Deploying DAOS and ID Vault

  • 4,193 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
4,193
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
30
Comments
0
Likes
7

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. MWLUG Conference 2009 IBM Center Chicago, IL August 27-28, 2009 Empowering the Lotus Community
  • 2. Deploying DAOS and ID Vault Luis Guirigay [email_address] http://lguiriga.blogspot.com Twitter: lguiriga Session: IN107
  • 3. Agenda
    • Who am I ?
    • Introduction to DAOS
    • DAOS Estimator Tool
    • Configuring DAOS
    • Best Practices
    • Introduction to ID Vault
    • Configuring ID Vault
  • 4. Who am I
    • Senior IT Specialist at PSC Group, LLC
    • Involved in Lotus Technologies since 1998
    • Co-Author of multiple IBM Redbooks (Domino 7 for i5/OS, Workplace Collaboration Services, DB2 for i5/OS and Lotus Workflow)
    • IBM Certified Administrator and Developer in 5, 6, 7, 8 and 8.5
    • IBM Certified Administrator in Sametime 7.5 and 8
    • IBM Certified Administrator in WebSphere Portal 6.0 and 6.1
    • IBM Certified Administrator in Lotus Connections 2.0.x
    • IBM Certified Developer in Lotus Workflow
    • Find me at:
      • http://lguiriga.blogspot.com
      • Twitter = lguiriga
  • 5. DAOS
  • 6. Introduction to DAOS - Domino Attachment and Object Service
    • It is not “Shared Mail” (Shared Mail developers are doing something else)
    • Will keep only one instance of each attachment – unless:
      • Message is encrypted
    • It is a Server feature – Local Replicas will get all attachments
    • Cluster is supported but each server handles DAOS independently
    • DAOSCatalog.nsf keeps all relationships information
    • DAOS is configured per server (Not per Domain)
    • DAOS is green: less data = less storage/space needed = more savings
    • Attachments are now stored as encrypted .NLO files (by default)
    • Transparent to end users and applications
    • It requires Transaction Logging (TXN) - (That’s ok, TXN is cool)
      • Follow Transaction Logging Best Practices
      • http://www-01.ibm.com/support/docview.wss?rs=203&uid=swg27009309
  • 7. Introduction to DAOS - Domino Attachment and Object Service
  • 8. Introduction to DAOS - Domino Attachment and Object Service
  • 9. DAOS Benefits
    • Disk space savings
      • Also keep in mind Design and Data compression
    • Backup times
    • Mail routing optimization when attachments are involved
    • Database compact will run faster since file size is reduced
    • I/O Transactions are reduced
    • Reducing view rebuild times
    • DAOS files can be located at:
      • Network drive
      • SAN/NAS
      • Local drive
  • 10. DAOS Estimator Tool
    • Free
    • Will tell you how much space you will save before upgrading
    • Tested on Domino 6.x and later (but it can run on Domino 5)
    • Output:
    • Get it here – IBM Technote #4021920
      • http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg24021920
  • 11. Configuring DAOS
  • 12. Configuring DAOS
    • DAOS disabled by default
    • Remember to apply Fix Pack 1
  • 13. Enabling DAOS
    • Go to Server Document > DAOS
    • Change it to Enabled
  • 14. Enabling DAOS
    • Set the minimum size based on the OS bytes per cluster and number of attachments to be created. Example = 64 KB
    • Specify DAOS base Path
    • Set Defer Object Deletion (Number of days DAOS will wait to delete the NLO file after the last message pointing to it has been deleted)
    • Save and Close
    • Restart server
  • 15. Configuring DAOS
    • Sh Server – TXN and DAOS must be enabled
  • 16. Upgrade to ODS 51
    • DAOS requires ODS 51
    • Add CREATE_R85_DATABASES=1 to server’s notes.ini
    • Update to ODS 51 using Load compact –c
    • ODS 51 will also compress the notes database
    • - Mail file reduction when upgraded to ODS 51 = 27 MB vs 12 MB
  • 17. DAOSify Applications and Templates
    • Use:
      • Load compact <folder/apps> -c –daos on
        • Or
      • Check application property
      • load compact <folder/apps> -c
    • Enable DAOS at least for Mailxx.ntf
    • and Mailbox.ntf (So you don't need to enable it
    • again and again and again....)
  • 18. Looking at the space savings
    • After sending 2 emails – 5 MB and 30 MB
    • LZ1 Compression is also used when creating the NLO files
  • 19. More DAOS Information
    • How many attachments were moved to DAOS
    • Total size of attachment moved to DAOS
    • This is a production Mail file..
