP international plans to set up a Domino domain that includes clustered servers. Note Domino does not support the use of servlets for xSP servers. Decide how to track the applications available to each hosted organization. Make sure that each application is easy to install for each hosted organization. or. The data for a hosted organization will not be distributed across multiple servers. Evaluate how well the new application integrates with the existing configuration. they will use unique IP addresses. that each application has on server performance. if an application is Notes-based. 4. if any. Ensure that the application does not allow users to navigate the file system or add or run their own executable programs. To configure the hosted environment. therefore. Volume 1 . 3.

Uses the activity logging API to write a custom application to sort data by hosted organization so that xSP International can bill each hosted organization according to actual usage. Planning the Service Provider Environment 12-17 . 3. After reading all of the information in the chapters listed in Step 2. Reads the topic “Installing the first server or additional servers for hosted environments” prior to installation. the service provider administrator does the following: 1. To set up the first hosted organization. Determines that a billing strategy based on actual usage suits the requirements of CompanyA and xSP International. CompanyA. 5. 2.The following figure illustrates this configuration. Enables activity logging on all servers in the domain. Reads the information in the chapter “Deploying Domino” and then reads the chapter “Installing and Setting Up Domino Servers”. the service provider completes as many procedures from these chapters as necessary. After installing the initial xSP server. 4. the service provider completes the “Installing the first server or additional server for hosted environments” procedure. Data for CompanyA and CompanyB XSP Server1 All Applications Data for for CompanyC and CompanyD XSP Server2 All Applications Service Provider xSP International will initially register four hosted organizations in this domain.

.

Chapter 13 Setting Up the Service Provider Environment This chapter explains how to set up a hosted organization. • Installing the first server or additional servers for hosted environments • Setting up the Domino Certificate Authority for hosted organizations • Using Policy Documents in a hosted environment • What happens during hosted organization registration? • Binding the IP addresses of the hosted organization to the xSP server • Creating Loopback addresses in a hosted environment • Using Internet Site documents in a hosted environment • Configuring Internet sites with Web Site and Internet Site documents • Using Global Web Settings documents • Configuring activity logging for billing hosted organizations Service Provider 13-1 . and provides other related information. as well as completing the tasks in the topics listed below. lists and explains the files and documents created when you register a hosted organization. Setting up the service provider environment Setting up the service environment consists of understanding the information presented in the topics below so that you can make decisions based on the services you are providing to customers.

Configuring the first or an additional server for a hosted environment does the following: • • • Creates an All Servers Configuration Settings document if there is no Configuration Settings document. 4.Installing the first server or additional servers for hosted environments All servers in an xSP domain run as xSP servers. Start the server. Modifies a server-specific Configuration Settings document (if one exists) to set defaults for service providers. Volume 1 .EXE file is located: setup.” • • • • The service provider configuration provides services to multiple hosted organizations from a single Domino Directory. Modifies the All Servers Configuration Settings document to set proper defaults for service providers. Modifies the Server document to set proper defaults for service providers. To install the first xSP server. therefore. do one: • For Win32 systems. you only use the “-asp” portion of the setup command when you install the first server in an xSP domain.” 1.NSF) and the Administration Requests database (ADMIN4. Before performing this procedure.exe -asp • For UNIX.” 2. run this command from the directory in which the SETUP. run this command: install -asp For more information on installing Domino on UNIX. enter the information appropriate to your configuration. Sets up an extended ACL for the Domino Directory (NAMES. Sets the ACL on databases in the data directory. 13-2 Administering the Domino System.NSF) to limit access to only users and/or administrators in the same hosted organization. see the chapter “Installing and Setting Up Domino Servers. Modifies the database ACL for Anonymous from “NoAccess” to “Reader. 3. As the Setup wizard runs. Choose the Domino Enterprise server setup. All servers subsequently installed into the domain are automatically configured as xSP servers. see the chapter “Installing and Setting Up Domino Servers.

complete these procedures: 1. Bind the IP addresses of the hosted organization to the xSP server. the hosted organization must use the Domino server-based CA. Setting up the Domino certificate authority for hosted organizations When registering hosted organizations. A CA vouches for the identity of both server and client by issuing Internet certificates that are stamped with the CA’s digital signature. Create a policy document. you can use the Domino server-based certification authority (CA). Create a registration policy settings document. For more information on the Domino CA and the Certificate Requests database. If the hosted organization uses DOLS or if they require Notes IDs. and receive notification regarding request status. Each hosted organization must have its own Domino CA. you can submit Internet certificate requests through a browser. using the Certificate Requests database. 5. see the chapter “Setting Up a Domino Server-Based Certification Authority. you can use Domino’s certifier ID and password for security purposes. Then. 3. The CA also issues trusted root certificates. that hosted organization must use the Domino server-based CA to register users.Setting up a hosted organization To set up a hosted organization. 6.” Service Provider Setting Up the Service Provider Environment 13-3 . If you don’t use the server-based CA. Create the necessary Internet Site documents and the Web Site document. which allow clients and servers with certificates created by different CAs to communicate with each another. The digital signature ensures the client and server that both the client certificate and the server certificate can be trusted. create a Certificate Requests database. 4. As part of setting up a CA. pick up new or renewed certificates. If the hosted organization administrator plans to use the Web Administrator. Register a hosted organization. 2. (Optional) Set up a server-based certification authority (CA).

” To meet the requirements for creating policy and registration policy settings documents. Each hosted organization must have its own. For more information on policies. Volume 1 . create a policy document and a registration policy settings document. make sure that you have referenced the appropriate registration policy settings document in that policy document. These documents are presented in the order in which they need to be created. unique registration policy settings document.” Do not choose “Password is optional. Multiple hosted organizations cannot share a registration policy settings document. see the chapter “Using Policies. The Password Quality field must have a value of at least “Any Password. or you can create the policy during the registration of the hosted organization. you can create the policy before registering the hosted organization. To establish the registration settings that are required for hosted organizations. the registration settings documents must include the following settings: • • • The Policy Name field must contain a valid registration policy settings document name. The Register Hosted Organization user interface displays the documents that you need to create for hosted organizations during the registration process.Using policies in a hosted environment Policies are required in a hosted environment. Before attempting to use the explicit policy.” “Set Internet Password” must be selected. 13-4 Administering the Domino System. • Requirements for the registration settings document for hosted organizations For a hosted organization. • To create the policy before registering the hosted organization Create an explicit policy prior to registering the hosted organization. Create the registration policy settings document before creating the hosted organization. To create the policy while registering the hosted organization Create an organizational policy and a registration policy settings document when prompted during hosted organization registration.

Certificates. If a modification to the certificate is ever required. • • • Service Provider A Global Domain document is created. A Cross Certification document is created. When you register a hosted organization. click the People & Groups tab. This directory is assigned the name that is specified in the Directory field on the Storage panel of the Register Hosted Organization interface. This is an NSF and resides in the mail subdirectory for the hosted organization.What happens when you register a hosted organization? You must use the Register Hosted Organization user interface to register each hosted organization. A mail subdirectory for the hosted organization is created beneath the hosted organization’s data directory. Click Notes Cross Certificates. The ACL file prevents users in one hosted organization from traversing a directory that belongs to another hosted organization. users in other hosted organizations may be able to review the content of the directories belonging to the hosted organization that is no longer protected by an ACL file. A data directory is created for the hosted organization. you can locate the certificate as follows: From the Domino Administrator. The Global Domain document stores the primary Internet domain name by which the hosted organization is known and stores secondary Internet domain names by which the hosted organization can receive Internet mail. You can specify another location in the Physical Storage Location field on the Storage panel of the Register Hosted Organization interface. Click Server Miscellaneous . user. A mail file is created for the hosted organization’s administrator. By default. If a hosted organization’s ACL file is deleted. the hosted organization’s data directory is placed directly beneath Domino/data. The service provider’s certificate is cross-certified with the hosted organization certificate. which control server. To verify that cross certificates were created. the default is /local/notesdata. the following files and documents are created: • The certificate for the hosted organization is created. On UNIX systems. and group access to databases that reside on a Setting Up the Service Provider Environment 13-5 • • • • . The hosted organization certificate is cross-certified with the service provider’s certificate. An ACL file is created for each hosted organization to provide security for the hosted organization’s directory. Click Certificates. A Cross Certification document is created. from the Domino Administrator. for Win32 systems. Do not confuse hosted organization ACL files with database ACLs. click the Configuration tab.

