MELJUN CORTES Lotus domino 8.5 system administration operating fundamentals instructor guide

IBM® Lotus® Domino® 8.5 SystemAdministrationOperating FundamentalsInstructor Guide

IBM® Lotus® Domino® 8.5 SystemAdministrationOperating FundamentalsInstructor Guide

IBM® Lotus® Domino® 8.5 SystemAdministration OperatingFundamentals

NoticesDISCLAIMER: You may not copy, reproduce, translate, or reduce to any electronic medium or machine-readable form, in whole or in part, any documents, software, or files provided to you without prior writtenconsent of IBM® Corporation, except in the manner described in the documentation.While every reasonableprecaution has been taken in the preparation of this manual, the author and publishers assume noresponsibility for errors or omissions, nor for the uses made of the material contained herein and the decisionsbased on such use. Neither the author nor the publishers make any representations, warranties, or guaranteesof any kind, either express or implied (including, without limitation, any warranties of merchantability, fitness fora particular purpose, or title). Neither the author nor the publishers shall be liable for any indirect, special,incidental, or consequential damages arising out of the use or inability to use the contents of this book, andeach of their total liability for monetary damages shall not exceed the total amount paid to such party for thisbook.

TRADEMARK NOTICES The following terms are trademarks or service marks of International BusinessMachines Corporation in the United States, other countries, or both: DB2®, Domino®, Domino Designer®,Domino.Doc®, Everyplace, ibm.com®, K-station, LearningSpace®, Lotus®, Lotus Discovery Server, LotusEnterprise Integrator®, Lotus Notes®, Lotus Workflow, Mobile Notes, Netfinity®, QuickPlace®, Rational®,Sametime®, Tivoli®, VisualAge®, WebSphere®, Workplace, Workplace Messaging, and WorkPlace Shell®.

Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc., in the UnitedStates, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in theUnited States, other countries, or both.

Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, othercountries, or both.

UNIX is a registered trademark of The Open Group United States and other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, or both.

Copyright © 2009 IBM Corporation.Lotus software, IBM Software Group

One Rogers Street

Cambridge, MA 02142

Under the copyright laws, neither the documentation nor the software may be copied, photocopied, reproduced,translated, or reduced to any electronic medium or machine-readable form, in whole or in part, without the priorwritten consent of IBM, except in the manner described in the documentation or the applicable licensingagreement governing the use of the software.

All rights reserved.

Licensed Materials - Property of IBM

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP ScheduleContract with IBM Corporation.

Course Edition: 1.0Part Number: IBMD8L75

You must purchase one copy of the appropriate kit for each student and each instructor. For allother education products you must acquire one copy for each user or you must acquire alicense for each copy provided to a user.

IBM® Lotus® Domino® 8.5 System Administration Operating Fundamentals

Table of Contents

IBM® Lotus® Domino® 8.5 System AdministrationOperating Fundamentals

Lesson 1: Introducing the IBM® Lotus® Domino® 8.5Environment

Topic A. Examining the IBM® Lotus® Domino® 8.5 Architecture. . . . . . 2IBM Lotus Domino Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Client and Server Architectural Components . . . . . . . . . . . . . . . 3Server Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Lotus Domino Server Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Default Location Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Client Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Overview of Lotus Notes 8.5 Features . . . . . . . . . . . . . . . . . . . . . . 7

Topic B. Investigating IBM® Lotus® Domino® Applications. . . . . . . . . . 8The Object Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Components of Lotus Domino Applications. . . . . . . . . . . . . . . . . 9Database Types and Applications . . . . . . . . . . . . . . . . . . . . . . . . 10Composite Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Required Server Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12The Lotus Domino Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Lotus Domino Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Single vs. Multiple Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Topic C. Exploring IBM® Lotus® Domino® Server Functionality . . . . . . 13Categories of Lotus Domino Services . . . . . . . . . . . . . . . . . . . . . . 14Core Lotus Domino Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Server Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Lotus Domino Advanced Services . . . . . . . . . . . . . . . . . . . . . . . . . 16

Lesson 2: Performing Basic Administration Tasks

Topic A. Starting IBM® Lotus® Domino® Administrator . . . . . . . . . . . . . 20Lotus Domino Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Lotus Domino Administration Tools. . . . . . . . . . . . . . . . . . . . . . . . . 22The Lotus Domino Administrator Interface . . . . . . . . . . . . . . . . . . 22

Topic B. Using Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Online Help Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

© Copyright IBM Corporation 2009.

Topic C. Navigating in IBM® Lotus® Domino® Administrator . . . . . . . . 28Lotus Domino Administrator Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . 28The Person Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Tasks on the People & Groups Tab . . . . . . . . . . . . . . . . . . . . . . . . . 29Tasks on the Files Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Tasks on the Server Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Tasks on the Messaging Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Lotus Domino Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Tasks on the Replication Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Tasks on the Configuration Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Topic D. Setting Administration Preferences . . . . . . . . . . . . . . . . . . . . . 34Administration Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Topic E. Introducing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Policy Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Settings Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Lesson 3: Examining IBM® Lotus® Notes® and IBM®

Lotus® Domino® Security

Topic A. Identifying IBM® Lotus® Domino® Security Components. . . . 40IBM Lotus Domino Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Organizational Units. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Organization Certifiers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Topic B. Designing a Hierarchical Naming Scheme. . . . . . . . . . . . . . . 44Hierarchical Naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Components of a Hierarchical Name . . . . . . . . . . . . . . . . . . . . . . 45Hierarchical Naming Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Organizational Unit Naming Recommendations. . . . . . . . . . . . . 47Separate Server OUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Server Naming Recommendations . . . . . . . . . . . . . . . . . . . . . . . . 49Server Host Names and Common Names. . . . . . . . . . . . . . . . . . . 50User Naming Recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . 50Planning a Hierarchical Naming Scheme. . . . . . . . . . . . . . . . . . . 51How to Design a Hierarchical Naming Scheme . . . . . . . . . . . . . . 51



Topic C. Authenticating with IBM® Lotus® Domino® Servers . . . . . . . . 54Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Certificates and ID Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Types of Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56ID Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Components of an ID File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Common Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57How Certificates Are Used in Authentication . . . . . . . . . . . . . . . . 59The ID Vault Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60How to Create an ID Vault. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Topic D. Controlling Access to Resources . . . . . . . . . . . . . . . . . . . . . . . 62Introduction to Lotus Domino Access Controls. . . . . . . . . . . . . . . 63Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64How Lotus Domino Controls Access. . . . . . . . . . . . . . . . . . . . . . . . 64Stages of Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Security Using Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Group Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Best Practices for Creating Groups . . . . . . . . . . . . . . . . . . . . . . . . 70

Topic E. Determining Database Access Levels . . . . . . . . . . . . . . . . . . . 72Access Control List Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Topic F. Determining Workstation Security Levels . . . . . . . . . . . . . . . . . 75Execution Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75The Execution Control List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Lesson 4: Examining IBM® Lotus® Domino® MailRouting

Topic A. Introducing IBM® Lotus® Domino® Messaging . . . . . . . . . . . . 78Lotus Notes Named Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Mail Routing and Lotus Notes Named Networks . . . . . . . . . . . . . 79Mail Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Mail Routing Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Mail Settings that Affect Routing . . . . . . . . . . . . . . . . . . . . . . . . . . 82The Mail Routing Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Router Optimizations in Lotus Domino 8.5 . . . . . . . . . . . . . . . . . . . 83


Topic B. Designing a Mail Routing Topology . . . . . . . . . . . . . . . . . . . . . 83Mail Routing Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Topology Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Hub and Spoke Topology Considerations. . . . . . . . . . . . . . . . . . . 85How to Design a Mail Routing Topology . . . . . . . . . . . . . . . . . . . . 85

Lesson 5: Examining IBM® Lotus® Domino®

Replication

Topic A. Introducing IBM® Lotus® Domino® Replication. . . . . . . . . . . . 92What is Lotus Domino Replication? . . . . . . . . . . . . . . . . . . . . . . . . 93Components of the Replication Process. . . . . . . . . . . . . . . . . . . . 94The Server-to-Server Replication Process . . . . . . . . . . . . . . . . . . . 95Replication Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95The Workstation to Server Replication Process . . . . . . . . . . . . . . . 95Database Replicas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96The Database Replication Process . . . . . . . . . . . . . . . . . . . . . . . . 96Streaming Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97The Field-Level Replication Process . . . . . . . . . . . . . . . . . . . . . . . . 97Factors that Affect Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Topic B. Designing a Replication Strategy . . . . . . . . . . . . . . . . . . . . . . . 100Types of Replication Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Server Replication Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Replication vs. Routing Topologies . . . . . . . . . . . . . . . . . . . . . . . . 104Considerations for Choosing a Replication Type . . . . . . . . . . . . . 104How to Design a Replication Strategy . . . . . . . . . . . . . . . . . . . . . . 104

Lesson 6: Extending the IBM® Lotus® Domino®

Environment

Topic A. Selecting Additional IBM® Lotus® Domino® Services. . . . . . . 110Lotus Domino Standard Services . . . . . . . . . . . . . . . . . . . . . . . . . . 112Lotus Domino Internet Security Mechanisms . . . . . . . . . . . . . . . . 112

Topic B. Implementing IBM® Lotus® Domino® Scalability Features. . . 113Scalability Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Lotus Domino Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Benefits of Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Lotus Domino Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Benefits of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116



Topic C. Integrating Other IBM® Products . . . . . . . . . . . . . . . . . . . . . . . 116IBM Lotus Sametime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117IBM Lotus Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118IBM Lotus Quickr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Appendix A: The Worldwide CorporationInfrastructure Plan

Appendix B: Certification and Exam Competencies

Appendix C: Instructor Preparation

Additional Instructor Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179


About This CourseThis course introduces you to basic concepts that provide the foundationfor IBM® Lotus® Domino® 8.5 and IBM® Lotus Notes® 8.5, and it is thepoint of entry to the entire core system administration curriculum. Thiscourse covers the foundational knowledge needed to perform basicadministrative tasks in a Lotus Domino 8.5 infrastructure. This coursedoes not cover how to install, configure, maintain, or troubleshoot aLotus Domino 8.5 infrastructure.

Course Description

Target StudentThe target audience for this course is current network or mail systemadministrators who are new to the Lotus Domino 8.5 system administra-tion, but have some experience using the Lotus Notes 8.5 client, andwho need to acquire a foundational knowledge and working experiencewith the Lotus Domino 8.5 administration tools.

Course PrerequisitesThe prerequisites for this course include previous experience as a net-work administrator or mail system administrator, and experience usingthe Lotus Notes 8.5 client.


Introduction

Introduction i

How to Use This Book

As a Learning GuideEach lesson covers one broad topic or set of related topics. Lessons arearranged in order of increasing proficiency with Lotus Domino and LotusNotes; skills you practice in one lesson are used and developed in subse-quent lessons. For this reason, you should work through the lessons insequence.

Each lesson is organized into results-oriented topics. Topics include all therelevant and supporting information you need to master Lotus Domino andLotus Notes, and activities allow you to apply this information to practicalhands-on examples.

As a Review ToolSome of the information covered in class may not be relevant to your envi-ronment immediately, but it may become important later on. For this reason,we encourage you to spend some time reviewing the topics and activitiesafter the course. The course can also be used in preparation for Lotus certi-fication exams.

As a ReferenceThe organization and layout of the book make it easy to use as a learningtool and as an after-class reference. You can use this book as a first sourcefor definitions of terms, background information on given topics, and sum-maries of procedures.

Course ObjectivesAfter completing this course, you should be able to:

• Describe the structural components of the IBM® Lotus® Domino® 8.5environment.

• Perform basic IBM® Lotus® Domino® 8.5 administration.

• Manage IBM® Lotus Notes® and IBM® Lotus® Domino® security.

• Describe Lotus Domino mail routing and mail routing topologies.

• Describe Lotus Domino replication and replication topologies.

• Identify services and options that you can use to extend and enhancethe functionality of the Lotus Domino environment.


Introduction

ii Introduction

Course Requirements

HardwareInstructor Lotus Domino Server (Hub)

You will need one computer to install as the instructor Lotus Domino server.

• 1 GB of RAM or more is recommended.

• A Pentium® Class processor or higher. A Pentium 4, 2.6 GHz processoris recommended.

• An SVGA (or better) video card and monitor. Support for 256 colors,1024 X 768 resolution.

• At least 1.5 GB free hard disk space.

• A mouse or other pointing device.

• A DVD drive or access to network file server for installation.

• A local network connection.

• Internet access (recommended).

Instructor and Students’ Client Computers

It is strongly recommended that you have a separate computer to install asthe instructor Lotus Notes and Lotus Domino Administrator client. If you donot have a separate client computer, you can install the client software onthe instructor Domino server, but this is not the optimal configuration. Thefollowing requirements assume that you will have a separate client computerfor the instructor.

• 1 GB of RAM or more is recommended.

• A Pentium Class processor.

• A video card and color monitor. Support for 1024 x 768 resolution.

• At least 1.5 GB of free hard disk space.

• A mouse or other pointing device.

• A DVD drive or access to network file server for installation.

• A local network connection.

• Internet access (recommended).

• A projection system for the instructor computer screen (instructor only).

If you plan to teach theManaging IBM® Lotus®

Domino® 8.5 Serversand Users courseimmediately followingthis class, you maychoose to use thatcourse’s setup for IBM®

Lotus® Domino® 8.5Systems AdministrationOperatingFundamentals.However, IBM® Lotus®

Domino® 8.5 SystemsAdministrationOperatingFundamentals was nottested with theManaging IBM® Lotus®

Domino® 8 Servers andUsers configuration, andyou might find minordiscrepancies in theactivities anddemonstrations.


Introduction

Introduction iii

SoftwarePrimary Classroom Server

The following list identifies the software requirements for the primary class-room server. Please note that proper licensing for all software is requiredand is the responsibility of the training organization.

• Microsoft® Windows 2003 Server® Standard or Enterprise Edition withService Pack 2, Microsoft Windows 2003 Server x64 Edition, MicrosoftWindows 2008 Standard or Enterprise Edition with Service Pack 2,Microsoft Windows Server 2008 x64 Standard Edition, Microsoft Win-dows Server 2008 x64 Enterprise Edition. Note: The Domino servershould not run IIS nor Active Directory.

• IBM Lotus Domino 8.5 Server.

• TCP/IP using either Hosts file or DNS with server and domain namesdefined in the TCP/IP protocol configuration.

Instructor and Student Client

The following list identifies the software requirements for the instructormachine and student machines. Please note that proper licensing for allsoftware is required and is the responsibility of the training organization.

• Microsoft® Windows® XP Professional with Service Pack 2. (If you pre-fer to use Windows Vista, be aware that the course was not developedand tested using that configuration.)

• IBM Lotus Domino Administrator 8.5.

• Microsoft® Internet Explorer® 6 or above, Mozilla® Firefox®.2.0 orabove, or Apple® Safari® 3.0 or above.

• TCP/IP using either Hosts file or DNS with server and domain namesdefined in the TCP/IP protocol configuration.

• Microsoft® PowerPoint® Viewer or IBM® Lotus® Symphony™ Presenta-tions (instructor only).


Introduction

iv Introduction

Class Setup

Preparing for an ILO Class ExperienceInstead of a traditional classroom instructor-led class, you may be takingthis course as an instructor-led online class. If you are participating in anonline class experience, you should:

● Verify that you have the dial-in number for participants.

● If necessary, verify that you have the conference reference name ornumber and password, if required, to the conference.

● Verify that you have the appropriate support contact information:

■ Technical support: To help resolve connection issues.

■ Content support: To answer questions about the materials pre-sented in class.

■ Process support: To assist with understanding how an ILO class iscarried out and assure that participation is appropriate.

● Test your ability to connect to the course with the equipment you planto use during the course. This will allow you to:

■ Test connectivity to the provider’s server.

■ Download any applications or plug-ins required.

■ Become familiar with the online interface.

Note: Some training providers will schedule a separate test sessionprior to your course to allow you to test connectivity; otherwise, youshould plan to do this just prior to the course’s start time. Your trainingcenter will provide the necessary information and instructions to youprior to your class start date.

IBM Lotus Domino Naming Used in ThisCourseThis course uses the following hierarchical naming scheme.

Table 0-1: Domino naming schemeNaming component Classroom implementation

Organization certifier /WWCorp

Domain WWCorp

Instructor server Hub/SVR/WWCorp

Instructor user account Doctor Notes/WWCorp

Instructor preparationinformation specific toILO is provided in theInstructor PreparationAppendix.


Introduction

Introduction v

Course FilesThe first table describes the required course files used in the course or pro-vided as additional tools.

Table 0-2: Required course configuration filesTitle File name Function

WWCorp’s directory Names.nsf Used to set up theclassroom servers andadministrators/WWCorp certifier ID file WWCorp.id

Hub/SVR/WWCorp’s IDfile

hub.id

Doctor Notes user ID file dnotes.id

Doctor Notes mail file dnotes.nsf

Sample databases ● ideas.nsf

● policies.nsf

Lesson 1 – showsample databasesLesson 4 – demon-strate replication

Mail files ● AWest##.nsf andAEast##.nsf

Classroom mail files

Domain Routing Mailbox mail.box Contains mail for stu-dents to view

Certification Log certlog.nsf Contains certificationlog for IDs in thiscourse

Organizational Unit svr.id, east.id, west.id,sales.id, support.id

OU certification IDs

Classroom diagrams D8L75.ppt Used throughout thecourse to display dia-grams used in theclassroom

Checklist of Classroom Setup Tasks: NewSetupComplete the tasks in the following table to set up the classroom prior to thestart of class. Detailed procedures for each task appear on the followingpages.


Introduction

vi Introduction

Table 0-3: Classroom setup tasksTask Procedure

❒ 1 Install the Lotus Domino server software.

❒ 2 Install the Lotus Domino Administrator client software.

❒ 3 Install supplied files on all machines.

❒ 4 Edit hosts file on each classroom machine.

❒ 5 Set up the classroom server.

❒ 6 Set up the instructor and student workstations.

Task 1: Install the Lotus Domino ServerSoftwareFollow these steps to install the Domino server software.

Table 0-4: Install the Lotus Domino server softwareStep Action

1 Run the Lotus Domino 8.5 server install program, Setup.exe, from a CD orother media.

2 On the Welcome screen, click Next.

3 Read the Lotus Licensing Agreement, and then click I accept the termsin the license agreement to agree with the terms. Click Next.

4 Accept the default location for the installation files.Click Next.

5 Accept the default location for the data files.Click Next.

6 Verify that Domino Enterprise Server is selected, and then click Next.

7 Review the configuration and click Next.

8 Click Finish to complete the installation.


Introduction

Introduction vii

Task 2: Install the Lotus DominoAdministrator Client SoftwareFollow these steps to install the Domino Administrator client software on theinstructor client machine and each student machine in the classroom.

Table 0-5: Install the Lotus Domino Administrator client softwareStep Action

1 Run the Lotus Notes 8.5 client install program, Setup.exe, from a CD orother media.


3 Read the License Agreement. Select I accept the terms in the licenseagreement, and then click Next.

4 On the Customer Information screen, in the User name field, typeDoctor Notes for the Instructor machine, and Admin East## orAdmin West## for the Student machines.In the Organization field, type Worldwide Corporation and then clickNext.

5 Accept the default folders to install Lotus Notes.Click Next.

6 On the features setup screen, select Domino Administrator and IBMLotus Symphony. IBM Lotus Sametime is selected by default; clear thecheck box, and then click Next.

7 Verify the information on the installation summary screen, and clickInstall.

8 Click Finish to complete the installation.

Task 3: Install Supplied Files on All MachinesFollow these steps to install the \lotus_ed\D8L75 course folder to yourserver and client machines.

Table 0-6: Install supplied filesStep Action

1 To install the course data files from the interactive CD-ROM, put thecourse CD in the server machine.

2 On the CD-ROM, open the D8L75 folder.

3 Double-click the D8L75dd.exe file.


Introduction

viii Introduction

Step Action

4 Repeat the above steps on the instructor and student client machines.

The executable will copy the following files to the specified locations, creat-ing the \lotus_ed\ directory and all necessary sub-directories, if required.These files will be present both on the instructor server and instructor clientmachines.

Table 0-7: Supplied course filesDirectory Files copied

\D8L75 ● D8L75.ppt

\D8L75Lotus\Domino\Data

IDs:

● wwcorp.id

● hub.id

● dnotes.id

● East.id

● West.id

● Svr.id

Databases:

● names.nsf

● policies.nsf

● certlog.nsf

● mail.box

● ideas.nsf

\D8L75\Lotus\Domino\Data\Mail

● dnotes.nsf

● awest##.nsf and aeast##.nsf

● fchester.nsf

● mdomingo.nsf

● mgrassi.nsf

● tgoodwin.nsf


Introduction

Introduction ix

Directory Files copied

\D8L75\Notes\Data\IDs ● dnotes.id

● east.id

● hub.id

● svr.id

● west.id

● wwcorp.id

Task 4: Edit Hosts File on Each ClassroomMachineUse any text editor to edit the hosts file on each classroom machine toinclude the IP address and server names as follows.

Table 0-8: Edit hosts file on each classroom machineHubIPaddress Hub/SVR/

WWCorphub.wwcorp.com www.wwcorp.com

Task 5: Set up the Classroom ServerFollow these steps to set up the classroom server as the first server in thedomain, Hub/SVR/WWCorp.

Table 0-9: Set up the instructor’s serverStep Action

1 Click Start→All Programs→Lotus Applications→Lotus Domino Server.

2 If necessary, click Start Domino as a regular application and then clickOK.


4 Verify that Set up the first server or a stand-alone server is selected,and then click Next.

Step 9: The Mail Routerhas been disabled sothat mail in Mail.boxdoes not get routed priorto Activity 2–6.


Introduction

x Introduction

Step Action

5 On the Choose your organization name screen:

a. Select I want to use an existing certifier ID file.

b. Click Browse and navigate to the WWCorp.id file, and click Select.

c. Click Customize and select I want to use an existing organizationalunit certifier ID file.

d. Click Browse and navigate to the svr.id file, and then click Select.

e. Click Next.

f. In the Enter Password dialog box, type passw0rd and click OK.

6 For the Domino domain name, type WWCorp and click Next.

7 On the Specify an Administrator name and password screen, completethe following:

a. Select I want to use an existing Administrator ID file.

b. Click Browse and navigate to the DNotes.id file, and then click Select.

Click Next.In the Enter Password dialog box, type passw0rd and click OK.

8 For Internet services, select Web Browsers (HTTP services) and Direc-tory services (LDAP services), and click Next.

9 Review the default enabled port drivers and host name. To change thesesettings:

a. Click Customize.

b. Disable all ports except TCP/IP.

c. Enter the fully qualified Internet host name for the server:hub.wwcorp.com

d. Click OK.

Click Next.

10 On the Secure your Domino Server screen, accept the defaults and clickNext.

11 Review the information selected during this session. If all information iscorrect, click Setup.

12 When setup completes, click Finish.

13 Before starting the server, copy the supplied files to their target directories:

● Lotus\Domino\data: names.nsf, policies.nsf, certlog.nsf,mail.box, ideas.nsf

● Lotus\Domino\data\mail: DNotes.nsf and all other mail files


Introduction

Introduction xi

Step Action

14 Navigate to notes.ini, and using Notepad or another editor, at the end,type Create_R8.5_Databases=1Save the file and close it.

15 To start the server from Windows, click Start→All Programs→LotusApplications→Lotus Domino Server.

16 Select Start Domino as Window service and Don’t ask me again. Thenclick OK.It may take a few minutes for the server to initialize. Please allow time forthis.

Task 6: Set Up the Instructor’s WorkstationFollow these steps to set up the instructor’s workstation.

Table 0-10: Set up the instructor’s workstationStep Action

1 Click Start→All Programs→Lotus Applications→Lotus Notes 8.5.


3 On the User Information screen, enter:

● Name: Doctor Notes

● Domino server: Hub/SVR/WWCorp

Select I want to connect to a Domino server and click Next.

4 If the ID is not found in the Domino Directory, the setup program willrequest the location of the Notes ID file. To locate the Notes ID file:

a. Click Browse, select dnotes.id, and then click Open.

b. Click Next.

c. Click Yes to copy the ID file to the local data directory.

d. Enter passw0rd as the password.

If the user ID is stored in the Domino Directory, the setup program willautomatically copy the ID file to the local data directory.

5 On the Additional Services screen, it is not necessary to select any addi-tional services for this course. Click Next.

6 Click File→Preferences and click Basics Notes Client Configuration.


Introduction

xii Introduction

Step Action

7 In the Additional Options section, select the following options if notalready selected, and then click OK.

● Enable Java applets

● Enable JavaScript

● Use Web palette

8 From the Preferences list, select Notes Ports, and clear all ports exceptTCPIP. Click OK to close Preferences.

9 Click OK in the warning dialog box. Changes will take effect once LotusNotes is restarted.

10 Exit Lotus Notes.

Task 7: Set Up the Student WorkstationsFollow these steps to set up the student workstations using the AdminEast## and Admin West## IDs.

Table 0-11: Set up the student workstationsStep Action

1 Click Start→All Programs→Lotus Applications→Lotus Notes 8.5.


3 On the User Information screen, enter:

● Name: Admin West## or Admin East## where ## is the student num-ber.

● Domino server: Hub/SVR/WWCorp

Select I want to connect to a Domino server, and click Next.

4 If the ID is not found in the Domino Directory, the setup program will requestthe location of the Notes ID file. To locate the Notes ID file:

a. Click Browse, select the appropriate ID, and then click Open.

b. Click Yes to copy the ID file to the local data directory.

c. Click Next.

