Lotus Admin Training Part I


Published on

Introduces the essential technical concepts and Domino environment required for the administration. Also outlines the responsibilities of the System Administrator.

Reference: Lotus Domino Admin Help

Published in: Technology, Business
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Lotus Admin Training Part I

  1. 1. Lotus Domino Admin Training Essential Concepts (c) Sanjaya Kumar Saxena Introduces the essential technical concepts and Domino environment required for the administration. Also outlines the responsibilities of the System Administrator. Reference: Domino Admin Help
  2. 2. Directory and Directory Services Printed directories, alphabetical or classified lists of resources containing names, locations and identifying information, are important information tools in the provision of library services. Most often these are directories of people and organizations, listing inhabitants of a specified locality (e.g., a city directory), users or clients connected with a particular profession or occupation (e.g., a directory of manufacturers), or those who subscribe or use a particular service (e.g., a telephone directory). In a LAN or WAN, this directory information may be used for e-mail addressing, user authentication (e.g., logins and passwords), or network security (e.g., user-access rights). A directory may also contain information on the physical devices on a network (e.g., PCs, servers, printers, routers and communication servers) and the services available on a specific device (such as operating systems, applications, shared-file systems, print queues). This information may be accessible to computer applications and users. The users of the directory, including people and computer programs, would be able to read or modify the information or parts of it, as long as they had the authorization to do so. This idea grew into the definition of X. 500. ‣ List of Resources ‣ Used for Locating Resources ‣ Typical examples are: • Yellow Pages • Telephone Directory Inquiry Services notes
  3. 3. notes X.500 Functions During the 1980s, the growth in implementations of wide area network communication forced the deployment of a new set of networking protocols called open system interconnection (OSI). OSI presented a seven layer model of communications. Part of the standards developed by CCITT is a definition of generic directory service. CCITT defined the first X.500 standard in 1988, which then became ISO 9594, Data Communications Network Directory, Recommendations X.500/X. 521 in 1990, though it is still commonly referred to as X.500. ‣ Provide a global, unified naming service for all elements in a network ‣ Translating between network names & addresses ‣ Provide description/attributes of all objects in a directory ‣ Provide unique names to all objects in a directory
  4. 4. X.500 Directory Information Base For example, unique id for Sanjaya Kumar Saxena working in technical dept. at ACME Systems in India will be: CN=Sanjaya K Saxena, OU=Technical, O=ACME Systems, C=IN ‣ DIB is organized in a tree structure known as Directory Information Tree (DIT) notes
  5. 5. X.500 Accessing DIB The Directory Access Protocol (DAP) defines how DUAs get access to the information stored in DSAs. A Directory Service Protocol (DSP) is used between two DSAs to query user information lookups over multiple DSAs. A set of one or more DSAs and zero or more DUAs managed by a single organization may form a Directory Management Domain (DMD). A DMD may be an Administration DMD (ADDMD) or a Private DMD (PRDMD), depending on whether or not it is being operated by a public telecommunication organization or by service provider. DSA DSA DSA DUA DUA DUA User User DSP DAP notes
  6. 6. LDAP LDAP evolved as a lightweight protocol for accessing information in X.500 directory services. It has since become independent of X.500. LDAP runs over TCP/IP rather than the OSI protocol stack. The functional model of LDAP is simpler compared to X.500. LDAP defines the content of messages exchanged between an LDAP client and an LDAP server. The messages specify the operations requested by the client (for example search), the responses from the server, and the format of data carried in the messages. LDAP messages are carried over TCP/IP, a connection- oriented protocol; so there are also operations to establish and disconnect a session between the client and server. LDAP typically defines operations for accessing and modifying directory entries such as: • Searching for entries meeting user specified criteria • Adding an entry • Deleting an entry • Modifying an entry • Modifying the distinguished name or relative distinguished name of an entry (move) • Comparing an entry ‣ Lightweight Directory Access Protocol ‣ Based on X.500 DAP • But the light weight version - Uses TCP/IP instead of OSI - Simple protocol and functional model - Esoteric capabilities dropped ‣ LDAP V2 finalized in 1995 ‣ LDAP V3 recently released • RFC 2251-56 notes
