AdminP is an elementary server task for your IBM Lotus Domino Administration. This session explains which administration processes are available and how those can make your day-to-day administration tasks easier. We will cover the best practices for setup and troubleshooting using AdminP, in projects like recertifications and server consolidations.
HCL Domino V12 Key Security Features Overview hemantnaik
Domino 12 introduces several new security features, including improved TLS certificate management, enforcement of internet password lockouts based on IP address, and support for forward secrecy in NRPC encryption and TLS 1.2 ciphers using new elliptic curves. A new Certificate Manager server task automates requesting, configuring, and renewing certificates from Let's Encrypt to improve certificate management. Internet password lockouts can now be enforced based on failed login attempts from IP addresses. NRPC encryption and TLS 1.2 ciphers add support for forward secrecy using the X25519 curve for improved security of long-term secrets.
From frustration to fascination: dissecting ReplicationBenedek Menesi
1.) The presenters will discuss replication in Domino/Notes, including the replicator server task, connection documents, and cluster replication.
2.) Connection documents control replication between servers by specifying which databases and documents are replicated. They also define replication settings like type and schedule.
3.) Cluster replication uses in-memory replication to synchronize databases across cluster members in real-time. It disregards selective replication formulas. Traditional replication is still needed as a backup.
Admin Tips In 60 Minutes
In this high speed session I take you through the best admin tips for Domino, Notes, Sametime, Traveler and more. From notes.ini values, to server configuration settings and valuable customisations.
Some tips will be new to v10 and some have been around but rarely used for years.
Whatever your experience there will be something new for you to take away and enjoy.
Presented at Engage.ug in Brussels May 2019
Important tips on Router and SMTP mail routingjayeshpar2006
This document provides tips on router and SMTP mail routing in Lotus Domino. It discusses 21 tips covering topics like ignoring location document email addresses, hiding SMTP details, setting message size restrictions, using authentication for SMTP relays, and setting mail routing priorities. The tips are presented by various IBM ICS support engineers and SWAT team members and include references to IBM support documents for additional details.
Presentation from Engage 2022 in Bruges
From day to day administration to advanced configuration from automated maintenance to running the best multi client mail server on the market, from advanced security to data access.
HCL Domino V12 Key Security Features Overview hemantnaik
Domino 12 introduces several new security features, including improved TLS certificate management, enforcement of internet password lockouts based on IP address, and support for forward secrecy in NRPC encryption and TLS 1.2 ciphers using new elliptic curves. A new Certificate Manager server task automates requesting, configuring, and renewing certificates from Let's Encrypt to improve certificate management. Internet password lockouts can now be enforced based on failed login attempts from IP addresses. NRPC encryption and TLS 1.2 ciphers add support for forward secrecy using the X25519 curve for improved security of long-term secrets.
From frustration to fascination: dissecting ReplicationBenedek Menesi
1.) The presenters will discuss replication in Domino/Notes, including the replicator server task, connection documents, and cluster replication.
2.) Connection documents control replication between servers by specifying which databases and documents are replicated. They also define replication settings like type and schedule.
3.) Cluster replication uses in-memory replication to synchronize databases across cluster members in real-time. It disregards selective replication formulas. Traditional replication is still needed as a backup.
Admin Tips In 60 Minutes
In this high speed session I take you through the best admin tips for Domino, Notes, Sametime, Traveler and more. From notes.ini values, to server configuration settings and valuable customisations.
Some tips will be new to v10 and some have been around but rarely used for years.
Whatever your experience there will be something new for you to take away and enjoy.
Presented at Engage.ug in Brussels May 2019
Important tips on Router and SMTP mail routingjayeshpar2006
This document provides tips on router and SMTP mail routing in Lotus Domino. It discusses 21 tips covering topics like ignoring location document email addresses, hiding SMTP details, setting message size restrictions, using authentication for SMTP relays, and setting mail routing priorities. The tips are presented by various IBM ICS support engineers and SWAT team members and include references to IBM support documents for additional details.
Presentation from Engage 2022 in Bruges
From day to day administration to advanced configuration from automated maintenance to running the best multi client mail server on the market, from advanced security to data access.
Domino Server Health - Monitoring and ManagingGabriella Davis
This document provides information on monitoring and managing Domino server health. It discusses analyzing and maintaining Domino server logs, using log filters, and analyzing log results. It also covers monitoring message tracking, mail probes, statistics, events, activity trends, and configuring the New Relic reporting tool. The document discusses database maintenance tasks like compacting and fixing up databases. It also discusses using the Domino Configuration Tuner tool and leveraging cluster symmetry and automatic database repairs.
In this session (reloaded for Notes V11), you will learn how easy it can be to maximize Notes client performance. Let Chris show you, what can be tuned and how to resolve the best possible performance for your Notes client infrastructure. Discover tips and tweaks - how to debug your Notes client, deal with outdated ODS, network latency and application performance issues and the measurable benefit that provides to your users. You’ll discover the current best practices for streamlining location and connection documents and why the catalog.nsf is still so important. You will leave the session with the knowledge you need to improve your Notes V11 client installations and to provide a better experience for happier administration and happier end-users!
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
While installing a new HCL Domino server is a relatively straight forward task, configuring the server properly requires knowledge. Lacking this knowledge means that several key steps may be missed resulting in a server with potential security and performance issues. Additionally there are several key features that will save you time on administration of the server. Domino server settings also affect the performance and security of custom applications. Even if you are a developer you should be aware of the options available when configuring a server.
Join our incredibly experienced presenters as they share their many years of Domino expertise. They will cover the finer details to correctly setup a Domino server environment that is optimized for performance, security and sustainable administration. Plus use this information presented in this webinar to modify and improve your existing server environment.
Presenters:
Heather Hottenstein, HCL Ambassador
Roberto Boccadoro, HCL Ambassador
Serdar Basegmez, HCL Ambassador
Additonal Panelists (Q and A)
John Paganetti, HCL
Martijn de Jong gave a presentation on Domino policies at a user conference. He began by introducing himself and his company ilionx Group, which specializes in IBM collaboration solutions. He then discussed the different types of policies in Domino, including explicit, dynamic, and organizational policies. Martijn explained how policy precedence works and how policies are implemented on both the server and client. He also covered troubleshooting policies and provided several references for further reading.
How to deliver industry standard browser security to the native Domino HTTP stack, using company-wide wildcard certificates deployed across all platforms.
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Serverpanagenda
Aufnahme: http://pan.news/20210420de
Abstract: Server sind das Rückgrat Ihrer IT-Umgebung. Deren Sicherheit ist für jeden IT-Profi von größter Bedeutung. Besonders bei Servern mit Fernzugriff wird dies zu einer heiklen Angelegenheit. Es ist ein schmaler Grat zwischen der komfortablen Nutzung auf der einen Seite und dem Schutz gegen Angreifer auf der anderen Seite.
Zu den Sicherheitsbedenken gehören die mangelnde physische Sicherheit von Geräten, die Verwendung ungesicherter Netzwerke, die ungewollte externe Verfügbarkeit interner Ressourcen und der unbefugte Zugriff aus dem eigenen Unternehmen.
HCL Domino ist eine leistungsfähige und ausgereifte Serverplattform mit einem großen Funktionsumfang. Das macht sie zwar zu einer guten Wahl für viele Anwendungen, bedeutet aber auch, dass es viele potenzielle Möglichkeiten gibt, sich angreifbar zu machen.
In diesem Webinar helfen Ihnen unsere Experten, jeden Aspekt der Absicherung Ihrer Domino-Umgebungen zu betrachten:
• Lernen Sie die Grundlagen der Domino-Server-Sicherheit kennen
• Beheben Sie Probleme mit der Standardkonfiguration und vermeiden Sie häufige Fallstricke
• Sorgen Sie für einen sicheren Zugriff über Notes-Client, HTTP oder SMTP
• Richten Sie eine Datenbank-Zugriffskontrolle für Ihre gesamte Infrastruktur ein
• Schützen Sie Ihre Server vor internen Angriffen
• Vermeiden Sie Schwachstellen, indem Sie Domino-Server und Betriebssystem auf dem neuesten Stand halten
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Christoph Adler
Created by Christoph Adler (panagenda) & Luis Guirigay (IBM)
There is always room for improvement! Maximizing the IBM Notes client and Domino server performance doesn't have to be complicated. Reloaded for the latest IBM Notes/Domino 9 version (9.0.1 Feature Pack 10 or later), join Chris and Luis to find out the best and latest performance tuning tips. Learn how to debug your clients(s) and server(s), deal with outdated ODS, network latency, application/mail performance issues and more. Improve your IBM Notes client installations to provide a better experience for happier administration and happier end users! As a special bonus, Chris will show you how to reduce the startup time of virtualized IBM Notes Clients (Citrix / VMWare / etc).
