Domino Server Health - Monitoring and ManagingGabriella Davis
If you're a Domino administrator how do you decide what to monitor on your servers and how to manage them ? What are the key things to monitor? How do good practice management tools such as statistics reporting, DDM, cluster symmetry, database repair and policy settings make your work lighter and faster. Finally we’ll talk about some of the “must dos” in the day, week and month of a Domino admin.
Presented at Engage.ug in Brussels May 2019
Admin Tips In 60 Minutes
In this high speed session I take you through the best admin tips for Domino, Notes, Sametime, Traveler and more. From notes.ini values, to server configuration settings and valuable customisations.
Some tips will be new to v10 and some have been around but rarely used for years.
Whatever your experience there will be something new for you to take away and enjoy.
Presented at Engage.ug in Brussels May 2019
In this session (reloaded for Notes V11), you will learn how easy it can be to maximize Notes client performance. Let Chris show you, what can be tuned and how to resolve the best possible performance for your Notes client infrastructure. Discover tips and tweaks - how to debug your Notes client, deal with outdated ODS, network latency and application performance issues and the measurable benefit that provides to your users. You’ll discover the current best practices for streamlining location and connection documents and why the catalog.nsf is still so important. You will leave the session with the knowledge you need to improve your Notes V11 client installations and to provide a better experience for happier administration and happier end-users!
Presentation from Engage 2022 in Bruges
From day to day administration to advanced configuration from automated maintenance to running the best multi client mail server on the market, from advanced security to data access.
Domino Server Health - Monitoring and ManagingGabriella Davis
If you're a Domino administrator how do you decide what to monitor on your servers and how to manage them ? What are the key things to monitor? How do good practice management tools such as statistics reporting, DDM, cluster symmetry, database repair and policy settings make your work lighter and faster. Finally we’ll talk about some of the “must dos” in the day, week and month of a Domino admin.
Presented at Engage.ug in Brussels May 2019
Admin Tips In 60 Minutes
In this high speed session I take you through the best admin tips for Domino, Notes, Sametime, Traveler and more. From notes.ini values, to server configuration settings and valuable customisations.
Some tips will be new to v10 and some have been around but rarely used for years.
Whatever your experience there will be something new for you to take away and enjoy.
Presented at Engage.ug in Brussels May 2019
In this session (reloaded for Notes V11), you will learn how easy it can be to maximize Notes client performance. Let Chris show you, what can be tuned and how to resolve the best possible performance for your Notes client infrastructure. Discover tips and tweaks - how to debug your Notes client, deal with outdated ODS, network latency and application performance issues and the measurable benefit that provides to your users. You’ll discover the current best practices for streamlining location and connection documents and why the catalog.nsf is still so important. You will leave the session with the knowledge you need to improve your Notes V11 client installations and to provide a better experience for happier administration and happier end-users!
Presentation from Engage 2022 in Bruges
From day to day administration to advanced configuration from automated maintenance to running the best multi client mail server on the market, from advanced security to data access.
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
While installing a new HCL Domino server is a relatively straight forward task, configuring the server properly requires knowledge. Lacking this knowledge means that several key steps may be missed resulting in a server with potential security and performance issues. Additionally there are several key features that will save you time on administration of the server. Domino server settings also affect the performance and security of custom applications. Even if you are a developer you should be aware of the options available when configuring a server.
Join our incredibly experienced presenters as they share their many years of Domino expertise. They will cover the finer details to correctly setup a Domino server environment that is optimized for performance, security and sustainable administration. Plus use this information presented in this webinar to modify and improve your existing server environment.
Presenters:
Heather Hottenstein, HCL Ambassador
Roberto Boccadoro, HCL Ambassador
Serdar Basegmez, HCL Ambassador
Additonal Panelists (Q and A)
John Paganetti, HCL
How to deliver industry standard browser security to the native Domino HTTP stack, using company-wide wildcard certificates deployed across all platforms.
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Serverpanagenda
Aufnahme: http://pan.news/20210420de
Abstract: Server sind das Rückgrat Ihrer IT-Umgebung. Deren Sicherheit ist für jeden IT-Profi von größter Bedeutung. Besonders bei Servern mit Fernzugriff wird dies zu einer heiklen Angelegenheit. Es ist ein schmaler Grat zwischen der komfortablen Nutzung auf der einen Seite und dem Schutz gegen Angreifer auf der anderen Seite.
Zu den Sicherheitsbedenken gehören die mangelnde physische Sicherheit von Geräten, die Verwendung ungesicherter Netzwerke, die ungewollte externe Verfügbarkeit interner Ressourcen und der unbefugte Zugriff aus dem eigenen Unternehmen.
HCL Domino ist eine leistungsfähige und ausgereifte Serverplattform mit einem großen Funktionsumfang. Das macht sie zwar zu einer guten Wahl für viele Anwendungen, bedeutet aber auch, dass es viele potenzielle Möglichkeiten gibt, sich angreifbar zu machen.
In diesem Webinar helfen Ihnen unsere Experten, jeden Aspekt der Absicherung Ihrer Domino-Umgebungen zu betrachten:
• Lernen Sie die Grundlagen der Domino-Server-Sicherheit kennen
• Beheben Sie Probleme mit der Standardkonfiguration und vermeiden Sie häufige Fallstricke
• Sorgen Sie für einen sicheren Zugriff über Notes-Client, HTTP oder SMTP
• Richten Sie eine Datenbank-Zugriffskontrolle für Ihre gesamte Infrastruktur ein
• Schützen Sie Ihre Server vor internen Angriffen
• Vermeiden Sie Schwachstellen, indem Sie Domino-Server und Betriebssystem auf dem neuesten Stand halten
How to configure IWA / SPNEGO for IBM Domino enabling Windows authenticated users to access Domino web applications without being prompted for further authentication
Fast. Dangerous. Always in control.
