lotus domino administration 101
DESCRIPTION
Lotus Domino Administration 101. SHARE Session 7670 Pat Berastegui Egen Patricia Egen Consulting [email protected]. Agenda. Brief review of Notes/Domino concepts What does a Domino administrator do? What tools are available to do the job? Demo where useful. Notes/Domino Concepts. - PowerPoint PPT PresentationTRANSCRIPT
Lotus Domino Administration 101
SHARE Session 7670Pat Berastegui Egen
Patricia Egen [email protected]
Agenda
Brief review of Notes/Domino conceptsWhat does a Domino administrator do?What tools are available to do the job?Demo where useful
Notes/Domino Concepts
A Notes database is a file containing data indocuments, and application logic to manipulatethat data. Views are used to navigate throughthe data.The data is shared through a Dominoserver.
DB.NSF
Simple Overview of a Notes Database
Fill Out the Formto create a Documentin the Database
View Results
enter:____________ x: text1 x text2Sign by: __________
document1document2document3
xxxx xxxxx xxxxx xxxxx 122 345 5 23 14 12 12 15 77 32 6
Definition of a Domino Server
Server machine providingConnection services for user workstationsMail routingDatabase sharingReplicationSecurityStorage for Notes databases/applicationsHTTP translation
In most cases, server machine should be dedicated to Domino
NOTES
Types of Domino Servers
Servers may be dedicated by function Web server Replication hub Mail hub Database server Mail server MTA servers (FAX, LNDI, SMTP, & others) Passthru server
Domain
A Notes domain consists of multiple servers sharing a Public Name and Address Book (NAB) which is synchronizedusing replication
Names.nsf
Names.nsfNames.nsf
What is Replication?
Replication is the technology which allows multiple copies of a database to remain synchronized with each other
Replication between servers can be done in several flavors:
Pull/Pull
Pull/Push
Pull
Push
Single Domain
Advantages Provides clear view of the Domino topology Facilitates centralized managementBetter ACL controlEasier Mail addressingEasier to send signed mail
Disadvantages Address book may be very large Controlling access to the address book may be complex
Multiple Domains
Advantages Facilitates distributed management Local support can be responsive Easier to deploy in a decentralized organization Smaller N&A book Easier to replicate
Disadvantages Managing the overall topology may be complex Managing ACLs in applications that span domains is challenging
Controlling domain proliferation may be difficult
Notes Named Network
A collection of servers that communicate directly on a LAN or WAN
Servers run same protocol A constant connection on the LAN or WAN is maintained
Servers on the same named network and same domain route mail automatically
When users select File ==> Database ==> Open; Server; Other, they see a list of servers in the Notes Named Network that their home server is a part of.
Notes Named Networks
Mail Servers
A domain may consist of multiple Notes Named Networks
Names.nsf
SPX NETBIOS TCP/IP
Multi-protocol Servers
Layers of Security
Network
Server
Database
Forms/Views
Documents
Fields
Firewalls
Server ACLs
Database ACLs
Form/View ACLs
Reader/Author Fields
Encryption
Notes Security
Passwords ID(May have multiple passwords) Server Console
Certification and authentication User and server verify each other's identity
Access control listsFor servers and databases
Reader and author names fields in documents
EncryptionAt the field level
Server Security
Access ServerCreate DatabasesCreate ReplicasPassthrough Server (to and through)Run agents
Database Access Control List
ACL
No Access No Access to Database
Depositor Add Documents Only
Reader Read Only
Author Read/Add/Change Own
Editor Read/Add/Change All
Designer Change Design
Manager Perform All Operations
Level Access
ACL Specification
Domino Implementation Overview
Pre-Install
Install
Post-Install
Determine server platform(s) Design topologyPlan naming conventions
Install hardwareInstall softwareCustomize/setup
Connect and maintain serversRegister and maintain usersSet up and maintain routing and replicationManage Notes securitySet backup strategyTroubleshoot problems
Connects, maintains and monitors serversRegisters and maintains users and groupsSets up and maintains mail routing and database replication
Manages Notes securitySets backup strategyTroubleshoots problems
What does a Notes Administrator do?
What authority does an administrator need?
Editor access to Name and Address Book (may be limited by roles)
Appropriate access to server and key Notes files Access to certifierRemote console authority
Administrator Tools
NOTES.INIServer console commands (local or remote)Public Address BookAdministration Control Panel
New to 5.0, can run on another computerAdministration Process (AdminP)Monitoring and statistics databasesWeb Administration DatabaseThird party tools
Key Notes Files and Databases(1)
NOTES.INI - Notes initialization settingsNAMES.NSF - Public Name & Address BookID files - Certifier, User, ServerLOG.NSF - Records server activityADMIN4.NSF - Used by the Administration ProcessWEBADMIN.NSF - Used for Administration through a browser
Key Notes Files and Databases(2)
CERTLOG.NSF -- Tracks the creation of IDs and cross-certificates
EVENTS4.NSF - server monitoring informationSTATREP.NSF -- reporting database for eventsCOLLECT4.NSF -- configuration for a single server to monitor a group of servers
DESKTOP.DSK - Defines Notes client workspace
Server Characteristics
Which server tasks should be running?How many routers and replicators should be running?Which address books are cascaded?Which shared mail option has been implemented?When do administrative server tasks (e.g., re-indexing) run?