  7. 7. LDAP Models Information Model describes the structure of information stored in an LDAP directory. Naming Model describes how information in an LDAP directory is organized and identified. Functional Model describes what operations can be performed on the information stored in an LDAP directory. Security Model describes how the information in an LDAP directory can be protected from unauthorized access ‣ Informational Model • Directory composed of objects/entries • Object/entries organized hierarchically • Each object/entry has one or more attributes • Each attribute has one or more value • Schema define object classes to categorize them ‣ Functional Model • Authentication Operations: Anonymous, User id, Clear- text password • Interrogation Operations: Search, Compare • Update Operations: Add, Delete • Modify notes
  8. 8. LDAP - More Concepts ‣ Chaining • Server forwards requests and returns to clients ‣ Referrals • Server returns referral information to client ‣ Replication • No industry standard yet, Domino is the leader
  9. 9. LDAP Usage ‣ Internet Mail ‣ White/Yellow Pages Lookup ‣ PK Management ‣ Policy based management in networks ‣ Directory Synchronization
  10. 10. Dual Key Encryption ‣ Issues Resolved • Communicating keys • Change Management • Degree of Security E MESSAGE #$%&*@! D#$%&*@! MESSAGE Secret (or Public) Key Public (or Secret) Key From ancient times until 1976 there was only conventional cryptography, which uses the same key to both scramble (encrypt) and unscramble (decrypt) information. It has following issues: • Communicating keys • Managing large number of keys • Change Management • Degree of Security • Authentication of sender • Integrity of message One key is designated as SECRET(Ks) and the other as PUBLIC(Kp). Dual key cryptography is based on two keys, a private key and a public key. Single key cryptography is a one key system for both locking (encrypting) and unlocking (decrypting) a message, whereas dual key (or public key) cryptography uses different keys for locking and unlocking. In public-key systems, one key can be kept private or secret while the other key is made public; knowing the public key does not reveal the private or secret key. notes
  11. 11. Digital Signatures As illustrated, to create a fixed length digital signature sender uses a hashing function that converts a message of any length to the same fixed length hash, or digest, of the message. The Secure Hash Algorithm (SHA) is a known hash function that is part of the Digital Signature Standard. This hash of a message is like a "fingerprint" of the message in that it is practically impossible for two distinct messages to result in identical hashes of these messages. After creating a hash of the message, sender then applies his/her secret key to the hash to create her digital signature for this message. E MESSAGE D-Signature + Your Secret Key # MESSAGE D-Signature HASH A notes
  12. 12. Digital Signatures Verification Receiver uses sender’s public key to convert the digital signature to the hash that sender had computed for his/her message. Next, receiver takes the plaintext message that he had received and applies the same hash function to it and gets the hash of the received message. If the hash of the received message is identical to the hash obtained by using sender's public key to convert the digital signature, then receiver has authenticated sender's digital signature and verified the integrity of the signed message. ‣ Issues Resolved • Ensure integrity of message • Authenticate Senders ‣ Plus • Practically impossible to counterfeit • Easy to verify D Your Public Key # MESSAGE D-Signature { } HASH HASH Same ? } Verified Not Verified A notes
  13. 13. Certificate Concepts However, we still need to know, without doubt, that the owner of a public key is who he claims to be. This involves the intervention of a disinterested, trusted third party that binds a public key to an individual or entity that it has positively identified. This binding mechanism is know as a digital certificate. A digital certificate can be considered analogous to a passport. Like a passport, a certificate serves as a credential; it contains information that establishes an individual's identity, along with a unique identifying number. It is an electronic credential that contains specific identification information-name, address, and company-along with the individual's public key. With a passport, information is verified and sealed by a government (a trusted authority) so that it is tamper-proof. The government seal attests to the binding of the individual and the passport number. A digital certificate is a non-forgeable, tamper-proof electronic document that attests to the binding of an individual's identity with his or her public key. The information contained in the certificate is verified and sealed with the digital signature of a trusted third party, know as a Certificate Authority (CA). To solve this problem, the United States Postal Service (USPS) is planning certificate services for these digital signatures. ‣ Like Passport or Driving License ‣ Must exist an Issuing Authority ‣ Certificate and Certification Authority (CA) Certificate NAME PUBLIC KEY EXPIRY DATE ISSUER ID OTHER ATTRIBUTES CA’s DIGITAL SIGNATURE notes