If the user ID is stored in the Domino Directory, the setup program will auto-matically copy the ID file to the local data directory.

5 Enter passw0rd for the password and click OK.

6 On the Additional Services screen, it is not necessary to select any addi-tional services for this course. Click Next.


Introduction

Introduction xiii

Step Action

7 Click File→Preferences and click Basics Notes Client Configuration.

8 In the Additional Options section, select the following options if not alreadyselected, and then click OK.

● Enable Java applets

● Enable JavaScript

● Use Web palette

9 From the Preferences list, select Notes Ports, and clear all ports except forTCPIP.

10 Click OK to close Preferences.

11 Click OK in the warning dialog box. Changes will take effect once LotusNotes is restarted.

12 Exit Lotus Notes.

Course IconsThe following table explains the icons used in this course.

Table 0-12: Course iconsIcon Description

An activity is a student-centered learning process that allows stu-dents to learn by performing a task. Activities can be instructor-led orcompleted independently.

Scenario information is used to introduce an activity problem or goal.Scenarios use fictitious people and organizations to present details,problem statements, and parameters that are used to complete theactivity or lab exercise.

Caution statements are included in the courseware to make studentsaware of potential negative consequences of an action, setting, ordecision, that are not easily known.

Tips and notes provide additional information, guidance, or a hintabout a topic or task.

An Instructor Note is a special comment to the instructor regardingdelivery, classroom strategy, classroom tools, exceptions, and otherspecial considerations. The Instructor Note is included in the Instruc-tor Guide only.


Introduction

xiv Introduction

Icon Description

Display Slide provides a prompt to the instructor to display a specificslide. The Display Slide icon is included in the Instructor Guide only.


Introduction

Introduction xv

Introducing the IBM® Lotus®

Domino® 8.5 Environment

■ Topic A: Examining the IBM® Lotus® Domino® 8.5 Architecture

■ Topic B: Investigating IBM® Lotus® Domino® Applications

■ Topic C: Exploring IBM® Lotus® Domino® Server Functionality

1


Introduction

IBM® Lotus Notes® and IBM® Lotus® Domino® are an integrated messagingand Web application software platform that provides a scalable and secureinfrastructure, with the flexibility and openness needed for development anddeployment of Web applications. As the system administrator, you need tounderstand the architecture and its key components before you can properlyadminister the environment.

After completing this lesson, you should be able to:

● Identify the architecture and key components of the Lotus Notes andLotus Domino environments.

● Define IBM Lotus Domino applications.

● Describe the basic functions and processes of Lotus Domino servers.

Ask students tointroduce themselves byanswering the followingquestions:● What is your name,

company name, andcurrent title?

● How is Lotus Dominoused within yourcompany?

● What personal goalsdo you hope toachieve by attendingthis class?

● Have you used LotusDomino or LotusNotes 8.5?

● Do you currentlyadminister LotusDomino?

Lesson 1 ■ Introducing the IBM® Lotus® Domino® 8.5 Environment

2 © Copyright IBM Corporation 2009.

Topic A: Examining the IBM® Lotus®

Domino® 8.5 Architecture

IBM Lotus Domino Architecture

Lotus Domino servers work with IBM® Lotus Notes® (and non-Lotus Notes)clients to form an integrated client and server environment. Its capabilitiesinclude mail server enhancements, server-managed deployment, moreopenness and interoperability, and enhanced performance, management,and security features. The Lotus Notes and Lotus Domino environment pro-vides services to allow an organization to perform tasks to store,communicate, and exchange information.

The following figure shows a conceptual diagram of the Lotus Notes andLotus Domino architecture.

Figure 1-1: Lotus Notes and Lotus Domino architecture

Client and Server Architectural Components

A Lotus Notes and Lotus Domino environment consists of a combination ofthe following client and server components.

Client and ServerArchitecture

As you present thisslide, consider providingan overview of whatLotus Domino is,including:● Mail system● PKI infrastructure● Application server● Document store or

database● Web server

Client and ServerArchitecturalComponents

AIBM® Lotus® Domino® 8.5 System Administration Operating Fundamentals


© Copyright IBM Corporation 2009. 3

Component Function

Lotus Dominoserver (Web-enabled)

● A Lotus Domino server is a computer that runs theLotus Domino server program and stores Lotus Notesapplications. A Lotus Domino server runs services thatmanipulate Lotus Notes data.

● Depending on what the request is and who the client is,the server can pull information from a variety ofsources, including the object store, the OS file system,a relational database, composite applications, or viaWeb services.

Lotus Notes,Web, and mobileclients

● Lotus Notes clients can access Lotus Domino data bothon servers and locally, providing portable access todata.

● Web clients can access Lotus Domino data on theserver to display in a browser.

● The iNotes Web client provides access to mobile clients.

Server Documents

When you register a server, the Server document is created. It containsmany of the settings that define how your server operates. Those settingsare accessible through tabs within the Server document.

Lotus Domino Server Types

When installing a Lotus Domino server, there is an option to select one ofthree server types. Each of the three types is described in the followingtable.

Server type Function

Lotus Domino UtilityServer

Provides standard Lotus Domino application servicesand custom Lotus Domino applications for LotusNotes and Web clients, as well as support for clusters.Note: This server does not include messaging ser-vices.

Lotus Domino Mes-saging Server

Provides messaging services.Note: This server does not include application ser-vices.

Demonstrate how aserver identifies andstores informationspecific to the machine.Use the informationprovided in theadditional instructornotes.

See Additional InstructorNotes

Lotus Domino ServerTypes

Topic A: Examining the IBM® Lotus® Domino® 8.5 Architecture



Server type Function

Lotus Domino Enter-prise Server

Includes the functionality of both the Lotus DominoUtility and Domino Messaging Servers, including sup-port for clusters.

Note: Each server type installed on a system requires a different server license.

Default Location Documents

Locations are a feature that connects you to applications on servers by pro-viding a place to specify information such as the name of your mail server,whether you use a passthru server, or even which Lotus Notes ID to use.When the Lotus Notes client is installed, four Location documents are cre-ated by default that contain communication and location-specific settings:Home, Offline, Online, and Travel. During configuration, Lotus Notes popu-lates these Location documents, as well as any necessary Connection orAccount documents, based on information you supply.

The following clients use these settings, which are accessible through tabswithin a Location document:

● Lotus Notes

● Lotus Domino Administrator

● IBM® Lotus® Domino Designer®

Client Types

Users who have mail files on a Lotus Domino server can use either theLotus Notes client or an Internet client to access their mail:

● Lotus Notes clients: Use Lotus Notes protocols to send and accessmail on a Lotus Domino server; a Lotus Notes client can also act as anInternet mail client.

● Internet clients: Access mail files through the Lotus Domino POP3,IMAP, or HTTP servers. POP3 and IMAP clients send mail using SMTP.

The following table describes the purpose of Lotus Notes clients andInternet mail clients.

Client Purpose

Lotus Clients:

Lotus Notes A rich-client interface for working with Lotus Notes applicationsand Internet data.

Default LocationDocuments

Demonstrate how aclient identifies a serverby showing a Locationdocument. Use theinformation provided inthe additional instructornotes.

Optionally, demonstratethe Advanced tab→UserID to switch to the fieldto show how anadministrator can switchIDs easily.


Client Types




Client Purpose

LotusDominoDesigner

An interface for adding functionality to new or existing LotusNotes applications.

LotusDominoAdministrator

An interface for administering Lotus Domino systems.

Internet Clients:

IBM® Lotus®

iNotesProvides Lotus Notes users with browser-based access toLotus Notes mail and to Lotus Notes calendar and schedulingfeatures. Lotus iNotes includes the following modes:

● Full—Provides a full set of features including mail, calendar,notebook, contacts, and to do list.

● Lite—Optimized for performance in bandwidth-constrainedenvironments, and provides access to Mail and Contacts in astreamlined user interface.

● Ultralite—Designed for use on a mobile device and is initiallysupported on the Apple iPhone or iPod touch.

Web Supports mail, Calendar, and custom Lotus Domino Web appli-cation access for Web browsers.

POP3 Allows mail access to a POP3 compliant server. An example ofa POP3 client is Microsoft Outlook.

IMAP Supports mail access, including the folder structure, to an IMAPenabled server.




Basic vs. Standard clientBuilt on the same platform as Lotus Notes 7, the Basic client resemblesLotus Notes 7 in its interface and functionality. The Basic client is one of theoptions of the Standard client installation. With all the applications residingon Domino servers, the Basic client allows you to access new and recogniz-able service offerings for Calendar, Contacts, and Mail, plus familiarfunctionality for instant messaging. The existence of the Basic client is use-ful if you want to run it in the following circumstances:

● Client computers do not have enough RAM or other hardwareresources to run the Standard client at acceptable performance levels.

● As an administrator, you do not want to spend the money for additionaltechnical support or to train users on the new Lotus Notes 8.5 userinterface yet.

● You are not upgrading the servers on the back end to Lotus Domino 8.5yet, so there is little reason to run the Standard client.

Supported by IBM® Lotus® Expeditor and IBM® Lotus® Eclipse™ platformswith Java™-enabled, Eclipse, and SWT (Standard Widget Toolkit) capabili-ties, the J2EE™ Standard client provides a larger networking environmentwith increased functionality and innovation opportunities. The Standard cli-ent enables you to access applications on both Domino servers and IBM®

WebSphere® Portal servers. With a fully redesigned user interface, theStandard client offers new and improved mail, calendar, contacts, andinstant messaging functionality, while introducing you to engaging applica-tion and tool integration. The J2EE Standard client is the preferentialconfiguration to support an all-inclusive new features and functionalityupgrade from Lotus Notes 7 to Lotus Notes 8.5.

Overview of Lotus Notes 8.5 Features

Lotus Notes 8.5 provides features to improve the core functionality of LotusNotes. With the addition of innovative features, Lotus Notes 8.5 presents adynamic end-user work environment, and represents an important transitionin the way people communicate and collaborate.

The following table describes some of the features of the Lotus Notes 8.5environment.

Feature Description

Infrastructure Lotus Notes 8.5 presents a dynamic user work environment,and represents an important transition in the way people com-municate and collaborate. It also elevates the team-based,electronic user experience by enriching the online communityof collaboration, allowing you to improve efficiency, boost effec-tiveness, and expedite decision-making processes.

Overview of Lotus Notes8.5 Features




Feature Description

Productivity You will be able to complete your day-to-day tasks more effi-ciently using one comprehensive application that streamlinesbusiness processes and enriches the real-time collaborationexperience. The ability to share and update project informationin a single, simplified view will help you sharpen your focus onthe status of projects, and keep associates and participants insync.

E-mail Threaded e-mails enable you to see all messages for a spe-cific topic grouped and arranged together at the view level. Youcan also alternate between vertical and horizontal preview dis-plays within your inbox. A rich text mail signature stored in yourmail file can be used on any computer with Lotus Notes.

Calendar You can manage your time and meeting invitations by viewingyour calendar in a sidebar while completing other tasks. Youcan also customize daily and weekly calendar views withinLotus Notes 8.5. Activities, another Lotus Notes user’s calen-dar, or a Lotus Notes application’s calendar can also be addedto the Calendar view.

Contacts The Personal Address Book (PAB) is now referred to as Con-tacts in Lotus Notes 8.5. You can initiate instant messagingand e-mail correspondence from the Contacts view. You canfind information quickly by referring to business-card-like viewswith embedded photographs. You can also forward contacts asvCards.

Components In Lotus Notes 8.5, Lotus Notes databases are now referred toas applications. You can connect to different applications andcombine components from multiple systems on screen.

IBM® Lotus®

Symphony™Using the Lotus Symphony applications, you can create, edit,and collaborate on documents, spreadsheets, and presentationfiles.




Topic B: Investigating IBM® Lotus®

Domino® Applications

The Object Store

The Object Store, also known as the NSF (Notes Storage Facility), is thebasic building block for the Notes architecture. The Object Store is where allIBM® Lotus Notes® data resides in the form of an NSF application. TheObject Store is unique in that it can hold any type of data including applica-tions, mail, directory, graphic, video, and sound files. An application is asolution to a particular business problem that may contain one or moredatabases and other components, such as JavaScripts™.

Components of Lotus Domino Applications

The following table briefly describes some of the elements contained in aLotus Domino application.

Lotus Domino applica-tion element

Description

Documents (or datanotes)

Contain data such as text, graphics, and variousfile attachments.

Application Design(design notes)

Forms, views, agents, etc.

ACL entries Security entries to control access to the contents ofthe Domino application.

Database header Information about the database itself. For example,the database title, replication history, etc.

Application extensionsSome applications have extensions other than NSF. The following tabledescribes these applications.

Applicationextension

Description

NDK Application that contains the user desktop settings.

NTF Application template used to create specific types of databases,such as mail databases.

The Object Store

Components of LotusDomino Applications

Open the instructor mailfile (DNotes.nsf) anduse the interface todescribe thecomponents in theaccompanying table.

BIBM® Lotus® Domino® 8.5 System Administration Operating Fundamentals



Database extensions for other releasesThe following table describes the database extensions that you mightencounter if you are upgrading from a previous release.

Databaseextension

Description

DSK Release 5 database that contains the user’s desktop settings. Thisextension is the same as NDK in Release 6 and higher.

ND7 Database that retains Release 7 format.

ND6 Database that retains Release 6 format.

NS5 Database that retains Release 5 format.

NS4 Database that retains Release 4 format.

Note: To retain the database format from a previous release, save thedatabase with the appropriate extension (NS4, NS5, or NS6) prior to com-pacting the database on a Lotus Domino 8.5 server. Otherwise, compactingwill upgrade the database to the Lotus Domino 8.5 format, only if Create_R85_Databases=1 is set in Notes.ini.

Database Types and Applications

Databases are used for a broad range of applications and solutions, aslisted in the following table.

Type Can be used for

E-mail/PIM (per-sonal informationmanagement)

E-mail: Functional out of the box. Each user has a per-sonal e-mail database.Group Calendar Management: Functional out of the box.Includes group scheduling functions and group calendars.Instant messaging: Lotus Sametime software integratedwith Lotus Notes provides voice, video, and telephonyservices.Voice Integration: With independent vendor LotusDomino-based voice services.

Broadcast/Reference

Policies and Procedures: Part of a larger HumanResources package that may have been acquired from anindependent developer.Product Catalog: Updated by selected personnel. Read-able by all others.

Database Types andApplications

Ask students fordatabase examples fromtheir implementations.

Open some commondatabase types, forexample: an e-mail file,a discussion (policies.nsf), or a catalog (ideas.nsf).

Topic B: Investigating IBM® Lotus® Domino® Applications



Type Can be used for

Discussion Product Ideas: Forum for employee ideas.

Tracking/Workflow Customer Service: Customer service personnel createdocuments and update from time to time or addresponses as they track problems to resolution.Product Design: Employee creates idea documents.Product manager approves product idea. Research andDevelopment (R&D) manager reviews idea.Expense Reporting: Reporter creates expense report.Approver approves. Bookkeeper carries out. Users trackprogress of their expense reports in a tracking database.Order Processing: Part of a Company Catalog applica-tion. Customers or salespeople place orders, and thentrack the progress of their fulfillment.

TeamRoom Project Team Collaboration: Development team pre-pares meeting, discussion, and action-item documents.Team members review, revise, and archive documents.

Microsoft OfficeLibrary

Document Collaboration: Team using Microsoft Officecreates, updates, and reviews documents.

Composite Applications

A composite application is a collection of two or more distinct applicationsthat address a business need for a specific group of users and can beaccessed from one screen. Composite applications consist of different ele-ments that allow users to implement related tasks without having to launchnew windows or applications.

The various parts of a composite application can interact with one anotherand exchange information. When views are updated or edited in one appli-cation, the corresponding views and information in the other applications areupdated to reflect the modifications.

There are two types of composite applications that are featured in LotusDomino and Lotus Notes 8.5:

● A Lotus Notes composite application, which is stored on a Dominoserver and listed in a Domino Application catalog.

● A portal composite application, which is stored on an IBM®

WebSphere® Portal server and is listed in the WebSphere Portal cata-log. Users can access this type of composite application using theLotus Notes client or a Web browser.

For example, the IBM Lotus Notes 8.5 inbox is a fully functional compositeapplication that integrates two or more elements into one user interface.

Composite Applications




Required Server Applications

In addition to user application databases, there are several databases thatsupport the configuration and proper functioning of the Lotus Domino envi-ronment.

Note: Required server database names are the same as in the previous release ofLotus Domino.

The following table lists some of the crucial files stored on each server.

Databasetitle

File name(NSF)

Function

LotusDominoDirectory

Names Directory of information about users, servers,groups, and custom entries. The documentscontain detailed information about each userand server. The Directory is also a tool to man-age the Lotus Domino system. For example,administrators create documents in the LotusDomino Directory to connect servers for replica-tion or mail routing, or to schedule server tasks,and other Lotus Domino settings and configura-tions.

Administra-tionRequests

Admin4 Tracks and records requests and processes tosupport automating administration tasks.

CertificationLog

CertLog Maintains records of certified Lotus Domino IDs.

MonitoringConfigura-tion

Events4 Stores configuration records for statistics report-ing and monitoring tools, and stores a listing ofserver messages.

LotusDominoserver logfile

Log Stores information about performance, statistics,and activities on the Domino server.

MonitoringResults

StatRep Records information about the activity on one ormore Domino servers.

Mail Routermailbox

Mail.box Stores mail from a user that is in route toanother user.

Required ServerApplications

More information aboutthe Lotus DominoDirectory and theAdministration Processis included later in thelesson.

Topic B: Investigating IBM® Lotus® Domino® Applications



The Lotus Domino Directory

The Lotus Domino Directory (Names.nsf) is the most important database ina Lotus Domino environment. The directory stores the information thatallows Lotus Domino servers and clients to function properly.

The Lotus Domino Directory is created during the first server configurationand is stored on each new server in the environment.

Note: The Lotus Domino Directory was referenced differently in earlier releases.Administrators with experience using these earlier releases of Lotus Notes andLotus Domino may use other terminology, including: Public Address Book (PAB) andNotes Address Book (NAB).

The following table outlines information stored in the directory.

Information Stored in documents

Who are the users? Person

What are the Lotus Domino servers? Server

How do servers connect to each other andexchange information?

Connection

What user groups are available for mail distributionlists and access lists?

Group

How do servers perform special functions? Configuration

Lotus Domino Domains

Lotus Domino uses specific structures and terms to define the organizationof the Lotus Domino environment. A domain is a collection of servers andusers that share a single Lotus Domino Directory. The primary purpose for adomain is mail routing. The domain name is typically the company name.

Single vs. Multiple Domains

Although it is possible to have several domains within an organization, mostcompanies will define themselves as a single domain because singledomains simplify the process of addressing mail, optimize mail routing, andare easier to maintain than multiple domains.

Note: Lotus Domino domain names should not have a period (.) in the name.

The Domino Directory

Show the students theLotus Domino Directorydatabase bydemonstrating thefollowing:1. From the Lotus

Notes client, openWWCorp’s directoryon the server.

2. Show the views andtypes of documentslisted in the table.

Lotus Domino Domains




Topic C: Exploring IBM® Lotus®

Domino® Server Functionality

Categories of Lotus Domino Services

IBM® Lotus® Domino® services maintain, manage, update, and distributeIBM® Lotus Notes® data. The general Lotus Domino service categories areoutlined in the following table.

Service Description

Application Provides the tools to create applications:

● The Lotus Domino Designer, a special client license thatprovides a design environment for building customizedapplications including Web applications.

● Lotus Notes templates, models for creating applicationsquickly and easily.

● The formula language, a scripting language developed forLotus Notes.

● IBM® LotusScript® language, as well as support forJava™, JavaScript™, C++, and CORBA®.

Connection Enables the use of Lotus Domino with existing relational datasources.

Infrastructure Provides the foundation for Lotus Domino:

● The application engine that runs all the scripts and putstogether the completed dynamic page.

● Core services, such as directory, messaging, security, andreplication that are the main server components of LotusDomino.

● Protocols that describe how to communicate with theserver.

Core Lotus Domino Services

The core Lotus Domino services form the basis of a Lotus Domino infra-structure. Core Domino services include the services described in thefollowing table.

Categories of LotusDomino Services

Tell students thatSecurity, Messaging,and Replication servicesare discussed in detail insubsequent lessons.

Core Lotus DominoServices

CTopic C: Exploring IBM® Lotus® Domino® Server Functionality



Core LotusDomino service

Description

Directory A mechanism by which users and servers are categorizedin a Lotus Domino environment.

Security Tools and services that control access to servers andapplications, including the authentication of users.

Messaging Services, databases, and monitoring tools that supportboth Lotus Notes and Internet mail.

Replication A process of periodically updating replica databases on allservers regardless of location.

Maintenance Tools, services, and databases that support server mainte-nance and monitoring.

Server Tasks

The core services are provided using a number of Lotus Domino servertasks in conjunction with the key Lotus Domino server databases. A servertask is a program provided with the Lotus Domino server that runs whenloaded and activated. Server tasks serve various purposes. Some performspecific tasks, such as mail routing. Others run in the background to per-form complex administration procedures, such as compacting databasesand updating indexes. The following table lists some of the key server tasksand their default load times.

Task name Description Runs

Administration Process(Admin Process)

Automates a variety ofadministrative tasks.

On server startup

Agent Manager Manages and runsagents on a server. Anagent performs a seriesof automated tasksaccording to a setschedule or at therequest of a user.

On server startup

Database Compactor Compacts all databaseson the server to reclaimspace freed by the dele-tion of documents andattachments.

Based on a schedule

Server Tasks

While reviewing theaccompanying table,show the tasks currentlyrunning on the server.

From DominoAdministrator, click theServer tab→Statustab→Server Tasks view.

Point out that a tasklisted as Idle is stillloaded, but not currentlyrunning.




Task name Description Runs

Designer Updates all databasesto reflect changes totemplates.

Based on a schedule

Event Monitor Monitors the server forselected events definedby the administrators.

As needed

HTTP Server Enables a LotusDomino server to act asa Web server sobrowser clients canaccess databases onthe server.

On server startup (ifenabled)

Replicator Replicates databaseswith other servers.

On server startup (ifenabled)

Router Routes mail to otherservers.

On server startup (formail servers)

Statistics (Stats) Records database activ-ity in the log file.

As needed

Lotus Domino Advanced Services

A Lotus Notes and Lotus Domino environment can support many otherapplications and functionality by taking advantage of additional supplied ser-vices and expanded resources.

Some of the additional services and products available for a Lotus Dominoimplementation are listed in the following table.

Category Examples

AdditionalLotus Dominoservices

● Internet protocol support:

■ LDAP - directories

■ POP3 - mail clients

■ IMAP - mail clients

● Clustering

● Partitions

● Lotus Domino Enterprise Connection Services (DECS)

● Lotus Domino Internet Inter-ORB Protocol (DIIOP)

Lotus Domino AdvancedServices

Topic C: Exploring IBM® Lotus® Domino® Server Functionality



Category Examples

Lotus Dominosoftware exten-sions

● Lotus® Domino® Everyplace®

● Domino Off-line Services (DOLS)

● Domino Universal Connection Services (DUCS)

● IBM® Tivoli® Analyzer for Lotus Domino

Complementaryproducts

● IBM® Lotus® Sametime®

● IBM® Lotus® Quickr™

● IBM® Lotus® Connections

● IBM® Lotus® Quickplace®

● IBM® Lotus® Discovery Server™

Note: Additional Lotus Domino services and products are covered in more detaillater in this course.




Lesson SummaryIn this lesson, you described the structural components of the IBM LotusDomino 8.5 environment. As the system administrator, understanding thearchitecture and its key components can help you properly administer theLotus Domino 8.5 environment.

Topic C: Exploring IBM® Lotus® Domino® Server Functionality



Performing BasicAdministration Tasks

■ Topic A: Starting IBM® Lotus® Domino® Administrator

■ Topic B: Using Online Help

■ Topic C: Navigating in IBM® Lotus® Domino® Administrator

■ Topic D: Setting Administration Preferences

■ Topic E: Introducing Policies

2


Introduction

By performing basic administrative tasks in IBM® Lotus® Domino® Adminis-trator, you should gain the hands-on experience you need to accomplishthese tasks on the job in your own Lotus Domino environment.


● Identify the elements of the Lotus Domino Administrator interface.

● Use online help.

● Navigate in Lotus Domino Administration and perform basic LotusDomino Administrator tasks.

● Set administration preferences in Lotus Domino Administrator.

● Describe policies.

Lesson 2 ■ Performing Basic Administration Tasks


Topic A: Starting IBM® Lotus® Domino®

Administrator

Lotus Domino Administration

Each IBM® Lotus® Domino® implementation requires one or more peopleperforming administrative tasks.

Administrators are often organized into groups to facilitate controlled man-agement of the IBM® Lotus Notes® and Lotus Domino environment.

An administrator’s access to perform administrative tasks is set using anumber of security methods to allow or disallow different levels of adminis-tration, such as:

● Access servers

● Administer one or more servers

● Add/modify users, servers, and certifiers

● Add/modify server configuration information

Lotus Domino Administration Tools

Lotus Notes and Lotus Domino 8.5 include a set of tools to administer theenvironment. This combination of tools allows administrators flexibility inmanaging their environment. The following table lists these tools.

Tool Description

Lotus DominoAdministrator

Allows administrators to make changes to the LotusDomino environment, such as:

● Modify server settings.

