BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino Server Playground in One Hour! Jess Stratton  ...
Who is this Jess person and why should we listen to her? Jess... <ul><li>Does Lotus â  Domino â  consulting, ongoing and p...
Has worked with Lotus Notes â /Domino since R4.x, ~10 years.
Speaks at The View’s Admin and Developer conferences.
Has written articles for Group Computing/E-Pro Magazine.
Hosts the group blog at LotusUserGroup.org (blog with me!)
Has submitted apps to OpenNTF.org.
Co-hosts the 1352 Report podcast on industry news.
AND – I’m an administrator AND a developer! </li></ul>A great thing about developing and administrating together:  You can...
The Problem:  <ul><li>You’re going independent and want to set up a server at home to work with…OR…
You want to set up a developing playground at the office…
BUT…
All the servers you’ve ever developed for have been installed and are in place already!
I guess you could just install the server software out of the box, but do you really want to put it live on a network like...
The Solution, and the Expectation: We’re going to do a full walkthrough of a Lotus Domino server install and configuration...
Agenda <ul><li>Install server software
Launch/install setup file
Configure the newly installed Lotus Domino server
Start Domino
Install and configure the Administrator client
Secure and further tweak the Domino server
Setup a firewall for external access to the Domino server
Register our test subjects. I mean, er, users </li></ul>Agenda slide
Table of Contents Contents can be interactive: highlight on mouse over and hyperlink to section on mouse click.  <ul><li>I...
Administrator Client setup
Configuring Domino
Configuring a firewall for external access
Registering users
Addendum: Playing safe with existing (production) servers </li></ul>
Installing Lotus Domino 8.5
Installing Domino 8.5… <ul><li>Hardware/Software requirements </li><ul><li>Where to Find: They are always in the Release N...
Basic PING test is fine, but make sure they can TALK!
If using Virtual PC/VMware, do ping test between host and client. </li></ul></ul>PREREQUISITES
Installing Lotus Domino... <ul><li>THE EASY PART:
Download from Passport Advantage, double-click!
OK to accept Program Files directory name, or change. It’s your call! </li><ul><ul><li>I always change it to “C:LotusDomin...
The server setup type selection will depend on what license you have and what services will be installed by default.  </li...
Lotus Domino as a service? <ul><li>If you install Domino as a service,  don't forget! </li><ul><li>You won't see the conso...
Launch & Configure “Lotus Domino Server” Icon <ul><li>Things to decide in advance:
Server Name </li><ul><li>Server 1, Dev, Playground, Test, etc. </li></ul><li>Organization Name </li><ul><li>/Dev, /Playgro...
A note about Naming conventions… <ul><li>A Lotus Domino domain is NOT an Internet domain. </li><ul><li>No .com, .org, etc....
Can be the same as the Org name. </li></ul><li>If this is in addition to a production server already in place, do NOT use ...
Configuring Lotus Domino for the first time <ul><li>This is a  one-time  setup dialog the first time you click the icon.
Set up Lotus Domino as a first server. </li><ul><li>Enter Server name, i.e.. Server1
Enter Organization name, i.e.. Playground
Enter Domain name, i.e.. MyDomain </li></ul></ul>Text slide  with inset  photo
Finalizing the initial config… <ul><li>CONGRATULATIONS!
Your server is now identified as  </li></ul>Server1/Playground@MyDomain <ul><li>Set up network ports and services you want...
Domino will now create databases, and you’re ready to launch the server! </li></ul>
Start Lotus Domino! <ul><li>Double click the icon, and start ‘er up!
The first time Domino starts, it creates databases, starts services, and checks  stuff  like host names.
It may take a few minutes, and log a few errors. Just let it start! For example, it may be trying to start services whose ...
Once it’s settled down (and the server stops sounding like a percolating coffee maker) type ‘q’ to bring down the server, ...
Lotus Domino Administrator Client Setup
Callout/quote in left margin:  13pt Arial Italic, yellow R255 | G 204 | B0 Installing the Lotus Domino Administrator Clien...
Don’t install this on the server. </li></ul><ul><li>During client setup, don’t forget to install ALL the clients…  </li><u...
Launch the Lotus Notes client FIRST. <ul><li>Set up the Lotus Notes client with your new ID file before launching the Admi...
