D8l751 Inst

IBM Lotus Domino 8.
5 System Administration Operating Fundamentals

Instructor Guide
IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Instructor Guide

Part Number: IBMD8L75 Course Edition: 1.0
Notices
DISCLAIMER: You may not copy, reproduce, translate, or reduce to any electronic medium or machinereadable form, in whole or in part, any documents, software, or les provided to you without prior written consent of IBM Corporation, except in the manner described in the documentation.While every reasonable precaution has been taken in the preparation of this manual, the author and publishers assume no responsibility for errors or omissions, nor for the uses made of the material contained herein and the decisions based on such use. Neither the author nor the publishers make any representations, warranties, or guarantees of any kind, either express or implied (including, without limitation, any warranties of merchantability, tness for a particular purpose, or title). Neither the author nor the publishers shall be liable for any indirect, special, incidental, or consequential damages arising out of the use or inability to use the contents of this book, and each of their total liability for monetary damages shall not exceed the total amount paid to such party for this book. TRADEMARK NOTICES The following terms are trademarks or service marks of International Business Machines Corporation in the United States, other countries, or both: DB2, Domino, Domino Designer, Domino.Doc, Everyplace, ibm.com, K-station, LearningSpace, Lotus, Lotus Discovery Server, Lotus Enterprise Integrator, Lotus Notes, Lotus Workow, Mobile Notes, Netnity, QuickPlace, Rational, Sametime, Tivoli, VisualAge, WebSphere, Workplace, Workplace Messaging, and WorkPlace Shell. Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Copyright 2009 IBM Corporation.
Lotus software, IBM Software Group One Rogers Street Cambridge, MA 02142
Under the copyright laws, neither the documentation nor the software may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form, in whole or in part, without the prior written consent of IBM, except in the manner described in the documentation or the applicable licensing agreement governing the use of the software. All rights reserved. Licensed Materials - Property of IBM US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corporation.
You must purchase one copy of the appropriate kit for each student and each instructor. For all other education products you must acquire one copy for each user or you must acquire a license for each copy provided to a user.
Table of Contents
IBM Lotus Domino 8.5 System Administration Operating Fundamentals Lesson 1: Introducing the IBM Lotus Domino 8.5 Environment
Topic A. Examining the IBM Lotus Domino 8.5 Architecture. . . . . . IBM Lotus Domino Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . Client and Server Architectural Components . . . . . . . . . . . . . . . Server Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lotus Domino Server Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Default Location Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Client Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview of Lotus Notes 8.5 Features . . . . . . . . . . . . . . . . . . . . . . Topic B. Investigating IBM Lotus Domino Applications. . . . . . . . . . The Object Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Components of Lotus Domino Applications . . . . . . . . . . . . . . . . . Database Types and Applications . . . . . . . . . . . . . . . . . . . . . . . . Composite Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Required Server Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Lotus Domino Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lotus Domino Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Single vs. Multiple Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Topic C. Exploring IBM Lotus Domino Server Functionality . . . . . . Categories of Lotus Domino Services . . . . . . . . . . . . . . . . . . . . . . Core Lotus Domino Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lotus Domino Advanced Services . . . . . . . . . . . . . . . . . . . . . . . . .
2 3 3 4 4 5 7 7 8 9 9 10 11 12 13 13 13 13 14 14 16 16
Lesson 2: Performing Basic Administration Tasks

Topic A. Starting IBM Lotus Domino Administrator . . . . . . . . . . . . . Lotus Domino Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lotus Domino Administration Tools . . . . . . . . . . . . . . . . . . . . . . . . . The Lotus Domino Administrator Interface . . . . . . . . . . . . . . . . . . Topic B. Using Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Online Help Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20 21 22 22 26 26
Copyright IBM Corporation 2009.
Topic C. Navigating in IBM Lotus Domino Administrator . . . . . . . . Lotus Domino Administrator Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . The Person Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasks on the People & Groups Tab . . . . . . . . . . . . . . . . . . . . . . . . . Tasks on the Files Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasks on the Server Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasks on the Messaging Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lotus Domino Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasks on the Replication Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasks on the Conguration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . Topic D. Setting Administration Preferences . . . . . . . . . . . . . . . . . . . . . Administration Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Topic E. Introducing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Policy Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Settings Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
28 28 29 29 29 30 30 30 30 31 31 34 34 36 36 36 36
Lesson 3: Examining IBM Lotus Notes and IBM Lotus Domino Security
Topic A. Identifying IBM Lotus Domino Security Components . . . . IBM Lotus Domino Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Units. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization Certiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Topic B. Designing a Hierarchical Naming Scheme . . . . . . . . . . . . . . . Hierarchical Naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Components of a Hierarchical Name . . . . . . . . . . . . . . . . . . . . . . Hierarchical Naming Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Unit Naming Recommendations. . . . . . . . . . . . . Separate Server OUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Naming Recommendations . . . . . . . . . . . . . . . . . . . . . . . . Server Host Names and Common Names. . . . . . . . . . . . . . . . . . . User Naming Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . Planning a Hierarchical Naming Scheme . . . . . . . . . . . . . . . . . . . How to Design a Hierarchical Naming Scheme . . . . . . . . . . . . . .
40 41 41 42 42 44 45 45 46 47 48 49 50 50 51 51
Topic C. Authenticating with IBM Lotus Domino Servers . . . . . . . . Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Certicates and ID Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Certicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ID Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Components of an ID File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Common Certicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Certicates Are Used in Authentication . . . . . . . . . . . . . . . . The ID Vault Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to Create an ID Vault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Topic D. Controlling Access to Resources . . . . . . . . . . . . . . . . . . . . . . . Introduction to Lotus Domino Access Controls . . . . . . . . . . . . . . . Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Lotus Domino Controls Access . . . . . . . . . . . . . . . . . . . . . . . . Stages of Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Using Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Group Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Best Practices for Creating Groups . . . . . . . . . . . . . . . . . . . . . . . . Topic E. Determining Database Access Levels . . . . . . . . . . . . . . . . . . . Access Control List Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Topic F. Determining Workstation Security Levels . . . . . . . . . . . . . . . . . Execution Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Execution Control List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
54 55 56 56 56 57 57 59 60 60 62 63 63 64 64 65 68 70 70 72 72 75 75 75
Lesson 4: Examining IBM Lotus Domino Mail Routing

Topic A. Introducing IBM Lotus Domino Messaging . . . . . . . . . . . . Lotus Notes Named Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mail Routing and Lotus Notes Named Networks . . . . . . . . . . . . . Mail Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mail Routing Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mail Settings that Affect Routing . . . . . . . . . . . . . . . . . . . . . . . . . . The Mail Routing Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Router Optimizations in Lotus Domino 8.5 . . . . . . . . . . . . . . . . . . .
78 79 79 80 81 82 83 83
Topic B. Designing a Mail Routing Topology . . . . . . . . . . . . . . . . . . . . . Mail Routing Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Topology Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hub and Spoke Topology Considerations . . . . . . . . . . . . . . . . . . . How to Design a Mail Routing Topology . . . . . . . . . . . . . . . . . . . .
83 84 84 85 85
Lesson 5: Examining IBM Lotus Domino Replication

Topic A. Introducing IBM Lotus Domino Replication . . . . . . . . . . . . What is Lotus Domino Replication? . . . . . . . . . . . . . . . . . . . . . . . . Components of the Replication Process . . . . . . . . . . . . . . . . . . . . The Server-to-Server Replication Process . . . . . . . . . . . . . . . . . . . Replication Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Workstation to Server Replication Process . . . . . . . . . . . . . . . Database Replicas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Database Replication Process . . . . . . . . . . . . . . . . . . . . . . . . Streaming Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Field-Level Replication Process . . . . . . . . . . . . . . . . . . . . . . . . Factors that Affect Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . Topic B. Designing a Replication Strategy . . . . . . . . . . . . . . . . . . . . . . . Types of Replication Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Replication Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication vs. Routing Topologies . . . . . . . . . . . . . . . . . . . . . . . . Considerations for Choosing a Replication Type . . . . . . . . . . . . . How to Design a Replication Strategy . . . . . . . . . . . . . . . . . . . . . .
92 93 94 95 95 95 96 96 97 97 98 100 100 103 104 104 104
Lesson 6: Extending the IBM Lotus Domino Environment

Topic A. Selecting Additional IBM Lotus Domino Services . . . . . . . 110 Lotus Domino Standard Services . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Lotus Domino Internet Security Mechanisms . . . . . . . . . . . . . . . . 112 Topic B. Implementing IBM Lotus Domino Scalability Features . . . Scalability Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lotus Domino Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Benets of Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lotus Domino Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Benets of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
113 114 114 115 116 116
Topic C. Integrating Other IBM Products . . . . . . . . . . . . . . . . . . . . . . . IBM Lotus Sametime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IBM Lotus Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IBM Lotus Quickr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
116 117 118 118
Appendix A: The Worldwide Corporation Infrastructure Plan Appendix B: Certication and Exam Competencies Appendix C: Instructor Preparation Additional Instructor Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Introduction
About This Course

This course introduces you to basic concepts that provide the foundation for IBM Lotus Domino 8.5 and IBM Lotus Notes 8.5, and it is the point of entry to the entire core system administration curriculum. This course covers the foundational knowledge needed to perform basic administrative tasks in a Lotus Domino 8.5 infrastructure. This course does not cover how to install, congure, maintain, or troubleshoot a Lotus Domino 8.5 infrastructure.
Course Description
Target Student
The target audience for this course is current network or mail system administrators who are new to the Lotus Domino 8.5 system administration, but have some experience using the Lotus Notes 8.5 client, and who need to acquire a foundational knowledge and working experience with the Lotus Domino 8.5 administration tools.
Course Prerequisites
The prerequisites for this course include previous experience as a network administrator or mail system administrator, and experience using the Lotus Notes 8.5 client.
Introduction

Introduction
How to Use This Book

As a Learning Guide
Each lesson covers one broad topic or set of related topics. Lessons are arranged in order of increasing prociency with Lotus Domino and Lotus Notes; skills you practice in one lesson are used and developed in subsequent lessons. For this reason, you should work through the lessons in sequence. Each lesson is organized into results-oriented topics. Topics include all the relevant and supporting information you need to master Lotus Domino and Lotus Notes, and activities allow you to apply this information to practical hands-on examples.
As a Review Tool
Some of the information covered in class may not be relevant to your environment immediately, but it may become important later on. For this reason, we encourage you to spend some time reviewing the topics and activities after the course. The course can also be used in preparation for Lotus certication exams.
As a Reference
The organization and layout of the book make it easy to use as a learning tool and as an after-class reference. You can use this book as a rst source for denitions of terms, background information on given topics, and summaries of procedures.
Course Objectives
After completing this course, you should be able to: Describe the structural components of the IBM Lotus Domino 8.5 environment. Perform basic IBM Lotus Domino 8.5 administration. Manage IBM Lotus Notes and IBM Lotus Domino security. Describe Lotus Domino mail routing and mail routing topologies. Describe Lotus Domino replication and replication topologies. Identify services and options that you can use to extend and enhance the functionality of the Lotus Domino environment.
ii
Introduction

Introduction
Course Requirements
Hardware
Instructor Lotus Domino Server (Hub)
You will need one computer to install as the instructor Lotus Domino server.
If you plan to teach the Managing IBM Lotus Domino 8.5 Servers and Users course immediately following this class, you may choose to use that courses setup for IBM Lotus Domino 8.5 Systems Administration Operating Fundamentals. However, IBM Lotus Domino 8.5 Systems Administration Operating Fundamentals was not tested with the Managing IBM Lotus Domino 8 Servers and Users conguration, and you might nd minor discrepancies in the activities and demonstrations.
1 GB of RAM or more is recommended. A Pentium Class processor or higher. A Pentium 4, 2.6 GHz processor is recommended. An SVGA (or better) video card and monitor. Support for 256 colors, 1024 X 768 resolution. At least 1.5 GB free hard disk space. A mouse or other pointing device. A DVD drive or access to network le server for installation. A local network connection. Internet access (recommended).
Instructor and Students Client Computers

It is strongly recommended that you have a separate computer to install as the instructor Lotus Notes and Lotus Domino Administrator client. If you do not have a separate client computer, you can install the client software on the instructor Domino server, but this is not the optimal conguration. The following requirements assume that you will have a separate client computer for the instructor. 1 GB of RAM or more is recommended. A Pentium Class processor. A video card and color monitor. Support for 1024 x 768 resolution. At least 1.5 GB of free hard disk space. A mouse or other pointing device. A DVD drive or access to network le server for installation. A local network connection. Internet access (recommended). A projection system for the instructor computer screen (instructor only).
Introduction
iii

Introduction
Software
Primary Classroom Server
The following list identies the software requirements for the primary classroom server. Please note that proper licensing for all software is required and is the responsibility of the training organization. Microsoft Windows 2003 Server Standard or Enterprise Edition with Service Pack 2, Microsoft Windows 2003 Server x64 Edition, Microsoft Windows 2008 Standard or Enterprise Edition with Service Pack 2, Microsoft Windows Server 2008 x64 Standard Edition, Microsoft Windows Server 2008 x64 Enterprise Edition. Note: The Domino server should not run IIS nor Active Directory. IBM Lotus Domino 8.5 Server. TCP/IP using either Hosts le or DNS with server and domain names dened in the TCP/IP protocol conguration.
Instructor and Student Client

The following list identies the software requirements for the instructor machine and student machines. Please note that proper licensing for all software is required and is the responsibility of the training organization. Microsoft Windows XP Professional with Service Pack 2. (If you prefer to use Windows Vista, be aware that the course was not developed and tested using that conguration.) IBM Lotus Domino Administrator 8.5. Microsoft Internet Explorer 6 or above, Mozilla Firefox.2.0 or above, or Apple Safari 3.0 or above. TCP/IP using either Hosts le or DNS with server and domain names dened in the TCP/IP protocol conguration. Microsoft PowerPoint Viewer or IBM Lotus Symphony Presentations (instructor only).
iv
Introduction

Introduction
Class Setup
Preparing for an ILO Class Experience
Instead of a traditional classroom instructor-led class, you may be taking this course as an instructor-led online class. If you are participating in an online class experience, you should: Verify that you have the dial-in number for participants.
Instructor preparation information specic to ILO is provided in the Instructor Preparation Appendix.
If necessary, verify that you have the conference reference name or number and password, if required, to the conference. Verify that you have the appropriate support contact information:

Technical support: To help resolve connection issues. Content support: To answer questions about the materials presented in class. Process support: To assist with understanding how an ILO class is carried out and assure that participation is appropriate.
Test your ability to connect to the course with the equipment you plan to use during the course. This will allow you to:

Test connectivity to the providers server. Download any applications or plug-ins required. Become familiar with the online interface.
Note: Some training providers will schedule a separate test session prior to your course to allow you to test connectivity; otherwise, you should plan to do this just prior to the courses start time. Your training center will provide the necessary information and instructions to you prior to your class start date.
IBM Lotus Domino Naming Used in This Course

This course uses the following hierarchical naming scheme. Table 0-1: Domino naming scheme
Naming component Organization certier Domain Instructor server Instructor user account Classroom implementation /WWCorp WWCorp Hub/SVR/WWCorp Doctor Notes/WWCorp
Introduction

Introduction
Course Files
The rst table describes the required course les used in the course or provided as additional tools. Table 0-2: Required course conguration les
Title WWCorps directory /WWCorp certier ID le Hub/SVR/WWCorps ID le Doctor Notes user ID le Doctor Notes mail le Sample databases File name Names.nsf WWCorp.id hub.id Function Used to set up the classroom servers and administrators
dnotes.id dnotes.nsf

ideas.nsf policies.nsf
Lesson 1 show sample databases Lesson 4 demonstrate replication Classroom mail les
Mail les
AWest##.nsf and AEast##.nsf
Domain Routing Mailbox
mail.box
Contains mail for students to view Contains certication log for IDs in this course OU certication IDs
Certication Log
certlog.nsf
Organizational Unit
svr.id, east.id, west.id, sales.id, support.id D8L75.ppt
Classroom diagrams
Used throughout the course to display diagrams used in the classroom
Checklist of Classroom Setup Tasks: New Setup

Complete the tasks in the following table to set up the classroom prior to the start of class. Detailed procedures for each task appear on the following pages.
vi
Introduction

Introduction
Table 0-3: Classroom setup tasks

Task 1 2 3 4 5 6 Procedure Install the Lotus Domino server software. Install the Lotus Domino Administrator client software. Install supplied les on all machines. Edit hosts le on each classroom machine. Set up the classroom server. Set up the instructor and student workstations.
Task 1: Install the Lotus Domino Server Software

Follow these steps to install the Domino server software. Table 0-4: Install the Lotus Domino server software
Step 1 Action Run the Lotus Domino 8.5 server install program, Setup.exe, from a CD or other media. On the Welcome screen, click Next. Read the Lotus Licensing Agreement, and then click I accept the terms in the license agreement to agree with the terms. Click Next. Accept the default location for the installation les. Click Next. Accept the default location for the data les. Click Next. Verify that Domino Enterprise Server is selected, and then click Next. Review the conguration and click Next. Click Finish to complete the installation.
2 3
6 7 8
Introduction
vii

Introduction
Task 2: Install the Lotus Domino Administrator Client Software

Follow these steps to install the Domino Administrator client software on the instructor client machine and each student machine in the classroom. Table 0-5: Install the Lotus Domino Administrator client software
Step 1 Action Run the Lotus Notes 8.5 client install program, Setup.exe, from a CD or other media. On the Welcome screen, click Next. Read the License Agreement. Select I accept the terms in the license agreement, and then click Next. On the Customer Information screen, in the User name eld, type Doctor Notes for the Instructor machine, and Admin East## or Admin West## for the Student machines. In the Organization eld, type Worldwide Corporation and then click Next. Accept the default folders to install Lotus Notes. Click Next. On the features setup screen, select Domino Administrator and IBM Lotus Symphony. IBM Lotus Sametime is selected by default; clear the check box, and then click Next. Verify the information on the installation summary screen, and click Install. Click Finish to complete the installation.
2 3
Task 3: Install Supplied Files on All Machines

Follow these steps to install the \lotus_ed\D8L75 course folder to your server and client machines. Table 0-6: Install supplied les
Step 1 Action To install the course data les from the interactive CD-ROM, put the course CD in the server machine. On the CD-ROM, open the D8L75 folder. Double-click the D8L75dd.exe le.
2 3
viii
Introduction

Introduction Step 4 Action Repeat the above steps on the instructor and student client machines.
The executable will copy the following les to the specied locations, creating the \lotus_ed\ directory and all necessary sub-directories, if required. These les will be present both on the instructor server and instructor client machines. Table 0-7: Supplied course les
Directory \D8L75
Files copied D8L75.ppt
\D8L75Lotus\Domino\ Data
IDs: wwcorp.id hub.id dnotes.id East.id West.id Svr.id Databases: names.nsf policies.nsf certlog.nsf

mail.box ideas.nsf
\D8L75\Lotus\Domino\ Data\Mail
dnotes.nsf awest##.nsf and aeast##.nsf fchester.nsf

mdomingo.nsf mgrassi.nsf tgoodwin.nsf
Introduction
ix

Introduction Directory \D8L75\Notes\Data\IDs

Files copied dnotes.id east.id hub.id svr.id west.id wwcorp.id
Task 4: Edit Hosts File on Each Classroom Machine

Use any text editor to edit the hosts le on each classroom machine to include the IP address and server names as follows. Table 0-8: Edit hosts le on each classroom machine
HubIPaddress Hub/SVR/ WWCorp hub.wwcorp.com www.wwcorp.com
Task 5: Set up the Classroom Server

Follow these steps to set up the classroom server as the rst server in the domain, Hub/SVR/WWCorp. Table 0-9: Set up the instructors server
Step 9: The Mail Router has been disabled so that mail in Mail.box does not get routed prior to Activity 26.
Step 1 2
Action Click StartAll ProgramsLotus ApplicationsLotus Domino Server. If necessary, click Start Domino as a regular application and then click OK. On the Welcome screen, click Next. Verify that Set up the rst server or a stand-alone server is selected, and then click Next.
3 4
Introduction

Introduction Step 5 Action On the Choose your organization name screen: a. Select I want to use an existing certier ID le. b. Click Browse and navigate to the WWCorp.id le, and click Select. c. Click Customize and select I want to use an existing organizational unit certier ID le. d. Click Browse and navigate to the svr.id le, and then click Select. e. Click Next. f. In the Enter Password dialog box, type passw0rd and click OK.
6 7
For the Domino domain name, type WWCorp and click Next. On the Specify an Administrator name and password screen, complete the following: a. Select I want to use an existing Administrator ID le. b. Click Browse and navigate to the DNotes.id le, and then click Select. Click Next. In the Enter Password dialog box, type passw0rd and click OK.
For Internet services, select Web Browsers (HTTP services) and Directory services (LDAP services), and click Next. Review the default enabled port drivers and host name. To change these settings: a. Click Customize. b. Disable all ports except TCP/IP. c. Enter the fully qualied Internet host name for the server: hub.wwcorp.com d. Click OK. Click Next.
10
On the Secure your Domino Server screen, accept the defaults and click Next. Review the information selected during this session. If all information is correct, click Setup. When setup completes, click Finish. Before starting the server, copy the supplied les to their target directories: Lotus\Domino\data: names.nsf, policies.nsf, certlog.nsf, mail.box, ideas.nsf Lotus\Domino\data\mail: DNotes.nsf and all other mail les
11
12 13
Introduction
xi

Introduction Step 14 Action Navigate to notes.ini, and using Notepad or another editor, at the end, type Create_R8.5_Databases=1 Save the le and close it. To start the server from Windows, click StartAll ProgramsLotus ApplicationsLotus Domino Server. Select Start Domino as Window service and Dont ask me again. Then click OK. It may take a few minutes for the server to initialize. Please allow time for this.
15
16
Task 6: Set Up the Instructors Workstation

Follow these steps to set up the instructors workstation. Table 0-10: Set up the instructors workstation
Step 1 2 3 Action Click StartAll ProgramsLotus ApplicationsLotus Notes 8.5. On the Welcome screen, click Next. On the User Information screen, enter: Name: Doctor Notes Domino server: Hub/SVR/WWCorp Select I want to connect to a Domino server and click Next. 4 If the ID is not found in the Domino Directory, the setup program will request the location of the Notes ID le. To locate the Notes ID le: a. Click Browse, select dnotes.id, and then click Open. b. Click Next. c. Click Yes to copy the ID le to the local data directory. d. Enter passw0rd as the password. If the user ID is stored in the Domino Directory, the setup program will automatically copy the ID le to the local data directory. 5 On the Additional Services screen, it is not necessary to select any additional services for this course. Click Next. Click FilePreferences and click Basics Notes Client Conguration.
xii
Introduction

Introduction Step 7 Action In the Additional Options section, select the following options if not already selected, and then click OK. Enable Java applets Enable JavaScript
Use Web palette
From the Preferences list, select Notes Ports, and clear all ports except TCPIP. Click OK to close Preferences. Click OK in the warning dialog box. Changes will take effect once Lotus Notes is restarted. Exit Lotus Notes.
10
Task 7: Set Up the Student Workstations

Follow these steps to set up the student workstations using the Admin East## and Admin West## IDs. Table 0-11: Set up the student workstations
Step 1 2 3 Action Click StartAll ProgramsLotus ApplicationsLotus Notes 8.5. On the Welcome screen, click Next. On the User Information screen, enter: Name: Admin West## or Admin East## where ## is the student number. Domino server: Hub/SVR/WWCorp Select I want to connect to a Domino server, and click Next. 4 If the ID is not found in the Domino Directory, the setup program will request the location of the Notes ID le. To locate the Notes ID le: a. Click Browse, select the appropriate ID, and then click Open. b. Click Yes to copy the ID le to the local data directory. c. Click Next. If the user ID is stored in the Domino Directory, the setup program will automatically copy the ID le to the local data directory. 5 6 Enter passw0rd for the password and click OK. On the Additional Services screen, it is not necessary to select any additional services for this course. Click Next.
Introduction
xiii

Introduction Step 7 8 Action Click FilePreferences and click Basics Notes Client Conguration. In the Additional Options section, select the following options if not already selected, and then click OK. Enable Java applets Enable JavaScript Use Web palette
From the Preferences list, select Notes Ports, and clear all ports except for TCPIP. Click OK to close Preferences. Click OK in the warning dialog box. Changes will take effect once Lotus Notes is restarted. Exit Lotus Notes.
10 11
12
Course Icons
The following table explains the icons used in this course. Table 0-12: Course icons
Icon Description An activity is a student-centered learning process that allows students to learn by performing a task. Activities can be instructor-led or completed independently. Scenario information is used to introduce an activity problem or goal. Scenarios use ctitious people and organizations to present details, problem statements, and parameters that are used to complete the activity or lab exercise. Caution statements are included in the courseware to make students aware of potential negative consequences of an action, setting, or decision, that are not easily known. Tips and notes provide additional information, guidance, or a hint about a topic or task. An Instructor Note is a special comment to the instructor regarding delivery, classroom strategy, classroom tools, exceptions, and other special considerations. The Instructor Note is included in the Instructor Guide only.
xiv
Introduction

Introduction Icon Description Display Slide provides a prompt to the instructor to display a specic slide. The Display Slide icon is included in the Instructor Guide only.
Introduction
xv
Introducing the IBM Lotus Domino 8.5 Environment

Topic A: Examining the IBM Lotus Domino 8.5 Architecture Topic B: Investigating IBM Lotus Domino Applications Topic C: Exploring IBM Lotus Domino Server Functionality
Lesson 1 Introducing the IBM Lotus Domino 8.5 Environment
Introduction
IBM Lotus Notes and IBM Lotus Domino are an integrated messaging and Web application software platform that provides a scalable and secure infrastructure, with the exibility and openness needed for development and deployment of Web applications. As the system administrator, you need to understand the architecture and its key components before you can properly administer the environment. After completing this lesson, you should be able to: Identify the architecture and key components of the Lotus Notes and Lotus Domino environments. Dene IBM Lotus Domino applications. Describe the basic functions and processes of Lotus Domino servers.
Ask students to introduce themselves by answering the following questions: What is your name, company name, and current title? How is Lotus Domino used within your company? What personal goals do you hope to achieve by attending this class? Have you used Lotus Domino or Lotus Notes 8.5? Do you currently administer Lotus Domino?