● Set up server connections.

● Add new users, servers, and groups to the LotusDomino environment.

● Monitor server activity.

Lotus DominoWeb Administrator

Provides administrators with the majority of features avail-able through the Lotus Domino Administrator using a Webbrowser.

Lotus DominoAdministration

Show the administrationgroups and roles usedto control administrativeaccess, including:● People & Groups→

Groups→LocalDomainAdmins.

● Server document→Security tab.

● Domino DirectoryACL, including roles.

● Web Administratorroles (ACL onWebAdmin.nsf).

These controls will bediscussed in more detailin another lesson.

Lotus DominoAdministration Tools

Show examples of eachof the following tools:● Lotus Domino

Administrator● Web Administrator● Server Console




Tool Description

Lotus DominoConsole

Provides a server console on any platform that supportsJava™, allowing an administrator to:

● Enter text-based server commands.

● Remotely start and stop the server.

The Lotus Domino Administrator is the main tool for performing administra-tive tasks in a Lotus Domino environment. The client is included with theserver software and can be installed on any supported operating system.

The Lotus Domino Administrator Interface

The Lotus Domino Administrator interface is separated into panes to helpadministrators manage different resources. When you click one pane, theinformation in the other panes is dynamically updated.

The following table lists and describes some of the components of the LotusDomino Administrator interface.

Component Description

Action bar Contains buttons to act on documents displayed in theview.

Bookmark bar Contains icons to display a list of servers in the domainsyou administer and icons to start the Notes client andDomino Designer client, if installed.

Bookmarks window Displays a list of servers in a domain.

Server pane Displays the servers in the domain, grouped in differentviews.

Tabs Contain general administration tasks.

Task pane Provides a logical grouping of administration tasks orga-nized by tabs.

Results pane Displays the results of the current task.

Tools pane Provides additional functions associated with theselected tab.

The Lotus DominoAdministrator Interface(2 slides)

Please visit http://www-10.lotus.com/ldd/dominowiki.nsf?OpenDatabase tolocate videos and otherinformational items youcan use to enhance thepresentation of currentconcepts to the class,such as a guided tour ofthe Lotus Notes/LotusDomino environment.

Topic A: Starting IBM® Lotus® Domino® Administrator



The following figure displays an example of the Lotus Domino Administratorinterface and its components.

Figure 2-1: The Lotus Domino Administrator interface

Note: You can also use the Administration menu to navigate among the LotusDomino Administrator tabs.




Activity 2-1: Introducing IBM Lotus DominoAdministrator

ScenarioAll Worldwide Corporation administrators will use the Lotus Domino Admin-istrator client. As an administrator, you should be familiar with the LotusDomino Administrator environment.

Follow these steps to start Lotus Domino Administrator and select the Hub/SVR/WWCorp server to administer.

Step Action

1. Click Start→All Programs→Lotus Applications→Lotus Notes 8.5. Log inwith the user name assigned to you and the password passw0rd

2. From the Lotus Notes client, click Open and then click Domino Adminis-trator.

Note: Lotus Domino Administrator is accessible directly from theLotus Applications program group. From Windows, click Start→All Programs→Lotus Applications→Lotus DominoAdministrator 8.5.

3. Select the Don’t show this again check box in the upper-right corner ofthe page and close the Welcome page.

4. In the IBM Domino Administrator, click the Favorites icon.

5. Click the Domain servers icon to display the Bookmark window for theWWCorp domain.

6. Click the Pin icon to anchor the Bookmark window.

7. Expand the All Servers section, and select the instructor’s server: Hub/SVR/WWCorp.

8. How do you know which server is currently active?

The currently selected server name is listed under the tabs.

9. What is the Lotus domain name for Worldwide Corporation?

WWCorp.

Provide students withthe password for eachuser ID. If you are usingthe provided classroomsetup files, thepassword is passw0rd.

Show students how toopen Lotus DominoAdministrator directlyfrom the LotusApplications programgroup.

Open the Release Notesdatabase→Platformsand systemrequirements documentto view a list ofsupported clientplatforms.

Show students how toclose the Welcomescreen. Provide anoverview of LotusDomino Administrator bypointing out each of thepanes shown in Figure2-1, and by using theaccompanying table.Show students thecontents of each of theFavorites and Domainwindows and each ofthe sections in theDomain window.

Step 8: After thestudents select theserver, review thequestions and answers.

Topic A: Starting IBM® Lotus® Domino® Administrator



Step Action

10. How do you display all of the servers in the domain?

Domain bookmark displays the servers in the domain.

Note: When administering servers, perform all administrationtasks from an Administration client (Lotus Domino Administratorinstalled on a client machine) to prevent security breaches.Always verify the server name before performing administrativetasks.




Topic B: Using Online Help

Online Help Resources

Online help is available at every stage of IBM® Lotus® Domino® Administra-tor. There are many resources for information on the Lotus Domino systemadministration and the Administrator client. Additional resources are listed inthe following table.

Location Resources

Online ● Lotus Domino Administrator 8.5 Help database

● Release notes

Internet ● http://www-01.ibm.com/software/lotus/ - Support, news, andproduct information

● http://www.ibm.com/developerworks/lotus - Documentation,software downloads, and developer resources

● http://publib-b.boulder.ibm.com/redbooks.nsf/portals/Lotus -IBM Redbooks

Online Help Resources

BTopic B: Using Online Help



Activity 2-2: Define IBM Lotus DominoTerms

ScenarioAll Worldwide Corporation administrators will use Help. As an administrator,you should be familiar with Lotus Domino terms. This activity introduces youto online Help and allows you to make your first connection to some of theterminology you will be learning during the course.

Follow these steps to use the Help glossary or the Search for feature todefine basic Lotus Domino concepts and terms.

Step Action

1. From the Lotus Domino Administrator main menu, click Help→Help Topics.

2. Using the Search option, locate the answers to the following questions.

3. Search for the article titled “Domino domains.” What is a domain?

A Lotus Domino domain is a collection of servers and users thatshare common Lotus Domino directory information.

4. Search for the article titled “Hierarchical naming for servers and users.”What is hierarchical naming?

A system of naming associated with Lotus Notes IDs thatreflects the relationship of names to the certifiers in an organi-zation. Hierarchical naming helps distinguish users with thesame common name for added security and allows for decen-tralized management of certification. The format of ahierarchical name is: common name/organizational unit/organization/country code—for example, Pam Tort/Fargo/Acme/CA.

5. Search for the article titled “How replication works.” What is replication?

The process of exchanging modifications between replicas.Through replication, Lotus Notes makes all of the replicasessentially identical over time.

6. Search for the article titled “User registration.” What is a user ID?

A file assigned to every user and server that uniquely identifiesthem to Lotus Notes and Lotus Domino. It is similar in functionto accessing a bank’s computer using an ATM card.

7. Close Help.

Review the definitionsthat students found tointroduce the terms. Tellstudents these terms willbe referred to in thislesson and described indetail in later lessons.




Topic C: Navigating in IBM® Lotus®

Domino® Administrator

Lotus Domino Administrator Tabs

General administration tasks are organized by tabs as described in the fol-lowing table.

Tab Contents

People &Groups

People-related IBM® Lotus® Domino® Directory items: per-son documents, groups, mail-in databases, policies,settings, and certificates.

Files File interaction includes databases, templates, databaselinks, and all other files in the server’s data directory.

Server Current server activity and tasks. This tab has five sub-tabs:

● Status

● Analysis

● Monitoring

● Statistics

● Performance

Messaging Mail-related information. This tab has two sub-tabs:

● Mail

● Tracking Center

Replication Replication schedule, topology, and events.

Configuration All documents used to configure the server, such as:

● Server documents

● Configuration Settings documents

● Messaging and Replication connections

● Web Configuration documents

● Directory Configuration documents

● Monitoring Configuration documents

Lotus DominoAdministrator Tabs

CTopic C: Navigating in IBM® Lotus® Domino® Administrator



The Person Document

A Person document describes an IBM® Lotus Notes® or non-Lotus Notesuser in the Lotus Domino Directory. A Person document is created whenyou register a user via the user registration interface in Lotus DominoAdministrator or when you use the Add Person action on the People &Groups tab in Lotus Domino Administrator.

Note: When you delete a user name, the associated Person document is alsodeleted.

Groups

A group is a list of users and/or servers that have something in common.Each group must have an owner, who is usually an administrator or anapplication manager.

Groups can be used to:

● Provide a group of users access to an application.

● Deny a group of users access to a server or application.

● Send mail to a distribution list.

Tasks on the People & Groups Tab

From the People & Groups tab, administrators can add, modify, and view:

● Users in the domain.

● Groups defined in the domain.

● Documents defining mail-in databases and resources for scheduling.

● Policies and settings documents used to streamline workstation setup.

● Certificates used for authentication.

● ID vaults.

The Person Document

Provide an overview ofthe People & Group tab.During the overview,point out the screenareas as referenced andexplain a Persondocument and a group.

Groups

Demonstrate thefeatures and optionsavailable on the People& Groups tab, such aslocating and viewing aPerson document andthe options available onthe Tools menu.




Tasks on the Files Tab

From the Files tab, administrators can:

● View file information.

● View disk space information.

● Add, modify, and delete folder and database links.

● Perform database management tasks.

Tasks on the Server Tab

From the Server tab, administrators can:

● Issue commands to the Lotus Domino server.

● View server information to analyze and troubleshoot server perfor-mance.

● Monitor server tasks and statistics throughout the domain.

Tasks on the Messaging Tab

From the Messaging tab, administrators can:

● Monitor mail routing and issue commands to control mail routing.

● View mail routing topology maps.

● Track messages and generate reports on messages sent by users.

Lotus Domino Replication

A process called Lotus Domino replication keeps the replica copies of theLotus Domino Directory and other Lotus Domino applications synchronizedthroughout the domain. Lotus Domino replication is the process ofexchanging modifications between two database replicas so that the samedatabase may be updated and shared by many users in different locationsaccessing different servers.

Demonstrate thefeatures and optionsavailable on the Filestab, while reviewing thefollowing concepts:● What is an applica-

tion?● The Lotus Domino

Directory is a LotusDomino application.

● Database tools.● How to manage mul-

tiple databasessimultaneously.

● Database templates.

Demonstrate thefeatures and optionsavailable on the Servertab, such as monitoringserver tasks.

Demonstrate thefeatures and optionsavailable on theMessaging tab, such asmonitoring mail routingor tracking messagesand generating reports.

Lotus DominoReplication

Briefly describe LotusDomino replication. Thisshould not be an in-depth discussion. Deferquestions regardingreplication and domains,as they will be coveredlater.

Topic C: Navigating in IBM® Lotus® Domino® Administrator



Tasks on the Replication Tab

From the Replication tab, administrators can:

● View the replication schedule for a server.

● View Replication Events that have previously occurred.

● View Replication Topology maps.

Tasks on the Configuration Tab

From the Configuration tab, administrators can change the following set-tings:

● Server

● Messaging

● Replication

● Directory

● Web server

● Monitoring Configuration

● Cluster

● Offline Services

● Certificates

● Miscellaneous

Some items to remember when working on the Configuration tab include:

● Each server in the domain has a Server document that contains infor-mation about the server. Lotus Domino uses this information duringserver startup and for security.

● Some server settings are stored in the Server document; others arestored in Configuration Settings documents. Lotus Domino uses thisinformation during server startup.

● Information about how servers should establish connections is stored inConnection documents. Lotus Domino uses this information in deter-mining how to connect to another server for replication and mail routing.

● Information about other domain connections is stored in Lotus Domaindocuments. Lotus Domino uses this information for replication and mailrouting.

Demonstrate thefeatures and optionsavailable on theReplication tab, such asviewing the replicationschedule and replicationevents.

Demonstrate thefeatures and optionsavailable on theConfiguration tab, suchas the All ServerDocuments view, aConfigurations Settingsdocument to distinguishServer documentsettings, and aConnection document.

Give examples of otherdomains:● Other Lotus Domino

domains within theorganization.

● Another company’sLotus Dominodomain.

● A non-Domino mailsystem or gateway.For example, ForeignSMTP or X.400 mailsystem.




Practice Activity 2-3: Record CurrentSettings

ScenarioAs an administrator, you should be familiar with recording current settingsfrom the Lotus Domino Administrator client.

From your Lotus Domino Administrator client, find and record the followinginformation.

1. What is your Short name?

Depends on user account, and can be located on the Person document.

2. Where is your mail file located?

On the Instructor (Hub) server.

3. What client platform are you using?

Depends on classroom equipment; appears on Administration tab.

4. How many groups are in the directory?

Depends on classroom configuration.

5. Of how many groups are you a member? (Hint: Use either the ManageGroups tool or an action button.)

Depends on classroom configuration. Show the Find Group Memberaction button in the listing pane.

6. What is the total number of mail users on the classroom server?

Depends on classroom setup.

7. What is the instructor’s server title?

Hub/SVR/WWCorp.

Facilitate the discussionof these questions. Afterstudents complete theactivity, review theresults and tie theanswers to theupcoming topics.

Topic C: Navigating in IBM® Lotus® Domino® Administrator



8. What routing task does the instructor’s server perform?

Mail.

9. What is the instructor server’s operating system?

Depends on classroom equipment.




Topic D: Setting AdministrationPreferences

Administration Preferences

Administration preferences allow customizing of the IBM® Lotus® Domino®

Administrator work environment. These preferences include the followingchoices:

● The domains to administer.

● The type and order of file information displayed.

● The way in which Lotus Domino collects and displays server monitoringdata.

● The defaults to use when registering users, servers, and certifiers.

AdministrationPreferences

DTopic D: Setting Administration Preferences



Activity 2-4: Set Administration Preferences

ScenarioAs an administrator, you should be familiar with setting administrative prefer-ences in Lotus Domino Administrator.

Follow these steps to set the default settings for administering servers fromLotus Domino Administrator.

Step Action

1. Click File→Preferences→Administration Preferences.

2. For Basics, verify that the WWCorp domain is selected, and click Edit.

3. Verify that the Domino Directory server is Hub/SVR/WWCorp.

4. Verify that Do not change location is selected and click OK.

5. Click Monitoring, and verify that Monitor servers From this computer isselected.

6. In the Poll servers every x minutes field, type 5

7. Select Automatically monitor servers at startup.

8. Click OK to close the Administration Preferences dialog box.

Step 1: Students willperform this at their ownpace. Verify that theirpreferences arecorrectly set beforecontinuing to the nextlesson.




Topic E: Introducing Policies

Policies

A policy is the Policy document and its associated Settings documents.Policies can control many user and administrative functions. An administra-tor can enforce IBM® Lotus Notes® and IBM® Lotus® Domino® policies ofvarious types and apply them to various groupings of users.

Policies can apply to various sets of users. They can apply to an entireorganization, an organizational unit (OU), a group of users, or even oneuser. Multiple policies can apply to the same user and these can contain acontradictory value for the same setting. A precedence system determineswhich setting a user gets.

Policy Documents

Each Policy document contains pointers to selected Settings documents.This combination of the Policy document and its Settings documents consti-tutes one policy. You create Policy documents in the Lotus Domino Directoryto distribute standard settings and configurations across groups, depart-ments, or entire organizations.

Settings Documents

Policies contain one of more of the following Settings documents:

● Registration

● Mail

● Desktop

● Archiving

● Security

● Activities

● Productivity Tools

● Setup

Policies

Policy Documents

Settings Documents

ETopic E: Introducing Policies



Lesson SummaryIn this lesson, you performed basic administrative tasks in IBM LotusDomino Administrator. Gaining the hands-on experience needed to accom-plish tasks on the job will enable you to administer and support the LotusDomino environment.




Examining IBM® Lotus® Notes®

and IBM® Lotus® Domino®

Security

■ Topic A: Identifying IBM® Lotus® Domino® Security Components

■ Topic B: Designing a Hierarchical Naming Scheme

■ Topic C: Authenticating with IBM® Lotus® Domino® Servers

■ Topic D: Controlling Access to Resources

■ Topic E: Determining Database Access Levels

■ Topic F: Determining Workstation Security Levels

3


Introduction

Security mechanisms must be in place to ensure proper access to Dominoservers and server components. By defining IBM® Lotus Notes® and IBM®

Lotus® Domino® security, you should be able to effectively control access toa Lotus Notes and Lotus Domino environment.


● Identify components of the Lotus Domino security implementation.

● Design a hierarchical naming scheme.

● Locate and view certifiers.

● Determine how Lotus Domino security mechanisms control serveraccess levels and access to other resources.

● Determine database access levels.

● Determine workstation security levels.

Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security


Topic A: Identifying IBM® Lotus®

Domino® Security Components

IBM Lotus Domino Terminology

The IBM® Lotus® Domino® architecture and security model relies on variousstructures and requirements. It is helpful to be familiar with the LotusDomino vocabulary to properly support an implementation.

Organizations

A Lotus Domino organization defines the naming hierarchy for a LotusDomino environment, which is used for security. The organization name canbe the same as the domain name, or another name, such as a shortenedversion of the company name.

Note: Most companies will set up one organization and one domain. However, acompany may create multiple organizations to separate different departments ordivisions for security or administration purposes.

Figure 3-1: Example of an organizational hierarchy

Organizations




Organizational Units

An organizational unit (OU) generally defines an organization’s hierarchy asit relates to people. OUs are the next level down from the organization andusually represent geographical or departmental names.The following figureshows an example of an organizational unit.

Figure 3-2: Example of an organizational unit

Organization Certifiers

The Lotus Domino organization certifier is a special file created at the timethe first Lotus Domino server is set up in the company. It is the top of thehierarchy and is used to certify the resources in the entire infrastructure.

Administrators can use the organization certifier to register other certifierswhich, in turn, can be used to register users, servers, or other certifiers.

The WWCorp organizational certifierThe /WWCorp organizational unit certifier stamps:

● User: Doctor Notes

● Server: Hub

● Other certifiers to be discussed later in the lesson.

Organizational Units

Organization Certifiers

Topic A: Identifying IBM® Lotus® Domino® Security Components



Practice Activity 3-1: Review Lotus DominoTerminology

ScenarioAs an administrator, you should be familiar with Lotus Domino definitionsand terms.

The following terms and definitions are important Lotus Domino securityconcepts. Write the correct term or definition.

1. Define the term hierarchical naming.

System of naming associated with Lotus Notes IDs that reflects the rela-tionship of names and certifiers in an organization. Distinguishes userswith the same common name.

2. What term is defined as a collection of servers and users that share asingle Lotus Domino Directory?

Domain.

3. Define the term organization.

An entity that authorizes users and servers to authenticate with oneanother. The primary purpose is security.

4. Define the term organizational unit (OU).

Typically, a department or location within the organization.

5. What term is defined as a central application in the Lotus Dominodomain, which contains information about users and servers, and existson every server in the domain?

Lotus Domino Directory.

6. Define the term access control list (ACL).

A list of application users (individual users, Lotus Domino servers, andgroups of users and/or servers) created and updated by a database man-ager.

If class time is short,students can do thisactivity on their ownoutside of class.Suggest students usethe available Help filesto complete the activity.




7. What term is defined as uniquely identifying the users and servers toLotus Notes and Lotus Domino and is assigned to every user andserver? It also contains an electronic stamp created by a certifier.

IDs (user, server, certifier).

Topic A: Identifying IBM® Lotus® Domino® Security Components



Topic B: Designing a HierarchicalNaming Scheme

Hierarchical Naming

IBM® Lotus® Domino® uses hierarchical naming, based on X.500 standards,to guarantee unique user and server names across a large network. It isnecessary to uniquely identify users for security and mail purposes becauseLotus Domino does not use a security identifier similar to the one used inWindows. Hierarchical naming associates names with the certifiers in anorganization. It also enables the delegation of administrative tasks among agroup of administrators.

Components of a Hierarchical Name

The format of a hierarchical name is CN/OU4/OU3/OU2/OU1/O/C (forexample, Sarah Forbes/Toronto/Acme/CA).

The following table describes the components of a hierarchical name.

Component Description Characters Required

Common Name(CN)

The person’s full given(first) and family (last)names, or the servername

80 maximum Yes

OrganizationalUnit Name (OU)

Typically, a department orlocation name

Up to 32 perOU

No

OrganizationName (O)

Typically, a companyname

3 to 64 Yes

Country (C) ISO standard two-letterabbreviation for the coun-try and top-level location

0 or 2 No

Note: Since the country code is part of the fully distinguished name, each certifierthat uses a country code is a different certifier, even though the organization nameis the same.

Hierarchical Naming

Components of aHierarchical Name

BIBM® Lotus® Domino® 8.5 System Administration Operating Fundamentals



For example, if Worldwide Corporation decides to use country codes, therecould be three organization certifier IDs as follows:

● /WWCorp/US

● /WWCorp/CA

● /WWCorp/FR

Recommendations for spaces in hierarchical namesWhen creating hierarchical names, do not include spaces in any of the fol-lowing components:

● A server’s common name

● Organization name

● Organization unit name

Hierarchical Naming Example

Two users with the same name, Marcus Frank, work for Worldwide Corpora-tion. One works for the Sales organization in the East regional office. Theother is a member of the Human Resources department in the Westregional office.

The following figure shows how the two people with the same name are dis-tinguished using hierarchical naming.

Figure 3-3: An example of hierarchical naming

If the user happens to be in the same organizational hierarchy, a middle ini-tial or an organizational unit unique to the user can be used.

Hierarchical NamingExample

Describe hierarchicalnaming as it relates toWorldwide’sorganizations.

Topic B: Designing a Hierarchical Naming Scheme



Practice Activity 3-2: Determine HierarchicalNames

ScenarioAs an administrator, you should be able to determine hierarchical namesusing the hierarchical naming example. To do this, refer to Figure 3-3 asyou answer the following questions.

1. What is the full hierarchical name for Marcus Frank in HR?

Marcus Frank/HR/West/WWCorp.

2. What is the full hierarchical name for Marcus Frank in Sales?

Marcus Frank/Sales/East/WWCorp.

3. What is the full hierarchical name for Pedro Lopes?

Pedro Lopes/Mktg/East/WWCorp.

4. What is the full hierarchical name for Hub?

Hub/SVR/WWCorp.

5. What is the full hierarchical name for East01?

East01/SVR/WWCorp.

6. What is the full hierarchical name for Gwen Carter?

Gwen Carter/Services/East/WWCorp.

Organizational Unit Naming Recommendations

A hierarchical name can comprise up to four organizational units (OUs). Therecommendation is to use the minimum required for unique naming.

Using Figure 3-3, askstudents the fullhierarchical names forthe servers and usersthat appear in thediagram.

Facilitate the discussionof these questions.

Organizational UnitNamingRecommendations




Consider the options in the following table for creating organizational unitcertifiers when designing the hierarchical naming scheme.

Criteria Description

Location Each locale has a separate OU for local administration ofservers and users. Use this as an alternative to using thecountry code name component. The site or country abbre-viation easily identifies the geographic location of the serveror user.

Department Each department has a separate OU, which keeps theLotus Domino naming scheme directly in sync with the cor-porate organizational chart.

Work groups Most often used to distinguish two users with the samename who work in the same department.

Note: Typically, a company would use the OU1 to indicate the user’s location, thenuse the OU2 for the department. Workgroups are typically used only to distinguishtwo users from the same region that are in the same department.

Department or workgroup OUs are not recommended if users move between depart-ments frequently.

When determining these names, use the following guidelines:

● Use short descriptive names.

● Do not include spaces.

● Create a separate OU for servers for administrative control.

● Use three or fewer levels of OUs in the hierarchical naming scheme.

Separate Server OUs

The following table describes the benefits of creating a separate server OU.

Benefit Description

Cross-certification

If two organizations wanted servers to be cross-certified,but did not want users to be cross-certified, then havingeach organization’s servers in a separate OU would allowthe creation of a server OU to server OU cross certificate.Since the cross certificate would be server OU to serverOU, no end user from either organization would be allowedto directly access servers in the other organization. How-ever, the servers would be allowed to authenticate andreplicate.

Separate Server OUs




Benefit Description

Administrationcontrol

If the organization decided to use a unique OU for serverregistration, and that OU is tightly controlled by an upperlevel administrator, the likelihood of having a renegade orunauthorized server show up is reduced. Any server regis-tered with a different OU will be readily apparent toadministrators through various views of Lotus DominoAdministrator.

Server Naming Recommendations

The server’s common name should:

● Be a short, descriptive name.

● Contain an abbreviation for the region where it resides.

● Not contain any spaces.

● Be easily expandable.

● Be easily recognizable for the tasks the server performs.

For example:

● Hub servers in the East might be named as follows:

EastHub01, EastHub02, EastHub03, and so on.

● Mail servers in the West might be named as follows:

WestMail01, WestMail02, WestMail03, and so on.

Note: Planning server names is particularly important, as it is a time-consuming anddifficult process to change a server’s name. Carefully consider the guidelines whennaming a server.

Server NamingRecommendations




Server Host Names and Common Names

The server’s common name can be the server’s fully qualified Internet hostname (for example, Hub). Consider the following factors in deciding whichformat is best for the company.

● Use the Internet host name in the Lotus Domino server common nameif clients accessing the server are:

■ On the Internet.

■ On a large distributed TCP/IP intranet.

■ In foreign Lotus Domino domains on a TCP/IP intranet, and serveraddress sharing between the domains is not practical.

● Use the simple Lotus Domino server common name if clients accessingthe server are:

■ Primarily in the same Lotus Domino domain or in a domain that willshare server address information with the domain.