  14. 14. Certificates Establishing Secured Transaction Certificates along with digital signatures can be used to establish a secured transaction between two resources without putting any thing confidential in plain text on the wire. Remember, server and requester are two networked resources. For example, one can be user workstation and another can be a mail server. ‣ Validate by • Establishing Trust - Certificates are exchanged - after masking private data, if any - By Comparing the certificates - Trust the public key, if the two have common certifier - Possible in hierarchical situation ‣ Authenticate by • Challenging each other - Requester generates a random # and challenges the server to sign it - Server signs and sends it back - Requester verifies the signature - Same process repeats for server also - If both can verify, authentication is successful notes
  15. 15. Internet Mail Addressing This was designed for ASCII text (7- bit) messages only. To send and receive 8-bit data UUENCODE and UUDECODE was used. POP3 is essential for dial-up connection to the mail server (when IP address is usually assigned dynamically). SERVER CLIENT REMOTE CLIENT ssaxena@me.com domainmailbox Domain gets translated in to an IP address by DNS notes
  16. 16. Internet Mail Mime ‣ Multipurpose Internet Mail Extension ‣ Does not change SMTP ‣ Allows sending of - Audio - Video - Image - Application - HTML
  17. 17. POP & IMAP ‣ POP • Retrieve Messages • Delete Messages • Not for sending mail ‣ IMAP • Retrieve Messages • Delete Messages • Organize Messages on server • Add Messages • Disconnected client can sync with server • Not for sending messages
  18. 18. High Availability - An Introduction ‣ Eliminating • Downtime - Planned - UnPlanned • Single Point of Failure (SPOF) • Fault Resilience - Not fault tolerant ‣ Possible Strategies • Hardware Level with OS Support - HACMP of RS/6000 • Operating System Level - Microsoft Cluster Service (MCS) • Application level - Domino
  19. 19. Domino Environment Basic Terminology ‣ Domino =Server ‣ Notes = Client ‣ Application = Database ‣ Database = Record ‣ Item = Field ‣ View = Record Set ‣ Form = UI with template with BI records ‣ Replication = optimised information dissemination ‣ Objects = AWT, SWING,... ‣ Mail = Another Special database ‣ Agent = Customer code, triggered against events
  20. 20. Domino Environment Components ‣ Domino Server ‣ Client Client communicates over the Network with Domino Server; System Administrator sets them up and manages it. Lotus Domino lets people access, track, share, and organize information in several useful ways, even if they are occasionally connected to a network. It comprises of a set of databases that reside along with an excellent messaging infrastructure. Leveraging the distributed storage & messaging features, the integrated rapid application development environment provided by Domino/Domino enables rapid application development & deployment of strategic enterprise- wide business applications. Domino applications are nothing but Domino databases. Domino databases contain semi-structured records, called documents. Domino comes with many type of design elements which are used to create a range of applications. The Domino integrated rapid development environment is the single interface to all Domino application design elements. However, Domino is not a relational database. This is a key distinction since Domino does not provide capabilities usually associated with RDBMS, like referential integrity, real time access to data, locking record or table. In fact, Domino & RDMS are complementary. Domino seamlessly integrates with Internet and follow Internet standards and open standards like servlets, JSP, XML, SMTP, POP3/IMAP, etc. notes
  21. 21. About Domino Server ‣ Stores database that end-users share ‣ Perform mail routing & delivery ‣ Replicates databases across servers ‣ Ensures database security ‣ Manages calendar information ‣ Runs additional server tasks Domino server runs under a NOS such as Microsoft NT, LINUX, etc. You should try to avoid running file services together with Notes server for these reasons: • Security may be compromised if Notes data directories are inadvertently shared; • Performance of one service may suffer because of other service; • Stability of one service may be affected by the other service. notes
  22. 22. Domino Server Classification ‣ Mail Server (Domino and / or SMTP) ‣ Database/Application Server ‣ Passthru Server ‣ Hub Server ‣ Backup Server ‣ Gateway Server ‣ Search Server ‣ Clustered Server ‣ Partitioned Server Mail servers store user mail databases and route mail across the network. Mail servers also maintain the Free Time databases and process free time queries for Calendar system. Database/Application servers store application databases such as discussions, tracking, and online documentation databases. Passthru servers acts as a stepping stone allowing user to connect to a server without worrying for routing steps required to make the connections. Hub servers are used to route mail & replicate databases among other hub servers or spoke machines. Backup servers are used to store database replicas that are critical to users, which can be easily backed up on tape instead of performing backup on different servers. Gateway servers connect to non- Notes systems, for example fax. Search servers that provide users with the ability to perform searches across all servers in a domain. Clustered servers provide users with constant access to data by giving automated load-balancing and failover. Partitioned servers run multiple instances of the Domino server on a single computer. notes