A
Client and Server Architecture As you present this slide, consider providing an overview of what Lotus Domino is, including: Mail system PKI infrastructure Application server Document store or database Web server
Topic A: Examining the IBM Lotus Domino 8.5 Architecture

IBM Lotus Domino Architecture
Lotus Domino servers work with IBM Lotus Notes (and non-Lotus Notes) clients to form an integrated client and server environment. Its capabilities include mail server enhancements, server-managed deployment, more openness and interoperability, and enhanced performance, management, and security features. The Lotus Notes and Lotus Domino environment provides services to allow an organization to perform tasks to store, communicate, and exchange information. The following gure shows a conceptual diagram of the Lotus Notes and Lotus Domino architecture.
Figure 1-1: Lotus Notes and Lotus Domino architecture
Client and Server Architectural Components

Client and Server Architectural Components
A Lotus Notes and Lotus Domino environment consists of a combination of the following client and server components.

Component Lotus Domino server (Webenabled)
Function A Lotus Domino server is a computer that runs the Lotus Domino server program and stores Lotus Notes applications. A Lotus Domino server runs services that manipulate Lotus Notes data. Depending on what the request is and who the client is, the server can pull information from a variety of sources, including the object store, the OS le system, a relational database, composite applications, or via Web services.
Lotus Notes, Web, and mobile clients
Lotus Notes clients can access Lotus Domino data both on servers and locally, providing portable access to data. Web clients can access Lotus Domino data on the server to display in a browser. The iNotes Web client provides access to mobile clients.
Server Documents
When you register a server, the Server document is created. It contains many of the settings that dene how your server operates. Those settings are accessible through tabs within the Server document.
Demonstrate how a server identies and stores information specic to the machine. Use the information provided in the additional instructor notes.
Lotus Domino Server Types

When installing a Lotus Domino server, there is an option to select one of three server types. Each of the three types is described in the following table.
Server type Lotus Domino Utility Server
Function Provides standard Lotus Domino application services and custom Lotus Domino applications for Lotus Notes and Web clients, as well as support for clusters. Note: This server does not include messaging services. Provides messaging services. Note: This server does not include application services.
See Additional Instructor Notes
Lotus Domino Server Types
Lotus Domino Messaging Server

Lesson 1 Introducing the IBM Lotus Domino 8.5 Environment Server type Lotus Domino Enterprise Server Function Includes the functionality of both the Lotus Domino Utility and Domino Messaging Servers, including support for clusters.
Note: Each server type installed on a system requires a different server license.
Default Location Documents

Default Location Documents
Demonstrate how a client identies a server by showing a Location document. Use the information provided in the additional instructor notes. Optionally, demonstrate the Advanced tabUser ID to switch to the eld to show how an administrator can switch IDs easily.
Locations are a feature that connects you to applications on servers by providing a place to specify information such as the name of your mail server, whether you use a passthru server, or even which Lotus Notes ID to use. When the Lotus Notes client is installed, four Location documents are created by default that contain communication and location-specic settings: Home, Offline, Online, and Travel. During conguration, Lotus Notes populates these Location documents, as well as any necessary Connection or Account documents, based on information you supply. The following clients use these settings, which are accessible through tabs within a Location document: Lotus Notes

Lotus Domino Administrator IBM Lotus Domino Designer
Client Types
Users who have mail les on a Lotus Domino server can use either the Lotus Notes client or an Internet client to access their mail: Lotus Notes clients: Use Lotus Notes protocols to send and access mail on a Lotus Domino server; a Lotus Notes client can also act as an Internet mail client.
Client Types
Internet clients: Access mail les through the Lotus Domino POP3, IMAP, or HTTP servers. POP3 and IMAP clients send mail using SMTP.
The following table describes the purpose of Lotus Notes clients and Internet mail clients.
Client Lotus Clients: Lotus Notes
Purpose
A rich-client interface for working with Lotus Notes applications and Internet data.

Lesson 1 Introducing the IBM Lotus Domino 8.5 Environment Client Lotus Domino Designer Lotus Domino Administrator Purpose An interface for adding functionality to new or existing Lotus Notes applications.
An interface for administering Lotus Domino systems.
Internet Clients: IBM Lotus iNotes Provides Lotus Notes users with browser-based access to Lotus Notes mail and to Lotus Notes calendar and scheduling features. Lotus iNotes includes the following modes: FullProvides a full set of features including mail, calendar, notebook, contacts, and to do list. LiteOptimized for performance in bandwidth-constrained environments, and provides access to Mail and Contacts in a streamlined user interface. UltraliteDesigned for use on a mobile device and is initially supported on the Apple iPhone or iPod touch.
Web
Supports mail, Calendar, and custom Lotus Domino Web application access for Web browsers. Allows mail access to a POP3 compliant server. An example of a POP3 client is Microsoft Outlook. Supports mail access, including the folder structure, to an IMAP enabled server.
POP3
IMAP

Basic vs. Standard client

Built on the same platform as Lotus Notes 7, the Basic client resembles Lotus Notes 7 in its interface and functionality. The Basic client is one of the options of the Standard client installation. With all the applications residing on Domino servers, the Basic client allows you to access new and recognizable service offerings for Calendar, Contacts, and Mail, plus familiar functionality for instant messaging. The existence of the Basic client is useful if you want to run it in the following circumstances: Client computers do not have enough RAM or other hardware resources to run the Standard client at acceptable performance levels.
As an administrator, you do not want to spend the money for additional technical support or to train users on the new Lotus Notes 8.5 user interface yet. You are not upgrading the servers on the back end to Lotus Domino 8.5 yet, so there is little reason to run the Standard client.
Supported by IBM Lotus Expeditor and IBM Lotus Eclipse platforms with Java-enabled, Eclipse, and SWT (Standard Widget Toolkit) capabilities, the J2EE Standard client provides a larger networking environment with increased functionality and innovation opportunities. The Standard client enables you to access applications on both Domino servers and IBM WebSphere Portal servers. With a fully redesigned user interface, the Standard client offers new and improved mail, calendar, contacts, and instant messaging functionality, while introducing you to engaging application and tool integration. The J2EE Standard client is the preferential conguration to support an all-inclusive new features and functionality upgrade from Lotus Notes 7 to Lotus Notes 8.5.
Overview of Lotus Notes 8.5 Features

Overview of Lotus Notes 8.5 Features
Lotus Notes 8.5 provides features to improve the core functionality of Lotus Notes. With the addition of innovative features, Lotus Notes 8.5 presents a dynamic end-user work environment, and represents an important transition in the way people communicate and collaborate. The following table describes some of the features of the Lotus Notes 8.5 environment.
Feature Infrastructure
Description Lotus Notes 8.5 presents a dynamic user work environment, and represents an important transition in the way people communicate and collaborate. It also elevates the team-based, electronic user experience by enriching the online community of collaboration, allowing you to improve efficiency, boost effectiveness, and expedite decision-making processes.

Lesson 1 Introducing the IBM Lotus Domino 8.5 Environment Feature Productivity Description You will be able to complete your day-to-day tasks more efficiently using one comprehensive application that streamlines business processes and enriches the real-time collaboration experience. The ability to share and update project information in a single, simplied view will help you sharpen your focus on the status of projects, and keep associates and participants in sync. Threaded e-mails enable you to see all messages for a specic topic grouped and arranged together at the view level. You can also alternate between vertical and horizontal preview displays within your inbox. A rich text mail signature stored in your mail le can be used on any computer with Lotus Notes. You can manage your time and meeting invitations by viewing your calendar in a sidebar while completing other tasks. You can also customize daily and weekly calendar views within Lotus Notes 8.5. Activities, another Lotus Notes users calendar, or a Lotus Notes applications calendar can also be added to the Calendar view. The Personal Address Book (PAB) is now referred to as Contacts in Lotus Notes 8.5. You can initiate instant messaging and e-mail correspondence from the Contacts view. You can nd information quickly by referring to business-card-like views with embedded photographs. You can also forward contacts as vCards. In Lotus Notes 8.5, Lotus Notes databases are now referred to as applications. You can connect to different applications and combine components from multiple systems on screen. Using the Lotus Symphony applications, you can create, edit, and collaborate on documents, spreadsheets, and presentation les.
E-mail
Calendar
Contacts
Components
IBM Lotus Symphony

B
The Object Store Components of Lotus Domino Applications Open the instructor mail le (DNotes.nsf) and use the interface to describe the components in the accompanying table.
Topic B: Investigating IBM Lotus Domino Applications

The Object Store
The Object Store, also known as the NSF (Notes Storage Facility), is the basic building block for the Notes architecture. The Object Store is where all IBM Lotus Notes data resides in the form of an NSF application. The Object Store is unique in that it can hold any type of data including applications, mail, directory, graphic, video, and sound les. An application is a solution to a particular business problem that may contain one or more databases and other components, such as JavaScripts.
Components of Lotus Domino Applications

The following table briey describes some of the elements contained in a Lotus Domino application.
Lotus Domino application element Documents (or data notes) Application Design (design notes) ACL entries
Description Contain data such as text, graphics, and various le attachments. Forms, views, agents, etc.
Security entries to control access to the contents of the Domino application. Information about the database itself. For example, the database title, replication history, etc.
Database header
Application extensions
Some applications have extensions other than NSF. The following table describes these applications.
Application extension NDK NTF
Description Application that contains the user desktop settings. Application template used to create specic types of databases, such as mail databases.

Database extensions for other releases

The following table describes the database extensions that you might encounter if you are upgrading from a previous release.
Database extension DSK
Description Release 5 database that contains the users desktop settings. This extension is the same as NDK in Release 6 and higher. Database that retains Release 7 format. Database that retains Release 6 format. Database that retains Release 5 format. Database that retains Release 4 format.
ND7 ND6 NS5 NS4
Note: To retain the database format from a previous release, save the database with the appropriate extension (NS4, NS5, or NS6) prior to compacting the database on a Lotus Domino 8.5 server. Otherwise, compacting will upgrade the database to the Lotus Domino 8.5 format, only if Create_ R85_Databases=1 is set in Notes.ini.
Database Types and Applications

Database Types and Applications
Databases are used for a broad range of applications and solutions, as listed in the following table.
Type
Ask students for database examples from their implementations. Open some common database types, for example: an e-mail le, a discussion (policies. nsf), or a catalog (ideas. nsf).
Can be used for E-mail: Functional out of the box. Each user has a personal e-mail database. Group Calendar Management: Functional out of the box. Includes group scheduling functions and group calendars. Instant messaging: Lotus Sametime software integrated with Lotus Notes provides voice, video, and telephony services. Voice Integration: With independent vendor Lotus Domino-based voice services. Policies and Procedures: Part of a larger Human Resources package that may have been acquired from an independent developer. Product Catalog: Updated by selected personnel. Readable by all others.
E-mail/PIM (personal information management)
Broadcast/ Reference
10

Lesson 1 Introducing the IBM Lotus Domino 8.5 Environment Type Discussion Tracking/Workow Can be used for Product Ideas: Forum for employee ideas. Customer Service: Customer service personnel create documents and update from time to time or add responses as they track problems to resolution. Product Design: Employee creates idea documents. Product manager approves product idea. Research and Development (R&D) manager reviews idea. Expense Reporting: Reporter creates expense report. Approver approves. Bookkeeper carries out. Users track progress of their expense reports in a tracking database. Order Processing: Part of a Company Catalog application. Customers or salespeople place orders, and then track the progress of their fulllment. Project Team Collaboration: Development team prepares meeting, discussion, and action-item documents. Team members review, revise, and archive documents. Document Collaboration: Team using Microsoft Office creates, updates, and reviews documents.
TeamRoom
Microsoft Office Library
Composite Applications
Composite Applications
A composite application is a collection of two or more distinct applications that address a business need for a specic group of users and can be accessed from one screen. Composite applications consist of different elements that allow users to implement related tasks without having to launch new windows or applications. The various parts of a composite application can interact with one another and exchange information. When views are updated or edited in one application, the corresponding views and information in the other applications are updated to reect the modications. There are two types of composite applications that are featured in Lotus Domino and Lotus Notes 8.5: A Lotus Notes composite application, which is stored on a Domino server and listed in a Domino Application catalog.
A portal composite application, which is stored on an IBM WebSphere Portal server and is listed in the WebSphere Portal catalog. Users can access this type of composite application using the Lotus Notes client or a Web browser.
For example, the IBM Lotus Notes 8.5 inbox is a fully functional composite application that integrates two or more elements into one user interface.
11

Required Server Applications

Required Server Applications
In addition to user application databases, there are several databases that support the conguration and proper functioning of the Lotus Domino environment.
Note: Required server database names are the same as in the previous release of Lotus Domino.
More information about the Lotus Domino Directory and the Administration Process is included later in the lesson.
The following table lists some of the crucial les stored on each server.
Database title Lotus Domino Directory
File name (NSF) Names
Function Directory of information about users, servers, groups, and custom entries. The documents contain detailed information about each user and server. The Directory is also a tool to manage the Lotus Domino system. For example, administrators create documents in the Lotus Domino Directory to connect servers for replication or mail routing, or to schedule server tasks, and other Lotus Domino settings and congurations. Tracks and records requests and processes to support automating administration tasks.
Administration Requests Certication Log Monitoring Conguration Lotus Domino server log le Monitoring Results Mail Router mailbox
Admin4
CertLog
Maintains records of certied Lotus Domino IDs.
Events4
Stores conguration records for statistics reporting and monitoring tools, and stores a listing of server messages. Stores information about performance, statistics, and activities on the Domino server.
Log
StatRep
Records information about the activity on one or more Domino servers. Stores mail from a user that is in route to another user.
Mail.box
12

The Lotus Domino Directory

The Domino Directory
The Lotus Domino Directory (Names.nsf) is the most important database in a Lotus Domino environment. The directory stores the information that allows Lotus Domino servers and clients to function properly. The Lotus Domino Directory is created during the rst server conguration and is stored on each new server in the environment.
Note: The Lotus Domino Directory was referenced differently in earlier releases. Administrators with experience using these earlier releases of Lotus Notes and Lotus Domino may use other terminology, including: Public Address Book (PAB) and Notes Address Book (NAB).
Show the students the Lotus Domino Directory database by demonstrating the following: 1. From the Lotus Notes client, open WWCorps directory on the server. 2. Show the views and types of documents listed in the table.
The following table outlines information stored in the directory.
Information Who are the users? What are the Lotus Domino servers? How do servers connect to each other and exchange information? What user groups are available for mail distribution lists and access lists? How do servers perform special functions?
Stored in documents Person Server Connection
Group
Conguration
Lotus Domino Domains

Lotus Domino Domains
Lotus Domino uses specic structures and terms to dene the organization of the Lotus Domino environment. A domain is a collection of servers and users that share a single Lotus Domino Directory. The primary purpose for a domain is mail routing. The domain name is typically the company name.
Single vs. Multiple Domains

Although it is possible to have several domains within an organization, most companies will dene themselves as a single domain because single domains simplify the process of addressing mail, optimize mail routing, and are easier to maintain than multiple domains.
Note: Lotus Domino domain names should not have a period (.) in the name.
13
Topic C: Exploring IBM Lotus Domino Server Functionality

C
Categories of Lotus Domino Services Tell students that Security, Messaging, and Replication services are discussed in detail in subsequent lessons.

Categories of Lotus Domino Services
IBM Lotus Domino services maintain, manage, update, and distribute IBM Lotus Notes data. The general Lotus Domino service categories are outlined in the following table.
Service Application
Description Provides the tools to create applications: The Lotus Domino Designer, a special client license that provides a design environment for building customized applications including Web applications. Lotus Notes templates, models for creating applications quickly and easily. The formula language, a scripting language developed for Lotus Notes. IBM LotusScript language, as well as support for Java , JavaScript, C++, and CORBA.
Connection
Enables the use of Lotus Domino with existing relational data sources. Provides the foundation for Lotus Domino: The application engine that runs all the scripts and puts together the completed dynamic page. Core services, such as directory, messaging, security, and replication that are the main server components of Lotus Domino. Protocols that describe how to communicate with the server.
Infrastructure
Core Lotus Domino Services

Core Lotus Domino Services
The core Lotus Domino services form the basis of a Lotus Domino infrastructure. Core Domino services include the services described in the following table.
14

Core Lotus Domino service Directory
Description A mechanism by which users and servers are categorized in a Lotus Domino environment. Tools and services that control access to servers and applications, including the authentication of users. Services, databases, and monitoring tools that support both Lotus Notes and Internet mail. A process of periodically updating replica databases on all servers regardless of location. Tools, services, and databases that support server maintenance and monitoring.
Security
Messaging
Replication
Maintenance
Server Tasks
Server Tasks
While reviewing the accompanying table, show the tasks currently running on the server. From Domino Administrator, click the Server tabStatus tabServer Tasks view. Point out that a task listed as Idle is still loaded, but not currently running.
The core services are provided using a number of Lotus Domino server tasks in conjunction with the key Lotus Domino server databases. A server task is a program provided with the Lotus Domino server that runs when loaded and activated. Server tasks serve various purposes. Some perform specic tasks, such as mail routing. Others run in the background to perform complex administration procedures, such as compacting databases and updating indexes. The following table lists some of the key server tasks and their default load times.
Task name Administration Process (Admin Process) Agent Manager
Description Automates a variety of administrative tasks. Manages and runs agents on a server. An agent performs a series of automated tasks according to a set schedule or at the request of a user. Compacts all databases on the server to reclaim space freed by the deletion of documents and attachments.
Runs On server startup
On server startup
Database Compactor
Based on a schedule
15

Lesson 1 Introducing the IBM Lotus Domino 8.5 Environment Task name Designer Description Updates all databases to reect changes to templates. Monitors the server for selected events dened by the administrators. Enables a Lotus Domino server to act as a Web server so browser clients can access databases on the server. Replicates databases with other servers. Routes mail to other servers. Records database activity in the log le. Runs Based on a schedule
Event Monitor
As needed
HTTP Server
On server startup (if enabled)
Replicator
On server startup (if enabled) On server startup (for mail servers) As needed
Router
Statistics (Stats)
Lotus Domino Advanced Services

Lotus Domino Advanced Services
A Lotus Notes and Lotus Domino environment can support many other applications and functionality by taking advantage of additional supplied services and expanded resources. Some of the additional services and products available for a Lotus Domino implementation are listed in the following table.
Category Additional Lotus Domino services
Examples Internet protocol support: LDAP - directories POP3 - mail clients IMAP - mail clients Clustering Partitions Lotus Domino Enterprise Connection Services (DECS) Lotus Domino Internet Inter-ORB Protocol (DIIOP)
16

Lesson 1 Introducing the IBM Lotus Domino 8.5 Environment Category Lotus Domino software extensions
Examples Lotus Domino Everyplace Domino Off-line Services (DOLS) Domino Universal Connection Services (DUCS) IBM Tivoli Analyzer for Lotus Domino
Complementary products
IBM IBM IBM IBM IBM
Lotus Lotus Lotus Lotus Lotus
Sametime Quickr Connections Quickplace Discovery Server
Note: Additional Lotus Domino services and products are covered in more detail later in this course.
17

Lesson Summary
In this lesson, you described the structural components of the IBM Lotus Domino 8.5 environment. As the system administrator, understanding the architecture and its key components can help you properly administer the Lotus Domino 8.5 environment.
18
Performing Basic Administration Tasks

Topic A: Starting IBM Lotus Domino Administrator Topic B: Using Online Help Topic C: Navigating in IBM Lotus Domino Administrator Topic D: Setting Administration Preferences Topic E: Introducing Policies
Lesson 2 Performing Basic Administration Tasks
Introduction
By performing basic administrative tasks in IBM Lotus Domino Administrator, you should gain the hands-on experience you need to accomplish these tasks on the job in your own Lotus Domino environment. After completing this lesson, you should be able to: Identify the elements of the Lotus Domino Administrator interface. Use online help. Navigate in Lotus Domino Administration and perform basic Lotus Domino Administrator tasks. Set administration preferences in Lotus Domino Administrator. Describe policies.
20

A
Lotus Domino Administration Show the administration groups and roles used to control administrative access, including: People & Groups Groups LocalDomainAdmins. Server document Security tab. Domino Directory ACL, including roles. Web Administrator roles (ACL on WebAdmin.nsf). These controls will be discussed in more detail in another lesson.
Topic A: Starting IBM Lotus Domino Administrator

Lotus Domino Administration
Each IBM Lotus Domino implementation requires one or more people performing administrative tasks. Administrators are often organized into groups to facilitate controlled management of the IBM Lotus Notes and Lotus Domino environment. An administrators access to perform administrative tasks is set using a number of security methods to allow or disallow different levels of administration, such as: Access servers

Administer one or more servers Add/modify users, servers, and certiers Add/modify server conguration information
Lotus Domino Administration Tools

Lotus Notes and Lotus Domino 8.5 include a set of tools to administer the environment. This combination of tools allows administrators exibility in managing their environment. The following table lists these tools.
Tool Lotus Domino Administrator
Description Allows administrators to make changes to the Lotus Domino environment, such as: Modify server settings. Set up server connections. Add new users, servers, and groups to the Lotus Domino environment. Monitor server activity.
Lotus Domino Administration Tools
Show examples of each of the following tools: Lotus Domino Administrator Web Administrator Server Console
Lotus Domino Web Administrator
Provides administrators with the majority of features available through the Lotus Domino Administrator using a Web browser.
21