■ Rely heavily on network protocols other than TCP/IP.

■ Require special server naming conventions better suited to thecompany.

User Naming Recommendations

Typically, a user’s common name is the user’s given (first) name and family(last) name. The user’s common name is used for Internal mail addressingand determines the user’s Internet address.

Note: Lotus Domino includes an administrative tool to change a user’s commonname, or the user’s place in the hierarchy, for example, under the following circum-stances:

● A user’s marital status changes.

● A user moves to a different department.

The following table provides an example of user naming conventions.

Type Suggested syntax Example

Lotus Dominomail address-ing

Firstname Lastname/OU2/OU1/O @Domain

Maria Lopez/Sales/East/WWCorp@WWCorp

Server Host Names andCommon Names

User NamingRecommendations




Type Suggested syntax Example

Internet Mailaddressing

[email protected] username is oneof the following:

● FirstinitialLastname

● Firstname_Lastname

● [email protected]

● [email protected]

Use of middle initialsSince most people often do not know a user’s middle initial, it is rarely used.Other reasons for avoiding middle initials include:

● The format may vary. Some administrators might use a separator, like aperiod (.), and some may not, causing inconsistent names.

● A differentiating OU is a better choice to ensure a unique name.

Planning a Hierarchical Naming Scheme

It is extremely important to properly plan a naming scheme for any organi-zation. The entire security structure is based on the information provided atthe time of the first server implementation.

To plan a naming scheme for an organization, carefully consider:

● Organization name, which should be a short and easy name. Manyorganizations choose to use their Internet domain or company name.

● Organizational units:

■ Should provide an easy and simple method to organize user andserver names. Multiple OU levels may be more difficult to manage.

■ Can be used for providing unique names.

● A strategy for distinguishing identical names in the same organizationalhierarchy should be determined during the planning stages.

How to Design a Hierarchical Naming Scheme

Procedure Reference: Designing a hierarchical namingschemeFollow these steps to plan the hierarchical naming scheme for the LotusDomino environment.

1. Choose a domain name.

2. Choose an organization name.

3. Decide whether or not to use country codes.

Planning a HierarchicalNaming Scheme

Stress to students theimportance of properlyplanning the namingscheme. It is an arduousand administrator-intensive task to redo ahierarchy once LotusDomino is deployed inthe organization.

How to Design aHierarchical NamingScheme




4. Determine organizational units based on the company’s structure.

5. Determine server naming conventions.

6. Determine user naming conventions.




Practice Activity 3-3: Design a HierarchicalNaming Scheme

ScenarioWorldwide Corporation has assigned you the task of designing a hierarchi-cal naming scheme. As an administrator, first you need to determine how todivide organizational units for Worldwide Corporation. To do this, answer thefollowing questions.

1. How should organizational units be divided: geographically, departmen-tally, workgroup, or by some other criteria?

Geographically. Staff moves between geographic regions are less fre-quent, so would require less recertification.

2. How many levels of organizational units are needed?

One or two. Try to keep the hierarchy as simple as possible.

To facilitate this activity,students may work ingroups. The answers forthis activity varydepending on personalopinion and organizationstructure.

Refer students to theWorldwide CorporationInfrastructure Planappendix, OrganizationStructure section, for theinformation to completethe activity.

After students createtheir organization charts:● Lead a class discus-

sion in whichstudents share theirproposals.

● Discuss the advan-tages anddisadvantages of thestudent solutions.





3. Should the servers and users be segregated, or kept together?

Segregated. Lotus Domino server management is easier if the servers arekept in their own organizational unit.

To create an organizational chart for Worldwide’s servers and users, usethe following guidelines:

● Place the name of the organization in the top row.

● Place the first level of organizational unit in the next row.

● Place subsequent levels of organizational units, if any, below par-ent levels.

● Place servers in their own organizational units.

● Place users in the lowest level.

Use the following blank organizational chart as a guide. The number oflevels and number of boxes in this chart are not indicative of the finalresult.




Topic C: Authenticating with IBM®

Lotus® Domino® Servers

Security Controls

Security controls determine access to servers and resources in the IBM®

Lotus® Domino® environment.

Use the controls to:

● Allow access to authorized users and servers.

● Block access for unidentified or specific users and servers.

The process of accessing information involves two levels of security:

● Authentication

● Access controls

Authentication establishes trust between two entities. Once trust is estab-lished, access controls determine what information is available to theentity. An entity can be a server or a client.

Bank card exampleTo gain access to bank account information, authentication occurs throughthe use of:

● A bank card containing user account information.

● A Personal Identification Number (PIN) identifying you as the owner ofthe card.

The PIN, along with the card, match the account information stored in thebank. Therefore, the bank trusts that you are the owner of the card. You areallowed access to the account. By using the bank card, you are also trustingthat the bank will provide the correct access. This establishes two-way trust.

Once you have gained access to the account, you are allowed access tospecific information based on the type of account you have. The type ofaccount determines the level of access. This is similar to access controlsthat can be set on entities such as servers, clients, or databases.

Security Controls

Present the concepts ofauthentication andaccess controls in theLotus Dominoenvironment using thebank card analogy.Details on certificatesand ACLs are presentedin the following sections.

CIBM® Lotus® Domino® 8.5 System Administration Operating Fundamentals



Certificates and ID Files

Authentication is controlled by certificates that identify and verify the entityconnecting to the server. A certificate is a unique electronic stamp stored inan ID file that associates a name with a public key. An ID may have manycertificates.

A certifier ID is a file that generates the electronic stamp to indicate atrusted relationship. Certifier IDs result when entities, such as organizationsand organizational units, are created during the registration process.

Note: The certifier ID does not provide access to anything. It acts as an electronicstamp to validate other IDs. The certificate is the stamp left on the ID by the processof certification. The certificate uses an electronic signature from the certifier to asso-ciate the user or server’s name with the user or server’s public key. For example, acertificate from /WWCorp issued to Inga Neste/Sales/WWCorp means that accordingto /WWCorp, Inga Neste/Sales/WWCorp has a specific public key that is stored inthe certificate.

Types of Certificates

The two types of certificates are:

● Notes certificates: Stored in an IBM® Lotus® Notes® or Lotus DominoID file that associates a name with a public key. Certificates permitusers and servers to access specific Lotus Domino servers.

● Internet (X.509) Certificates: Let a user access a server using SSLclient authentication or send an S/MIME message. Internet certificatescan be stored in the Lotus Notes ID.

Note: Certifier IDs and certificates are created on the server. However, they shouldbe moved to a very secure location, rather than left on the server. For example,copy the ID to a diskette and lock in a cabinet. Another approach would be tomigrate the certifier IDs to the Domino Directory

ID Files

A Lotus Notes ID identifies a user or server to Lotus Domino systems. Theuser and server registration process creates a unique ID.

Note: The password is used to encrypt the private key and optional encryption keysas well as to access the ID file.

Certificates and ID Files

Point out that certificatesare contained in LotusNotes IDs.

Tell students thatadditional information onpublic and private keysis included in the ExtendLotus Domino Softwareappendix.

Types of Certificates

ID Files

Topic C: Authenticating with IBM® Lotus® Domino® Servers



There are several types of ID files used in the Lotus Domino environment:

● The certifier ID file allows an administrator to certify Lotus Notes userswith hierarchical names. The certifier ID file stamps server, user, andother certifier IDs with its certificate.

● The user ID file is created by the administrator and contains informationthat Lotus Notes uses to identify a user. The file contains certificatesand the name of the ID owner.

● The server ID file is created by the system administrators and storesIDs on the server.

Components of an ID File

An ID file contains information to identify the owner of the ID in order todetermine access to resources in a domain. The following graphic illustratesthe information each user or server ID contains.

Figure 3-4: Components of an ID file

Note: The password is used to encrypt the private key and optional encryption keysas well as to access the ID file.

Common Certificates

In order to authenticate, each side (server and client or server and server)must have a common certificate. A common certificate is a certificatederived from the same Lotus Notes or Internet (X.509) certifier, or one of itsancestors in the organizational hierarchy.

Components of an IDFile

Common Certificates




Example of two organizationsWorldwide Corporation created another organization called Earth afteracquiring a new regional office. They wanted to restrict access to Earth untilthe office was up and running.

The following figure shows IDs containing certificates. The certificates in thesame organizational hierarchy (WWCorp) can authenticate with one another.A certificate from another organizational hierarchy (Earth) cannot authenti-cate with a Worldwide server.

In the following example, Marcus Frank can authenticate with the APPSserver. But Corretta Juarez in the regional office (Earth) cannot authenticatewith APPS because they do not have a common certifier or ancestor.

Figure 3-5: Certificates and hierarchies

Certificates andHierarchies




How Certificates Are Used in Authentication

Server settings control required access to the server by specifying authenti-cation levels. The following table explains the strong authentication methodsused.

Authenticate Using

In the Lotus Notes/Lotus Domino envi-ronment

Lotus Notes certificate

Between Lotus Domino and otherapplications using Internet protocols

Internet (X.509) certificate

In the Lotus Notes/Domino environ-ment and outside the Lotus Domino/Notes environmentExample: Internet e-mail to a LotusNotes client

Lotus Notes and Internet (X.509) cer-tificate (with S/MIME to sign Internetmessages between different mailpackages)

The following figure illustrates authentication.

Figure 3-6: Authentication using certificates

How Certificates AreUsed in Authentication(2 slides)

Define the terms strongand simpleauthentication.

Describe howauthentication occurs forLotus Notes and Webclients and for Strong,Simple, and Noauthentication(Anonymous).




Other authentication methodsIn addition to strong authentication using Lotus Notes and Internet certifi-cates, the other types of authentication are:

● Anonymous: No credentials. Examples of Anonymous access includeWeb pages for advertising and catalogs.

● Simple: User name and password. Can be used for customers toaccess information about their own orders or shipments.

The ID Vault Feature

The ID vault feature in Lotus Domino Administrator 8.5 enables administra-tors to manage secured copies of Lotus Notes user IDs. Administratorsconfigure policies to assign ID vaults for users. Once a policy has takeneffect, the secured copies of user IDs are uploaded to a vault database.

There are several advantages to using an ID vault:

● Lost or forgotten user passwords can be easily reset or recovered.

● Corrupted user ID files can be automatically replaced with the copies inthe ID vault.

● User IDs are automatically synchronized.

● User renames and user key rollovers are automated.

How to Create an ID Vault

Procedure Reference: Creating an ID vaultFollow these steps to create an ID vault.

1. In Lotus Domino Administrator, click the Configuration tab.

2. On the Tools menu, click ID Vaults→Create.

3. The Create and Configure Notes ID Vault wizard will display. ClickNext.

4. In the Notes ID Vault name field, enter the name of your choice.

5. In the Notes ID Vault description field, enter a description that canalso be used as the Lotus Notes ID vault database title.

6. Click Next.

7. In the Password field, enter a password of your choice.

8. In the Verify field, enter the password again.

9. If you want to change the Vault ID file location from the default, clickthe Location button.

10. Click Next.

The ID Vault Feature




11. In the Vault server field, your server is automatically selected. If youwish to change servers, click the Change button and select an alter-nate server from the list of available servers and click OK. To acceptthe default server, click Next.

12. Your user name should be listed in the The following administratorscan manage the Notes ID vault field. To add or remove administra-tors, click the Add or Remove button, select additional administratorsfrom the list of available users, and click OK. When creating the IDvault, only one administrator needs to be specified to complete creation.To accept the default administrator, simply click Next.

13. You are not required to specify an organization during creation. If youwish to do so, click the Add or Remove button, select additionaladministrators from the list of available organizations, and click OK. Toaccept the default, click Next.

14. On the Specify names that are authorized to reset passwords page,to accept the default selections, click Next. Use the Add or Add to Allbuttons to give additional users, groups, servers, and organizationalunits authorization.

15. On the How is this policy assigned page, you can leave the default Iwill specify a Notes ID vault policy at another time selected to con-tinue on to complete the wizard, or you can select to Create a newpolicy assigned to an organization, Create a new policy assignedto specific people or group, Create a new policy assigned to ahome server, or Edit an existing policy. After selecting an option,click Next to continue.

16. Click Create Vault.

17. Click Done.

Specifying information during vault creationWhen creating a Lotus Notes ID vault, some information is required immedi-ately, while other information can be specified either during creation or at alater time. The following table lists the required information:

● Lotus Notes ID vault name: The name of the ID vault cannot be thesame as any organization or organizational unit used in the LotusDomino domain. In addition, the name cannot be changed after thevault is created.

● Vault ID file location and password: The location of the vault ID file andthe password are required for vault administrators to create vault repli-cas or to delete the vault.

● Vault primary server: There can be only one primary server specified forthe vault.

● Vault administrator: At least one vault administrator must be specifiedduring vault creation.




The following lists information that can be provided during vault creation orafter the vault has been created:

● Organizations that trust the vault for ID storage: This information isused to create Vault Trust Certificates in the Lotus Domino Directory.The Vault Trust Certificate is a cross-certificate issued to the vault,and it shows that the vault is trusted to store the IDs descended fromthe certifier.

● List of those authorized to reset the passwords of IDs in the ID vault:This information is used to create Password Reset Certificates in theLotus Domino Directory. The Password Reset Certificate is a cross-certificate issued to individuals, organizations, or organizational units,and it indicates who can reset or change the passwords for IDs in avault.

● List of user IDs assigned to the vault: This information is controlledthrough user policy configuration.




Topic D: Controlling Access toResources

Introduction to Lotus Domino Access Controls

IBM® Lotus® Domino® controls secure information so it is available only tothose who require it. Lotus Domino provides settings to selectively controlaccess to server resources. Controls can be placed on many levels: theserver, database (including information in fields on a form), agents, applets,and Web pages.

The controls used depend on the security level required for applications andthe user access required. Many of the decisions involving applicationdeployment are made by the developer. However, security is often imple-mented by the administration staff. There are many settings in the LotusDomino Server Configuration Settings documents that control access to theapplication.

Access Control Lists

An access control list (ACL) determines access to a given database, andthe type of access allowed. Every Lotus Domino application has an accesscontrol list.

Introduction to LotusDomino Access Controls

Review that serversecurity consists ofauthentication andaccess control.Authentication wasdescribed previously.This section coversaccess to servers andserver resources (suchas application) onceauthentication isestablished.

Access Control Lists

The Access Controlsslide displays the levelsof Lotus Domino accesscontrol. The slide can beused in conjunction withthe information on thispage to describe accesscontrol.

DIBM® Lotus® Domino® 8.5 System Administration Operating Fundamentals



Roles

A role identifies a set of users and/or servers. Roles apply only to the data-base in which they are created.

How Lotus Domino Controls Access

Lotus Domino uses roles and an access control list to control access todatabases.

The following table describes how Lotus Domino controls access.

Access to Is controlled by

Server, including IBM® Lotus Notes®

clients, Web clients, and other LotusDomino servers

● Server settings and restrictions

● Settings that allow and deny accessto users, servers, Lotus Notes, andWeb clients

● Restrictions that allow or denyaccess to server software andapplications

● Groups

Lotus Domino file folders File folder access controls and restric-tions

Run Java™ applets Server restrictions

Run Lotus Domino agents (programsthat perform specific tasks within adatabase, such as sending mail mes-sages)

Server restrictions

Databases:

● Forms and views

● Documents

● Fields

● Access control lists (ACLs)

● Groups

● Roles:

■ Subsets of users or servers in anACL

■ This adds an additional level ofaccess control over thosealready controlled by the ACL

● Encryption, for field control

Web pages Web server controls

Roles

Some examples ofserver software andapplications include:SMTP, Agents,LotusScript andJavaScript.

(Optional) Open aConfiguration Settingsdocument and tellstudents that it containssecurity settings. Showsome examples.

How Lotus DominoControls Access

Topic D: Controlling Access to Resources



Stages of Access Control

The following graphic shows the stages of access control that can be set onspecific Lotus Domino components.

Figure 3-7: Stages of access control

The following table describes the access control stages.

Stage Description

1 Successful authentication extracts the name in the Person document(ID file). The name is then checked against the server, file, database,data, and field access.

2 Server access: Name is checked in Server Restrictions or DenyAccess for access to the server.

3 File access: Name or group is allowed access to the server’s filefolders.

4 Database access: Name is checked for access to the database.

5 Data access: Name is checked for view, form, read, and edit accessto the document in the database.

6 Field access: ID is checked for the appropriate encryption key toaccess the field in the document.

Stages of AccessControls

Describe the levels ofaccess to resources.




Settings in the Server document determine who has access to specific com-ponents. For example:

● Administrators may have access to monitoring tools while users maynot.

● Some users may have permission to run agents.




Activity 3-4: Identify Server Access

ScenarioWorldwide Corporation has enabled some security mechanisms in the LotusDomino environment. As an administrator, you need to be aware of whatsecurity mechanisms are currently in use.

Note: If you have questions regarding the settings, use the context sensitive Help.

Wildcards can be used for a group of servers; for example: */SVR/WWCorp.

Follow these steps to complete the activity. Document the current Worldwidesecurity settings and answer the questions.

Step Action

1. Click the Configuration tab→Server section→Current Server Documentview.

2. Click the Security tab.

3. For the Administrators section, who are the authorized administrators?

LocalDomainAdmins, LocalDomainServers, and DoctorNotes/WWCorp.

4. In the Security Settings section, does the server allow Lotus Notes users toaccess anonymously?

Yes

✓ No

5. Scroll to the Server access section. Who can create new databases on theserver?

Blank = All.

6. In the Server access section, who can use monitors?

* = Everyone.

Note: Open the document in edit mode and use field help.

7. Scroll to the Programmability Restrictions section. Who can run unrestrictedmethods and operations?

Blank = No one.

8. In the Programmability Restrictions section, who can sign agents to run onbehalf of someone else?

LocalDomainAdmins.

Prior to beginning theactivity, addlocaldomainadmins tothe Sign agents to runon behalf of someoneelse field.

As you lead studentsthrough the activity, askfor the answers to thequestions.




Security Using Groups

The following table provides examples of what groups can be used to do.

Use Example

Provide a group of users withaccess to a database.

LocalDomainAdmins: Allows administratorsfull access to the Lotus Domino Directory.

Provide a group of servers withpermission to replicate a data-base.

LocalDomainServers: Allows serversaccess to Administration Requests.

Deny a group of users access toa server or database.

Group of terminated employees: Restrictsaccess of specific employees to sensitivecorporate information.

Examples of group accessAdministrators create and maintain groups in the Lotus Domino Directory.The database administrator is subsequently responsible for providing theappropriate level of access and security to each database.

For example, Worldwide Corporation has the groups listed in the followingtable. Each group has access to a database relevant to its responsibilitywithin the company.

Database Group Access

Personnel records ● Individual users

● Department managers

● Reader access to owndocuments only

● Reader access todocuments of all sub-ordinates

Policies ● HR staff

● Corporate staff

● Editor access to allrecords

● Reader access to alldocuments

Security Using Groups

Describe how groupsare used to allow ordeny access to theserver. Discuss thesettings the studentsrecorded in the previousactivity. Are the settingsappropriate? Why?




Allowing access to parts of the hierarchyUsers and servers in specific parts of the Lotus Domino hierarchy can beassigned access by using a wildcard (*). For example, assigning access for*/East/WWCorp allows access to all users in the Organizational Unit Eastwithout creating a group.

Group Types

Group types are used to define the purpose of the group and determinethe views in the Lotus Domino Directory where the group name appears.

For example, the group of terminated employees appears in the Deny Listview, and access control groups appear in the Access Control view.

Using specific group types improves performance by reducing the size ofview indexes in the Domino Directory.

The following table describes the purpose of various group types.

Group type Purpose

Multi-purpose Multiple uses; for example, mail, ACLs, and so on

Access Control Listonly

Adding to ACLs

Mail only Mailing list groups

Servers only Server groups

Deny List only Terminated users or other usersNote: Deny List groups appear in a different listing

Group Types

Static groups, includinga predefined set ofmembers, are stored inthe Domino Directoryand can be used as mailaddresses. Describedynamic groups, suchas */East/WWCorp. Tellstudents that thesegroups are used toinclude all entities in aparticular organizationalunit at the time ofconnection. They arenot stored in the DominoDirectory and cannot beused as mail addresses.




Best Practices for Creating Groups

The most effective way of allowing or denying access to a server is to cre-ate and maintain appropriate groups. To do this:

● Assign a group name that identifies the content. For example:

■ The region in which the entries are located

■ Global if it is a group that contains names that span the entireorganization

● Nest groups for easier maintenance.

Caution: Too many nested groups may cause confusion and be cumbersome tomanage.

Best Practices forCreating Groups

Describe a nested groupexample.

As an added securityfeature, administratorscreate two regionalgroups.

The groups are:● Deny Access East =

Access denial forpeople in /East

● Deny Access West =Access denial forpeople in /West

Before deleting a userfrom the Lotus Dominosystem, the localadministrator adds theuser to one of thegroups.

Each of the groups isincluded in the Deny Allnested group. For eachserver restrictionssetting, Deny All has Noaccess in the serversection. This ensuresimmediate denial to anyWWCorp server.

Show the students howto create an example ofa nested group:1. Click the People &

Groups tab.2. Click Tools→

Groups→Manage.




Activity 3-5: Determine Group Access to theServer

ScenarioWorldwide Corporation allows server and administration access usinggroups. As an administrator, you should be able to determine which groupshave access to the server and which groups can administer the server.

Follow these steps to determine which groups have access to the serverand which groups can administer the server, and answer the questions.

Step Action

1. Click the People & Groups tab→Domino Directories section.

2. Click WWCorp’s Directory→Groups.

3. Open the Administrator group (LocalDomainAdmins).

4. Who are the members in the Administrator’s group (LocalDomainAdmins)?

DoctorNotes/WWCorp, EastAdmins, and WestAdmins.

5. Click Cancel to close the group.

6. Who are the members of EastAdmins and WestAdmins?

Admin East01/WWCorp, Admin East02/WWCorp, Admin East03/WWCorp, Admin East04/WWCorp, Admin East05/WWCorp,Admin East06/WWCorp, Admin West01/WWCorp, Admin West02/WWCorp, Admin West03/WWCorp, Admin West04/WWCorp,Admin West05/WWCorp, and Admin West06/WWCorp.

7. Click the Configuration tab. In the Server section, click the CurrentServer Document view, and click the Security tab.

8. After reviewing the Security tab in the Current Server Document, do anygroups have administration capabilities on the server?

LocalDomainAdmins, LocalDomainServers.

9. Scroll to view the Server Access section.

10. After reviewing the Server Access section, do any groups have access tothe server?

LocalDomainAdmins, LocalDomainServers.

Add theLocalDomainAdminsandLocalDomainServersgroups to the ServerAccess field prior to theactivity.

After students completethe activity, point outwhat the Administratorsgroups can do whatother groups may not beable to do, such as runremote console.

If students select theAdministrator tab in theServer document andfind access information,this is the access for theServer document only,not for the server ordatabases.




Topic E: Determining Database AccessLevels

Access Control List Levels

The following table lists the access levels for IBM® Lotus® Domino®.

Level User access Server access

No Access No access to the database, No access to the database(except, optionally, to read orwrite public documents)

Depositor Can create documents in thedatabase, but cannot read,edit, or delete documents,including those they create

Can push new documents, butcan never pull documents.Note: This ACL level is notnormally assigned to servers.

Reader Can read documents, but can-not create, edit, or deletethem

● Can replicate to receive (pulldocuments) only (not tosend, or push, documents)

● Minimum access for serversto get data

Author Can create and read docu-ments, and edit owndocuments if Authors fieldsare usedNote: Designers can modify adatabase to allow users toedit their own documents.

● Can replicate new docu-ments, but cannot modifydocuments

● Minimum access for serversto send data

Note: This ACL level is notnormally assigned to servers.

Editor Can create, read, and edit alldocuments

Can replicate all new andchanged documents

Designer Can modify the databasedesign, but cannot modify theACL or delete the database

Can replicate all new andchanged documents, and repli-cate design elements. Canalso create full-text indexes.

Manager Can perform all operations onthe database, includingchanging ACLs and deletingthe database

Can replicate ACL changes aswell as all document anddesign changes

Access Control ListLevels

Demonstrate the ACLsettings:● From the Files tab,

select the Adminis-tration Requestsdatabase.

● Click Tools→Database→ManageACL.

● Select each of thefollowing entries tosee what accesseach entry has:Default, Anonymous,orLocalDomainAdmins.

● Click OK to close theManage ACL tool.

ETopic E: Determining Database Access Levels



Activity 3-6: Identify Access to the LotusDomino Directory

ScenarioWorldwide Corporation has an active Domino Directory structure in place.As an administrator, you should be able to identify which groups haveaccess to the Lotus Domino Directory.

Follow these steps to determine which groups have access to WWCorp’sdirectory and what type of access they have.

Step Action

1. Click the Files tab.

2. Open WWCorp’s directory.

3. In the About Domino Directory document, click Close this document toview the database.

4. Click File→Application→Access Control.

5. What are the server group names and their access?

LocalDomainServers have Manager access andOtherDomainServers have Reader access.

6. What are the Person group names and their access?

LocalDomainAdmins have Manager access.

7. What are the individually defined names and their access?

Doctor Notes has Manager access.

8. Click Cancel.

9. Close the WWCorp’s Directory database.

10. Using available help information, define a role.

Database-specific groups created to simplify the maintenance ofrestricted fields, forms, and views. You can apply a role toAuthors fields and Readers fields and read and create accesslists in forms and views.