This document provides a step-by-step guide to deploying HCL Sametime Premium 12.0 on CentOS 7 using Docker. It outlines installing and configuring MongoDB, Docker, and Sametime Premium 12.0. It also describes updating the Sametime TLS certificates. The deployment is demonstrated on a single virtual machine with all components installed locally.
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
This document provides an overview of Lotus Domino Server Domain Monitoring (DDM) for administrators. DDM allows administrators to monitor servers in their domain through configurable probes that check for issues and automate corrective actions. It discusses the key components of DDM including the server collection hierarchy, monitoring configuration, probes, and filters. It also provides examples of how to set up monitoring for common scenarios like database compaction, replication, and system resources.
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
Are you looking to deploy Domino V10 but don’t know where to start? Upgrade servers or clients first? Should I upgrade the ODS? If you have questions like these, this session is for you. Get a complete understanding of the process to upgrade to Domino V10, and learn from best practices and tips from the field.
Fast. Dangerous. Always in control.
Learn the dirty secrets of the Notes Client and how you can turn them into golden features that will make you shine. You will leave the workshop equipped with new knowledge for your next Notes Client deployment and/or optimization project. You will be able to get better Notes client performance and stability by using less of the system resources, like CPU, Memory and File I/O – just because of the right tailor-made configuration of the Notes client for your very own system requirements. Get geared up for your next Notes V11 deployment with the best-practice tips to get Notes Clients deployed, configured, maintained and ‘finally’ loved by your users.
Don’t forget, IBM Notes V11 is not far away from being released.
This document summarizes how to configure Time-based One Time Password (TOTP) two-factor authentication for Domino server access without third party software. It involves using the mfamgmt command to issue certificates, enabling TOTP in the server document and vault ID policy, and configuring the web server and login form to support TOTP. Users must install an authenticator app, scan a QR code, and enter generated codes for setup and login. Admins can reset TOTP profiles from the vault ID.
Domino memory is composed of shared and private memory pools. Shared memory is available to all Domino tasks, while private memory is allocated to individual tasks. The NSF buffer pool caches frequently accessed databases in shared memory. Memory dumps and memstats reports can be used to diagnose memory leaks by identifying continually increasing memory addresses over time. The DEBUG_TRAPLEAKS and DEBUG_SHOWLEAKS parameters can help trap specific memory leaks.
Session from NCUG. Stockholm 12.06.2019.
Basic Domino Performance Tuning. Ideas how to improve performance, statistics how to get information that we have issues and how to fix them
IBM Notes Performance Boost - Reloaded (DEV-1185)Christoph Adler
IBM Notes Performance Boost - Reloaded (DEV-1185)
Maximizing IBM Notes client to performance doesn't have to be complicated! Reloaded for the latest IBM Notes 9 version, join Chris and find out what can be tuned - and how to resolve it. Learn how to debug your client, deal with outdated ODS, network latency and application performance issues and the measurable benefit that provides to users. Gather best practices on how to streamline location and connection documents and why the catalog.nsf is so important. Improve your IBM Notes client installations to provide a better experience for happier administration and happier end users! As a special bonus, Chris will show you how to increase the startup time of virtualized IBM Notes clients (Citrix / vmware / etc) up to 70%!
This document provides instructions for administering Domino clusters. It discusses how clustering works in Lotus Domino, including failover, workload balancing and the cluster components. It also provides guidance on planning, setting up, managing and monitoring Domino clusters. The document includes examples of different cluster configurations and considerations for clustering servers that run internet protocols.
- The document discusses Document Attachment Object Service (DAOS), a feature introduced in Domino 8.5 that separates attachments from documents to reduce database size and improve performance.
- Key aspects of DAOS include setting up a separate repository for attachments, enabling it on servers and applications, and benefits like reduced storage, faster tasks, and less network traffic.
- Considerations for DAOS include prerequisites, transaction logging, backup procedures, and its effects on replication and other features.
What is new in Notes & Domino Deleopment V10.xUlrich Krause
Slides for my siession at DNUG46 in Essen, Germany. 04.-05-MAY-2019.
The session was all about the new classes added in V10.x of Notes/Domino. FP2 changes are included.
This document discusses using Domino as a container in production and how to get started. It provides a history of container development and an overview of container basics. The key benefits of running Domino as a container are discussed as standardization, upgradability, and portability. A demo environment is described and the buildup of a Domino container image is explained. Instructions are provided on installing and running a new Domino server in a container, converting an existing server, and customizing or upgrading the container image.
The document provides an overview of modules for implementing advanced network services, with a focus on lessons for configuring advanced DHCP and DNS features, and implementing IP Address Management (IPAM). The lessons cover topics such as DHCP components and failover, advanced DNS settings including DNSSEC, and using IPAM to manage IP addressing, address spaces, and monitor network resources.
1. The document discusses implementing Active Directory Domain Services (AD DS) sites and replication, including configuring AD DS sites, site links, and intersite replication.
2. It describes tools for monitoring AD DS replication such as Repadmin and Dcdiag and best practices for deploying read-only domain controllers.
3. The lab scenario involves optimizing AD DS replication between a London HQ site and branch office sites in Toronto and a test site to address slow sign-ins and resource access.
Domino Server Health - Monitoring and ManagingGabriella Davis
This document provides information on monitoring and managing Domino server health. It discusses analyzing and maintaining Domino server logs, using log filters, and analyzing log results. It also covers monitoring message tracking, mail probes, statistics, events, activity trends, and configuring the New Relic reporting tool. The document discusses database maintenance tasks like compacting and fixing up databases. It also discusses using the Domino Configuration Tuner tool and leveraging cluster symmetry and automatic database repairs.
In this session (reloaded for Notes V11), you will learn how easy it can be to maximize Notes client performance. Let Chris show you, what can be tuned and how to resolve the best possible performance for your Notes client infrastructure. Discover tips and tweaks - how to debug your Notes client, deal with outdated ODS, network latency and application performance issues and the measurable benefit that provides to your users. You’ll discover the current best practices for streamlining location and connection documents and why the catalog.nsf is still so important. You will leave the session with the knowledge you need to improve your Notes V11 client installations and to provide a better experience for happier administration and happier end-users!
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
While installing a new HCL Domino server is a relatively straight forward task, configuring the server properly requires knowledge. Lacking this knowledge means that several key steps may be missed resulting in a server with potential security and performance issues. Additionally there are several key features that will save you time on administration of the server. Domino server settings also affect the performance and security of custom applications. Even if you are a developer you should be aware of the options available when configuring a server.
Join our incredibly experienced presenters as they share their many years of Domino expertise. They will cover the finer details to correctly setup a Domino server environment that is optimized for performance, security and sustainable administration. Plus use this information presented in this webinar to modify and improve your existing server environment.
Presenters:
Heather Hottenstein, HCL Ambassador
Roberto Boccadoro, HCL Ambassador
Serdar Basegmez, HCL Ambassador
Additonal Panelists (Q and A)
John Paganetti, HCL
Martijn de Jong gave a presentation on Domino policies at a user conference. He began by introducing himself and his company ilionx Group, which specializes in IBM collaboration solutions. He then discussed the different types of policies in Domino, including explicit, dynamic, and organizational policies. Martijn explained how policy precedence works and how policies are implemented on both the server and client. He also covered troubleshooting policies and provided several references for further reading.
How to deliver industry standard browser security to the native Domino HTTP stack, using company-wide wildcard certificates deployed across all platforms.
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Serverpanagenda
Aufnahme: http://pan.news/20210420de
Abstract: Server sind das Rückgrat Ihrer IT-Umgebung. Deren Sicherheit ist für jeden IT-Profi von größter Bedeutung. Besonders bei Servern mit Fernzugriff wird dies zu einer heiklen Angelegenheit. Es ist ein schmaler Grat zwischen der komfortablen Nutzung auf der einen Seite und dem Schutz gegen Angreifer auf der anderen Seite.
Zu den Sicherheitsbedenken gehören die mangelnde physische Sicherheit von Geräten, die Verwendung ungesicherter Netzwerke, die ungewollte externe Verfügbarkeit interner Ressourcen und der unbefugte Zugriff aus dem eigenen Unternehmen.
HCL Domino ist eine leistungsfähige und ausgereifte Serverplattform mit einem großen Funktionsumfang. Das macht sie zwar zu einer guten Wahl für viele Anwendungen, bedeutet aber auch, dass es viele potenzielle Möglichkeiten gibt, sich angreifbar zu machen.
