Gestione del
                      client Notes,
                      strumenti,
                      suggerimenti e
   ...
Leave this slide as is
About Myself …
• Director,  North  America  for  Panagenda
• 14  years  consul;ng  experience  with  Domino  
  environmen...
What We’ll Cover …
• Introduc;on
• Managing  IDs
• Taking  inventory  of  your  clients
• Managing  the  mail  file
• Worki...
User IDs
• Should  NOT  be  kept  on  a  shared  drive
   All  of  IT  doesn’t  need  to  be  able  to  impersonate  
   ...
ID Vault
• Collects  and  stores  current  copies  of  exis;ng  
 IDs  with  the  current  password  in  encrypted  db
  ...
ID Vault (cont.)
• IDs  get  uploaded  if  there  is  there’s  any  change
   Renamed,  recer;fica;ons,  or  password  cha...
ID Vault (cont.)
• Requires  a  Security  Se_ngs  document  to  apply




                                                ...
Password Management
• Use  a  Security  Se_ngs  document  to  control:  
   Password  Quality  Se_ngs  
   Expire  passw...
Password Management
       (cont.)




                      14
Password Checking
• Enabled  on  the  Server  –  Security  tab




• Won’t  allow  users  to  authen;cate  if  they  don’t...
Public Key Checking
• Enabling  public  key  checking  prevents  users  
 not  listed  in  the  Domino Directory  from  
 ...
What We’ll Cover …
• Introduc;on
• Managing  IDs
• Taking  inventory  of  your  clients
• Managing  the  mail  file
• Worki...
Client Inventory & Management
• You  have  to  know  what  kinds  of  clients  you  
 have,  specifically  when  upgrading
...
Client Inventory & Management
• Is  there  any  other  Lotus  interfacing  sofware  
  installed  on  the  user’s  machine...
Client Inventory & Management
• If  you  can,  gather  all  Notes.inis  to  help  you  
 understand  a  lot  of  the  prev...
Client Inventory & Management
• When  users  authen;cate,  AdminP  records  Notes  
 version  &  client  plakorm  &  machi...
Client Inventory & Management
• Once  you  have  previous  data  you  can  
 understand  the  upgrade  method  that  suits...
What We’ll Cover …
• Introduc;on
• Managing  IDs
• Taking  inventory  of  your  clients
• Managing  the  mail  file
• Worki...
Quotas
• Should  be  implemented  in  with  archiving
   Those  take  up  a  dispropor;onate  amount  of  server  
   res...
Inbox Management
• A  large  Inbox  can  corrupt  or  stop  new  mail  
 from  being  delivered  
  • Refresh  view  index...
Unread Marks
• Enable  the  Replicate  unread  marks  feature
         Located  on  the  advanced  tab  of  database  pro...
Archives
• If  you  restrict  DB  size,  provide  them  with  
 another  way  to  store  their  data
   Don’t  force  you...
DAOS to Reduce DB File Size
• It  won’t  help  users  with  their  quota  but  it  will  
 save  up  to  40%  disk  space ...
What We’ll Cover …
• Introduc;on
• Managing  IDs
• Taking  inventory  of  your  clients
• Managing  the  mail  file
• Worki...
Mail File ACLs
• Get  set  originally  when  the  mail  file  is  created
   And  is  based  off  the  Access  Control  Lis...
Mail File ACLs (cont.)
• Require  an  admin  server  listed  in  order  to  
 properly  work  with  renames
   Advanced  ...
Mail File ACLs (cont.)
• Mass  modifying  mail  file  ACLs  is  easy:  File  –  
 Select  All  –  Manage  ACL
   This  wil...
ECLs
• Grants  other  en;;es  rights  to  execute  code  on  
  your  worksta;on
• Resides  on  each  
  Notes  client  
 ...
ECLs (cont.)
• Especially  if  you  are  coming  from  an  
 “unmanaged”  environment,  you  need  to  use  
 policies  to...
ECLs (cont.)
• Avoid  users  ever  ge_ng  
 an  ECL  warning  
   It’s  scary  and  not  very  
   user  friendly
      ...
What We’ll Cover …
• Introduc;on
• Managing  IDs
• Taking  inventory  of  your  clients
• Managing  the  mail  file
• Worki...
Compress Port Traffic
• Compressing  TCPIP  traffic  on  both  the  client  
 and  the  server  side  will  allow  your  
 e...
Cluster Failover
• Failover  between  cluster  servers  is  much  more  
 understandable  now  since  Notes  8.0