Learn the dirty secrets of the Notes Client and how you can turn them into golden features that will make you shine. You will leave the workshop equipped with new knowledge for your next Notes Client deployment and/or optimization project. You will be able to get better Notes client performance and stability by using less of the system resources, like CPU, Memory and File I/O – just because of the right tailor-made configuration of the Notes client for your very own system requirements. Get geared up for your next Notes V11 deployment with the best-practice tips to get Notes Clients deployed, configured, maintained and ‘finally’ loved by your users.
Don’t forget, IBM Notes V11 is not far away from being released.
AdminP is an elementary server task for your IBM Lotus Domino Administration. This session explains which administration processes are available and how those can make your day-to-day administration tasks easier. We will cover the best practices for setup and troubleshooting using AdminP, in projects like recertifications and server consolidations.
Session from NCUG. Stockholm 12.06.2019.
Basic Domino Performance Tuning. Ideas how to improve performance, statistics how to get information that we have issues and how to fix them
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...Howard Greenberg
In this webinar OpenNTF members will discuss the Domino/Notes 12 features they like and suggest for everyone to check out!
The topics and speakers will be:
Time-based One-time Authentication (TOTP) - Roberto Boccadoro
TOTP allows multi-factor authentication. When users login to a Domino web server they have to provide a time-based one-time use password in addition to their usual name/password. This is done using a third party application like Google Authenticator, Authy or Duo Mobile on their mobile devices/computers.
Domino OSGI Tasklet Service (DOTS) - Serdar Basegmez
Create Domino server tasks using Java OSGI plugins. These can be scheduled and can interface with the server console using TELL commands.
One Touch Setup for Domino - Roberto Boccadoro
In previous versions of HCL Domino, setting up a Domino server involved multiple steps. Starting with Domino 12, you can use one-touch Domino setup to set up a server in just a single step.
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
Are you looking to deploy Domino V10 but don’t know where to start? Upgrade servers or clients first? Should I upgrade the ODS? If you have questions like these, this session is for you. Get a complete understanding of the process to upgrade to Domino V10, and learn from best practices and tips from the field.
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehtspanagenda
Webinar Recording: https://www.panagenda.com/webinars/zusammenfuhrung-von-hcl-nomad-web-und-domino-ohne-safelinx-so-gehts/
HCL Nomad Web ist der Weg in die Zukunft. Die Benutzer können frei entscheiden, wann, wo und wie sie die Anwendung nutzen wollen. Das ermöglicht nicht nur größere betriebliche Flexibilität, sondern trägt auch zu einer höheren Mitarbeiterbindung und Produktivität bei. Und wenn Sie HCL Nomad Web und Domino ohne SafeLinx betreiben, wird der Weg in die Zukunft noch viel einfacher.
Nun, Ihr Ziel ist gesteckt. Sie wollen Nomad Web nutzen – den neuen Client im Browser. Dabei gibt es leider noch einige Hürden zu überwinden. Glücklicherweise beseitigt Domino 12.0.2 eine große Hürde. Der neue Nomad Web Server auf Domino macht es möglich, dass Nomad Web direkt mit Domino kommuniziert. SafeLinx ist nunmehr optional. Es geht auch ohne zusätzliche Komplexität.
Nehmen Sie am 13. Dezember an diesem Webinar teil, in dem Marc Thomas, HCL Ambassador & panagenda Senior Consultant, Ihnen Tipps und Tricks aus der Praxis zeigt. Erwerben Sie die Fähigkeiten, die Sie benötigen, um Nomad Web direkt mit Domino zu betreiben und HCL Nomad Web und Domino ohne SafeLinx zu nutzen. Sie erhalten in diesem Webinar ein fertiges Rezept, mit dem Sie in Ihrer Umgebung loslegen können.
In unserem Webinar über die Ausführung von HCL Nomad-Konfigurationen auf jedem Gerät haben wir Ihnen gezeigt, dass MarvelClient Roaming Ihnen helfen kann, viele Herausforderungen zu lösen. Es ermöglicht Ihnen die automatische Sicherung, Wiederherstellung und gemeinsame Nutzung von Konfigurationen (Desktop, aktuelle Anwendungen, Einstellungen und mehr) auf verschiedenen Geräten mit Nomad. Es lädt Konfigurationen auf Ihre Domino-Server hoch, sobald sie geändert werden, und aktualisiert dann auf transparente Weise alle aktuellen und neuen Geräte, die von derselben Person verwendet werden, mit minimalen Netzwerk- und Verarbeitungsanforderungen. Dieses Mal gehen wir noch ein bisschen weiter.
Dabei gehen wir besonders auf die folgenden Themen ein:
- Inbetriebnahme von HCL Nomad Web und Domino ohne SafeLinx
- Wie Sie Nomad Web Server schnell installieren und konfigurieren
- Wie der Nomad Web Server aus der Sicht eines Benutzers funktioniert
- Szenarien, in denen der Einsatz von SafeLinx weiterhin sinnvoll ist
IBM Connect 2014 BP103: Ready, Aim, Fire: Mastering the Latest in the Adminis...Benedek Menesi
This session has been presented in the Best Practices track at the IBM Connect conference in Orlando, FL, USA, January 2014.
--
Being armed with the newest set of weapons is crucial for not being left behind when it comes to efficiently administering your servers. The number of new features added to recent IBM releases is staggering, yet workload time constraints cause us to stick to our old ways of doing things despite the opportunity to increase our effectiveness and thereby efficiency. In this in-depth, problem/solution formatted session we’ll discuss some of the latest and greatest features for administering IBM Domino, IBM iNotes and IBM Traveler through customer examples and real world scenarios. We’ll share best practices that allowed us to successfully solve architecture challenges in critical areas such as security, mail routing, replication, web/mobile capabilities and more.