During this activity,describe the icons usedin the ACL; for example:Server group, User, andPerson group.

Ask students whataccess they have andwhat this means interms of what they canand cannot do. Thenask students whataccess administratorshave and what they cando.

Briefly describe rolesand how they refineaccess.




Instructor Activity 3-7: Test Security

ScenarioAs the administrator, you will need to be familiar with testing security in theLotus Domino environment. Your instructor will make some access controlchanges and direct you to test security. Steps are labeled to indicate thosethe Instructor should perform and those students should perform.

Follow these steps to test security.

Step Action

Instructor:

1. Add the EastAdmins group to the Not Access Server field in the Serverdocument.

2. Change the ACL of Domino Directory to remove LocalDomainAdmins andadd EastAdmins.

3. Restart the server.

Students:

4. Exit Lotus Domino Administrator and Lotus Notes and re-open DominoAdministrator.

5. Open the Domino Directory and click the People & Groups tab.

6. Can you access the server or the Domino Directory? Why are some notable to access the server or the Domino Directory?

West## users should have access to the server as theWestAdmins group was not restricted access, but they will notbe able to access the Domino Directory because they are notincluded in the ACL for the Domino Directory. East## usersshould not have access to the server because the EastAdminsgroup was restricted access, and because they no longer haveaccess to the server, they will not be able to access the DominoDirectory even though they were specifically added to the ACLfor the Domino Directory.

Instructor:

7. Reverse the access changes made at the beginning of the activity andrestart the server.

Topic E: Determining Database Access Levels



Topic F: Determining WorkstationSecurity Levels

Execution Access

Protect user workstations by specifying different types of execution accessfor different people or organizational certifiers who run IBM® Lotus Notes®

scripts and formulas. For example, assign all types of execution access toan IBM® Lotus® Domino® administrator, but allow no execution access tounsigned scripts or formulas.

Note: By default, scripts and formulas, whether signed or unsigned, do not executeon a workstation without displaying a warning message. However, scripts and formu-las created using a Lotus Notes template and signed “Lotus Notes TemplateDevelopment/Lotus Notes” have complete execution access.

The Execution Control List

The default Execution Control List (ECL) defines workstation security forthe Lotus Notes client. If a group is not specified in the ECL, Lotus Noteswarns the user when an application attempts to run on that client. This pro-vides the user with the opportunity to control what code can be executed onthe user’s machine. The following figure shows a sample ECL.

Figure 3-8: Execution Control List

Execution Access

The Execution ControlList

Open the What OthersDo→Using JavaScriptpanel in the UserSecurity dialog box andbriefly describe theinformation and settings.Use Lotus NotesTemplate Developmentas an example.

FIBM® Lotus® Domino® 8.5 System Administration Operating Fundamentals



Lesson SummaryIn this lesson, you managed Lotus Notes and Lotus Domino security. Under-standing the process of ensuring proper access to Domino servers withsecurity mechanisms in place will allow you to effectively control access to aLotus Notes and Lotus Domino environment.

Topic F: Determining Workstation Security Levels



Examining IBM® Lotus®

Domino® Mail Routing

■ Topic A: Introducing IBM® Lotus® Domino® Messaging

■ Topic B: Designing a Mail Routing Topology

4


Introduction

IBM® Lotus® Domino® supports two mail transfer protocols: Lotus Domino’snative routing protocol, NRPC (Notes Remote Procedure Calls), and theInternet standard, SMTP (Simple Message Transport Protocol).

Note: This lesson covers only intranet mail routing.


● Describe Lotus Domino mail routing.

● Design a mail routing topology.

Lesson 4 ■ Examining IBM® Lotus® Domino® Mail Routing


Topic A: Introducing IBM® Lotus®

Domino® Messaging

Lotus Notes Named Networks

Servers that meet the following criteria can be members of the same LotusNotes Named Network (NNN):

● Are in the same IBM® Lotus® Domino® domain.

● Share a common Local Area Network (LAN) protocol.

● Can maintain a constant connection on the same LAN or bridged/routedWide Area Network (WAN).

NNN best practicesServers that meet the criteria can belong to the same NNN. However, con-sider separating servers into different NNNs under the followingcircumstances:

● To control when mail routes between servers:

Administrators may want to control when mail routes between serversrather than allow mail to route automatically, as is the case betweenservers in the same NNN.

● To reduce network traffic between regions:

Regional administrators would instruct users to access applications onservers in their own region.

Mail Routing and Lotus Notes Named Networks

Mail routing occurs automatically between servers in the same NNN.

To enable communication between servers in other Lotus Notes NamedNetworks, configure Connection documents. Connection documents includespecific connection information, such as server definitions, delivery schedulerequirements, and message queue lengths.

When routing mail between servers in separate NNNs, each mail serverrequires a Connection document.

Lotus Notes NamedNetworks

Mail Routing and LotusNotes Named Networks

Create a Connectiondocument and show thefollowing key fields:● Basics (show the

Source and Destina-tion servers)

● Replication/Routing→Routing section

● Schedule (showEnabled/Disabledand Connectiontimes)




Mail Routing Protocols

It is possible to use a combination of SMTP and NRPC within an organiza-tion. For example, Worldwide Corporation could route mail within thecompany intranet using Lotus Domino’s native routing protocol, NRPC, androute mail to the Internet using the SMTP protocol.

The following table defines the mail routing protocol options in LotusDomino and the connection ports they use.

Protocol Definition Port

NRPC Notes Remote Procedure Calls. NRPC canbe set up to route mail within a Lotus Dominodomain and to route mail between LotusDomino domains.

1352

SMTP Simple Messaging Transfer Protocol. SMTPis an industry standard Internet routing protocolwhich is native in Lotus Domino.Note: SMTP supports the TCP/IP protocol only.

25

Note: NRPC uses port 1352 for server-to-server and server-to-client communica-tions, not just mail transport.

Using NRPC vs. SMTPUse the following guidelines when determining which protocol to use.

● Use SMTP alone under these circumstances:

■ For Internet communication.

■ If Lotus Domino is being used for mail only.

● Use NRPC to take advantage of these Lotus Domino features:

■ Sending document and database links via e-mail.

■ Lotus Notes public key security.

■ Mail-enabled workflow applications.

Mail Routing Protocols

Topic A: Introducing IBM® Lotus® Domino® Messaging



Mail Routing Components

Mail routing is one of the key features for many Lotus Domino implementa-tions. The Lotus Domino mail files and tasks work together to provide aconsistent and reliable messaging environment. The following tabledescribes the key components of Lotus Domino messaging.

Term Definition

Mail file The Lotus Domino application in which the user creates,sends, retrieves, and stores mail messages.

Mail server A user’s mail server is the server where the user’s mail fileresides and is specified in the Person document in theDomino Directory.

Mailer The Mailer resides on the workstation and performs thesetasks:

● Verifies the existence and spelling of the name(s) if therecipient is listed in the Domino Directory.

● Converts the message to Multi-purpose Internet MailExtensions (MIME), if necessary.

● Deposits the message in Mail.box on the sender’s mailserver.

Domino Direc-tory

The Lotus Domino application that stores information aboutthe sender’s (and possibly recipient’s) mail server, mail filesystem, mail file name, mail address, and connections toother servers for transfer and delivery.

Mail.box A special database that resides on every server used for maildelivery. Mail is temporarily stored in Mail.box before therouter delivers or transfers the mail.

Router A server-based task that delivers and transfers mail. Itchecks the Lotus Domino Directory for connections to otherservers and deposits mail in users’ mail files and other serv-ers’ Mail.box.

Mail RoutingComponents

Use the table tointroduce the names ofthe key mail routingcomponents and wherethe key componentsreside (workstation orserver).




Mail Settings that Affect Routing

Settings for servers and users control how and when mail routes. The fol-lowing table introduces some of the messaging settings available in LotusDomino.

Settings Options

Server ● Messaging settings

● Connection documents

● Domain documents

● Configuration documents, including:

■ Inbound controls: SMTP controls for mail from theInternet

■ Outbound controls: SMTP controls for mail to theInternet

User ● Mail storage format

■ Native MIME (Multi-purpose Internet Mail Extensions):Internet mail formats

■ Notes Rich Text: Lotus Notes and Lotus Domino format

Mail Settings that AffectRouting

Using the DominoDirectory, showexamples of thefollowing documentsand settings:● Connection docu-

ment with mailrouting information

● Server documentwith message set-tings

● Configuration Set-tings document withInbound/OutboundSMTP controls

● Person documentwith mail storage set-tings (Basics→Mailsection→Incomingmail)

Topic A: Introducing IBM® Lotus® Domino® Messaging



The Mail Routing Process

Mail routing occurs automatically between servers in the same NNN, usingrouting information in the Lotus Domino Directory.

The following graphic shows how mail is routed.

1. User creates and sends a mail message from the workstation.

2. Client Mailer program checks names in the directory .

3. Client Mailer puts mail in Mail.box on the home server specified

in the user’s Location document.

4. Router task on the home server polls Mail.box for new messages.

5. Router checks directory for routing information and for addresses onthe message and determines message route.

6. Router transfers message to Mail.box on next destination server.

7. Router task on destination server polls Mail.box for new messages.

8. Router checks directory for routing information for addresses on themessage.

9. Router delivers mail to recipient’s Mail file.

Router Optimizations in Lotus Domino 8.5

Router optimizations have enhanced the routing capabilities in the LotusDomino environment. Optimizations offer various advantages:

● Decreased amount of time taken for routing a message.

● Decreased message backlogs in the Mail.box.

● Overall improvement in performance.

● Reduced latency.

● Prevent creation of extra copies of messages.

The Mail RoutingProcess

Show the flow of a mailmessage. Reinforce theterms described on theprevious pages.

Explain that the routertransfers messagesautomatically betweenservers in the sameNNN and based on aschedule defined by aConnection documentbetween servers indifferent NNNs.

Show the Routinganimation (Routing.exe).The animation showsrouting of workflowapplications. It may helpto give students agraphic representationof how routing works.

Router Optimizations inLotus Domino 8.5

This content can beskipped if the class isshort on time.




Topic B: Designing a Mail RoutingTopology

Mail Routing Topologies

A mail routing topology establishes which servers are connected and howthey communicate specific information.

IBM® Lotus® Domino® identifies topologies for:

● Replication: Determines how to connect servers to exchange databasechanges.

● Mail routing: Determines how to connect servers to send mail.

Topology Types

A topology defines how mail servers are set up within an organization. Thetwo basic types of topology are hub-and-spoke and peer to peer. In a peer-to-peer topology, every server connects to every other server. It is mostcommonly used when connecting a small number of servers in a workgroupor department. In a hub-and-spoke topology, mail traffic passes between acentral hub server and multiple spoke servers; no mail is exchanged directlyamong the spokes. A hub-and-spoke topology is suited to handling a highvolume of mail across a large organization.

The type of topology uses can vary depending on the size and type of theorganization:

● Small firms (four or fewer servers): Use peer-to-peer mail routing, whichquickly disseminates mail to all servers.

● Mid-size firms (four to six servers): May use a combination of peer-to-peer and hub-and-spoke.

● Large organizations (six or more servers): Use hub-and-spoke mailrouting.

Note: Implement hub-and-spoke topology for maximum efficiency with high volumemail traffic and to allow for easier expansion, such as adding servers or clusteringservers.

Mail Routing Topologies

If students are unfamiliarwith the terms, explainthat peer-to-peer issometimes called mesh.

Mention that replicationis discussed in detaillater in the course.

Topology Types

Show the connectionsbetween the hubs andthen to the spokes.

BTopic B: Designing a Mail Routing Topology



The following figure shows an example of a hub-and-spoke topology.

Figure 4-1: Hub-and-spoke topology

Hub and Spoke Topology Considerations

Considerations for a hub-and-spoke topology include the following:

● Use hubs when there are six or more servers in the Domino domain.

● A hub machine requires considerable system resources (memory, diskspace, and network protocols).

● Use a cluster for hubs to provide failover.

How to Design a Mail Routing Topology

Designing a mail routing topology will assist you in ensuring that the serversin an IBM® Lotus Notes® and Lotus Domino environment are properly con-nected, and that they communicate the appropriate information.

Hub and SpokeTopology Considerations

How to Design a MailRouting Topology




The following are some guidelines for designing a mail routing topology.

● Determine the number and server membership of Lotus Domino NamedNetworks based on the network protocols in use.

● Determine the appropriate topology type based on the size and type ofthe organization. For example, peer-to-peer, hub-and-spoke, end-to-end, or hybrid.

● If using hub-and-spoke:

■ Determine the number of hubs and the appropriate systemresources for each hub.

■ Determine if clustering the hubs is necessary.

Topic B: Designing a Mail Routing Topology



Activity 4-1: Design a Mail RoutingTopology for Worldwide Corporation

ScenarioWorldwide Corporation administrators need to design a mail routing topol-ogy that supports the hardware configuration, network protocols in use, andtypes of Lotus Domino servers in place. The following table provides theWorldwide Corporation hardware configuration. As an administrator, youshould be familiar with designing a mail routing topology.

Follow these steps to design the topology and determine the possible con-nections.

Location Systems Network

Corporate Headquarters(HQ)

● One large mainframerunning Lotus Dominomail and other busi-ness applications

● System has additionalcapacity and networkbandwidth

Running TCP/IP through-out the building

Eastern Region Three departmental serv-ers:

● One running onlyLotus Domino mail

● Two running LotusDomino mail and otherapplications

● LAN connectionsamong all servers

● Lotus Domino serverwith TCP/IP connectiv-ity

● Network router connec-tion to Corporate

Western Region Three departmental serv-ers:

● One running onlyLotus Domino mail

● Two running LotusDomino mail and otherapplications

● LAN connectionsamong all servers

● Lotus Domino serverwith TCP/IP connectiv-ity

● Network router connec-tion to Corporate

Relate the serverdescriptions to theserver types coveredpreviously. Each regionhas:● Lotus Domino Mail

servers = 1● Lotus Domino Appli-

cation servers = 2

After the studentscomplete the activity,review the possibleanswers.




The following graphic illustrates the environment.

Step 1: One NNN wouldbe sufficient if allsystems are connectedthrough high-speedlines. If the regionaldivisions are separatedand must connect over aWAN, or if Worldwidewants to control mailrouting schedules, threewould be the mostappropriate.

Step 2: OUs are thebest way to organizeservers and users intomore manageablegroups.




Note: The written questions for this exercise are similar to the format used in theIBM Software Services for Lotus Certification exams.

Step Action

1. Which of the following numbers of NNNs would be appropriate for World-wide’s deployment?

✓ a) One

b) None

c) Two

✓ d) Three

2. Which one of the following hierarchical naming levels would best organizethe servers and users?

a) Country

✓ b) Organizational unit

c) ID

d) ACL

3. If there is more than one NNN, then which one of the following is the bestmechanism to route mail from server to server?

a) Program document

b) No action required

✓ c) Connection document

d) Configure a gateway

4. If high-speed lines connect all of Worldwide’s systems, which one of the fol-lowing would be the most appropriate mail routing topology?

a) Mixed

✓ b) Peer-to-peer

c) Ring

✓ d) Hub-and-spoke

5. Circle and label the appropriate number of NNNs.

6. Draw lines between servers in which mail will route automatically.

7. Draw lines between servers to represent a Connection document to routemail on a schedule. Use arrows to indicate the direction in which mail willroute. Draw as many lines as will be Connection documents.

Step 3: A Connectiondocument provides theconnection type andschedule for mail routingwhen servers do notreside in the same NNN.Verify that all studentsunderstand why this isthe correct answer.

Step 4: Answers canvary. If all systems havehigh-speed connections,a peer-to-peer would beappropriate. However, ifthe organization plans togrow, a hub-and-spoketopology might be best,consisting of:● A main hub, which is

the Corporate mailserver.

● Two spoke servers,which are theregional mail servers.





Lesson SummaryIn this lesson, you described mail transfer protocols supported by LotusDomino. Understanding the NRPC and SMTP mail transfer protocols canhelp you administer mail routing for your organization.




Examining IBM® Lotus®

Domino® Replication

■ Topic A: Introducing IBM® Lotus® Domino® Replication

■ Topic B: Designing a Replication Strategy

5


Introduction

The Lotus Domino Directory is the central database in the IBM® Lotus®

Domino® domain, and exists on every server in the domain. Likewise, thereare other databases that Lotus Domino uses to function properly, such asthe Certification Log and Administration Requests database, that need to besynchronized on all servers in the domain. A process called Domino Repli-cation keeps the Domino Directory synchronized on all servers in thedomain.

Additionally, users in the Lotus Domino environment use databases to col-laborate and exchange information. These databases can reside ongeographically dispersed servers and also need to be synchronized so allusers have access to the same information.


● Identify how replication works.

● Design a replication strategy.

In this lesson, studentswill see how LotusDomino distributesinformation betweendatabases on serversacross the domain. Theywill have an opportunityto create a databasereplica, make changes,and synchronize thosechanges with otherclassroom replicas.Students will alsodiscuss the planningaspects of designing areplication topology forthe servers in thedomain includingschedulingconsiderations.

Students will determinea replication strategy forWorldwide Corporation.

Lesson 5 ■ Examining IBM® Lotus® Domino® Replication


Topic A: Introducing IBM® Lotus®

Domino® Replication

What is Lotus Domino Replication?

Replication is the process of synchronizing documents from the same data-bases on different workstations or servers over time. Replication enablesexchanging modifications between special copies of databases called repli-cas.

What is Lotus DominoReplication?

Run the Replicationanimation (Replication.exe), which provides anexcellent overview ofreplication. Show onlythe following topics atthis time:● What is Replication?● How Does Replica-

tion Work?

Even though replicationand replicas arementioned in theanimation, students willneed to fully understandsome of the basic termsinvolved with replication.Define the terms in theaccompanying table.




Components of the Replication Process

The following table describes the terms used for replication.

Term Definition

Replicator The Replicator is a server task that is loaded, but not initi-ated, at server startup. The Replicator pulls data from, orpushes data to, another server.

Replica ID The unique value assigned to a database when it is first cre-ated. Replicas of the same database share the same replicaID. The Replicator looks for databases with the same replicaID to synchronize.The replica ID is found on the tab in Database

Properties.Note: A database copy does not share the same replica IDas the original database. Only database replicas share thesame replica ID.

Unique NotesIdentificationNumber (UNID)

The unique value assigned to a document when it is firstsaved. The Replicator looks for documents with the sameUNID to synchronize.The UNID is found on the tab in Document Proper-

ties.

Replication His-tory

A list of dates and times when two servers or a server andworkstation successfully replicated. The Replicator uses Rep-lication History to determine which documents are new,changed, or deleted since the last time the two databasesreplicated.

Components of theReplication Process

Follow these steps toshow different replicaIDs for a database copy.1. Create a local data-

base copy of theMarketingTeamRoom data-base.

2. Open DatabaseProperties to showthat the replica ID isdifferent from theoriginal databasewhose replica ID isshown on the stu-dent page.

Topic A: Introducing IBM® Lotus® Domino® Replication



The Server-to-Server Replication Process

The following figure shows how replication works using a replication typecalled Pull-Pull, where both servers share the workload.

East01 initiates Pull-Pull replication with West01. In this example, Pull-Pull isaccomplished by configuring Pull Only replication on both servers.

Replication Tools

Administrators use the following methods to initiate server-to-server replica-tion:

● Connection document – Used to schedule replication between two serv-ers.

● Server console – Used to force replication between two servers.

The Workstation to Server Replication Process

Since the workstation software does not have a Replicator, it is the worksta-tion software itself that reads changed documents from the applicationserver and writes those changes to the local replica. The workstation alsopushes its changed documents to the application on the server. The server’sReplicator is not involved in workstation-to-server replication.

As with server-to-server replication, the ACL, design, and documentchanges are distributed based on server, database, and document settings.

The Server-to-ServerReplication Process

Stress the followingpoints:● Define target and

source server in thefirst Pull cycle.

● How the target andsource serversswitch during thereverse Pull.

Replication Tools

Open a Connectiondocument and show thereplication schedule.

The Workstation toServer ReplicationProcess

Emphasize that theserver’s Replicator taskis not involved when aserver replicates with aworkstation.




Database Replicas

IBM® Lotus® Domino® makes it easy to collaborate with others by allowingusers to work in database replicas that are located in geographically dis-persed servers or on local workstations with Lotus Domino replicationkeeping those databases synchronized.

Manager access to local replicasThe user can be permitted Manager access to a local replica of a databaseresulting in the user being able to make any number of changes to the localreplica. However, additions, changes, and deletions to notes in the databasewill replicate back to the server based on the ACL of the database on theserver.

For example, if a user has Reader access to the server replica, no changesmade to the local replica will replicate back to the server replica.

The Database Replication Process

The following table describes how information in applications is keptupdated on all servers during replication.

Stage Description

1 The Replicator compares its list of applications with the called serv-er’s list of applications to determine which application they have incommon.

2 Working on one application at a time, the initiating server builds alist of ACL, design, and document modifications that have occurredsince the last time these two servers replicated.

3 The Replicator pulls (reads and writes) ACL and design and docu-ment changes, based on permissions set in each server,application, and document.

4 Upon completion of replication with the first application, theReplicator updates the replication history for that application andmoves on to the next application in common. It repeats Stages 2and 3.

5 When the initiating server has replicated all application in commonwith the called server, the Replicator will tag the called server’sReplicator to repeat the same process in the other direction.

Database Replicas

The DatabaseReplication Process

Use the accompanyingtable to describe howreplication keepsinformationsynchronized.

This process describesPull-Pull replication.Other replication typesare introduced later inthis lesson.




Streaming Replication

Streaming replication is a feature that enables Lotus Domino users to repli-cate a number of documents and attachments. Smaller documents arereplicated first. So, even if the replication process is aborted, the target sys-tem will still have the smaller documents. Also, an aborted application canbe reinitiated. Streaming replication allows users to start using the docu-ments before replication is complete. It also reduces network traffic andlatency.

The Field-Level Replication Process

Field-level replication is the process of copying only fields that havechanged since the last time the two databases replicated.

If the target document is unchanged, the Replicator uses field-level replica-tion by default and copies only the source document’s changed fields to thetarget document. Field-level replication occurs automatically without anyintervention from the administrator or database designer.

The following figure shows that only the changed field containing X is repli-cated.

Benefits of field-level replicationField-level replication reduces:

● Replication time. Only fields that have changed are copied, instead ofthe entire document.

● Network traffic, provided large fields in the document have not changed.

● The number of replication conflicts, when different fields on the sameform have been edited on different servers.

The application designer can reduce replication time by designing applica-tions with field-level replication in mind. Large fields that will be editedfrequently might be better broken up into many smaller fields.

The Field-LevelReplication Process

Use the graphic toillustrate field-levelreplication. Emphasizethese points:● Only the changed

fields are copiedwhen the targetdocument isunchanged.

● This is the defaultbehavior of theReplicator.




Factors that Affect Replication

There are any number of factors that may cause applications to not repli-cate as desired. Security settings may prevent a server from authenticatingwith another server or prevent access to the application to replicate the cor-rect documents. As seen in the previous section, the replication scheduleand selected replication type are critical to successful replication.

The following table summarizes some of the factors that affect if and howdata transfer occurs during replication of Lotus Domino applications. Con-sider these factors when setting up or troubleshooting replication issues.This is not an exhaustive list of factors that affect replication.

Factor Potential problem

Replication schedule Incorrect information in the Connection document canprevent replication. For example, an incorrect servername.

Replication type Incorrect replication type can prevent bi-directional rep-lication.

Server access list If the initiating server is not allowed access to thecalled server, replication stops.

Authentication Servers that do not have a certificate in common can-not authenticate, and replication will not occur.

Replica ID Applications that do not have the same replica ID can-not replicate.

Replication Settings A database where replication has been temporarily dis-abled cannot replicate.

Access control list If the called server does not have the appropriate appli-cation ACL access on the initiating server, someapplication elements might not replicate correctly.

Factors that AffectReplication

Run the Replicationanimation (Replication.exe) again. Show onlythe following topics atthis time:● Replication Options● Factors Affecting

Replication● Replication Conflicts

Review the informationin the accompanyingtable. Note that thefactors described arenot a complete list; theyare intended to makestudents aware of theplaces and issues tocheck when setting upor troubleshootingreplication problems. Iftime permits, you mightwant to discuss someother factors that affectreplication, such asReaders fields.




Activity 5-1: Create a Local Replica and TestReplication

ScenarioWorldwide employees need to work in a local replica of an application whenthey are out of the office and disconnected from the network. As an adminis-trator, you should be able to create a local replica of an application from theserver for remote employees to use while they are out of the office.

Follow these steps to create a local replica of the Policies application fromHub/SVR/WWCorp, add a document, and replicate the changes to theserver.

Step Action

1. From Lotus Domino Administrator, click the Files tab.

2. Open the Policies application from the list.

3. Click File→Replication→New Replica.

4. Make the following selections:

● Select Local from the list of servers.

● Accept the default path and file name.

● Expand Replica settings and if necessary, select CreateImmediately.

● Click OK to create the replica.

5. Create a document in the new local replica application.

a. Open the local copy of Policies.

b. Click New Main Topic. If a security alert displays, select Starttrusting the signer to execute this action and click OK.

c. Type a subject for the new document.

d. Click Save & Close.