Put in the Administrator name you used and the Domino server name when you registered.
If you forgot the server name, go back to the console of the server! </li><ul><li>The title bar of the DOS window is the s...
We won’t tell anyone. Promise. </li></ul></ul>
A note on client configuration… <ul><li>If you already have a Lotus Notes client on a machine you want to use, use Locatio...
Configure your Location document to automatically switch to your Playground ID file.
So never the twain shall meet – Configure the Connection document to only work for THAT ID file and location document. </l...
Configuring Lotus Domino (using the Domino Administrator Client)
Source reference: 10pt Arial Regular, white Securing Lotus Domino <ul><li>Launch that Administrator client! </li></ul><ul>...
Maximum Internet name and password should be 'Reader', unless you want to use Web Admin, and then it should be 'Editor'. <...
We begin with the Server document… <ul><li>Configuration tab->Server->All Server Documents </li></ul>
BASICS tab <ul><li>Routing Tasks </li><ul><li>Mail Routing
Select SMTP routing if this is going to be an SMTP server.   </li></ul><li>If creating an SMTP server, also enable the SMT...
SECURITY tab – recommended settings <ul><li>Full Access Administrators: </li><ul><li>Put your name explicitly in the field...
Upcoming SlideShare
Loading in …5
×

BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino Server Playground in One Hour!

4,759 views

Published on

Are you a developer who has only worked with a Domino server already in place? Would you like to learn how to start from scratch and make sure you still end up secure? This session will teach developers who have no prior admin experience get a Domino server up and running. In one hour, learn to create your own development playground by walking through a complete install and basic configuration of a Domino server. You’ll use the Administrator client to create user IDs, and configure and secure Domino as both an SMTP and web server. Learn how to set up your firewall or router to access your server from the Internet. Finally, keep your server running smoothly by providing regular maintenance!

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,759
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
212
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino Server Playground in One Hour!

  1. 1. BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino Server Playground in One Hour! Jess Stratton | IBM Lotus Domino Consultant, Solace
  2. 2. Who is this Jess person and why should we listen to her? Jess... <ul><li>Does Lotus â Domino â consulting, ongoing and project-based.
  3. 3. Has worked with Lotus Notes â /Domino since R4.x, ~10 years.
  4. 4. Speaks at The View’s Admin and Developer conferences.
  5. 5. Has written articles for Group Computing/E-Pro Magazine.
  6. 6. Hosts the group blog at LotusUserGroup.org (blog with me!)
  7. 7. Has submitted apps to OpenNTF.org.
  8. 8. Co-hosts the 1352 Report podcast on industry news.
  9. 9. AND – I’m an administrator AND a developer! </li></ul>A great thing about developing and administrating together: You can write agents to do all your Administration tasks!
  10. 10. The Problem: <ul><li>You’re going independent and want to set up a server at home to work with…OR…
  11. 11. You want to set up a developing playground at the office…
  12. 12. BUT…
  13. 13. All the servers you’ve ever developed for have been installed and are in place already!
  14. 14. I guess you could just install the server software out of the box, but do you really want to put it live on a network like that? </li><ul><li>Here’s some great news though – ND8 > is REALLY secure out of the box. </li></ul></ul>
  15. 15. The Solution, and the Expectation: We’re going to do a full walkthrough of a Lotus Domino server install and configuration. <ul><li>WHEN YOU LEAVE, YOU’LL BE ABLE TO: </li><ul><li>Have a one-server Domino playground at your home or office and sleep easily knowing that it is secure and maintained , and independent of other servers. </li></ul><li>WHEN YOU LEAVE, YOU WON’T BE ABLE TO: </li><ul><li>Regularly maintain and run a large, multi-server mail and web environment with clustering and thousands of users. </li></ul></ul>
  16. 16. Agenda <ul><li>Install server software
  17. 17. Launch/install setup file
  18. 18. Configure the newly installed Lotus Domino server
  19. 19. Start Domino
  20. 20. Install and configure the Administrator client
  21. 21. Secure and further tweak the Domino server
  22. 22. Setup a firewall for external access to the Domino server
  23. 23. Register our test subjects. I mean, er, users </li></ul>Agenda slide
  24. 24. Table of Contents Contents can be interactive: highlight on mouse over and hyperlink to section on mouse click. <ul><li>Installing Lotus Domino
  25. 25. Administrator Client setup
  26. 26. Configuring Domino
  27. 27. Configuring a firewall for external access
  28. 28. Registering users
  29. 29. Addendum: Playing safe with existing (production) servers </li></ul>
  30. 30. Installing Lotus Domino 8.5
  31. 31. Installing Domino 8.5… <ul><li>Hardware/Software requirements </li><ul><li>Where to Find: They are always in the Release Notes which can be found at developerWorks. Unless it's a beta, and then you can find the Release Notes with the rest of the beta download. </li></ul><li>Server/Client OS communication </li><ul><li>Always test this FIRST.