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...Christoph Adler
Come join this jam packed workshop covering 100 new things in Notes, Nomad Web & MarvelClient you don't want to miss! Get to know the latest and greatest about Nomad Web 1.0.3/1.0.4, SafeLinx 1.2.1.1, Notes 12.0.1 FP1, and the all new Document Properties Plugin. Take away Client Upgrade Best Practices, best Performance & Stability tips, and how to make your Notes client look all new and shiny. Your hosts will be Christoph Adler and Florian Vogler, who will make sure that you will have a lot of fun and take a ton of knowledge and value along with you! We are very much looking forward to seeing you and frying your brains!
BP101 - Can Domino Be Hacked? Lessons We Can Learn From the Security Community from MWLUG-2017 with Howard Greenberg and Andrew Pollack
The Open Web Application Security Project (OWASP) is an open source community dedicated to improving software security. OWASP publishes a Top 10 list of common security issues in web applications with suggestions on how to alleviate them. This session will examine the OWASP Top Ten list of security suggestions and relate them to the Domino world and how you can better secure your Notes and Domino applications. Both administrators and developers will gain valuable insights into how to best protect sensitive information we maintain in our Domino environments!
ConnectED2015: IBM Domino Applications in BluemixMartin Donnelly
IBM ConnectED 2015 Abstract:
This session will show how Bluemix enables you to deploy Domino applications to the cloud in a matter of minutes. We will demonstrate how to leverage Bluemix buildpacks like XPages and Node.js both to modernize Domino applications and to give them a new home on a highly scalable and resilient PaaS. You will learn how to mix and match Bluemix runtimes and services to create Domino cloud apps rapidly, stage them privately and put them into production. You'll see how to use cutting edge tooling to monitor and manage your apps. This is the future.
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
While installing a new HCL Domino server is a relatively straight forward task, configuring the server properly requires knowledge. Lacking this knowledge means that several key steps may be missed resulting in a server with potential security and performance issues. Additionally there are several key features that will save you time on administration of the server. Domino server settings also affect the performance and security of custom applications. Even if you are a developer you should be aware of the options available when configuring a server.
Join our incredibly experienced presenters as they share their many years of Domino expertise. They will cover the finer details to correctly setup a Domino server environment that is optimized for performance, security and sustainable administration. Plus use this information presented in this webinar to modify and improve your existing server environment.
Presenters:
Heather Hottenstein, HCL Ambassador
Roberto Boccadoro, HCL Ambassador
Serdar Basegmez, HCL Ambassador
Additonal Panelists (Q and A)
John Paganetti, HCL
How to deliver industry standard browser security to the native Domino HTTP stack, using company-wide wildcard certificates deployed across all platforms.
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Serverpanagenda
Aufnahme: http://pan.news/20210420de
Abstract: Server sind das Rückgrat Ihrer IT-Umgebung. Deren Sicherheit ist für jeden IT-Profi von größter Bedeutung. Besonders bei Servern mit Fernzugriff wird dies zu einer heiklen Angelegenheit. Es ist ein schmaler Grat zwischen der komfortablen Nutzung auf der einen Seite und dem Schutz gegen Angreifer auf der anderen Seite.
Zu den Sicherheitsbedenken gehören die mangelnde physische Sicherheit von Geräten, die Verwendung ungesicherter Netzwerke, die ungewollte externe Verfügbarkeit interner Ressourcen und der unbefugte Zugriff aus dem eigenen Unternehmen.
HCL Domino ist eine leistungsfähige und ausgereifte Serverplattform mit einem großen Funktionsumfang. Das macht sie zwar zu einer guten Wahl für viele Anwendungen, bedeutet aber auch, dass es viele potenzielle Möglichkeiten gibt, sich angreifbar zu machen.
In diesem Webinar helfen Ihnen unsere Experten, jeden Aspekt der Absicherung Ihrer Domino-Umgebungen zu betrachten:
• Lernen Sie die Grundlagen der Domino-Server-Sicherheit kennen
• Beheben Sie Probleme mit der Standardkonfiguration und vermeiden Sie häufige Fallstricke
• Sorgen Sie für einen sicheren Zugriff über Notes-Client, HTTP oder SMTP
• Richten Sie eine Datenbank-Zugriffskontrolle für Ihre gesamte Infrastruktur ein
• Schützen Sie Ihre Server vor internen Angriffen
• Vermeiden Sie Schwachstellen, indem Sie Domino-Server und Betriebssystem auf dem neuesten Stand halten
How to configure IWA / SPNEGO for IBM Domino enabling Windows authenticated users to access Domino web applications without being prompted for further authentication
Fast. Dangerous. Always in control.
Learn the dirty secrets of the Notes Client and how you can turn them into golden features that will make you shine. You will leave the workshop equipped with new knowledge for your next Notes Client deployment and/or optimization project. You will be able to get better Notes client performance and stability by using less of the system resources, like CPU, Memory and File I/O – just because of the right tailor-made configuration of the Notes client for your very own system requirements. Get geared up for your next Notes V11 deployment with the best-practice tips to get Notes Clients deployed, configured, maintained and ‘finally’ loved by your users.
Don’t forget, IBM Notes V11 is not far away from being released.
AdminP is an elementary server task for your IBM Lotus Domino Administration. This session explains which administration processes are available and how those can make your day-to-day administration tasks easier. We will cover the best practices for setup and troubleshooting using AdminP, in projects like recertifications and server consolidations.
Session from NCUG. Stockholm 12.06.2019.
Basic Domino Performance Tuning. Ideas how to improve performance, statistics how to get information that we have issues and how to fix them
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...Howard Greenberg
In this webinar OpenNTF members will discuss the Domino/Notes 12 features they like and suggest for everyone to check out!
The topics and speakers will be:
Time-based One-time Authentication (TOTP) - Roberto Boccadoro
TOTP allows multi-factor authentication. When users login to a Domino web server they have to provide a time-based one-time use password in addition to their usual name/password. This is done using a third party application like Google Authenticator, Authy or Duo Mobile on their mobile devices/computers.