6. Click File→Replication→Replicate.

7. In the Replicate Policies dialog box, click Replicate with options andclick OK.

8. Verify that Hub/SVR/WWCorp is in the with field, and click OK twice.

9. Open the Policies application on Hub/SVR/WWCorp to verify your docu-ment was added.

This self-paced activityis very straightforwardfor students who haveprevious experiencewith Lotus Notes 8.5. Ifthere are students withno previous experience,these students mayneed additionaldirection.




Topic B: Designing a ReplicationStrategy

Types of Replication Topologies

Topologies establish which servers are connected and how they communi-cate specific information. It is critical to carefully plan a replication topologyto ensure that IBM® Lotus® Domino® functions properly and that users haveaccess to the information they need in a timely manner.

A topology could specify replication between hub and spokes, server-to-server, or any combination that works for the organization. The followingtable describes each topology.

Topology Advantages Disadvantages

Hub-and-spoke: Onecentral server (hub) initi-ating mail routing andreplication to spokeservers.

● Easy to set up andadd servers.

● Better security.

● Centralized manage-ment.

● Minimizes networktraffic.

● Highly scalable–allows for expansionand growth.

● Hub server must bepowerful.

● If no backup to thehub, replication andmail routing stop.

Peer-to-peer: Eachserver initiates connec-tions to each other (alsocalled Full Mesh).

● Management of allconnections is local.

● Easy to managefewer servers.

● Decreased potentialfor replication prob-lems.

● Less centralized.

● Requires more Con-nection documents.

● Increases administra-tion of replicationschedules.

Types of ReplicationTopologies

Describe the types ofreplication topologies,highlighting theadvantages anddisadvantages of each.

BTopic B: Designing a Replication Strategy



Topology Advantages Disadvantages

End-to-end: Connectstwo or more servers in achain (also called chaintopology).

Fewer Connection docu-ments to maintain thansome other topologies.

● If one server in thesequence is down,replication throughoutthe domain stops.

● Replication from thesource server to thedestination servercould take a signifi-cant amount of time.

Hybrid: Combination ofother topologies.

Information is keptup-to-date becausedatabases are replicat-ing between severalservers.

● Most complex to setup and manage.

● May require moredisk space.

The following figure illustrates the hub-and-spoke topology.

Figure 5-1: Hub-and-spoke topology

Hub-and-SpokeTopology




The following figure illustrates the peer-to-peer topology.

Figure 5-2: Peer-to-peer topology

The following figure illustrates the end-to-end topology.

Figure 5-3: End-to-end topology

Peer-to-Peer Topology

End-to-End Topology

Topic B: Designing a Replication Strategy



Server Replication Types

The following table describes server-to-server replication. The compoundreplication types available are given in the first two entries of the table. Thelast two entries are simple replications. Together, the four types make anyreplication topology possible.

Replicationtype

Description Number ofrequired Con-

nectiondocuments

Pull-Pull Each server’s Replicator does the workand pulls data from the other, writingchanges in its own applications.

1

Pull-Push The initiating server’s Replicator pullschanges from the called server and thenpushes data to the called server; only theinitiating server’s Replicator does thework, writing in both servers.

1

Pull Only The initiating server’s Replicator does thework and pulls data from the calledserver.

2

Push Only The initiating server’s Replicator does thework and pushes data to the calledserver.

2

Server ReplicationTypes

Make sure the studentsunderstand whichserver’s Replicator isdoing the work for eachtype of replication listedin the table.

Open a Connectiondocument, and show theReplication Type field.

The replication eventsget written to theDomino Server Logdatabase (Log.nsf) asfollows:● After Pull-Pull repli-

cation, two DominoLog files getupdated; eachReplicator writeswhat data it pulled toits own server’sDomino Log file.

● After Pull-Push repli-cation, one LotusDomino Log file getsupdated; the onlyworking Replicatorwrites what data itpulled or pushed toits own server’sLotus Domino Logfile.




Replication vs. Routing Topologies

Different mail and replication topologies may be required within the sameorganization due to special needs for either routing mail or replicating appli-cations. The needs for both mail routing and application replication shouldbe considered to ensure the most optimum topology.

Note: The same topology may be used for both mail routing and replication.

Considerations for Choosing a Replication Type

Choose the best type of scheduled replication for the company’s needs,based on the nature of the application and the time of day replication isscheduled. For example, if the hub replicates with each spoke during thenight, the hub should push all changes to the spokes in the morning. Whilethe replication type chosen will depend greatly upon the specific situation,some general considerations include:

● Server load and server availability.

● Connection costs.

● Data security and access rights.

● Replication topology.

How to Design a Replication Strategy

Designing a replication topology will assist you in ensuring that the serversin an IBM® Lotus Notes® and Lotus Domino environment are properly con-nected and that they communicate the appropriate information.

The following are some guidelines for designing a replication topology.

● Determine the appropriate topology type based on the size and type ofthe organization. For example, peer-to-peer, hub-and-spoke, end-to-end, or hybrid.

● If using hub-and-spoke:

■ Determine the number of hubs and the appropriate systemresources for each hub.

■ Determine if clustering the hubs is necessary.

■ Determine which servers will initiate replication (i.e., which replica-tion types to use: Pull-Pull, Pull-Push, Pull Only, or Push Only).

■ Determine if you will use server groups.

Replication vs. RoutingTopologies

Open a Connectiondocument, and show thefields for replication andmail routing on theReplication/Routing tabto emphasize that theyare separate settings.

Considerations forChoosing a ReplicationType

How to Design aReplication Strategy




Practice Activity 5-2: Develop a ReplicationStrategy

ScenarioConsider the following to develop a replication strategy:

● The corporate hub should control when and how replication occurs andhandle the entire work load during each session.

● The hub should replicate with one server in each region, which will inturn replicate changes to all other servers in that region.

● All system databases required by Lotus Domino to function properlyshould be synchronized frequently as they are high priority databases.This includes the Domino Directory, Administration Requests database,and Certification Log.

● Users will need the information in employee databases updated severaltimes each day.

● A complete replication session should occur regardless of the length ofthe connection.

Read through theWorldwide Corporationreplication requirements,then clearly explain whatstudents should do tocomplete the activity.Position this activity asthe planning stage.Students will implementthis replication strategyin a future course.




1. Draw lines on the following diagram showing how Worldwide Corpora-tion’s servers will replicate. Indicate the replication type for eachconnection.

Review replication topology design.The following graphic shows theexercise solution for replication topology design.

One Connection document from East01 (West01) to a servers group(EastServers/WestServers) would handle replication to all servers in theEast (West) region. The recommended replication schedule is every twohours for Domino Directory and every six hours for all other databases.




Lesson SummaryIn this lesson, you described the Lotus Domino replication process and itsfunctions. As an administrator, you need to understand how Lotus Dominouses replication to keep the Domino Directory, the Certification Log, theAdministration Requests database, and user databases synchronized on allservers in the domain.




Extending the IBM® Lotus®

Domino® Environment

■ Topic A: Selecting Additional IBM® Lotus® Domino® Services

■ Topic B: Implementing IBM® Lotus® Domino® Scalability Features

■ Topic C: Integrating Other IBM® Products

6


Introduction

An organization can extend the IBM® Lotus® Domino® environment withvarious services, tools, and software products. These additions can enhanceand expand the services available to the user community.


● Identify additional Lotus Domino services.

● Identify Lotus Domino scalability options.

● Identify other IBM server types that might be incorporated into a LotusDomino environment.

This lesson introducessome of the softwareavailable to extendLotus Dominofunctionality. AdditionalIBM products aredescribed in the ExtendLotus Domino Softwareappendix.

Lesson 6 ■ Extending the IBM® Lotus® Domino® Environment


Topic A: Selecting Additional IBM®

Lotus® Domino® Services

Lotus Domino Standard Services

An IBM® Lotus Notes® and IBM® Lotus® Domino® environment can supportmany other applications and functionality by taking advantage of additionalstandard supplied services.

Some of the additional services available for a Lotus Domino server envi-ronment are listed in the following table.

Service or task Definition Description

Internet services:

● HTTP

● LDAP

● POP3

● IMAP

● HyperText TransferProtocol

● Lightweight DirectoryAccess Protocol

● Post Office ProtocolVersion 3

● Internet Mail AccessProtocol

● Supports the Internetprotocol used totransfer files from onecomputer to anotherfor Web browseraccess.

● Allows connection toand from Internetstandard directories.

● Supports users run-ning POP standardclients for mail.

● Allows clients toretrieve mail from ahost mail server alsorunning the protocol.IMAP is similar toPOP3 but has addi-tional features.

DECS Domino Enterprise Con-nection Services

Allows real-time back-end connectivitybetween Lotus Dominoand external systems tosupport application andapplication access tonon-Lotus Domino infor-mation and data.

Lotus Domino StandardServices

Show the students theWeb Administrator:1. Open your Web

browser.2. Enter the URL for the

Web Administrator.For example:

http://servername/webadmin.nsf

Where servername isthe name of theinstructor server.

3. Briefly show theinterface to empha-size Lotus DominoInternet support andadministration flexibil-ity.




Lotus Domino Internet Security Mechanisms

When using Lotus Domino connected to the Internet, there are additionaloptions to secure the Lotus Domino servers and services available to thecommunity.

The following table describes some of the Internet security settings availablewith Lotus Domino.

Securityoption

Definition Description and benefits

SSL Secure SocketsLayer

Security protocol that provides communi-cations privacy and authentication forLotus Domino server tasks that operateover TCP/IP. SSL offers these securitybenefits:

● Data is encrypted to and from clients,so privacy is ensured during transac-tions.

● An encoded message digest accompa-nies the data and detects anymessage tampering.

● The server certificate accompaniesdata to assure the client that the serveridentity is authentic.

● The client certificate accompanies datato assure the server that the clientidentity is authentic. Client authentica-tion is optional and may not be arequirement for your organization.

S/MIME Secure Multi-purpose InternetMail Extensions

A protocol used by clients to sign mailmessages and send encrypted mail mes-sages over the Internet to users of mailapplications that also support the S/MIMEprotocol. S/MIME benefits include:

● Encrypted mail messages cannot beread by unauthorized users while themessage is in transit.

● Electronically signed messages showthat the person who signed the mes-sage had access to the private keyassociated with the certificate stored inthe signature.

Lotus Domino InternetSecurity Mechanisms

Refer students to thefollowing Lotus DominoAdministrator 8.5 Helptopics for additionalinformation on Internetsecurity: SSL security,SSL and S/MIME forclients, and Setting upan Internet certificateauthority.

Topic A: Selecting Additional IBM® Lotus® Domino® Services



Securityoption

Definition Description and benefits

CA CertificateAuthority

A certificate authority (CA), or certifier, isa trusted administration tool that issuesand maintains digital certificates. Certifi-cates verify the identity of an individual, aserver, or an organization, and allow themto use SSL to communicate and to useS/MIME to exchange mail. Certificatesare stamped with the certifier’s digital sig-nature, which assures the recipients ofthe certificate that the bearer of the certifi-cate is the entity named in the certificate.




Topic B: Implementing IBM® Lotus®

Domino® Scalability Features

Scalability Options

When implementing or supporting an IBM® Lotus® Domino® installation, it isimportant to consider the performance and scalability of the available hard-ware. Lotus Domino offers options to maximize usage of CPU power,memory, and disk space on high-powered systems. The following tabledescribes these Lotus Domino options.

Service ortask

Description

Clustering A Lotus Domino cluster is a group of two or more serversthat provides users with constant access to data, balancesthe workload between servers, improves server performance,and maintains performance when you increase the size ofthe Lotus Domino environment.

Partitions Enable running multiple instances of the Lotus Dominoserver on a single computer.

Lotus Domino Clusters

A Lotus Domino cluster is a group of two to six servers that:

● Are on a high-speed LAN.

● Are on the same Lotus Domino Named Network.

● Are in the same Lotus Domino domain and share a Lotus DominoDirectory.

● Run the TCP/IP network protocol.

● Contain application replicas.

● Use a dedicated network adapter for cluster-to-cluster traffic.

For more information on Lotus Domino clusters, refer to the Lotus DominoAdministrator 8.5 Help topic Clusters.

Scalability Options

Lotus Domino Clusters

Verify studentsunderstand the clusterconcept:● Use the idea of the

many-to-one relation-ship: A server cannotbe a member ofmore than one clus-ter.

● Clustering is avail-able with LotusDomino Applicationand Enterprise servertypes.

BTopic B: Implementing IBM® Lotus® Domino® Scalability Features



Benefits of Clustering

The following table lists some of the benefits of using a cluster.

Benefit Description

High availability ofapplications

Automatic redirection of user requests to availableservers. This failover capability provides consistentaccess to critical applications, even if one server isdown for maintenance.

Workload balancing User requests to heavily used servers are redirectedto other cluster members.

Scalability Administrators can:

● Add cluster members.

● Add application replicas.

● Reallocate users across the cluster.

Data synchronization Cluster replication maintains current data across rep-licas.

Ease of upgrade andmigration

Software and hardware upgrades on one clustermember do not affect other members.

System backup Cluster member can act as server backup for criticaldata. Clustering does not take the place of backup.At least one server in the cluster must be backed upto tape, as well as other servers that contain uniquefiles (such as logs).

Lotus Domino Partitions

Lotus Domino server partitioning software allows the creation of a maximumof six Lotus Domino servers on a single computer.

Benefits of Clustering

Cluster replication isused to keep datacurrent among thecluster members.Regular replicationschedules are stillrequired to maintain theLotus Dominoenvironment.

Lotus Domino Partitions




Partitions:

● Are available with the Lotus Domino Enterprise server.

● Are supported on all Lotus Domino supported operating system plat-forms.

● Share Lotus Domino executables.

● Have unique:

■ Lotus Domino data directories.

■ Initialization files (Notes.ini).

● Can be clustered.

Note: Lotus Domino partitions should not be confused with specific operating sys-tem partitions, which segment system hardware.

For more information on Lotus Domino partitions, refer to the Lotus DominoAdministrator 8.5 Help topic Partitioned servers.

Benefits of Partitions

Partitioned servers optimize hardware usage. The following table lists someof the benefits of using partitions.

Benefit Description

Reduce hardwareexpenses

Run multiple Lotus Domino servers on a singlecomputer.

Minimize the number ofadministered systems

Easier to administer a single server than multipleservers.

Maximize usage of high-powered systems

More efficient use of hardware. For example, youcan purchase a single, more powerful computerand run multiple Lotus Domino servers on thesingle machine.

Are very effective in differ-ent domains

● Separate servers for individual customers.

● Support multiple Web sites.

Add scalability Running partitioned servers from the same domainon a multi-processor computer can improve perfor-mance because the computer simultaneously runscertain processes.

Benefits of Partitions


Topic B: Implementing IBM® Lotus® Domino® Scalability Features



Topic C: Integrating Other IBM®

Products

IBM Lotus Sametime

Leveraging a mix of Web technology, IBM® Lotus Notes® technology, andT.120 data-conferencing technology, IBM® Lotus® Sametime® provides anenvironment where users can participate in interactive conversations andmeetings within online communities.

The Lotus Sametime server supports several types of real-time communica-tion:

● Users can participate in instant chat sessions with other online partici-pants through the exchange of text as well as using audio- and video-based information in real time.

● Users can transfer files in an instant or scheduled meeting.

● Users can collaborate in real-time meetings using the WebConferencing interface with advanced organizational collaboration thatincludes instant polls and reach out to a community of experts.

● Users can participate in broadcast style meetings where many userscan tune to a meeting and watch it without interaction.

● A community of users to collaborate in real-time through presence andinstant messaging server applications.

Note: Lotus Sametime is an integrated installation option and cannot beunchecked when installing the Lotus Notes 8.5 client.

IBM Lotus Connections

IBM® Lotus® Connections is a social networking software application thatenables organizations to collaborate with their employees, partners, and cli-ents. It provides six services. The following table lists Lotus Connectionservices and their descriptions.

Service Description

Home page A portal that provides a customizable view of the socialnetwork. It consists of widgets of the other five services.The placement of the widgets are customizable. Thehome page also has an advanced search box thatenables users to locate people or information across thesocial network.

Lotus Sametime

Lotus Connections

CIBM® Lotus® Domino® 8.5 System Administration Operating Fundamentals



Service Description

Profiles It contains a person’s name, photo, address, area ofexpertise, department, and reporting structure. Profileshelp to locate people in an organization based on theirexpertise level, department, or interests.

Communities A collaborative space that enables people with commoninterests to share information or interact with oneanother. Communities can be integrated with LotusSametime, which allows community members to chatwith one another and also save their chat transcripts.

Blogs A blogging service that helps people share informationand receive feedback.

Dogear A platform to discover, save, and share bookmarksenabled by users with similar interests. Notifications canalso be sent and received about new bookmarks.

Activities An activity management tool that helps users organizetheir tasks. The tasks can be categorized into varioussections such as to do lists, meeting agendas, or logis-tics.

IBM Lotus Quickr

IBM® Lotus® Quickr™ is team collaboration software that enables teammembers to share content. It has six components. The following table liststhe components with their descriptions.


Content Library A version control database of team documents. Teammembers can check in or check out documents or mediafiles from the content library.

Lotus Quickr +Enterprise ContentManagement (ECM)

Lotus Quickr and ECM can be combined to provideenterprise level collaboration. It enables the content tobe accessible across an organization from tools such asLotus Notes or Microsoft® Office.

Team places Enable users to create specific work space for projectsor teams. Collaboration tools such as blogs, wikis, dis-cussion forums, or team calendars can be included inteam places.

Lotus Quickr

Topic C: Integrating Other IBM® Products




Connectors Enable users to collaborate and access content fromLotus Quickr without switching applications. Forexample, a Lotus Sametime user can send or receiveLotus Quickr links from a chat application.

Templates Pre-built team places that provide immediate solutionsand support for some common business processes.

Personal file shar-ing

A personal content database where users can store andshare files.




Lesson SummaryIn this lesson, you identified services and options used to extend andenhance the functionality of the Lotus Domino environment. By using vari-ous services, tools, and software products to extend the IBM Lotus Dominoenvironment, you can enhance and expand the services available to thecommunity.

Topic C: Integrating Other IBM® Products



Follow-upIn this course, you were introduced to foundational concepts needed to per-form basic administrative tasks in a Lotus Domino 8.5 infrastructure. Inaddition, that knowledge has prepared you to move forward and obtain theadditional knowledge needed for building a Lotus Domino 8.5 infrastructureor managing the servers and users that make up a Lotus Domino 8.5 infra-structure.

What’s Next?This course is the first in a series of system administration courses. Thematerial in IBM® Lotus® Domino® 8.5 System Administration Operating Fun-damentals provides foundational knowledge needed to administer a LotusDomino 8.5 infrastructure. Once you have completed IBM® Lotus® Domino®

8.5 System Administration Operating Fundamentals, you can take eitherBuilding the IBM® Lotus® Domino® 8.5 Infrastructure or Managing IBM®

Lotus® Domino® 8.5 Servers and Users. The recommended next step in theseries is the Building the IBM® Lotus® Domino® 8.5 Infrastructure course.


Lesson Follow-up ■

121

The WorldwideCorporation InfrastructurePlanAbout This Appendix

This appendix provides an overview of Worldwide Corporation’s infra-structure. It is intended to provide an overall view of the environment asdesigned by the planning team. It does not provide details on specificIBM® Lotus® Domino® functionality.

This document will be continually updated. Administrators should refer tothe Policies and Procedures application on any Worldwide Corporationserver for the latest version of this document.

IBM® Lotus Notes® and Lotus Domino are Worldwide Corporation’s glo-bal standard for electronic mail and for developing and deployinggroupware applications.

AAppendix

© Copyright IBM Corporation 2009

Organization Structure

The structure of Worldwide Corporation is illustrated in the following figure.

Figure A-1: Structure of Worldwide Corporation

Servers By Task

Worldwide Corporation will designate servers to specific tasks based onInformation Groups. The following table lists the servers, associated tasks,and rationale behind the decision.

Server type Tasks Rationale

Hub Routes mail and replicationapplications to and from otherhub or spoke servers.

Provide easier administra-tion and maintenance.

Appendix

Appendix A ■ The Worldwide Corporation Infrastructure Plan

124 © Copyright IBM Corporation 2009


Internet Mes-saging

Provides non-Lotus Domino mailservices, such as:

● POP3.

● IMAP.

● SMTP.

● NNTP.

● LDAP.

Use Lotus Domino serverto provide employees withaccess to non-LotusDomino mail files.

LDAP Service, LDAP Directory Provides a central userrecord repository.

Collaboration Provide, instant messaging, webmeeting, blogs, wikis, andaudio/video needs.

Use IBM® Lotus®

Sametime® and IBM®

Lotus® Quickr™ to servicecollaboration needs.

ApplicationWeb Server

Provide, content application webinterface.

Utilize IBM® WebSphere®

Portal as a compositeapplication interface.

Mail Stores users’ mail and applica-tions and routes mail across theintranet and Internet.

● Provide easier adminis-tration.

● Minimize server proces-sor load.

● Reduce network traffic.

● Provide predictableserver performance andgrouping of users.

● Allow user access toapplications when mailserver is down.



© Copyright IBM Corporation 2009 125


Application Stores applications. ● Provide easier adminis-tration.

● Group applications byusage, replicationneeds, and/or securityrequirements.

● Allow tuning of server tooptimize performanceand response time inde-pendent of mail usage.

● Ease expansion by add-ing new applicationservers as usage andstorage needs increase.

Web Provides access to an applica-tion from the Internet or to thecorporate intranet. Can useeither:

● Lotus Domino Web server.

● Microsoft IIS.

● Can place outside thefirewall for Internetaccess.

● Provide employees withaccess to corporateinformation from abrowser.

Service Lotus WebSphere. Deliver a secure system.

OrientedArchitecture

Application server. Provide a portal.

Servers By Location

Worldwide Corporation will have one Lotus Domino Domain (WWCorp) thatincludes all Worldwide Corporation offices. Worldwide Corporation’s Internetdomain name has been registered as WWCorp.com.

Topology

Worldwide Corporation has selected a hub-and-spoke topology for ease ofmanagement and future expansion. There is one hub server and one ormore spoke servers. Each site will be set up to run independently, althoughthey will be connected to the corporate hub.

Connection documents are required for replication to tell the corporate hubhow and when to communicate with other servers and for spoke servers toconnect to the corporate hub.

Appendix



The hub server is the center of the infrastructure, which has high-speedlinks running to the offices. Each individual server is responsible for its ownmail routing and replication events. The hub server is responsible for repli-cation of the critical applications between all its spoke servers.

The following figure illustrates the locations and types of servers.

Figure A-2: Server types and locations

The hub server

The hub server is the administration server for the Worldwide Corporationdomain and replicates the Directory Catalog and the AdministrationRequests application to all other servers within the Worldwide Corporationdomain (WWCorp).

Customers and vendors will have access through a Web server.

Notes Named Networks

The regional sites will be logically grouped into Notes Named Networks(NNNs), since they share a common protocol (TCP/IP) and are constantlyconnected.

Grouping the Notes Named Networks this way will ensure that users seeinformation on their local servers to reduce network traffic.




System Administration

System administration is locally controlled by region, but monitored from thecorporate office. Administration tasks are controlled by regional administra-tors. General policies and guidelines are maintained and distributed from theCorporate office. Implementation and design changes are carried out afterbusiness justifications are submitted and approved.

All Lotus Domino system administrators use the Lotus Domino Administratorand Web Administrator for all administration tasks. All other administratorsuse appropriate tools to complete their daily tasks.

Domino Domain Monitoring

System administrators will use Domino Domain Monitoring and the inte-grated IBM support assistant to proactively monitor the WWCorp Domain.

Network Strategy

Worldwide Corporation’s strategy includes these components:

● Incorporating TCP/IP as their primary network protocol.

● Providing high-bandwidth networking connections to all offices fromheadquarters.

● Incorporating Lotus Sametime and Lotus Quickr throughout the corpora-tion as collaboration tools.

● Incorporating a WAS server to enhance internal and customer interac-tion.

Directory Strategy

There will be more than one Lotus Domino domain (WWCorp) for the entireWorldwide Corporation Lotus Domino environment. The model matches thephysical layout of the Worldwide Corporation WAN. The first configuredserver (the corporate hub) will have full administration rights over the entiredomain.

When incorporated, the LDAP TDI is used to provide user information.

The Lotus Domino Directory will reside on the corporate hub server at head-quarters, and replicate to each regional server. The corporate hub willcreate Directory Catalogs and replicate to regional servers for use byremote users. Remote users can keep a local replica of the Directory Cata-log on the client for faster response time and timely encryption ofmessages.

System administrators will periodically update the Directory Catalog and rep-licate once a day to servers.

Appendix



Directory access is from:

● Lotus Notes clients.

● Web browsers.

● Other e-mail and directory clients.

● Lotus Sametime client.

Replication Topology

A hub-and-spoke topology will be used for replication. This structure con-sists of a main hub with spoke servers.

The corporate hub server will be the primary hub and share control of repli-cation with regional servers.

Streaming replication

Connection documents are required for replication to tell the corporate hubhow and when to communicate with other servers and for spoke servers toconnect to the corporate hub. To take advantage of the new streaming repli-cation feature in Lotus Domino 8, connections between hub servers will usethe Pull/Pull replication strategy.

Administrators will create Connection documents between the WWCorpDomain Hub and regional hub servers using the Pull:Pull strategy. This willtake advantage of the speed of Streaming Replication. It is important to notethat WWCorp employees are not expected to access these servers, so allhub servers can share the replication workload.