  32. 32. Basic PING test is fine, but make sure they can TALK!
  33. 33. If using Virtual PC/VMware, do ping test between host and client. </li></ul></ul>PREREQUISITES
  34. 34. Installing Lotus Domino... <ul><li>THE EASY PART:
  35. 35. Download from Passport Advantage, double-click!
  36. 36. OK to accept Program Files directory name, or change. It’s your call! </li><ul><ul><li>I always change it to “C:LotusDomino”. I don't like something as important as a Domino server being buried in a file system. </li></ul></ul><li>If you ever want to use as a partitioned server, just re-install server software and CHECK the box “install Domino Partitioned Servers”.
  37. 37. The server setup type selection will depend on what license you have and what services will be installed by default. </li><ul><li>Click “customize” to turn on services you will need, such as DECS. </li><ul><li>(though you can add them later, too.) </li></ul></ul></ul>Text slide with large photo
  38. 38. Lotus Domino as a service? <ul><li>If you install Domino as a service, don't forget! </li><ul><li>You won't see the console on the desktop as it will be running in the background! </li></ul><ul><li>When you turn it on, you could have a fully-functional web or SMTP server that you may not know about. </li></ul></ul>
  39. 39. Launch & Configure “Lotus Domino Server” Icon <ul><li>Things to decide in advance:
  40. 40. Server Name </li><ul><li>Server 1, Dev, Playground, Test, etc. </li></ul><li>Organization Name </li><ul><li>/Dev, /Playground, /MyOrg, etc. </li></ul><li>Domain Name </li><ul><li>@Playground, @MyDomain, etc. </li></ul></ul><ul><li>Putting it together: </li></ul>Server1/Playground@Test, etc. Text slide with large graphic Server1/Playground… MyServer/Dev… TestServer/MyOrg…
  41. 41. A note about Naming conventions… <ul><li>A Lotus Domino domain is NOT an Internet domain. </li><ul><li>No .com, .org, etc. necessary (though possible, it WILL obfuscate and make troubleshooting more difficult)
  42. 42. Can be the same as the Org name. </li></ul><li>If this is in addition to a production server already in place, do NOT use the same Organization or Domain! </li><ul><li>All servers in the same Domino domain share key elements, such as the Domino Directory! </li></ul><li>This server should clearly be identified as a playground environment. </li></ul>
  43. 43. Configuring Lotus Domino for the first time <ul><li>This is a one-time setup dialog the first time you click the icon.
  44. 44. Set up Lotus Domino as a first server. </li><ul><li>Enter Server name, i.e.. Server1
  45. 45. Enter Organization name, i.e.. Playground
  46. 46. Enter Domain name, i.e.. MyDomain </li></ul></ul>Text slide with inset photo
  47. 47. Finalizing the initial config… <ul><li>CONGRATULATIONS!
  48. 48. Your server is now identified as </li></ul>Server1/Playground@MyDomain <ul><li>Set up network ports and services you want to use, and click “Setup” when done.
  49. 49. Domino will now create databases, and you’re ready to launch the server! </li></ul>
  50. 50. Start Lotus Domino! <ul><li>Double click the icon, and start ‘er up!
  51. 51. The first time Domino starts, it creates databases, starts services, and checks stuff like host names.
  52. 52. It may take a few minutes, and log a few errors. Just let it start! For example, it may be trying to start services whose partner databases haven’t been created yet.