Domino OSGI Tasklet Service (DOTS) - Serdar Basegmez
Create Domino server tasks using Java OSGI plugins. These can be scheduled and can interface with the server console using TELL commands.
One Touch Setup for Domino - Roberto Boccadoro
In previous versions of HCL Domino, setting up a Domino server involved multiple steps. Starting with Domino 12, you can use one-touch Domino setup to set up a server in just a single step.
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
Are you looking to deploy Domino V10 but don’t know where to start? Upgrade servers or clients first? Should I upgrade the ODS? If you have questions like these, this session is for you. Get a complete understanding of the process to upgrade to Domino V10, and learn from best practices and tips from the field.
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehtspanagenda
Webinar Recording: https://www.panagenda.com/webinars/zusammenfuhrung-von-hcl-nomad-web-und-domino-ohne-safelinx-so-gehts/
HCL Nomad Web ist der Weg in die Zukunft. Die Benutzer können frei entscheiden, wann, wo und wie sie die Anwendung nutzen wollen. Das ermöglicht nicht nur größere betriebliche Flexibilität, sondern trägt auch zu einer höheren Mitarbeiterbindung und Produktivität bei. Und wenn Sie HCL Nomad Web und Domino ohne SafeLinx betreiben, wird der Weg in die Zukunft noch viel einfacher.
Nun, Ihr Ziel ist gesteckt. Sie wollen Nomad Web nutzen – den neuen Client im Browser. Dabei gibt es leider noch einige Hürden zu überwinden. Glücklicherweise beseitigt Domino 12.0.2 eine große Hürde. Der neue Nomad Web Server auf Domino macht es möglich, dass Nomad Web direkt mit Domino kommuniziert. SafeLinx ist nunmehr optional. Es geht auch ohne zusätzliche Komplexität.
Nehmen Sie am 13. Dezember an diesem Webinar teil, in dem Marc Thomas, HCL Ambassador & panagenda Senior Consultant, Ihnen Tipps und Tricks aus der Praxis zeigt. Erwerben Sie die Fähigkeiten, die Sie benötigen, um Nomad Web direkt mit Domino zu betreiben und HCL Nomad Web und Domino ohne SafeLinx zu nutzen. Sie erhalten in diesem Webinar ein fertiges Rezept, mit dem Sie in Ihrer Umgebung loslegen können.
In unserem Webinar über die Ausführung von HCL Nomad-Konfigurationen auf jedem Gerät haben wir Ihnen gezeigt, dass MarvelClient Roaming Ihnen helfen kann, viele Herausforderungen zu lösen. Es ermöglicht Ihnen die automatische Sicherung, Wiederherstellung und gemeinsame Nutzung von Konfigurationen (Desktop, aktuelle Anwendungen, Einstellungen und mehr) auf verschiedenen Geräten mit Nomad. Es lädt Konfigurationen auf Ihre Domino-Server hoch, sobald sie geändert werden, und aktualisiert dann auf transparente Weise alle aktuellen und neuen Geräte, die von derselben Person verwendet werden, mit minimalen Netzwerk- und Verarbeitungsanforderungen. Dieses Mal gehen wir noch ein bisschen weiter.
Dabei gehen wir besonders auf die folgenden Themen ein:
- Inbetriebnahme von HCL Nomad Web und Domino ohne SafeLinx
- Wie Sie Nomad Web Server schnell installieren und konfigurieren
- Wie der Nomad Web Server aus der Sicht eines Benutzers funktioniert
- Szenarien, in denen der Einsatz von SafeLinx weiterhin sinnvoll ist
IBM Connect 2014 BP103: Ready, Aim, Fire: Mastering the Latest in the Adminis...Benedek Menesi
This session has been presented in the Best Practices track at the IBM Connect conference in Orlando, FL, USA, January 2014.
--
Being armed with the newest set of weapons is crucial for not being left behind when it comes to efficiently administering your servers. The number of new features added to recent IBM releases is staggering, yet workload time constraints cause us to stick to our old ways of doing things despite the opportunity to increase our effectiveness and thereby efficiency. In this in-depth, problem/solution formatted session we’ll discuss some of the latest and greatest features for administering IBM Domino, IBM iNotes and IBM Traveler through customer examples and real world scenarios. We’ll share best practices that allowed us to successfully solve architecture challenges in critical areas such as security, mail routing, replication, web/mobile capabilities and more.
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...Christoph Adler
Come join this jam packed workshop covering 100 new things in Notes, Nomad Web & MarvelClient you don't want to miss! Get to know the latest and greatest about Nomad Web 1.0.3/1.0.4, SafeLinx 1.2.1.1, Notes 12.0.1 FP1, and the all new Document Properties Plugin. Take away Client Upgrade Best Practices, best Performance & Stability tips, and how to make your Notes client look all new and shiny. Your hosts will be Christoph Adler and Florian Vogler, who will make sure that you will have a lot of fun and take a ton of knowledge and value along with you! We are very much looking forward to seeing you and frying your brains!
BP101 - Can Domino Be Hacked? Lessons We Can Learn From the Security Community from MWLUG-2017 with Howard Greenberg and Andrew Pollack
The Open Web Application Security Project (OWASP) is an open source community dedicated to improving software security. OWASP publishes a Top 10 list of common security issues in web applications with suggestions on how to alleviate them. This session will examine the OWASP Top Ten list of security suggestions and relate them to the Domino world and how you can better secure your Notes and Domino applications. Both administrators and developers will gain valuable insights into how to best protect sensitive information we maintain in our Domino environments!
ConnectED2015: IBM Domino Applications in BluemixMartin Donnelly
IBM ConnectED 2015 Abstract:
This session will show how Bluemix enables you to deploy Domino applications to the cloud in a matter of minutes. We will demonstrate how to leverage Bluemix buildpacks like XPages and Node.js both to modernize Domino applications and to give them a new home on a highly scalable and resilient PaaS. You will learn how to mix and match Bluemix runtimes and services to create Domino cloud apps rapidly, stage them privately and put them into production. You'll see how to use cutting edge tooling to monitor and manage your apps. This is the future.