Lesson 2 Performing Basic Administration Tasks Tool Lotus Domino Console Description Provides a server console on any platform that supports Java, allowing an administrator to: Enter text-based server commands. Remotely start and stop the server.
The Lotus Domino Administrator is the main tool for performing administrative tasks in a Lotus Domino environment. The client is included with the server software and can be installed on any supported operating system.
The Lotus Domino Administrator Interface

The Lotus Domino Administrator Interface (2 slides)
The Lotus Domino Administrator interface is separated into panes to help administrators manage different resources. When you click one pane, the information in the other panes is dynamically updated. The following table lists and describes some of the components of the Lotus Domino Administrator interface.
Please visit http://www10.lotus.com/ldd/ dominowiki. nsf?OpenDatabase to locate videos and other informational items you can use to enhance the presentation of current concepts to the class, such as a guided tour of the Lotus Notes/Lotus Domino environment.
Component Action bar
Description Contains buttons to act on documents displayed in the view. Contains icons to display a list of servers in the domains you administer and icons to start the Notes client and Domino Designer client, if installed. Displays a list of servers in a domain. Displays the servers in the domain, grouped in different views. Contain general administration tasks. Provides a logical grouping of administration tasks organized by tabs. Displays the results of the current task. Provides additional functions associated with the selected tab.
Bookmark bar
Bookmarks window Server pane
Tabs Task pane
Results pane Tools pane
22

The following gure displays an example of the Lotus Domino Administrator interface and its components.
Figure 2-1: The Lotus Domino Administrator interface

Note: You can also use the Administration menu to navigate among the Lotus Domino Administrator tabs.
23

Activity 2-1: Introducing IBM Lotus Domino Administrator

Provide students with the password for each user ID. If you are using the provided classroom setup les, the password is passw0rd. Show students how to open Lotus Domino Administrator directly from the Lotus Applications program group. Open the Release Notes databasePlatforms and system requirements document to view a list of supported client platforms. Show students how to close the Welcome screen. Provide an overview of Lotus Domino Administrator by pointing out each of the panes shown in Figure 2-1, and by using the accompanying table. Show students the contents of each of the Favorites and Domain windows and each of the sections in the Domain window. Step 8: After the students select the server, review the questions and answers.
Scenario All Worldwide Corporation administrators will use the Lotus Domino Administrator client. As an administrator, you should be familiar with the Lotus Domino Administrator environment. Follow these steps to start Lotus Domino Administrator and select the Hub/ SVR/WWCorp server to administer.
Step 1. 2. Action Click StartAll ProgramsLotus ApplicationsLotus Notes 8.5. Log in with the user name assigned to you and the password passw0rd From the Lotus Notes client, click Open and then click Domino Administrator.
Note: Lotus Domino Administrator is accessible directly from the Lotus Applications program group. From Windows, click Start All ProgramsLotus ApplicationsLotus Domino Administrator 8.5.
3. 4. 5. 6. 7. 8.
Select the Dont show this again check box in the upper-right corner of the page and close the Welcome page. In the IBM Domino Administrator, click the Favorites icon. Click the Domain servers icon to display the Bookmark window for the WWCorp domain. Click the Pin icon to anchor the Bookmark window. Expand the All Servers section, and select the instructors server: Hub/ SVR/WWCorp. How do you know which server is currently active? The currently selected server name is listed under the tabs.
9.
What is the Lotus domain name for Worldwide Corporation? WWCorp.
24

Lesson 2 Performing Basic Administration Tasks Step 10. Action How do you display all of the servers in the domain? Domain bookmark displays the servers in the domain.
Note: When administering servers, perform all administration tasks from an Administration client (Lotus Domino Administrator installed on a client machine) to prevent security breaches. Always verify the server name before performing administrative tasks.
25
Topic B: Using Online Help

B
Online Help Resources
Topic B: Using Online Help

Online Help Resources
Online help is available at every stage of IBM Lotus Domino Administrator. There are many resources for information on the Lotus Domino system administration and the Administrator client. Additional resources are listed in the following table.
Location Online
Resources Lotus Domino Administrator 8.5 Help database Release notes
Internet
http://www-01.ibm.com/software/lotus/ - Support, news, and product information http://www.ibm.com/developerworks/lotus - Documentation, software downloads, and developer resources http://publib-b.boulder.ibm.com/redbooks.nsf/portals/Lotus IBM Redbooks
26

Activity 2-2: Dene IBM Lotus Domino Terms

Review the denitions that students found to introduce the terms. Tell students these terms will be referred to in this lesson and described in detail in later lessons.
Scenario All Worldwide Corporation administrators will use Help. As an administrator, you should be familiar with Lotus Domino terms. This activity introduces you to online Help and allows you to make your rst connection to some of the terminology you will be learning during the course. Follow these steps to use the Help glossary or the Search for feature to dene basic Lotus Domino concepts and terms.
Step 1. 2. 3. Action From the Lotus Domino Administrator main menu, click HelpHelp Topics. Using the Search option, locate the answers to the following questions. Search for the article titled Domino domains. What is a domain? A Lotus Domino domain is a collection of servers and users that share common Lotus Domino directory information. 4. Search for the article titled Hierarchical naming for servers and users. What is hierarchical naming? A system of naming associated with Lotus Notes IDs that reects the relationship of names to the certiers in an organization. Hierarchical naming helps distinguish users with the same common name for added security and allows for decentralized management of certication. The format of a hierarchical name is: common name/organizational unit/ organization/country codefor example, Pam Tort/Fargo/Acme/ CA. 5. Search for the article titled How replication works. What is replication? The process of exchanging modications between replicas. Through replication, Lotus Notes makes all of the replicas essentially identical over time. 6. Search for the article titled User registration. What is a user ID? A le assigned to every user and server that uniquely identies them to Lotus Notes and Lotus Domino. It is similar in function to accessing a banks computer using an ATM card. 7. Close Help.
27
Topic C: Navigating in IBM Lotus Domino Administrator

C
Lotus Domino Administrator Tabs

Lotus Domino Administrator Tabs
General administration tasks are organized by tabs as described in the following table.
Tab People & Groups
Contents People-related IBM Lotus Domino Directory items: person documents, groups, mail-in databases, policies, settings, and certicates. File interaction includes databases, templates, database links, and all other les in the servers data directory. Current server activity and tasks. This tab has ve subtabs: Status Analysis Monitoring Statistics Performance
Files
Server
Messaging
Mail-related information. This tab has two sub-tabs: Mail Tracking Center
Replication Conguration
Replication schedule, topology, and events. All documents used to congure the server, such as: Server documents Conguration Settings documents Messaging and Replication connections Web Conguration documents Directory Conguration documents Monitoring Conguration documents
28

The Person Document

The Person Document
A Person document describes an IBM Lotus Notes or non-Lotus Notes user in the Lotus Domino Directory. A Person document is created when you register a user via the user registration interface in Lotus Domino Administrator or when you use the Add Person action on the People & Groups tab in Lotus Domino Administrator.
Note: When you delete a user name, the associated Person document is also deleted.
Provide an overview of the People & Group tab. During the overview, point out the screen areas as referenced and explain a Person document and a group.
Groups
A group is a list of users and/or servers that have something in common. Each group must have an owner, who is usually an administrator or an application manager. Groups can be used to: Provide a group of users access to an application.

Groups
Deny a group of users access to a server or application. Send mail to a distribution list.
Tasks on the People & Groups Tab

From the People & Groups tab, administrators can add, modify, and view:
Demonstrate the features and options available on the People & Groups tab, such as locating and viewing a Person document and the options available on the Tools menu.
Users in the domain. Groups dened in the domain. Documents dening mail-in databases and resources for scheduling. Policies and settings documents used to streamline workstation setup. Certicates used for authentication. ID vaults.
29

Tasks on the Files Tab

From the Files tab, administrators can:
Demonstrate the features and options available on the Files tab, while reviewing the following concepts: What is an application? The Lotus Domino Directory is a Lotus Domino application. Database tools. How to manage multiple databases simultaneously. Database templates.
View le information. View disk space information. Add, modify, and delete folder and database links. Perform database management tasks.
Tasks on the Server Tab

From the Server tab, administrators can:

Issue commands to the Lotus Domino server. View server information to analyze and troubleshoot server performance. Monitor server tasks and statistics throughout the domain.
Demonstrate the features and options available on the Server tab, such as monitoring server tasks.
Tasks on the Messaging Tab

From the Messaging tab, administrators can:

Monitor mail routing and issue commands to control mail routing. View mail routing topology maps. Track messages and generate reports on messages sent by users.
Demonstrate the features and options available on the Messaging tab, such as monitoring mail routing or tracking messages and generating reports.
Lotus Domino Replication

A process called Lotus Domino replication keeps the replica copies of the Lotus Domino Directory and other Lotus Domino applications synchronized throughout the domain. Lotus Domino replication is the process of exchanging modications between two database replicas so that the same database may be updated and shared by many users in different locations accessing different servers.
Lotus Domino Replication
Briey describe Lotus Domino replication. This should not be an indepth discussion. Defer questions regarding replication and domains, as they will be covered later.
30

Tasks on the Replication Tab

From the Replication tab, administrators can:
Demonstrate the features and options available on the Replication tab, such as viewing the replication schedule and replication events.
View the replication schedule for a server. View Replication Events that have previously occurred. View Replication Topology maps.
Tasks on the Conguration Tab

From the Conguration tab, administrators can change the following settings: Server

Demonstrate the features and options available on the Conguration tab, such as the All Server Documents view, a Congurations Settings document to distinguish Server document settings, and a Connection document.
Messaging Replication Directory Web server Monitoring Conguration Cluster Offline Services Certicates Miscellaneous
Give examples of other domains: Other Lotus Domino domains within the organization. Another companys Lotus Domino domain. A non-Domino mail system or gateway. For example, Foreign SMTP or X.400 mail system.
Some items to remember when working on the Conguration tab include: Each server in the domain has a Server document that contains information about the server. Lotus Domino uses this information during server startup and for security.
Some server settings are stored in the Server document; others are stored in Conguration Settings documents. Lotus Domino uses this information during server startup. Information about how servers should establish connections is stored in Connection documents. Lotus Domino uses this information in determining how to connect to another server for replication and mail routing. Information about other domain connections is stored in Lotus Domain documents. Lotus Domino uses this information for replication and mail routing.
31

Practice Activity 2-3: Record Current Settings

Facilitate the discussion of these questions. After students complete the activity, review the results and tie the answers to the upcoming topics.
Scenario As an administrator, you should be familiar with recording current settings from the Lotus Domino Administrator client. From your Lotus Domino Administrator client, nd and record the following information.
1.
What is your Short name? Depends on user account, and can be located on the Person document.
2.
Where is your mail le located? On the Instructor (Hub) server.
3.
What client platform are you using? Depends on classroom equipment; appears on Administration tab.
4.
How many groups are in the directory? Depends on classroom conguration.
5.
Of how many groups are you a member? (Hint: Use either the Manage Groups tool or an action button.) Depends on classroom conguration. Show the Find Group Member action button in the listing pane.
6.
What is the total number of mail users on the classroom server? Depends on classroom setup.
7.
What is the instructors server title? Hub/SVR/WWCorp.
32

Lesson 2 Performing Basic Administration Tasks 8. What routing task does the instructors server perform? Mail.
9.
What is the instructor servers operating system? Depends on classroom equipment.
33
Topic D: Setting Administration Preferences

D
Administration Preferences
Topic D: Setting Administration Preferences

Administration Preferences
Administration preferences allow customizing of the IBM Lotus Domino Administrator work environment. These preferences include the following choices: The domains to administer.

The type and order of le information displayed. The way in which Lotus Domino collects and displays server monitoring data. The defaults to use when registering users, servers, and certiers.
34

Activity 2-4: Set Administration Preferences

Step 1: Students will perform this at their own pace. Verify that their preferences are correctly set before continuing to the next lesson.
Scenario As an administrator, you should be familiar with setting administrative preferences in Lotus Domino Administrator. Follow these steps to set the default settings for administering servers from Lotus Domino Administrator.
Step 1. 2. 3. 4. 5. 6. 7. 8. Action Click FilePreferencesAdministration Preferences. For Basics, verify that the WWCorp domain is selected, and click Edit. Verify that the Domino Directory server is Hub/SVR/WWCorp. Verify that Do not change location is selected and click OK. Click Monitoring, and verify that Monitor servers From this computer is selected. In the Poll servers every x minutes eld, type 5 Select Automatically monitor servers at startup. Click OK to close the Administration Preferences dialog box.
35
Topic E: Introducing Policies

E
Policies Policy Documents
Topic E: Introducing Policies

Policies
A policy is the Policy document and its associated Settings documents. Policies can control many user and administrative functions. An administrator can enforce IBM Lotus Notes and IBM Lotus Domino policies of various types and apply them to various groupings of users. Policies can apply to various sets of users. They can apply to an entire organization, an organizational unit (OU), a group of users, or even one user. Multiple policies can apply to the same user and these can contain a contradictory value for the same setting. A precedence system determines which setting a user gets.
Policy Documents
Each Policy document contains pointers to selected Settings documents. This combination of the Policy document and its Settings documents constitutes one policy. You create Policy documents in the Lotus Domino Directory to distribute standard settings and congurations across groups, departments, or entire organizations.
Settings Documents
Policies contain one of more of the following Settings documents:
Settings Documents
Registration Mail Desktop Archiving Security Activities Productivity Tools Setup
36

Lesson Summary
In this lesson, you performed basic administrative tasks in IBM Lotus Domino Administrator. Gaining the hands-on experience needed to accomplish tasks on the job will enable you to administer and support the Lotus Domino environment.
37
Examining IBM Lotus Notes and IBM Lotus Domino Security

Topic A: Identifying IBM Lotus Domino Security Components Topic B: Designing a Hierarchical Naming Scheme Topic C: Authenticating with IBM Lotus Domino Servers Topic D: Controlling Access to Resources Topic E: Determining Database Access Levels Topic F: Determining Workstation Security Levels
Lesson 3 Examining IBM Lotus Notes and IBM Lotus Domino Security
Introduction
Security mechanisms must be in place to ensure proper access to Domino servers and server components. By dening IBM Lotus Notes and IBM Lotus Domino security, you should be able to effectively control access to a Lotus Notes and Lotus Domino environment. After completing this lesson, you should be able to: Identify components of the Lotus Domino security implementation. Design a hierarchical naming scheme. Locate and view certiers. Determine how Lotus Domino security mechanisms control server access levels and access to other resources. Determine database access levels. Determine workstation security levels.
40

A
Organizations
Topic A: Identifying IBM Lotus Domino Security Components

IBM Lotus Domino Terminology
The IBM Lotus Domino architecture and security model relies on various structures and requirements. It is helpful to be familiar with the Lotus Domino vocabulary to properly support an implementation.
Organizations
A Lotus Domino organization denes the naming hierarchy for a Lotus Domino environment, which is used for security. The organization name can be the same as the domain name, or another name, such as a shortened version of the company name.
Note: Most companies will set up one organization and one domain. However, a company may create multiple organizations to separate different departments or divisions for security or administration purposes.
Figure 3-1: Example of an organizational hierarchy
41

Organizational Units
Organizational Units
An organizational unit (OU) generally denes an organizations hierarchy as it relates to people. OUs are the next level down from the organization and usually represent geographical or departmental names.The following gure shows an example of an organizational unit.
Figure 3-2: Example of an organizational unit
Organization Certiers
Organization Certiers
The Lotus Domino organization certier is a special le created at the time the rst Lotus Domino server is set up in the company. It is the top of the hierarchy and is used to certify the resources in the entire infrastructure. Administrators can use the organization certier to register other certiers which, in turn, can be used to register users, servers, or other certiers.
The WWCorp organizational certier

The /WWCorp organizational unit certier stamps:

User: Doctor Notes Server: Hub Other certiers to be discussed later in the lesson.
42

Practice Activity 3-1: Review Lotus Domino Terminology

If class time is short, students can do this activity on their own outside of class. Suggest students use the available Help les to complete the activity.
Scenario As an administrator, you should be familiar with Lotus Domino denitions and terms. The following terms and denitions are important Lotus Domino security concepts. Write the correct term or denition.
1.
Dene the term hierarchical naming. System of naming associated with Lotus Notes IDs that reects the relationship of names and certiers in an organization. Distinguishes users with the same common name.
2.
What term is dened as a collection of servers and users that share a single Lotus Domino Directory? Domain.
3.
Dene the term organization. An entity that authorizes users and servers to authenticate with one another. The primary purpose is security.
4.
Dene the term organizational unit (OU). Typically, a department or location within the organization.
5.
What term is dened as a central application in the Lotus Domino domain, which contains information about users and servers, and exists on every server in the domain? Lotus Domino Directory.
6.
Dene the term access control list (ACL). A list of application users (individual users, Lotus Domino servers, and groups of users and/or servers) created and updated by a database manager.
43

Lesson 3 Examining IBM Lotus Notes and IBM Lotus Domino Security 7. What term is dened as uniquely identifying the users and servers to Lotus Notes and Lotus Domino and is assigned to every user and server? It also contains an electronic stamp created by a certier. IDs (user, server, certier).
44

B
Hierarchical Naming Components of a Hierarchical Name
Topic B: Designing a Hierarchical Naming Scheme

Hierarchical Naming
IBM Lotus Domino uses hierarchical naming, based on X.500 standards, to guarantee unique user and server names across a large network. It is necessary to uniquely identify users for security and mail purposes because Lotus Domino does not use a security identier similar to the one used in Windows. Hierarchical naming associates names with the certiers in an organization. It also enables the delegation of administrative tasks among a group of administrators.
Components of a Hierarchical Name

The format of a hierarchical name is CN/OU4/OU3/OU2/OU1/O/C (for example, Sarah Forbes/Toronto/Acme/CA). The following table describes the components of a hierarchical name.
Component Common Name (CN)
Description The persons full given (rst) and family (last) names, or the server name Typically, a department or location name Typically, a company name ISO standard two-letter abbreviation for the country and top-level location
Characters 80 maximum
Required Yes
Organizational Unit Name (OU) Organization Name (O) Country (C)
Up to 32 per OU 3 to 64
No
Yes
0 or 2
No
Note: Since the country code is part of the fully distinguished name, each certier that uses a country code is a different certier, even though the organization name is the same.
45

For example, if Worldwide Corporation decides to use country codes, there could be three organization certier IDs as follows: /WWCorp/US

/WWCorp/CA /WWCorp/FR
Recommendations for spaces in hierarchical names

When creating hierarchical names, do not include spaces in any of the following components: A servers common name

Organization name Organization unit name
Hierarchical Naming Example

Hierarchical Naming Example
Two users with the same name, Marcus Frank, work for Worldwide Corporation. One works for the Sales organization in the East regional office. The other is a member of the Human Resources department in the West regional office. The following gure shows how the two people with the same name are distinguished using hierarchical naming.
Describe hierarchical naming as it relates to Worldwides organizations.
Figure 3-3: An example of hierarchical naming If the user happens to be in the same organizational hierarchy, a middle initial or an organizational unit unique to the user can be used.
46

Practice Activity 3-2: Determine Hierarchical Names

Using Figure 3-3, ask students the full hierarchical names for the servers and users that appear in the diagram. Facilitate the discussion of these questions.
Scenario As an administrator, you should be able to determine hierarchical names using the hierarchical naming example. To do this, refer to Figure 3-3 as you answer the following questions.
1.
What is the full hierarchical name for Marcus Frank in HR? Marcus Frank/HR/West/WWCorp.
2.
What is the full hierarchical name for Marcus Frank in Sales? Marcus Frank/Sales/East/WWCorp.
3.
What is the full hierarchical name for Pedro Lopes? Pedro Lopes/Mktg/East/WWCorp.
4.
What is the full hierarchical name for Hub? Hub/SVR/WWCorp.
5.
What is the full hierarchical name for East01? East01/SVR/WWCorp.
6.
What is the full hierarchical name for Gwen Carter? Gwen Carter/Services/East/WWCorp.
Organizational Unit Naming Recommendations

Organizational Unit Naming Recommendations
A hierarchical name can comprise up to four organizational units (OUs). The recommendation is to use the minimum required for unique naming.
47

Consider the options in the following table for creating organizational unit certiers when designing the hierarchical naming scheme.
Criteria Location
Description Each locale has a separate OU for local administration of servers and users. Use this as an alternative to using the country code name component. The site or country abbreviation easily identies the geographic location of the server or user. Each department has a separate OU, which keeps the Lotus Domino naming scheme directly in sync with the corporate organizational chart. Most often used to distinguish two users with the same name who work in the same department.
Department
Work groups
Note: Typically, a company would use the OU1 to indicate the users location, then use the OU2 for the department. Workgroups are typically used only to distinguish two users from the same region that are in the same department. Department or workgroup OUs are not recommended if users move between departments frequently.
When determining these names, use the following guidelines:

Use short descriptive names. Do not include spaces. Create a separate OU for servers for administrative control. Use three or fewer levels of OUs in the hierarchical naming scheme.
Separate Server OUs

The following table describes the benets of creating a separate server OU.
Separate Server OUs
Benet Crosscertication
Description If two organizations wanted servers to be cross-certied, but did not want users to be cross-certied, then having each organizations servers in a separate OU would allow the creation of a server OU to server OU cross certicate. Since the cross certicate would be server OU to server OU, no end user from either organization would be allowed to directly access servers in the other organization. However, the servers would be allowed to authenticate and replicate.
48

Lesson 3 Examining IBM Lotus Notes and IBM Lotus Domino Security Benet Administration control Description If the organization decided to use a unique OU for server registration, and that OU is tightly controlled by an upper level administrator, the likelihood of having a renegade or unauthorized server show up is reduced. Any server registered with a different OU will be readily apparent to administrators through various views of Lotus Domino Administrator.
Server Naming Recommendations

The servers common name should:
Server Naming Recommendations
Be a short, descriptive name. Contain an abbreviation for the region where it resides. Not contain any spaces. Be easily expandable. Be easily recognizable for the tasks the server performs.
For example: Hub servers in the East might be named as follows: EastHub01, EastHub02, EastHub03, and so on.
Mail servers in the West might be named as follows: WestMail01, WestMail02, WestMail03, and so on.
Note: Planning server names is particularly important, as it is a time-consuming and difficult process to change a servers name. Carefully consider the guidelines when naming a server.
49

Server Host Names and Common Names

Server Host Names and Common Names
The servers common name can be the servers fully qualied Internet host name (for example, Hub). Consider the following factors in deciding which format is best for the company. Use the Internet host name in the Lotus Domino server common name if clients accessing the server are:

On the Internet. On a large distributed TCP/IP intranet. In foreign Lotus Domino domains on a TCP/IP intranet, and server address sharing between the domains is not practical.
Use the simple Lotus Domino server common name if clients accessing the server are:

Primarily in the same Lotus Domino domain or in a domain that will share server address information with the domain. Rely heavily on network protocols other than TCP/IP. Require special server naming conventions better suited to the company.
User Naming Recommendations

User Naming Recommendations
Typically, a users common name is the users given (rst) name and family (last) name. The users common name is used for Internal mail addressing and determines the users Internet address.
Note: Lotus Domino includes an administrative tool to change a users common name, or the users place in the hierarchy, for example, under the following circumstances:

A users marital status changes. A user moves to a different department.
The following table provides an example of user naming conventions.
Type Lotus Domino mail addressing
Suggested syntax Firstname Lastname/ OU2/OU1/O @Domain
Example Maria Lopez/Sales/East/ WWCorp@WWCorp
50

Lesson 3 Examining IBM Lotus Notes and IBM Lotus Domino Security Type Internet Mail addressing Suggested syntax username@company.com Where username is one of the following: FirstinitialLastname Firstname_Lastname
Example MLopez@wwcorp.com Maria_Lopez@wwcorp.com
Use of middle initials

Since most people often do not know a users middle initial, it is rarely used. Other reasons for avoiding middle initials include: The format may vary. Some administrators might use a separator, like a period (.), and some may not, causing inconsistent names.
A differentiating OU is a better choice to ensure a unique name.
Planning a Hierarchical Naming Scheme

Planning a Hierarchical Naming Scheme
It is extremely important to properly plan a naming scheme for any organization. The entire security structure is based on the information provided at the time of the rst server implementation. To plan a naming scheme for an organization, carefully consider: Organization name, which should be a short and easy name. Many organizations choose to use their Internet domain or company name.
Stress to students the importance of properly planning the naming scheme. It is an arduous and administratorintensive task to redo a hierarchy once Lotus Domino is deployed in the organization.
Organizational units:

Should provide an easy and simple method to organize user and server names. Multiple OU levels may be more difficult to manage. Can be used for providing unique names.
A strategy for distinguishing identical names in the same organizational hierarchy should be determined during the planning stages.
How to Design a Hierarchical Naming Scheme

How to Design a Hierarchical Naming Scheme
Procedure Reference: Designing a hierarchical naming scheme

Follow these steps to plan the hierarchical naming scheme for the Lotus Domino environment.
1. 2. 3.
Choose a domain name. Choose an organization name. Decide whether or not to use country codes.
51

Lesson 3 Examining IBM Lotus Notes and IBM Lotus Domino Security 4. 5. 6.
Determine organizational units based on the companys structure. Determine server naming conventions. Determine user naming conventions.
52

Practice Activity 3-3: Design a Hierarchical Naming Scheme

To facilitate this activity, students may work in groups. The answers for this activity vary depending on personal opinion and organization structure. Refer students to the Worldwide Corporation Infrastructure Plan appendix, Organization Structure section, for the information to complete the activity. After students create their organization charts: Lead a class discussion in which students share their proposals. Discuss the advantages and disadvantages of the student solutions.
Scenario Worldwide Corporation has assigned you the task of designing a hierarchical naming scheme. As an administrator, rst you need to determine how to divide organizational units for Worldwide Corporation. To do this, answer the following questions.
1.
How should organizational units be divided: geographically, departmentally, workgroup, or by some other criteria? Geographically. Staff moves between geographic regions are less frequent, so would require less recertication.
2.
How many levels of organizational units are needed? One or two. Try to keep the hierarchy as simple as possible.
53

Lesson 3 Examining IBM Lotus Notes and IBM Lotus Domino Security 3. Should the servers and users be segregated, or kept together? Segregated. Lotus Domino server management is easier if the servers are kept in their own organizational unit.
To create an organizational chart for Worldwides servers and users, use the following guidelines: Place the name of the organization in the top row.

