1 / 66

Essential Domino Administration Guide

A comprehensive session on Lotus Domino Administration, covering key concepts, tasks, tools, and server types. Learn about databases, replication, security, and more. Ideal for administrators managing Domino environments.

evaking
Télécharger la présentation

Essential Domino Administration Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lotus Domino Administration 101 SHARE Session 7670 Pat Berastegui Egen Patricia Egen Consulting pregen@egenconsulting.com

  2. Agenda • Brief review of Notes/Domino concepts • What does a Domino administrator do? • What tools are available to do the job? • Demo where useful

  3. Notes/Domino Concepts A Notes database is a file containing data in documents, and application logic to manipulate that data. Views are used to navigate through the data.The data is shared through a Domino server.

  4. Simple Overview of a Notes Database DB.NSF Fill Out the Form to create a Document in the Database View Results enter:____________ x: text1 x text2 Sign by: __________ document1 document2 document3 xxxx xxxxx xxxxx xxxxx 122 345 5 23 14 12 12 15 77 32 6

  5. Definition of a Domino Server • Server machine providing • Connection services for user workstations • Mail routing • Database sharing • Replication • Security • Storage for Notes databases/applications • HTTP translation • In most cases, server machine should be dedicated to Domino

  6. Types of Domino Servers • Servers may be dedicated by function • Web server • Replication hub • Mail hub • Database server • Mail server • MTA servers (FAX, LNDI, SMTP, & others) • Passthru server NOTES

  7. Names.nsf Names.nsf Names.nsf Domain A Notes domain consists of multiple servers sharing a Public Name and Address Book (NAB) which is synchronized using replication

  8. Pull Pull/Pull Push Pull/Push What is Replication? • Replication is the technology which allows multiple copies of a database to remain synchronized with each other • Replication between servers can be done in several flavors:

  9. Single Domain • Advantages • Provides clear view of the Domino topology • Facilitates centralized management • Better ACL control • Easier Mail addressing • Easier to send signed mail • Disadvantages • Address book may be very large • Controlling access to the address book may be complex

  10. Multiple Domains • Advantages • Facilitates distributed management • Local support can be responsive • Easier to deploy in a decentralized organization • Smaller N&A book • Easier to replicate • Disadvantages • Managing the overall topology may be complex • Managing ACLs in applications that span domains is challenging • Controlling domain proliferation may be difficult

  11. Notes Named Network • A collection of servers that communicate directly on a LAN or WAN • Servers run same protocol • A constant connection on the LAN or WAN is maintained • Servers on the same named network and same domain route mail automatically • When users select File ==> Database ==> Open; Server; Other, they see a list of servers in the Notes Named Network that their home server is a part of.

  12. Notes Named Networks A domain may consist of multiple Notes Named Networks Names.nsf Multi-protocol Servers Mail Servers SPX NETBIOS TCP/IP

  13. Layers of Security Network Firewalls Server Server ACLs Database Database ACLs Forms/Views Form/View ACLs Reader/Author Fields Documents Fields Encryption

  14. Notes Security • Passwords • ID(May have multiple passwords) • Server Console • Certification and authentication • User and server verify each other's identity • Access control lists • For servers and databases • Reader and author names fields in documents • Encryption • At the field level

  15. Server Security • Access Server • Create Databases • Create Replicas • Passthrough Server (to and through) • Run agents

  16. Database Access Control List ACL Level Access No Access No Access to Database Depositor Add Documents Only Reader Read Only Author Read/Add/Change Own Editor Read/Add/Change All Designer Change Design Manager Perform All Operations

  17. ACL Specification

  18. Domino Implementation Overview Determine server platform(s) Design topology Plan naming conventions Pre-Install Install hardware Install software Customize/setup Install Connect and maintain servers Register and maintain users Set up and maintain routing and replication Manage Notes security Set backup strategy Troubleshoot problems Post-Install

  19. What does a Notes Administrator do? • Connects, maintains and monitors servers • Registers and maintains users and groups • Sets up and maintains mail routing and database replication • Manages Notes security • Sets backup strategy • Troubleshoots problems