BP204 - Take a REST and put your data to work with APIs!Craig Schumann
Today, the web is buzzing with the talk about web APIs. It seems that everyone - Facebook, Twitter, Netflix - has some sort of API you can use to integrate with their services. APIs are fundamental to how services on the web work today and data is the new currency. Knowing how to put them to work or how to roll your own can be a huge addition to your development toolbox. This session is all about web-based APIs (like REST). If you have only the vaguest idea about what an API is, or have ever wondered what REST was all about -- then this session is for you! We'll cover examples of using common public APIs and how you can put them to work in your own apps, and how to go about creating your own APIs, or use the REST services in IBM Domino.
Two years ago enabling your site with SSL was a simple affair, buy a certificate or create your own, install it then just remember to renew it every couple of years. Then suddenly security holes are being found in SSL virtually every month , popular browsers stop connecting to your site to protect themselves, and you’re continually being told your users data is at risk. In this session we will discuss how it all went wrong and can go wrong again then go through each step of requesting, generating and deploying a 4096 SHA-2 certificate to use in a keyfile by Domino, IBM Connections, IBM Sametime and other WebSphere products. If you work with these IBM products and need to secure them as strongly as possible this session will show you how."
IBM Presents the IBM Notes and Domino RoadmapTeamstudio
Barry Rosen, IBM Offering Manager, and Uffe Sorensen, IBM Social Collaboration Director, will review the latest updates on IBM Notes and Domino as well as IBM Verse On-premises and related Cloud solutions. They will discuss the future directions and support for IBM Notes and Domino and the deliverables over the next 12 to 18 months as IBM transitions to using Feature Packs for delivering future enhancements. Plus, Martin Donnelly will discuss IBM's plans for XPages enhancements.
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
For a college course at CCSF taught by Sam Bowne.
https://samsclass.info/129S/129S_S18.shtml
Based on "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
This presentation, given at the Fort Worth .NET User Group on 19 Sept. 2017, talks about serverless technology: What it is, when it's best to use, its features and limitations. It specifically focuses on Azure Functions and Azure Logic Apps.
ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...Frank Lyaruu
OSGi offers an excellent service discovery mechanism, but it is limited to services inside the JVM. With Docker nowadays it is trivially easy to deploy all kind of (micro) services, using pretty much any technology stack, so we’d like to discover those as easily as the ones inside the JVM. We will have a look at how we can use the Docker API to discover services in other containers, and how we can use Consul to expand service discovery to other hosts.
Best Practices? That’s like asking how long is a piece of string! While every environment is different, there are however a number of configurations, tweaks and methods that can be of great benefit for your Nagios XI environment. This talk will cover a variety of Best Practice topics for Nagios XI ranging from flexible object configurations through to back end performance enhancements.
An overview of how to structure your Lumen APIs to make them awesome. Topics covered: requests, responses, logging, documentation and testing.
Slides assume some background in Laravel.
If you are a Domino Administrator in any size company you already have a range of skills that make you an expert administrator across many platforms and technologies.
In this session Gab explains how to apply those skills and that knowledge to take your career wherever you want to go.
. Design Decisions: Developing for Mobile - The Template Experience ProjectGabriella Davis
HCL Nomad allows us to access our Notes applications on tablet and mobile. Currently available for iOS the team behind Template Experience have been working with HCL development and UI design to redesign the standard discussions template for Notes and produce a whitepaper based on that work to assist you with your own mobile development. The beta of that template and whitepaper have now been published and this presentation accompanies that work
How do Exchange on premises and the various Outlook clients line up against Domino on premises and its clients? In this session we'll look at the configuration options and management interfaces for each server as well as the client options and client behaviours. We'll also discuss the general ecosystems, considerations for migrating or co-existing and lessons learned. A great session for Domino admins who want to know more about the other side.
Presented at Engage.ug in Brussels May 2019
Adminlicious - A Guide To TCO Features In Domino v10Gabriella Davis
With v10 of EVERYTHING due out in Q4 and the public beta now available it’s time to talk about what we know is coming and how to plan for upgrades. In this session I show the features I'm most inspired by (NDAs allowing!) talk about how I'm getting ready and why this is a really exciting time to be an admin!
An Introduction to Configuring Domino for DockerGabriella Davis
You may know that docker is a container solution but what does that mean and how could it affect your Domino infrstructure? In this session I will explain what Docker may offer, highlight the decisions to consider when designing container architecture , how to construct a container, how to install and run Domino inside one and discuss options for clustering. Is Docker for you?
Presented at CollabSphere 2018 in Ann Arbor, MI
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
DMARC is a SMTP security standard being increasingly requested by customers to protect against email spoofing. It uses a combination of SPF (Sender Policy Framework) records and DKIM (DomainKeys Identified Mail). Using DMARC you would publicly specify how your outbound mail is sent and the receiving server would verify that the mail it receives matches your requirements. In this session we’ll discuss DMARC deployments and what to do if your mail server (like IBM Domino or SmartCloud) does not yet support DKIM?
Presented at Collabsphere 2018 in Ann Arbor, MI
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...Gabriella Davis
Later this year HCL will be releasing the first major updates for Domino, Sametime, Traveler and Verse on Premises for several years. We've already heard about developments on the way such as a Notes client for tablet and phone as well as structural changes like the removal of the 64GB file limit. The more up to date and well designed your infrastructure is, the easier these upgrades are going to be so In this session Gab will explain how to audit, evaluate and fix your environment as well as what changes you can (and should) do in preparation so you can be fast to move when the products arrive..
Presented At CollabSphere 2018 in Ann Arbor, MI
An introduction to configuring Domino for DockerGabriella Davis
9.0.1 FP10 brings support for Domino on a docker platform. You may know that docker is a container solution but what does that mean and how could it affect your Domino infrstructure? In this session we'll review how to install and run Domino in a docker container, whether it can support external clustering and the decisions to consider when designing container architecture.