Server Tasks
AdminPCatalogCompactEventFixupDesignUpdallReplica
ReporterRouterStatlogStatsHTTPWebSchedCalconn
Controlling Notes through NOTES.INI
The NOTES.INI file contains the initialization and configuration settings for a Notes server
Directories and paths What tasks should start automatically Information about the environment
There are 5 ways NOTES.INI is modified Edit NOTES.INI directly Set a Configuration Variable at the Server console Modify the Server Document or create a Configuration Document in the NAB
UNIX environment variables User interface actions
Example of NOTES.INI
[Notes]KitType=2Directory=d:\notes\dataWinNTIconPath=d:\notes\data\W32$$HasLANPort=1Preferences=-1584919439Console_LogLevel=2VIEWIMP1=Lotus 1-2-3 Worksheet,0,_IWKSV,,.WKS,.WK1,.WR1,.WRK,.WK3,.WK4,...StackedIcons=1DESKWINDOWSIZE=16 23 420 288ServerTasks=replica,router,update,stats,amgr,adminpFileDlgDirectory=D:\notes\data\notesidsKeyFilename=notesids\uslwoody.idTCPIP=TCP, 0, 15, 2000LAN0=NETBIOS, 0, 15, 0MailSystem=0Timezone=6...
Modifying NOTES.INI
Change the interval field in the AdminP section of the Server Documentor
At console, type Set Config ADMINPINTERVAL=15or
Create a Configuration Document in the Address Book that sets ADMINPINTERVAL to 15or
Edit NOTES.INI to read ADMINPINTERVAL=15
For example, to set how often the Admin Process should look for work to do:
Controlling Notes at the Server Console or from an Administration PC.
HELPSHOW
TASKS USERS DISKSPACE MEMORY PORT CONFIG
QUIT
More Console Commands...
SET CONFIG SECURE
LOAD TELLREPLICATEPUSHPULLROUTEBROADCAST
Remote Console
The Name and Address Book
The Public Address Book is a Lotus Notes database, stored on the server, that contains key information about a Lotus Notes domain, its configuration, and its users. Its file name is NAMES.NSF
A server will not start without access to the Public Address Book
Additional address books (e.g., foreign) may be "cascaded"
Public Address Book Documents
GroupsLocationsPeopleServer
Certificates Clusters Configurations Connections Domains Servers and more...
15
Server Document
Person Document
Public vs. Personal Address Book
Each Notes client also has a personal address book stored on the workstation that contains the user's personal groups and frequent correspondents, as well as information about how the user interacts with servers and the network
The file name for the personal Name and Address Book is also NAMES.NSF
For the administrator using the server as a workstation, the NAB is shared
Database Management Tools
Registering and Connecting Additional Servers
Having multiple servers in a domain allows servers to focus on different tasks such as replication, mail routing, or passthru.
The administrator must register a new server before the Notes server code is installed, using the Administration Control Panel
Registration creates an ID file for the server and adds a Server document to the Public Address Book
At setup time, the new server gets a replica copy of the NAB from the first server
Two Naming Models: Flat and Hierarchical
Used for both servers and usersFlat name: "John Smith" or "Pluto"Hierarchical name: "John Smith/CAM/Lotus" or "Pluto/Solar System/Universe"
Domino supports bothHierarchical has advantagesMixed environments are the most complex
Inspired by X.500Name includes organizational structureAlways has a Common Name and Organization nameOptional Country code and up to four levels of Organizational Unit names
e.g., John Smith/CAM/Lotus
Directory
What's a Hierarchical Name?
CN OU O
Hierarchical Naming Conventions
Based on business unit e.g., John Smith/Sales/Acme
Based on geography e.g., John Smith/NY/Acme
Based on business unit and geography e.g., John Smith/Sales/NY/Acme
Keep organizational units to a minimumUse middle initials or user-unique organizational units to make identical names unique
Avoid commas and periods
Server Naming Conventions
Memorable names e.g., Marketing, Accounting
Descriptive hierarchical names e.g., Marketing/M/NYC
Descriptive flat names e.g., Acme_NY_Mail1, Acme_NY_DB2, Acme_NY_Hub1
Registering/Certifying Users
Every user who will access Notes with a Notes client must be registered
User Registration is performed through the Administration Control Panel or in batch from an ASCII file
At User Registration: A user ID file is created, containing the user's name, password, and encryption keys, and stamped with a certificate
A person document for the user is added to the server's Public Name and Address Book
A mail file is created for the user on the designated Home server
ID file contains:User/server name and passwordCreation/expiration infoLicense numberCertificates Public keyPrivate keyEncryption key(s)
ID files whose certificates share a common ancestor can authenticate with each other
Authentication
Cross-certificates can "connect" whole organizations with a single step, allowing organizations, organizational units, users or servers with no common ancestral heritage to authenticate
With flat names, individual members of organizations must cross certify
If there is someone with the same name in the foreign organization, cross certification is not secure!