Place the rst level of organizational unit in the next row. Place subsequent levels of organizational units, if any, below parent levels. Place servers in their own organizational units. Place users in the lowest level.
Use the following blank organizational chart as a guide. The number of levels and number of boxes in this chart are not indicative of the nal result.
54

C
Security Controls Present the concepts of authentication and access controls in the Lotus Domino environment using the bank card analogy. Details on certicates and ACLs are presented in the following sections.
Topic C: Authenticating with IBM Lotus Domino Servers

Security Controls
Security controls determine access to servers and resources in the IBM Lotus Domino environment. Use the controls to:

Allow access to authorized users and servers. Block access for unidentied or specic users and servers.
The process of accessing information involves two levels of security: Authentication
Access controls
Authentication establishes trust between two entities. Once trust is established, access controls determine what information is available to the entity. An entity can be a server or a client.
Bank card example

To gain access to bank account information, authentication occurs through the use of: A bank card containing user account information.
A Personal Identication Number (PIN) identifying you as the owner of the card.
The PIN, along with the card, match the account information stored in the bank. Therefore, the bank trusts that you are the owner of the card. You are allowed access to the account. By using the bank card, you are also trusting that the bank will provide the correct access. This establishes two-way trust. Once you have gained access to the account, you are allowed access to specic information based on the type of account you have. The type of account determines the level of access. This is similar to access controls that can be set on entities such as servers, clients, or databases.
55

Certicates and ID Files

Certicates and ID Files
Authentication is controlled by certicates that identify and verify the entity connecting to the server. A certicate is a unique electronic stamp stored in an ID le that associates a name with a public key. An ID may have many certicates. A certier ID is a le that generates the electronic stamp to indicate a trusted relationship. Certier IDs result when entities, such as organizations and organizational units, are created during the registration process.
Note: The certier ID does not provide access to anything. It acts as an electronic stamp to validate other IDs. The certicate is the stamp left on the ID by the process of certication. The certicate uses an electronic signature from the certier to associate the user or servers name with the user or servers public key. For example, a certicate from /WWCorp issued to Inga Neste/Sales/WWCorp means that according to /WWCorp, Inga Neste/Sales/WWCorp has a specic public key that is stored in the certicate.
Point out that certicates are contained in Lotus Notes IDs. Tell students that additional information on public and private keys is included in the Extend Lotus Domino Software appendix.
Types of Certicates
The two types of certicates are:
Types of Certicates
Notes certicates: Stored in an IBM Lotus Notes or Lotus Domino ID le that associates a name with a public key. Certicates permit users and servers to access specic Lotus Domino servers. Internet (X.509) Certicates: Let a user access a server using SSL client authentication or send an S/MIME message. Internet certicates can be stored in the Lotus Notes ID.
Note: Certier IDs and certicates are created on the server. However, they should be moved to a very secure location, rather than left on the server. For example, copy the ID to a diskette and lock in a cabinet. Another approach would be to migrate the certier IDs to the Domino Directory
ID Files
ID Files
A Lotus Notes ID identies a user or server to Lotus Domino systems. The user and server registration process creates a unique ID.
Note: The password is used to encrypt the private key and optional encryption keys as well as to access the ID le.
56

There are several types of ID les used in the Lotus Domino environment:
The certier ID le allows an administrator to certify Lotus Notes users with hierarchical names. The certier ID le stamps server, user, and other certier IDs with its certicate. The user ID le is created by the administrator and contains information that Lotus Notes uses to identify a user. The le contains certicates and the name of the ID owner. The server ID le is created by the system administrators and stores IDs on the server.
Components of an ID File
Components of an ID File
An ID le contains information to identify the owner of the ID in order to determine access to resources in a domain. The following graphic illustrates the information each user or server ID contains.
Figure 3-4: Components of an ID le

Note: The password is used to encrypt the private key and optional encryption keys as well as to access the ID le.
Common Certicates
Common Certicates
In order to authenticate, each side (server and client or server and server) must have a common certicate. A common certicate is a certicate derived from the same Lotus Notes or Internet (X.509) certier, or one of its ancestors in the organizational hierarchy.
57

Example of two organizations

Worldwide Corporation created another organization called Earth after acquiring a new regional office. They wanted to restrict access to Earth until the office was up and running. The following gure shows IDs containing certicates. The certicates in the same organizational hierarchy (WWCorp) can authenticate with one another. A certicate from another organizational hierarchy (Earth) cannot authenticate with a Worldwide server. In the following example, Marcus Frank can authenticate with the APPS server. But Corretta Juarez in the regional office (Earth) cannot authenticate with APPS because they do not have a common certier or ancestor.
Certicates and Hierarchies
Figure 3-5: Certicates and hierarchies
58

How Certicates Are Used in Authentication

How Certicates Are Used in Authentication (2 slides)
Server settings control required access to the server by specifying authentication levels. The following table explains the strong authentication methods used.
Authenticate
Dene the terms strong and simple authentication. Describe how authentication occurs for Lotus Notes and Web clients and for Strong, Simple, and No authentication (Anonymous).
Using Lotus Notes certicate
In the Lotus Notes/Lotus Domino environment Between Lotus Domino and other applications using Internet protocols In the Lotus Notes/Domino environment and outside the Lotus Domino/ Notes environment Example: Internet e-mail to a Lotus Notes client
Internet (X.509) certicate
Lotus Notes and Internet (X.509) certicate (with S/MIME to sign Internet messages between different mail packages)
The following gure illustrates authentication.
Figure 3-6: Authentication using certicates
59

Other authentication methods

In addition to strong authentication using Lotus Notes and Internet certicates, the other types of authentication are: Anonymous: No credentials. Examples of Anonymous access include Web pages for advertising and catalogs.
Simple: User name and password. Can be used for customers to access information about their own orders or shipments.
The ID Vault Feature

The ID Vault Feature
The ID vault feature in Lotus Domino Administrator 8.5 enables administrators to manage secured copies of Lotus Notes user IDs. Administrators congure policies to assign ID vaults for users. Once a policy has taken effect, the secured copies of user IDs are uploaded to a vault database. There are several advantages to using an ID vault: Lost or forgotten user passwords can be easily reset or recovered.

Corrupted user ID les can be automatically replaced with the copies in the ID vault. User IDs are automatically synchronized. User renames and user key rollovers are automated.
How to Create an ID Vault

Procedure Reference: Creating an ID vault
Follow these steps to create an ID vault.
1. 2. 3. 4. 5. 6. 7. 8. 9.
In Lotus Domino Administrator, click the Conguration tab. On the Tools menu, click ID VaultsCreate. The Create and Congure Notes ID Vault wizard will display. Click Next. In the Notes ID Vault name eld, enter the name of your choice. In the Notes ID Vault description eld, enter a description that can also be used as the Lotus Notes ID vault database title. Click Next. In the Password eld, enter a password of your choice. In the Verify eld, enter the password again. If you want to change the Vault ID le location from the default, click the Location button.
10. Click Next.
60

Lesson 3 Examining IBM Lotus Notes and IBM Lotus Domino Security 11. In the Vault server eld, your server is automatically selected. If you
wish to change servers, click the Change button and select an alternate server from the list of available servers and click OK. To accept the default server, click Next.
12. Your user name should be listed in the The following administrators
can manage the Notes ID vault eld. To add or remove administrators, click the Add or Remove button, select additional administrators from the list of available users, and click OK. When creating the ID vault, only one administrator needs to be specied to complete creation. To accept the default administrator, simply click Next.
13. You are not required to specify an organization during creation. If you
wish to do so, click the Add or Remove button, select additional administrators from the list of available organizations, and click OK. To accept the default, click Next.
14. On the Specify names that are authorized to reset passwords page,
to accept the default selections, click Next. Use the Add or Add to All buttons to give additional users, groups, servers, and organizational units authorization.
15. On the How is this policy assigned page, you can leave the default I
will specify a Notes ID vault policy at another time selected to continue on to complete the wizard, or you can select to Create a new policy assigned to an organization, Create a new policy assigned to specic people or group, Create a new policy assigned to a home server, or Edit an existing policy. After selecting an option, click Next to continue.
16. Click Create Vault. 17. Click Done.
Specifying information during vault creation

When creating a Lotus Notes ID vault, some information is required immediately, while other information can be specied either during creation or at a later time. The following table lists the required information: Lotus Notes ID vault name: The name of the ID vault cannot be the same as any organization or organizational unit used in the Lotus Domino domain. In addition, the name cannot be changed after the vault is created.
Vault ID le location and password: The location of the vault ID le and the password are required for vault administrators to create vault replicas or to delete the vault. Vault primary server: There can be only one primary server specied for the vault. Vault administrator: At least one vault administrator must be specied during vault creation.
61

The following lists information that can be provided during vault creation or after the vault has been created: Organizations that trust the vault for ID storage: This information is used to create Vault Trust Certicates in the Lotus Domino Directory. The Vault Trust Certicate is a cross-certicate issued to the vault, and it shows that the vault is trusted to store the IDs descended from the certier.
List of those authorized to reset the passwords of IDs in the ID vault: This information is used to create Password Reset Certicates in the Lotus Domino Directory. The Password Reset Certicate is a crosscerticate issued to individuals, organizations, or organizational units, and it indicates who can reset or change the passwords for IDs in a vault. List of user IDs assigned to the vault: This information is controlled through user policy conguration.
62

D
Introduction to Lotus Domino Access Controls Review that server security consists of authentication and access control. Authentication was described previously. This section covers access to servers and server resources (such as application) once authentication is established.
Topic D: Controlling Access to Resources

Introduction to Lotus Domino Access Controls
IBM Lotus Domino controls secure information so it is available only to those who require it. Lotus Domino provides settings to selectively control access to server resources. Controls can be placed on many levels: the server, database (including information in elds on a form), agents, applets, and Web pages. The controls used depend on the security level required for applications and the user access required. Many of the decisions involving application deployment are made by the developer. However, security is often implemented by the administration staff. There are many settings in the Lotus Domino Server Conguration Settings documents that control access to the application.
Access Control Lists

An access control list (ACL) determines access to a given database, and the type of access allowed. Every Lotus Domino application has an access control list.
Access Control Lists
The Access Controls slide displays the levels of Lotus Domino access control. The slide can be used in conjunction with the information on this page to describe access control.
63

Roles
Roles
A role identies a set of users and/or servers. Roles apply only to the database in which they are created.
How Lotus Domino Controls Access

Some examples of server software and applications include: SMTP, Agents, LotusScript and JavaScript. (Optional) Open a Conguration Settings document and tell students that it contains security settings. Show some examples.
Lotus Domino uses roles and an access control list to control access to databases. The following table describes how Lotus Domino controls access.
Access to Server, including IBM Lotus Notes clients, Web clients, and other Lotus Domino servers

Is controlled by Server settings and restrictions Settings that allow and deny access to users, servers, Lotus Notes, and Web clients Restrictions that allow or deny access to server software and applications Groups
How Lotus Domino Controls Access
Lotus Domino le folders Run Java applets Run Lotus Domino agents (programs that perform specic tasks within a database, such as sending mail messages) Databases: Forms and views Documents Fields
File folder access controls and restrictions Server restrictions Server restrictions
Access control lists (ACLs) Groups Roles: Subsets of users or servers in an ACL This adds an additional level of access control over those already controlled by the ACL Encryption, for eld control
Web pages
Web server controls
64

Stages of Access Control

Stages of Access Controls
The following graphic shows the stages of access control that can be set on specic Lotus Domino components.
Describe the levels of access to resources.
Figure 3-7: Stages of access control The following table describes the access control stages.
Stage 1
Description Successful authentication extracts the name in the Person document (ID le). The name is then checked against the server, le, database, data, and eld access. Server access: Name is checked in Server Restrictions or Deny Access for access to the server. File access: Name or group is allowed access to the servers le folders. Database access: Name is checked for access to the database. Data access: Name is checked for view, form, read, and edit access to the document in the database. Field access: ID is checked for the appropriate encryption key to access the eld in the document.
4 5
65

Settings in the Server document determine who has access to specic components. For example: Administrators may have access to monitoring tools while users may not.
Some users may have permission to run agents.
66

Activity 3-4: Identify Server Access

Prior to beginning the activity, add localdomainadmins to the Sign agents to run on behalf of someone else eld. As you lead students through the activity, ask for the answers to the questions.
Scenario Worldwide Corporation has enabled some security mechanisms in the Lotus Domino environment. As an administrator, you need to be aware of what security mechanisms are currently in use.
Note: If you have questions regarding the settings, use the context sensitive Help. Wildcards can be used for a group of servers; for example: */SVR/WWCorp.
Follow these steps to complete the activity. Document the current Worldwide security settings and answer the questions.
Step 1. 2. 3. Action Click the Conguration tabServer sectionCurrent Server Document view. Click the Security tab. For the Administrators section, who are the authorized administrators? LocalDomainAdmins, LocalDomainServers, and DoctorNotes/ WWCorp. 4. In the Security Settings section, does the server allow Lotus Notes users to access anonymously? Yes 5. No
Scroll to the Server access section. Who can create new databases on the server? Blank = All.
6.
In the Server access section, who can use monitors? * = Everyone.

Note: Open the document in edit mode and use eld help.
7.
Scroll to the Programmability Restrictions section. Who can run unrestricted methods and operations? Blank = No one.
8.
In the Programmability Restrictions section, who can sign agents to run on behalf of someone else? LocalDomainAdmins.
67

Security Using Groups

The following table provides examples of what groups can be used to do.
Security Using Groups
Use
Describe how groups are used to allow or deny access to the server. Discuss the settings the students recorded in the previous activity. Are the settings appropriate? Why?
Example LocalDomainAdmins: Allows administrators full access to the Lotus Domino Directory. LocalDomainServers: Allows servers access to Administration Requests.
Provide a group of users with access to a database. Provide a group of servers with permission to replicate a database. Deny a group of users access to a server or database.
Group of terminated employees: Restricts access of specic employees to sensitive corporate information.
Examples of group access

Administrators create and maintain groups in the Lotus Domino Directory. The database administrator is subsequently responsible for providing the appropriate level of access and security to each database. For example, Worldwide Corporation has the groups listed in the following table. Each group has access to a database relevant to its responsibility within the company.
Database Personnel records
Group Individual users Department managers
Access Reader access to own documents only Reader access to documents of all subordinates
Policies
HR staff Corporate staff
Editor access to all records Reader access to all documents
68

Allowing access to parts of the hierarchy

Users and servers in specic parts of the Lotus Domino hierarchy can be assigned access by using a wildcard (*). For example, assigning access for */East/WWCorp allows access to all users in the Organizational Unit East without creating a group.
Group Types
Group Types
Group types are used to dene the purpose of the group and determine the views in the Lotus Domino Directory where the group name appears. For example, the group of terminated employees appears in the Deny List view, and access control groups appear in the Access Control view.
Static groups, including a predened set of members, are stored in the Domino Directory and can be used as mail addresses. Describe dynamic groups, such as */East/WWCorp. Tell students that these groups are used to include all entities in a particular organizational unit at the time of connection. They are not stored in the Domino Directory and cannot be used as mail addresses.
Using specic group types improves performance by reducing the size of view indexes in the Domino Directory. The following table describes the purpose of various group types.
Group type Multi-purpose Access Control List only Mail only Servers only Deny List only
Purpose Multiple uses; for example, mail, ACLs, and so on Adding to ACLs
Mailing list groups Server groups Terminated users or other users Note: Deny List groups appear in a different listing
69

Best Practices for Creating Groups

Best Practices for Creating Groups
The most effective way of allowing or denying access to a server is to create and maintain appropriate groups. To do this: Assign a group name that identies the content. For example:

The region in which the entries are located Global if it is a group that contains names that span the entire organization
Describe a nested group example. As an added security feature, administrators create two regional groups. The groups are: Deny Access East = Access denial for people in /East Deny Access West = Access denial for people in /West Before deleting a user from the Lotus Domino system, the local administrator adds the user to one of the groups. Each of the groups is included in the Deny All nested group. For each server restrictions setting, Deny All has No access in the server section. This ensures immediate denial to any WWCorp server. Show the students how to create an example of a nested group: 1. Click the People & Groups tab. 2. Click Tools GroupsManage.
Nest groups for easier maintenance.

Caution: Too many nested groups may cause confusion and be cumbersome to manage.
70

Activity 3-5: Determine Group Access to the Server

Add the LocalDomainAdmins and LocalDomainServers groups to the Server Access eld prior to the activity. After students complete the activity, point out what the Administrators groups can do what other groups may not be able to do, such as run remote console. If students select the Administrator tab in the Server document and nd access information, this is the access for the Server document only, not for the server or databases.
Scenario Worldwide Corporation allows server and administration access using groups. As an administrator, you should be able to determine which groups have access to the server and which groups can administer the server. Follow these steps to determine which groups have access to the server and which groups can administer the server, and answer the questions.
Step 1. 2. 3. 4. Action Click the People & Groups tabDomino Directories section. Click WWCorps DirectoryGroups. Open the Administrator group (LocalDomainAdmins). Who are the members in the Administrators group (LocalDomainAdmins)? DoctorNotes/WWCorp, EastAdmins, and WestAdmins. 5. 6. Click Cancel to close the group. Who are the members of EastAdmins and WestAdmins? Admin East01/WWCorp, Admin East02/WWCorp, Admin East03/ WWCorp, Admin East04/WWCorp, Admin East05/WWCorp, Admin East06/WWCorp, Admin West01/WWCorp, Admin West02/ WWCorp, Admin West03/WWCorp, Admin West04/WWCorp, Admin West05/WWCorp, and Admin West06/WWCorp. 7. 8. Click the Conguration tab. In the Server section, click the Current Server Document view, and click the Security tab. After reviewing the Security tab in the Current Server Document, do any groups have administration capabilities on the server? LocalDomainAdmins, LocalDomainServers. 9. 10. Scroll to view the Server Access section. After reviewing the Server Access section, do any groups have access to the server? LocalDomainAdmins, LocalDomainServers.
71
Topic E: Determining Database Access Levels

E
Access Control List Levels Demonstrate the ACL settings: From the Files tab, select the Administration Requests database. Click Tools DatabaseManage ACL. Select each of the following entries to see what access each entry has: Default, Anonymous, or LocalDomainAdmins. Click OK to close the Manage ACL tool.

Access Control List Levels
The following table lists the access levels for IBM Lotus Domino.
Level No Access
User access No access to the database,
Server access No access to the database (except, optionally, to read or write public documents) Can push new documents, but can never pull documents. Note: This ACL level is not normally assigned to servers. Can replicate to receive (pull documents) only (not to send, or push, documents) Minimum access for servers to get data
Depositor
Can create documents in the database, but cannot read, edit, or delete documents, including those they create Can read documents, but cannot create, edit, or delete them
Reader
Author
Can create and read documents, and edit own documents if Authors elds are used Note: Designers can modify a database to allow users to edit their own documents. Can create, read, and edit all documents Can modify the database design, but cannot modify the ACL or delete the database
Can replicate new documents, but cannot modify documents Minimum access for servers to send data
Note: This ACL level is not normally assigned to servers. Can replicate all new and changed documents Can replicate all new and changed documents, and replicate design elements. Can also create full-text indexes. Can replicate ACL changes as well as all document and design changes
Editor
Designer
Manager
Can perform all operations on the database, including changing ACLs and deleting the database
72

Activity 3-6: Identify Access to the Lotus Domino Directory

During this activity, describe the icons used in the ACL; for example: Server group, User, and Person group. Ask students what access they have and what this means in terms of what they can and cannot do. Then ask students what access administrators have and what they can do. Briey describe roles and how they rene access.
Scenario Worldwide Corporation has an active Domino Directory structure in place. As an administrator, you should be able to identify which groups have access to the Lotus Domino Directory. Follow these steps to determine which groups have access to WWCorps directory and what type of access they have.
Step 1. 2. 3. 4. 5. Click the Files tab. Open WWCorps directory. In the About Domino Directory document, click Close this document to view the database. Click FileApplicationAccess Control. What are the server group names and their access? LocalDomainServers have Manager access and OtherDomainServers have Reader access. 6. What are the Person group names and their access? LocalDomainAdmins have Manager access. 7. What are the individually dened names and their access? Doctor Notes has Manager access. 8. 9. 10. Click Cancel. Close the WWCorps Directory database. Using available help information, dene a role. Database-specic groups created to simplify the maintenance of restricted elds, forms, and views. You can apply a role to Authors elds and Readers elds and read and create access lists in forms and views. Action
73

Instructor Activity 3-7: Test Security

Scenario As the administrator, you will need to be familiar with testing security in the Lotus Domino environment. Your instructor will make some access control changes and direct you to test security. Steps are labeled to indicate those the Instructor should perform and those students should perform. Follow these steps to test security.
Step Instructor: 1. 2. 3. Add the EastAdmins group to the Not Access Server eld in the Server document. Change the ACL of Domino Directory to remove LocalDomainAdmins and add EastAdmins. Restart the server. Action
Students: 4. 5. 6. Exit Lotus Domino Administrator and Lotus Notes and re-open Domino Administrator. Open the Domino Directory and click the People & Groups tab. Can you access the server or the Domino Directory? Why are some not able to access the server or the Domino Directory? West## users should have access to the server as the WestAdmins group was not restricted access, but they will not be able to access the Domino Directory because they are not included in the ACL for the Domino Directory. East## users should not have access to the server because the EastAdmins group was restricted access, and because they no longer have access to the server, they will not be able to access the Domino Directory even though they were specically added to the ACL for the Domino Directory. Instructor: 7. Reverse the access changes made at the beginning of the activity and restart the server.
74

F
Execution Access The Execution Control List
Topic F: Determining Workstation Security Levels

Execution Access
Protect user workstations by specifying different types of execution access for different people or organizational certiers who run IBM Lotus Notes scripts and formulas. For example, assign all types of execution access to an IBM Lotus Domino administrator, but allow no execution access to unsigned scripts or formulas.
Note: By default, scripts and formulas, whether signed or unsigned, do not execute on a workstation without displaying a warning message. However, scripts and formulas created using a Lotus Notes template and signed Lotus Notes Template Development/Lotus Notes have complete execution access.
The Execution Control List

The default Execution Control List (ECL) denes workstation security for the Lotus Notes client. If a group is not specied in the ECL, Lotus Notes warns the user when an application attempts to run on that client. This provides the user with the opportunity to control what code can be executed on the users machine. The following gure shows a sample ECL.
Open the What Others DoUsing JavaScript panel in the User Security dialog box and briey describe the information and settings. Use Lotus Notes Template Development as an example.
Figure 3-8: Execution Control List
75
Topic F: Determining Workstation Security Levels

Lesson Summary
In this lesson, you managed Lotus Notes and Lotus Domino security. Understanding the process of ensuring proper access to Domino servers with security mechanisms in place will allow you to effectively control access to a Lotus Notes and Lotus Domino environment.
76
Examining IBM Lotus Domino Mail Routing

Topic A: Introducing IBM Lotus Domino Messaging Topic B: Designing a Mail Routing Topology
Lesson 4 Examining IBM Lotus Domino Mail Routing
Introduction
IBM Lotus Domino supports two mail transfer protocols: Lotus Dominos native routing protocol, NRPC (Notes Remote Procedure Calls), and the Internet standard, SMTP (Simple Message Transport Protocol).
Note: This lesson covers only intranet mail routing.
After completing this lesson, you should be able to: Describe Lotus Domino mail routing. Design a mail routing topology.
78

A
Lotus Notes Named Networks
Topic A: Introducing IBM Lotus Domino Messaging

Lotus Notes Named Networks
Servers that meet the following criteria can be members of the same Lotus Notes Named Network (NNN): Are in the same IBM Lotus Domino domain.