ShortName. OfficeCountry. Form: Group.NSF) to restrict access to the data in those databases. see the chapter “Controlling User Access to Domino Databases. Entries are also made in the Form and Field Access in extended ACLs with Read Deny checked for the following fields: Schema: Domino. o. Form:Person. For more information on setting database ACLs. LastName.NSF) and the Domino Directory (NAMES. Delete. Form:DominoPerson. Plan and test carefully before you modify ACLs and extended ACLs in an xSP environment — security is extremely important. FirstName. and Write documents for their hosted organization. The actual databases may or may not be protected according to how individual database ACLs are set. Create.NSF when the first hosted organization is registered. and Type. Entries are made for the hosted organization administrator in the database ACLs and the extended ACLs to allow the hosted organization administrators to Browse. Extended ACL entries are created for all users and groups in a hosted organization (*/HostedOrganizationName) providing Browse and Read access to that hosted organization only. OfficeState. This list can be modified. Location. Schema: LDAP.ACL. OU. Attribute: cn. OfficeStreetAddress. MailAddress. Certificate. UserCertificate. the above fields match the “default” ACL for LDAP set in the Domain Configuration document. InternetAddress. The extended ACL is enabled on the Domino Directory when the first hosted organization is registered. The database ACL entry for “Anonymous” is changed from NoAccess to Reader access in NAMES. MailDomain. If LDAP Anonymous access is allowed to a hosted organization. The ACL file resides in the Domino data directory and is named hosted organization name. and Type. An extended ACL entry is created for “Anonymous” for each hosted organization with all access disabled. OfficeCity. Read.Domino server. Members. MailDomain. Attributes: AltFullName. Attributes: InternetAddress. Volume 1 .” • An extended ACL is applied to the Administration Requests database (ADMIN4. see the chapter “Setting up Extended ACLs” and for more information on modifying the default extended ACL settings established during hosted organization • • • • 13-6 Administering the Domino System. PublicKey. For more information on extended ACLs.

evaluate whether you are saving private data or shared data.registration. You provide additional. When this field is enabled. Note The Basics tab on the Server document contains the field “Loads Internet configurations from Server/Internet Sites documents. You are also prompted to create one Web Site document for each hosted organization.” which is enabled by default and cannot be changed in a hosted environment. Service Provider Where to store data for hosted organizations To decide where to store a hosted organization’s data. you are prompted to create the Internet Site document for each Internet protocol. Administrator groups enable you to administer groups of people with administrator rights at one time instead of individually establishing rights and settings for each hosted organization administrator. The Web Site document is the Internet Site document for the HTTP protocol. You must create the Internet Site document in order to use the corresponding Internet protocol. see the chapter “Installing and Setting Up Domino Servers. • An Internet Site document is created for each Internet service for which you provide an IP address or host name on the Internet panel of the Register Hosted Organization interface. For more information on Web Site documents.” For more information on Internet Site documents. settings on the Internet Site document take precedence over settings on the Server document. The documents that are created contain default information for the protocol. Store a hosted organization’s private data in a directory belonging to the hosted organization. see the chapter “Setting up the Domino Web Server. create one additional Web Site document for each additional Web site. detailed information for these documents during hosted organization registration. If you provide an address or host name for multiple protocols. If a hosted organization has multiple Web sites. This field is set when the servers are installed.” • If you are using clustered servers. see the topic “Modifying the extended ACL settings established during hosted organization registration” in this chapter. Setting Up the Service Provider Environment 13-7 . Store shared data in a common data directory accessible to all. you can use the Storage panel on the Register Hosted Organization interface to create additional storage for the hosted organization on one or more servers in the cluster. Note The HostedOrganizationAdmin group is created by default (when you set up the hosted environment) and administrators are automatically added to that group.

Volume 1 . Other default settings can also be used. Acme Printing. so they need SMTP. Opening databases on an xSP server When the service provider administrator uses the File . • • 13-8 Administering the Domino System. but all of the databases are available by typing the database name in the Filename field. If only the Japanese hosted organization names are supported. Example of registering a hosted organization In this example.Open menu commands to open a database.Registering hosted organizations with names requiring a server in UTF-8 locale If you will be registering hosted organizations that have names containing characters from more than one character set. they need SMTP on the same server. If not. a Domino CA needs to be created for the hosted organization. a Domino service provider. subscribes to messaging services and some transaction-processing services offered by xSP International. the service provider administrator at xSP International answers these questions: • Does Acme Printing support DOLS users? Do they need Notes IDs? If Acme Printing supports DOLS or needs Notes IDs for any purpose. and then clicking Open. the server must be in a UTF-8 locale. they can use certifier IDs and passwords. To register Acme Printing as a hosted organization. For convenience. if both Korean and Japanese hosted organization names must be supported.Database . create bookmarks for the most frequently opened databases. Acme uses POP3. a small business. the Open Database dialog box does not list all of the databases on the server. For example. the server can be run in Japanese locale. Acme Printing does support DOLS users. Which registration settings are needed for the registration policy settings document for Acme Printing? The service provider administrator determines that Acme Printing needs the CA-related settings and POP3-related mail settings. Which mail protocol does Acme Printing use? If they use POP3 or IMAP. the registration server must be run in a UTF-8 locale.

selects the option “Organization supports DOLS” and chooses the explicit policy named AcmePolicy. when an administrator is ready to register users for the hosted organization.Hosted Organization . Setting Up the Service Provider Environment 13-9 . Each hosted organization that needs a server-based CA requires its own Domino CA because the CA cannot be shared across multiple hosted organizations. Chooses Tools . SMTP Host/Address. for POP3 messaging with SMTP. because Acme will be hosted on a clustered server at the service provider site he enters an additional physical storage location in “Physical Storage location for server name”. they can determine whether they can simplify user registration by creating additional policy settings documents. • On the Internet panel. respectively. • On the Storage panel. On what server and directory will that storage be located? Later. 2. does the following from the Domino Administrator: Service Provider 1. enters an IP address in the HTTP Host/Address. Creates an explicit policy named AcmePolicy and an associated registration policy settings document. and for LDAP services. such as desktop policy settings documents and security policy settings documents. 3. Creates a Domino server-based CA for Acme Printing because they support DOLS.Create to open the Register Hosted Organization interface. The service provider administrator begins completing the required fields on each panel and enters information in these optional fields: • On the Basics panel. • The service provider administrator at the service provider site. 4.• Does Acme Printing require storage locations in addition to the default storage locations? If the service provider administrator set up Acme Printing on a clustered server. they’ll be able to use additional storage on servers in the cluster. POP3 Host/Address. An administrator can create these policy settings documents as he would for any Lotus Domino enterprise. and Directory Host/Address fields because Acme requires these for its Web site. • On the ID Info panel. chooses CA Enabled and chooses the CA Server on which the Acme CA was created because Acme supports DOLS users. User registration for Acme Printing employees is done by the service provider administrator instead of by an Acme Printing administrator using the Web Administrator.

he opens the Domino Directory and chooses Servers . Acme Printing. Acme Printing. While completing the Web Site document. • Verifies that the hosted organization’s data directory was created. and that xSP International’s certificate has been cross-certified with Acme Printing’s certificate. the POP3 Site document. the SMTP Site document.” 7. clicks the Register button. and the LDAP Site document. the field “Local primary Internet domain” contains the primary Internet domain name by which the hosted organization is known. After entering information in the Register Hosted Organization interface. He also verifies that Acme Printing’s certificate is cross-certified with xSP International’s certificate. Checks the following views and directories to see the documents and files that have been created for the hosted organization. 13-10 Administering the Domino System. Volume 1 . For more information on specifying the DSAPI filter file name in the Web Site document. he clicks Certificates to verify that Acme Printing’s certificate has been created. On the Basics tab. Completes the Web Site document.acl was created and that the mail file for the hosted organization’s administrator has been created. the service provider administrator follows the instructions for enabling the correct DSAPI filter file name to support DOLS. Completes the procedure to bind the hosted organization’s IP address to the Network Interface Card on the xSP server because the IP Address configuration includes individual IP addresses for each hosted organization. The service provider administrator also verifies that the ACL file. as well as the hosted organization’s mail directory. • From the Domino Administrator. • From the Domino Administrator. People & Groups tab. He also enters a secondary Internet domain name in the “Alternate Internet domain aliases” field by which Acme Printing can receive Internet mail. 6. see the chapter “Installing and Setting Up Domino Servers.5. 8.Domains to see the Global Domain document for the Acme Printing.

This view also contains a Global Web Settings document for xSP International and three Web Site Rule documents.• From the Domino Administrator. click Hosted Org . In a hosted environment. 3. The service provider administrator sees that these documents exist for Acme: Web Site document. the Internet-related information determines which Internet Site documents are created for the hosted organization. For more information on the Web Site document. Registering a hosted organization The information that you enter in the fields on the Register Hosted Organization interface is used to populate many of the documents that define the hosted organization.Open Server. POP3 Site document and LDAP Site document. or File . From the Domino Administrator. Additionally. you select the policy that applies to the hosted organization from a list of available policies. Ensure that you are working with the xSP server you just installed. Otherwise. and click OK. Service Provider Setting Up the Service Provider Environment 13-11 .Preferences .Internet Sites view. see the chapter “Setting Up the Domino Web Server” and for more information on Internet Site documents. choose File . For example. SMTP Site document. From the Tools pane.” 1. a Site document is required for each protocol that the hosted organization uses.Administration Preferences to select the server. opens the Policy view and checks the explicit policy (AcmePolicy) and the associated registration policy settings document (Acme). 4. If you need to change to another server. 2. Enter the certifier’s password.Create. click the Configuration tab. he opens the Domino Directory and checks the Server . see the chapter “Installing and Setting Up Domino Servers. the policy can be created during the hosted organization registration process. The Internet Site documents contain the information needed to run the Internet servers in a service provider configuration and support all possible configurations of IP addresses and DNS host names. • From the Domino Administrator.