In diesem Webinar helfen Ihnen unsere Experten, jeden Aspekt der Absicherung Ihrer Domino-Umgebungen zu betrachten:
• Lernen Sie die Grundlagen der Domino-Server-Sicherheit kennen
• Beheben Sie Probleme mit der Standardkonfiguration und vermeiden Sie häufige Fallstricke
• Sorgen Sie für einen sicheren Zugriff über Notes-Client, HTTP oder SMTP
• Richten Sie eine Datenbank-Zugriffskontrolle für Ihre gesamte Infrastruktur ein
• Schützen Sie Ihre Server vor internen Angriffen
• Vermeiden Sie Schwachstellen, indem Sie Domino-Server und Betriebssystem auf dem neuesten Stand halten
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Christoph Adler
Created by Christoph Adler (panagenda) & Luis Guirigay (IBM)
There is always room for improvement! Maximizing the IBM Notes client and Domino server performance doesn't have to be complicated. Reloaded for the latest IBM Notes/Domino 9 version (9.0.1 Feature Pack 10 or later), join Chris and Luis to find out the best and latest performance tuning tips. Learn how to debug your clients(s) and server(s), deal with outdated ODS, network latency, application/mail performance issues and more. Improve your IBM Notes client installations to provide a better experience for happier administration and happier end users! As a special bonus, Chris will show you how to reduce the startup time of virtualized IBM Notes Clients (Citrix / VMWare / etc).
This document provides a step-by-step guide to deploying HCL Sametime Premium 12.0 on CentOS 7 using Docker. It outlines installing and configuring MongoDB, Docker, and Sametime Premium 12.0. It also describes updating the Sametime TLS certificates. The deployment is demonstrated on a single virtual machine with all components installed locally.
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
This document provides an overview of Lotus Domino Server Domain Monitoring (DDM) for administrators. DDM allows administrators to monitor servers in their domain through configurable probes that check for issues and automate corrective actions. It discusses the key components of DDM including the server collection hierarchy, monitoring configuration, probes, and filters. It also provides examples of how to set up monitoring for common scenarios like database compaction, replication, and system resources.
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
Are you looking to deploy Domino V10 but don’t know where to start? Upgrade servers or clients first? Should I upgrade the ODS? If you have questions like these, this session is for you. Get a complete understanding of the process to upgrade to Domino V10, and learn from best practices and tips from the field.
Fast. Dangerous. Always in control.
Learn the dirty secrets of the Notes Client and how you can turn them into golden features that will make you shine. You will leave the workshop equipped with new knowledge for your next Notes Client deployment and/or optimization project. You will be able to get better Notes client performance and stability by using less of the system resources, like CPU, Memory and File I/O – just because of the right tailor-made configuration of the Notes client for your very own system requirements. Get geared up for your next Notes V11 deployment with the best-practice tips to get Notes Clients deployed, configured, maintained and ‘finally’ loved by your users.
Don’t forget, IBM Notes V11 is not far away from being released.
This document summarizes how to configure Time-based One Time Password (TOTP) two-factor authentication for Domino server access without third party software. It involves using the mfamgmt command to issue certificates, enabling TOTP in the server document and vault ID policy, and configuring the web server and login form to support TOTP. Users must install an authenticator app, scan a QR code, and enter generated codes for setup and login. Admins can reset TOTP profiles from the vault ID.
Domino memory is composed of shared and private memory pools. Shared memory is available to all Domino tasks, while private memory is allocated to individual tasks. The NSF buffer pool caches frequently accessed databases in shared memory. Memory dumps and memstats reports can be used to diagnose memory leaks by identifying continually increasing memory addresses over time. The DEBUG_TRAPLEAKS and DEBUG_SHOWLEAKS parameters can help trap specific memory leaks.
Session from NCUG. Stockholm 12.06.2019.
Basic Domino Performance Tuning. Ideas how to improve performance, statistics how to get information that we have issues and how to fix them
IBM Notes Performance Boost - Reloaded (DEV-1185)Christoph Adler
IBM Notes Performance Boost - Reloaded (DEV-1185)
Maximizing IBM Notes client to performance doesn't have to be complicated! Reloaded for the latest IBM Notes 9 version, join Chris and find out what can be tuned - and how to resolve it. Learn how to debug your client, deal with outdated ODS, network latency and application performance issues and the measurable benefit that provides to users. Gather best practices on how to streamline location and connection documents and why the catalog.nsf is so important. Improve your IBM Notes client installations to provide a better experience for happier administration and happier end users! As a special bonus, Chris will show you how to increase the startup time of virtualized IBM Notes clients (Citrix / vmware / etc) up to 70%!
This document provides instructions for administering Domino clusters. It discusses how clustering works in Lotus Domino, including failover, workload balancing and the cluster components. It also provides guidance on planning, setting up, managing and monitoring Domino clusters. The document includes examples of different cluster configurations and considerations for clustering servers that run internet protocols.
- The document discusses Document Attachment Object Service (DAOS), a feature introduced in Domino 8.5 that separates attachments from documents to reduce database size and improve performance.
- Key aspects of DAOS include setting up a separate repository for attachments, enabling it on servers and applications, and benefits like reduced storage, faster tasks, and less network traffic.
- Considerations for DAOS include prerequisites, transaction logging, backup procedures, and its effects on replication and other features.
What is new in Notes & Domino Deleopment V10.xUlrich Krause
Slides for my siession at DNUG46 in Essen, Germany. 04.-05-MAY-2019.
The session was all about the new classes added in V10.x of Notes/Domino. FP2 changes are included.
This document discusses using Domino as a container in production and how to get started. It provides a history of container development and an overview of container basics. The key benefits of running Domino as a container are discussed as standardization, upgradability, and portability. A demo environment is described and the buildup of a Domino container image is explained. Instructions are provided on installing and running a new Domino server in a container, converting an existing server, and customizing or upgrading the container image.
The document provides an overview of modules for implementing advanced network services, with a focus on lessons for configuring advanced DHCP and DNS features, and implementing IP Address Management (IPAM). The lessons cover topics such as DHCP components and failover, advanced DNS settings including DNSSEC, and using IPAM to manage IP addressing, address spaces, and monitor network resources.
1. The document discusses implementing Active Directory Domain Services (AD DS) sites and replication, including configuring AD DS sites, site links, and intersite replication.
2. It describes tools for monitoring AD DS replication such as Repadmin and Dcdiag and best practices for deploying read-only domain controllers.
3. The lab scenario involves optimizing AD DS replication between a London HQ site and branch office sites in Toronto and a test site to address slow sign-ins and resource access.
Active Directory security and compliance: Comprehensive reporting for key sec...Zoho Corporation
Active Directory security and compliance: Comprehensive reporting for key security monitoring, and alerting
1. Reports for failed logons, logon duration, and account lockout analysis.
2. Change reports to monitor user, group, OU, and object changes.
3. Real-time alerting to notify you of key security-related changes.
4. Comply with regulatory mandates at ease.
5. Build custom reports for new compliance regulations.
6. Modify the existing reports to meet the internal security auditing needs.
This document provides an overview and lessons for configuring and troubleshooting DHCP. It covers DHCP server roles, configuring scopes and options, managing the DHCP database, monitoring DHCP, and security configuration. A lab scenario tasks the user with implementing a fault-tolerant DHCP configuration across multiple offices to support network requirements.
This document provides an overview of a Microsoft course module on implementing Dynamic Host Configuration Protocol (DHCP). It discusses topics such as installing the DHCP server role, configuring DHCP scopes and options, managing the DHCP database, securing DHCP, and monitoring DHCP. The module includes demonstrations and exercises for configuring a basic DHCP server infrastructure, including creating DHCP scopes, reservations, and using a DHCP relay agent. It aims to teach students how to implement, manage, secure, and troubleshoot a DHCP server to automate client IP configuration on a network.
CREATING AND MANAGING USER ACCOUNTS.pdfSolomonAnab1
User accounts in Active Directory represent users and their access to network resources. The main tools for managing user accounts are Active Directory Users and Computers and command line utilities like DSADD and DSMOD. User authentication involves validating a user's identity through interactive or network authentication using protocols like Kerberos v5 and NTLM. User profiles store desktop configuration settings and can be local, roaming, or mandatory. Bulk import/export utilities like LDIFDE and CSVDE allow importing and exporting user data to and from Active Directory.
CTE Ottawa Seminar Day - September 7th, 2012
This clinic will cover key new features in Windows Server 2012. It will outline new management and access features for areas such as Server Manager, Active Directory and PowerShell. It will also cover storage and network improvements as well as High Availability and significant changes to Hyper-V contained within Windows Server 2012.
This clinic is intended for IT Professionals who are interested in learning about the new features and functionality in Windows Server 2012. People who are key influencers and technology decision makers in an IT organization will also be interested in attending this clinic and will benefit from gaining early insight into some of the latest technologies included in Windows Server 2012. In general, early adopters of new technology or people looking to gain early insight into new functionality in Windows Server 2012 will benefit from attending this First Look Clinic.
Year in Review: Perforce 2014 Product UpdatesPerforce
Get an overview of all the key capabilities introduced in the Perforce versioning and collaboration platform this year. This is your best chance to catch-up quickly on all our 2014 enhancements.