Share a common Local Area Network (LAN) protocol. Can maintain a constant connection on the same LAN or bridged/routed Wide Area Network (WAN).
NNN best practices

Servers that meet the criteria can belong to the same NNN. However, consider separating servers into different NNNs under the following circumstances: To control when mail routes between servers: Administrators may want to control when mail routes between servers rather than allow mail to route automatically, as is the case between servers in the same NNN.
To reduce network traffic between regions: Regional administrators would instruct users to access applications on servers in their own region.
Mail Routing and Lotus Notes Named Networks

Mail routing occurs automatically between servers in the same NNN.
Mail Routing and Lotus Notes Named Networks
To enable communication between servers in other Lotus Notes Named Networks, congure Connection documents. Connection documents include specic connection information, such as server denitions, delivery schedule requirements, and message queue lengths. When routing mail between servers in separate NNNs, each mail server requires a Connection document.
Create a Connection document and show the following key elds: Basics (show the Source and Destination servers) Replication/Routing Routing section Schedule (show Enabled/Disabled and Connection times)
79

Mail Routing Protocols

Mail Routing Protocols
It is possible to use a combination of SMTP and NRPC within an organization. For example, Worldwide Corporation could route mail within the company intranet using Lotus Dominos native routing protocol, NRPC, and route mail to the Internet using the SMTP protocol. The following table denes the mail routing protocol options in Lotus Domino and the connection ports they use.
Protocol NRPC
Denition Notes Remote Procedure Calls. NRPC can be set up to route mail within a Lotus Domino domain and to route mail between Lotus Domino domains. Simple Messaging Transfer Protocol. SMTP is an industry standard Internet routing protocol which is native in Lotus Domino. Note: SMTP supports the TCP/IP protocol only.
Port 1352
SMTP
25
Note: NRPC uses port 1352 for server-to-server and server-to-client communications, not just mail transport.
Using NRPC vs. SMTP

Use the following guidelines when determining which protocol to use.
Use SMTP alone under these circumstances:

For Internet communication. If Lotus Domino is being used for mail only. Sending document and database links via e-mail. Lotus Notes public key security. Mail-enabled workow applications.
Use NRPC to take advantage of these Lotus Domino features:

80

Mail Routing Components

Mail Routing Components
Mail routing is one of the key features for many Lotus Domino implementations. The Lotus Domino mail les and tasks work together to provide a consistent and reliable messaging environment. The following table describes the key components of Lotus Domino messaging.
Use the table to introduce the names of the key mail routing components and where the key components reside (workstation or server).
Term Mail le
Denition The Lotus Domino application in which the user creates, sends, retrieves, and stores mail messages. A users mail server is the server where the users mail le resides and is specied in the Person document in the Domino Directory. The Mailer resides on the workstation and performs these tasks: Veries the existence and spelling of the name(s) if the recipient is listed in the Domino Directory. Converts the message to Multi-purpose Internet Mail Extensions (MIME), if necessary. Deposits the message in Mail.box on the senders mail server.
Mail server
Mailer
Domino Directory
The Lotus Domino application that stores information about the senders (and possibly recipients) mail server, mail le system, mail le name, mail address, and connections to other servers for transfer and delivery. A special database that resides on every server used for mail delivery. Mail is temporarily stored in Mail.box before the router delivers or transfers the mail. A server-based task that delivers and transfers mail. It checks the Lotus Domino Directory for connections to other servers and deposits mail in users mail les and other servers Mail.box.
Mail.box
Router
81

Mail Settings that Affect Routing

Mail Settings that Affect Routing
Settings for servers and users control how and when mail routes. The following table introduces some of the messaging settings available in Lotus Domino.
Using the Domino Directory, show examples of the following documents and settings: Connection document with mail routing information Server document with message settings Conguration Settings document with Inbound/Outbound SMTP controls Person document with mail storage settings (BasicsMail sectionIncoming mail)
Settings Server
Options Messaging settings Connection documents Domain documents Conguration documents, including: Inbound controls: SMTP controls for mail from the Internet Outbound controls: SMTP controls for mail to the Internet
User
Mail storage format Native MIME (Multi-purpose Internet Mail Extensions): Internet mail formats Notes Rich Text: Lotus Notes and Lotus Domino format
82

The Mail Routing Process

The Mail Routing Process
Mail routing occurs automatically between servers in the same NNN, using routing information in the Lotus Domino Directory. The following graphic shows how mail is routed.
Show the ow of a mail message. Reinforce the terms described on the previous pages. Explain that the router transfers messages automatically between servers in the same NNN and based on a schedule dened by a Connection document between servers in different NNNs. Show the Routing animation (Routing.exe). The animation shows routing of workow applications. It may help to give students a graphic representation of how routing works.
1. 2. 3. 4. 5. 6. 7. 8. 9.
User creates and sends a mail message from the workstation. Client Mailer program checks names in the directory Client Mailer puts mail in Mail.box in the users Location document. Router task on the home server polls Mail.box for new messages. .
on the home server specied
Router checks directory for routing information and for addresses on the message and determines message route. Router transfers message to Mail.box on next destination server. Router task on destination server polls Mail.box for new messages. Router checks directory for routing information for addresses on the message. Router delivers mail to recipients Mail le.
Router Optimizations in Lotus Domino 8.5

Router Optimizations in Lotus Domino 8.5
Router optimizations have enhanced the routing capabilities in the Lotus Domino environment. Optimizations offer various advantages: Decreased amount of time taken for routing a message.

Decreased message backlogs in the Mail.box. Overall improvement in performance. Reduced latency. Prevent creation of extra copies of messages.
This content can be skipped if the class is short on time.
83
Topic B: Designing a Mail Routing Topology

B
Mail Routing Topologies If students are unfamiliar with the terms, explain that peer-to-peer is sometimes called mesh. Mention that replication is discussed in detail later in the course.

Mail Routing Topologies
A mail routing topology establishes which servers are connected and how they communicate specic information. IBM Lotus Domino identies topologies for:

Replication: Determines how to connect servers to exchange database changes. Mail routing: Determines how to connect servers to send mail.
Topology Types
A topology denes how mail servers are set up within an organization. The two basic types of topology are hub-and-spoke and peer to peer. In a peerto-peer topology, every server connects to every other server. It is most commonly used when connecting a small number of servers in a workgroup or department. In a hub-and-spoke topology, mail traffic passes between a central hub server and multiple spoke servers; no mail is exchanged directly among the spokes. A hub-and-spoke topology is suited to handling a high volume of mail across a large organization. The type of topology uses can vary depending on the size and type of the organization: Small rms (four or fewer servers): Use peer-to-peer mail routing, which quickly disseminates mail to all servers.

Topology Types
Show the connections between the hubs and then to the spokes.
Mid-size rms (four to six servers): May use a combination of peer-topeer and hub-and-spoke. Large organizations (six or more servers): Use hub-and-spoke mail routing.
Note: Implement hub-and-spoke topology for maximum efficiency with high volume mail traffic and to allow for easier expansion, such as adding servers or clustering servers.
84

The following gure shows an example of a hub-and-spoke topology.
Figure 4-1: Hub-and-spoke topology
Hub and Spoke Topology Considerations

Considerations for a hub-and-spoke topology include the following:
Hub and Spoke Topology Considerations
Use hubs when there are six or more servers in the Domino domain. A hub machine requires considerable system resources (memory, disk space, and network protocols). Use a cluster for hubs to provide failover.
How to Design a Mail Routing Topology

How to Design a Mail Routing Topology
Designing a mail routing topology will assist you in ensuring that the servers in an IBM Lotus Notes and Lotus Domino environment are properly connected, and that they communicate the appropriate information.
85

The following are some guidelines for designing a mail routing topology.

Determine the number and server membership of Lotus Domino Named Networks based on the network protocols in use. Determine the appropriate topology type based on the size and type of the organization. For example, peer-to-peer, hub-and-spoke, end-toend, or hybrid. If using hub-and-spoke:

Determine the number of hubs and the appropriate system resources for each hub. Determine if clustering the hubs is necessary.
86

Activity 4-1: Design a Mail Routing Topology for Worldwide Corporation

Relate the server descriptions to the server types covered previously. Each region has: Lotus Domino Mail servers = 1 Lotus Domino Application servers = 2 After the students complete the activity, review the possible answers.
Scenario Worldwide Corporation administrators need to design a mail routing topology that supports the hardware conguration, network protocols in use, and types of Lotus Domino servers in place. The following table provides the Worldwide Corporation hardware conguration. As an administrator, you should be familiar with designing a mail routing topology. Follow these steps to design the topology and determine the possible connections.
Location Corporate Headquarters (HQ)
Systems One large mainframe running Lotus Domino mail and other business applications System has additional capacity and network bandwidth
Network Running TCP/IP throughout the building
Eastern Region
Three departmental servers: One running only Lotus Domino mail Two running Lotus Domino mail and other applications
LAN connections among all servers Lotus Domino server with TCP/IP connectivity Network router connection to Corporate
Western Region
Three departmental servers: One running only Lotus Domino mail Two running Lotus Domino mail and other applications
LAN connections among all servers Lotus Domino server with TCP/IP connectivity Network router connection to Corporate
87

The following graphic illustrates the environment.
Step 1: One NNN would be sufficient if all systems are connected through high-speed lines. If the regional divisions are separated and must connect over a WAN, or if Worldwide wants to control mail routing schedules, three would be the most appropriate. Step 2: OUs are the best way to organize servers and users into more manageable groups.
88

Note: The written questions for this exercise are similar to the format used in the IBM Software Services for Lotus Certication exams.
Step 3: A Connection document provides the connection type and schedule for mail routing when servers do not reside in the same NNN. Verify that all students understand why this is the correct answer. Step 4: Answers can vary. If all systems have high-speed connections, a peer-to-peer would be appropriate. However, if the organization plans to grow, a hub-and-spoke topology might be best, consisting of: A main hub, which is the Corporate mail server. Two spoke servers, which are the regional mail servers.
Step 1.
Action Which of the following numbers of NNNs would be appropriate for Worldwides deployment? a) One b) None c) Two d) Three
2.
Which one of the following hierarchical naming levels would best organize the servers and users? a) Country b) Organizational unit c) ID d) ACL
3.
If there is more than one NNN, then which one of the following is the best mechanism to route mail from server to server? a) Program document b) No action required c) Connection document d) Congure a gateway
4.
If high-speed lines connect all of Worldwides systems, which one of the following would be the most appropriate mail routing topology? a) Mixed b) Peer-to-peer c) Ring d) Hub-and-spoke
5. 6. 7.
Circle and label the appropriate number of NNNs. Draw lines between servers in which mail will route automatically. Draw lines between servers to represent a Connection document to route mail on a schedule. Use arrows to indicate the direction in which mail will route. Draw as many lines as will be Connection documents.
89

Lesson Summary
In this lesson, you described mail transfer protocols supported by Lotus Domino. Understanding the NRPC and SMTP mail transfer protocols can help you administer mail routing for your organization.
90
Examining IBM Lotus Domino Replication

Topic A: Introducing IBM Lotus Domino Replication Topic B: Designing a Replication Strategy
Lesson 5 Examining IBM Lotus Domino Replication
Introduction
The Lotus Domino Directory is the central database in the IBM Lotus Domino domain, and exists on every server in the domain. Likewise, there are other databases that Lotus Domino uses to function properly, such as the Certication Log and Administration Requests database, that need to be synchronized on all servers in the domain. A process called Domino Replication keeps the Domino Directory synchronized on all servers in the domain. Additionally, users in the Lotus Domino environment use databases to collaborate and exchange information. These databases can reside on geographically dispersed servers and also need to be synchronized so all users have access to the same information. After completing this lesson, you should be able to: Identify how replication works. Design a replication strategy.
In this lesson, students will see how Lotus Domino distributes information between databases on servers across the domain. They will have an opportunity to create a database replica, make changes, and synchronize those changes with other classroom replicas. Students will also discuss the planning aspects of designing a replication topology for the servers in the domain including scheduling considerations. Students will determine a replication strategy for Worldwide Corporation.
92

A
What is Lotus Domino Replication? Run the Replication animation (Replication. exe), which provides an excellent overview of replication. Show only the following topics at this time: What is Replication? How Does Replication Work? Even though replication and replicas are mentioned in the animation, students will need to fully understand some of the basic terms involved with replication. Dene the terms in the accompanying table.
Topic A: Introducing IBM Lotus Domino Replication

What is Lotus Domino Replication?
Replication is the process of synchronizing documents from the same databases on different workstations or servers over time. Replication enables exchanging modications between special copies of databases called replicas.
93

Components of the Replication Process

The following table describes the terms used for replication.
Components of the Replication Process
Term Replicator
Follow these steps to show different replica IDs for a database copy. 1. Create a local database copy of the Marketing TeamRoom database. 2. Open Database Properties to show that the replica ID is different from the original database whose replica ID is shown on the student page.
Denition The Replicator is a server task that is loaded, but not initiated, at server startup. The Replicator pulls data from, or pushes data to, another server. The unique value assigned to a database when it is rst created. Replicas of the same database share the same replica ID. The Replicator looks for databases with the same replica ID to synchronize. tab in Database The replica ID is found on the Properties. Note: A database copy does not share the same replica ID as the original database. Only database replicas share the same replica ID.
Replica ID
Unique Notes Identication Number (UNID)
The unique value assigned to a document when it is rst saved. The Replicator looks for documents with the same UNID to synchronize. tab in Document ProperThe UNID is found on the ties.
Replication History
A list of dates and times when two servers or a server and workstation successfully replicated. The Replicator uses Replication History to determine which documents are new, changed, or deleted since the last time the two databases replicated.
94

The Server-to-Server Replication Process

The Server-to-Server Replication Process
The following gure shows how replication works using a replication type called Pull-Pull, where both servers share the workload. East01 initiates Pull-Pull replication with West01. In this example, Pull-Pull is accomplished by conguring Pull Only replication on both servers.
Stress the following points: Dene target and source server in the rst Pull cycle. How the target and source servers switch during the reverse Pull.
Replication Tools
Replication Tools
Administrators use the following methods to initiate server-to-server replication: Connection document Used to schedule replication between two servers.
Open a Connection document and show the replication schedule.
Server console Used to force replication between two servers.
The Workstation to Server Replication Process

Since the workstation software does not have a Replicator, it is the workstation software itself that reads changed documents from the application server and writes those changes to the local replica. The workstation also pushes its changed documents to the application on the server. The servers Replicator is not involved in workstation-to-server replication. As with server-to-server replication, the ACL, design, and document changes are distributed based on server, database, and document settings.
The Workstation to Server Replication Process
Emphasize that the servers Replicator task is not involved when a server replicates with a workstation.
95

Database Replicas
Database Replicas
IBM Lotus Domino makes it easy to collaborate with others by allowing users to work in database replicas that are located in geographically dispersed servers or on local workstations with Lotus Domino replication keeping those databases synchronized.
Manager access to local replicas

The user can be permitted Manager access to a local replica of a database resulting in the user being able to make any number of changes to the local replica. However, additions, changes, and deletions to notes in the database will replicate back to the server based on the ACL of the database on the server. For example, if a user has Reader access to the server replica, no changes made to the local replica will replicate back to the server replica.
The Database Replication Process

The Database Replication Process
The following table describes how information in applications is kept updated on all servers during replication.
Stage
Use the accompanying table to describe how replication keeps information synchronized. This process describes Pull-Pull replication. Other replication types are introduced later in this lesson.
Description The Replicator compares its list of applications with the called servers list of applications to determine which application they have in common. Working on one application at a time, the initiating server builds a list of ACL, design, and document modications that have occurred since the last time these two servers replicated. The Replicator pulls (reads and writes) ACL and design and document changes, based on permissions set in each server, application, and document. Upon completion of replication with the rst application, the Replicator updates the replication history for that application and moves on to the next application in common. It repeats Stages 2 and 3. When the initiating server has replicated all application in common with the called server, the Replicator will tag the called servers Replicator to repeat the same process in the other direction.
96

Streaming Replication
Streaming replication is a feature that enables Lotus Domino users to replicate a number of documents and attachments. Smaller documents are replicated rst. So, even if the replication process is aborted, the target system will still have the smaller documents. Also, an aborted application can be reinitiated. Streaming replication allows users to start using the documents before replication is complete. It also reduces network traffic and latency.
The Field-Level Replication Process

The Field-Level Replication Process
Field-level replication is the process of copying only elds that have changed since the last time the two databases replicated. If the target document is unchanged, the Replicator uses eld-level replication by default and copies only the source documents changed elds to the target document. Field-level replication occurs automatically without any intervention from the administrator or database designer. The following gure shows that only the changed eld containing X is replicated.
Use the graphic to illustrate eld-level replication. Emphasize these points: Only the changed elds are copied when the target document is unchanged. This is the default behavior of the Replicator.
Benets of eld-level replication

Field-level replication reduces:

Replication time. Only elds that have changed are copied, instead of the entire document. Network traffic, provided large elds in the document have not changed. The number of replication conicts, when different elds on the same form have been edited on different servers.
The application designer can reduce replication time by designing applications with eld-level replication in mind. Large elds that will be edited frequently might be better broken up into many smaller elds.
97

Factors that Affect Replication

Factors that Affect Replication
There are any number of factors that may cause applications to not replicate as desired. Security settings may prevent a server from authenticating with another server or prevent access to the application to replicate the correct documents. As seen in the previous section, the replication schedule and selected replication type are critical to successful replication. The following table summarizes some of the factors that affect if and how data transfer occurs during replication of Lotus Domino applications. Consider these factors when setting up or troubleshooting replication issues. This is not an exhaustive list of factors that affect replication.
Run the Replication animation (Replication. exe) again. Show only the following topics at this time: Replication Options Factors Affecting Replication Replication Conicts
Factor Replication schedule
Potential problem Incorrect information in the Connection document can prevent replication. For example, an incorrect server name. Incorrect replication type can prevent bi-directional replication. If the initiating server is not allowed access to the called server, replication stops. Servers that do not have a certicate in common cannot authenticate, and replication will not occur. Applications that do not have the same replica ID cannot replicate. A database where replication has been temporarily disabled cannot replicate. If the called server does not have the appropriate application ACL access on the initiating server, some application elements might not replicate correctly.
Review the information in the accompanying table. Note that the factors described are not a complete list; they are intended to make students aware of the places and issues to check when setting up or troubleshooting replication problems. If time permits, you might want to discuss some other factors that affect replication, such as Readers elds.
Replication type
Server access list
Authentication
Replica ID
Replication Settings
Access control list
98

Activity 5-1: Create a Local Replica and Test Replication

This self-paced activity is very straightforward for students who have previous experience with Lotus Notes 8.5. If there are students with no previous experience, these students may need additional direction.
Scenario Worldwide employees need to work in a local replica of an application when they are out of the office and disconnected from the network. As an administrator, you should be able to create a local replica of an application from the server for remote employees to use while they are out of the office. Follow these steps to create a local replica of the Policies application from Hub/SVR/WWCorp, add a document, and replicate the changes to the server.
Step 1. 2. 3. 4. Action From Lotus Domino Administrator, click the Files tab. Open the Policies application from the list. Click FileReplicationNew Replica. Make the following selections:

Select Local from the list of servers. Accept the default path and le name. Expand Replica settings and if necessary, select Create Immediately. Click OK to create the replica.
5.
Create a document in the new local replica application. a. b. c. d. Open the local copy of Policies. Click New Main Topic. If a security alert displays, select Start trusting the signer to execute this action and click OK. Type a subject for the new document. Click Save & Close.
6. 7. 8. 9.
Click FileReplicationReplicate. In the Replicate Policies dialog box, click Replicate with options and click OK. Verify that Hub/SVR/WWCorp is in the with eld, and click OK twice. Open the Policies application on Hub/SVR/WWCorp to verify your document was added.
99
Topic B: Designing a Replication Strategy

B
Types of Replication Topologies Describe the types of replication topologies, highlighting the advantages and disadvantages of each.

Types of Replication Topologies
Topologies establish which servers are connected and how they communicate specic information. It is critical to carefully plan a replication topology to ensure that IBM Lotus Domino functions properly and that users have access to the information they need in a timely manner. A topology could specify replication between hub and spokes, server-toserver, or any combination that works for the organization. The following table describes each topology.
Topology Hub-and-spoke: One central server (hub) initiating mail routing and replication to spoke servers.