” Choose the explicit policy document that is the ancestor of the registration policy settings document you are assigning to the hosted organization. Enter the name of the hosted organization administrator. Choose this option if the hosted organization supports Domino Off-Line Services (DOLS). Complete these fields on the Basics panel of the Register Hosted Organization interface: Field Registration Server Action Enter the name of the server to use during the registration process. For ease-of-administration.5.) because the hosted organization name is also used as the hosted organization’s virtual Domino domain name for routing purposes. The characters you use for this password depend on the level set in the Password quality scale. Enter a case-sensitive password for the certifier. Do not choose “Password is optional. Click None Available if you have not yet created the necessary policies and/or settings documents. Organization name is a required entry that is also used in the Internet Site documents. The Domino Administrator contacts the registration server while performing registration tasks. The name must be fewer than 28 characters and cannot contain a period (. Last Name Password 13-12 Administering the Domino System. Middle Name. use a short name with no spaces. Volume 1 . Displays the Password Quality Scale that you can use to define the complexity of the password. Enter a password for the hosted organization administrator. Organization name Organization supports DOLS Password Password quality Explicit Policy First Name. Enter a unique name for the hosted organization.

Enter the host name or IP address of the POP3 server for the hosted organization. You are prompted to complete the corresponding Site document later during this registration process. enterprise. Enter the host name or IP address of the HTTP server for the hosted organization. Enter the host name or IP address of the IMAP server for the hosted organization. the certifier ID name matches the hosted organization name. the exact Internet domain name that you specified for this hosted organization on the Mail tab of the registration policy settings document is entered. When you enter the host name or IP address for a protocol. IIOP Host/Address Enter the host name or IP address of the Domino IIOP server for the hosted organization. 7. For example. Specify the drive and directory in which the ID file is to be stored. Field Internet Domain Action Enter the name of the Internet domain. By default. Complete these fields on the ID Info panel: Field CA Enabled CA Server Action Choose this option if the hosted organization supports DOLS or uses Notes IDs. HTTP Host/Address SMTP Host/Address Service Provider POP3 Host/Address IMAP Host/Address Directory Host/Address Enter the host name or IP address of the LDAP server for the hosted organization. Enter the host name or IP address of the server that receives SMTP transactions for the hosted organization. that protocol is enabled when the corresponding Site document is created. Set ID file Setting Up the Service Provider Environment 13-13 . By default. This button is active only if you have created a Domino CA. The certifier ID must be unique to the hosted organization. This is the server on which the CA process will create Internet Certificates. Complete as many of these fields as needed to enable the corresponding protocols for the hosted organization. Enter the name of the server on which you created the Domino CA.com.6.

Indicates whether the corresponding server hosts the hosted organization. This field is name> activated when you select a server in the Server Name field. enter the full path for the storage location and then click the check box so that the directory link displays in the Physical Storage Location field. This field cannot be modified. a check mark in this box identifies that server as a host server for the hosted organization. By default. For ease-of-administration.8. the first server in the list is the hosting server. Volume 1 . For all other servers. this field contains the name of the directory in which the hosted organization’s data resides. click the X. To delete a directory link. When the path displays in the modifiable “Physical Storage Location for <server>” field. The hosted organization and the administrator’s mail file will be stored on this server. Directory Host Server Name Physical Storage location Use this field to create a directory link to an Physical Storage location for <server additional storage location for the hosted organization you are registering. This field cannot be modified for the first entry in this list. other servers are the cluster mates. this field contains the name of the mail server for the hosted organization exactly as you entered it in registration policy settings document for the hosted organization. To add a directory link. The first server entry in this list has a check mark because that server is identified in the registration policy settings document as the mail server for the hosted organization. This field cannot be modified. the directory name is created for you and is identical to the hosted organization name. Complete these fields on the Storage panel: Field Mail Server Action By default. The check box for the server must be checked in order to select it. If multiple server names appear in this list. 13-14 Administering the Domino System. The directory name that is displayed is an alternate location where the hosted organization’s data directory will reside if you do not use the default location. Name of the server that is hosting the hosted organization. select the link in the ServerName/Physical Storage Location fields.

select Show Modified. Do you want to configure that policy now?" 11. Modify the defaults. (Optional) Complete these fields on the Other panel: Field Location Comment Action Enter text to define the location of the hosted organization. all actions that are identified in the topic “What happens when you register a hosted organization?” are complete. see the chapter “Installing and Setting Up Domino Servers” and for more information on the Web Site document. specify a DSAPI filter file name according to the operating system of the xSP server that hosts that hosted organization. 12. Click Register. Enter text to define the hosted organization’s name and other information. and Linux.9. This policy must contain the necessary hosted organization settings. Note If the hosted organization supports DOLS. this message appears: "You must configure the organizational registration policy for the hosted organization. 10. Setting Up the Service Provider Environment 13-15 . AIX. Solaris/Sparc. Win32 requires the file ndolextn. and add new information as necessary. To allow Read access to fields for the anonymous entry in a hosted organization. the hosted organization is not created. on the Web Site document. You may want to enable Read access on some fields for a hosted organization. The Internet Site document for the first protocol you specified appears.” Service Provider Modifying the extended ACL settings established during hosted organization registration Plan and test carefully before you modify ACLs and extended ACLs in an xSP environment — security is extremely important. in the extended ACL settings. If you click No. change Browse from Deny to Allow. Click Yes. For more information on Internet Site documents. and iSeries require libdolextn. and change the fields from Read Deny to Read Allow. When hosted organization registration is complete. If you have not selected an explicit policy for this hosted organization. see the chapter “Setting Up the Domino Web Server. In the Forms and Fields Access section. S390.

2. . see the chapter “Setting Up Extended ACLs.” SUN Solaris Enter these commands as the root user.0 1. ifconfig <en0> alias <IP address of hosted organization> netmask 255. and then double-click TCP/IP Protocol. ifconfig <hme0>:x plumb ifconfig <hme0>:x <hosted_companyx_ip> <server_ip> up IBM AIX Enter the following command as the root user.0. see the chapter “Planning the Service Provider Environment. 13-16 Administering the Domino System. For more information on the IP configurations that you can use in a hosted environment. For more information on extended ACLs. right-click the Network Neighborhood desktop icon and choose Properties.0. . This procedure applies only to configurations that include unique IP addresses. Volume 1 . where <hme0> is the network interface card. Choose Protocols. ifconfig <hme0>:1 plumb ifconfig <hme0>:1 <hosted_company1_ip> <server_ip> up ifconfig <hme0>:2 plumb ifconfig <hme0>:2 <hosted_company2_ip> <server_ip> up . From the Microsoft NT desktop. where <en0> is the network interface card.0 Microsoft Windows NT 4.” Binding the IP addresses of the hosted organization to the xSP server If you assign an individual IP address to each hosted organization. use one of the following procedures to bind the IP address of each hosted organization to the network interface card in the xSP server.Note The individual fields are listed in the topic “What happens when you register a hosted organization?” in this chapter.

From the TCP/IP Properties box. and then select Properties. right-click the Network Neighborhood desktop icon and choose Properties. 5. Microsoft Windows 2000 1.0. Click Add to add additional hosted organization IP addresses. Creating loopback addresses in a hosted environment If you use a network router in the xSP configuration and you assigned a unique IP address to each hosted organization. The instructions vary by platform.0. From the Windows 2000 desktop.0. From the Adapter Properties box. Accept the default subnet mask of 255. Right-click the Ethernet adapter. 3. Click Advanced. ifconfig <lo0>:x plumb ifconfig <lo0>:x <hosted_companyx_ip> <server_ip> up Service Provider IBM AIX Enter this command as the root user: ifconfig <lo0> alias <IP address of hosted organization> netmask 255. click Advanced.0.0.0. . SUN Solaris Enter these commands as the root user: ifconfig <lo0>:1 plumb ifconfig <lo0>:1 <hosted_company1_ip> <server_ip> up ifconfig <lo0>:2 plumb ifconfig <lo0>:2 <hosted_company2_ip> <server_ip> up .3. you must create a loopback address for each hosted organization. Click Add to add additional hosted organization IP addresses.0. 4. 2. Accept the default subnet mask of 255. 4. double-click Internet Protocol (TCP/IP). .0.0 Setting Up the Service Provider Environment 13-17 .

and choose Properties. 6. and choose Properties. 7. From the Windows 2000 desktop. The Site document is created containing default information. 2. A Site document is created for each protocol for which you enter an IP address or a host name on the Internet panel of the Register Hosted Organization interface. Volume 1 . From the Adapter Properties box. They support all possible configurations of IP addresses and DNS host names.128 and click OK. 4. right-click the Network Neighborhood icon. Click Advanced. Accept the default subnet mask of 255. 3. When the adapter has been added. double-click Internet Protocol (TCP/IP). choose Add.255. and enter the IP address for the HTTP cluster 9. click Protocols and select TCP/IP Protocol. Select MS Loopback Adapter.0 1.0.Microsoft Windows NT 4. Click Add to add an additional IP address. Right-click the Ethernet adapter and choose Properties. Restart the system. 5. you must to enter additional information in each Site document either during hosted organization registration or later. 3.95.0. right-click the Network Neighborhood icon. Microsoft Windows 2000 1.0. Click Adapters. The Site documents contain the information needed to run the Internet servers in a service provider configuration. Using Internet and Web Site documents in a hosted environment The Internet Site documents and the Web site document contain configuration settings for the Internet protocols. From the Windows NT desktop. 13-18 Administering the Domino System. and select MS Loopback Adapter. 2.87. 4. Click the “Specify an IP Protocols” tab.142. Enter the subnet mask 255. The Internet protocol is not active until the corresponding Internet Site or Web Site document is completed and saved. 5.255.