  23. 23. About Notes Client ‣ Provide GUI to end-users ‣ Client/Server Operation ‣ Allow access to Domino Mail ‣ Lets end-user run Domino Applications • Applications are Domino Databases ‣ Lets Designers develop Domino Applications ‣ Lets Administrator manage Domino Applications and Servers ‣ Replicates changes from local copy to server
  24. 24. Notes Client Classification by Usage ‣ Mailing ‣ Collaboration ‣ Designer ‣ Administration
  25. 25. System Administrator Responsibilites ‣ Plan new Domino Systems and Upgrades ‣ Deploy Domino Systems ‣ Maintain databases, servers, clients, connections... ‣ Monitor Domino System Performance ‣ Perform ongoing Administrative tasks ‣ Manage Certification & Control Security ‣ Troubleshooting Planning Domino System Topology - connecting Notes servers physically & logically to provide optimum communication including mail routing & replication. Organizational structure - outlining a method for organizing & naming servers & users. Calendar System - set-up Notes scheduling based on organization structure. Security Policy - to prevent unauthorized access of information. Internet – SMTP Mailing & Application Server planning, setup, and security including integration with firewall/ reverse proxy Supporting Notes End-user Notes, System Administration, Application Development training End-user support Troubleshooting server, network, mail routing, replication problems Developing Administrative Processes Server Processes - Naming convention, backup/restore policy, standard configuration Support Processes - In-house support & problem escalation methods to Lotus authorized support General Admin Processes - User registration, adding databases including resource databases & their admin, centralized vs. decentralized control, monitoring servers & network, other regular admin tasks notes
  26. 26. How Domino Communicates ‣ Over LAN and/or WAN ‣ Intermittently through • Dial-up Connection • Remote LAN services - Eg. Microsoft Remote RAS/DUN • Combination of the two ‣ Notes Named Network (NNN) Domino server and workstations are connected over a network. Server-to- Server and workstation-to-server can be connected all the above methods. You can even extend your Notes Network to allow workstations and servers to communicate with each other over the Internet. This is very useful to mobile users who visit places where corporate network in not present but Internet is available. The Domino Server Setup program automatically places all servers that are in a Domino domain and that run the same network protocol in the same Notes named network (NNN). In the Server document, the setup program assigns each NNN a default name in the format port name network. notes NNN is a group of servers that can connect to each other directly through a common LAN protocol and network pathway. Servers on the same NNN route mail to each another automatically, whereas you need a Connection document to route mail between servers on different NNNs.
  27. 27. Notes Named Networks Benefits ‣ Encourage users to access Servers that are close to them ‣ Simplifies Administrative Tasks • Managing Replication • Managing Mail Routing One of the key reasons for NNN creation based on physical/logical grouping is to promote users to access servers that are close/relevant to them and to discourage accessing the servers that are remote (and therefore more expansive to access). This happens, when a user chooses File - Open Database, the list of servers contains the servers of his NNN only. The user has to explicitly mention the server that is not there in his NNN. Mail routing takes place automatically in a NNN, without a requiring connection document to determine a routing path. For replication, a NNN can easily fit into a hub-and-spoke topology, where all the servers of a NNN are spokes of a hub server. notes
  28. 28. Factors Influencing Choice of NNNs’ ‣ Servers in one location with a single protocol ‣ Servers in multiple location with a single protocol • Cost of communication involved across locations ‣ Logical grouping of servers ‣ Servers that run more than one protocol ‣ Mail routing and replication issues Some ideas for deciding the NNNs: Based on departments/division/ locations within your organization that need to communicate frequently should be in same NNN to enable faster mail routing. Based on communication costs to discourage users accessing the servers without explicit need and to schedule mail routing at off-peak hours. Mail routing is a resource intensive task, therefore it is recommended to have a relatively large server designated as mail server in each NNN. Servers running multiple protocols may be part of several NNNs based on connection type and communication costs. This is required for mail routing & replication. notes
  29. 29. Domino Domain Definition ‣ Organization of Servers for • Administrative Boundary • Security Boundary • Unit of Mail Topology • Unit of Replication Topology ‣ Can be of varying sizes • Numbers of servers/users A Domino domain is a group of Domino servers that share the same Domino Directory that is the control and administration center for Domino servers in a domain. The Domino Directory contains, among other documents, a Server document for each server and a Person document for each Notes user. notes