  • 20. Disabling DAOS
    • If DAOS is disabled only at the server document
      • Old messages will stay in the DAOS folder
      • New messages will be stored in the DB
    • To Disable DAOS at the application level
      • load compact <folder/app> -c –daos off
      • It will restore the attachments to the application, and if the attachment is not longer used by anyone else, it will be deleted based on the “Defer Object Deletion for” setting
  • 21. DAOS – Best Practices
    • Backup Mail folder(s) first if backup is performed while server is running (Very Important !!!!)
    • Enabling DAOS on the Mail.box(es) will improve DAOS processing time
    • Enable DAOS on required Templates (Mailbox.ntf, Mailxx.ntf, etc…)
    • Do not enable DAOS to the Mail Journal
    • DAOS encryption represents up to 5% cpu utilization. Evaluate if needs to be disable (don’t worry too much about this)
    • Evaluate location of DAOS Folder based on:
      • I/O costs
      • Storage Capacity
  • 22. DAOS – Best Practices
    • Do not play with the DAOS folder (It’s not a toy)
      • Don’t move files
      • Don’t delete files
      • Let DAOS to handle NLO files
    • Notes/Domino Best Practices: Transaction Logging (# 7009309)
    • Using the Lotus Domino Attachment and Object Service Estimator tool (# 7014980 )
    • DAOS Backup and Restore (# 1358548)
  • 23. DAOS – Best Practices
    • Minimum size limit based on your system's disk block
    • fsutil fsinfo ntfsinfo <drive>
    • DAOS Estimator tool can help you to define minimum value
  • 24.  
  • 25. ID Vault
    • It is an optional feature that automates the most important ID related operations
      • Synchronize passwords across multiple copies
      • Upload a copy of the user ID to the ID Vault
      • Allows to reset a password from the Admin client
      • Use method ResetUserPassword to create self-service applications
      • Automates Key rollovers
      • Automates user renames
      • Allows to restore IDs in case of lost or corruption
      • No need to have the ID when installing a new Notes client
      • Audit role – allows to download a copy of the ID for auditing purposes.
        • SECURE_DISABLE_AUDITOR=1 to disable it
  • 26. ID Vault Requirements
    • Servers hosting the Vaults or involved in the process must be 8.5
    • Clients must be 8.5
    • New Security view in both server and client’s log.nsf
    • Multiple Domino Domains are not supported
      • But Multiple Organizations within the same domino domain are
  • 27. Configuring ID Vault
  • 28. Configuring ID Vault
    • Read carefully and click Next
  • 29. Configuring ID Vault
    • Enter the ID Vault’s name and some descriptive information. Click Next
      • Remember.. You can create multiple ID Vaults
      • The description will become the DB tittle
      • Don’t name the ID vault as the Org, Domain, OU
  • 30. Configuring ID Vault
    • Enter a password and confirm it. Click Next.
      • Optional: Set the ID Vault‘s id location (Yes.. You need to worry about a new ID)
      • Do not forget this password !!!
  • 31. Configuring ID Vault
    • Select your primary ID Vault server. Click Next
    • You can add replicas of the ID Vault to other servers later
    • Important !!!! ID Vaults replicas cannot be created using standard “Create Replica” process – You must use ID Vault > Manage ID Vault Replicas
  • 32. Configuring ID Vault
    • Select the ID Vault administrators
  • 33. Configuring ID Vault
    • Select the Organizations or OUs that should be part of this ID Vault
  • 34. Configuring ID Vault
    • Add the users authorized to reset passwords
    • Users/Servers with the “Password reset agent authority” will be able to sign agents that can reset passwords.
  • 35. Configuring ID Vault
    • Select “Create a new policy assigned to an organization”
      • It will create an organizational policy
      • There are multiple options here…. Be my guest !
  • 36. Configuring ID Vault
    • Select the Org to which this policy will be assigned.
  • 37. Configuring ID Vault
    • Enter some information to help the user contacting the right team or anything that may help.
    • This field supports html
  • 38. ID Vault
    • Review all the details and click Create Vault.
    • You will be asked for one or more Cert Ids (based on the Org applied to the ID Vault)
  • 39. ID Vault
    • Cool !!!! We have created our first ID Vault
  • 40. ID Vault
    • Let’s see our new Policy
  • 41. ID Vault
    • and our ID Vault
  • 42. ID Vault – Best Practices
    • Here is our first user’s id uploaded to the Vault.
    • It may take some time to upload the ID (the first time)
    • ID File is encrypted
  • 43. Administering ID Vault
  • 44. ID Vault
  • 45. Questions ??