Note: Employees are not expected to access hub servers.




The following figure illustrates Worldwide Corporation’s replication topology.

Figure A-3: Worldwide Corporation’s replication topology

Integrated Db2 Technology

Administrators will leverage the speed of Db2 Server Technology whilemaintaining Lotus Domino security access to data in the Db2 environment.

Mail Routing Strategy

Each region will have its own server that is responsible for local mail deliv-ery, but will rely on the corporate mail server for inbound Internet mail:

● Simple Mail Transfer Protocol (SMTP) will route mail to the Internet.

● Notes Remote Procedure Call (NRPC) will route mail within the corpo-rate intranet.

The following configuration provides for ease of configuration and optimumload balancing and failover:

● One Internet domain.

● ISP as a relay host to Internet.

● The corporate mail server is enabled to route external mail using theSMTP protocol.

● All mail servers have Connection documents and route mail usingNRPC internally.

Appendix



The WWCorp Domain Hub will be configured to send and receive Internetmail. Administrators will use whitelists and blacklists to improve mail routingperformance. In addition, Transfer and Delivery Reports will be used tonotify users if their mail is unable to be delivered.

Mail Administrators

Administrators must perform the following tasks:

● Store the Internet domain name in the Foreign SMTP and GlobalDomain documents.

● List the inbound mail servers in the Mail Exchange (MX) records in theDomain Name Service under the domain’s name. Only one is required.(Note that load balancing for multiple servers is dependent on the algo-rithm used by the client SMTP system to select a server from the MXrecords.)

● Configure complete address lookup or configure local part only lookupto identify each mail recipient’s mail server so that the router can makethe final delivery.

Mail clients

Initially, some mail users will have Lotus Notes mail files. In the future, somemail users may use other Internet mail client software. At that time, World-wide Corporation will set up select Internet POP3 Messaging Servers fornon-Lotus Notes mail clients to access mail files on the Lotus Dominoserver.

Mail monitors and controls

The following mechanisms will be put into place for monitoring and control-ling mail:

● Automated testing of mail routers.

● Mail quotas.

● Inbox cleanup.

● Mail journaling.

● Set options for Mail Recall.

● Set options for Out of Office agent.

● Reject inbound ambiguous names/deny mail to groups.

● Maximum message size for inbound and outbound message set to 10megabytes.

● User restrictions, such as full-text indexing and other Policy Manage-ment enhancements.




Server managed provisioning

Administrators will use the Eclipse Provisioning model to deploy Lotus Notes8 Client features, components, and composite applications.

Mail routing topology

The following figure illustrates Worldwide Corporation’s mail routing topol-ogy.

Figure A-4: Worldwide Corporation’s mail routing topology

Reverse path setting for forwarded messages

Administrators will use this function to specify how the mail router handlesdelivery failure reports when e-mails are automatically forwarded by anaction in a user’s mail rule. This will reduce inadvertent rejection of legiti-mate mail by some SPAM filters when automatic mail forwarding is enabled.

Worldwide Corporation Naming Conventions

The following table defines the Worldwide Corporation naming scheme.

Appendix



Organization compo-nent

Vale Certifier

Organization (O) WWCorp wwcorp.id

Organizational units(OUs)

WEST: WestEAST: EastSVR: All servers

sales.idoperations.idhub.idwest.ideast.idsvr.idThere may be additionalid files needed.

Organizational units are based on geographical regions and job role.

The servers’ organizational unit will be used for better control of manage-ment and creation of servers.

All organizational units and common names are descendants of the organi-zation certifier /WWCorp.

User naming

The following table provides user naming conventions.

Type Syntax

Common name for LotusDomino environment

Firstname Lastname

Internet mail addressing [email protected] where username= Firstinitial_Lastname

Server naming for Lotus Domino

The following table provides examples for regional server names.

Region Code Server names (servertypes)

Server address

Hub HUB/SVR/WWCorp (Hub) hub.wwcorp.com

East East## (01–06)

EAST01/SVR/WWCorp east01.wwcorp.com

West West## (01–06)

WEST01/SVR/WWCorp west01.wwcorp.com




Naming examples for Lotus Domino

The following table provides naming examples for international sites.

If you want to ... Then ...

Create a new server. Use the name Type##/SVR/WWCorp, where:

● Type is the server type, or region for example,East.

● ## is the server number of this type.

Create a new organiza-tional unit.

Use the standard department code that identifies thelocation of the organizational unit.A new organizational unit for Sales might be:/Sales/WWCorp

Create a new user. Certify under the regional organizational unit wherethe user works.A new user named Sara Jones in Sales would be:Sara Jones/Sales/WWCorpThe corresponding Internet name would be:[email protected]

Certifier/ID management policy

The following table describes the certifier/ID management policy.

Type Management policy

Organization certifier ● Corporate system administrators create the O certi-fier.

● Corporate system administrators create the OU cer-tifiers.

● Access is limited to two administrators using mul-tiple passwords.

● Store IDs in protected areas.

Organizational unitcertifiers

● Corporate administrators keep copies of OU certifi-ers.

● OU certifiers are migrated to the CA process.

● Regional administrators use the CA process to reg-ister users and servers using these OU certifiers.

● Store IDs in protected areas.

Appendix



Type Management policy

Server IDs ● Corporate system administrators create all serverIDs.

● Store IDs on the server.

● Use only for the server.

User IDs ● Regional administrators create user IDs.

● Regional system administrators keep copies of IDsin a secure application on the hub server.

● Use a Certification Log application to track certifica-tion.

● All Certifier IDs have multiple passwords and expi-ration dates of 20 years from date of creation. Thisis not recommended, but is used for classroom pur-poses.

● Store backups in a secure off-site location.

Key files for Interent(X.509) Certificates

● Using Lotus Domino as a Certificate Authority,administrators will create X.509 certificates usingthe Certificate Authority Application on a workstationand store the CA key ring on that workstation, noton the server.

● Do not distribute these files to other administratorsin the organization.

● Store the certificates in a secure off-site location.

● Store in corporate user Lotus Notes ID files.

● Store in trusted LDAP directories (for customers).




Hierarchical naming for Worldwide Corporation

The following figure illustrates the organization hierarchy, including currentlyplanned server names.

Figure A-5: The organization hierarchy

Remote Access

Worldwide Corporation has determined specific Internet access for remoteemployees, vendors, resellers, and customers, based on their needs.

Internet access

The following Internet access will be used:

● Authenticated access for employees

● Public access Web server for vendors, resellers, and customers, includ-ing controlled access to servers, applications, and data

The following table describes types of access.

Appendix



Employees Customers Vendors Resellers

X.509 certificates Anonymousaccess to catalogand public com-pany information.Future:Username andpassword accessto informationabout their ownorders, forexample, ship-ping information.

Anonymousaccess

Authenticatedaccess throughoutside LDAPdirectories.

Internet security features

Administrators will use XACLs to decipher hashed passwords. InternetPassword Lockout will be used to restrict Internet users to three loginattempts before account lockout.

Remote users

Users at home offices that do not have direct connections to the WAN canuse an Internet Server Provider (ISP) to access the Lotus Domino systemthrough a local Firewall server.

Remote users can connect to their mail server through the local Firewallservers.

Server Configurations and Security

Worldwide Corporation has determined configurations for servers, includinglicensing, file structure, and server tasks. Server security has been definedas group access to servers.

Server types

The following table lists the server licenses that will be used for each of theserver types.

Server type Server license Rationale

Lotus Domino Mailand Internet Mes-saging servers

Lotus DominoMessaging Server

To provide Lotus Domino andInternet mail services




Server type Server license Rationale

Application andWeb servers

Lotus Domino Util-ity Server

To provide custom applicationapplications for Lotus Notes andWeb clients

Hub server Lotus DominoEnterprise Server

To provide the following services:

● Clustering

● Partitioning

WAS WebSphere Appli-cation Server

To provide the following services:

● Build and deploy application ser-vices

● Run services efficiently

● Secure applications and data

File structure for Domino servers

The following table lists the standard file structure on the Domino servers.

Path Contents Description

Domino System files, client files Client files will beinstalled for network dis-tribution purposes.

Domino\data Applications, generaldata files

Lotus Domino systemapplications that arerequired for LotusDomino to functionproperly.

Domino\data\critical Applications Critical applications thatrequire frequent replica-tion.

Use the standard installation file paths whenever possible to ensure stan-dardized training and ease of support and troubleshooting.

Note: Store Lotus Domino executables on a separate disk than Lotus Domino datafor better performance.

Appendix



These areas of the Lotus Domino file structure are accessible to only desig-nated personnel for installation purposes. All other Lotus Domino data isprotected by operating system security and is accessible to Lotus Dominoadministrators only.

Configuration documents

Every Worldwide Corporation server has its own Configuration document.This ensures that each server configuration can be modified separately andthat there is a log of any changes made.

The Lotus Domino configuration application will be used for server setup tostreamline and automate setup.

A Configuration document exists for each server type (for example, hub,mail, application) and is then distributed to other servers of the same type.

Lotus Domino tasks by server type

The following table lists the minimum requirements for all Configurationdocuments.

Lotus Domino server type Recommended tasks

Standard services for all servers The following are the recommendedtasks:

● Mail Router

● Replicator

● Indexer

● Agent Manager

● Administration Process

● Event Manager

● Statistics

Mail servers The following are the recommendedtasks:

● Calendar Connector

● Schedule Manager

● HTTP for Web mail

Application servers The following are the recommendedtasks:

● Standard services only, no addi-tional services




Lotus Domino server type Recommended tasks

Hub servers The following are the recommendedtasks:

● HTTP, both mail and applications

● SMTP (Headquarters hub only)

Web servers The following are the recommendedtasks:

● HTTP for Web applications

Internet messaging servers The following are the recommendedtasks:

● POP3 and SMTP

● IMAP

● LDAP

● NNTP

Group naming for servers

Groups will be used to determine access to servers and for added security.The following naming convention will be used to identify the location andtype of group:

region[global]descriptionofgroup

Note: Administrators may use Tivoli Directory Integrator (TDi) as an LDAP providerin addition to Domino Directory. In that case, groups such as LocalDomainAdmins,OtherDomainServers, and DenyAccess must reside on Domino Directory, while oth-ers can reside on TDi.

For example: HQAdmins or GlobalSales.

Within groups, names are sorted in alphabetical order.

Deny access groups

As an added security feature, Worldwide Corporation will use four groups,which represent access denial to any Worldwide Corporation servers. Ineach server restrictions setting, these groups will be added in the Notaccess server fields.

The following table describes the four groups.

Appendix



Group name Description

Deny Access A-F Denial for people whose family names beginwith A-F.

Deny Access G-L Denial for people whose family names beginwith G-L.

Deny Access M-R Denial for people whose family names beginwith M-R.

Deny Access S-Z Denial for people whose family names beginwith S-Z.

Before deleting a user from the Lotus Domino system, add the user to oneof these groups. This will ensure immediate denial to any Worldwide Corpo-ration server.

Note: This is subject to replication of the changes throughout the domain, which willtake no longer than 60 minutes.

Server configuration plan

The following table describes the server configuration plan.

Standard Requirement

Application size quotas No application size quotas, unless archivingis needed for a particular course

Application names No database naming standards

File system directory structure Standard directory structure, for example:\Domino\Data\Global\HR1\Domino\Data\Global\Marketing\Domino\Data\Local\Marketing\Domino\Data\Local\Dev1

Groups spanning the entireorganization

● One group for all server administrators,for example: GlobalAdmins

● Groups for specific categories of employ-ees, for example: GlobalSales




Standard Requirement

Groups at all sites ● A group for each region, for example:EastAll (for all Worldwide Corporationemployees in East)

● One group for administrators per region,for example: WestAdmins (for all serveradministrators in West)

Client Configurations and Security

Worldwide Corporation has determined configurations for clients, includinglicensing and registration and desktop settings. Client security has beendefined using security policies, including client IDs and certificates andgroup access to databases.

Client licenses

Client licenses will be:

● Lotus Notes Client for most users, all generic IDs, and any contractualor affiliate accounts.

● IBM® Lotus® Domino® Designer for users who will create, modify, ordesign databases.

● Lotus Domino Administrator for system administrators.

Client deployment

Desktop, registration, and security policies will be used to set up users’ envi-ronments.

For Internet mail, account documents will be created locally for each mailprotocol. Mail will be stored in Notes Rich Text format.

Worldwide Corporation will use policy documents to create and updateLocation and Connection documents on workstations for dial-up users todetermine where and how to locate the servers.

Client IDs and certificates

The following table describes the policy regarding client IDs and certificates.

Appendix



Type Policy

Lotus Notes client IDs ● Certify all IDs using a Lotus Domino cer-tificate.

● Users responsible for secure or encryptedinformation, such as pricing information toresellers, will hold an Internet (X.509) cer-tificate.

● Stored on workstations for all users andencrypted locally.

● Copies are kept in a secure location byregional as well as corporate administra-tors.

Internet client browsers ● Accept CA certificate as a trusted root.

● Store internal signed client certificates foraccess to secure information.

Longer encryption keys

Administrators will use the Lotus Domino 8 Certifier Key rollover to upgradeuser, server, and certifier ids, taking advantage of the new 2048-bit encryp-tion for users and servers, and 4096-bit keys for certifier ids.

File storage

Client-based data files, such as IDs, Notes.ini, and *.dsk, will be stored onthe workstation for all users and encrypted locally.

Implementing the Deployment Plan

Complete these tasks to implement the Lotus Notes and Lotus Dominocomponents of the Worldwide Corporation deployment plan.

Task Procedure

❒ 1 Set up the first server.

❒ 2 Add an administrator’s workstation.

❒ 3 Set up access to the Lotus Domino Directory.

❒ 4 Add Lotus Domino servers.

❒ 5 Add organizational units.




Task Procedure

❒ 6 Register administrators.

❒ 7 Add Lotus Notes clients.

❒ 8 Create user groups.

❒ 9 Create organizational policy.

❒ 10 Register users.

❒ 11 Set administration preferences.

❒ 12 Set up access to servers.

❒ 13 Set up server logging.

❒ 14 Synchronize Lotus Domino system databases throughout thedomain.

❒ 15 Route mail internally.

❒ 16 Route mail to the Internet.

❒ 17 Set mail controls.

❒ 18 Test mail routing and delivery.

Appendix



Certification and ExamCompetenciesIBM Software Services for Lotus Training andCertification

IBM Software Services for Lotus offers training and certification pro-grams designed to help customers take full advantage of technologyinvestments to improve business processes.

Lotus software training ensures that individuals get up to speed quicklyand effectively whether delivered in the classroom, on the desktop, orvia distributed learning. For more information on Lotus software training,please visit http://www.ibm.com/lotus/training.

The IBM Certified Professional for Lotus Software program provides indi-viduals with a means to benchmark their technical knowledge andachieve industry recognition, which results in increased business valueto both the individual and their organization. As a member of a highlyregarded certified community, individuals enjoy benefits commensurateto their certification level. For more information on certification, pleasevisit http://www.ibm.com/lotus/certification.

Skills Roadmaps are available to guide you on your path to knowledge.Roadmaps identify courses in their logical sequence to complete a spe-cific curriculum or certification program. To view Skills Roadmaps forLotus, please visit http://www.ibm.com/lotus/trainingroadmaps.

Lotus Professional Certification

Lotus software has robust certification programs in support of IBM Lotussoftware and technical skills. For complete information on the Lotus pro-fessional certification program, visit the IBM Software Services for LotusCertification Web page at http://www.ibm.com/lotus/certification.

BAppendix


Place in certification

IBM® Lotus® Domino® 8.5 System Administration Operating Fundamentalsis listed as one of the preparation resources for the following exam:

Exam 980 - IBM Lotus Notes Domino 8.5 System AdministrationOperating Fundamentals

This exam is part of the path for IBM Certified System Administrator - LotusNotes and Domino 8.5 certification. The complete path is described here:

IBM Associate System Administrator - Lotus Notes and Domino 8.5

Exam 980 - IBM Lotus Notes Domino 8.5 System Administration Oper-ating Fundamentals

IBM Certified System Administrator - Lotus Notes and Domino 8.5

Successfully pass the following three exams:

● Exam 980 - IBM Lotus Notes Domino 8.5 System AdministrationOperating Fundamentals

● Exam 981- IBM Lotus Notes Domino 8.5 Building the Infrastructure

● Exam 982 - IBM Lotus Domino 8.5 Managing Servers and Users

IBM Certified Advanced System Administrator - Lotus Notes andDomino 8.5

Exam information not yet available.

Preparing for a Lotus certification exam

Attending this course and using this Student Guide will help you prepare forcertification. Some topics covered on the exam are not covered in thiscourse and some of the objectives covered in this course are not tested onthe exam. Be sure to follow all the steps listed in order to prepare fully forthe exam.

Step Action

1 Review the exam competencies.

2 Get hands-on experience.

3 Use the exam preparation page.

4 Use all available resources.

Appendix

Appendix B ■ Certification and Exam Competencies


Step 1: Review the exam competencies

Review the exam competencies to see the complete listing of possible top-ics for the exam. Use the competency listing as your checklist to determineyour weaknesses and the areas on which you will want to focus more atten-tion in your studies and preparation.

You will find the competencies listed in:

● The Exam Competencies Appendix included in this course.

● The Exam Guides located on the IBM Software Services for Lotus Cer-tification Web page at http://www.ibm.com/lotus/certification.

Step 2: Get hands-on experience

Actual hands-on experience is a critical component in preparing for theexam. The exam is looking to measure how well you perform tasks, not howwell you memorize features and functions:

● Spend time using the product and applying the skills learned.

● Direct application of the skills learned in this class cannot be replacedby any other single resource listed here.

Step 3: Use the exam preparation page

The exam preparation page lists resources available for each individualexam. To find the exam preparation page for this exam, go to http://www.ibm.com/lotus/certification and use the Select an exam drop-downmenu. Select the exam name and link to the exam preparation page.

Step 4: Use all available resources

We recommend using a range of resources when preparing to take anexam. The following table describes the types of resources available to pre-pare for certification exams. For a listing of resources specific to each exam,use the individual exam preparation page located at http://www.ibm.com/lotus/certification.

Resource Brief description Where to find resource

Exam guides Complete versionincludes certificationtitles and paths, samplequestions, and registra-tion information.

Abbreviated version isavailable in the ExamCompetencies Appendixincluded in this course.Complete version is avail-able on the IBM SoftwareServices for Lotus Certifi-cation Web page at http://www.ibm.com/lotus/certification.




Resource Brief description Where to find resource

Lotus authorizedcourses

Offered at EducationCenters for IBM Soft-ware (ECIS) and Lotuseducation locationsworldwide.

A complete list of coursesand education centers areon the IBM Software Ser-vices for Lotus EducationWeb page at http://www.ibm.com/lotus/education.

CBT programs Used as an alternatelearning tool or supple-ment to courses or both.

Additional information isavailable at The Educa-tion Store on the IBMSoftware Services forLotus Education Webpage at http://www.ibm.com/lotus/education.

Practice tests Available from a varietyof vendors. Visit the indi-vidual exam preparationpage to determine whatpractice tests are avail-able for a specific exam.

Available from the IBMSoftware Services forLotus Certification Webpage at http://www.ibm.com/lotus/certification.

Online learning This includes online tuto-rials and other learningresources.

See the individual exampreparation page for rec-ommended onlinelearning resources.

Product Documenta-tion

Official Lotus productdocumentation.

Additional informationavailable at http://www-10.lotus.com/ldd/doc.

IBM Redbooks Technical cookbooksthat address topics thatthe reference manualsmay not cover.

Ordering information isavailable at http://www.redbooks.ibm.com.

Appendix



Preparing for the IBM Lotus Notes Domino 8.5 SystemAdministration Operating Fundamentals exam

The following materials are available for the IBM Lotus Notes Domino 8.5System Administration Operating Fundamentals exam:

● IBM® Lotus® Domino® 8.5 System Administration Operating Fundamen-tals Course

● CertFX Practice Test

● Notes, Domino, and Domino Designer 8.5 Release Notes

● Lotus Domino 8.5 Administrator Help

For the most up-to-date resource listing for this exam, visit the individualexam preparation page. Go to http://www.ibm.com/lotus/certification andselect the exam name from the Select an exam drop-down menu. Theseindividual pages will give you the most up to date list of resources available.

IBM Lotus Notes Domino 8.5 Administration OperatingFundamentals Exam Competencies

This section contains the exam competencies for the IBM Lotus NotesDomino 8.5 Administration Operating Fundamentals exam. The examcompetencies are one tool for preparing for IBM Certified for Lotus Softwareexams. For more a complete listing of learning resources, refer to the LotusCertification Web site available at www.lotus.com/certification.




Install and Configure

The following competencies relate to installation and configuration.

● Configuring client provisioning

● Configuring component update for composite applications

● Configuring Directory Services

● Configuring Directory Services/LDAP services

● Configuring Domino services

● Configuring Domino Web Access

● Configuring Ports

● Configuring Server Fast Restart

● Configuring User ID Recovery

● Creating an ID Vault

● Creating Dynamic Policies

● Creating Internet Site Documents

● Creating Policies

● Deploying a centrally managed Widget Catalog

● Identifying the architecture and key components of the Lotus Notes andLotus Domino Environments

● Implementing Sametime for Domino Web Access (DWA)

● Implementing Domino Attachment and Object Service (DAOS)

● Implementing Domino Configuration Tuner

● Implementing Domino Roaming for Standard Clients

● Implementing Early Authentication

● Implementing Lotus iNotes enhancements

● Implementing Lotus Notes on Citrix

● Implementing Lotus Traveler

● Registration/Certifiers

● Registration/Domains

● Registration/Groups

● Registration/Organizational Units

● Registration/Organizations

● Registration/Servers

● Registration/Users

● Understanding Installation Package Options

● Understanding Server Installation Order (platform independent)

● Understanding the Certification Log

Appendix



Mail

The following competencies relate to mail.

● Creating Domino (Notes) Named Networks

● Creating Mail Topologies

● Defining Mail Routing Protocols

● Defining supported message formats

● Implementing Mail Services/Domino Web Access (DWA)

● Implementing Mail Services/IMAP

● Implementing Mail Services/POP3

● Issuing server commands

● Planning Mail Topologies

Manage and Maintain

The following competencies relate to managing and maintaining.

● Defining directory terminology

● Examining Lotus Domino server functionality

● Managing files and disk space

● Monitoring server status

● Performing Basic Administrative Tasks

● Setting administrative preferences

● Starting Lotus Domino Administrator

● Understanding support for LDAP attributes

● Understanding the administration process

● Understanding the Domino Administrator UI

● Utilizing the Domino Administrator client

● Viewing mail routing status

● Viewing Person documents and groups

● Viewing replication events and topology

● Viewing server configuration documents




Managing Servers

The following competencies relate to managing servers.

● Configuring new Domino Domain Monitoring options

● Configuring Send to IBM feature

● Configuring Web Administration Bookmarks

● Implementing Domino Domain Monitoring probes

● Understanding Domino Directory enhancements

● Understanding Domino server console commands

● Understanding streaming replication features

● Upgrading Domino Servers to version 8.5

● Utilizing Administration Process (Adminp) features

Platform Support

The following competencies relate to platform support.

● Defining Domino attributes

● Defining Domino attributes/Certifier Documents

● Defining Domino attributes/Configuration Documents

● Defining Domino attributes/Connection Documents

● Defining Domino attributes/Group Documents

● Defining Domino attributes/Messaging

● Defining Domino attributes/Person Documents

● Defining Domino attributes/Program Documents

● Defining Domino attributes/Replication

● Defining Domino attributes/Server Documents

● Defining Domino attributes/Server Tasks

● Identifying Lotus Domino databases

Appendix



Security

The following competencies are related to security.

● Configuring Administrator Access rights

● Configuring the Access Control List (ACL)

● Configuring the Access Control List (ACL)/Enforce a Consistent AccessControl List

● Configuring the Access Control List (ACL)/Maximum Internet name-and-password

● Defining Security Fields

● Deploying xPages Security

● Implementing Shared Login

● Implementing the ID Vault

● Managing encryption key lengths

● Restricting Server Access

● Understanding changes in database encryption levels

● Understanding database Access Control Lists

● Understanding new Java Security standards

● Understanding Online Certificate Status Protocol (OCSP)

● Understanding password protection for Notes and Domino ID files

● Understanding public and private keys

● Understanding the Access Control Lists (ACL)

● Utilizing the Access Control List (ACL) log




Instructor PreparationThis appendix is provided to assist instructors in their preparation forleading instructor-led training in a classroom or online (ILT and ILO).

Preparation Checklist

When preparing to teach this course, consider doing the following:

● Read through the Instructor Guide.

● Perform all activities in the course.

● Perform all demonstrations and labs described in the InstructorGuide.

● Refer to the Instructor Lounge to gather useful teaching tips andtechniques that other instructors have used to teach this course.

● Use the information in this section to find additional resources tofurther your knowledge of the subject.

● Practice the classroom setup.

Additional Preparation Resources

The following additional resources are available as you prepare to leadtraining.

CAppendix


Name Location Description

IBM developerWorksForums and Community

http://www.ibm.com/developerworks/lotus/community

You can discuss Lotusand related productswith your peers, expandyour understanding ofthese products, and cre-ate connections withothers.Join our public discus-sion forums, where theLotus community meetsto talk about Lotus soft-ware. You are welcometo read all our forums.To participate in someforums, you need tocomplete our free regis-tration form to get adeveloperWorks Lotususer name and pass-word. (If you havepreviously registered onNotes.net/Lotus Devel-oper Domain, that is theuser name and pass-word to use here.) Otherforums require an IBMID to participate.