Setting Up the Service Provider Environment 13-19 . The Global Web Settings documents and Web Site Rule documents also display in this view. DIIOP enables you to use any Java code running on any server on the network. and iNotes.cab. The Global Web Settings document is automatically created during setup of a hosted organization. Service Provider Global Web Settings document Web Site Rule document The Web Site Rule document is created from within the corresponding Web Site document. An individual Internet Site document is created for each mail protocol for which you enter an IP address on the Internet panel of the Register Hosted Organization interface. Internet Site document Web Site document Description Web Site documents are generated for the HTTP protocol. Note See the chapter “Installing and Setting Up Domino Servers. The following table describes each document shown in the view.” for information on configuring Web Site documents. you must create one Web Site document for each additional Web site. Each hosted organization has one Web site document that can be created during hosted organization registration.Internet Sites view Using the Internet Sites view. sorted according to hosted organization name. Domino IIOP (DIIOP) uses the information in the IIOP Internet Site document to define the scope of the Domino Directory used to validate users. The three Web Site Rule documents that are automatically created in a hosted environment are DOLS. iNotes help files. The Global Web Settings document applies one or more Web Site Rule documents to all servers in the Domino domain or only to specified servers in the Domino domain. you can view all Internet Site documents. If a hosted organization has multiple Web sites. IMAP Site document POP3 Site document SMTP Inbound Site document LDAP Site document IIOP Site document These are the mail protocol Internet Site documents. This document is generated for LDAP servers. DIIOP is not yet supported in a shared IP address configuration.

A Web Site document is required for the HTTP protocol. You must then create the Internet Site document in order to use the protocol.Internet Sites. Select the name of the hosted organization whose Internet Site documents you want to view. AIX. and iSeries require libdolextn. If multiple Web sites are assigned to one IP address — that is. Note You have the option of not creating the Internet Site document during hosted organization registration. Choose Server . see the chapter “Setting Up the Domino Web Server. specify a DSAPI filter file name according to the operating system of the xSP server that hosts that hosted organization. on the Web Site document. each Internet Site document defines the configuration settings for an Internet protocol for a hosted organization. see the chapter “Installing and Setting Up Domino Servers” and for information on creating a Web Site document. When you register a hosted organization. From the Domino Administrator. Win32 requires the file ndolextn. S390.” Configuring Internet sites with Web Site and Internet Site documents In a hosted environment. Double-click a document name to open it. multiple DNS names are registered to one IP address — create a Web site document for each Web site. 3. 4. you are prompted to create one or more Internet Site documents as part of the hosted organization registration process. For more information on Internet Site documents.NSF). 2. For more information on specifying the DSAPI filter file name in the Web Site document. and Linux. Note If the hosted organization supports DOLS. see the topic “Using Internet and Web Site documents in a hosted environment” in this chapter. Volume 1 . click Files and open the Domino Directory (NAMES. see the chapter “Installing and Setting Up Domino Servers. For more information on creating an Internet Site document.” 13-20 Administering the Domino System. Solaris/Sparc. You are prompted to create one during the hosted organization registration process.Viewing Web Site and Internet Site documents for a hosted organization 1.

For more information on File Protection documents.cab Type of rule Directory Directory Redirection Incoming rule pattern /download/* Target server directory domino\html\download Service Provider /inotes5/help/* domino\html\inotes5\help /iNotes. The Web Site Rule documents make files accessible from one central location on the server. the Global Web Settings document applies to all servers in a Domino domain. A File Protection document controls the access that Web browser clients have to the files on a server’s hard drive. By default. Create the File Protection document after creating any Web Site document(s) and/or Internet Site documents that you need. The benefit is a substantial savings in disk space because the service provider can provide the files to all users that need them without having to duplicate them for each individual hosted organization.” Global Web Settings documents and the service provider environment Domino automatically creates a Global Web Settings document when you install the Lotus Domino service provider software. you can create a File Protection document for each server.cab The Web Site Rule document for DOLS-enabled hosted organizations downloads to a central location files that are required when the hosted organization tries to access a DOLS-enabled database. If you do not want the Global Web Settings to apply to all servers in a Domino domain. so that these files do not need to be individually downloaded for each hosted organization. edit the document and specify the servers to which the document applies.For security purposes. The Global Web Settings document is associated with three Web Site Rule documents that automatically create several directories that may be required by numerous users at any hosted organization. Setting Up the Service Provider Environment 13-21 . Three associated Web Site Rule documents that contain the following settings are created when the Global Web Setting document is created in a hosted environment: Web Site Rule document DOLS iNotes help files iNotes. The directories that are created via the Global Web Settings document reside in the hosted organization\domino\ directory path. see the chapter “Controlling Access to Domino Servers.cab domino\html\iNotes.

3. Click Save and Close. click the Files tab. Select the Global Web Settings document that you want to modify. From the Domino Administrator. Enter one: • An asterisk (*) if the document is to apply to all servers in the Domino domain. Choose Server . Editing a Global Web Settings document Edit the Global Web Settings document to apply one or more Web Site Rules to one or more servers in a Domino domain. On the Basics tab. Volume 1 . edit. The Global Web Settings document and the Web Site Rule documents appear in the Internet Sites view. 4. 1. 2. or delete them from this view. The iNotes help files are downloaded to a central location on the server so that they do not have to be individually downloaded for each hosted organization. 6. 5. edit these fields as necessary: Field Descriptive name for this site Domino servers that host this site Action Enter a name that describes the Web Site Rules that will be associated with this document. • One or more names of servers to which this document applies.cab file is an archive file that contains controls that are installed into a browser and make iNotes features available to browsers.NSF).Internet Sites. and click Edit Global Web Settings. Open the Domino Directory (NAMES.The iNotes. 13-22 Administering the Domino System. You can be review.

NSF. open the existing All Servers Configuration Settings document and complete the fields on the Activity Logging tab as shown below. click Configuration . • To enable activity logging on all servers except one (or a small number of servers). On the Activity Logging tab. Click Save and Close.Configuring activity logging for billing hosted organizations You can configure activity logging to collect transaction information that is stored in the log file (LOG. Specify the start and end times for the time period. or more than one server.NSF) and can be used for billing purposes. 3. or on all servers in your domain. You can enable activity logging on one server. Service Provider Log checkpoint at midnight Log checkpoints for prime shift 4. (Optional) Select this check box to create Notes session and Notes database checkpoint records every day at midnight. create a Configuration Settings document. 1. Do one of these: • To enable activity logging on all servers in the domain. (Optional) Select this check box to create Notes session and Notes database checkpoint records at the beginning and end of a specific time period. From the Domino Administrator. • To enable activity logging for one server. Disable activity logging for the servers on which you are not running activity logging. 2.Server Configurations. The checkpoint interval applies to the logging types that you selected and that have open. Setting Up the Service Provider Environment 13-23 . open the existing All Servers Configuration Settings document. Enter the number of minutes that transpire between activity logging updates to LOG. active sessions. complete these fields: Field Activity logging is enabled Enabled Logging Types Checkpoint interval Action Select this check box to enable activity logging on each server that you designate. Click Add Configuration to create a new Configuration Settings document for each server that is an exception to the settings in the All Servers Configuration Settings document. Set up the Configuration Settings document to enable activity logging on specific servers that you designate. Select all logging types for which you want to collect billing information.

• Overwrite this database — To overwrite the data in the existing Results database with new data. LOG. The Log Analysis . and the file name. click the Server . 2. 5. the title (name) of the database. When the message box displays “Analysis Completed. On the Server Activity Analysis dialog box.Log Events view opens. • Click Select All to view all activity types. Click OK. logged activity data is stored in binary format in the log file. Start Date End Date Select the start date and end date of the time period for which you want to analyze logged activity data. Activity data for the time period you specify is stored in the Results database. Activity data for the specified time period is stored in the Results database. Select the start time and end time of the logged activity data you want to analyze. From the Domino Administrator. Volume 1 . 3. Start Time End Time Results Database 4. 2. 1. Do the following: 1. 13-24 Administering the Domino System.Analysis tab.” click OK. click Analyze .Activity. 3. Click OK. Repeat to continue adding types. Choose one: • Append to this database — To append the data to the existing Results database. and then click Add. complete these fields: Field Select server activity types to search for Action Click the check box to and then do one of these: • Select an activity type to view. Specify the server on which the Results database will reside. From the Tools panel. A service provider administrator can create a Results database to view the logged data for a hosted organization. Click this button to open the Results Database dialog box.NSF.Viewing logged activity data in a hosted environment By default.

The following topics explain how to complete activities that are unique to or different in a hosted environment. • • • • • • • • Adding a hosted organization to an additional server to provide new Web applications Deleting a hosted organization Disabling services temporarily for a hosted organization Enabling anonymous access to a hosted organization’s database Managing Users at a hosted organization Moving a hosted organization from one server to another server Removing a hosted organization from a backup or load-balancing server Restoring a hosted environment after a server crash 14-1 . Maintaining hosted organizations Service Provider As a service provider administrator. Where necessary. Responsibilities include maintaining the servers that host your organizations. as well as the users at those sites. using the Web Administrator to manage users and groups at a hosted organization site.Chapter 14 Managing a Hosted Environment This chapter contains instructions for moving a hosted organization from one server to another. maintaining the hosted organizations and their data. and performing other actions required to maintain a hosted environment. viewing hosted organizations. adding a hosted organization to a server to provide new Web applications. there is also explanatory information. modifying the Server document. The majority of the administration activities that are performed in a hosted environment are exactly the same as the same activities in a non-hosted environment. maintaining the hosted organizations in your hosted environment is of primary importance.

