Lotus Domino Administration 101

SHARE Session 7670

Pat Berastegui Egen
Patricia Egen Consulting
pregen@egenconsulting.com
Agenda

 Brief review of Notes/Domino concepts

 What does a Domino administrator do?
 What tools are available to do the job?
 Demo where useful
Notes/Domino Concepts

A Notes database is a file containing data in

documents, and application logic to manipulate
that data. Views are used to navigate through
the data.The data is shared through a Domino
server.
Simple Overview of a Notes Database

Fill Out the Form

to create a Document View Results
in the Database

DB.NSF
enter:____________ document1 xxxx xxxxx xxxxx xxxxx
122 345 5 23
x: text1 document2 14 12 12 15
x text2 document3 77 32 6
Sign by: __________
Definition of a Domino Server

 Server machine providing


Connection services for user workstations

Mail routing

Database sharing

Replication

Security

Storage for Notes databases/applications

HTTP translation
 In most cases, server machine should be dedicated to
Domino
Types of Domino Servers

 Servers may be dedicated by function


Web server

Replication hub

Mail hub

Database server

Mail server

MTA servers (FAX, LNDI, SMTP, & others)

Passthru server

NOTE
S
Domain

A Notes domain consists of multiple servers sharing a

Public Name and Address Book (NAB) which is synchronized
using replication

Names.nsf
Names.nsf

Names.nsf
What is Replication?

 Replication is the technology which allows multiple copies of a database t

remain synchronized with each other
 Replication between servers can be done in several flavors:

Pull

Pull/Pull

Push
Single Domain

 Advantages

Provides clear view of the Domino topology

Facilitates centralized management

Better ACL control

Easier Mail addressing

Easier to send signed mail
 Disadvantages

Address book may be very large

Controlling access to the address book may be complex
Multiple Domains

 Advantages

Facilitates distributed management

Local support can be responsive

Easier to deploy in a decentralized organization

Smaller N&A book

Easier to replicate
 Disadvantages

Managing the overall topology may be complex

Managing ACLs in applications that span domains is challenging

Controlling domain proliferation may be difficult
 Notes Named Network

 A collection of servers that communicate directly on a LAN or WAN


Servers run same protocol

A constant connection on the LAN or WAN is maintained
 Servers on the same named network and same domain route mail
automatically
 When users select File ==> Database ==> Open; Server; Other, they see a
list of servers in the Notes Named Network that their home server is a part
of.
Notes Named Networks

A domain may consist of multiple Notes Named Networks

Names.nsf
Multi-protocol
Servers

Mail Servers

SPX NETBIOS TCP/IP

Layers of Security

Network Firewalls

Server Server ACLs

Database Database ACLs

Forms/Views Form/View ACLs

Documents Reader/Author Fields

Fields Encryption
Notes Security

 Passwords

ID(May have multiple passwords)

Server Console
 Certification and authentication

User and server verify each other's identity
 Access control lists

For servers and databases
 Reader and author names fields in documents
 Encryption

At the field level
Server Security

 Access Server
 Create Databases
 Create Replicas
 Passthrough Server (to and through)
 Run agents
Database Access Control List

ACL

Level Access
No Access No Access to Database
Depositor Add Documents Only
Reader Read Only
Author Read/Add/Change Own
Editor Read/Add/Change All
Designer Change Design
Manager Perform All Operations
ACL Specification
Domino Implementation Overview

Determine server platform(s)

Design topology
Pre-Install Plan naming conventions

Install hardware
Install software
Customize/setup
Install
Connect and maintain servers
Register and maintain users
Set up and maintain routing and replication
Manage Notes security
Post-Install Set backup strategy
Troubleshoot problems
What does a Notes Administrator do?

 Connects, maintains and monitors servers

 Registers and maintains users and groups
 Sets up and maintains mail routing and database replication
 Manages Notes security
 Sets backup strategy
 Troubleshoots problems
What authority does an administrator need?