In this session, presented as a workshop outline, we will walk you through your GDPR responsibilities and how to assess your risk. We’ll give some recommendations on high priority but easy to fix issues and how to discover, secure and take ownership of existing data. At the end of the session we will share the workshop outline to help with your own planning.
Prepared for Social Connections 13 in Philadelphia April 2018
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
Presented at Social Connections 13 in Philadelphia April 2018.
DMARC is a SMTP security standard being increasingly requested by customers to protect against email spoofing. It uses a combination of SPF (Sender Policy Framework) records and DKIM (DomainKeys Identified Mail). Using DMARC you would publicly specify how your outbound mail is sent and the receiving server would verify that the mail it receives matches your requirements. In this session we’ll discuss DMARC deployments and what to do if your mail server (like IBM Domino or SmartCloud) does not yet support DKIM?
In this session presented during Community Day at IBM Think, Gabriella Davis discusses the importance of a personal brand, why you have one, how to create one and how to move your brand to a new space.
A Guide To Single Sign-On for IBM Collaboration SolutionsGabriella Davis
Single sign-on, single identity and even password synchronization—in this session, we will take you through all the options available to minimize or eradicate logins across IBM's Collaboration Solutions (ICS); whether it is a Domino web server, IHS, Notes client, Traveler, Sametime, Connections or Verse, on-premises or cloud. The discussion will cover security certificates, password synchronization, IWA, SPNEGO and SAML Federation. We will explain what you can (and can't) do, and how to do it. Presented at Think 2018
In this group discussion Gabriella Davis with Tony Holder from Panagenda, Maria Nordin from Infoware Solutions and Jon Schultz from Prominic discuss their personal battles with the Imposter Syndrome.
In this session from MWLUG 2017 I introduce the concepts of containerisation and discuss Docker architecture, design, deployment considerations and risks.
In this session we introduce administrators to the concepts of Docker and discuss architectural decisions that will come into play when deploying containers. Although this session was originally presented as part of IBM's New Way To Learn initiative it does not discuss any specific aspects of IBM technology
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudGabriella Davis
Are you looking at Cloud options and wondering how and if you can get there from where you are? If you have Domino on premises and are considering Cloud then a good option is a hybrid architecture which maintains all your on premises configuration managed by your own administrators but adds Cloud client access managed by IBM. We will look at how simple it is to create this hybrid solution using Domino passthru servers and review how things like user and directory maintenance, client access and mail routing will then work. From Domino Admin to Domino Hybrid Admin in a few simple steps.
Presentation from IBM InterConnect in Las Vegas March 2017.
Enabling Internet of Things (IoT) so your employees and your customers can have a simplified experience with new services and products sounds exciting. In this session, we will dig into the top ten risks that come with the IoT experience. Due to the rapidly evolving nature of IoT and associated threats, there are risks in allowing access to your enterprise resources. Custom firmware, embedded operating systems and wi-fi connectivity of IoT devices offer many possible areas for exploits and misuse. Come explore current security offerings and get a first look at best practices. Walk away with an immediate checklist to benefit your enterprise as it deploys and offers IoT access.
Benefits and Risks of a Single Identity - IBM Connect 2017Gabriella Davis
What is valuable about a single identity, why is that something people want and how achievable is it? As people work across multiple systems they encounter an equal number of barriers where they must authenticate or otherwise prove their identity in order to gain access. Ideally we always want to be showing the same information about ourselves regardless of where someone searches or how we are found. In this session we’ll discuss the issues behind both creating a single identity and simplifying authentication. We’ll also review the risks you need to be aware of, the technologies available to you and the importance of good and current personal information.
This is an updated presentation that includes some speaker notes for clarity
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Free Complete Python - A step towards Data Science
HTTP - The Other Face Of Domino
1. #engageug
The Other Face Of Domino,
Configuring and Securing
Gabriella Davis
The Turtle Partnership
gabriella@turtlepartnership.com
!1
2. #engageug
Domino HTTP
• The HTTP Server
• Securing your HTTP traffic
• Configuring HTTP for different applications
• Performance and Clustering
• Logging and Monitoring
• Vulnerabilities
!2
4. #engageug
The HTTP Server
• The Domino HTTP engine was introduced in 4.6 when the
product was renamed “Domino”
• Since then it has been modified for performance and
features but only re-engineered significantly in 8.5 when
XPages were introduced
• The HTTP task is now responsible for other services such as
iNotes, Traveler, XPages making its performance and
stability critical
• Running the latest version of Domino will always give an
improved HTTP experience
!4
5. #engageug
HTTP Threads
• Threads are assigned one per incoming HTTP request
• Each thread utilises up to 40kb of memory
• Configuring more threads doesn’t improve performance and
will usually do the opposite
• Configure the minimum number of threads you need
• domino.threads.active.peak (NSF requests only)
• http.currentconnections / http.peakconnections (all
requests)
• The default is 40, for most web only servers we would
increase that
!5
6. #engageug
HTTP Threads and Memory
• Too many threads will consume too much memory and
cause server issues
• Obviously with 64bit we have more memory, and therefore
threads, to play with
!6
7. #engageug
HTTP Agents
• Agents run via the HTTP tasks consume a HTTP thread and
are run outside of the Agent Manager task that handles
regular agents
• This includes WebQueryOpen and WebQuerySave
agents
• A long running agent will not release a HTTP thread
and consume too much memory
• Xpages code needs an HTTP thread too and will consume
JVM resources sometimes causes out of memory errors
• HTTPJVMMaxHeapSize allows you to increase the
memory allocated to the JVM related to HTTP only and
not the server wide JVM activity
!7
8. #engageug
iNotes
• Uses client side caching for performance in 8.5.1 and later
• Minimised use of applets with the exception of Sametime
• Replace stlinks with Sametime Proxy ajax code
• Use a standard template for everyone
• Enable OOO service rather than agents
• Enable full text indexing or disable on the fly indexing
!8
9. #engageug
Traveler
• Traveler requires enough concurrent threads to support
concurrent device connections
• A device configured for traveler is always consuming a
thread when it’s active
• Number of threads should be 1.2 x Number of active devices
• In a load balanced cluster of Traveler that isn’t the same
as the number of registered devices
!9
11. #engageug
Server Security & HTTP Agents
• Use SSL for all HTTP traffic
• especially Traveler and iNotes
• Disable Anonymous access on HTTP unless it’s a public
facing server
• In which case have the server in an isolated domain
!