This document provides an overview and lessons on implementing Dynamic Host Configuration Protocol (DHCP). It discusses:
- Installing the DHCP server role and configuring DHCP scopes to assign IP addresses to clients
- Managing the DHCP database, including backing it up and moving it between servers
- Securing the DHCP server by restricting unauthorized access and monitoring the server through statistics and auditing
- Troubleshooting common DHCP issues like address conflicts and servers running out of addresses
The accompanying lab guide instructs students to set up a DHCP server and optional relay agent to assign IP addresses to new clients on a branch office network.
This document provides an overview of Active Directory Domain Services (AD DS) and instructions for installing domain controllers. It covers the following key points:
- AD DS has both logical components like domains, forests and organizational units, as well as physical components like domain controllers and global catalog servers.
- A domain controller authenticates users, authorizes access, and holds a copy of the domain database. At least two domain controllers are recommended for availability.
- Domain controllers use Kerberos authentication and the global catalog stores partial attributes for objects across forests to enable cross-forest queries.
- Installing a domain controller can be done from Server Manager, on Server Core, by upgrading an existing controller, or using install
This document provides an overview of a Microsoft Official Course on deploying and managing Windows Server 2012. The course contains 5 lessons: 1) an overview of Windows Server 2012, 2) installing Windows Server 2012, 3) post-installation configuration, 4) Windows Server 2012 management, and 5) an introduction to Windows PowerShell. It describes the objectives and topics that will be covered in each lesson, including Windows Server editions, roles, features, installation methods, domain joining, and using Windows PowerShell for administration.
This document provides an overview of System Center Orchestrator, including:
- Orchestrator allows for graphical workflow automation through custom runbooks.
- It integrates with various Microsoft products like System Center and extends to the entire Microsoft stack.
- The main Orchestrator components are the management server, runbook server, web services, and runbook designer.
- Runbooks are the core component that define workflows and activities to automate tasks.
- Additional integration packs provide connectivity to non-Microsoft products and services.
SCU 2015 - My top 10 favorite items you need to look at in WK2012R2Mike Resseler
This document outlines Mike Resseler's top 10 features in Windows Server R2 that make life easier. The features include Server Manager, PowerShell, Server Core, Hyper-V Replication, Storage Spaces, IP Address Management (IPAM), Data Deduplication, Automatic Virtual Machine Activation, Storage Quality of Service, and Hyper-V Enhanced Session Mode. Additional details and a link for more information are provided. The document concludes with a request for feedback and information on prizes for a lucky draw.
Windows Server 2012 introduces new storage features including the iSCSI Target role service, Storage Spaces, deduplication, and improvements to SMB 3.0. Storage Spaces allows the aggregation of disks into storage pools from which virtual disks can be created using mirroring or parity. Deduplication reduces the storage space used by identifying and removing duplicate data blocks. SMB 3.0 in Windows Server 2012 provides faster file sharing capabilities that can match or exceed block-level protocols like iSCSI.
Human processes and system automation work better together when integrated. Microsoft System Center Orchestrator allows users to automate IT processes across platforms through runbooks while integrating with human workflows in Service Manager. It provides templates and tools to define and monitor automated processes across infrastructure through connectors to various systems and platforms.
LOT-925 Installing and Configuring IBM Lotus Notes and Domino 8.5Marek Zawadzki
1. The document discusses the IBM Certified System Administrator – Lotus Notes and Domino 8.5 certification. It provides information about the restructuring of the certification paths, new exams, and exam details.
2. It describes how to set up directory assistance to enable searching secondary Domino and LDAP directories for user authentication when a user authenticates via web. The primary Domino directory will be searched first, followed by any secondary directories in the specified order.
3. It provides examples of setting up directory assistance for a secondary Domino directory and remote LDAP directory.
This document is a module from a Microsoft course on implementing DNS. It covers name resolution, installing a DNS server, and managing DNS zones. The key topics discussed include:
- How clients and servers resolve names using DNS, including the roles of DNS servers, zones, and records.
- Installing the DNS server role, including creating zones and configuring forwarding.
- Managing DNS zones, including the types of zones, dynamic updates, and Active Directory-integrated zones.
- Troubleshooting name resolution issues using tools like DNSCmd and Windows PowerShell cmdlets.
- A lab scenario instructing students to configure a domain controller as a DNS server, create host records, and set
This document provides an overview and lessons for deploying and managing Windows Server 2012 R2. It covers Windows Server 2012 R2 editions, the Server Core installation option, common roles and features, installation methods, and post-installation configuration steps. Later lessons introduce Windows PowerShell for automating server administration tasks and the use of Server Manager and remote management tools.
Directory Synchronization Single Sign-On in Office 365InnoTech
Directory synchronization and single sign-on in Office 365 allows organizations to synchronize their on-premises Active Directory with Office 365 and implement single sign-on for user authentication. The key steps include activating directory synchronization in the Office 365 admin center, preparing Active Directory, installing the directory synchronization tool, and configuring single sign-on using AD FS for federated authentication. This provides a single set of credentials for users to access both on-premises and Office 365 resources.
Similar to Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012 (20)
You’ve been told that you will need to go though Connections 6.0 to get to Connections PINK. We’ve been through the process already and can show you the best way to do it. From planning your data migration strategy, requirements and software upgrades, to time estimates and lessons learned and the all important documentation stage that everyone loves. Let us be the pain relief to your migrations headache (other antidotes are available).
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Einheitliches Management für IBM und Microsoft Collaborationen Plattformen.
Vorgehensmodell für Migration, Ausgangsbasis, Herausforderungen und "Best practices" Vorgehensweise und Demo Beispiele BCC, ClientGenie, MailProtect.
5. April 2017 / Hartmut Koch / BCC Unternehmensberatung
Anforderungen und Informationsquellen, dreistufige Realisierung, die Praxis, Live Demo von Schutzfunktionen und Exkurs: Risiken in der "nativen" IBM Domino Administration.
This webinar was recorded on 26th February 2017.
Tim Clark talks about how to stop data leaking from your IBM Domino datastore using BCC's DominoProtect.
Replay available here: https://youtu.be/Joqg4jVO-io
The document discusses administration of IBM Connections Cloud. It describes the different roles in administering the cloud service between IBM and the customer organization. It outlines tools for automating user provisioning and directory integration using an Integration Server. The Integration Server uses change files in CSV format to programmatically add/update users and profiles. However, the current Integration Server has limitations like a maximum of 200 operations per file. The document also discusses policy administration and issues in administering the cloud service, noting that the all-or-nothing administrator interface does not scale well. It proposes an internal administrative interface and service portal to help customers better manage the cloud service according to their organizational needs and policies.
Are IBM Domino Plug-ins your friends or enemies? Find out what our developer Teresa Deane have said on that subject at her session “My love-hate relationship with IBM Domino Plug-ins” at the IBM Connect 2016 in Orlando.
Building a plug-in for the Notes client is hard and you need to be a rocket scientist to write a simple menu extension. This is exactly, what I thought, when I first heard of plug-in development.
In this session, you will learn, how to setup an Eclipse environment, connect it to your Notes Client for debugging and testing, and finally deploy your plugin to your users. Become familiar with the basics, and you will no longer be scared.
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
This document summarizes an agenda for an XPages performance masterclass. The agenda covers many factors that affect XPages performance including hardware, network performance, client limitations, and coding practices. It also discusses tools for optimizing performance such as JavaScript/CSS aggregation, scoped variables, data contexts, partial refresh vs partial execution, and XPages preloading. Specific techniques are demonstrated such as reducing unnecessary computations in the JSF lifecycle and using scoped variables to dynamically compute values.
Sie betreiben ausgeklügelte Rechteverwaltung auf Ihrem Domino System, die Daten in den zahlreichen Datenbanken und Anwendungen sind gut abgesichert.
Wirklich?
Ist Ihr "Generalschlüssel" für den ID-Vault auch gut geschützt, oder wird die Server-ID unverschlüsselt verwendet?
Können Sie sicher gehen, dass die Gruppendokumente nicht unberechtigt geändert werden?
Wie breit sind weitreichende Administrationsrechte z.B. an Support-Kollegen "gestreut"?
BCC bietet mit DominoProtect eine Lösung, die mögliche Sicherheitslücken schließt, das Systemmanagement in komplexen Umgebungen vereinfacht und hilft Revisions- und Compliance-Anforderungen zu erfüllen.
Dieser Vortrag von der DNUG Frühjahrskonferenz 2014 in Karlsruhe bietet einen Einstieg in das Thema Sicherheit & Compliance in IBM Collaboration Infrastrukturen und beleuchtet insbesondere folgende Bereiche:
* Security Monitoring - wie Sie sicherheits- und systemkritische Änderungen in Ihrer IBM Domino Umgebung in Echtzeit überwachen
* Compliance - wie Änderungen oder sogar Zugriffe auf sensible Elemente zuverlässig verhindert und dokumentiert werden können
* Change Management - wie Konfigurationsänderungen nicht ohne Freigabe aktiviert und Rollback & Recovery mit nur einem Klick möglich werden
Geht ihren Servern der Speicherplatz aus? Erfahren Sie in dieser Präsentation von der BCCon 2014 Konferenz welche Möglichkeiten zur Abhilfe durch DAOS und andere Platzsparer bestehen.