Advantages Easy to set up and add servers. Better security. Centralized management. Minimizes network traffic. Highly scalable allows for expansion and growth.
Disadvantages Hub server must be powerful. If no backup to the hub, replication and mail routing stop.
Peer-to-peer: Each server initiates connections to each other (also called Full Mesh).
Management of all connections is local. Easy to manage fewer servers. Decreased potential for replication problems.
Less centralized. Requires more Connection documents. Increases administration of replication schedules.
100

Lesson 5 Examining IBM Lotus Domino Replication Topology End-to-end: Connects two or more servers in a chain (also called chain topology). Advantages Fewer Connection documents to maintain than some other topologies.
Disadvantages If one server in the sequence is down, replication throughout the domain stops. Replication from the source server to the destination server could take a signicant amount of time.
Hybrid: Combination of other topologies.
Information is kept up-to-date because databases are replicating between several servers.
Most complex to set up and manage. May require more disk space.
The following gure illustrates the hub-and-spoke topology.
Hub-and-Spoke Topology
Figure 5-1: Hub-and-spoke topology
101

The following gure illustrates the peer-to-peer topology.
Peer-to-Peer Topology
Figure 5-2: Peer-to-peer topology The following gure illustrates the end-to-end topology.
End-to-End Topology
Figure 5-3: End-to-end topology
102

Server Replication Types

Server Replication Types
The following table describes server-to-server replication. The compound replication types available are given in the rst two entries of the table. The last two entries are simple replications. Together, the four types make any replication topology possible.
Make sure the students understand which servers Replicator is doing the work for each type of replication listed in the table.
Replication type
Description
Number of required Connection documents 1
Pull-Pull
Each servers Replicator does the work and pulls data from the other, writing changes in its own applications. The initiating servers Replicator pulls changes from the called server and then pushes data to the called server; only the initiating servers Replicator does the work, writing in both servers. The initiating servers Replicator does the work and pulls data from the called server. The initiating servers Replicator does the work and pushes data to the called server.
Open a Connection document, and show the Replication Type eld.
Pull-Push
The replication events get written to the Domino Server Log database (Log.nsf) as follows: After Pull-Pull replication, two Domino Log les get updated; each Replicator writes what data it pulled to its own servers Domino Log le. After Pull-Push replication, one Lotus Domino Log le gets updated; the only working Replicator writes what data it pulled or pushed to its own servers Lotus Domino Log le.
Pull Only
Push Only
103

Replication vs. Routing Topologies

Replication vs. Routing Topologies
Different mail and replication topologies may be required within the same organization due to special needs for either routing mail or replicating applications. The needs for both mail routing and application replication should be considered to ensure the most optimum topology.
Note: The same topology may be used for both mail routing and replication.
Open a Connection document, and show the elds for replication and mail routing on the Replication/Routing tab to emphasize that they are separate settings.
Considerations for Choosing a Replication Type

Choose the best type of scheduled replication for the companys needs, based on the nature of the application and the time of day replication is scheduled. For example, if the hub replicates with each spoke during the night, the hub should push all changes to the spokes in the morning. While the replication type chosen will depend greatly upon the specic situation, some general considerations include: Server load and server availability.

Considerations for Choosing a Replication Type
Connection costs. Data security and access rights. Replication topology.
How to Design a Replication Strategy

How to Design a Replication Strategy
Designing a replication topology will assist you in ensuring that the servers in an IBM Lotus Notes and Lotus Domino environment are properly connected and that they communicate the appropriate information. The following are some guidelines for designing a replication topology.
Determine the appropriate topology type based on the size and type of the organization. For example, peer-to-peer, hub-and-spoke, end-toend, or hybrid. If using hub-and-spoke:

Determine the number of hubs and the appropriate system resources for each hub. Determine if clustering the hubs is necessary. Determine which servers will initiate replication (i.e., which replication types to use: Pull-Pull, Pull-Push, Pull Only, or Push Only). Determine if you will use server groups.
104

Practice Activity 5-2: Develop a Replication Strategy

Read through the Worldwide Corporation replication requirements, then clearly explain what students should do to complete the activity. Position this activity as the planning stage. Students will implement this replication strategy in a future course.
Scenario Consider the following to develop a replication strategy:

The corporate hub should control when and how replication occurs and handle the entire work load during each session. The hub should replicate with one server in each region, which will in turn replicate changes to all other servers in that region. All system databases required by Lotus Domino to function properly should be synchronized frequently as they are high priority databases. This includes the Domino Directory, Administration Requests database, and Certication Log. Users will need the information in employee databases updated several times each day. A complete replication session should occur regardless of the length of the connection.
105

1.
Draw lines on the following diagram showing how Worldwide Corporations servers will replicate. Indicate the replication type for each connection.
Review replication topology design.The following graphic shows the exercise solution for replication topology design.
One Connection document from East01 (West01) to a servers group (EastServers/WestServers) would handle replication to all servers in the East (West) region. The recommended replication schedule is every two hours for Domino Directory and every six hours for all other databases.
106

Lesson Summary
In this lesson, you described the Lotus Domino replication process and its functions. As an administrator, you need to understand how Lotus Domino uses replication to keep the Domino Directory, the Certication Log, the Administration Requests database, and user databases synchronized on all servers in the domain.
107
Extending the IBM Lotus Domino Environment

Topic A: Selecting Additional IBM Lotus Domino Services Topic B: Implementing IBM Lotus Domino Scalability Features Topic C: Integrating Other IBM Products
Lesson 6 Extending the IBM Lotus Domino Environment
Introduction
An organization can extend the IBM Lotus Domino environment with various services, tools, and software products. These additions can enhance and expand the services available to the user community. After completing this lesson, you should be able to: Identify additional Lotus Domino services. Identify Lotus Domino scalability options. Identify other IBM server types that might be incorporated into a Lotus Domino environment.
This lesson introduces some of the software available to extend Lotus Domino functionality. Additional IBM products are described in the Extend Lotus Domino Software appendix.
110

A
Lotus Domino Standard Services Show the students the Web Administrator: 1. Open your Web browser. 2. Enter the URL for the Web Administrator. For example: http://servername/ webadmin.nsf Where servername is the name of the instructor server. 3. Briey show the interface to emphasize Lotus Domino Internet support and administration exibility.
Topic A: Selecting Additional IBM Lotus Domino Services

Lotus Domino Standard Services
An IBM Lotus Notes and IBM Lotus Domino environment can support many other applications and functionality by taking advantage of additional standard supplied services. Some of the additional services available for a Lotus Domino server environment are listed in the following table.
Service or task Internet services: HTTP
Denition
Description Supports the Internet protocol used to transfer les from one computer to another for Web browser access. Allows connection to and from Internet standard directories. Supports users running POP standard clients for mail. Allows clients to retrieve mail from a host mail server also running the protocol. IMAP is similar to POP3 but has additional features.
HyperText Transfer Protocol
LDAP
Lightweight Directory Access Protocol Post Office Protocol Version 3 Internet Mail Access Protocol
POP3
IMAP
DECS
Domino Enterprise Connection Services
Allows real-time backend connectivity between Lotus Domino and external systems to support application and application access to non-Lotus Domino information and data.
111
Topic A: Selecting Additional IBM Lotus Domino Services

Lotus Domino Internet Security Mechanisms

Lotus Domino Internet Security Mechanisms
When using Lotus Domino connected to the Internet, there are additional options to secure the Lotus Domino servers and services available to the community. The following table describes some of the Internet security settings available with Lotus Domino.
Refer students to the following Lotus Domino Administrator 8.5 Help topics for additional information on Internet security: SSL security, SSL and S/MIME for clients, and Setting up an Internet certicate authority.
Security option SSL
Denition Secure Sockets Layer
Description and benets Security protocol that provides communications privacy and authentication for Lotus Domino server tasks that operate over TCP/IP. SSL offers these security benets: Data is encrypted to and from clients, so privacy is ensured during transactions. An encoded message digest accompanies the data and detects any message tampering. The server certicate accompanies data to assure the client that the server identity is authentic. The client certicate accompanies data to assure the server that the client identity is authentic. Client authentication is optional and may not be a requirement for your organization.
S/MIME
Secure Multipurpose Internet Mail Extensions
A protocol used by clients to sign mail messages and send encrypted mail messages over the Internet to users of mail applications that also support the S/MIME protocol. S/MIME benets include: Encrypted mail messages cannot be read by unauthorized users while the message is in transit. Electronically signed messages show that the person who signed the message had access to the private key associated with the certicate stored in the signature.
112

Lesson 6 Extending the IBM Lotus Domino Environment Security option CA Denition Certicate Authority Description and benets A certicate authority (CA), or certier, is a trusted administration tool that issues and maintains digital certicates. Certicates verify the identity of an individual, a server, or an organization, and allow them to use SSL to communicate and to use S/MIME to exchange mail. Certicates are stamped with the certiers digital signature, which assures the recipients of the certicate that the bearer of the certicate is the entity named in the certicate.
113
Topic B: Implementing IBM Lotus Domino Scalability Features

B
Scalability Options

Scalability Options
When implementing or supporting an IBM Lotus Domino installation, it is important to consider the performance and scalability of the available hardware. Lotus Domino offers options to maximize usage of CPU power, memory, and disk space on high-powered systems. The following table describes these Lotus Domino options.
Service or task Clustering
Description A Lotus Domino cluster is a group of two or more servers that provides users with constant access to data, balances the workload between servers, improves server performance, and maintains performance when you increase the size of the Lotus Domino environment. Enable running multiple instances of the Lotus Domino server on a single computer.
Partitions
Lotus Domino Clusters

A Lotus Domino cluster is a group of two to six servers that:
Lotus Domino Clusters Verify students understand the cluster concept: Use the idea of the many-to-one relationship: A server cannot be a member of more than one cluster. Clustering is available with Lotus Domino Application and Enterprise server types.
Are on a high-speed LAN. Are on the same Lotus Domino Named Network. Are in the same Lotus Domino domain and share a Lotus Domino Directory. Run the TCP/IP network protocol. Contain application replicas. Use a dedicated network adapter for cluster-to-cluster traffic.
For more information on Lotus Domino clusters, refer to the Lotus Domino Administrator 8.5 Help topic Clusters.
114

Benets of Clustering
The following table lists some of the benets of using a cluster.
Benets of Clustering
Benet
Cluster replication is used to keep data current among the cluster members. Regular replication schedules are still required to maintain the Lotus Domino environment.
Description Automatic redirection of user requests to available servers. This failover capability provides consistent access to critical applications, even if one server is down for maintenance. User requests to heavily used servers are redirected to other cluster members. Administrators can: Add cluster members. Add application replicas. Reallocate users across the cluster.
High availability of applications
Workload balancing
Scalability
Data synchronization
Cluster replication maintains current data across replicas. Software and hardware upgrades on one cluster member do not affect other members. Cluster member can act as server backup for critical data. Clustering does not take the place of backup. At least one server in the cluster must be backed up to tape, as well as other servers that contain unique les (such as logs).
Ease of upgrade and migration System backup
Lotus Domino Partitions

Lotus Domino Partitions
Lotus Domino server partitioning software allows the creation of a maximum of six Lotus Domino servers on a single computer.
115

Partitions:

Are available with the Lotus Domino Enterprise server. Are supported on all Lotus Domino supported operating system platforms. Share Lotus Domino executables. Have unique:

Lotus Domino data directories. Initialization les (Notes.ini).
Can be clustered.
Note: Lotus Domino partitions should not be confused with specic operating system partitions, which segment system hardware.
For more information on Lotus Domino partitions, refer to the Lotus Domino Administrator 8.5 Help topic Partitioned servers.
Benets of Partitions
Benets of Partitions
Partitioned servers optimize hardware usage. The following table lists some of the benets of using partitions.
Benet
Description Run multiple Lotus Domino servers on a single computer. Easier to administer a single server than multiple servers. More efficient use of hardware. For example, you can purchase a single, more powerful computer and run multiple Lotus Domino servers on the single machine.

Reduce hardware expenses Minimize the number of administered systems Maximize usage of highpowered systems
Are very effective in different domains
Separate servers for individual customers. Support multiple Web sites.
Add scalability
Running partitioned servers from the same domain on a multi-processor computer can improve performance because the computer simultaneously runs certain processes.
116

C
Lotus Sametime
Topic C: Integrating Other IBM Products

IBM Lotus Sametime
Leveraging a mix of Web technology, IBM Lotus Notes technology, and T.120 data-conferencing technology, IBM Lotus Sametime provides an environment where users can participate in interactive conversations and meetings within online communities. The Lotus Sametime server supports several types of real-time communication: Users can participate in instant chat sessions with other online participants through the exchange of text as well as using audio- and videobased information in real time.

Users can transfer les in an instant or scheduled meeting. Users can collaborate in real-time meetings using the Web Conferencing interface with advanced organizational collaboration that includes instant polls and reach out to a community of experts. Users can participate in broadcast style meetings where many users can tune to a meeting and watch it without interaction. A community of users to collaborate in real-time through presence and instant messaging server applications.
Note: Lotus Sametime is an integrated installation option and cannot be unchecked when installing the Lotus Notes 8.5 client.
IBM Lotus Connections

Lotus Connections
IBM Lotus Connections is a social networking software application that enables organizations to collaborate with their employees, partners, and clients. It provides six services. The following table lists Lotus Connection services and their descriptions.
Service Home page
Description A portal that provides a customizable view of the social network. It consists of widgets of the other ve services. The placement of the widgets are customizable. The home page also has an advanced search box that enables users to locate people or information across the social network.
117

Lesson 6 Extending the IBM Lotus Domino Environment Service Proles Description It contains a persons name, photo, address, area of expertise, department, and reporting structure. Proles help to locate people in an organization based on their expertise level, department, or interests. A collaborative space that enables people with common interests to share information or interact with one another. Communities can be integrated with Lotus Sametime, which allows community members to chat with one another and also save their chat transcripts. A blogging service that helps people share information and receive feedback. A platform to discover, save, and share bookmarks enabled by users with similar interests. Notications can also be sent and received about new bookmarks. An activity management tool that helps users organize their tasks. The tasks can be categorized into various sections such as to do lists, meeting agendas, or logistics.
Communities
Blogs
Dogear
Activities
IBM Lotus Quickr

Lotus Quickr
IBM Lotus Quickr is team collaboration software that enables team members to share content. It has six components. The following table lists the components with their descriptions.
Component Content Library
Description A version control database of team documents. Team members can check in or check out documents or media les from the content library. Lotus Quickr and ECM can be combined to provide enterprise level collaboration. It enables the content to be accessible across an organization from tools such as Lotus Notes or Microsoft Office. Enable users to create specic work space for projects or teams. Collaboration tools such as blogs, wikis, discussion forums, or team calendars can be included in team places.
Lotus Quickr + Enterprise Content Management (ECM)
Team places
118

Lesson 6 Extending the IBM Lotus Domino Environment Component Connectors Description Enable users to collaborate and access content from Lotus Quickr without switching applications. For example, a Lotus Sametime user can send or receive Lotus Quickr links from a chat application. Pre-built team places that provide immediate solutions and support for some common business processes. A personal content database where users can store and share les.
Templates
Personal le sharing
119

Lesson Summary
In this lesson, you identied services and options used to extend and enhance the functionality of the Lotus Domino environment. By using various services, tools, and software products to extend the IBM Lotus Domino environment, you can enhance and expand the services available to the community.
120

Lesson Follow-up
Follow-up
In this course, you were introduced to foundational concepts needed to perform basic administrative tasks in a Lotus Domino 8.5 infrastructure. In addition, that knowledge has prepared you to move forward and obtain the additional knowledge needed for building a Lotus Domino 8.5 infrastructure or managing the servers and users that make up a Lotus Domino 8.5 infrastructure.
Whats Next?
This course is the rst in a series of system administration courses. The material in IBM Lotus Domino 8.5 System Administration Operating Fundamentals provides foundational knowledge needed to administer a Lotus Domino 8.5 infrastructure. Once you have completed IBM Lotus Domino 8.5 System Administration Operating Fundamentals, you can take either Building the IBM Lotus Domino 8.5 Infrastructure or Managing IBM Lotus Domino 8.5 Servers and Users. The recommended next step in the series is the Building the IBM Lotus Domino 8.5 Infrastructure course.
121
Appendix
About This Appendix
The Worldwide Corporation Infrastructure Plan

This appendix provides an overview of Worldwide Corporations infrastructure. It is intended to provide an overall view of the environment as designed by the planning team. It does not provide details on specic IBM Lotus Domino functionality. This document will be continually updated. Administrators should refer to the Policies and Procedures application on any Worldwide Corporation server for the latest version of this document. IBM Lotus Notes and Lotus Domino are Worldwide Corporations global standard for electronic mail and for developing and deploying groupware applications.
Copyright IBM Corporation 2009
Appendix
Appendix A The Worldwide Corporation Infrastructure Plan
Organization Structure
The structure of Worldwide Corporation is illustrated in the following gure.
Figure A-1: Structure of Worldwide Corporation
Servers By Task
Worldwide Corporation will designate servers to specic tasks based on Information Groups. The following table lists the servers, associated tasks, and rationale behind the decision.
Server type Hub
Tasks Routes mail and replication applications to and from other hub or spoke servers.
Rationale Provide easier administration and maintenance.
124

Appendix A The Worldwide Corporation Infrastructure Plan Server type Internet Messaging Tasks Provides non-Lotus Domino mail services, such as: POP3. IMAP. SMTP. NNTP. LDAP.
Rationale Use Lotus Domino server to provide employees with access to non-Lotus Domino mail les.
LDAP
Service, LDAP Directory
Provides a central user record repository. Use IBM Lotus Sametime and IBM Lotus Quickr to service collaboration needs. Utilize IBM WebSphere Portal as a composite application interface.

Collaboration
Provide, instant messaging, web meeting, blogs, wikis, and audio/video needs.
Application Web Server
Provide, content application web interface.
Mail
Stores users mail and applications and routes mail across the intranet and Internet.
Provide easier administration. Minimize server processor load. Reduce network traffic. Provide predictable server performance and grouping of users. Allow user access to applications when mail server is down.
125
Appendix
Appendix A The Worldwide Corporation Infrastructure Plan Server type Application Tasks Stores applications.
Rationale Provide easier administration. Group applications by usage, replication needs, and/or security requirements. Allow tuning of server to optimize performance and response time independent of mail usage. Ease expansion by adding new application servers as usage and storage needs increase.
Web
Provides access to an application from the Internet or to the corporate intranet. Can use either: Lotus Domino Web server. Microsoft IIS.
Can place outside the rewall for Internet access. Provide employees with access to corporate information from a browser.
Service Oriented Architecture
Lotus WebSphere. Application server.
Deliver a secure system. Provide a portal.
Servers By Location
Worldwide Corporation will have one Lotus Domino Domain (WWCorp) that includes all Worldwide Corporation offices. Worldwide Corporations Internet domain name has been registered as WWCorp.com.
Topology
Worldwide Corporation has selected a hub-and-spoke topology for ease of management and future expansion. There is one hub server and one or more spoke servers. Each site will be set up to run independently, although they will be connected to the corporate hub. Connection documents are required for replication to tell the corporate hub how and when to communicate with other servers and for spoke servers to connect to the corporate hub.
126

The hub server is the center of the infrastructure, which has high-speed links running to the offices. Each individual server is responsible for its own mail routing and replication events. The hub server is responsible for replication of the critical applications between all its spoke servers. The following gure illustrates the locations and types of servers.
Figure A-2: Server types and locations
The hub server

The hub server is the administration server for the Worldwide Corporation domain and replicates the Directory Catalog and the Administration Requests application to all other servers within the Worldwide Corporation domain (WWCorp). Customers and vendors will have access through a Web server.
Notes Named Networks

The regional sites will be logically grouped into Notes Named Networks (NNNs), since they share a common protocol (TCP/IP) and are constantly connected. Grouping the Notes Named Networks this way will ensure that users see information on their local servers to reduce network traffic.
127
Appendix
System Administration
System administration is locally controlled by region, but monitored from the corporate office. Administration tasks are controlled by regional administrators. General policies and guidelines are maintained and distributed from the Corporate office. Implementation and design changes are carried out after business justications are submitted and approved. All Lotus Domino system administrators use the Lotus Domino Administrator and Web Administrator for all administration tasks. All other administrators use appropriate tools to complete their daily tasks.
Domino Domain Monitoring

System administrators will use Domino Domain Monitoring and the integrated IBM support assistant to proactively monitor the WWCorp Domain.
Network Strategy
Worldwide Corporations strategy includes these components:

Incorporating TCP/IP as their primary network protocol. Providing high-bandwidth networking connections to all offices from headquarters. Incorporating Lotus Sametime and Lotus Quickr throughout the corporation as collaboration tools. Incorporating a WAS server to enhance internal and customer interaction.
Directory Strategy
There will be more than one Lotus Domino domain (WWCorp) for the entire Worldwide Corporation Lotus Domino environment. The model matches the physical layout of the Worldwide Corporation WAN. The rst congured server (the corporate hub) will have full administration rights over the entire domain. When incorporated, the LDAP TDI is used to provide user information. The Lotus Domino Directory will reside on the corporate hub server at headquarters, and replicate to each regional server. The corporate hub will create Directory Catalogs and replicate to regional servers for use by remote users. Remote users can keep a local replica of the Directory Catalog on the client for faster response time and timely encryption of messages. System administrators will periodically update the Directory Catalog and replicate once a day to servers.
128

Directory access is from:

Lotus Notes clients. Web browsers. Other e-mail and directory clients. Lotus Sametime client.
Replication Topology
A hub-and-spoke topology will be used for replication. This structure consists of a main hub with spoke servers. The corporate hub server will be the primary hub and share control of replication with regional servers.
Streaming replication
Connection documents are required for replication to tell the corporate hub how and when to communicate with other servers and for spoke servers to connect to the corporate hub. To take advantage of the new streaming replication feature in Lotus Domino 8, connections between hub servers will use the Pull/Pull replication strategy. Administrators will create Connection documents between the WWCorp Domain Hub and regional hub servers using the Pull:Pull strategy. This will take advantage of the speed of Streaming Replication. It is important to note that WWCorp employees are not expected to access these servers, so all hub servers can share the replication workload.
Note: Employees are not expected to access hub servers.
129
Appendix
The following gure illustrates Worldwide Corporations replication topology.
Figure A-3: Worldwide Corporations replication topology
Integrated Db2 Technology

Administrators will leverage the speed of Db2 Server Technology while maintaining Lotus Domino security access to data in the Db2 environment.
Mail Routing Strategy

Each region will have its own server that is responsible for local mail delivery, but will rely on the corporate mail server for inbound Internet mail: Simple Mail Transfer Protocol (SMTP) will route mail to the Internet.
Notes Remote Procedure Call (NRPC) will route mail within the corporate intranet.
The following conguration provides for ease of conguration and optimum load balancing and failover: One Internet domain.

ISP as a relay host to Internet. The corporate mail server is enabled to route external mail using the SMTP protocol. All mail servers have Connection documents and route mail using NRPC internally.
130

The WWCorp Domain Hub will be congured to send and receive Internet mail. Administrators will use whitelists and blacklists to improve mail routing performance. In addition, Transfer and Delivery Reports will be used to notify users if their mail is unable to be delivered.
Mail Administrators
Administrators must perform the following tasks:

Store the Internet domain name in the Foreign SMTP and Global Domain documents. List the inbound mail servers in the Mail Exchange (MX) records in the Domain Name Service under the domains name. Only one is required. (Note that load balancing for multiple servers is dependent on the algorithm used by the client SMTP system to select a server from the MX records.) Congure complete address lookup or congure local part only lookup to identify each mail recipients mail server so that the router can make the nal delivery.
Mail clients
Initially, some mail users will have Lotus Notes mail les. In the future, some mail users may use other Internet mail client software. At that time, Worldwide Corporation will set up select Internet POP3 Messaging Servers for non-Lotus Notes mail clients to access mail les on the Lotus Domino server.
Mail monitors and controls

The following mechanisms will be put into place for monitoring and controlling mail: Automated testing of mail routers.