4. Create an ACL file for the hosted organization in the data directory of the target server. configure the Welcome page. make other Web application-specific modifications — for example. see the chapter “Setting Up a Domino Web Server. For more information on setting up a Web Site document. Web applications can be distributed across multiple servers. create the DNS names that direct users to this server and to this hosted organization’s Web site. This new Web Site document allows servers and routers to distinguish between servers.• • • • • Temporarily disabling services for a hosted organization Using a browser to access a hosted organization’s Web site Using the Resource Reservations database in a hosted environment Viewing a hosted organization Web Administration from the hosted organization site Adding a hosted organization to an additional server to provide new Web applications A hosted server environment can be configured to allow multiple servers to provide Web applications to one or more hosted organizations.” 14-2 Administering the Domino System. You can enable a hosted organization that is currently being served applications by one or more servers to be served a Web application by an additional server. Part of managing a hosted environment is enabling additional servers to serve Web applications to a hosted organization. Use the Basics tab on the new Web Site document to enter the host names or addresses that map to the site and the Domino servers that host the site. Create a Web Site document for the hosted organization. Create a data directory for the hosted organization on the target server. 3. 5. 2. To support the hosted organization. To add a hosted organization to an additional server to provide new Web applications 1. while serving as many hosted organizations as you designate. Volume 1 . where the new Web Site document’s DNS name resolves to the target server’s IP address or name. For Web applications only.

Click Tools .Delete. files. Open the “All Requests by Name” view. You are prompted to confirm the deletion. Choose one of these Processing types: • Immediately clean up Domino Directory — To remove all references to the hosted organization from the Domino Directory immediately • Use Administration Process only — To remove all references to the hosted organization from the Domino Directory when the “Delete hosted organization” administration request runs Note Both processing types generate administration requests and both require that you open the Administration Requests (ADMIN4. 4. 3. Click OK. 5. 2.Deleting a hosted organization The service provider administrator is responsible for deleting a hosted organization when the hosted organization stops subscribing to a service provider’s services. click the Configuration tab. When you delete a hosted organization. From the Domino Administrator. Managing a Hosted Environment 14-3 . the following documents. 2. Select the name of the hosted organization to delete. Click Yes. To approve the deletion request 1.NSF) database and approve the deletion of hosted organization storage. Click Administration Requests (6). Click the Server .Analyses tabs. 3. and then click OK. and directories for the hosted organization are deleted: • • • • • • • • Data directory Cross certificates ACL file Extended ACL entries in the Domino Directory’s ACL file HostedOrganizationAdmins group Global Domain document Internet Site documents Policy document Service Provider To delete a hosted organization 1.Hosted Organization .

set the authentication options to Yes. For more information on the Authentication fields on the Security tab of the Site documents. see the chapter “Installing and Setting Up Domino Servers. Volume 1 . From the Domino Administrator. reset these same fields to Yes. 1. with a database ACL. Open the “Approve Deletion of Hosted Organization Storage” request. 4. Set the “Anonymous” and “Name and Password” fields to No to disable the service for the hosted organization. To enable the service at a later time. add “Anonymous” to the ACL file. users. use the Internet Site documents to set all authentication options to No for all Internet protocols for a hosted organization. Temporarily disabling services for a hosted organization To disable all Internet services for a hosted organization. Select the Internet Site document that contains the settings you want to modify. To enable Internet service for that hosted organization at a later time. Click Yes. Click Edit Document. 2. Adding Anonymous to the ACL file does not expose all of the hosted organization’s data to anonymous users. For example. Do not confuse an ACL file.NSF). Click “Approve Hosted Organization Storage Deletion” to approve the request. Choose Servers . and groups have to a database. 6. 5. and then click OK. which provides security for the hosted organization itself. 14-4 Administering the Domino System.4. and click Edit Document.Internet Sites. 3. anonymous Web users cannot browse a hosted organization’s directory because browsing is disabled.” Enabling anonymous access to a hosted organization’s database To make a hosted organization’s database available to anonymous Web site users. which controls the access that server. Click Security. choose Files and open the Domino Directory (NAMES.

Re-create the hosted organization infrastructure on the destination server.” Service Provider Moving a hosted organization to another server You may need to modify some of the procedures in this section to better fit your individual configuration. see the chapter “Installing and Setting Up Domino Servers. . Open the registration policy settings document for the hosted organization that you are moving and change the original mail server name to the name of the destination server — that is. For more information on modifying a database ACL. 2. Managing a Hosted Environment 14-5 . ASP Admin/ASP */company1 Anonymous LocalDomainServers LocalDomainAdmins [owner=company1] In addition to modifying the ACL file. For example. Moving a hosted organization that has a unique IP address To move a hosted organization that has a unique IP address. complete these procedures: 1. the new mail server. you may need to modify your network router configuration if your configuration includes a network router. Moving a hosted organization that has a unique IP address varies somewhat from moving a hosted organization that has a shared IP address.Sample ACL file The content of a sample ACL file for a hosted organization named company1 with Anonymous access is shown below. modify the hosted organization’s database ACL to allow anonymous access to the database. see the chapter “Controlling User Access to Domino Databases” and for more information on modifying the Web Site document security settings.

Use the Domino Administrator to move databases and move users that have mail files from the source server to the destination server. remove the infrastructure for the relocated hosted organization. Prohibit access to the source server. 14-6 Administering the Domino System. 8. To create the hosted organization's infrastructure on the destination server 1. In addition. Open the registration policy settings document and change the original mail server name to the name of the destination server — that is. Enable access to the destination server. Move nondatabase files from the source server to the destination server. you must modify the server information in the documents. 4. 5. the new mail server. The new subdirectory name must be identical to the subdirectory name on the source server. 7. as well as the DNS entries for the hosted organization you are moving. Create a hosted organization infrastructure on the destination server. 4. use the Domino Administrator to move the users from the source server to the destination server. 2. 6. From the source server. Enable access to the destination server. Moving a hosted organization that has a shared IP address To move a hosted organization that shares an IP address with other hosted organizations. Complete these procedures: 1. 5. 7. Remove the infrastructure from the source server. do one of these: • Create a subdirectory of the data directory. Volume 1 . 6.3. you must change the IP address of the hosted organization that you are moving. Prohibit access to the source server. On the destination server. Enter the destination server name in the “Domino servers that host this site” field in all of the Site documents for the hosted organization. • Create a new data directory and a directory link. DNS entries are often cached and may require a substantial amount of time to process a change. For users who have mail files. Move non-database files from the source to the destination server. 3.

5. From the Domino Administrator. Choose Policies . choose the name of the destination mail server from the list displayed in the “Choose the mail server” field. 3. see the chapter “Setting Up and Managing Notes Users. 1. 3. To edit the hosted organization's registration policy settings document 1. the user will not have access to the mail file on the source server. 4.” create that infrastructure. On the Mail tab. create new directories for those links. Make sure that you and the source server have Create Replica access to the destination server. click People & Groups. 6. Select the person whose mail file you are moving. Click Save and Close.” Managing a Hosted Environment 14-7 . Enter the destination mail server name in the Destination field.NSF) If you approve the deletion too soon. 4.Settings. 5.2. Copy the hosted organization’s ACL file from the source server’s data directory to the destination server’s data directory. when doing so will not impact user access to the mail file. Replicas will be created at the location you select. For more information on moving mail files. click People . Click Edit Settings. Service Provider To move the mail file and other databases Caution During this procedure. Click OK. open the Domino Directory. do not approve the mail file deletion in the Administration Requests database (ADMIN4. Select the server and paths on which you want to create mail files. 2. Include the hosted organization subdirectory. 6. database links. 7. 4. or Web site directory references are located outside of the hosted organization’s subdirectory. From the Domino Administrator. 2.Move. Select the registration policy settings document you want to edit. 3. If any directory links. From the Tools panel. If any Web application requires a “per hosted organization infrastructure. Approve the mail file deletion later.

This procedure applies only to moving a hosted organization that has a unique IP address. and then delete it from the source server.To enable access to the destination server 1. You may need to update host files. and the IP address assigned to the TCP/IP stack. Copy that data to the destination server. Shut down the Domino server on the source server. as well as the IP address assigned to the TCP/IP stack. From the source server. Change the IP addresses hosted by the destination server to include the new addresses — that is. recursively delete the non-database files that you copied to the destination server. 7. Determine whether any Web application requires per-hosted-organization data that has not already been copied. You may need to stop and restart the server depending on your TCP/IP stack. Restart the Domino server on the destination server. Volume 1 . 5. those formerly hosted by the source server. 6. DNS server settings. You may need to modify host files or DNS server settings. Copy the files from the source server to the destination server. Modify all Internet Site documents as necessary. 1. To prevent access to the source server Complete this procedure after you have successfully initiated as many “Move mail file” actions as necessary. 14-8 Administering the Domino System. 2. Copy all non-database files in directories that are not within the hosted organization’s data directory. 4. (Optional) Replicate the data from the source server to the destination server to ensure that all changes made to the source server appear on the destination server. 2. Copy all database files from the source server to the destination server. To move non-database files from the source server to the destination server 1. 3. Disassociate the hosted organization’s IP address from the source server. 2. Associate the hosted organization’s IP address with the destination server according to your particular setup. Whether or not you can modify the IP addresses that are served without restarting the server depends on your individual configuration.