Are your servers running out of space as more, and more complex data is sent thru or stored in applications on the servers? Are your users keep on sending bit like attachments again and again? Do standard tasks like compact or fixup last for ages or does your backup still runs during working hours? Learn how to benefit from build-in space saving features. Maximize disk space savings provided by Domino Attachment and Object Service (DAOS) and ensure that your environment is properly configured for best performance with this feature. Reduce network bandwidth when replicating databases between servers and increase mail quotas without using more disk space. As of Domino 9.0.1, DBMT is the swiss army knife for administrators. Learn about pre-allocating space to avoid file fragmentation during a copy-style compact. Ensure that a mail application in a clustered environment is always available and mail gets delivered while performing file compaction and other standard tasks
In this session, which has been presented after the Connect also at Rheinland Nachlese, Engage by BLUG and BCCon, we took you on the quest of strengthening the security while cutting costs for administration.
Daily administration of the IBM Domino environment can be manual, tedious and cost-intensive. Mismanagement can also pose significant security issues and can also result in legal ramifications.
Whether you need to cut costs in administration, save time spent on routine tasks, or make your audit team happy, there is help available.
Specialized in administration automation and security solutions, BCC has gained an unique insight in various Notes/Domino enviroments of more than 800 customers worldwide. In this session we will share the best practices on how to streamline IBM Notes and Domino administration, enhance system and process security, and ensure compliance with legal regulations.
* Automate the user, group, and app administration processes to reduce manual tasks and avoid human errors
* Implement strict compliance with corporate administration standards and reduce administration costs
* Prevent fraud / malicious actions from inside your company and ensure compliance with legal regulations
Geht ihren Servern der Speicherplatz aus?
Haben Sie mehr als einen (bit) identischen Anhang in Ihren Datenbanken gespeichert?
Dauern Standardaufgaben wie fixup ewig oder reicht die Zeit in den Nachtstunden für ein Backup nicht mehr aus?
Setzen Sie Datenbankquotas ein und ihre Anwender verlangen nach mehr Platz?
Haben Sie sich schon einmal gefragt, was passiert, wenn sie ein "load compact -c" ausführen?
Warum werden Datenbanken nicht auf das neueste ODS angehoben? Mache ich was falsch??
Wenn Sie eines oder mehrere dieser Fragen mit "JA" beantworten können, dann sind Sie in dieser Session richtig. Nutzen Sie den vorhandenen Speicherplatz durch den Einsatz von DAOS optimal aus.
Verkleinern Sie ihre Datenbanken; Design- und Documentdata compression helfen Ihnen dabei.
Reduzieren Sie die Netzwerkbandbreite bei der Replikation zwischen Servern und zwischen Clients und Servern,
und lernen Sie, wie Sie die Quota erweitern, ohne mehr Speicherplatz zu benötigen.
Geben Sie ihren Festplatten den nötigen "drive" durch regelmässige Defragmentierung. OpenNTF hilft Ihnen dabei.
Xpages Anwendungen lassen sich recht leicht per Drag & Drop und ein wenig Code erstellen. In den meisten Fällen reicht dies auch aus, wenn es um die Arbeit mit wenig Datensätzen geht und die Anwendung selber nicht sonderlich kompliziert ist. Dringt man aber tiefer in die Programmierung ein, so wird man nicht selten mit Performanceproblemen konfrontiert.
Die Session zeigt auf, wo in einer Anwendung ( und auch ausserhalb ) die Performancefresser stecken und wie man diesen auf die Schliche kommt. Die Installation des OpenNTF Xpages Toolkit und die Anwendung der Toolbox werden an einem praktischen Beispiel erläutert. Dabei wird aus einer anfänglich nicht performanten Anwendung Schritt für Schritt eine performante Applikation.
Agenda:
Performance, was kann bremsen ?
Java vs. JavaScript
Daten vorbereiten, ViewNavigator vs. GetNextDocument
Stringbuilder vs. Concat
Phase Listener
Partial Refresh / Partial Execute
Variable resolver
Nach der guten Resonanz des ersten Teils des Vortrages von Mirco Vilic auf der DNUG-Frühjahrskonferenz in Berlin 2013 "Deep Dive IBM Domino Mail Routing - Essentials & Best Practices" , präsentiert er nun den zweiten Teil, der ganz im Zeichen von Domino als SMTP Mailer steht. In diesem weiterführenden Vortrag beleuchten wir die Fähigkeiten des Domino Servers als SMTP Mailer auf fortgeschrittener Ebene. Dies beinhaltet die einfache Standard-Konfiguration, sowie alle weitergehenden Einstellungen, die für den täglichen Betrieb, sowie für die Fehlersuche, relevant sind,
Wir zeigen die Möglichkeiten, die uns Domino durch Notes.ini Parameter bietet, oder wie man mit Domino eine virtuelle SMTP Testumgebung einrichtet, die ein simples Testing von z.B. Mail-Management-Software ermöglicht.
? Geht ihren Servern der Speicherplatz aus?
? Haben Sie mehr als einen (bit) identischen Anhang in Ihren Datenbanken gespeichert?
? Dauern Standardaufgaben wie fixup ewig oder reicht die Zeit in den Nachtstunden für ein Backup nicht mehr aus?
? Setzen Sie Datenbankquotas ein und ihre Anwender verlangen nach mehr Platz?
? Haben Sie sich schon einmal gefragt, was passiert, wenn sie ein "load compact -c" ausführen?
? Warum werden Datenbanken nicht auf das neueste ODS angehoben? Mache ich was falsch??
Wenn Sie eines oder mehrere dieser Fragen mit "JA" beantworten können, dann sind Sie bei dieser Session richtig. Nutzen Sie den vorhandenen Speicherplatz durch den Einsatz von DAOS optimal aus.
--> Verkleinern Sie ihre Datenbanken; Design- und Documentdata compression helfen Ihnen dabei.
--> Reduzieren Sie die Netzwerkbandbreite bei der Replikation zwischen Servern und zwischen Clients und Servern, und lernen Sie, wie Sie die Quota erweitern, ohne mehr Speicherplatz zu benötigen.
--> Geben Sie ihren Festplatten den nötigen "drive" durch regelmässige Defragmentierung. OpenNTF hilft Ihnen dabei.
Zielgruppe sind Administratoren oder Entscheider, die mehr über Compact, DAOS und Defragmentierung wissen möchten.
Sie betreiben ausgeklügelte Rechteverwaltung auf Ihrem Domino System, die Daten in den zahlreichen Datenbanken und Anwendungen sind gut abgesichert.
Wirklich? Ist Ihr "Generalschlüssel" für den ID-Vault auch gut geschützt, oder wird die Server-ID unnverschlüsselt verwendet? Können Sie sicher gehen, dass die Gruppendokumente nicht unberechtigt geändert werden? Wie breit sind weitreichende Administrationsrechte z.B. an Support-Kollegen "gestreut"?
Der IBM Domino Server bietet umfangreiche Sicherheitsmechanismen. Die Konfiguration ist jedoch komplex, Sicherheitsprobleme können entstehen. Außerdem werden Protokollierung und Verhinderung von Änderungen aus Sicht der Revision seit der Einführung von Basel II und SOX immer wichtiger. Es geht dabei darum für Transparenz im Change Management von Infrastrukturen zu sorgen.
DominoProtect schließt mögliche Sicherheitslücken, vereinfacht das Konfigurationsmanagement in komplexen Umgebungen und hilft Revisions- und Compliance-Anforderungen zu erfüllen - bewährt in vielen Projekten bei großen und kleinen Organisationen, in zahlreichen deutschen und internationalen Finanzinstituten und bei führenden IT-Dienstleistern.
Ein Werkzeug-Spezialist muss Konstruktionspläne zur Druckerei schicken, die Personalabteilung will die Gehaltsabrechnungen nur noch elektronisch versenden, der Vorstand will vertraulich mit potentiellen Partnern im Ausland kommunizieren. Die Anforderungen für verschlüsselte Kommunikation per E-Mail sind vielfältig, die Notwendigkeit angesichts von PRISM & Co. nicht mehr weg zu diskutieren.
Einen schnellen und unkomplizierten Einstieg in die verschlüsselte E-Mail-Kommunikation bietet die PDF-basierte Instant Encryption Technologie der BCC. Damit wird sicher gestellt, dass die nach außen gehende Kommunikation vor Mitlesen und Manipulation geschützt ist. Wenn es "mehr" sein darf, können mit MailProtect Secure Mail alle denkbaren PKI-Szenarien zum Einsatz von S/MIME und PGP realisiert werden - mit zentraler serverbasierendern Durchführung der Verschlüsselung, Entschlüsselung, Signaturprüfung und Zertifikatsverwaltung.