  53. 53. Once it’s settled down (and the server stops sounding like a percolating coffee maker) type ‘q’ to bring down the server, and then start it up again. </li></ul>
  54. 54. Lotus Domino Administrator Client Setup
  55. 55. Callout/quote in left margin: 13pt Arial Italic, yellow R255 | G 204 | B0 Installing the Lotus Domino Administrator Client… <ul><li>The Easy Part – Download from Passport Advantage, install!
  56. 56. Don’t install this on the server. </li></ul><ul><li>During client setup, don’t forget to install ALL the clients… </li><ul><li>Notes, Designer, Administrator </li></ul></ul>Text slide with callout or sidebar
  57. 57. Launch the Lotus Notes client FIRST. <ul><li>Set up the Lotus Notes client with your new ID file before launching the Administrator client.
  58. 58. Put in the Administrator name you used and the Domino server name when you registered.
  59. 59. If you forgot the server name, go back to the console of the server! </li><ul><li>The title bar of the DOS window is the server name.
  60. 60. We won’t tell anyone. Promise. </li></ul></ul>
  61. 61. A note on client configuration… <ul><li>If you already have a Lotus Notes client on a machine you want to use, use Location/Connection documents for your Playground server.
  62. 62. Configure your Location document to automatically switch to your Playground ID file.
  63. 63. So never the twain shall meet – Configure the Connection document to only work for THAT ID file and location document. </li></ul>
  64. 64. Configuring Lotus Domino (using the Domino Administrator Client)
  65. 65. Source reference: 10pt Arial Regular, white Securing Lotus Domino <ul><li>Launch that Administrator client! </li></ul><ul><li>Verify your name is in the LocalDomainAdmins group. </li><ul><li>People & Groups Tab --> Groups </li></ul><li>Verify you are using more secure Internet Passwords. </li><ul><li>Actions-->Edit Directory Profile, make sure this field is on “Yes”. </li></ul><li>Verify ACL of Domino Directory (names.nsf). </li><ul><li>File-->Application-->Access Control, Advanced tab.
  66. 66. Maximum Internet name and password should be 'Reader', unless you want to use Web Admin, and then it should be 'Editor'. </li></ul></ul>Text slide with pie charts
  67. 67. We begin with the Server document… <ul><li>Configuration tab->Server->All Server Documents </li></ul>
  68. 68. BASICS tab <ul><li>Routing Tasks </li><ul><li>Mail Routing
  69. 69. Select SMTP routing if this is going to be an SMTP server. </li></ul><li>If creating an SMTP server, also enable the SMTP listener task. </li><ul><li>Check the status anyway - shut it off if you aren't using SMTP. </li></ul><li>Enter the Fully Qualified Internet Host name if it’s empty. </li><ul><li>If unknown, you can put the server name or leave blank. </li></ul><li>Load Internet configurations from ServerInternet Sites documents </li><ul><li>Enabled (We will make the site documents later!) </li></ul></ul>
  70. 70. SECURITY tab – recommended settings <ul><li>Full Access Administrators: </li><ul><li>Put your name explicitly in the field. </li></ul><li>Administrators: </li><ul><li>LocalDomainAdmins </li></ul><li>Run unrestricted methods, Sign agents to run on behalf of someone else, Sign agents to run on behalf of invoker, Sign script libraries: </li><ul><li>Put your name explicitly in the field, or the Xpages builder! </li></ul></ul>
  71. 71. SECURITY tab - recommended settings <ul><li>Compare public keys: </li><ul><li>Enforce key checking for all users </li></ul><li>Allow Anonymous Lotus Notes connections: </li><ul><li>No! (It’s the default anyway) </li></ul><li>Check passwords on Notes IDs: </li><ul><li>Enabled. </li></ul><li>Access server: </li><ul><li>Users listed in Trusted directories AND server name, AND LocalDomainServers
  72. 72. You can also just put in */YourCertifier, ie. */Playground. </li></ul><li>Don't forget – if you ever lock yourself out: </li><ul><li>Administration-->Full Access Administration! </li></ul></ul>
  73. 73. SECURITY tab recommended settings… <ul><li>Create databases & templates, Create new replicas, Create Master templates: </li><ul><li>You’ll make judgment calls here, just as long as your name is in there somehow. You are a developer! Use your name explicitly, or LocalDomainAdmins.