For more information on the Internet Site documents.NSF) and approve the requests to delete the source databases. 2. Shut down the Domino server on the source server.” To remove the infrastructure from the source server 1. 3. Delete any directories that are specific to the hosted organization and that reside outside of the hosted organization’s data directory. Open the Administration Requests database (ADMIN4. Associate those DNS names with the destination server’s IP address. For more information on approving administration requests. Disassociate the hosted organization’s DNS names from the source server’s IP address. do not copy the old key ring file to the destination server. see the topics Internet Site documents and Using Internet Site documents in a hosted environment. Make sure that Web site names are correct. 3.” 2. When all requests have been successfully processed — that is. 5. Managing a Hosted Environment 14-9 . Service Provider To prevent access to the source server 1. Delete the hosted organization’s subdirectory from the source server. For more information on Internet Site documents. Use the destination server’s key ring file. Delete the hosted organization’s ACL file from the data directory on the source server. Restart the Domino server on the source server. 4. 4.” For more information on the Web Site document. see the chapter “Setting Up a Domino Web Server. Open each Internet Site document to modify the IP address for the hosted organization on the destination server. see the chapters “Setting Up the Service Provider Environment” and “Installing and Setting Up Domino Servers. see the chapter “Setting Up the Administration Process. when the databases have been deleted — proceed to the Step 2. If SSL was used for encryption.

Delete the hosted organization’s ACL file. Delete the content of the hosted organization’s data directory. Delete the hosted organization’s data directory. 2. Delete files and databases from the hosted organization’s data directories and from any other directories in which hosted organization files reside. Modify common data for the application to remove support for the hosted organization. 3. Delete the hosted organization’s ACL file from the Domino data directory. one unique IP address is used for each hosted organization. 5. 3. To remove a hosted organization from a server that provides Web-application support 1. Perform the necessary steps to do one of these: • Prevent the network router from distributing the data from this hosted organization to the destination server • Deconfigure the hot-backup server 2. 14-10 Administering the Domino System. In this configuration. Volume 1 . 4. Remove the DNS name for the Web application. You do not need to modify the Internet Site documents because the network router controls redirection connections for load-balancing and for hot-backups. Delete the Web Site document for the Web application. 4.Removing a hosted organization from a backup or load-balancing server Use this procedure to remove a hosted organization and all of its services from a server that provides hot-backup or load-balancing capability. To remove a hosted organization from a backup or load-balancing server 1.

” How the Domino service provider software responds to a DNS outage The Domino service provider software can withstand DNS outages. you also lose the extended ACLs for NAMES. a cache deletion results when you remove an IP address or host name from an Internet Site document or remove a server from the list of Domino servers that host the site.NSF. For example. Managing a Hosted Environment 14-11 . see the topics Transaction logging and How transaction logging works. You must use transaction logging and/or a recent backup of NAMES.Restoring a hosted environment after a server crash To recover quickly from various system failures and server crashes. including the content of the Domino Directory. After the Internet Site documents have been loaded into the Domino ASP cache. If you are not using transaction logging. create a daily backup so that you can restore current data if necessary. Service Provider For more information on transaction logging. The Domino service provider software recognizes Internet Site documents during the resulting time-out period. see the chapter “Transaction Logging. on subsequent loading of the cache. If there are any invalid host names in your Internet Site documents or if DNS is unavailable. if there are any DNS-lookup errors.NSF and for ADMIN4. then cache deletions occur within five minutes. DNS-lookup errors occur when DNS is unavailable or host names cannot be resolved into IP addresses. To minimize this recovery time-out.Restart the servers so that transaction logging will restore the data. Restoring the Domino Directory and extended ACLs If the Domino Directory in a hosted environment becomes corrupted. cache entries are not immediately removed but are instead removed slowly over time. If there are no invalid host names and DNS is available.NSF in order to restore the Domino Directory and the extended ACLs. For more information on transaction logging. restore the Domino Directory from the most recent daily backup. ensure that there are no invalid host names in your Internet Site documents. implement transaction logging in the hosted environment. You cannot recreate the Domino Directory from the template. Cache deletions then require more time — up to two hours. Also. then the DNS recovery code is activated.

NTF to create the Resource Reservations database. This Resource Reservations database is created in the Domino data directory. 2. enter: www.acmeprinting.acmeprinting.net/doc to download or view Lotus Notes 6 Help. For information on creating a database.NSF.com failed Using a browser to access a hosted organization’s Web site Use a browser to access a hosted organization’s Web site. see the chapters “Setting Up the Domino Web Server” and “Installing and Setting Up Domino Servers.com/acme_printing/homepage. go to http://www. For more information on redirecting users to other Web sites. enter: www. to access the home page for the hosted organization Acme Printing. Volume 1 . at the hosted organization named Acme Printing.The following console message is logged if there are invalid host names in the Internet Site documents (excluding the Web Site document): Lookup of IP address for host hostname. open the new database. After creating the database. Use this syntax: http://Web_site_name/hosted_organization/database_name For example. include the name of the hosted organization’s directory in the URL.com/acme_printing/mail/jsmith. to access your own mail file named JSMITH.nsf For example.notes.nsf Note You can use a Web Site document to redirect users to other Web sites. Or.” Using the Resource Reservations database in a hosted environment You can create a Resource Reservations database that can be used for the service provider site and for all hosted organizations. Use the template RESRC60. To create the Resource Reservations database 1. 14-12 Administering the Domino System. see the topic Creating a Database[[ if you have installed Lotus Notes 6 Help.

Using the hosted organization name sets the extended ACLs on the Resource/Reservations database for the site. 1. Enter the name of the hosted organization in the Domain name field. To add a new hosted organization. if you assign access rights and roles to a hosted organization. To create a Site Profile document to support a hosted organization In the Resource Reservations database. Caution Do not assign access rights and roles directly to a hosted organization. 5. users in the hosted organization will be able to open the Resource Reservations database for other hosted organizations. Close the database. Because the Resource Reservations database is not automatically protected by an extended ACL. For more information on the Resource Reservations database. open the new Resource Reservations database. assign the “NoAccess” role to prevent users outside of the hosted organization from accessing the database. 4. 3. Click Save and Close. thereby preventing unauthorized users from accessing this database. Edit the database ACL as follows: a. see the chapter “Setting Up Calendars and Scheduling. From the Domino Administrator. assign the “Create Resource” role which allows the administrator to create new entries in the database. Enter the hosted organization name in the Site name field. 2.” Service Provider Managing a Hosted Environment 14-13 .3. click Add Site. To the service provider administrator. Create a Site Profile document for each individual hosted organization. 4. Add resources and reservations to the database. 6. To default users. each hosted organization is treated as a site. b.

For more information on viewing Web Site and Internet Site documents. see the topic “Web Administration from the hosted organization” in this chapter. 14-14 Administering the Domino System. To use the organization view. use the Domino Administrator to register. Volume 1 . according to the agreements you have with your various hosted organizations. If you will be performing all user management actions from the service provider site. The non-hierarchical view is the default. You can view a list of the hosted organizations and corresponding Site documents in the Domino Directory. you have varying levels of responsibilities for user management. see specific areas of the documentation that explain the actions you want to perform. delete. For example.Viewing hosted organizations The People and Groups views in the Domino Administrator are categorized by organization name or by non-hierarchical (flat) name. see the chapter “Setting Up the Service Provider Environment” Managing users at a hosted organization As a service provider administrator. To perform user management actions from the service provider site. or perform any user or group management action. you would most likely want to access these areas of the documentation: • Registering users • Managing users • Creating and modifying groups • Managing groups • Deleting a group with the Domino Administrator or the Web Administrator User management from the hosted organization site To enable hosted organizations to use the Web Administrator to add and delete users and groups. click People or click Groups and then click by Organization.

To register a user for a particular hosted organization. Before using the Web Administrator.” To use the Web Administrator. • Add the hosted organization administrator to the HostedOrganizationAdmins group and assign Author access with the People&Groups role in the ACL. Service Provider To set up access to the Web Administrator at a hosted organization site Before using the Web Administrator. ensure that the service provider administrator is using a certifier created for that hosted organization. For more information on the server-based CA. see the chapter “Setting Up a Domino Server-Based Certification Authority. and ADMIN4. Set up and load the CA before attempting to access and use the Web Administrator. NAMES. they can be registered with certifier IDs and passwords or with the Domino server-based CA.NSF.NSF. The service provider administrator must assign these rights to the hosted organization administrators who are responsible for managing users and groups with the Web Administrator. the hosted organization administrator must have rights in the ACL for WEBADMIN. Users registered by the hosted organization administrator at the hosted organization site must be registered using the Domino server-based CA. • Managing a Hosted Environment 14-15 . For more information on the Web Administrator. you must also use the server-based certification authority (CA).” Note If a hosted organization’s users are registered at the service provider site. Add the hosted organization administrator to the LocalDomainAdmins group and assign Manager access and All roles in the ACL.Using the Web Administrator to manage users at a hosted organization The hosted organization administrator can use the Domino Web Administrator to maintain users and groups.NSF. see the chapter “Setting Up and Using Domino Administration Tools. the hosted organization administrator must be familiar with the Web Administrator.