 Editor access to Name and Address Book (may be limited by roles)

 Appropriate access to server and key Notes files
 Access to certifier
 Remote console authority
Administrator Tools

 NOTES.INI
 Server console commands (local or remote)
 Public Address Book
 Administration Control Panel

New to 5.0, can run on another computer
 Administration Process (AdminP)
 Monitoring and statistics databases
 Web Administration Database
 Third party tools
Key Notes Files and Databases(1)

 NOTES.INI - Notes initialization settings

 NAMES.NSF - Public Name & Address Book
 ID files - Certifier, User, Server
 LOG.NSF - Records server activity
 ADMIN4.NSF - Used by the Administration Process
 WEBADMIN.NSF - Used for Administration through a browser
 Key Notes Files and Databases(2)

 CERTLOG.NSF -- Tracks the creation of IDs and cross-certificates

 EVENTS4.NSF - server monitoring information
 STATREP.NSF -- reporting database for events
 COLLECT4.NSF -- configuration for a single server to monitor a group of
servers
 DESKTOP.DSK - Defines Notes client workspace
Server Characteristics

 Which server tasks should be running?

 How many routers and replicators should be running?
 Which address books are cascaded?
 Which shared mail option has been implemented?
 When do administrative server tasks (e.g., re-indexing) run?
Server Tasks

 AdminP  Reporter
 Catalog  Router
 Compact  Statlog
 Event  Stats
 Fixup  HTTP
 Design  Web
 Updall  Sched
 Replica  Calconn
Controlling Notes through NOTES.INI

 The NOTES.INI file contains the initialization and

configuration settings for a Notes server

Directories and paths

What tasks should start automatically

Information about the environment

 There are 5 ways NOTES.INI is modified


Edit NOTES.INI directly

Set a Configuration Variable at the Server console

Modify the Server Document or create a Configuration Document in the
NAB

UNIX environment variables

User interface actions
Example of NOTES.INI
[Notes]
KitType=2
Directory=d:\notes\data
WinNTIconPath=d:\notes\data\W32
$$HasLANPort=1
Preferences=-1584919439
Console_LogLevel=2
VIEWIMP1=Lotus 1-2-3
Worksheet,0,_IWKSV,,.WKS,.WK1,.WR1,.WRK,.WK3,.WK4,
...
StackedIcons=1
DESKWINDOWSIZE=16 23 420 288
ServerTasks=replica,router,update,stats,amgr,adminp
FileDlgDirectory=D:\notes\data\notesids
KeyFilename=notesids\uslwoody.id
TCPIP=TCP, 0, 15, 2000
LAN0=NETBIOS, 0, 15, 0
MailSystem=0
Timezone=6
...
Modifying NOTES.INI

 Change the interval field in the AdminP section of the Server Document
or
 At console, type
Set Config ADMINPINTERVAL=15
or
 Create a Configuration Document in the Address Book that sets
ADMINPINTERVAL to 15
or
 Edit NOTES.INI to read
ADMINPINTERVAL=15

For example, to set how often the Admin Process

should look for work to do:
Controlling Notes at the Server Console or from an
Administration PC.

 HELP
 SHOW

TASKS

USERS

DISKSPACE

MEMORY

PORT

CONFIG
 QUIT
More Console Commands...

 SET

CONFIG

SECURE
 LOAD
 TELL
 REPLICATE
 PUSH
 PULL
 ROUTE
 BROADCAST
Remote Console
The Name and Address Book

 The Public Address Book is a Lotus Notes database, stored on

the server, that contains key information about a Lotus Notes
domain, its configuration, and its users. Its file name is
NAMES.NSF
 A server will not start without access to the Public Address
Book
 Additional address books (e.g., foreign) may be "cascaded"
Public Address Book Documents

 Groups
 Locations
 People
 Server

Certificates 15


Clusters

Configurations

Connections

Domains

Servers

and more...
Server Document
Person Document
Public vs. Personal Address Book

 Each Notes client also has a personal address book stored on the
workstation that contains the user's personal groups and frequent
correspondents, as well as information about how the user interacts with
servers and the network
 The file name for the personal Name and Address Book is also
NAMES.NSF
 For the administrator using the server as a workstation,
the NAB is shared
Database Management Tools
Registering and Connecting Additional Servers