IBM Lotus Domino andNotes Information Cen-ter

http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp

IBM Lotus Domino andLotus Notes productinformation where youcan find system require-ments, installation andconfiguration proce-dures, and informationabout managing yourLotus Domino serversand Lotus Notes clients.

Appendix

Appendix C ■ Instructor Preparation


Name Location Description

IBM Lotus Notes andDomino Wiki

http://www-10.lotus.com/ldd/dominowiki.nsf

The Lotus Notes andLotus Domino Wiki,where you can find andcontribute to informationabout installing, admin-istering, and using LotusNotes and LotusDomino, and othermembers of the LotusNotes product family.

Lotus Labs http://www-10.lotus.com/ldd/lotuslabs.nsf

Lotus Labs is about pro-viding content in newways: consumable, col-laborative, customizable.This page highlights thepilots, projects, and pro-grams we’ve beenworking on recently.

Course Strategy

Approach

This courses uses the fictitious company Worldwide Corporation to providescenarios for installing and setting up the infrastructure. The company usesa single domain with Lotus Notes mail internally and SMTP externally. Toprovide all students with a comprehensive hands-on experience, we havedesigned this course so that all students administer their own servers. Toaccommodate this, we instruct students to use the client and server soft-ware on the same machine. The Lotus Domino server and Lotus Notesclient software support this configuration provided that the server and clientsoftware is installed in separate directories on the machine. While we recog-nize this is not an optimal or recommended configuration to deploy in a “realworld” environment, we use this environment in the classroom to provide allstudents with the experience of administering their own servers.

Recommended Agendas

This course is a one-day instructor-led course with computer-based activi-ties and labs. These tables are provided to help you plan your instructionalagenda for each of the training days.

Suggested agenda for ILT delivery

The following table shows the recommended agenda.




Time Lessons or Topics

45 minutes Lesson 1

45 minutes Lesson 2

45 minutes Lesson 3

1 hour Lunch Break

45 minutes Lesson 4

45 minutes Lesson 5

45 minutes Lesson 6

Suggested agenda for ILO delivery

The following table shows the recommended agenda for ILO delivery.

Time Lessons or Topics

1 hour Troubleshooting

1.5 hours Lesson 1 and Lesson 2



Facilitating an ILO Course

Delivering a course in on online environment is probably more similar toclassroom training, than it is different. Many course delivery strategies arevalid in the online interface but require some modification for remote deliv-ery.

Technologies used in an online course

The delivery environments used for an instructor-led online (ILO) courseare:

● Web meeting

Using the tools of a Web meeting application, instructors present slides,conduct demonstrations, lead discussions, and answer questions.

● Virtual lab

Appendix



Student workstations are installed in an eLab and accessed by studentsremotely. The lab workstation is available to students for the duration ofthe course and used to complete all lab activities and for independentpractice.

Comparing classroom and ILO delivery

The following table lists the course activities and how they can be facilitatedin both classroom and online classroom environments.

Course activity In the classroom In an online classroom

Presentation Instructor projects slideson the classroom moni-tor or projection screen.

Instructor displays slidesin the online classroominterface.

Application demon-stration

Instructor performs dem-onstrations and output isdisplayed on classroommonitor or projectionscreen.

Instructor shares herdesktop or applicationusing the screen sharingfeatures of the onlineclassroom interface.

Discussion Students and instructordiscuss topics.

Students and instructoruse audio connection todiscuss topics. Othertools to aid discussioninclude:

● Hand raise

● Chat window in Webconference

● Break out sessions forsmall group interaction





Guided practice Instructors and studentsperform activities simul-taneously. Theinstructor’s activities aredisplayed on the class-room monitor orprojection screen.

The instructor chooses to:

● Convert the practice todemonstration andinstruct students topractice the activity,after the session, usingthe instructions in theStudent Guide.

Note: This option maybe used only if thecompletion of the prac-tice activity is not aprerequisite to subse-quent course practiceactivities.

● If a live application isavailable for students,instruct students toperform the guidedpractice as unguidedpractice.

Unguided practice andexercises

Students complete theseindependently on class-room lab machines.

Students complete theseindependently on virtuallab machines.Generally, these activitiesmay be completed afterthe live session. If theactivity cannot be movedbecause it affects the flowof delivery, then theinstructor may pause thelive session to allow stu-dents to log in to theirvirtual accounts to com-plete the activities. Thenstudents rejoin the livesession.The instructor may beavailable to students dur-ing lab periods by phone,instant messaging, orusing the virtual class-room chat feature.

Appendix




Questions Instructors query forquestions or encouragestudents to interruptwhen they need to ask aquestion.

Instructors pause the pre-sentation ordemonstration to ask forquestions.Students use the handraise feature to indicatethey have a question.

Feedback Instructors view bodylanguage to assess stu-dents’ interest,understanding, and tojudge pacing of delivery.Instructors use this feed-back to adjust thecontent or pacing, or toaddress an individualstudent’s questions.

This is a more formal taskin a virtual environment.Instructors may need toask for feedback eitherverbally or use the pollingfeatures of the virtualclassroom.Some conferencing appli-cations allow participantsto provide feedback bydisplaying icons in theparticipant list.Instructors may conductfeedback discussions atthe end of each sessionto ask for specific pacing,level, and content feed-back.

The ILO agenda

We have provided a recommended ILO agenda for you earlier in thisappendix. Should you wish to create your own agenda, you need to:

● Divide the course into modules that can be delivered in online sessions.

● Adjust the order of practice activities so that independent lab activitiescan be completed after the online sessions.

● Modify some activities so they are demonstrations rather than indepen-dent practice. This strategy is used when a practice activity is in themiddle of a live session.

Note: The completion of some course activities is required for subse-quent activities to be completed. For example, students need tocomplete an activity to register a new user before they can complete anactivity where they give that user access privileges. In these instances,you will need to identify the required activities and ensure they arecompleted as needed.




Additional tips for creating the ILO agenda

Consider the following when setting up your course agenda:

● The optimal length of an online session is two hours.

● You may, optionally, choose to deliver the course in full-day sessions,breaking for activities.

● You should schedule instructor “office hours” when students may reachyou by phone for individual tutoring on topics as needed.

● You should allot more time for breaks than you would in a live class-room situation.

● Add time to the beginning of the online sessions to review lab activities.In the early sessions, when students are first using the eLab environ-ment, you will need this time to address any problems or observationsstudents have about working in the virtual lab environment.

Scheduling the ILO

When setting your ILO schedule, consider the following:

● A virtual class may be attended by participants in multiple time zones.You need to be available during the times students are completing theirlab activities.

● Although you will not be presenting lab activities, you need to scheduletime for students to complete these. If your online class ends late in theday, you should not expect students to complete the lab activities byearly the next day.

● The virtual lab, used by students to complete activities, may not beavailable to class participants during certain hours. Or, the lab may beunsupported during night time hours.

● Schedule time before the first class session, to help students test theirability to connect to the Web meeting facilities.

Instructor Preparation for an ILO Course

Additional tasks should be completed to prepare and deliver this course in alive, online session. This section lists some preparation tasks for preparingto teach online.

Presenting a live session in an e-learning environment

This seminar requires you to manage several tasks simultaneously, whichcan be challenging. You must manage multiple presentation tools, engagestudents interactively, demonstrate applications, respond to questions, andtroubleshoot technical glitches—all while maintaining flow and continuity inthe restricted time frame of the scheduled class session.

Appendix



In addition, you must manage the pacing and interaction within the course;monitor electronic and verbal hand raising; compose, send, and evaluatequestions and answers; and fill time as you wait for applications to display.You will also need to manage other, unscheduled events. For example,applications may crash, displays may freeze, or you may unintentionallyclose a window. You may also need to help students manage their own dis-play. For example, you may need to instruct a student on how to recover afloating course screen, scroll the display, or scale a window’s image.

All these events require your attention, and at first, the online collaborationtools will require training and practice. We recommend that you attende-learning facandilitation training for the e-learning tool being used for deliv-ery and rehearse your class presentations demonstrations.

Assisting the facilitator

We strongly recommend, in addition to extensive preparation and rehearsal,that you recruit a colleague to assist in delivering this course, at least thefirst time you present it. Consider delegating the following roles and respon-sibilities:

● Facilitator: This person presents the content and performs the interac-tive demonstrations, paying attention to the flow and interaction of thecourse. The facilitator:

■ Displays each presentation page.

■ Performs and narrates the interactive demonstrations.

■ Responds to verbal questions.

■ Manages the session pacing.

● User Interface (UI) manager: This person manages the elements of theuser interface. The UI manager:

■ Monitors the display on a separate machine to ensure that thefacilitator narrative matches the refresh rate in the student browser.

■ Monitors the participant list for raised hands.

■ Answers students’ questions regarding the UI and any problemsthey may be having with it. This can be done in a separate chatwindow.

You should rehearse each session with your partner and clearly define yourroles and responsibilities regarding each element of the presentations andinteractive demonstrations. Take a few minutes after each live session toreview the things that did and did not work.




Preparation checklist

After the course has been set up in the e-learning environment, you should:

● Prepare your e-learning podium.

● Rehearse the presentation.

● Reserve audio conference services (do this if you will not use IP audio).

● Conduct a connection test with students.

● Review Preparing to Teach an e-Learning Session, in this section.

● Review Delivering an e-Learning Session, in this section.

Preparing your e-learning podium

The e-learning delivery podium is very different from the classroom podium.You can deliver this course from any workstation with a browser. You shouldalso examine the environment from which you deliver the class.

● Review your setup.

■ Place a second computer next to your facilitator machine. Log onto this second machine as a student. Using the second studentmachine, you can monitor what the students are seeing, forexample, how fast the refresh rate is.

■ Use the fastest machine you can for interactive demonstrations.Waiting for a slow processor to perform your interactive demonstra-tions can be awkward.

■ Invest in a high-quality telephone headset. Your students will belistening to you talk for hours at a time. Using a low-qualityspeakerphone or headset can be irritating to listeners.

● Listen to your environment.

■ Turn off the ringer on your phone and disable call waiting.

■ Disable voice paging on your phone, if you have this feature.

■ Disable the intercom.

■ Close the door (if you have one).

■ Inform your colleagues and office neighbors of class dates andtimes.

Appendix



Rehearse the presentation

Create a test session. Test and rehearse:

● Presentation materials: Display each slide and practice delivering thecontent as scripted in the Instructor Guide.

● Screen sharing demonstrations: As with any course, you shouldrehearse these demos to ensure that you can access the requiredapplications and you can smoothly transition between the presentationsand interactive demonstrations.

● Rehearsing interactive demonstrations: This course requires you to usethe screen sharing feature to share demonstration media files. Youshould rehearse these interactive demonstrations several times.

● Rehearsing transitions: Several times during this course you arerequired to switch from presenting slides to using screen sharing.

Reserve conference services

Course participants connect to the course session using a Web browser.The audio portion of the session can be heard from:

● The speakers on the student’s computer: The session must be enabledfor IP audio.

● A telephone conference: Students use their telephones to listen andparticipate in the session. A conference service is used to join all phoneconnections into a conference.

Information you provide

Whether you use internal or vendor-provided conference services, you willneed to provide the following information:

● Estimated number of participants: It is always better to overestimate,just in case you have a few last-minute course registrants.

● Origin of calls: Calls that originate in another country or time zone mayrequire different support or configuration on the part of the conferenceprovider. You should identify this in advance.

● Contact name and number prior to the conference: If conference facilitypersonnel need to confirm or modify arrangements, they will need tocontact you.

Information you need to provide to students




When you reserve the bridge facilities, you should confirm the followinginformation. This information will be communicated to students prior to thefirst class:

● Dial-in number for participants: This is the phone number that studentswill dial.

● International dial-in number (if needed): Some conference providers willprovide different dial-in numbers for international callers.

● Conference reference name or number: Some conference service pro-viders connect callers to specific conferences. In these instances, thecaller dials a central number and identifies the desired conference usinga predefined conference number, title, or host (facilitator) name. Thecall is then connected to the appropriate conference.

● Password: Optionally, some providers may require a password forentrance into a restricted conference.

● Support resources: The conference provider may provide an additionalphone number for participants to call if they are having problems con-necting to the course.

Conduct a connection test

There are several reasons why you should request that students test theirability to connect to the course—the least of which is to troubleshoot prob-lems prior to the first class. To prepare students, you should:

● Create a live session and schedule it to occur about one week prior tothe session. Invite students to join the session so that they can:

■ Test their ability to connect to the session services.

■ Download any applications and plug-ins.

■ Get acquainted with the e-learning user interface.

Appendix



Additional Considerations

Preparing students

While preparing the to lead the course, you provided a test connection ses-sion for students and tested your own equipment and network connections.However, you will still need to make time at the beginning of the class totroubleshoot any connection or presentation issues that arise. In addition,you should:

● Encourage students to test their virtual lab connections. Allot some timein the first or second class session to review student questions regard-ing the lab environment. Students connect to remote facilities tocomplete the lab exercises. It is common for the lab machines to beavailable for the duration of a course. Although you cannot provide sup-port during this entire time, you should establish the times whenstudents can expect to receive support for their lab activities.

● Help students distinguish the kind of help they need. There will be twotypes of help required:

■ Content help: Assistance completing the lab task, which includeshelp understanding the instructions and troubleshooting errors thatmay occur.

■ Lab facility help: This includes help connecting to the lab and usingcredentials to log in to the student account.

● Provide additional ILO class support information. Students in a distrib-uted learning environment require several types of support, ensure theyhave the necessary information to gain each type of support:

■ Technical support: To help resolve connection issues.

■ Content support: To answer questions about the materials pre-sented in class.

■ Process support: To assure them that their participation in class isappropriate.

● Schedule office hours: Make yourself available by phone, e-mail, orchat to support students. Recommend that students plan to completethe lab exercises during those office hours, when you can provideassistance to them.

● Encourage students to help each other.

■ You can support this formally by setting up an online communityusing collaboration applications such as forums or wikis.

■ You can encourage students to do this informally using shared con-tact information or, if students are co-located, they may choose tocomplete the lab activities together.




Beginning the class

Before you begin the class:

● Display the opening slide and dial into the conference services at least15 minutes prior to the beginning of class. This will give students achance to test their connections. Use the draw tools to enter the time atwhich the class will begin.

● Arrange your workspace.

■ Clear the clutter on your desk; leave ample room for your Facilita-tor Guide, notes, documentation, and so on.

■ Close any unused applications. They use valuable systemresources.

■ Arrange the e-learning windows so that you can display all therequired functions.

Pacing and interaction

Consider the following :

● Keep students engaged. Two hours of watching a presentation can puteven the most enthusiastic student to sleep. Add interaction where pos-sible.

■ Survey your students, either verbally or by sending an electronicquestion. Ask them about the level and pacing of your presentation.As with classroom-based audiences, some students will have moreadvanced experience and will benefit from less presentation andmore demonstrations with verbal questions and answers. Othersmay require more remedial instruction. You may not know thisunless you ask.

■ Share the demonstration. When you share an application, as youdo when you demonstrate, you may be able to pass control to vol-

Appendix



unteers who can complete tasks. Sharing the demonstration addsmore activity in the class and helps to engage students.

■ Pause for discussion. Ask your students to discuss the implicationsof a specific function or feature. Be aware that discussions taketime and you may need to limit their scope and timing in order tostay within the session time.

● Ask for volunteers. Be aware that some adult learners prefer to observeand are uncomfortable when called upon to answer a question or per-form an exercise. If you initiate discussion or share an application, askfor volunteers to electronically raise their hands. Then, select fromthose students.

● Manage silence. It is fine to pause your presentation to catch yourbreath or to wait for a slide to load, but remember that students haveno visual contact with you. If you are silent for too long, they may thinkthey have lost their audio connection. If you find that you are waiting along time for an application to perform a function, ask for questions,initiate a short discussion, or review what you have done so far.

● Make your personality larger. As an effective instructor you use yourpersonality and demonstrated passion for the content being delivered toengage students in learning. You will need to find a way to communi-cate these things in the virtual environment without the aid of facial andbody language.

Managing the visual display

Consider these tips:

● Use the pointer tools to show bulleted list items.

● If you distribute student materials, refer to the pages often.

● Move your cursor slowly and deliberately.

Note: It is helpful to change the cursor style on your system so it iseasy for students to identify it from their own.

● Do not use shortcut keys to initiate functionality, unless it is part of theinstructions. Students cannot follow you when you press CTRL+C, butthey can follow you if you click Edit→Copy.

● Close demonstrations when they are complete. Start new demonstra-tions from a neutral screen.

CLI Private Site

For more information on how to teach this course, refer to the CLI PrivateSite located at http://www.lotus.com/cli.

If you have already registered, enter your user name and password toaccess the Instructor Lounge and other private areas of the Web site to gainadditional information for teaching this course.




If you have not registered, visit the Education Zone located at http://www.lotus.com/educationzone and follow the instructions to register for thecertified community. After registering, you will be able to access the CLI Pri-vate Site using your user name and password.

CLI Certification Requirements

To learn about the requirements for becoming a CLI or to upgrade your cur-rent certification, visit the IBM Software Services for Lotus Certification Website at http://www.lotus.com/certification.

Course Evaluation

At the end of the course, lead students to connect to the course evaluationWeb page to complete an evaluation survey.

Explain the importance of student feedback as a tool to help IBM improvecourse design and content and you to improve your presentation.

Tell students that the survey is anonymous; they will not be required to pro-vide their name or contact information, but can do so if they wish.

Completing the evaluation survey

Instruct students to complete the online course evaluation. This should takeno longer than 15 minutes.

Write the following information on the classroom whiteboard or flipchart:

● Evaluation site: http://www-03.ibm.com/certify/certs/lotussurvey.shtml

● Instructor name:

● Class number:

● Course code:

Appendix



Additional Instructor NotesThis section provides notes that aid in teaching the course. They providethe instructor with helpful information and may contain alternate tasks forinstructor-based classroom demonstrations.

Lesson 1 page 4

To demonstrate how a server identifies and store information specific tothe machine, open the Server document and point out the information inthe following table.

Tab Field Description

Basics Server name Defines the server’s LotusDomino name

Fully qualified Internethost name

Compares this network nameto the name Lotus Dominoknows

Routing tasks What the server is used for

Security Administrators Who manages the server

Server access section Who can use the server

Ports Where the server is locatedon the network

Lesson 1 page 5

To demonstrate how a client identifies a server by showing a Locationdocument, open the Notes client Location document and point out theinformation in the accompanying table.


Tab Field Description

Basics Location type How you connect to theserver.

Location name How to choose the setof server connectioninformation.

Servers Home/mail server Where the client goes tofind information and theuser mail file.

Domino directory server Which server to use foruser name, servername, and other infor-mation (usually thehome/mail server).

Ports How the client connectsto the network.

Mail Mail file location Where your mail file canbe found.

Mail file The directory where thefile exists.

Domino mail domain What set of LotusDomino mail servers(domain) you are partof.

Lesson 3 page 53

Example of completed organizational chart.

Additional Instructor Notes


Lesson 4 page 89

This model is the most efficient method and allows for easier expansion,such as adding new servers and clustering existing servers.

The corporate Hub server is the main hub and takes overall control of mailand replication. There are Connection documents from the main hub to theregional mail servers. The regional mail servers can then act as hubs ifadditional mail servers are added.

The Connection documents enable communication between two or moreservers in the regional NNNs. The Connection document specifies how andwhen information exchange occurs.

Lesson 6 page 116

The accompanying table is backed up by these details on why to partition aLotus Domino server.● Each partitioned server has its own Lotus Domino data directory and

Notes.ini file, but all partitioned servers share the same Lotus Dominoprogram directory.

● Partitions are particularly effective when the servers are in differentdomains. For example, on one computer administrators can dedicate mul-tiple domains to multiple customers or set up multiple Web sites. In mostcases, partitioning servers from the same domain uses more computerresources and disk space than combining the servers into a single server.This is because the Lotus Domino executable files are loaded for eachpartitioned server, and each Lotus Domino server must have its own copyof the Lotus Domino Directory and other administrative applications.

Refer students to the Lotus Domino Administrator 8.5 Help topic Parti-tioned servers for additional information and recommendations.



Glossaryaccess control list(ACL) determines access to a given database, and the type of accessallowed.

access controlsDetermine what information is available to the entity.

applicationA solution to a particular business problem that may contain one or moredatabases and other components, such as JavaScripts.

authenticationEstablishes trust between two entities.

certificateA unique electronic stamp stored in an ID file that associates a namewith a public key.

certifier IDA file that generates the electronic stamp to indicate a trusted relation-ship.

clusterA group of two or more servers that provides users with constant accessto data, balances the workload between servers, improves server perfor-mance, and maintains performance when you increase the size of theLotus Domino environment.

common certificateA certificate derived from the same Lotus Notes or Internet (X.509) certi-fier, or one of its ancestors in the organizational hierarchy.

composite applicationA collection of two or more distinct applications that address a businessneed for a specific group of users, and can be accessed from onescreen.


domainA collection of servers and users that share a single Lotus Domino Direc-tory.

ECL(Execution Control List) Defines workstation security for the Lotus Notes cli-ent.

field-level replicationThe process of copying only fields that have changed since the last time thetwo databases replicated.

group typesUsed to define the purpose of the group and determine the views in theLotus Domino Directory where the group name appears.

groupA list of users and/or servers that have something in common. Each groupmust have an owner, who is usually an administrator or an application man-ager.

hierarchical namingAssociates names with the certifiers in an organization.

Location documentA feature that connects you to applications on servers by providing a placeto specify information such as the name of your mail server, whether youuse a passthru server, or even which Lotus Notes ID to use.

Lotus Domino DirectoryA database that stores information that allows Lotus Domino servers andclients to function properly.

Lotus Domino Enterprise ServerIncludes the functionality of both the Lotus Domino Utility and Domino Mes-saging Servers, including support for clusters.

Lotus Domino Messaging ServerProvides messaging services. It does not include application services.

Lotus Domino replicationA process of exchanging modifications between two database replicas sothat the same database may be updated and shared by many users in dif-ferent locations accessing different servers.

Lotus Domino serverA computer that runs the Lotus Domino server program, stores Lotus Notesdatabases, and runs services that manipulate Lotus Notes data.



Lotus Domino Utility ServerProvides standard Lotus Domino application services and custom LotusDomino applications for Lotus Notes and Web clients, as well as support forclusters. It does not include messaging services.

Lotus Notes and Lotus DominoA client and server environment that provides services to allow an organiza-tion to perform tasks to store, communicate, and exchange information.

Lotus Notes clientA computer that can access Lotus Domino data both on servers and locally,providing portable access to data.

Lotus Notes IDIdentifies a user or server to Lotus Domino systems.

mail routing topologyEstablishes which servers are connected and how they communicate spe-cific information.

Object StoreA place where all Notes data resides in the form of an NSF application.

organization certifierA special file created at the time the first Domino server is set up in thecompany.

organizationDefines the naming hierarchy for a Lotus Domino environment, which isused for security.

OU(organizational unit) Defines an organization’s hierarchy as it relates topeople.

Person documentDescribes a Lotus Notes or non-Lotus Notes user in the Lotus DominoDirectory.

policyThe Policy document and its associated Settings documents.

replicaA special copy of a database.

replicationThe process of synchronizing documents from the same databases on dif-ferent workstations or servers over time.



ReplicatorA server task that is loaded, but not initiated, at server startup.

roleIdentifies a set of users and/or servers.

Server documentCreated when you register a server; it contains many of the settings thatdefine how your server operates.

server taskA program provided with the Lotus Domino server that runs when loadedand activated.

T.120A family of open standards that contain a series of communications andapplication protocols and services that provide support for real-time,multipoint communication.

Web clientA computer that can access Lotus Domino data on the server to display in abrowser.



Index

Aaccess control list, 63access control options, 63anonymous, 60authentication

access controls, 55

Ccertificate, 56certifier ID, 56clients

Lotus Notes, 5Internet mail

cluster, 114common certificate, 57Composite application, 11Configuration tab views, 31

DDatabase and Applications Types, 10deny list, 69domain, 13Domino standard services, 111

Eexecution access, 75Execution Control List (ECL), 75

FFeatures of Lotus Notes 8.5, 7field-level replication, 97File tab tasks, 30

Ggroup, 29group types, 69

Hhierarchical name, 45

IIBM Lotus Notes ID vault

creation, 61IBM® Lotus Notes® and IBM® Lotus®

Domino®, 3ID file types, 57Internet (X.509) certificates, 56

LLocation document, 5Lotus Domino Directory, 13Lotus Domino Enterprise Server, 4Lotus Domino Messaging Server, 4Lotus Domino partitions, 116


Lotus Domino replication, 30Lotus Domino server, 3Lotus Domino Service Categories, 14Lotus Domino Utility Server, 4Lotus Notes client, 3Lotus Notes ID, 56

Mmail routing topology, 84Messaging tab tasks, 30

NNotes certificates, 56

OObject Store, 9organization, 41, 42organization certifier, 42organizational unit, 42

Also See: organization

Pperson document, 29

Rreplicas, 93replication, 93Replication tab tasks, 31Replicator, 93required server applications, 12role, 64

SServer document, 4server host names

common names, 50server task, 15settings document, 36simple, 60

WWeb client, 3

Index


IBMD8L75IG rev 1.0