  74. 74. NOTE: I have had trouble by not putting in LocalDomainServers before, so I do it out of habit now. </li></ul></ul><ul><li>Allowed to use monitors: </li><ul><li>LocalDomainAdmins </li></ul></ul>
  75. 75. SECURITY tab – XPages additions in 8.5.1 <ul><li>Sign or run unrestricted methods and operations </li><ul><li>XPages builder should be listed here! </li></ul><li>See “Controlling agents and XPages that run on a server” in Domino Administrator 8.5.1 Help for detailed information. </li></ul>
  76. 76. Ports tab settings… <ul><li>Make sure the Net Address of your Lotus Notes Network is a reachable network name, i.e.. Computer name, host name, or IP address. </li><ul><li>This is a common gotcha for mail agents not working! </li></ul></ul>
  77. 77. Server Tasks tab settings… <ul><li>Domain Catalog tab->Domain Catalog: </li><ul><li>Enabled. The Domain Catalog is mind-bogglingly useful. </li></ul><li>Remote Debug Manager->Allow remote debugging on this server: </li><ul><li>Enabled. This IS a playground, right? </li></ul></ul>
  78. 78. Internet Protocols tab settings… <ul><li>HTTP tab->Hostname(s): </li><ul><li>Enter the hostname. If unknown, the server will use the computer’s host name. </li></ul><li>Enable Logging To: </li><ul><li>Log files: Enabled
  79. 79. Domlog.nsf: Enabled </li></ul><li>NOTE: You must create Domlog.nsf! </li><ul><li>Create a new database called Domlog.nsf based off the “Domino Web Server Log” (domlog.ntf) template in the Advanced Templates list. </li></ul><li>Save and close the Server doc! </li><ul><li>There are other settings you CAN tweak, but these are the settings you MUST tweak. </li></ul></ul>
  80. 80. Edit the Configuration document… <ul><li>Configuration tab->Servers->Configurations->Edit Configuration </li></ul>
  81. 81. The Router/SMTP tabs <ul><li>If your playground is for a home server, and you have to send outbound SMTP through your ISP.
  82. 82. Relay Host for messages leaving the local internet domain: </li><ul><li>Add your outgoing SMTP mail server here. </li><ul><li>(The same that you use for your home ISP mail accounts) </li></ul><li>In Restrictions and Controls/SMTP Inbound Controls tab: </li><ul><li>Remove * from ‘Deny messages to be sent to the following external internet domains”.
  83. 83. Add your Domino server IP address in “Allow messages only from the following internet hosts to be sent to external internet domains”. </li></ul></ul></ul>
  84. 84. MIME tab settings… <ul><li>Conversion Options tab, Inbound tab
  85. 85. Field “Use character set auto-detection if message has no character set information.” </li><ul><li>Set this to “Yes”. One little setting can solve so many potential problems! </li></ul><li>Save & close the configuration document. </li><ul><li>After making any other changes you like, of course. But these are what you NEED. </li></ul><li>Refresh the server with the new settings. </li><ul><li>At the Domino console, type “tell router update config”. </li></ul></ul>
  86. 86. Encrypting port traffic <ul><li>Server tab->Status->Ports (on the right!)->Setup
  87. 87. Click “Encrypt network data” on all used ports: </li><ul><li>TCPIP
  88. 88. LAN0tcpip </li></ul><li>This only needs to be done once, and one-way (you don't have to do it on any clients that connect to this server)! </li></ul>
  89. 89. Lastly, we need to lock down some ACLs. <ul><li>Names.nsf </li><ul><li>Set Default to ‘no access’
  90. 90. Add Anonymous with ‘no access’
  91. 91. Give LocalDomainAdmins all Roles, or check and make sure you are in explicitly. </li></ul><li>It must be said again! Lotus Notes and Domino 8.x > out of the box security is GREAT! </li></ul>
  92. 92. Create a Global Domain document <ul><li>Configuration tab->Messaging->Domains->Add Domain </li></ul>
  93. 93. BASICS tab <ul><li>Domain type: Global Domain
  94. 94. Global domain name: “Demo”, or “Playground”. </li><ul><li>This is also not to be confused with an Internet domain, ie. '.com'. It's “Playground”, not “Playground.com”.