 Having multiple servers in a domain allows servers to focus on different

tasks such as replication, mail routing, or passthru.
 The administrator must register a new server before the Notes server cod
is installed, using the Administration Control Panel

Registration creates an ID file for the server and adds a Server document t
the Public Address Book

At setup time, the new server gets a replica copy of the NAB from the firs
server
Two Naming Models: Flat and Hierarchical

 Used for both servers and users

 Flat name: "John Smith" or "Pluto"
 Hierarchical name: "John Smith/CAM/Lotus" or "Pluto/Solar
System/Universe"
 Domino supports both
 Hierarchical has advantages
 Mixed environments are the most complex
 What's a Hierarchical Name?

 Inspired by X.500
 Name includes organizational structure
 Always has a Common Name and Organization name
 Optional Country code and up to four levels of Organizational Unit names

e.g., John Smith/CAM/Lotus

Direct
CN OU O
ory
Hierarchical Naming Conventions

 Based on business unit


e.g., John Smith/Sales/Acme
 Based on geography

e.g., John Smith/NY/Acme
 Based on business unit and geography

e.g., John Smith/Sales/NY/Acme
 Keep organizational units to a minimum
 Use middle initials or user-unique organizational units to make identical
names unique
 Avoid commas and periods
Server Naming Conventions

 Memorable names

e.g., Marketing, Accounting
 Descriptive hierarchical names

e.g., Marketing/M/NYC
 Descriptive flat names

e.g., Acme_NY_Mail1, Acme_NY_DB2, Acme_NY_Hub1
Registering/Certifying Users

 Every user who will access Notes with a Notes client must be registered
 User Registration is performed through the Administration Control Pane
or in batch from an ASCII file
 At User Registration:

A user ID file is created, containing the user's name, password, and
encryption keys, and stamped with a certificate

A person document for the user is added to the server's Public Name and
Address Book

A mail file is created for the user on the designated Home server
Authentication

 ID file contains:

User/server name and password

Creation/expiration info

License number

Certificates

Public key

Private key

Encryption key(s)
 ID files whose certificates share a common ancestor can
authenticate with each other
Interacting with Other Organizations

 Cross-certificates can "connect" whole organizations with a single step,

allowing organizations, organizational units, users or servers with no
common ancestral heritage to authenticate
 With flat names, individual members of organizations must cross certify

If there is someone with the same name in the foreign organization, cross
certification is not secure!
Defining Groups

 A group is a named list of users stored in the NAB

 Groups may be multi-purpose, or specific

Mailing List (Distribution List)

Access Control List

Deny List
 The Notes Administrator defines Groups in the Public Address Book
through the Administrator Control Panel or by viewing the NAB
 Groups can also be implicit

Entries of the form */Acme can be listed on an ACL to give rights to all
members of an organization
Managing Users

 Users' names need to be changed

 Access must be revoked for users who leave
 Users must be recertified when certifications expire
 Users may move between organizational units
 Servers or domains may need to be consolidated
Moving Mail Users to a New Server

 Copy the user's mail file to the new

server
 Change the user's person document
in the NAB
 Replicate the NAB
 Delete the old mail file
 Change the user's location
document
Administration Process

 The Administration Process (AdminP) automates certain

administrative tasks by scheduling updates across
multiple servers

Change User's or Server's Common Name

Update ACLs With Name Changes

Recertify an ID


Move Users and Servers Within a Hierarchy

Delete Users, Servers, and Groups

Globally Convert IDs from Flat to Hierarchical
 Each database to be managed by ADMINP has an administrative serv
assigned
 AdminP requests are stored in ADMIN4.NSF
Setting Up Mail Databases

 Mail may be stored in shared mail databases (single copy object store) or individual mail database
 With shared mail, the router splits the mail message into two parts:

Header - put into each recipient's mail file

Content (body) - put into active shared mail database

 Shared mail options (NOTES.INI)


0 - Shared mail not in use

1 - Shared mail used when recipients = 2 or more

2 - Shared mail used always
 Administrator creates shared mail databases, monitors size, switches to
new databases, and links and un-links mail files from the shared mail
database
Setting Up Mail and Mail Routing

 Mail routing is handled automatically between mail servers in

the same Domain and Notes Named Network
 Connection Documents must be created between servers in
different Notes Named Networks
 Connection Documents and Adjacent or Non-Adjacent Domai
Documents are needed to route mail to another Domain
 Connection Documents and Foreign Domain Documents are
needed to connect to a non-Notes network such as the Internet
Mail Routing Between Domains

Domain1
Non-Adjacent Domain Domain3
1-3

Connection 1-2
Connection 2-3
Domain2
Mail Routing to Foreign Domain

DOM001 Foreign
Domain Document

OfficeVision

NAB

Gateway
Mail Addressing

 Routing automatic within same domain

 Connection records needed for:

Adjacent domains

Non-adjacent domains
 Master Address Book or Cascading Public Address Books

Provide type-ahead across multiple domains

Eliminate explicit addressing

Domain Domain Domain

A B C

User @ Domain C @ Domain B

Mail Priority

 High priority

Routed immediately, regardless of routing schedule
 Normal priority

Routed immediately within the same Notes Named Network

Routed at next scheduled time

Routed if "route-at-once" limit is reached

Default
 Low priority

Routed between 12:00 AM and 6:00 AM

Not routed with normal or high mail during other times
Setting up Database Replication

 Replication is the process through which Notes databases are synchroniz

 A Replication task running on a server pulls or pushes information from
the database on one server to the replica copy on another server
 Replication is normally scheduled via a connection document, but can be
started manually
 Multiple concurrent replication tasks may run on a server
Peer-to-peer topology

D
D-C

A C
A-B
A-D C-A

B-D
B-C

B
Hub-and-spoke topology

To Hub
G X B
Connections
A
in N/A Book
A-B
A-C
A-D F C
A-E
A-F
A-G Domino
A-X Hub
Server
E D
Hub-and-spoke replication schedule

:00 :10 :20 Single Replicator Hub

- All work done at Hub
- Scheduled at 10
minutes per spoke
- 60 minute cycle

:30
:50 :40
Backing up the System

 Key files should be backed up on a regular basis

 In a 24x7 operation, backup tools must be able to backup
open files
 Notes clustering can provide automated backup for
applications
Monitoring the System

 Statistics

How big/active are the databases?

Which databases replicated today?

How much disk space is available?

Is there mail that cannot be delivered?
 Events

The replication could not complete

The disk hit 95% full

An unauthorized user tried to access the server
Monitoring Tools

 The Notes log captures key information


Logging levels can be set

The log can be searched for specific strings
 The Statistics and Events database controls which events
are reported
 The Reporter task reports events for a specific server
 The Collector task can run on a single server, and collect
information from other servers
 Certain events can cause notification to be sent to an
administrator
Web Server

 Enabled by running the HTTP task

 Settings specified in the HTTP section in the server
document in the NAB

Basic settings

Operational information

Mapping settings

Logging

Timeouts

Security
Advanced Services

 Domino Advanced Services include


Clustering

Running multiple servers as a logical unit

Partitioning

Running multiple separate servers on a single machine

Billing

Capturing chargeback statistics
Clustering

 Up to 6 servers per cluster

 Single nab shared
 Cluster replication

Real-time replication scheme - not reliant on time-driven
connection documents
 Cluster names are cached

Name cache allows a server to track status of other servers
the cluster

Offers intelligent fail-over & load balancing

Users are pushed to other servers when thresholds are set
(e.g., number of active users)
Help Desk Support

 Document problems
 Build a question and answer database
 Interface with Lotus Technical Support
 Develop procedure for . . .

Handling problems

Applying fixes

Upgrading to new releases
 Develop disaster recovery plan