NSF. and Replicate or copy documents.The hosted organization administrator needs special access in NAMES. Write public documents. Create documents. Delete documents. UserModifier roles. The service provider administrator assigns these rights to the hosted organization administrators: • Add the hosted organization administrator to the HostedOrganizationAdmins group and assign Editor access with default roles — that is.NSF): • Author access with the Create documents and Read public documents roles. Volume 1 . Read public documents. Also assign the GroupCreator. the hosted organization administrator performs these tasks: • • • • Registering users with the Web Administrator Deleting a user name with the Web Administrator Creating a group with the Web Administrator Deleting a group with the Web Administrator Addressing messages to users at a hosted organization To send mail to users and administrators at a hosted organization. GroupModifier. UserCreator. To use the Web Administrator to manage users and groups To maintain users and groups with the Web Administrator. the user names and group names in the senders address book must contain full name references that include the Internet domain name in the address or that use a Notes address that includes the domain name. Give the hosted organization administrator the following access to the Administration Request Database (ADMIN4.com Where Acme is the Internet domain name A Notes address that includes the domain name: Robert Owens/hosted_organization@Acme Where “hosted_organization” is the hosted organization name and Acme is the Internet domain name • 14-16 Administering the Domino System. For example: • An address that includes the Internet name: Robert_Owens@Acme.

delete server name. Server document-management tasks. recertify users. such as performing Access Control List (ACL) changes and enabling agents. if you delete a user. and downgrade roaming user to nonroaming status. such as create replica. and store Internet certificate. locates and removes the user’s name from ACLs. a program that simplifies administrative tasks. If you want to delete all replicas of a database. User mail file management tasks. and place network protocol information in Server document. delete group. such as roaming user setup. the “Out of Office” agent is enabled and disabled by Notes client users. such as store CPU count. Mail file management tasks.Chapter 15 Setting Up the Administration Process This chapter describes how to set up the Administration Process. Replica management tasks. such as storing the user’s Notes version and client platform information. delete person. Roaming user management. or delete all replicas of a database. and editing ACLs. move replica. upgrade a nonroaming user to roaming status. and makes any other necessary deletions for that user. such as deleting users. store platform. the Administration Process finds the replicas on servers in the domain and provides an interface for deleting them. move roaming users to other servers. Administration • • • • • • 15-1 . For example. Person document management tasks. such as delete mail file and move mail file. For example. The Administration Process The Administration Process is a program that automates many routine administrative tasks. creating replicas. such as rename person. The Administration Process automates these tasks: • Name management tasks. rename group. the Administration Process locates that user’s name in the Domino Directory and removes it.

Readers and Authors fields. performs deletion and name change operations in that Domino Directory.NSF) is created on the administration server for the Domino Directory when that server starts for the first time. Then the Administration Process makes all changes to that replica. The Administration Requests database The Administration Requests database (ADMIN4. To complete tasks. and replication for that database carries out the changes in all other replicas. the server creates a replica stub of the Administration Requests database and waits for it to be initialized from another server in the domain. You can also set up one or more extended administration servers to distribute across multiple servers the processing of administration requests that modify the Domino Directory. If a database has replicas.Administration servers Administration servers control how the Administration Process does its work. see the topic “Using an extended administration server” later in this chapter. in the form of Administration Request documents. 15-2 Administering the Domino System. Every server in the domain stores a replica of the Administration Requests database and the Domino Directory. and these changes are replicated to other servers in the domain. For more information on extended administration servers. Requests for work to be done by the Administration Process are stored in the Administration Requests database. The administration server for the Domino Directory maintains the Domino Directory’s ACL. or Names fields. Do not specify an administration server in your domain for a replica of another domain’s Domino Directory. The status of work done by the Administration Process is also stored there as response Log documents to the requests. By default. Domino servers use replicas of this database to distribute requests made on one server to other servers in the domain. the first Lotus Domino server you set up in a domain is the administration server for the Domino Directory. changes to the ACL. the Administration Process posts and responds to requests in the Administration Requests database. Volume 1 . You specify an administration server for the Domino Directory and for specific databases. but more than one of your own — you can specify an administration server for each of the directories in your domain. you assign an administration server to only one replica. All databases need an administration server to manage name changes and deletions that apply to the database — for example. If you have multiple directories in your domain — not replicas of other domain’s directories. if the Administration Requests database does not exist. When other servers start.

or a few servers the responsibility of being the administration server of many databases may result in that server continually processing delete and name change requests. see the chapter “Installing and Setting Up Domino Servers. Giving only one. If the Certification Log exists on another server. The Certification Log also contains messages that describe the results of recertification requests that the Administration Process is processing. Making a heavilly-accessed server the administration server of the Domino Directory results in slow server performance from a user’s perspective.The Administration Requests database also acts as the interface to the Domino Certificate Authority requests. the Certification Log (CERTLOG. move the Certification Log to the server containing the Domino Directory on which you are initiating the name change or recertification. Large numbers of name-management operations — rename and delete requests for example — result in many changes to the Domino Directory with the subsequent view rebuilding and thereby affecting performance. Choosing the administration server also involves planning how to assign administration servers for other databases in the domain because all name management operations require extensive searching of databases to determine which server is the administration server for the Setting Up the Administration Process 15-3 . The CA requests can be removed from the view or resubmitted for processing in the same manner as the Administration Process Requests. including information about the certifier ID. For more information on working with requests see the topics “The Administration Requests database” and “Managing Administration Process requests” in this chapter. and the anticipated changes that will be made to the Domino Directory via the Administration Process. see the chapter “Setting Up a Domino Server-Based Certification Authority.NSF) must reside on the server that stores the Domino Directory in which you will initiate the name change or recertification. the available equipment. For more information on the Certification Log. The Certification Log contains a permanent record of how you register servers and users. For more information on the Registration Authority (RA).” Administration Specifying the administration server for the Domino Directory Choosing the administration server for the Domino Directory depends on your network setup.” The Certification Log To use the Administration Process to perform name changes and recertifications. It is the responsibility of the Registration Authority to monitor the status of the Certification Authority (CA) Requests.

If your domain is geographically dispersed. A third option involves using multiple servers to maintain the Domino Directory. Reader. The responsibility of the administration server of other databases is to maintain ACLs. such as database hubs. that is. directory management. To do so. Using a multifunction server as the administration server for the Domino Directory and distributing administration responsibilities for the other databases to other servers. it may result in slower server performance as the domain grows and the use of the Administration Process to update the Domino Directory and maintain databases increases. Reader and Author fields. for the Domino Directory to provide for less centralized. You can divide the responsibility for database ACL changes among several administration servers. Name fields and unread lists. You limit this server’s responsibility to the processing of Domino Directory changes. extended administration servers 15-4 Administering the Domino System. and unread lists during name management operations. • • If the domain has only a few servers. A second option involves using a dedicated registration server as the administration server for the Domino Directory. consider using one administration server for both the Domino Directory and for other databases. Setting multiple administration servers. you must make sure that when there are multiple replicas of a database in the domain. more regional. Authors. it is composed of multiple organizations and organizational units. having a single administration server for the Domino Directory means all administration requests for Domino Directory changes have to replicate to this one server and the resultant changes have to replicate back. When choosing the administration server for databases in a domain. you assign an administration server for only one replica. While this option centralizes administration. specify the database hub as the administration server for those databases.ACLs. Volume 1 . The majority of the administration server resources are used for updating the Domino Directory and replicating to keep the Domino Directory consistent across the domain. If your company is organized hierarchically. your choices include: • • Using a hub server as the administration server for the Domino Directory and for other databases. but. called extended administration servers. You can then use other servers. for processing ACL changes to other databases. Using a dedicated registration server as the administration server for the Domino Directory and using one or more separate hub servers as administration servers for other databases. and Names fields.

but is not recommended for performance reasons. see the topic “Using an extended administration server” later in this chapter. Setting up the Administration Process To set up the Administration Process. if you delete a Person document. (Optional) Set up cross-domain processing to enable an administration server in one domain to export requests to and/or import requests from an administration server in another domain. Note If you use an LDAP client to administer the Domino Directory. This is done during installation.can be assigned to maintain the directory documents associated with people. Always run the most recent version of Lotus Domino 6 on the administration server of the Domino Directory and the extended administration servers. 5. Set up ACLs for the Administration Process. Administration Setting Up the Administration Process 15-5 . Specify an administration server for databases in the domain. 2. For more information on installing a server. 3. you must manually remove references to that person’s name in other places that it occurs because the Administration Process does not do this for you. the Administration Process is not aware of these changes and does not extend the changes to other databases. Verify that the administration process is set up correctly. For example. groups. so that you can use all of the newest Administration Process features. you must complete these tasks: 1. Specify the administration server for the Domino Directory in the domain. 4. Using a server that contains mail and other databases as the administration server for the Domino Directory is possible. see Installing and Setting Up Domino Servers. For more information on extended administration servers. and servers whose names have that organization or organizational unit component.