  20. What authority does an administrator need? • Editor access to Name and Address Book (may be limited by roles) • Appropriate access to server and key Notes files • Access to certifier • Remote console authority

  21. Administrator Tools • NOTES.INI • Server console commands (local or remote) • Public Address Book • Administration Control Panel • New to 5.0, can run on another computer • Administration Process (AdminP) • Monitoring and statistics databases • Web Administration Database • Third party tools

  22. Key Notes Files and Databases(1) • NOTES.INI - Notes initialization settings • NAMES.NSF - Public Name & Address Book • ID files - Certifier, User, Server • LOG.NSF - Records server activity • ADMIN4.NSF - Used by the Administration Process • WEBADMIN.NSF - Used for Administration through a browser

  23. Key Notes Files and Databases(2) • CERTLOG.NSF -- Tracks the creation of IDs and cross-certificates • EVENTS4.NSF - server monitoring information • STATREP.NSF -- reporting database for events • COLLECT4.NSF -- configuration for a single server to monitor a group of servers • DESKTOP.DSK - Defines Notes client workspace

  24. Server Characteristics • Which server tasks should be running? • How many routers and replicators should be running? • Which address books are cascaded? • Which shared mail option has been implemented? • When do administrative server tasks (e.g., re-indexing) run?

  25. Server Tasks • AdminP • Catalog • Compact • Event • Fixup • Design • Updall • Replica • Reporter • Router • Statlog • Stats • HTTP • Web • Sched • Calconn

  26. Controlling Notes through NOTES.INI • The NOTES.INI file contains the initialization and configuration settings for a Notes server • Directories and paths • What tasks should start automatically • Information about the environment • There are 5 ways NOTES.INI is modified • Edit NOTES.INI directly • Set a Configuration Variable at the Server console • Modify the Server Document or create a Configuration Document in the NAB • UNIX environment variables • User interface actions

  27. Example of NOTES.INI [Notes] KitType=2 Directory=d:\notes\data WinNTIconPath=d:\notes\data\W32 $$HasLANPort=1 Preferences=-1584919439 Console_LogLevel=2 VIEWIMP1=Lotus 1-2-3 Worksheet,0,_IWKSV,,.WKS,.WK1,.WR1,.WRK,.WK3,.WK4, ... StackedIcons=1 DESKWINDOWSIZE=16 23 420 288 ServerTasks=replica,router,update,stats,amgr,adminp FileDlgDirectory=D:\notes\data\notesids KeyFilename=notesids\uslwoody.id TCPIP=TCP, 0, 15, 2000 LAN0=NETBIOS, 0, 15, 0 MailSystem=0 Timezone=6 ...

  28. Modifying NOTES.INI • Change the interval field in the AdminP section of the Server Documentor • At console, type Set Config ADMINPINTERVAL=15or • Create a Configuration Document in the Address Book that sets ADMINPINTERVAL to 15or • Edit NOTES.INI to read ADMINPINTERVAL=15 For example, to set how often the Admin Process should look for work to do:

  29. Controlling Notes at the Server Console or from an Administration PC. • HELP • SHOW • TASKS • USERS • DISKSPACE • MEMORY • PORT • CONFIG • QUIT

  30. More Console Commands... • SET • CONFIG • SECURE • LOAD • TELL • REPLICATE • PUSH • PULL • ROUTE • BROADCAST

  31. Remote Console

  32. The Name and Address Book • The Public Address Book is a Lotus Notes database, stored on the server, that contains key information about a Lotus Notes domain, its configuration, and its users. Its file name is NAMES.NSF • A server will not start without access to the Public Address Book • Additional address books (e.g., foreign) may be "cascaded"

  33. 15 Public Address Book Documents • Groups • Locations • People • Server • Certificates • Clusters • Configurations • Connections • Domains • Servers • and more...