Mail quotas. Inbox cleanup. Mail journaling. Set options for Mail Recall. Set options for Out of Office agent. Reject inbound ambiguous names/deny mail to groups. Maximum message size for inbound and outbound message set to 10 megabytes. User restrictions, such as full-text indexing and other Policy Management enhancements.
131
Appendix
Server managed provisioning

Administrators will use the Eclipse Provisioning model to deploy Lotus Notes 8 Client features, components, and composite applications.
Mail routing topology

The following gure illustrates Worldwide Corporations mail routing topology.
Figure A-4: Worldwide Corporations mail routing topology
Reverse path setting for forwarded messages

Administrators will use this function to specify how the mail router handles delivery failure reports when e-mails are automatically forwarded by an action in a users mail rule. This will reduce inadvertent rejection of legitimate mail by some SPAM lters when automatic mail forwarding is enabled.
Worldwide Corporation Naming Conventions

The following table denes the Worldwide Corporation naming scheme.
132

Organization component Organization (O) Organizational units (OUs) WWCorp
Vale
Certier wwcorp.id sales.id operations.id hub.id west.id east.id svr.id There may be additional id les needed.
WEST: West EAST: East SVR: All servers
Organizational units are based on geographical regions and job role. The servers organizational unit will be used for better control of management and creation of servers. All organizational units and common names are descendants of the organization certier /WWCorp.
User naming
The following table provides user naming conventions.
Type Common name for Lotus Domino environment Internet mail addressing
Syntax Firstname Lastname
username@WWCorp.com where username = Firstinitial_Lastname
Server naming for Lotus Domino

The following table provides examples for regional server names.
Region Hub East
Code
Server names (server types) HUB/SVR/WWCorp (Hub)
Server address hub.wwcorp.com east01.wwcorp.com
East## (01 06) West## (01 06)
EAST01/SVR/WWCorp
West
WEST01/SVR/WWCorp
west01.wwcorp.com
133
Appendix
Naming examples for Lotus Domino

The following table provides naming examples for international sites.
If you want to ... Create a new server.
Then ... Use the name Type##/SVR/WWCorp, where: Type is the server type, or region for example, East. ## is the server number of this type.
Create a new organizational unit.
Use the standard department code that identies the location of the organizational unit. A new organizational unit for Sales might be: /Sales/WWCorp Certify under the regional organizational unit where the user works. A new user named Sara Jones in Sales would be: Sara Jones/Sales/WWCorp The corresponding Internet name would be: Sara_Jones@WWCorp.com
Create a new user.
Certier/ID management policy

The following table describes the certier/ID management policy.
Type Organization certier
Management policy Corporate system administrators create the O certier. Corporate system administrators create the OU certiers. Access is limited to two administrators using multiple passwords. Store IDs in protected areas.
Organizational unit certiers
Corporate administrators keep copies of OU certiers. OU certiers are migrated to the CA process. Regional administrators use the CA process to register users and servers using these OU certiers. Store IDs in protected areas.
134

Appendix A The Worldwide Corporation Infrastructure Plan Type Server IDs
Management policy Corporate system administrators create all server IDs. Store IDs on the server. Use only for the server.
User IDs
Regional administrators create user IDs. Regional system administrators keep copies of IDs in a secure application on the hub server. Use a Certication Log application to track certication. All Certier IDs have multiple passwords and expiration dates of 20 years from date of creation. This is not recommended, but is used for classroom purposes. Store backups in a secure off-site location.
Key les for Interent (X.509) Certicates
Using Lotus Domino as a Certicate Authority, administrators will create X.509 certicates using the Certicate Authority Application on a workstation and store the CA key ring on that workstation, not on the server. Do not distribute these les to other administrators in the organization. Store the certicates in a secure off-site location. Store in corporate user Lotus Notes ID les. Store in trusted LDAP directories (for customers).
135
Appendix
Hierarchical naming for Worldwide Corporation

The following gure illustrates the organization hierarchy, including currently planned server names.
Figure A-5: The organization hierarchy
Remote Access
Worldwide Corporation has determined specic Internet access for remote employees, vendors, resellers, and customers, based on their needs.
Internet access
The following Internet access will be used:

Authenticated access for employees Public access Web server for vendors, resellers, and customers, including controlled access to servers, applications, and data
The following table describes types of access.
136

Employees X.509 certicates
Customers Anonymous access to catalog and public company information. Future: Username and password access to information about their own orders, for example, shipping information.
Vendors Anonymous access
Resellers Authenticated access through outside LDAP directories.
Internet security features

Administrators will use XACLs to decipher hashed passwords. Internet Password Lockout will be used to restrict Internet users to three login attempts before account lockout.
Remote users
Users at home offices that do not have direct connections to the WAN can use an Internet Server Provider (ISP) to access the Lotus Domino system through a local Firewall server. Remote users can connect to their mail server through the local Firewall servers.
Server Congurations and Security

Worldwide Corporation has determined congurations for servers, including licensing, le structure, and server tasks. Server security has been dened as group access to servers.
Server types
The following table lists the server licenses that will be used for each of the server types.
Server type Lotus Domino Mail and Internet Messaging servers
Server license Lotus Domino Messaging Server
Rationale To provide Lotus Domino and Internet mail services
137
Appendix
Appendix A The Worldwide Corporation Infrastructure Plan Server type Application and Web servers Server license Lotus Domino Utility Server Rationale To provide custom application applications for Lotus Notes and Web clients To provide the following services: Clustering Partitioning
Hub server
Lotus Domino Enterprise Server
WAS
WebSphere Application Server
To provide the following services: Build and deploy application services Run services efficiently Secure applications and data
File structure for Domino servers

The following table lists the standard le structure on the Domino servers.
Path Domino
Contents System les, client les
Description Client les will be installed for network distribution purposes. Lotus Domino system applications that are required for Lotus Domino to function properly. Critical applications that require frequent replication.
Domino\data
Applications, general data les
Domino\data\critical
Applications
Use the standard installation le paths whenever possible to ensure standardized training and ease of support and troubleshooting.
Note: Store Lotus Domino executables on a separate disk than Lotus Domino data for better performance.
138

These areas of the Lotus Domino le structure are accessible to only designated personnel for installation purposes. All other Lotus Domino data is protected by operating system security and is accessible to Lotus Domino administrators only.
Conguration documents
Every Worldwide Corporation server has its own Conguration document. This ensures that each server conguration can be modied separately and that there is a log of any changes made. The Lotus Domino conguration application will be used for server setup to streamline and automate setup. A Conguration document exists for each server type (for example, hub, mail, application) and is then distributed to other servers of the same type.
Lotus Domino tasks by server type

The following table lists the minimum requirements for all Conguration documents.
Lotus Domino server type Standard services for all servers
Recommended tasks The following are the recommended tasks: Mail Router

Replicator Indexer Agent Manager Administration Process Event Manager Statistics
Mail servers
The following are the recommended tasks: Calendar Connector Schedule Manager HTTP for Web mail
Application servers
The following are the recommended tasks: Standard services only, no additional services
139
Appendix
Appendix A The Worldwide Corporation Infrastructure Plan Lotus Domino server type Hub servers Recommended tasks The following are the recommended tasks: HTTP, both mail and applications SMTP (Headquarters hub only)
Web servers
The following are the recommended tasks: HTTP for Web applications
Internet messaging servers
The following are the recommended tasks: POP3 and SMTP IMAP LDAP NNTP
Group naming for servers

Groups will be used to determine access to servers and for added security. The following naming convention will be used to identify the location and type of group: region[global]descriptionofgroup
Note: Administrators may use Tivoli Directory Integrator (TDi) as an LDAP provider in addition to Domino Directory. In that case, groups such as LocalDomainAdmins, OtherDomainServers, and DenyAccess must reside on Domino Directory, while others can reside on TDi.
For example: HQAdmins or GlobalSales. Within groups, names are sorted in alphabetical order.
Deny access groups

As an added security feature, Worldwide Corporation will use four groups, which represent access denial to any Worldwide Corporation servers. In each server restrictions setting, these groups will be added in the Not access server elds. The following table describes the four groups.
140

Group name Deny Access A-F
Description Denial for people whose family names begin with A-F. Denial for people whose family names begin with G-L. Denial for people whose family names begin with M-R. Denial for people whose family names begin with S-Z.
Deny Access G-L
Deny Access M-R
Deny Access S-Z
Before deleting a user from the Lotus Domino system, add the user to one of these groups. This will ensure immediate denial to any Worldwide Corporation server.
Note: This is subject to replication of the changes throughout the domain, which will take no longer than 60 minutes.
Server conguration plan

The following table describes the server conguration plan.
Standard Application size quotas
Requirement No application size quotas, unless archiving is needed for a particular course No database naming standards Standard directory structure, for example: \Domino\Data\Global\HR1 \Domino\Data\Global\Marketing \Domino\Data\Local\Marketing \Domino\Data\Local\Dev1 One group for all server administrators, for example: GlobalAdmins Groups for specic categories of employees, for example: GlobalSales
Application names File system directory structure
Groups spanning the entire organization
141
Appendix
Appendix A The Worldwide Corporation Infrastructure Plan Standard Groups at all sites
Requirement A group for each region, for example: EastAll (for all Worldwide Corporation employees in East) One group for administrators per region, for example: WestAdmins (for all server administrators in West)
Client Congurations and Security

Worldwide Corporation has determined congurations for clients, including licensing and registration and desktop settings. Client security has been dened using security policies, including client IDs and certicates and group access to databases.
Client licenses
Client licenses will be:

Lotus Notes Client for most users, all generic IDs, and any contractual or affiliate accounts. IBM Lotus Domino Designer for users who will create, modify, or design databases. Lotus Domino Administrator for system administrators.
Client deployment
Desktop, registration, and security policies will be used to set up users environments. For Internet mail, account documents will be created locally for each mail protocol. Mail will be stored in Notes Rich Text format. Worldwide Corporation will use policy documents to create and update Location and Connection documents on workstations for dial-up users to determine where and how to locate the servers.
Client IDs and certicates

The following table describes the policy regarding client IDs and certicates.
142

Type Lotus Notes client IDs
Policy Certify all IDs using a Lotus Domino certicate. Users responsible for secure or encrypted information, such as pricing information to resellers, will hold an Internet (X.509) certicate. Stored on workstations for all users and encrypted locally. Copies are kept in a secure location by regional as well as corporate administrators.
Internet client browsers
Accept CA certicate as a trusted root. Store internal signed client certicates for access to secure information.
Longer encryption keys

Administrators will use the Lotus Domino 8 Certier Key rollover to upgrade user, server, and certier ids, taking advantage of the new 2048-bit encryption for users and servers, and 4096-bit keys for certier ids.
File storage
Client-based data les, such as IDs, Notes.ini, and *.dsk, will be stored on the workstation for all users and encrypted locally.
Implementing the Deployment Plan

Complete these tasks to implement the Lotus Notes and Lotus Domino components of the Worldwide Corporation deployment plan.
Task 1 2 3 4 5 Set up the rst server.
Procedure
Add an administrators workstation. Set up access to the Lotus Domino Directory. Add Lotus Domino servers. Add organizational units.
143
Appendix
Appendix A The Worldwide Corporation Infrastructure Plan Task 6 7 8 9 10 11 12 13 14 Register administrators. Add Lotus Notes clients. Create user groups. Create organizational policy. Register users. Set administration preferences. Set up access to servers. Set up server logging. Synchronize Lotus Domino system databases throughout the domain. Route mail internally. Route mail to the Internet. Set mail controls. Test mail routing and delivery. Procedure
15 16 17 18
144
Appendix
Certication and Exam Competencies

IBM Software Services for Lotus Training and Certication
IBM Software Services for Lotus offers training and certication programs designed to help customers take full advantage of technology investments to improve business processes. Lotus software training ensures that individuals get up to speed quickly and effectively whether delivered in the classroom, on the desktop, or via distributed learning. For more information on Lotus software training, please visit http://www.ibm.com/lotus/training. The IBM Certied Professional for Lotus Software program provides individuals with a means to benchmark their technical knowledge and achieve industry recognition, which results in increased business value to both the individual and their organization. As a member of a highly regarded certied community, individuals enjoy benets commensurate to their certication level. For more information on certication, please visit http://www.ibm.com/lotus/certication. Skills Roadmaps are available to guide you on your path to knowledge. Roadmaps identify courses in their logical sequence to complete a specic curriculum or certication program. To view Skills Roadmaps for Lotus, please visit http://www.ibm.com/lotus/trainingroadmaps.
Lotus Professional Certication

Lotus software has robust certication programs in support of IBM Lotus software and technical skills. For complete information on the Lotus professional certication program, visit the IBM Software Services for Lotus Certication Web page at http://www.ibm.com/lotus/certication.
Appendix
Appendix B Certication and Exam Competencies
Place in certication
IBM Lotus Domino 8.5 System Administration Operating Fundamentals is listed as one of the preparation resources for the following exam: Exam 980 - IBM Lotus Notes Domino 8.5 System Administration Operating Fundamentals This exam is part of the path for IBM Certied System Administrator - Lotus Notes and Domino 8.5 certication. The complete path is described here: IBM Associate System Administrator - Lotus Notes and Domino 8.5 Exam 980 - IBM Lotus Notes Domino 8.5 System Administration Operating Fundamentals IBM Certied System Administrator - Lotus Notes and Domino 8.5 Successfully pass the following three exams:

Exam 980 - IBM Lotus Notes Domino 8.5 System Administration Operating Fundamentals Exam 981- IBM Lotus Notes Domino 8.5 Building the Infrastructure Exam 982 - IBM Lotus Domino 8.5 Managing Servers and Users
IBM Certied Advanced System Administrator - Lotus Notes and Domino 8.5 Exam information not yet available.
Preparing for a Lotus certication exam

Attending this course and using this Student Guide will help you prepare for certication. Some topics covered on the exam are not covered in this course and some of the objectives covered in this course are not tested on the exam. Be sure to follow all the steps listed in order to prepare fully for the exam.
Step 1 2 3 4
Action Review the exam competencies. Get hands-on experience. Use the exam preparation page. Use all available resources.
146

Step 1: Review the exam competencies

Review the exam competencies to see the complete listing of possible topics for the exam. Use the competency listing as your checklist to determine your weaknesses and the areas on which you will want to focus more attention in your studies and preparation. You will nd the competencies listed in: The Exam Competencies Appendix included in this course.
The Exam Guides located on the IBM Software Services for Lotus Certication Web page at http://www.ibm.com/lotus/certication.
Step 2: Get hands-on experience

Actual hands-on experience is a critical component in preparing for the exam. The exam is looking to measure how well you perform tasks, not how well you memorize features and functions: Spend time using the product and applying the skills learned.
Direct application of the skills learned in this class cannot be replaced by any other single resource listed here.
Step 3: Use the exam preparation page

The exam preparation page lists resources available for each individual exam. To nd the exam preparation page for this exam, go to http:// www.ibm.com/lotus/certication and use the Select an exam drop-down menu. Select the exam name and link to the exam preparation page.
Step 4: Use all available resources

We recommend using a range of resources when preparing to take an exam. The following table describes the types of resources available to prepare for certication exams. For a listing of resources specic to each exam, use the individual exam preparation page located at http://www.ibm.com/ lotus/certication.
Resource Exam guides
Brief description Complete version includes certication titles and paths, sample questions, and registration information.
Where to nd resource Abbreviated version is available in the Exam Competencies Appendix included in this course. Complete version is available on the IBM Software Services for Lotus Certication Web page at http:// www.ibm.com/lotus/ certication.
147
Appendix
Appendix B Certication and Exam Competencies Resource Lotus authorized courses Brief description Offered at Education Centers for IBM Software (ECIS) and Lotus education locations worldwide. Where to nd resource A complete list of courses and education centers are on the IBM Software Services for Lotus Education Web page at http:// www.ibm.com/lotus/ education. Additional information is available at The Education Store on the IBM Software Services for Lotus Education Web page at http:// www.ibm.com/lotus/ education. Available from the IBM Software Services for Lotus Certication Web page at http:// www.ibm.com/lotus/ certication. See the individual exam preparation page for recommended online learning resources. Additional information available at http://www10.lotus.com/ldd/doc. Ordering information is available at http:// www.redbooks.ibm.com.
CBT programs
Used as an alternate learning tool or supplement to courses or both.
Practice tests
Available from a variety of vendors. Visit the individual exam preparation page to determine what practice tests are available for a specic exam. This includes online tutorials and other learning resources.
Online learning
Product Documentation
Official Lotus product documentation.
IBM Redbooks
Technical cookbooks that address topics that the reference manuals may not cover.
148

Preparing for the IBM Lotus Notes Domino 8.5 System Administration Operating Fundamentals exam
The following materials are available for the IBM Lotus Notes Domino 8.5 System Administration Operating Fundamentals exam: IBM Lotus Domino 8.5 System Administration Operating Fundamentals Course

CertFX Practice Test Notes, Domino, and Domino Designer 8.5 Release Notes Lotus Domino 8.5 Administrator Help
For the most up-to-date resource listing for this exam, visit the individual exam preparation page. Go to http://www.ibm.com/lotus/certication and select the exam name from the Select an exam drop-down menu. These individual pages will give you the most up to date list of resources available.
IBM Lotus Notes Domino 8.5 Administration Operating Fundamentals Exam Competencies
This section contains the exam competencies for the IBM Lotus Notes Domino 8.5 Administration Operating Fundamentals exam. The exam competencies are one tool for preparing for IBM Certied for Lotus Software exams. For more a complete listing of learning resources, refer to the Lotus Certication Web site available at www.lotus.com/certication.
149
Appendix
Install and Congure

The following competencies relate to installation and conguration.

Conguring client provisioning Conguring component update for composite applications Conguring Directory Services Conguring Directory Services/LDAP services Conguring Domino services Conguring Domino Web Access Conguring Ports Conguring Server Fast Restart Conguring User ID Recovery Creating an ID Vault Creating Dynamic Policies Creating Internet Site Documents Creating Policies Deploying a centrally managed Widget Catalog Identifying the architecture and key components of the Lotus Notes and Lotus Domino Environments Implementing Sametime for Domino Web Access (DWA) Implementing Domino Attachment and Object Service (DAOS) Implementing Domino Conguration Tuner Implementing Domino Roaming for Standard Clients Implementing Early Authentication Implementing Lotus iNotes enhancements Implementing Lotus Notes on Citrix Implementing Lotus Traveler Registration/Certiers Registration/Domains Registration/Groups Registration/Organizational Units Registration/Organizations Registration/Servers Registration/Users Understanding Installation Package Options Understanding Server Installation Order (platform independent) Understanding the Certication Log
150

Mail
The following competencies relate to mail.

Creating Domino (Notes) Named Networks Creating Mail Topologies Dening Mail Routing Protocols Dening supported message formats Implementing Mail Services/Domino Web Access (DWA) Implementing Mail Services/IMAP Implementing Mail Services/POP3 Issuing server commands Planning Mail Topologies
Manage and Maintain

The following competencies relate to managing and maintaining.

Dening directory terminology Examining Lotus Domino server functionality Managing les and disk space Monitoring server status Performing Basic Administrative Tasks Setting administrative preferences Starting Lotus Domino Administrator Understanding support for LDAP attributes Understanding the administration process Understanding the Domino Administrator UI Utilizing the Domino Administrator client Viewing mail routing status Viewing Person documents and groups Viewing replication events and topology Viewing server conguration documents
151
Appendix
Managing Servers
The following competencies relate to managing servers.

Conguring new Domino Domain Monitoring options Conguring Send to IBM feature Conguring Web Administration Bookmarks Implementing Domino Domain Monitoring probes Understanding Domino Directory enhancements Understanding Domino server console commands Understanding streaming replication features Upgrading Domino Servers to version 8.5 Utilizing Administration Process (Adminp) features
Platform Support
The following competencies relate to platform support.

Dening Domino attributes Dening Domino attributes/Certier Documents Dening Domino attributes/Conguration Documents Dening Domino attributes/Connection Documents Dening Domino attributes/Group Documents Dening Domino attributes/Messaging Dening Domino attributes/Person Documents Dening Domino attributes/Program Documents Dening Domino attributes/Replication Dening Domino attributes/Server Documents Dening Domino attributes/Server Tasks Identifying Lotus Domino databases
152

Security
The following competencies are related to security.

Conguring Administrator Access rights Conguring the Access Control List (ACL) Conguring the Access Control List (ACL)/Enforce a Consistent Access Control List Conguring the Access Control List (ACL)/Maximum Internet name-andpassword Dening Security Fields Deploying xPages Security Implementing Shared Login Implementing the ID Vault Managing encryption key lengths Restricting Server Access Understanding changes in database encryption levels Understanding database Access Control Lists Understanding new Java Security standards Understanding Online Certicate Status Protocol (OCSP) Understanding password protection for Notes and Domino ID les Understanding public and private keys Understanding the Access Control Lists (ACL) Utilizing the Access Control List (ACL) log
153
Appendix
Preparation Checklist
Instructor Preparation
This appendix is provided to assist instructors in their preparation for leading instructor-led training in a classroom or online (ILT and ILO).
When preparing to teach this course, consider doing the following:

Read through the Instructor Guide. Perform all activities in the course. Perform all demonstrations and labs described in the Instructor Guide. Refer to the Instructor Lounge to gather useful teaching tips and techniques that other instructors have used to teach this course. Use the information in this section to nd additional resources to further your knowledge of the subject. Practice the classroom setup.
Additional Preparation Resources

The following additional resources are available as you prepare to lead training.
Appendix
Appendix C Instructor Preparation
Name IBM developerWorks Forums and Community
Location http://www.ibm.com/ developerworks/lotus/ community
Description You can discuss Lotus and related products with your peers, expand your understanding of these products, and create connections with others. Join our public discussion forums, where the Lotus community meets to talk about Lotus software. You are welcome to read all our forums. To participate in some forums, you need to complete our free registration form to get a developerWorks Lotus user name and password. (If you have previously registered on Notes.net/Lotus Developer Domain, that is the user name and password to use here.) Other forums require an IBM ID to participate. IBM Lotus Domino and Lotus Notes product information where you can nd system requirements, installation and conguration procedures, and information about managing your Lotus Domino servers and Lotus Notes clients.
IBM Lotus Domino and Notes Information Center
http:// publib.boulder.ibm.com/ infocenter/domhelp/v8r0/ index.jsp
156

Appendix C Instructor Preparation Name IBM Lotus Notes and Domino Wiki Location http://www-10.lotus.com/ ldd/dominowiki.nsf Description The Lotus Notes and Lotus Domino Wiki, where you can nd and contribute to information about installing, administering, and using Lotus Notes and Lotus Domino, and other members of the Lotus Notes product family. Lotus Labs is about providing content in new ways: consumable, collaborative, customizable. This page highlights the pilots, projects, and programs weve been working on recently.
Lotus Labs
http://www-10.lotus.com/ ldd/lotuslabs.nsf
Course Strategy
Approach
This courses uses the ctitious company Worldwide Corporation to provide scenarios for installing and setting up the infrastructure. The company uses a single domain with Lotus Notes mail internally and SMTP externally. To provide all students with a comprehensive hands-on experience, we have designed this course so that all students administer their own servers. To accommodate this, we instruct students to use the client and server software on the same machine. The Lotus Domino server and Lotus Notes client software support this conguration provided that the server and client software is installed in separate directories on the machine. While we recognize this is not an optimal or recommended conguration to deploy in a real world environment, we use this environment in the classroom to provide all students with the experience of administering their own servers.
Recommended Agendas
This course is a one-day instructor-led course with computer-based activities and labs. These tables are provided to help you plan your instructional agenda for each of the training days.
Suggested agenda for ILT delivery

The following table shows the recommended agenda.
157
Appendix
Time 45 minutes 45 minutes 45 minutes 1 hour 45 minutes 45 minutes 45 minutes Lesson 1 Lesson 2 Lesson 3 Lunch Break Lesson 4 Lesson 5 Lesson 6
Lessons or Topics
Suggested agenda for ILO delivery

The following table shows the recommended agenda for ILO delivery.
Time 1 hour 1.5 hours 1.5 hours 1.5 hours Troubleshooting
Lessons or Topics
Lesson 1 and Lesson 2 Lesson 3 and Lesson 4 Lesson 5 and Lesson 6
Facilitating an ILO Course

Delivering a course in on online environment is probably more similar to classroom training, than it is different. Many course delivery strategies are valid in the online interface but require some modication for remote delivery.
Technologies used in an online course

The delivery environments used for an instructor-led online (ILO) course are: Web meeting Using the tools of a Web meeting application, instructors present slides, conduct demonstrations, lead discussions, and answer questions.
Virtual lab
158

Student workstations are installed in an eLab and accessed by students remotely. The lab workstation is available to students for the duration of the course and used to complete all lab activities and for independent practice.
Comparing classroom and ILO delivery

The following table lists the course activities and how they can be facilitated in both classroom and online classroom environments.
Course activity Presentation
In the classroom Instructor projects slides on the classroom monitor or projection screen. Instructor performs demonstrations and output is displayed on classroom monitor or projection screen. Students and instructor discuss topics.
In an online classroom Instructor displays slides in the online classroom interface. Instructor shares her desktop or application using the screen sharing features of the online classroom interface. Students and instructor use audio connection to discuss topics. Other tools to aid discussion include: Hand raise Chat window in Web conference Break out sessions for small group interaction
Application demonstration
Discussion
159
Appendix
Appendix C Instructor Preparation Course activity Guided practice In the classroom Instructors and students perform activities simultaneously. The instructors activities are displayed on the classroom monitor or projection screen. In an online classroom
The instructor chooses to: Convert the practice to demonstration and instruct students to practice the activity, after the session, using the instructions in the Student Guide.
Note: This option may be used only if the completion of the practice activity is not a prerequisite to subsequent course practice activities. If a live application is available for students, instruct students to perform the guided practice as unguided practice.
Unguided practice and exercises
Students complete these independently on classroom lab machines.
Students complete these independently on virtual lab machines. Generally, these activities may be completed after the live session. If the activity cannot be moved because it affects the ow of delivery, then the instructor may pause the live session to allow students to log in to their virtual accounts to complete the activities. Then students rejoin the live session. The instructor may be available to students during lab periods by phone, instant messaging, or using the virtual classroom chat feature.
160

Appendix C Instructor Preparation Course activity Questions In the classroom Instructors query for questions or encourage students to interrupt when they need to ask a question. In an online classroom Instructors pause the presentation or demonstration to ask for questions. Students use the hand raise feature to indicate they have a question. This is a more formal task in a virtual environment. Instructors may need to ask for feedback either verbally or use the polling features of the virtual classroom. Some conferencing applications allow participants to provide feedback by displaying icons in the participant list. Instructors may conduct feedback discussions at the end of each session to ask for specic pacing, level, and content feedback.
Feedback
Instructors view body language to assess students interest, understanding, and to judge pacing of delivery. Instructors use this feedback to adjust the content or pacing, or to address an individual students questions.
The ILO agenda

We have provided a recommended ILO agenda for you earlier in this appendix. Should you wish to create your own agenda, you need to: Divide the course into modules that can be delivered in online sessions.