  95. 95. This can be the same name as your Certifier and Lotus Domino domain. </li></ul><li>Global domain role: R5/R6/R7/R8 Internet Domains... </li></ul>
  96. 96. RESTRICTIONS and CONVERSIONS tab <ul><li>Lotus Domino domains and aliases: Enter your Domino domain here.
  97. 97. Local primary Internet domain: Enter any Internet domains (ie. '.com' email addresses you are using with this Domino server).
  98. 98. Save and close the document. </li></ul>
  99. 99. Performance Tweaks for Lotus Domino… <ul><li>The two major performance tweaks: </li></ul><ul><li>Using program documents to schedule maintenance for top performance, AND
  100. 100. Shutting off unnecessary server tasks. </li></ul>
  101. 101. Creating Program documents <ul><li>Configuration tab->Server->Programs
  102. 102. Three program documents, scheduled to go off tiered (2AM, 3AM, 4AM, etc.): </li></ul><ul><li>Fixup (program name) </li></ul><ul><ul><li>-L (command line. This will log all processed files to log.nsf.)
  103. 103. Fixup isn't recommended nightly (or even at all unless there is a problem) for large organizations, but for a playground server I do it. </li></ul></ul><ul><li>Updall (program name)
  104. 104. Compact (program name) </li></ul><ul><ul><li>-s 10 B (command line. This will only compact those documents whose unused space is greater than 10%. The ‘B’ is case sensitive, and will use file size reduction.) </li></ul></ul>
  105. 105. Other ways to schedule maintenance… <ul><li>Notes.ini </li><ul><li>ServerTasksAt1
  106. 106. ServerTasksAt2, etc. </li></ul><li>Program documents are WAY easier! </li></ul>
  107. 107. Shut off those pesky unused server tasks… <ul><li>What’s running, anyway? They’re pesky if I’m not using them! </li><ul><li>And, using up valuable CPU resources. </li></ul><li>Server tab->Status->Server Tasks </li><ul><li>This gives you a complete list of everything running RIGHT NOW! </li></ul><li>Common tasks you may not need! </li><ul><li>DOMWS Convert AddIn (new with R7 and needed if you are using Common Mail and Calendar portlets from Websphere Portal.)
  108. 108. HTTP (if not running web server)
  109. 109. SMTP (if not running SMTP server)
  110. 110. LDAP
  111. 111. IMAP
  112. 112. Design (if you don’t want your templates updated automatically) </li></ul></ul>
  113. 113. How do I disable them? <ul><li>Take them out of the ServerTasks lines in the Notes.ini file </li><ul><li>Edit Notes.ini manually, or
  114. 114. Use Notes.ini params in the configuration file, or
  115. 115. Edit Notes.ini WHILE the server is running on the web with Webadmin.nsf! </li></ul><li>Some tasks can only be disabled by adding Notes.ini parameters. </li><ul><li>If you only have one server, disable the Cluster replicator task for better performance: </li><ul><li>DISABLE_CLUSTER_REPLICATOR=1 </li></ul><li>If you never plan on using LDAP: </li><ul><li>DisableLDAPOnAdmin=1. </li></ul></ul></ul>
  116. 116. Identifying basic server tasks… <ul><li>The Administrator Help File contains a list of all server tasks in the section titled “Domino server tasks”. </li></ul>
  117. 117. Creating Internet Site Documents <ul><li>You can create Site documents for Web, POP3, LDAP, SMTP Inbound, and IIOP.
  118. 118. In our case, we’re setting one up for SMTP Inbound, and Web. </li><ul><li>You can have multiple site documents for each web site the Domino server is hosting, but only ONE site document for each mail protocol (SMTP, POP3). </li></ul><li>To get to Sites:
  119. 119. Configuration Tab->Web->Internet Sites </li><ul><li>“Add Internet Site”
  120. 120. “Web” </li></ul></ul>
  121. 121. SMTP Inbound Site <ul><li>Add Internet Site --> SMTP Inbound
  122. 122. Give name and description.
  123. 123. Organization should be your Certifier name.
  124. 124. “Hostnames or addresses mapped to this site”: </li><ul><li>This is the incoming DNS mapping that emails will use to get to the server.
  125. 125. If using a POP forwarder, such as PopWeasel, enter ‘localhost’ here.