  34. Server Document

  35. Person Document

  36. Public vs. Personal Address Book • Each Notes client also has a personal address book stored on the workstation that contains the user's personal groups and frequent correspondents, as well as information about how the user interacts with servers and the network • The file name for the personal Name and Address Book is also NAMES.NSF • For the administrator using the server as a workstation, the NAB is shared

  37. Database Management Tools

  38. Registering and Connecting Additional Servers • Having multiple servers in a domain allows servers to focus on different tasks such as replication, mail routing, or passthru. • The administrator must register a new server before the Notes server code is installed, using the Administration Control Panel • Registration creates an ID file for the server and adds a Server document to the Public Address Book • At setup time, the new server gets a replica copy of the NAB from the first server

  39. Two Naming Models: Flat and Hierarchical • Used for both servers and users • Flat name: "John Smith" or "Pluto" • Hierarchical name: "John Smith/CAM/Lotus" or "Pluto/Solar System/Universe" • Domino supports both • Hierarchical has advantages • Mixed environments are the most complex

  40. Directory What's a Hierarchical Name? • Inspired by X.500 • Name includes organizational structure • Always has a Common Name and Organization name • Optional Country code and up to four levels of Organizational Unit names • e.g., John Smith/CAM/Lotus OU O CN

  41. Hierarchical Naming Conventions • Based on business unit • e.g., John Smith/Sales/Acme • Based on geography • e.g., John Smith/NY/Acme • Based on business unit and geography • e.g., John Smith/Sales/NY/Acme • Keep organizational units to a minimum • Use middle initials or user-unique organizational units to make identical names unique • Avoid commas and periods

  42. Server Naming Conventions • Memorable names • e.g., Marketing, Accounting • Descriptive hierarchical names • e.g., Marketing/M/NYC • Descriptive flat names • e.g., Acme_NY_Mail1, Acme_NY_DB2, Acme_NY_Hub1

  43. Registering/Certifying Users • Every user who will access Notes with a Notes client must be registered • User Registration is performed through the Administration Control Panel or in batch from an ASCII file • At User Registration: • A user ID file is created, containing the user's name, password, and encryption keys, and stamped with a certificate • A person document for the user is added to the server's Public Name and Address Book • A mail file is created for the user on the designated Home server

  44. Authentication • ID file contains: • User/server name and password • Creation/expiration info • License number • Certificates • Public key • Private key • Encryption key(s) • ID files whose certificates share a common ancestor can authenticate with each other

  45. Interacting with Other Organizations • Cross-certificates can "connect" whole organizations with a single step, allowing organizations, organizational units, users or servers with no common ancestral heritage to authenticate • With flat names, individual members of organizations must cross certify • If there is someone with the same name in the foreign organization, cross certification is not secure!

  46. Defining Groups • A group is a named list of users stored in the NAB • Groups may be multi-purpose, or specific • Mailing List (Distribution List) • Access Control List • Deny List • The Notes Administrator defines Groups in the Public Address Book through the Administrator Control Panel or by viewing the NAB • Groups can also be implicit • Entries of the form */Acme can be listed on an ACL to give rights to all members of an organization

  47. Managing Users • Users' names need to be changed • Access must be revoked for users who leave • Users must be recertified when certifications expire • Users may move between organizational units • Servers or domains may need to be consolidated

  48. Moving Mail Users to a New Server • Copy the user's mail file to the new server • Change the user's person document in the NAB • Replicate the NAB • Delete the old mail file • Change the user's location document

  49. Administration Process • The Administration Process (AdminP) automates certain administrative tasks by scheduling updates across multiple servers • Change User's or Server's Common Name • Update ACLs With Name Changes • Recertify an ID • Move Users and Servers Within a Hierarchy • Delete Users, Servers, and Groups • Globally Convert IDs from Flat to Hierarchical • Each database to be managed by ADMINP has an administrative server assigned • AdminP requests are stored in ADMIN4.NSF

  50. Setting Up Mail Databases • Mail may be stored in shared mail databases (single copy object store) or individual mail databases • With shared mail, the router splits the mail message into two parts: • Header - put into each recipient's mail file • Content (body) - put into active shared mail database • Shared mail options (NOTES.INI) • 0 - Shared mail not in use • 1 - Shared mail used when recipients = 2 or more • 2 - Shared mail used always • Administrator creates shared mail databases, monitors size, switches to new databases, and links and un-links mail files from the shared mail database

More Related