Adjust the order of practice activities so that independent lab activities can be completed after the online sessions. Modify some activities so they are demonstrations rather than independent practice. This strategy is used when a practice activity is in the middle of a live session. Note: The completion of some course activities is required for subsequent activities to be completed. For example, students need to complete an activity to register a new user before they can complete an activity where they give that user access privileges. In these instances, you will need to identify the required activities and ensure they are completed as needed.
161
Appendix
Additional tips for creating the ILO agenda

Consider the following when setting up your course agenda:

The optimal length of an online session is two hours. You may, optionally, choose to deliver the course in full-day sessions, breaking for activities. You should schedule instructor office hours when students may reach you by phone for individual tutoring on topics as needed. You should allot more time for breaks than you would in a live classroom situation. Add time to the beginning of the online sessions to review lab activities. In the early sessions, when students are rst using the eLab environment, you will need this time to address any problems or observations students have about working in the virtual lab environment.
Scheduling the ILO

When setting your ILO schedule, consider the following:
A virtual class may be attended by participants in multiple time zones. You need to be available during the times students are completing their lab activities. Although you will not be presenting lab activities, you need to schedule time for students to complete these. If your online class ends late in the day, you should not expect students to complete the lab activities by early the next day. The virtual lab, used by students to complete activities, may not be available to class participants during certain hours. Or, the lab may be unsupported during night time hours. Schedule time before the rst class session, to help students test their ability to connect to the Web meeting facilities.
Instructor Preparation for an ILO Course

Additional tasks should be completed to prepare and deliver this course in a live, online session. This section lists some preparation tasks for preparing to teach online.
Presenting a live session in an e-learning environment

This seminar requires you to manage several tasks simultaneously, which can be challenging. You must manage multiple presentation tools, engage students interactively, demonstrate applications, respond to questions, and troubleshoot technical glitchesall while maintaining ow and continuity in the restricted time frame of the scheduled class session.
162

In addition, you must manage the pacing and interaction within the course; monitor electronic and verbal hand raising; compose, send, and evaluate questions and answers; and ll time as you wait for applications to display. You will also need to manage other, unscheduled events. For example, applications may crash, displays may freeze, or you may unintentionally close a window. You may also need to help students manage their own display. For example, you may need to instruct a student on how to recover a oating course screen, scroll the display, or scale a windows image. All these events require your attention, and at rst, the online collaboration tools will require training and practice. We recommend that you attend e-learning facandilitation training for the e-learning tool being used for delivery and rehearse your class presentations demonstrations.
Assisting the facilitator

We strongly recommend, in addition to extensive preparation and rehearsal, that you recruit a colleague to assist in delivering this course, at least the rst time you present it. Consider delegating the following roles and responsibilities: Facilitator: This person presents the content and performs the interactive demonstrations, paying attention to the ow and interaction of the course. The facilitator:

Displays each presentation page. Performs and narrates the interactive demonstrations. Responds to verbal questions. Manages the session pacing.
User Interface (UI) manager: This person manages the elements of the user interface. The UI manager:

Monitors the display on a separate machine to ensure that the facilitator narrative matches the refresh rate in the student browser. Monitors the participant list for raised hands. Answers students questions regarding the UI and any problems they may be having with it. This can be done in a separate chat window.
You should rehearse each session with your partner and clearly dene your roles and responsibilities regarding each element of the presentations and interactive demonstrations. Take a few minutes after each live session to review the things that did and did not work.
163
Appendix
Preparation checklist
After the course has been set up in the e-learning environment, you should:

Prepare your e-learning podium. Rehearse the presentation. Reserve audio conference services (do this if you will not use IP audio). Conduct a connection test with students. Review Preparing to Teach an e-Learning Session, in this section. Review Delivering an e-Learning Session, in this section.
Preparing your e-learning podium

The e-learning delivery podium is very different from the classroom podium. You can deliver this course from any workstation with a browser. You should also examine the environment from which you deliver the class. Review your setup.
Place a second computer next to your facilitator machine. Log on to this second machine as a student. Using the second student machine, you can monitor what the students are seeing, for example, how fast the refresh rate is. Use the fastest machine you can for interactive demonstrations. Waiting for a slow processor to perform your interactive demonstrations can be awkward. Invest in a high-quality telephone headset. Your students will be listening to you talk for hours at a time. Using a low-quality speakerphone or headset can be irritating to listeners. Turn off the ringer on your phone and disable call waiting. Disable voice paging on your phone, if you have this feature. Disable the intercom. Close the door (if you have one). Inform your colleagues and office neighbors of class dates and times.
Listen to your environment.

164

Rehearse the presentation

Create a test session. Test and rehearse:

Presentation materials: Display each slide and practice delivering the content as scripted in the Instructor Guide. Screen sharing demonstrations: As with any course, you should rehearse these demos to ensure that you can access the required applications and you can smoothly transition between the presentations and interactive demonstrations. Rehearsing interactive demonstrations: This course requires you to use the screen sharing feature to share demonstration media les. You should rehearse these interactive demonstrations several times. Rehearsing transitions: Several times during this course you are required to switch from presenting slides to using screen sharing.
Reserve conference services

Course participants connect to the course session using a Web browser. The audio portion of the session can be heard from: The speakers on the students computer: The session must be enabled for IP audio.
A telephone conference: Students use their telephones to listen and participate in the session. A conference service is used to join all phone connections into a conference.
Information you provide Whether you use internal or vendor-provided conference services, you will need to provide the following information:

Estimated number of participants: It is always better to overestimate, just in case you have a few last-minute course registrants. Origin of calls: Calls that originate in another country or time zone may require different support or conguration on the part of the conference provider. You should identify this in advance. Contact name and number prior to the conference: If conference facility personnel need to conrm or modify arrangements, they will need to contact you.
Information you need to provide to students
165
Appendix
When you reserve the bridge facilities, you should conrm the following information. This information will be communicated to students prior to the rst class: Dial-in number for participants: This is the phone number that students will dial.

International dial-in number (if needed): Some conference providers will provide different dial-in numbers for international callers. Conference reference name or number: Some conference service providers connect callers to specic conferences. In these instances, the caller dials a central number and identies the desired conference using a predened conference number, title, or host (facilitator) name. The call is then connected to the appropriate conference. Password: Optionally, some providers may require a password for entrance into a restricted conference. Support resources: The conference provider may provide an additional phone number for participants to call if they are having problems connecting to the course.
Conduct a connection test There are several reasons why you should request that students test their ability to connect to the coursethe least of which is to troubleshoot problems prior to the rst class. To prepare students, you should:
Create a live session and schedule it to occur about one week prior to the session. Invite students to join the session so that they can:

Test their ability to connect to the session services. Download any applications and plug-ins. Get acquainted with the e-learning user interface.
166

Additional Considerations
Preparing students
While preparing the to lead the course, you provided a test connection session for students and tested your own equipment and network connections. However, you will still need to make time at the beginning of the class to troubleshoot any connection or presentation issues that arise. In addition, you should: Encourage students to test their virtual lab connections. Allot some time in the rst or second class session to review student questions regarding the lab environment. Students connect to remote facilities to complete the lab exercises. It is common for the lab machines to be available for the duration of a course. Although you cannot provide support during this entire time, you should establish the times when students can expect to receive support for their lab activities.
Help students distinguish the kind of help they need. There will be two types of help required:
Content help: Assistance completing the lab task, which includes help understanding the instructions and troubleshooting errors that may occur. Lab facility help: This includes help connecting to the lab and using credentials to log in to the student account.
Provide additional ILO class support information. Students in a distributed learning environment require several types of support, ensure they have the necessary information to gain each type of support:

Technical support: To help resolve connection issues. Content support: To answer questions about the materials presented in class. Process support: To assure them that their participation in class is appropriate.
Schedule office hours: Make yourself available by phone, e-mail, or chat to support students. Recommend that students plan to complete the lab exercises during those office hours, when you can provide assistance to them. Encourage students to help each other.

You can support this formally by setting up an online community using collaboration applications such as forums or wikis. You can encourage students to do this informally using shared contact information or, if students are co-located, they may choose to complete the lab activities together.
167
Appendix
Beginning the class

Before you begin the class:
Display the opening slide and dial into the conference services at least 15 minutes prior to the beginning of class. This will give students a chance to test their connections. Use the draw tools to enter the time at which the class will begin. Arrange your workspace.

Clear the clutter on your desk; leave ample room for your Facilitator Guide, notes, documentation, and so on. Close any unused applications. They use valuable system resources. Arrange the e-learning windows so that you can display all the required functions.
Pacing and interaction

Consider the following :
Keep students engaged. Two hours of watching a presentation can put even the most enthusiastic student to sleep. Add interaction where possible.
Survey your students, either verbally or by sending an electronic question. Ask them about the level and pacing of your presentation. As with classroom-based audiences, some students will have more advanced experience and will benet from less presentation and more demonstrations with verbal questions and answers. Others may require more remedial instruction. You may not know this unless you ask. Share the demonstration. When you share an application, as you do when you demonstrate, you may be able to pass control to vol-
168

unteers who can complete tasks. Sharing the demonstration adds more activity in the class and helps to engage students.
Pause for discussion. Ask your students to discuss the implications of a specic function or feature. Be aware that discussions take time and you may need to limit their scope and timing in order to stay within the session time.
Ask for volunteers. Be aware that some adult learners prefer to observe and are uncomfortable when called upon to answer a question or perform an exercise. If you initiate discussion or share an application, ask for volunteers to electronically raise their hands. Then, select from those students. Manage silence. It is ne to pause your presentation to catch your breath or to wait for a slide to load, but remember that students have no visual contact with you. If you are silent for too long, they may think they have lost their audio connection. If you nd that you are waiting a long time for an application to perform a function, ask for questions, initiate a short discussion, or review what you have done so far. Make your personality larger. As an effective instructor you use your personality and demonstrated passion for the content being delivered to engage students in learning. You will need to nd a way to communicate these things in the virtual environment without the aid of facial and body language.
Managing the visual display

Consider these tips:

Use the pointer tools to show bulleted list items. If you distribute student materials, refer to the pages often. Move your cursor slowly and deliberately. Note: It is helpful to change the cursor style on your system so it is easy for students to identify it from their own.
Do not use shortcut keys to initiate functionality, unless it is part of the instructions. Students cannot follow you when you press CTRL+C, but they can follow you if you click EditCopy. Close demonstrations when they are complete. Start new demonstrations from a neutral screen.
CLI Private Site

For more information on how to teach this course, refer to the CLI Private Site located at http://www.lotus.com/cli. If you have already registered, enter your user name and password to access the Instructor Lounge and other private areas of the Web site to gain additional information for teaching this course.
169
Appendix
If you have not registered, visit the Education Zone located at http:// www.lotus.com/educationzone and follow the instructions to register for the certied community. After registering, you will be able to access the CLI Private Site using your user name and password.
CLI Certication Requirements

To learn about the requirements for becoming a CLI or to upgrade your current certication, visit the IBM Software Services for Lotus Certication Web site at http://www.lotus.com/certication.
Course Evaluation
At the end of the course, lead students to connect to the course evaluation Web page to complete an evaluation survey. Explain the importance of student feedback as a tool to help IBM improve course design and content and you to improve your presentation. Tell students that the survey is anonymous; they will not be required to provide their name or contact information, but can do so if they wish.
Completing the evaluation survey

Instruct students to complete the online course evaluation. This should take no longer than 15 minutes. Write the following information on the classroom whiteboard or ipchart:

Evaluation site: http://www-03.ibm.com/certify/certs/lotussurvey.shtml Instructor name: Class number: Course code:
170
Additional Instructor Notes

This section provides notes that aid in teaching the course. They provide the instructor with helpful information and may contain alternate tasks for instructor-based classroom demonstrations.
Lesson 1 page 4
To demonstrate how a server identies and store information specic to the machine, open the Server document and point out the information in the following table.
Tab Basics
Field Server name
Description Denes the servers Lotus Domino name Compares this network name to the name Lotus Domino knows What the server is used for Who manages the server Who can use the server Where the server is located on the network
Fully qualied Internet host name
Routing tasks Security Administrators Server access section Ports
Lesson 1 page 5
To demonstrate how a client identies a server by showing a Location document, open the Notes client Location document and point out the information in the accompanying table.
Tab Basics
Field Location type
Description How you connect to the server. How to choose the set of server connection information. Where the client goes to nd information and the user mail le. Which server to use for user name, server name, and other information (usually the home/mail server). How the client connects to the network.
Location name
Servers
Home/mail server
Domino directory server
Ports
Mail
Mail le location
Where your mail le can be found. The directory where the le exists. What set of Lotus Domino mail servers (domain) you are part of.
Mail le
Domino mail domain
Lesson 3 page 53
Example of completed organizational chart.
172
Lesson 4 page 89
This model is the most efficient method and allows for easier expansion, such as adding new servers and clustering existing servers. The corporate Hub server is the main hub and takes overall control of mail and replication. There are Connection documents from the main hub to the regional mail servers. The regional mail servers can then act as hubs if additional mail servers are added. The Connection documents enable communication between two or more servers in the regional NNNs. The Connection document species how and when information exchange occurs.
Lesson 6 page 116

The accompanying table is backed up by these details on why to partition a Lotus Domino server. Each partitioned server has its own Lotus Domino data directory and Notes.ini le, but all partitioned servers share the same Lotus Domino program directory.
Partitions are particularly effective when the servers are in different domains. For example, on one computer administrators can dedicate multiple domains to multiple customers or set up multiple Web sites. In most cases, partitioning servers from the same domain uses more computer resources and disk space than combining the servers into a single server. This is because the Lotus Domino executable les are loaded for each partitioned server, and each Lotus Domino server must have its own copy of the Lotus Domino Directory and other administrative applications. Refer students to the Lotus Domino Administrator 8.5 Help topic Partitioned servers for additional information and recommendations.
173
Glossary
access control list (ACL) determines access to a given database, and the type of access allowed. access controls Determine what information is available to the entity. application A solution to a particular business problem that may contain one or more databases and other components, such as JavaScripts. authentication Establishes trust between two entities. certicate A unique electronic stamp stored in an ID le that associates a name with a public key. certier ID A le that generates the electronic stamp to indicate a trusted relationship. cluster A group of two or more servers that provides users with constant access to data, balances the workload between servers, improves server performance, and maintains performance when you increase the size of the Lotus Domino environment. common certicate A certicate derived from the same Lotus Notes or Internet (X.509) certier, or one of its ancestors in the organizational hierarchy. composite application A collection of two or more distinct applications that address a business need for a specic group of users, and can be accessed from one screen.
domain A collection of servers and users that share a single Lotus Domino Directory. ECL (Execution Control List) Denes workstation security for the Lotus Notes client. eld-level replication The process of copying only elds that have changed since the last time the two databases replicated. group types Used to dene the purpose of the group and determine the views in the Lotus Domino Directory where the group name appears. group A list of users and/or servers that have something in common. Each group must have an owner, who is usually an administrator or an application manager. hierarchical naming Associates names with the certiers in an organization. Location document A feature that connects you to applications on servers by providing a place to specify information such as the name of your mail server, whether you use a passthru server, or even which Lotus Notes ID to use. Lotus Domino Directory A database that stores information that allows Lotus Domino servers and clients to function properly. Lotus Domino Enterprise Server Includes the functionality of both the Lotus Domino Utility and Domino Messaging Servers, including support for clusters. Lotus Domino Messaging Server Provides messaging services. It does not include application services. Lotus Domino replication A process of exchanging modications between two database replicas so that the same database may be updated and shared by many users in different locations accessing different servers. Lotus Domino server A computer that runs the Lotus Domino server program, stores Lotus Notes databases, and runs services that manipulate Lotus Notes data.
176
Lotus Domino Utility Server Provides standard Lotus Domino application services and custom Lotus Domino applications for Lotus Notes and Web clients, as well as support for clusters. It does not include messaging services. Lotus Notes and Lotus Domino A client and server environment that provides services to allow an organization to perform tasks to store, communicate, and exchange information. Lotus Notes client A computer that can access Lotus Domino data both on servers and locally, providing portable access to data. Lotus Notes ID Identies a user or server to Lotus Domino systems. mail routing topology Establishes which servers are connected and how they communicate specic information. Object Store A place where all Notes data resides in the form of an NSF application. organization certier A special le created at the time the rst Domino server is set up in the company. organization Denes the naming hierarchy for a Lotus Domino environment, which is used for security. OU (organizational unit) Denes an organizations hierarchy as it relates to people. Person document Describes a Lotus Notes or non-Lotus Notes user in the Lotus Domino Directory. policy The Policy document and its associated Settings documents. replica A special copy of a database. replication The process of synchronizing documents from the same databases on different workstations or servers over time.
177
Replicator A server task that is loaded, but not initiated, at server startup. role Identies a set of users and/or servers. Server document Created when you register a server; it contains many of the settings that dene how your server operates. server task A program provided with the Lotus Domino server that runs when loaded and activated. T.120 A family of open standards that contain a series of communications and application protocols and services that provide support for real-time, multipoint communication. Web client A computer that can access Lotus Domino data on the server to display in a browser.
178
Index
A
access control list, 63 access control options, 63 anonymous, 60 authentication access controls, 55
F
Features of Lotus Notes 8.5, 7 eld-level replication, 97 File tab tasks, 30
G
group, 29 group types, 69
C
certicate, 56 certier ID, 56 clients Lotus Notes, 5 Internet mail cluster, 114 common certicate, 57 Composite application, 11 Conguration tab views, 31
H
hierarchical name, 45
I
IBM Lotus Notes ID vault creation, 61 IBM Lotus Notes and IBM Lotus Domino, 3 ID le types, 57 Internet (X.509) certicates, 56
D
Database and Applications Types, 10 deny list, 69 domain, 13 Domino standard services, 111
L
Location document, 5 Lotus Domino Directory, 13 Lotus Domino Enterprise Server, 4 Lotus Domino Messaging Server, 4 Lotus Domino partitions, 116
E
execution access, 75 Execution Control List (ECL), 75
Index
Lotus Lotus Lotus Lotus Lotus Lotus
Domino replication, 30 Domino server, 3 Domino Service Categories, 14 Domino Utility Server, 4 Notes client, 3 Notes ID, 56
R
replicas, 93 replication, 93 Replication tab tasks, 31 Replicator, 93 required server applications, 12 role, 64
M
mail routing topology, 84 Messaging tab tasks, 30
S
Server document, 4 server host names common names, 50 server task, 15 settings document, 36 simple, 60
N
Notes certicates, 56
O
Object Store, 9 organization, 41, 42 organization certier, 42 organizational unit, 42 Also See: organization
W
Web client, 3
P
person document, 29
180
IBMD8L75IG rev 1.0

D8l751 Inst

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

D8l751 Inst

Uploaded by

Copyright:

Available Formats

IBM Lotus Domino 8.

5 System Administration Operating Fundamentals

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Lesson 2: Performing Basic Administration Tasks

Copyright IBM Corporation 2009.

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Copyright IBM Corporation 2009.

Lesson 4: Examining IBM Lotus Domino Mail Routing

Copyright IBM Corporation 2009.

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Lesson 5: Examining IBM Lotus Domino Replication

92 93 94 95 95 95 96 96 97 97 98 100 100 103 104 104 104

Lesson 6: Extending the IBM Lotus Domino Environment

113 114 114 115 116 116

Copyright IBM Corporation 2009.

116 117 118 118

Copyright IBM Corporation 2009.

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

About This Course

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

How to Use This Book

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Instructor and Students Client Computers

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Instructor and Student Client

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

IBM Lotus Domino Naming Used in This Course

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

AWest##.nsf and AEast##.nsf

Domain Routing Mailbox

svr.id, east.id, west.id, sales.id, support.id D8L75.ppt

Used throughout the course to display diagrams used in the classroom

Checklist of Classroom Setup Tasks: New Setup

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Table 0-3: Classroom setup tasks

Task 1: Install the Lotus Domino Server Software

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Task 2: Install the Lotus Domino Administrator Client Software

Task 3: Install Supplied Files on All Machines

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Files copied D8L75.ppt

dnotes.nsf awest##.nsf and aeast##.nsf fchester.nsf

mdomingo.nsf mgrassi.nsf tgoodwin.nsf

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Files copied dnotes.id east.id hub.id svr.id west.id wwcorp.id

Task 4: Edit Hosts File on Each Classroom Machine

Task 5: Set up the Classroom Server

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Task 6: Set Up the Instructors Workstation

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Use Web palette

Task 7: Set Up the Student Workstations

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Introducing the IBM Lotus Domino 8.5 Environment

Copyright IBM Corporation 2009.

Lesson 1 Introducing the IBM Lotus Domino 8.5 Environment

Copyright IBM Corporation 2009.

IBM Lotus Domino 8.5 System Administration Operating Fundamentals

Topic A: Examining the IBM Lotus Domino 8.5 Architecture