Specifying an administration server for databases The Administration Process uses administration servers to manage administrative changes that apply to databases.If you do not want an administration server assigned for the database. • Modify all Readers and Authors fields . select the server containing the database you are setting as an administration server.” 15-6 Administering the Domino System. Choose one of these according to whether you want modifications to the indicated fields to occur during a rename group. Either the administrator or the database manager can specify the administration server for a database. or during a delete server. Click the Files tab and then select the database to which you are assigning an administration server. Note To change the administration server for a database.Manage ACL. 6. • Server . or delete user action: • Do not modify Names fields . 3. click Tools .Names fields are not updated during any of the above rename and delete actions. delete group. Administration Server Choose one of these: 7. If you will be processing administration requests across domains. Perform this procedure on an as-needed basis. rename user. complete the procedure “Creating a Cross-domain Configuration document.Reader and Author fields are updated during the rename and delete actions listed above. Click Advanced. 4. 5. or rename server action.All names fields are updated during any of the rename or delete actions listed above. open the domain containing the server with the database for which you are setting an administration server. Complete these fields and then click OK: Field Enter • None . you must have Manager access to the database or be designated as a Full access administrator on the Security tab of the Server document. From the Servers pane. 2. 1.Select a server from the list. From the Domino Administrator. Volume 1 . From the Tools pane.Database . • Modify all Names fields .

Sixty minutes after the Administration Process begins running. in the Administration Request document.NSF processes the request. 1. 4. the administration server for NAMES. verify that both are running correctly. the server attempts to open the database. 2. A secondary Domino Directory can use the same administration server as your primary Domino Directory. Open the “All Requests by Action” view.Log appears at the top of each Log document. open the Administration Requests database again and open the response Log document for the request. From the Domino Administrator. Verify that the request “Put server’s Notes build number into Server record” appears in the view. 5. Complete the procedure. NAMES. Review the information in the response Log document to ensure that the request has run. you may want to maintain Notes users with Notes IDs in NAMES.Verifying that the Administration Process is set up correctly After you set up the administration server and the Administration Process.NSF.Analyses Administration Requests(6). NAMES. If it is successful. click Server . 6. the server checks for the replica ID. the administration process records. The heading Administration Request . If there is no replica ID stored in the Administration Request document.” Administration Process support of secondary Domino Directories Domino supports the use of secondary Domino Directories for maintaining user names and groups that you want to store in a directory other than your primary Domino Directory. Note Log documents are listed directly beneath the request that the document pertains to. but maintain Web-only users in a secondary Domino Directory. the server checks the ACL to determine whether it is the Setting Up the Administration Process 15-7 Administration . When you initiate a name-management or group-management action from a secondary Domino Directory. For example.NSF.NSF. 3. “Setting up ACLs for the Administration Process. the replica ID of the secondary directory. When a server locates and then attempts to process a name-management or group-management administration request. If a replica ID is located. or you can designate another server as the administration server for the secondary directory.

the server leaves the request to be processed by the appropriate administration server. The Administration Process for the Domino Directory must be set up on a server in each domain.administration server for that directory. For more information on secondary Domino Directories. If the server is unable to open the database. 15-8 Administering the Domino System. Cross-domain processing works only when the administration server of the Domino Directory is a Lotus Domino Release 5 or more recent server. If it is not the administration server for that directory. the server processes the request. Processing administration requests across domains You set up Cross-domain Configuration documents to enable a server in one domain to mail administration requests to a server in another domain. Set up the Cross-domain Configuration document after you specify an administration server for the Domino Directory in each domain. If so. see the topic “Specifying an administration server for databases” earlier in this chapter.” For more information on designating a server as an administration server. upgrade the server name from flat to hierarchical Rename person in Domino Directory Create replica Get replica information for deletion — This request is generated when you delete a database and its replicas Note During cross-domain processing. see the chapter “Setting up Directory Assistance. These tasks can be processed across domains: • • • • • • Delete person in Domino Directory Delete server in Domino Directory Rename server in Domino Directory — that is. it ignores the request. Volume 1 . any requests imported from another domain and any subsequent requests created by the imported requests are processed by Lotus Domino Release 5 and more recent servers only.

” Setting Up the Administration Process 15-9 Administration . they are signed by certifiers so their validity is determined by the certificates and the cross-certificate in the destination domain’s Domino Directory. Rename requests are the exception.Setting up cross-domain processing of administration requests To set up cross-domain processing of administration requests. for the organizational structure represented in the name change request.” For more information on cross-certificates. Each domain must have a Connection document. you designate the trusted entities. Additionally. that configuration will be ignored. you need to do the following: • Create the necessary cross-certificate documents in the Domino Directory. see the chapter “Setting Up Directory Assistance. or certifiers. there must be appropriate cross-certificates between the two domains. with the certifier’s public key. or it must be able to access those Certifier documents from a trusted Directory specified via Directory Assistance. servers. The Administration Requests database contains Cross-domain Configuration documents that specify how domains exchange and process administration requests. • • Edit the Directory Profile document for the Domino Directory to include the names of anyone allowed to create a Cross-domain Configuration document. Requests going to another domain require cross certificates between the two domains. see the chapter “Protecting and Managing Notes IDs. which are persons. When you configure a Cross-domain Configuration document. the Domino Directory of the destination domain must either have all Certifier documents. see the chapter “Installing and Setting Up Domino Servers. add the administrators names to the “List of administrators who are allowed to create Cross-domain Configuration documents in the administration requests database” field. All requests received from the domain must be signed by one of its trusted entities. For Rename requests going to another domain. On the Directory Profile document. Create a Connection document in the Domino Directory allowing a server in one domain to connect to a server in another domain. If a Cross-domain configuration document is created by someone whose name is not in that field or who is not a manager of the Domino Directory.” For more information on Certifier documents. For more information on setting up trusted directories via Directory Assistance. Create one or more Cross-domain Configuration documents in the administration requests database for each domain from which you will import administration requests and to which you will export administration requests.

Applications are easily distributed because databases are easily replicated from servers in one domain to servers in other domains. Access to information is enhanced because a name change is propagated to other domains. people and servers registered in one domain can also be listed in the directory documents and database ACLs in another domain. 2. Processing administration requests across domains can protect the integrity of the data in databases. choose one of these: • Inbound to create an inbound request configuration • Outbound to create an outbound request configuration 15-10 Administering the Domino System. 2. choose Server . corresponding deletions occur in the other domains. Cross-domain processing allows users and servers to have access to databases and servers in both domains. On the Configuration Type tab. Make sure that you have already set up the necessary Connection documents and cross certificates to allow communication between the servers. From the Domino Administrator. Creating a Cross-domain Configuration document 1. Administrators do not have to install and update applications individually on all servers. if a person is deleted from the directory in one domain. For example. Choose the Cross Domain Configuration view and click “Add Configuration.Analysis Administration Requests(6). For example.” 4. 3. 3.Benefits of cross-domain processing Cross-domain processing offers these benefits: 1. Volume 1 .

If you selected Create Replica requests from the list above. a trusted signer for the request type for the destination domain.5. Create Replica requests must be signed by the source server. List of approved signers Names of approved signers — that is. Select any of these requests that this server will accept from other domains and then click OK. This field displays if the Create Replica request is selected. An inbound request is rejected if it is signed by someone who is not a trusted signer. Administration Setting Up the Administration Process 15-11 . If you chose Inbound in Step 4. • • • • Create Replica Delete Person in Address Book Delete Server in Address Book Get Replica Information for Deletion • Rename Person in Address Book • Rename Server in Address Book Only allow Create Replica requests Server names in your current domain if intended for one of the following that will accept Create Replica servers requests from other domains. click Inbound Request Configuration and then complete these fields: Field Receive AdminP requests from domains List of AdminP requests allowed from other domains Enter The name of one or more domains from which this server will receive requests. the request’s author is required to have Create Replica access to the destination server.

Select the type of requests that this server will send and then click OK. 7. If you selected the Create Replica request from the list above. Also enter the domain names in which the servers reside. 8. Complete the procedure “Verifying that the Administration Process is set up correctly. Names of approved signers — that is. • • • • • • Only submit Create Replica requests to the domains listed above if the destination server is one of the following List of approved signers Create Replica Delete Person in Address Book Delete Server in Address Book Get Replica Information for Deletion Rename Person in Address Book Rename Server in Address Book Server names to which you will send Create Replica requests. Volume 1 . An outbound request will not be sent if it signed by someone who is not a trusted signer. If you chose Outbound in Step 4. a trusted signer for the request type from the creation domain. Create Replica requests must be signed by the source server. click Outbound Request Configuration and then complete these fields: Field Domains to submit AdminP requests to List of AdminP requests to submit Enter The name of one or more domains to which this server will send requests. the request’s author is required to have Create Replica access to the destination server.6. Click Save and Close. This field displays if the Create Replica request is selected.” 15-12 Administering the Domino System.

and list the administrators in the group. Administration Setting Up the Administration Process 15-13 .NSF). give Editor access. give administrators Author access. If an error occurs during any administrative task.NSF). see the chapter “Controlling User Access to Domino Databases. the administrator must have Editor access in the ACL of the Administration Requests database to perform the task again. secondary directories — if applicable. give administrators Author with Create documents access. If an administrator will be approving requests. Administration Requests database (ADMIN4. For the Certification Log database.NSF). create an administrator group of type Person Group with Editor access. administration requests will fail if they are initiated by anyone not specified in the extended ACL. and the Certification Log database (CERTLOG. • • To assign access to administrators so they can perform only specific tasks. The quickest way to provide administrators with the access they need is to give them the minimum levels of access: • For the Domino Directory.Setting up ACLs for the Administration Process Each administrator who uses the Administration Process to perform tasks must have the appropriate access rights and roles in the Domino Directory (NAMES. For the Administration Requests database.” Note If extended ACLs are enabled and you have specified who can modify documents for an organization. and Certification Log database. For more information on setting up and modifying an ACL. see the table below which specifies the access that administrators need in the ACLs of the Domino Directory. seco