More from BCC - Solutions for IBM Collaboration Software (20)
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Zilliz
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
2. Speaker introduction
CEO and founder of BCC in 1996
Working with Lotus Notes since Version 3 in 1993
• focused on Domino infrastructure
• CLP certification since Release 3
I am working
• with large enterprise customers as Senior Architect and
Project Manager
• to optimize Lotus Domino Infrastructure Managements
• with customers to enhance BCC products
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
3. AdminP History
AdminP was a major breakthrough in Release 4
Inspired by enterprise customers like Deutsche Bank who
had developed similar Server AddIn tasks for their
administration
• Domino Directory Management
• Central PKI Management with User IDs on Lotus Notes
• Tasks to change fields in databases
• Support Distributed Systems
• Better performance than agents
Continuous improvement in each Domino version
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
4. Architecture – Admin4
Admin4 Database
• Replica on each server (automatic deployment)
• Storage for Task documents and logs
• Users need access right to create documents in admin4.nsf (Notes Client
creates documents with users rights) - Archivar
How does a server know that he has to execute a task
• Check AdminP settings in server document
• Check for new task document in admin4.nsf
• Checks for its name or Wildcard
How does a server know that he has executed this task
• Keep in Memory
• Each server can write a log document
• Write a log document as response document to task document
Own Task for housekeeping (Delete Obsolete Change Requests)
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
5. Architecture AdminP Server task
AdminP Server Entry in ACL defines AdminP Server for this
Database
• Only one AdminP Server for each Database Replica
• Every Server can be AdminP Server
• Define “Administration Server for Databases” (next slide)
AdminP Options
• Do not modify names
• Modify all readers and authors fields
• Modify all names fields -> DO NOT USE for Mailfiles
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
6. Architecture AdminP Server task
Domino Directory ACL (SPECIAL)
• AdminP Server Entry defines your Directory Server in
your Domain
• Every adminp tasks changing documents in Domino
Directory is executed on that server
• Changes must be replicated !
• Do not change this if you have “open” adminp
request documents in admin4 !
DR procedure needs define how to handle AdminP
Server of DD
• Using cluster member is not a good idea
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
7. AdminP Task execution & replication
Server which performs AdminP tasks :
• AdminServer for Domino Directory
• Users Homeserver
• AdminP Server of each Database -> Wildcard
Requests
Task documents are distributed with admin4 replication
or direct deposit „replication“ in R8.x
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
8. AdminP Task execution & replication
AdminP will do changes just once !
Example
• Change ACL
• Executed at Database AdminP Server
• AdminP Server replicates ACL change to all
replicas
• Change of field entries
• Executed only at Database AdminP Server
• Replicate modified documents to all replicas
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
9. How to define “Administration Server for
Databases”
Dedicated Server vs. Multi purpose server
• Group Applications to same AdminP Server (AdminP
Hub)
• Define a dedicated AdminP Server for all
Applications
Extended Administration servers ?
• Idea: Split up workload to multiple servers
• Requires extended ACL
• Do not do this !!!
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
10. AdminRequest Document
One Standard form for all requests
All Fields start with Proxy...
• ProxyAction: contains current actioncode
• ProxyServer: server to perform the action
• ProxyAuthor: who has requested
• ...
Field ProxyAction
• Contains a list of all AdminP Request
• Field contains request numbers
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
11. All AdminP Requests – Field ProxyAction
Accelerated Create Replica|84
Add Information to Monitoring Report|130
Add Internet Certificate to Person Record|44
Add New Mailfile Fields|50
Add or Modify Group in Domino Directory|144
Add Resource|29
Add Server to Cluster|11
Approve Certificate Request|115
Approve Delete Person in Domino Directory|58
Approve Delete Server in Domino Directory|59
Approve Deletion of Hosted Organization Storage|139
Approve Deletion of Moved Replica|75
Approve Deletion of Private Design Elements|72
Approve Mail File Deletion|22
Approve New Public Key Request|117
Approve Person's Name Change Request|116
Approve Refused Name Change|106
Approve Rename Person in Domino Directory|60
Approve Rename Server in Domino Directory|61
Approve Replica Deletion|82
Approve Resource Deletion|31
Approve Revert Name Change|114
Certificate Authority Configuration To Be Signed|105
Certify New Certifier Key Request|171
Certify New Person Key Request|170
Certify New Server Key Request|169
Change HTTP Password in Domino Directory|127
Change the Server on which the Agent Runs|158
Change User Password in Domino Directory|35
Check Access for Move Replica Creation (time based execution)|151
Check Access for Move Replica Creation|33
Check Access for New Replica Creation (time based execution)|150
Check Access for New Replica Creation|32
Check Access for Non-cluster Move Replica (time based execution)|153
Check Access for Non-cluster Move Replica|65
Check Mail Server's Access (time based execution)|152
Check Mail Server's Access|45
Check Roaming Server's Access|93
Collect Monitoring Report Information|129
Configure Certificate Authority Publication|102
Copy Server's Certified Public Key|2
Create Hosted Organization Storage|135
Create IMAP Delegation Requests|131
Create Mail-In Database|64
Create Mailfile|24
Create Monitoring Report|128
Create New Mailfile Replica|49
Create Object Store|137
Create Replica|13
Create Roaming User's Replica Stubs|91
Create Roaming User's Replicas|94
Create Roaming User's Roaming Files|87
Create SSL Certificate and Keyring File|156
Delegate Mail File on Administration Server|149
Delegate Mail File on Home Server|167
Delegate Mail File|57
Delegate Web Mail File|78
Delete Group in Domino Directory|56
Delete Hosted Organization Storage|140
Delete Hosted Organization|132
Delete in Access Control List|17
Delete in Agent's Readers Field|165
Delete in Design Elements|177
Delete in Domino Directory|0
Delete in Person Documents|16
Delete in Reader/Author fields|18
Delete Mailfile|21
Delete Obsolete Change Requests|26
Delete Original Replica after Move|15
Delete Person in Domino Directory|54
Delete Person In Unread List|147
Delete Policy Record in Domino Directory|113
Delete Private Design Elements|74
Delete Replica After Move|69
Delete Replica|81
Delete Resource|30
Delete Server in Domain Catalog|111
Delete Server in Domino Directory|55
Delete Statistic Monitors in Domino Directory|7
Delete Unlinked Mailfile|23
Delete Vaulted User|181
Delete Web User in Domino Directory|126
Domain Catalog Configuration|77
Enable Server's SSL Ports in Domino Directory|157
Find Name in Domain|142
Get Hosted Organization Storage Information for Deletion|138
Get Mail File Information for Deletion|27
Get Replica Information for Deletion|79
Initiate Rename in Domino Directory|8
Initiate Web User Rename in Domino Directory|118
Maintain Server's Fault Recovery Settings|168
Maintain Trends Database Record|112
Modify CA Configuration in Domino Directory|99
Modify DB2 Access Connection|178
Modify ID Recovery Information in Domino Directory|146
Modify Room/Resource in Domino Directory|62
Modify User Information Stored in Domino Directory|97
Monitor New Mailfile Fields|51
Monitor Replica Stub|25
Monitor Roaming Server's Field in Person Record|90
Monitor Roaming User's Replica Stubs|148
Monitor Server's SSL Status in Domino Directory|166
Monitor Server Record for DB2 Fields|173
Move DB2 Tablespace to New Container|175
Move Person's Name in Hierarchy|6
Move Replica|14
Non Cluster Move Replica|66
Place Server's Notes Build Number into Server Record|3
Promote New Mail Server's Access|48
Promote New Roaming Server's Access|88
Push Changes to New Mail Server|53
Push Changes to New Roaming Server|100
Re-Initiate Rename in Domino Directory|110
Recertify Certificate Authority in Domino Directory|141
Recertify Cross Certificate in Domino Directory|136
Recertify Person in Domino Directory|10
Recertify Server in Domino Directory|9
Remove Certificate from Domino or LDAP Directory|98
Remove Certificate Revocation List from Domino or LDAP Directory|103
Remove Roaming User's Roaming Files|92
Remove Server from Cluster|12
Rename Group in Access Control List|42
Rename Group in Design Elements|180
Rename Group in Domino Directory|40
Rename Group in Person Documents|41
Rename Group in Reader/Author fields|43
Rename in Access Control List|1
Rename in Agent's Readers Field|164
Rename in Design Elements|176
Rename in Person Documents|19
Rename in Reader/Author fields|20
Rename in Shared Agents|162
Rename Person in Calendar Entries and Profiles in Mail File|39
Rename Person in Domino Directory|5
Rename Person in Free Time Database|38
Rename Person in Unread List|68
Rename Server in Domino Directory|4
Rename Web User in Access Control List|119
Rename Web User in Calendar Entries and Profiles in Mail File|124