• 8.5...
Roaming
• Allows  users  to  access  bookmarks.nsf,  Notes  
  ID,  names.nsf,  journal.nsf,  feeds  
  (localfeedscontent...
What We’ll Cover …
• Introduc;on
• Managing  IDs
• Taking  inventory  of  your  clients
• Managing  the  mail  file
• Worki...
Training and Education
• Whenever  you  do  an  upgrade  or  make  a  
 fundamental  client  change,  don’t  leave  your  ...
Training and Education
• FAQ  database
   Virginia  Commonwealth  University
        www.ts.vcu.edu/kb/2231.html
   San...
Problem with Native Tools
• Most  of  what  we  covered  depends  on/interacts  
 with  policies
   – in  my  experience  ...
Problem with Native Tools
• Policies  only  work  if  the  Notes  client  is  already/
 always  set  up  correctly  with:
...
What We’ll Cover …
• Introduc;on
• Managing  IDs
• Taking  inventory  of  your  clients
• Managing  the  mail  file
• Worki...
Your Turn!




      How to contact me:
         Francie Tanner
francie.tanner@panagenda.com
                             ...
Upcoming SlideShare
Loading in...5
×

DDive - Franziska Tanner client upgrade options

1,396

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,396
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

DDive - Franziska Tanner client upgrade options

  1. 1. Gestione del client Notes, strumenti, suggerimenti e chicche Francesca Tanner Director, Panagenda
  2. 2. Leave this slide as is
  3. 3. About Myself … • Director,  North  America  for  Panagenda • 14  years  consul;ng  experience  with  Domino   environments,  upgrades  and  consolida;ons – Managing,  architec;ng,  and  suppor;ng • Various  site/version/size  deployments   – 10  to  100,000  users – Versions  4-­‐8.5.2 • Experienced  Lotus  instructor  and  speaker • Bunch  of  cer;fica;ons 3 4
  4. 4. What We’ll Cover … • Introduc;on • Managing  IDs • Taking  inventory  of  your  clients • Managing  the  mail  file • Working  with  ACLs  and  ECLs   • Connec;vity  and  failover • Training  and  third-­‐party  tools • Wrap-­‐up 5
  5. 5. User IDs • Should  NOT  be  kept  on  a  shared  drive  All  of  IT  doesn’t  need  to  be  able  to  impersonate   users • Should  NOT  have  standard  passwords  See  above,  this  is  a  huge  security  risk  and  then  add   all  users  to  the  list  of  people  able  to  impersonate   others • If  on  Lotus  Notes  and  Domino  7  or  below,  use   an  ID  Recovery  database  to  store  user  IDs 9
  6. 6. ID Vault • Collects  and  stores  current  copies  of  exis;ng   IDs  with  the  current  password  in  encrypted  db  Lost/missing  IDs  are  downloaded  from  vault   automa;cally  The  users  current  password  s;ll  works  =  seamless • Allows  password  resets  if  forgo[en  Use  ID  Vault  –  Reset  Password   to  immediately  change  password    Use  random  passwords  for   added  security 10
  7. 7. ID Vault (cont.) • IDs  get  uploaded  if  there  is  there’s  any  change  Renamed,  recer;fica;ons,  or  password  changes • Access  to  download  IDs  and  reset  passwords  is   granted  to  admins  and  support  staff  The  ID  Vault  database  is  encrypted  with  the  server   ID,  so  manually  downloaded  IDs  are  unusable  if   detached    Admins  have  to  use  ID  VaultExtract  ID  from  Vault  to   obtain  a  user  ID  if  they  get  locked  out • New  user  IDs  are  uploaded  by  default 11
  8. 8. ID Vault (cont.) • Requires  a  Security  Se_ngs  document  to  apply 12
  9. 9. Password Management • Use  a  Security  Se_ngs  document  to  control:    Password  Quality  Se_ngs    Expire  passwords  Password  checking  When  users  enter  their  password  to  open  the  User  ID   file,  the  password  must  match  the  current  password   stored  in  the  Person  document  or  they  will  not  be   authen;cated    Has  to  be  enabled  on  both  the  client  and  the  server  Update  Internet  password  when  the  Notes  ID   password  changes 13