  126. 126. If your emails already have an “MX” record, enter that IP address or hostname here. </li></ul><li>Save and Close. </li></ul>
  127. 127. Web Site configuration <ul><li>Add Internet Site --> Web
  128. 128. Give name and description.
  129. 129. “Hostnames or addresses mapped to this site”: </li><ul><li>This is the incoming hostname or IP address that is used to get to the site. </li><ul><li>If using SSL, this must be an IP address!
  130. 130. (To set up SSL, see the Domino Administrator Help File, “Setting Up SSL on a Domino Server”.) </li></ul></ul></ul>
  131. 131. Configuration Tab (Web site) <ul><li>Home URL: </li><ul><li>This is the default URL of the database to go to when the hostname or IP address you put in the previous field is entered into a browser.
  132. 132. Examples: </li><ul><li>portal.nsf/Welcome?OpenForm
  133. 133. Mail/mymailfile.nsf </li></ul></ul></ul>
  134. 134. Lotus Domino Web Engine tab (Web Site) <ul><li>Session Authentication: </li><ul><li>Single Server (enables cookies for a single server for logon use). </li></ul><li>Save and Close.
  135. 135. A note about home office playgrounds and web servers… </li><ul><li>Many ISPs block incoming port 80. You can change the default port from ’80’ to something like ‘8081’:
  136. 136. Server document->Ports tab->Internet Ports tab->Web:
  137. 137. TCP/IP Port Number: Change 80 to 8081.
  138. 138. Issue console command “Tell http restart” </li></ul></ul>
  139. 139. Customizing the Login Form: <ul><li>To customize the login form for Single Server authentication, create the Domino Web Configuration database. </li><ul><li>File->database->New
  140. 140. Template server: Your playground server (show advanced templates)
  141. 141. Use template: Domino Web Server Configuration
  142. 142. Title the database “Domino Web Configuration”, with the filename “Domcfg.nsf”. (these aren’t negotiable  )
  143. 143. Make sure the ACL contains an entry for Anonymous with Reader access. </li></ul><li>To create your own custom form, Add ‘Sign-In Form Mapping’: </li><ul><li>Change target database and form. </li><ul><li>Or, simply modify the existing CustomLoginForm. </li></ul></ul></ul>
  144. 144. Configuring a Firewall for External Access
  145. 145. Prerequisites (things to have handy): <ul><li>The IP address of the Domino server.
  146. 146. The Username and passwords to get into the Firewall or Router.
  147. 147. The ports of the server tasks you have open. </li><ul><li>Easiest way is to go to the Server Tasks view and in Activity, look at “Listen for connect requests on TCP Port:80”…
  148. 148. You don't have to do this if they aren't accessible outside your internal network. </li></ul></ul>
  149. 149. Common Ports: <ul><li>POP3: 110
  150. 150. SMTP: 25
  151. 151. Notes Client: 1352
  152. 152. HTTP: 80
  153. 153. HTTPS (SSL): 443
  154. 154. LDAP: 389
  155. 155. Sametime: 1516 </li></ul>
  156. 156. Enabling Port Forwarding on the Firewall <ul><li>Log into your router or firewall. </li><ul><li>Web interface, commonly 192.168.1.1 </li></ul><li>Look for “Port Range Forwarding” or “Port Forwarding” </li><ul><li>Give your forwarders clear names, such as “DominoWeb”, “DominoSMTP”.
  157. 157. Set the Start and End range (they can be the same).
  158. 158. Set the IP address to the IP address of the Domino Server.
  159. 159. Do this for each port/service you need! </li></ul></ul>
  160. 160. Registering Users
  161. 161. Lots of users – Use a text file! <ul><li>A text file can help you mass register lots of users at once. </li><ul><li>In Administrator Help, See “Registering users from a text file”. </li></ul><li>For time restraints, we are not going to create mail files along with our test users. </li><ul><li>It takes a lot longer to register users!
  162. 162. And, it will take up a lot of hard drive space too, if this is a home machine.
  163. 163. You can always create one and link it later to a person doc! </li></ul><li>Remember, the Golden Rule of Geek Test Subjects: </li><ul><li>The more obscure reference the test names, the cooler you will appear to your colleagues!  </li></ul></ul>
  164. 164. Some good sources for test names: <ul><li>Comic book characters.
  165. 165. Cancelled 80’s TV shows.