Rename Web User in Design Elements|179
Rename Web User in Domino Directory|120
Rename Web User in Free Time Database|123
Rename Web User in Person Documents|121
Rename Web User in Reader/Author fields|122
Rename Web User in Unread List|125
Replace Mailfile Fields|52
Replace Roaming Server's Field in Person Record|89
Request Mail File Deletion|28
Request Replica Deletion|80
Request to Delete Moved Replica|76
Request to Delete Private Design Elements|73
Retract Person's Name Change|107
Set DB2 Password in Server's ID File|174
Set Directory Assistance Field|37
Set Directory Filename|86
Set Password Fields|34
Set User Name and Enable Scheduled Agent|108
Set Web Admin Fields|83
Set Web User Name and Enable Scheduled Agent|160
Sign Database with Server's ID File|101
Store Certificate in Domino or LDAP Directory|95
Store Certificate Revocation List in Domino or LDAP Directory|96
Store Cross Certificate in Domino or LDAP Directory|159
Store DB2 Information in Server Record|172
Store Directory Type in Server Record|85
Store Server's CPU count|67
Store Server's DNS Hostname in Server Record|70
Store Server's Platform in Server Record|71
Unrecognized Request|145
Unrecognized Request|154
Unrecognized Request|155
Unrecognized Request|36
Unrecognized Request|999
Update Client Information in Person Record|46
Update Delegated User's Mailfile List|104
Update External Domain Information|47
Update License Tracking Information in Domino Directory|109
Update Replica Settings|161
Update Roaming User Information in Person Record|134
Update Roaming User State in Person Record|133
Update Server's Protocol Information|63
Verify Hosted Organization Storage|143
Web Set Soft Deletion Expire Time|163
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
12. All AdminP Requests – Field ProxyAction
Accelerated Create Replica|84
Delete in Domino Directory|0
Rename Group in Person Documents|41
Add Information to Monitoring Report|130
Delete in Person Documents|16
Rename Group in Reader/Author fields|43
Add Internet Certificate to Person Record|44
Delete in Reader/Author fields|18
Rename in Access Control List|1
Add New Mailfile Fields|50
Delete Mailfile|21
Rename in Agent's Readers Field|164
Add or Modify Group in Domino Directory|144
Delete Obsolete Change Requests|26
Rename in Design Elements|176
Add Resource|29
Delete Original Replica after Move|15
Rename in Person Documents|19
Add Server to Cluster|11
Delete Person in Domino Directory|54
Rename in Reader/Author fields|20
Approve Certificate Request|115
Delete Person In Unread List|147
Rename in Shared Agents|162
Approve Delete Person in Domino Directory|58
Delete Policy Record in Domino Directory|113
Rename Person in Calendar Entries and Profiles in
Approve Delete Server in Domino Directory|59
Delete Private Design Elements|74
Mail File|39
Approve Deletion of Hosted Organization
Delete Replica After Move|69
Rename Person in Domino Directory|5
Storage|139
Delete Replica|81
Rename Person in Free Time Database|38
Approve Deletion of Moved Replica|75
Delete Resource|30
Rename Person in Unread List|68
Approve Deletion of Private Design Elements|72
Delete Server in Domain Catalog|111
Rename Server in Domino Directory|4
Approve Mail File Deletion|22
Delete Server in Domino Directory|55
Rename Web User in Access Control List|119
Approve New Public Key Request|117
Delete Statistic Monitors in Domino Directory|7
Rename Web User in Calendar Entries and Profiles
Approve Person's Name Change Request|116
Delete Unlinked Mailfile|23
in Mail File|124
Approve Refused Name Change|106
Delete Vaulted User|181
Rename Web User in Design Elements|179
Approve Rename Person in Domino Directory|60
Delete Web User in Domino Directory|126
Rename Web User in Domino Directory|120
Approve Rename Server in Domino Directory|61
Domain Catalog Configuration|77
Rename Web User in Free Time Database|123
Approve Replica Deletion|82
Enable Server's SSL Ports in Domino Directory|157 Rename Web User in Person Documents|121
Approve Resource Deletion|31
Find Name in Domain|142
Rename Web User in Reader/Author fields|122
Approve Revert Name Change|114
Get Hosted Organization Storage Information for Rename Web User in Unread List|125
Certificate Authority Configuration To Be
Deletion|138
Replace Mailfile Fields|52
Signed|105
Get Mail File Information for Deletion|27
Replace Roaming Server's Field in Person Record|89
Certify New Certifier Key Request|171
Get Replica Information for Deletion|79
Request Mail File Deletion|28
Certify New Person Key Request|170
Initiate Rename in Domino Directory|8
Request Replica Deletion|80
Certify New Server Key Request|169
Initiate Web User Rename in Domino Directory|118 Request to Delete Moved Replica|76
Change HTTP Password in Domino Directory|127
Maintain Server's Fault Recovery Settings|168
Request to Delete Private Design Elements|73
Change the Server on which the Agent Runs|158 Maintain Trends Database Record|112
Retract Person's Name Change|107
Change User Password in Domino Directory|35
Modify CA Configuration in Domino Directory|99
Set DB2 Password in Server's ID File|174
Check Access for Move Replica Creation (time based Modify DB2 Access Connection|178
Set Directory Assistance Field|37
execution)|151
Modify ID Recovery Information in Domino
Set Directory Filename|86
Check Access for Move Replica Creation|33
Directory|146
Set Password Fields|34
Check Access for New Replica Creation (time based Modify Room/Resource in Domino Directory|62
Set User Name and Enable Scheduled Agent|108
execution)|150
Modify User Information Stored in Domino
Set Web Deep Dive, Olaf Boerner, BCC
UKLUG 2012: AdminPAdmin Fields|83Enable Scheduled
Check Access for New Replica Creation|32
Directory|97
Set Web User Name and
13. AdminP and Security
AdminP is fully integrated within Domino Security
• ACL – even if AdminP is using local access
• Reader
• Encrypted and signed documents
How does adminp server task know that he has a "real"
task document ?
• You might copy and modify a task document
• "misused" server tasks might be dangerous
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
14. AdminP Security
Well we have a great PKI built in
AdminP Security relies on Signatures (Private Key)
• AdminP Documents are signed
• Signature will ensure "correct" task documents
• Modification will break signature
• Documents with broken signature will not be
executed !
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
15. AdminP Security Check
AdminP Security will check two fields :
• Name to perform the action on: User, Database or
Server
• Action requested by: User or Servername
• Entry must match signature !
• Entry will be checked with ACL and security
settings
Error Handling
• “You are not authorized to create new replica
databases on this server.”
• Check settings in server documents and ACL
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
16. Sidestep: Why your server ID needs a
password ?
Server ID can
• sign adminp documents
• Agents signed with server id can Create adminp docs
• Server ID can create „fake“ adminp requests
Runing ID Vault you need to secure your Domino Server
ID
• http://www-10.lotus.com/ldd/dominowiki.nsf/dx/securing-your-notes-id-vaultserver
• See Paul Mooneys 2012 AdminBlast Tip #42
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
17. AdminP and Security
Do never ever modify documents in adminP database !!!
Public key in person/server document must match with
key pair in idfile
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
18. AdminP Request Document
How to create AdminP Request Document
• Lotus AdminClient ->> 90%
• Script Agent – AdminP Class
• Server Tasks – AdminP API
Manually with Script / API
• Create a sample request
• Do some reengineering (field and values)
• Create a document and set all fields manually
• Sign the document !!!
Why do you need this ?
• Automation and batch processing
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
19. AdminP Interaction with Notes Client
Some tasks need interaction with Users
Interaction is done due to fields in person documents
and/or creating documents in admin4.nsf
• AdminP changes fields in person document
• Lotus Notes creates „response“ document in
admin4.nsf
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
20. AdminP Interaction with Notes Client
Example: Rename User
• Rename User > AdminP changes Field and Public key
in person document
• Lotus Notes Client checks at login for these field and
execute internal procedures inside Lotus Notes Client
• Notes Clients creates
• a „done successfull“ log document in admin4.nsf
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
21. AdminP Statistics
AdminP statistics reported to statrep.nsf
Useful to compare servers to see where AdminP activity
is high
Statistics (Sample from Domino Admin Help)
• ACLsModified
• ReaderAuthorModified
• ProfilesModified (mailfile)
• AppointmentsModified
• DirectoryDocumentsDeleted
• DirectoryDocumentsModified
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
22. AdminP Monitoring (even more important)
Monitoring
• How do you know when your AdminP task has completely
finished?
• Remember AdminP usually runs per User, Database etc !!!
Possible Solutions
• Create Monitoring Agent (run on server)
• which scans AdminP Request for response documents
• Create a report per Object
• Realtime “Scan” using Notes C API
• Analyzing Extension Manger Events before/after each
adminp execution
• Execute a monitoring action / log etc.