  10. 10. Password Management (cont.) 14
  11. 11. Password Checking • Enabled  on  the  Server  –  Security  tab • Won’t  allow  users  to  authen;cate  if  they  don’t   provide  the  last  valid  password  Effec;ve  especially  when  implemented  in  with   password  expira;on  and  pubic  key  checking 15
  12. 12. Public Key Checking • Enabling  public  key  checking  prevents  users   not  listed  in  the  Domino Directory  from   authen;ca;ng  Compares  the  public  key  in  the  person  document  to   that  of  the  ID  file  and  doesn’t  grant  access  to  the   server  if  no  match  Make  sure  you  LOG  mismatches  before  enabling  this  Prevents  stolen  IDs  from  authen;ca;ng  if  the   legi;mate  person’s  User  ID  has  been  recer;fied  Prevents  cross-­‐cer;fica;on  from  working 16
  13. 13. What We’ll Cover … • Introduc;on • Managing  IDs • Taking  inventory  of  your  clients • Managing  the  mail  file • Working  with  ACLs  and  ECLs   • Connec;vity  and  failover • Training  and  third-­‐party  tools • Wrap-­‐up 17
  14. 14. Client Inventory & Management • You  have  to  know  what  kinds  of  clients  you   have,  specifically  when  upgrading • Basic  or  Standard  Single-­‐  or  mul;-­‐user  Citrix/Terminal  Server  iNotes/DWA  Admin  and  Designer  clients • Where  and  what  version  is  installed  Na;ve  tools  do  a  bad  job  here,  third-­‐party  tools   and  scripts  help 18
  15. 15. Client Inventory & Management • Is  there  any  other  Lotus  interfacing  sofware   installed  on  the  user’s  machine? – Same;me  stand-­‐alone  client – An;-­‐virus  products – Login  scripts – Handheld  device  sofware • Note:  If  Notes  launches  as  the  machine  boots   and  login  scripts,  an;-­‐virus  or  the  Opera;ng   System  are  s;ll  loading,  users  will  see  slow   performance 41
  16. 16. Client Inventory & Management • If  you  can,  gather  all  Notes.inis  to  help  you   understand  a  lot  of  the  previous  variables,   including  client  type  InstallType=2  All  clients  install,  Admin  and  Designer  InstallType=6  Notes  client  only  KitType=1  Worksta;on  install  KitType=2  Server  install  KitType=8  Nomad  install • Who  has  which  calendars  delegated 20
  17. 17. Client Inventory & Management • When  users  authen;cate,  AdminP  records  Notes   version  &  client  plakorm  &  machine  name  If  this  is  not  working  reliably  in  your  environment   AdminP  is  not  working  right  Use  the  Domino  Designer  to  add  a  column  to  the  People   view  to  display  and  sort  the  column  on  the  ClntBld  field  You  can  also  restrict  which  version  of  Notes  can  access  a  par;cular   version  of  Domino 21
  18. 18. Client Inventory & Management • Once  you  have  previous  data  you  can   understand  the  upgrade  method  that  suits   your  needs  SmartUpgrade    Doesn’t  require  admin  rights  with  SuRunAs.exe  but   does  require  end-­‐user  interac;on  Don’t  forget  to  either  use   SELECTINSTALLFEATURES=Same;me,  Ac;vi;es  ...  or  edit   the  install  manifest  INSTALL.XML  for  eclipse   components  Third-­‐party  install  tools 22
  19. 19. What We’ll Cover … • Introduc;on • Managing  IDs • Taking  inventory  of  your  clients • Managing  the  mail  file • Working  with  ACLs  and  ECLs   • Connec;vity  and  failover • Training  and  third-­‐party  tools • Wrap-­‐up 23