!
• Enable concurrent web agents for performance
!11
12. #engageug
Internet Site Documents
• Opt-In Security
• Without Internet Site Documents all services can run with no
restrictions
• connect to a web server on its ip address or any
resolvable host name BAD
• start a service you aren’t actually using such as LDAP
exposing a security hole BAD
• Using Internet Site documents ensures that a task may be
started but it won’t respond if the wrong hostname is part of
the request
!12
14. #engageug
File Protection Document
• Secures access via the Domino server to file system files
such as HTML, GIF, JPEG and CGI scripts
• It doesn’t secure access to files the CGI scripts use
• Directory security includes all files and subdirectories
!14
15. #engageug
Internet Passwords
• Actions - Upgrade to more secure internet password
• inetlockout.nsf - configured in the server configuration
document
• lockout the account temporarily or permanently due to
failed logins
• Fewer name variations with higher security
!15
16. #engageug
Secure HTTP (SSL)
• SSL is a protocol (a subset of TLS) that encrypts traffic
between a client request and the server running HTTP
• SSL traffic can still be intercepted but can’t be decoded
easily
• The stronger the key used for encrypting the traffic,
the harder it will be to decode
• Keys are generated for each client session and
discarded when the session ends
• Using a SSL certificate also alerts the user if the server they
are connecting to has a different hostname than the one they
requested or if the certificate the server is using has expired
!16
17. #engageug
SSL Keyfiles
• Enabling SSL requires the existence of a keyfile with a
certificate in it on the server
• The keyfile is created from the Server Certificate Admin
database (certsrv.nsf) which is on every server
• You can create a self certified certificate and that will work to
encrypt traffic
• users will be warned that the certificate isn’t recognised
!17
18. #engageug
SSL Keyfiles For Multiple Hosts
• A single SSL keyfile will bind to a specific ip address, one
that resolves from the hostname it is assigned to
• If you’re using Internet Site documents you can enter
different SSL keyfiles for different hostnames BUT each one
will only work if it resolves to a unique ip address
!18
19. #engageug
Public Certificate Authorities
• Buy a certificate from a public certificate authority
• If you buy a strong certificate go ahead and remove the
validation for 40 and 56 bit ciphers
!
!
!
• Ensure you import the trusted root and all intermediate
certificates into your keyfile
• Once you have a keyfile you can use that to encrypt any port
you want including HTTP and LDAP
!19
20. #engageug
Trusted Roots
• When buying a certificate from a public CA you need to
import the trusted roots for that certifier into your keyfile
• Different certificates even from the same CA have
different trusted roots
• Browsers come pre-installed with common CA trusted
roots so they can recognise and validate your certificate
• Some older technologies don’t recognise the newer, stronger
certificates
!20
21. #engageug
Tip
• Android devices ship with limited built in trusted roots that
aren’t easily updateable
• If you’re using SSL for Traveler and Android devices, verify
the devices will recgonise the certificate you’re buying before
you buy it
!21
23. #engageug
Client Certificates
• Allows you to issue certificates to clients so you can verify
their identity not just with their login information but with a
valid certificate
• There is a large administrative overhead in maintaining and
managing client side certificates for all connecting web users
• Use the CA process to enable a Certificate Authority on your
server for user requests
!23
24. #engageug
TLS via IHS
• TLS is an encryption protocol that is more secure than SSL.
It provides a higher level of encryption, validation and
security
• Domino 9 supports the use of TLS only by deploying an IBM
HTTP Server in front of Domino
• All Domino requests are routed through IHS to the
Domino HTTP Task
• IHS handles the TLS security
• TLS is only supported with IHS and Domino installed on a
Windows platform
• You will still need to enable SSL and have a certificate on the
Domino server !24
25. #engageug
Java Permissions
• /jvm/lib/security/java.policy
• Controls what the JVM, and code that uses it, can do
• Syntax for the permissions can be found here
• http://download.oracle.com/javase/1.4.2/docs/guide/
security/PolicyFiles.html
!25
26. #engageug
Tip!
• Java.Policy will often be overwritten during an upgrade
• To prevent that happening make the file read only
• My preference is simply to backup the file before upgrade
then compare the new file to the old
• Otherwise you might miss something that’s needed in a
later version
!26
28. #engageug
Thread Management
• Threads are configured for the overall HTTP task, not by
internet site
• So all hosts on the server will share the availability of
threads
• More threads means more memory consumption but not
necessarily better performance
• domino.threads.active.peak (NSF requests only)
• http.currentconnections / http.peakconnections (all
requests)
!28
29. #engageug
HTTP Agents
• Enable concurrent web agents and agent timeouts
!
!
!
!
• Monitor agent performance via DDM probes
!29
30. #engageug
Virtual Hosts
• A single server can answer to multiple host names so long
as they resolve to that server’s ip address
• You can configure different home pages as well as different
web server behaviour for each host
• security, location of files, single sign-on, browser
behaviour
• When using Internet Site Documents, a client request will
only be answered if there is a matching virtual host or a
default web site document
!30
31. #engageug
Redirection
• A Redirection rule repoints a URL request from the original
location to a new one
• If I had an application that I want users to browse to without
typing in the full application name I could use redirection to
change the URL from a short one to a full address
• /sponsor to /ggc.nsf/info.xsp for instance
• When a URL is redirected, the URL is actually rewritten in
the browser’s address bar
!31
32. #engageug
• The Redirection rule is a response to a web site document
that contains a virtual host so it will work for any valid hosts
in that website document
• Incoming URL is what appears after the virtual host eg
• www.turtlehost.net/sponsor
!