  166. 166. Hitchhiker’s Guide characters. </li></ul>Why? Because cool names = cool playground = people will think you’re cool. 
  167. 167. Excel tips for quick “test subjects”… <ul><li>Online D&D character name generator results can be cut and pasted into Excel columns. </li><ul><li>Seriously!!
  168. 168. Create an Excel spreadsheet with two columns: </li><ul><li>first name and last name. </li></ul></ul><li>We will end up with a total of four columns. </li><ul><li>First name, last name, password, and ID file name. </li></ul><li>To concatenate first letter of first name and last name in a column: </li><ul><li>Use the cell formula =LEFT(A1,1)&B1 in a new column.
  169. 169. Paste the values all the way down the entire column. Instant passwords!
  170. 170. Use =LEFT(A1,1)&B1&1 to add ‘1’ if a number is required.
  171. 171. For the name of the ID file, use =LEFT(A1,1)&B1&”.id” </li></ul></ul>
  172. 172. Creating the Text file, continued… <ul><li>Save your Excel file as .CSV
  173. 173. Rename the extension to .TXT
  174. 174. Open the text file (in Notepad).
  175. 175. Find and replace all ‘,’ with ‘;’.
  176. 176. Our text file is complete! </li></ul>
  177. 177. Registering users… <ul><li>People & Groups tab->People->Register (toolbar on the right)
  178. 178. Choose cert.id
  179. 179. Click ‘Advanced’
  180. 180. Mail System field: Choose ‘none’. </li><ul><li>We will create mail files when needed. </li></ul><li>Create and choose your directory if necessary for storing ID files. </li><ul><li>Local to the LotusNotes directory!
  181. 181. Choose the directory! </li></ul><li>Click ‘Import Text File’
  182. 182. Click “Register All” </li></ul>
  183. 183. Addendum: Playing safe with existing (production) servers
  184. 184. How Domino servers can be connected: <ul><li>On the same Domino Domain </li><ul><li>This means they share ONE Domino Directory (names.nsf)
  185. 185. Connection documents are normally not needed here… </li></ul><li>On the same Notes Named Network </li><ul><li>Connection documents aren’t needed here, either. </li></ul><li>On the same Domino Domain, but different NNN </li><ul><li>Connection documents must be in place! </li></ul><li>On different Domino Domains </li><ul><li>The servers must be cross-certified, and connection documents must be in place.
  186. 186. For mail routing scenarios, Adjacent Domain documents are needed, too. </li></ul></ul>
  187. 187. Domino servers in a domain share the following files: <ul><li>The Domino Directory: </li><ul><li>Names.nsf </li></ul><li>The Administration Process </li><ul><li>Admin4.nsf </li></ul><li>The Certification Log </li><ul><li>Certlog.nsf </li></ul><li>All Domino servers in the same domain share these databases that gets replicated around to each server. </li><ul><li>Most likely, these are exactly the databases you’ll be modifying when you start “Playing”. </li></ul></ul>
  188. 188. One domain, same NNN No connection documents required! DomainA NNN A Domino Directory A names.nsf
  189. 189. One domain, two Notes Networks: Connection document required to route between NNN. DomainA NNN A NNN B two connection docs Domino Directory A names.nsf
  190. 190. Two domains, two NNN. Cross-certification & connection docs required cross-certification connection docs DomainA NNN A Domino Directory A names.nsf DomainB NNN B Domino Directory B names.nsf
  191. 191. How do I play safely with existing databases I want to change? <ul><li>Bring COPIES, *not* replicas over to your playground server of production databases you want to start playing with.
  192. 192. Make sure your server is on a different: </li><ul><li>Domain
  193. 193. Certifier
  194. 194. Notes Named Network </li></ul></ul>
  195. 195. Contact me with questions! (good jokes always accepted graciously, too) JESS STRATTON SOLACE EMAIL: jstratton@solacelearning.com BLOG 1: www.mattandjess.net BLOG 2: www.momelettes.com Twitter: @NerdGirlJess
  196. 196. Your turn!
  197. 197. Legal Disclaimer © IBM Corporation 2011. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. obe Systems Incorporated in the United States, and/or other countries. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. <ul><li>All references to Solace rr efer to a fictitious company and are used for illustration purposes only. </li></ul>

×