  30. 30. Domino Directory Definition ‣ Stores information about the domain • Users, Servers, Groups... • Administration & Control of the domain - Replication & Mailing thru ‘connection doc’ - Scheduled server tasks ‣ Contains documents for • Certificates, Config settings, Connection, Domain, Group, Person, Program, Resource, Server location.. The Domino Directory (earlier referred to as the Public Address Book or Name and Address Book) is a database that Domino creates automatically on every server. The Domino Directory is a directory of information about users, servers, and groups, as well as custom entries you may add. Registering users and servers in a domain automatically creates corresponding Person documents and Server documents in the Domino Directory for the domain. These documents contain detailed information about each user and server. The Domino Directory is also a tool that administrators use to manage the Domino system. For example, administrators create documents in the Domino Directory to connect servers for replication or mail routing, to schedule server tasks, and so on. When a server runs the LDAP service, the Domino Directory is accessible through the Lightweight Directory Access Protocol (LDAP). Typically, a Domino Directory is associated with a Domino domain. When you set up the first server in a Domino domain, Domino automatically creates the Domino Directory database and gives it the file name NAMES.NSF. When you add a new server to the domain, Domino automatically creates a replica of the Domino Directory on the new server. You can also create a Domino Directory manually from the PUBNAMES.NTF template and use it as a secondary directory to store, for example, entries for your Internet users. notes
  31. 31. Domino Directory Additional Services ‣ Directory Catalog • Consolidate key info from Domino Directory(s) in to small/light-weight DB • Mobile Directory Catalog • Directory Assistance - Manage name lookups from multiple Domino and/or third party LDAP directories • LDAP Service - LDAP V3 complaint server Directory catalog is an optional directory database that typically contains information aggregated from multiple Domino Directories. Clients and servers can use a directory catalog to look up mail addresses and other information about the people, groups, mail-in databases, and resources throughout an organization, regardless of the number of Domino domains and Domino Directories the organization uses. A directory catalog includes the type of information that is important for directory services, and excludes other types of information that are part of a Domino Directory, for example Domino configuration information, such as information in Connection documents. Directory assistance is a feature a server can use to look up information in a directory other than a local primary Domino Directory (I.e. NAMES.NSF). You can configure directory assistance to use a particular directory for services like Client authentication, Group lookups for database authorization, Notes mail addressing, and LDAP service searches or referrals. A Domino directory is a directory created form the PUBNAMES.NTF template and accessed via NAMELookup calls. Servers can use directory assistance to do lookups in either local or remote replicas of a Domino directory. notes
  32. 32. Additional Services Comparison
  33. 33. Notes IDs Definition ‣ Unique binary file that identifies a legitimate Domino user or server and contains: • Name of the ID owner • Domino ID number • A Public key & a Private key • One or more encryption keys (optional) • A password (recommended) • One or more certificate License type Name of the ID owner identifies the user or server by name. Notes ID number identifies a user as having legitimate use of Notes. The ID number is permanently associated with the User ID and cannot be changed. A public key and a private key a string of numbers used during authentication and to decrypt mail messages. Notes also stores a copy of each user's public key in the Public Address Book. Encryption keys a string of numbers used to encrypt and decrypt fields in a document. Users distribute these keys to other users to ensure that only intended recipients can read a document. Password an optional security feature to protect the ID from unauthorized use. Certificates a certificate, issued by a certifier, that verifies the association between the name of a given user, server, or another Notes certifier and its associated public key. A Notes server or user ID can have one or more certificates. The way that flat IDs and hierarchical IDs collect certificates is very different. License type identifies a user as having legitimate use of Notes. notes
