670 likes | 708 Views
Lotus Domino Administration 101. SHARE Session 7670 Pat Berastegui Egen Patricia Egen Consulting pregen@egenconsulting.com. Agenda. Brief review of Notes/Domino concepts What does a Domino administrator do? What tools are available to do the job? Demo where useful. Notes/Domino Concepts.
E N D
Lotus Domino Administration 101 SHARE Session 7670 Pat Berastegui Egen Patricia Egen Consulting pregen@egenconsulting.com
Agenda • Brief review of Notes/Domino concepts • What does a Domino administrator do? • What tools are available to do the job? • Demo where useful
Notes/Domino Concepts A Notes database is a file containing data in documents, and application logic to manipulate that data. Views are used to navigate through the data.The data is shared through a Domino server.
Simple Overview of a Notes Database DB.NSF Fill Out the Form to create a Document in the Database View Results enter:____________ x: text1 x text2 Sign by: __________ document1 document2 document3 xxxx xxxxx xxxxx xxxxx 122 345 5 23 14 12 12 15 77 32 6
Definition of a Domino Server • Server machine providing • Connection services for user workstations • Mail routing • Database sharing • Replication • Security • Storage for Notes databases/applications • HTTP translation • In most cases, server machine should be dedicated to Domino
Types of Domino Servers • Servers may be dedicated by function • Web server • Replication hub • Mail hub • Database server • Mail server • MTA servers (FAX, LNDI, SMTP, & others) • Passthru server NOTES
Names.nsf Names.nsf Names.nsf Domain A Notes domain consists of multiple servers sharing a Public Name and Address Book (NAB) which is synchronized using replication
Pull Pull/Pull Push Pull/Push What is Replication? • Replication is the technology which allows multiple copies of a database to remain synchronized with each other • Replication between servers can be done in several flavors:
Single Domain • Advantages • Provides clear view of the Domino topology • Facilitates centralized management • Better ACL control • Easier Mail addressing • Easier to send signed mail • Disadvantages • Address book may be very large • Controlling access to the address book may be complex
Multiple Domains • Advantages • Facilitates distributed management • Local support can be responsive • Easier to deploy in a decentralized organization • Smaller N&A book • Easier to replicate • Disadvantages • Managing the overall topology may be complex • Managing ACLs in applications that span domains is challenging • Controlling domain proliferation may be difficult
Notes Named Network • A collection of servers that communicate directly on a LAN or WAN • Servers run same protocol • A constant connection on the LAN or WAN is maintained • Servers on the same named network and same domain route mail automatically • When users select File ==> Database ==> Open; Server; Other, they see a list of servers in the Notes Named Network that their home server is a part of.
Notes Named Networks A domain may consist of multiple Notes Named Networks Names.nsf Multi-protocol Servers Mail Servers SPX NETBIOS TCP/IP
Layers of Security Network Firewalls Server Server ACLs Database Database ACLs Forms/Views Form/View ACLs Reader/Author Fields Documents Fields Encryption
Notes Security • Passwords • ID(May have multiple passwords) • Server Console • Certification and authentication • User and server verify each other's identity • Access control lists • For servers and databases • Reader and author names fields in documents • Encryption • At the field level
Server Security • Access Server • Create Databases • Create Replicas • Passthrough Server (to and through) • Run agents
Database Access Control List ACL Level Access No Access No Access to Database Depositor Add Documents Only Reader Read Only Author Read/Add/Change Own Editor Read/Add/Change All Designer Change Design Manager Perform All Operations