Interacting with Other Organizations
Defining Groups
A group is a named list of users stored in the NABGroups may be multi-purpose, or specific
Mailing List (Distribution List) Access Control List Deny List
The Notes Administrator defines Groups in the Public Address Book through the Administrator Control Panel or by viewing the NAB
Groups can also be implicit Entries of the form */Acme can be listed on an ACL to give rights to all members of an organization
Managing Users
Users' names need to be changedAccess must be revoked for users who leaveUsers must be recertified when certifications expireUsers may move between organizational unitsServers or domains may need to be consolidated
Moving Mail Users to a New Server
Copy the user's mail file to the new server
Change the user's person document in the NAB
Replicate the NABDelete the old mail fileChange the user's location document
Administration Process
The Administration Process (AdminP) automates certain administrative tasks by scheduling updates across multiple servers
Change User's or Server's Common NameUpdate ACLs With Name Changes
Recertify an ID
Move Users and Servers Within a Hierarchy Delete Users, Servers, and Groups Globally Convert IDs from Flat to Hierarchical
Each database to be managed by ADMINP has an administrative server assigned
AdminP requests are stored in ADMIN4.NSF
Mail may be stored in shared mail databases (single copy object store) or individual mail databases
With shared mail, the router splits the mail message into two parts: Header - put into each recipient's mail file Content (body) - put into active shared mail database
Shared mail options (NOTES.INI) 0 - Shared mail not in use 1 - Shared mail used when recipients = 2 or more 2 - Shared mail used always
Administrator creates shared mail databases, monitors size, switches to new databases, and links and un-links mail files from the shared mail database
Setting Up Mail Databases
Setting Up Mail and Mail Routing
Mail routing is handled automatically between mail servers in the same Domain and Notes Named Network
Connection Documents must be created between servers in different Notes Named Networks
Connection Documents and Adjacent or Non-Adjacent Domain Documents are needed to route mail to another Domain
Connection Documents and Foreign Domain Documents are needed to connect to a non-Notes network such as the Internet
Mail Routing Between Domains
Connection 1-2
Domain1
Domain2
Domain3
Connection 2-3
Non-Adjacent Domain 1-3
Mail Routing to Foreign Domain
DOM001
NAB
Gateway
ForeignDomain Document
OfficeVision
User @ Domain C @ Domain B
DomainA
DomainB
DomainC
Mail Addressing
Routing automatic within same domainConnection records needed for:
Adjacent domains Non-adjacent domains
Master Address Book or Cascading Public Address Books Provide type-ahead across multiple domains Eliminate explicit addressing
Mail Priority
High priority Routed immediately, regardless of routing schedule
Normal priority Routed immediately within the same Notes Named Network Routed at next scheduled time Routed if "route-at-once" limit is reached Default
Low priority Routed between 12:00 AM and 6:00 AM Not routed with normal or high mail during other times
Setting up Database Replication
Replication is the process through which Notes databases are synchronized
A Replication task running on a server pulls or pushes information from the database on one server to the replica copy on another server
Replication is normally scheduled via a connection document, but can be started manually
Multiple concurrent replication tasks may run on a server
A - BA - D
A
B
C
DD - C
B - DB - C
C - A
Peer-to-peer topology
Connectionsin N/A BookA - BA - CA - DA - EA - FA - GA - X
A
Domino HubServer
B
C
DE
F
GTo Hub X
Hub-and-spoke topology
Single Replicator Hub - All work done at Hub- Scheduled at 10
minutes per spoke- 60 minute cycle
:30
:00 :10 :20
:50 :40
Hub-and-spoke replication schedule
Backing up the System
Key files should be backed up on a regular basis
In a 24x7 operation, backup tools must be able to backup open files
Notes clustering can provide automated backup for applications
Monitoring the System
Statistics How big/active are the databases? Which databases replicated today? How much disk space is available? Is there mail that cannot be delivered?
Events The replication could not complete The disk hit 95% full An unauthorized user tried to access the server
Monitoring Tools
The Notes log captures key information Logging levels can be set The log can be searched for specific strings
The Statistics and Events database controls which events are reported
The Reporter task reports events for a specific server
The Collector task can run on a single server, and collect information from other servers
Certain events can cause notification to be sent to an administrator
Web Server
Enabled by running the HTTP taskSettings specified in the HTTP section in the server document in the NAB
Basic settings Operational information Mapping settings Logging Timeouts Security
Advanced Services
Domino Advanced Services includeClustering
Running multiple servers as a logical unit Partitioning
Running multiple separate servers on a single machineBilling
Capturing chargeback statistics
Clustering
Up to 6 servers per clusterSingle nab sharedCluster replication
Real-time replication scheme - not reliant on time-driven connection documents
Cluster names are cachedName cache allows a server to track status of other servers in the cluster
Offers intelligent fail-over & load balancingUsers are pushed to other servers when thresholds are set (e.g., number of active users)
Help Desk Support
Document problemsBuild a question and answer databaseInterface with Lotus Technical SupportDevelop procedure for . . .
Handling problemsApplying fixesUpgrading to new releases
Develop disaster recovery plan