• Use Domino Domain Monitoring
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
23. AdminP – Monitoring „Enhanced Log“
Using DEBUG parameter for more useful information
about what AdminP is currently doing
• “DEBUG_ADMINP_REQUEST_PROCESSING=1”
• “DEBUG_ADMINP_REQUEST_PROCESSING=2”
DEBUG Output can be directed to text file
• “DEBUG_OUTFILE=<output file path>
Can be set using „set config“ at server console
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
25. Cross Domain AdminP
Most AdminP processes are only working inside a
domain which is the same admin4.nsf
• Not clear why !
Cross Domin AdminP Tasks are
• Rename User
• Delete User
• Rename Server
• Delete Server
• Create Replica
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
26. Cross Domain AdminP: How it works
Architecture
• AdminP will be sent “mails” from the source domain
to the target domain.
• mail will be created at the administration server of
the source domain
• Mail will be delivered directly to the admin4.nsf in
the target domain
• Mail will be processed as a adminp request document
Security
• Still relies on PKI and „Signature Validation“
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
27. Cross Domain AdminP: How to setup
Domino Directory
• Create cross certificate documents. Identify all required
certifiers !
• Create connection document to allow server to connect
to other domain
• Edit Domino Directory Profile: Who are allowed to create
Cross Domain Configuration in admin4.nsf
Admin4 Database
• Create Cross Domain Configuration document
• For each domain to import and
• For each domain to export request
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
29. Project: Mass recertification
Move a number of user to new Org Certifier
• Rename company name
• Recreate Certifier due to security issues
• Integrate a new company
• Split off company
Move in hierarchy adminP for name change
• Two approvals for each user
• Response documents might be an issue or
nightmare
• No view update for admin4.nsf
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
30. AdminP limitations -> „Renames“
AdminP-Process Expiration
• Enlarge the interval for user to accept the name
change request. Default interval is 21 days. (can be
configured from 14 – 60 days)
• it is strictly necessary that User connects to his
server during that period to start the AdminP
• If a name change request expires, the user will be
reverted to it’s old username!
Same behaviour with ID Vault ! Error in Documentation.
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
31. AdminP Rename
What happens after User accept rename request ?
Notes Client is changing User Name in current ID File
ID File get synchronized with ID Vault
What happened with old user name
• It is still there !!!
• User ID contains old and new user name
• User can access Database which still have ist old
names in ACL
• Old User name get removed after expiration date
• You will not receive Help Desk Calls before
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
32. AdminP limitations -> „Renames“
Manual interaction required
• Admin must confirm execution,
• Move Certifier
• Move Mailfile
• User must "confirm" execution
• Login / Access to server
• No pass thru server or replication access !!!
Same behaviour with ID Vault ! Error in Documentation
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
33. AdminP – Project Troubleshooting
User currently not working in Lotus Notes (21 – 60 days
expiration)
• Avoid absent User: In average 15% - 20% of all users
are not taking part in the daily working process.
• Define a Workaround for absent users with your
Audit Department or write an server tasks (C-API)
User is using a wrong ID (public key does not match to
AdminP request)
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
34. AdminP limitations -> „Renames“
ACL Settings „Modify / Do not modify names“ in each
database must be set properly
Solution
• New request: “Rename Person in Calendar Entries
and Profiles in Mail File Extended
• Overwrites ACL Setting
• Renaming users in ACLs, Calendar profiles, C&S
documents
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
35. AdminP limitations -> „Renames“
AdminP does not handle text fiedls
• Check your application using text field for application logic !
AdminP will not modify profile documents
• Check applications for profile documents using Reader / Author /
Names fields
AdminP does not modify wildcards (*USR/BCC)
• Check applications for use of wildcards in Reader / Author / Name
fields
• adjusted manually or by agent
The Administration Process can not modify encrypted documents.
• Reader / Author / Names fields in encrypted documents must be
adjusted manually by the user, who has encrypted the document.
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
36. AdminP limitations -> „Renames“
Default: AdminP scans all documents for reader, author or
names fields in a Database
Creating an AdminP View in an application with name
$AdminP
• Only documents which appear in that view will be
considered and processed
• Be careful
AdminP in R8.x is using namelist for Rename
• namelist contains all users in that database
• Requires ODS 48
• If AdminP does not find the username in the namelist, it
does not search that database
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
37. Mass Recertification – admin4 size issues
Domain size consideration belong to AdminP Size
• AdminP Database can grow to enormous sizes
• Number of documents are an issue
• Response documents slow down indexer tasks
Local AdminP Tasks and response documents will be
replicated to all admin4 databases
• User in Tokio will change ACL of Mailfile
• User Creates ACL Change Request in admin4 on his
current mail server
• Tokio Server will execute AdminP task document and
creates log document
• Documents will replicate to whole domain
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
38. Mass Recertification – admin4 size issues
Recertification tasks are part of the ordinary user
management in Domino
Issues start with mass data / batch requests
Admin4.nsf database size
• admin4.nsf with 300.000 documents (1,5 – 2 GB size)
will have performance issues
• Replicator tasks requires index update
• Example “Move User in Hierarchy”:
Example „Move User in Hierarchy“
• The request requires 11 requests documents
• 20.000 users
• 50 Servers
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
39. Mass Recertification – admin4 size issues
Request
Log Docs for 50
Server
Server
Timing
Move Person's Name in Hierarchy
1
Directory Server
Requires administrator approval in
Administration Requests database
Initiate Rename in Domino Directory
1
AdminP Server
Interval
Rename Person in Domino Directory
1
AdminP Server
Interval
Rename in Person Documents
1
AdminP Server
Execute once a day requests at
Rename Person in Unread List
50
One per Server
Execute once a day requests at
Rename in Access Control List
50
One per Server
Interval
Rename in Design Elements
50
One per Server
Delayed
Rename Person in Free Time Database
1
Mail Server
Immediate
Rename Person in Calendar Entries and
Profiles in Mail File
1
Mail Server
Immediate
Rename in Reader / Author Fields
50
One per Server
Start Executing On
Start Executing At
Rename Person in Address Book
1
AdminP Server
Multi Domain Configuration
Summary per User
207
20.000 User
4.140.000 documents!!!
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
40. Mass Recertification – Replication Issues
Replication of names.nsf and admin4.nsf are critical !
• Domino Directory has to replicate before Administration
Database !!!
• Otherwise you may get errors that have to be corrected
manually (i.e. “Rename Person in Domino Directory” fails
because Domino Directory was not updated)
In the replication settings the value to purge documents shall
be set to 7 days on all replicas (not more than 14 days)
Prevent replication to all servers using replication formula:
• select (Form='AdminRequest') |
(ProxyServername=@username)
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
41. Mass Recertification – Replication Issues
R8 is using Direct Deposit Feature by default
• Automatically „replicate“ requests
• AdminP requests can be directly deposited to „target
server“ admin4.nsf
• Wildcard requests must be replicated
Also enabled at the client
• Example: Change HTTP Password in Domino Directory
• You need direct access to the target server
Disable with notes.ini parameter
ADMINP_DONT_ATTEMPT_DIRECT_DEPOSIT=1
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
42. Mass Recertification – Performance
AdminP Tasks carried out on every server
• Rename in Reader/Author fields
• Rename in Access Control List
• Rename in Design Element
Time consuming tasks and will have performance impact
Performance Problems while processing the AdminP
• Indexing admin4
• Searching fields in Databases
Check AdminP Threads settings
• Default 3
• Check if you have idle tasks and CPU time
• Increase to 10 Threads max
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
43. Best Practice performance issues
Servertask configuration
• Change “daily” and “delayed” request execution to “non
working times”.
• Use suspend AdminP at when you see performance
issues on mail servers
• Reduce the amount of (log) documents. A server that
has nothing done during the rename process should not
report. (server task configuration)
Split up threads in Domino 8 (max 10)
• ADMINP_IMMEDIATE_THREAD=X
• ADMINP_INTERVAL_THREAD=X
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
44. Best Practice performance issues
Change AdminP Task execution
•
•
•
•
ADMINP_IMMEDIATE_OVERRIDE= x, x, x
ADMINP_INTERVAL_OVERRIDE=X, X, X
ADMINP_DAILY_OVERRIDE=X
ADMINP_DELAYED_OVERRIDE=X
Example (see Admin Help)
• Rename in Access Control List
• Interval
• Number 1.00
• Rename in Reader/Author Fields
• Delayed
• Number 20.00
Be careful !!!
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC
45. Best Practice to avoid performance issues
Kepp Admin4 small
• Plan renaming “waves”
• Do not rename all user at the same day
Clean-up Admin4
• reduce the amount of Admin4 documents.
• User that has been renamed successfully should not
stay in admin4.nsf
Replication
• Check Use of selective replication formula
• Ensure fast and reliable replication
UKLUG 2012: AdminP Deep Dive, Olaf Boerner, BCC