  34. 34. Notes ID - More Details ‣ Classification • User ID • Server ID • Certifier ID ‣ Naming Conventions • Domain name should be a single word containing up to 31 characters. Do not use period (.) in a domain name. • Organization name is the name of Certifier ID and is appended to all users & server names.The name can be up to 64 characters. Usually the organization name is same as the domain name, and there is only one organization in a domain. • NNN name can be up to 31 characters. • Server names can be up to 79 characters. It can have any character except “(“, ”)”, ”@”, ”/”, ””, ”=“, “+”. Choose a name you want to keep. Changing a server name involves recertifying the server ID and changing the name in the Server document, Group documents, ACLs, and Connection documents. Choose a name without a space. When you use server console commands, you must use quotation marks around a server name containing spaces. Keep in mind that replication and mail routing tasks are usually performed based on numeric rather than alphabetical order. For example, in the case where the router is faced with multiple choices for a routing path, Notes routes mail to the server 01Finance before routing to the server Accounting, and it routes to Accounting before routing to the server Research. A server name can contain up to 79 characters, but in certain networks the first several characters must be unique in order for the network to identify the server. With NetBIOS, the first 15 characters must be unique; with AppleTalk, the first 32 must be unique; and with SPX, the first 47 must be unique. notes
  35. 35. Connecting Domino Servers ‣ Key step in Domino System planning/ deployment; required for • mail routing • replication • calendar system ‣ Define application level topology An important part of planning a Notes deployment is deciding how to arrange interconnections of servers and workstations to achieve the most effective use of Notes in your organization. At this point, you should not confuse with layer 1 or layer 2 topology or interconnection schemes. Here, the attempt is to define the application level topology. notes
  36. 36. Domino Topology Classification ‣ Hub and Spoke ‣ Binary Tree ‣ Peer-to-peer Hub-and-spoke A central server, known as the hub, replicates with spoke servers in turn. This topology is common in large sites and is the most adaptable for system growth and change. Binary tree One server replicates with two servers at a lower level, and those two replicate with two servers each, and so on, until replication is complete. Tree topology is an advantage in international organizations where distances between locations and local country issues are a consideration. Peer-to-peer Each server replicates directly with other servers. This topology is best reserved for small organizations that have only a few servers. It is the most limited in terms of adapting to system growth and change. notes
  37. 37. Hub and Spoke Topology Following are some of the advantages of hub-and-spoke topology: Connects many Domino servers in an efficient manner. Allows centralized Public Address Book administration, because the access control list of the Public Address Book lists the hub as manager and the spokes as readers, requiring only a one­way connection (the hub calls the spokes). Facilitates mail routing and database replication across multiple LANs and over WANs. For example, if your organization uses more than one protocol, you can install multiple protocols on the hub servers so that users running different protocols have a way of communicating with each other. Most intra­domain transactions on the LAN are a maximum of two hops away, for example, server to hub to server. Mail routing is peer-to-peer in the same domain, and all mail servers in this configuration are only one hop away. A hub can be used to bridge two networks running different protocols if the hub server runs both protocols. Can be designated as mail hubs or replication hubs. Mail­only hubs can be used to route mail to different domains or gateway servers while replication hubs can perform scheduled replications. Following are some disadvantages of a hub-and-spoke sequence: Network traffic increases on the LAN segment to which the hub is attached. If you have too many servers (more than 25 servers per hub), you might need to establish tiers of hubs, which could require several dedicated servers. In the event of a hub failure, all replication is disabled until the hub is replaced or repaired.notes
  38. 38. Binary Tree Topology Binary tree topology arranges servers in a pyramid configuration where one server replicates with two servers on the next level down, and those two replicate with two more, and so on. Servers at the top of the pyramid replicate with each other after they have finished replicating with the servers beneath them. Because of the time required for information to travel from the top of the pyramid to the bottom, this topology is generally less efficient than hub-and-spoke. Binary tree topology works well in international organizations where distances between locations and local country issues are a consideration. notes
  39. 39. Domino Policies ‣ Registration ‣ Desktop ‣ Mail ‣ Setup ‣ Security ‣ Mail Archiving Registration settings set default user registration values including user password, Internet address format, roaming user designation, and mail. Desktop settings update the user's desktop environment or reinforce setup policy settings. Mail settings set and enforce client settings and preferences for mail and for Calendaring and Scheduling. Setup settings are used during the initial Notes client setup to populate the user's Location document. Setup settings include Internet browser and proxy settings, applet security settings, and desktop and user preferences. Security settings define administration ECLs and password-management options, including the synchronization of Internet and Notes passwords. Archive settings control mail archiving. Archive settings control where archiving is performed and specify archive criteria. notes