Domino Implementation Overview Determine server platform(s) Design topology Plan naming conventions Pre-Install Install hardware Install software Customize/setup Install Connect and maintain servers Register and maintain users Set up and maintain routing and replication Manage Notes security Set backup strategy Troubleshoot problems Post-Install
What does a Notes Administrator do? • Connects, maintains and monitors servers • Registers and maintains users and groups • Sets up and maintains mail routing and database replication • Manages Notes security • Sets backup strategy • Troubleshoots problems
What authority does an administrator need? • Editor access to Name and Address Book (may be limited by roles) • Appropriate access to server and key Notes files • Access to certifier • Remote console authority
Administrator Tools • NOTES.INI • Server console commands (local or remote) • Public Address Book • Administration Control Panel • New to 5.0, can run on another computer • Administration Process (AdminP) • Monitoring and statistics databases • Web Administration Database • Third party tools
Key Notes Files and Databases(1) • NOTES.INI - Notes initialization settings • NAMES.NSF - Public Name & Address Book • ID files - Certifier, User, Server • LOG.NSF - Records server activity • ADMIN4.NSF - Used by the Administration Process • WEBADMIN.NSF - Used for Administration through a browser
Key Notes Files and Databases(2) • CERTLOG.NSF -- Tracks the creation of IDs and cross-certificates • EVENTS4.NSF - server monitoring information • STATREP.NSF -- reporting database for events • COLLECT4.NSF -- configuration for a single server to monitor a group of servers • DESKTOP.DSK - Defines Notes client workspace
Server Characteristics • Which server tasks should be running? • How many routers and replicators should be running? • Which address books are cascaded? • Which shared mail option has been implemented? • When do administrative server tasks (e.g., re-indexing) run?
Server Tasks • AdminP • Catalog • Compact • Event • Fixup • Design • Updall • Replica • Reporter • Router • Statlog • Stats • HTTP • Web • Sched • Calconn
Controlling Notes through NOTES.INI • The NOTES.INI file contains the initialization and configuration settings for a Notes server • Directories and paths • What tasks should start automatically • Information about the environment • There are 5 ways NOTES.INI is modified • Edit NOTES.INI directly • Set a Configuration Variable at the Server console • Modify the Server Document or create a Configuration Document in the NAB • UNIX environment variables • User interface actions
Example of NOTES.INI [Notes] KitType=2 Directory=d:\notes\data WinNTIconPath=d:\notes\data\W32 $$HasLANPort=1 Preferences=-1584919439 Console_LogLevel=2 VIEWIMP1=Lotus 1-2-3 Worksheet,0,_IWKSV,,.WKS,.WK1,.WR1,.WRK,.WK3,.WK4, ... StackedIcons=1 DESKWINDOWSIZE=16 23 420 288 ServerTasks=replica,router,update,stats,amgr,adminp FileDlgDirectory=D:\notes\data\notesids KeyFilename=notesids\uslwoody.id TCPIP=TCP, 0, 15, 2000 LAN0=NETBIOS, 0, 15, 0 MailSystem=0 Timezone=6 ...
Modifying NOTES.INI • Change the interval field in the AdminP section of the Server Documentor • At console, type Set Config ADMINPINTERVAL=15or • Create a Configuration Document in the Address Book that sets ADMINPINTERVAL to 15or • Edit NOTES.INI to read ADMINPINTERVAL=15 For example, to set how often the Admin Process should look for work to do:
Controlling Notes at the Server Console or from an Administration PC. • HELP • SHOW • TASKS • USERS • DISKSPACE • MEMORY • PORT • CONFIG • QUIT
More Console Commands... • SET • CONFIG • SECURE • LOAD • TELL • REPLICATE • PUSH • PULL • ROUTE • BROADCAST
The Name and Address Book • The Public Address Book is a Lotus Notes database, stored on the server, that contains key information about a Lotus Notes domain, its configuration, and its users. Its file name is NAMES.NSF • A server will not start without access to the Public Address Book • Additional address books (e.g., foreign) may be "cascaded"
15 Public Address Book Documents • Groups • Locations • People • Server • Certificates • Clusters • Configurations • Connections • Domains • Servers • and more...