  20. 20. Quotas • Should  be  implemented  in  with  archiving  Those  take  up  a  dispropor;onate  amount  of  server   resources  Typically  users  will  ignore  quota  warnings  so  be   prepared  to  adjust  these  limits  frequently  Mail  files  can  corrupt  if  too  large  The  more  writes  to  a  database  the  greater  the  chances   of  ge_ng  corrup;on  Be  sure  to  set  quotas  on  all  clustered  servers  as   these  se_ngs  don’t  replicate 24
  21. 21. Inbox Management • A  large  Inbox  can  corrupt  or  stop  new  mail   from  being  delivered   • Refresh  view  indexes  on  the  server-­‐based  mail  file    Or  have  the  user  press  Ctrl+Shif+F9 • A  large  inbox  can  also  make  Notes  appear  slow,   especially  in  iNotes  Use  a  Mail  Se_ngs  document  to  deal  with  this 25
  22. 22. Unread Marks • Enable  the  Replicate  unread  marks  feature  Located  on  the  advanced  tab  of  database  proper;es  Select  Replicate  unread  marks  Over  clustered  servers  Or  all  servers • Make  sure  you  set  this  on  all     mail  files • NOTE:  This  se_ng  doesn’t   replicate • Some;mes  unread  marks s;ll  don’t  synchronize  properly 26
  23. 23. Archives • If  you  restrict  DB  size,  provide  them  with   another  way  to  store  their  data  Don’t  force  your  users  to  spend  ;me  on  cleaning  up   their  mail,  that’s  not  what  they  were  hired  to  do • Local  archiving  is  almost  never  the  way  to  go  Prevent  via  policy  &  use  server  archiving  instead 27
  24. 24. DAOS to Reduce DB File Size • It  won’t  help  users  with  their  quota  but  it  will   save  up  to  40%  disk  space  Domino  A[achment   Object  Storage  DAOS  collects  all  shared  copies  of  the  same   a[achment  and  saves  it  in  a  central  repository  This  is  transparent  to  users  Requires  far  less  back-­‐up  ;me  Less  writes  to  your  disks  means  less  chances  for   corrup;on  In  addi;on  to  faster  servers 28
  25. 25. What We’ll Cover … • Introduc;on • Managing  IDs • Taking  inventory  of  your  clients • Managing  the  mail  file • Working  with  ACLs  and  ECLs   • Connec;vity  and  failover • Training  and  third-­‐party  tools • Wrap-­‐up 31
  26. 26. Mail File ACLs • Get  set  originally  when  the  mail  file  is  created  And  is  based  off  the  Access  Control  List  (ACL)  of   your  mail  file  template • Users  required  Manager  in  previous  versions  to   cope  with  Out  Of  Office  agents  Now  Editor  is  sufficient  and  HIGHLY  desirable  Editors  can’t  lock  you  out  of  the  ACL  nor  delete  their   own  mail  file • Admin  rights  are  not  required  if  you  use  Full   Access  Admin 32
  27. 27. Mail File ACLs (cont.) • Require  an  admin  server  listed  in  order  to   properly  work  with  renames  Advanced  tab  of  the  ACL,  should  be  set  to  the   home  server 33
  28. 28. Mail File ACLs (cont.) • Mass  modifying  mail  file  ACLs  is  easy:  File  –   Select  All  –  Manage  ACL  This  will  help  with  server,  admin,  and  admin  server   access  Don’t  forget  to  change  your  template  ACLs  if  you  want   to  change  global  mail  file  rights  for  future  users   Changing  individual  ACL’s  is  more  complicated  Requires  manual  one-­‐by-­‐one  interven;on  Great  tool  on  Paul  Mooney’s  site  On  the  www.pmooney.net/resources   34
  29. 29. ECLs • Grants  other  en;;es  rights  to  execute  code  on   your  worksta;on • Resides  on  each   Notes  client   • Machine-­‐specific • Populated  upon  1st   client  launch • Based  on  the  Admin  ECL  inDomino  Directory  User  Ac;ons  –  Edit  Admin  ECL  to  modify 35