!
• Redirect is how you want the URL rewritten including
hostname if you want
• Send 301 redirect is optional and instructs the browser to
remember this redirection and request that directly next
Redirection
!32
33. #engageug
Substitution
• Substitution rules are used to move a site from one location
to another
• There isn’t just one URL represented by a substitution
rule but any URL that is part of a substitution hierarchy
• For example if my blog were to change from blog.nsf to
blognew.nsf I would use a substitution rule as follows
!33
34. #engageug
HTTP Response Headers
• Add response headers to
pages to customise the
headers that Domino sends to
the client’s browser
• A custom response header
can tell the browser when to
expire a page and ask the
server for a refreshed copy
• Response headers need to
match both a URL and a
HTTP code that is being
returned
!34
35. #engageug
Override Session Authentication
• For specific URLs you may want to overwrite the session
authentication that is used for the virtual host and use basic
authentication instead
!35
36. #engageug
Custom Errors and Logins
• Create a database called domcfg.nsf (never anything else)
based on the template domcfg5.ntf
!
!
!
!
!
• It will then appear on the configuration tab for the server in
Domino Administrator
!36
37. #engageug
Custom Errors and Logins
• Create a default mapping for login - it is more customisable
and looks better than the standard session sign on
!37
39. #engageug
Httpd.cnf & Browser.cnf
• Files are written to the Domino program directory during
install and upgrades
• Browser.cnf has the configuration of each browser’s
supported features so Domino knows how to deliver content
to the user’s specific browser
• Httpd.cnf contains file types and associations so Domino
knows how to handle file attachments and embedded
content
• You would usually not edit either one of these files but if you
do you should mark them read only so they aren’t
overwritten on upgrade
• Or back them up and make them part of your upgrade
process !39
40. #engageug
The Browser Plug-In
• Client side deployment
• Not part of HTTP configuration
• Uses a version of the Notes client on the user’s machine
• No server configuration
• Any application that works through the Notes basic client
should work
• IBM don’t support accessing your mail via the Browser Plug-
In, but instead request you use iNotes
!40
42. #engageug
Why Cluster
• Clustering is usually considered when you want to expand
resources and provide multiple servers for users to access
• that is load balanced clustering, all servers provide the
same service and the users are assigned to whatever
server is available
• Clustering is also worthwhile deploying purely as a failover
solution so if your primary server goes offline, your users can
failover to a cluster mate
• Failover clustering is much cheaper than load balanced
clustering
• The redirection of users to a new server is usually done
via a manual DNS change so you don’t need a load
balanced piece of hardware !42
43. #engageug
Tip!
• If the system is important to your business and you can’t
have extended minutes or hours of downtime you are going
to want to Cluster at some level, it’s just a case of deciding
how much hardware and money you want to apply to the job
!43
44. #engageug
Clustering for HTTP
• Internet Cluster Manager
• A Domino based and Domino aware load balancer
• Runs as a task of your Domino server
• the ICM can be on the same server as the actual
websites
• but you would need two ips
• and it would be a single point of failure
!44
45. #engageug
ICM Design
• The client requests a hostname that points to the ICM
• The ICM is assigned to a Domino cluster
• Using the cldbdir.nsf on the servers it rewrites the URL to
direct the client request to one of the Domino cluster servers
• The ICM sends out probes to monitor the health of the
Domino servers to ensure a user isn’t sent to a non
responsive server
!45
46. #engageug
• Or you could use any standard load balancer instead of the
ICM but the ICM is part of your Domino licensing
ICM Design
CLUSTER
Domino Server A
Runs ICM
Not Part Of A Cluster
Domino Server B
WebCluster
Domino Server C
WebCluster
Domino Server D
WebCluster
Client
Client
Client
Client
!46
48. #engageug
Traveler Clustering
• Requires enabling Traveler High Availability which moves the
Traveler data from a local Derby database to an Enterprise
SQL or DB2 database
• The Traveler servers are added to a Traveler pool that share
users and data
• A load balancer must be placed in front of the Traveler
servers to ensure clients can be connected to any of the
servers
!48
49. #engageug
Traveler Clustering
• For additional resilience the DB2 or SQL server can be
configured for High Availability
!49
Load Balancer
Traveler Server A
Domino
DB2 or SQL
Traveler Server B
Domino
iPhone Android Windows
INTERNET
INTERNAL
DMZ
50. #engageug
IBM Edge Load Balancer
• The Edge Load Balancer is a software based Load Balancer
• There are two versions an IPV4 and an IPV4 & IPV6 ULB
(universal load balancer)
• The IPV4 one is being deprecated so you want the
newer IPV4 & IPV6 one
• Supported on multiple platforms and very easy to configure
it’s a good option if you’re considering clustering and don’t
already have a hardware solution
!50
52. #engageug
HTTP Logging
• Logging is configured per server
• HTTP activity can be logged to text files or a Domino
database
• If logging to a Domino database make sure you enable
the purge agent or it will get very big and unusable very
quickly
!52
56. #engageug
Java Memory Issues
• Java code needs to be well written with recycles and
garbage collection or too much memory will be consumed
• HTTPUseNotesMemory
• JavaMaxHeapSize
!56
58. #engageug
HTTP Threads
• Monitor HTTP statistics to ensure the server can handle
peak traffic
• Review ddm.nsf reports to verify there are no issues relating
to available threads
• An HTTP server that slows down until it becomes
unresponsive is often due to threads not being released /
sessions not be closed properly
• Do not over-assign threads as those consume memory you
will need to run applications and code
!58