Public vs. Personal Address Book • Each Notes client also has a personal address book stored on the workstation that contains the user's personal groups and frequent correspondents, as well as information about how the user interacts with servers and the network • The file name for the personal Name and Address Book is also NAMES.NSF • For the administrator using the server as a workstation, the NAB is shared
Registering and Connecting Additional Servers • Having multiple servers in a domain allows servers to focus on different tasks such as replication, mail routing, or passthru. • The administrator must register a new server before the Notes server code is installed, using the Administration Control Panel • Registration creates an ID file for the server and adds a Server document to the Public Address Book • At setup time, the new server gets a replica copy of the NAB from the first server
Two Naming Models: Flat and Hierarchical • Used for both servers and users • Flat name: "John Smith" or "Pluto" • Hierarchical name: "John Smith/CAM/Lotus" or "Pluto/Solar System/Universe" • Domino supports both • Hierarchical has advantages • Mixed environments are the most complex
Directory What's a Hierarchical Name? • Inspired by X.500 • Name includes organizational structure • Always has a Common Name and Organization name • Optional Country code and up to four levels of Organizational Unit names • e.g., John Smith/CAM/Lotus OU O CN
Hierarchical Naming Conventions • Based on business unit • e.g., John Smith/Sales/Acme • Based on geography • e.g., John Smith/NY/Acme • Based on business unit and geography • e.g., John Smith/Sales/NY/Acme • Keep organizational units to a minimum • Use middle initials or user-unique organizational units to make identical names unique • Avoid commas and periods
Server Naming Conventions • Memorable names • e.g., Marketing, Accounting • Descriptive hierarchical names • e.g., Marketing/M/NYC • Descriptive flat names • e.g., Acme_NY_Mail1, Acme_NY_DB2, Acme_NY_Hub1
Registering/Certifying Users • Every user who will access Notes with a Notes client must be registered • User Registration is performed through the Administration Control Panel or in batch from an ASCII file • At User Registration: • A user ID file is created, containing the user's name, password, and encryption keys, and stamped with a certificate • A person document for the user is added to the server's Public Name and Address Book • A mail file is created for the user on the designated Home server
Authentication • ID file contains: • User/server name and password • Creation/expiration info • License number • Certificates • Public key • Private key • Encryption key(s) • ID files whose certificates share a common ancestor can authenticate with each other
Interacting with Other Organizations • Cross-certificates can "connect" whole organizations with a single step, allowing organizations, organizational units, users or servers with no common ancestral heritage to authenticate • With flat names, individual members of organizations must cross certify • If there is someone with the same name in the foreign organization, cross certification is not secure!
Defining Groups • A group is a named list of users stored in the NAB • Groups may be multi-purpose, or specific • Mailing List (Distribution List) • Access Control List • Deny List • The Notes Administrator defines Groups in the Public Address Book through the Administrator Control Panel or by viewing the NAB • Groups can also be implicit • Entries of the form */Acme can be listed on an ACL to give rights to all members of an organization
Managing Users • Users' names need to be changed • Access must be revoked for users who leave • Users must be recertified when certifications expire • Users may move between organizational units • Servers or domains may need to be consolidated
Moving Mail Users to a New Server • Copy the user's mail file to the new server • Change the user's person document in the NAB • Replicate the NAB • Delete the old mail file • Change the user's location document
Administration Process • The Administration Process (AdminP) automates certain administrative tasks by scheduling updates across multiple servers • Change User's or Server's Common Name • Update ACLs With Name Changes • Recertify an ID • Move Users and Servers Within a Hierarchy • Delete Users, Servers, and Groups • Globally Convert IDs from Flat to Hierarchical • Each database to be managed by ADMINP has an administrative server assigned • AdminP requests are stored in ADMIN4.NSF
Setting Up Mail Databases • Mail may be stored in shared mail databases (single copy object store) or individual mail databases • With shared mail, the router splits the mail message into two parts: • Header - put into each recipient's mail file • Content (body) - put into active shared mail database • Shared mail options (NOTES.INI) • 0 - Shared mail not in use • 1 - Shared mail used when recipients = 2 or more • 2 - Shared mail used always • Administrator creates shared mail databases, monitors size, switches to new databases, and links and un-links mail files from the shared mail database