  30. 30. ECLs (cont.) • Especially  if  you  are  coming  from  an   “unmanaged”  environment,  you  need  to  use   policies  to  manage  current  and  future  users  Use  a  Security  Policy  to  update  the  default  ECL • Make  sure  your  servers  are  listed  in  the  ECL  Groups  cannot  be  added  Technically  speaking  they  can  but  only  Cer;fier  IDs  and   User  IDs  will  get  honored • Create  an  internal  signing  ID  you  use  to  sign   and  deploy  all  code 36
  31. 31. ECLs (cont.) • Avoid  users  ever  ge_ng   an  ECL  warning    It’s  scary  and  not  very   user  friendly  Please  tell  your  support   staff  not  to  instruct  users   to  click  the  last  op;on   here 37
  32. 32. What We’ll Cover … • Introduc;on • Managing  IDs • Taking  inventory  of  your  clients • Managing  the  mail  file • Working  with  ACLs  and  ECLs   • Connec;vity  and  failover • Training  and  third-­‐party  tools • Wrap-­‐up 38
  33. 33. Compress Port Traffic • Compressing  TCPIP  traffic  on  both  the  client   and  the  server  side  will  allow  your   environment  to  communicate  faster  Done  on  the  client  via  a  Desktop  Se_ngs  document 39
  34. 34. Cluster Failover • Failover  between  cluster  servers  is  much  more   understandable  now  since  Notes  8.0 • 8.5.2  makes  this  transparent  “silent  failover” • 8.5.x  brings  this  closer  to  being  transparent  Use  HidePromptFailoverInc=1  if  you’re  not   upgraded  yet 40
  35. 35. Roaming • Allows  users  to  access  bookmarks.nsf,  Notes   ID,  names.nsf,  journal.nsf,  feeds   (localfeedscontent.nsf)  and  Eclipse  plug-­‐ins  and   se_ngs  (roamingdata.nsf)  can  roam • Upgrade/downgrade  via  the  Admin  client 44
  36. 36. What We’ll Cover … • Introduc;on • Managing  IDs • Taking  inventory  of  your  clients • Managing  the  mail  file • Working  with  ACLs  and  ECLs   • Connec;vity  and  failover • Training  and  third-­‐party  tools • Wrap-­‐up 45
  37. 37. Training and Education • Whenever  you  do  an  upgrade  or  make  a   fundamental  client  change,  don’t  leave  your   users  guessing    Unexpected  changes  mean  unexpected  support   calls • Get  crea;ve  with  your  educa;on  methods:  Sidebar  training  apps  Pop-­‐up  ;ps  as  the  client  launches  Classroom  training 46
  38. 38. Training and Education • FAQ  database  Virginia  Commonwealth  University  www.ts.vcu.edu/kb/2231.html  San  Francisco  State  University  www.sfsu.edu/~helpdesk/lotus/lotusnotes/lotusfaq/ index.htm • Create  a  Knowledge  Base  for  your  support  staff  Anything  that  will  affect  your  users  will  affect  them 47
  39. 39. Problem with Native Tools • Most  of  what  we  covered  depends  on/interacts   with  policies – in  my  experience  70%  of  Notes  client  actually   receive  policies – depends  on  DCC  (Dynamic  Client  Configurator)   which  is  launched  when  the  Notes  client  interacts   with  the  Domino  server   – con;nuously  upgraded  clients  are  notorious  for   not  receiving  policies • check/clear  the  $Policies  view  in  the  local  names.nsf 49
  40. 40. Problem with Native Tools • Policies  only  work  if  the  Notes  client  is  already/ always  set  up  correctly  with:  proper  loca;on  document  home  server  proper  ACL  admin  server • Even  then  policies  are  not  predictable  with   regards  to  ;me  &  once  a  se_ng  is  set  it   cannot  be  un-­‐done  Similarly,  an  ac;on  cannot  be  applied  again  if  it’s   already  been  applied • This  may  be  a  big  problem 49
  41. 41. What We’ll Cover … • Introduc;on • Managing  IDs • Taking  inventory  of  your  clients • Managing  the  mail  file • Working  with  ACLs  and  ECLs   • Connec;vity  and  failover • Training  and  third-­‐party  tools • Wrap-­‐up 51
  42. 42. Your Turn! How to contact me: Francie Tanner francie.tanner@panagenda.com 55

×