Lotus Admin Training Part I

50 %
50 %
Information about Lotus Admin Training Part I

Published on November 23, 2009

Author: sanjayaksaxena

Source: slideshare.net


Introduces the essential technical concepts and Domino environment required for the administration. Also outlines the responsibilities of the System Administrator.

Reference: Lotus Domino Admin Help

Lotus Domino Admin Training Essential Concepts Introduces the essential technical concepts and Domino environment required for the administration. Also outlines the responsibilities of the System Administrator. Reference: Domino Admin Help (c) Sanjaya Kumar Saxena

Directory and Directory Services ‣ List of Resources Printed directories, alphabetical or notes classified lists of resources containing names, locations and identifying ‣ Used for Locating Resources information, are important information tools in the provision of ‣ Typical examples are: library services. Most often these are directories of people and organizations, listing inhabitants of a • Yellow Pages specified locality (e.g., a city directory), users or clients connected with a • Telephone Directory Inquiry Services particular profession or occupation (e.g., a directory of manufacturers), or those who subscribe or use a particular service (e.g., a telephone directory). In a LAN or WAN, this directory information may be used for e-mail addressing, user authentication (e.g., logins and passwords), or network security (e.g., user-access rights). A directory may also contain information on the physical devices on a network (e.g., PCs, servers, printers, routers and communication servers) and the services available on a specific device (such as operating systems, applications, shared-file systems, print queues). This information may be accessible to computer applications and users. The users of the directory, including people and computer programs, would be able to read or modify the information or parts of it, as long as they had the authorization to do so. This idea grew into the definition of X. 500.

X.500 Functions ‣ During the 1980s, the growth in notes Provide a global, unified naming service for all elements in implementations of wide area network communication forced the deployment a network of a new set of networking protocols called open system interconnection ‣ Translating between network names & addresses (OSI). OSI presented a seven layer model of communications. Part of the ‣ standards developed by CCITT is a Provide description/attributes of all objects in a directory definition of generic directory service. CCITT defined the first X.500 standard ‣ Provide unique names to all objects in a directory in 1988, which then became ISO 9594, Data Communications Network Directory, Recommendations X.500/X. 521 in 1990, though it is still commonly referred to as X.500.

X.500 Directory Information Base ‣ For example, unique id for Sanjaya notes DIB is organized in a tree structure known as Directory Kumar Saxena working in technical dept. at ACME Systems in India will Information Tree (DIT) be: CN=Sanjaya K Saxena, OU=Technical, O=ACME Systems, C=IN

X.500 Accessing DIB The Directory Access Protocol (DAP) notes defines how DUAs get access to the information stored in DSAs. User DSP DUA DSA DSA A Directory Service Protocol (DSP) is used between two DSAs to query user DAP information lookups over multiple DSAs. DSA DUA A set of one or more DSAs and zero or User more DUAs managed by a single organization may form a Directory DUA Management Domain (DMD). A DMD may be an Administration DMD (ADDMD) or a Private DMD (PRDMD), depending on whether or not it is being operated by a public telecommunication organization or by service provider.

LDAP ‣ LDAP evolved as a lightweight notes Lightweight Directory Access Protocol protocol for accessing information in X.500 directory services. It has since ‣ Based on X.500 DAP become independent of X.500. LDAP runs over TCP/IP rather than the OSI • But the light weight version protocol stack. The functional model of LDAP is simpler compared to X.500. - Uses TCP/IP instead of OSI LDAP defines the content of messages exchanged between an LDAP client - Simple protocol and functional model and an LDAP server. The messages specify the operations requested by - Esoteric capabilities dropped the client (for example search), the responses from the server, and the ‣ format of data carried in the LDAP V2 finalized in 1995 messages. LDAP messages are carried over TCP/IP, a connection- ‣ LDAP V3 recently released oriented protocol; so there are also operations to establish and disconnect • RFC 2251-56 a session between the client and server. LDAP typically defines operations for accessing and modifying directory entries such as: • Searching for entries meeting user specified criteria • Adding an entry • Deleting an entry • Modifying an entry • Modifying the distinguished name or relative distinguished name of an entry (move) • Comparing an entry

LDAP Models ‣ notes Information Model describes the Informational Model structure of information stored in an LDAP directory. • Directory composed of objects/entries Naming Model describes how • Object/entries organized hierarchically information in an LDAP directory is organized and identified. • Each object/entry has one or more attributes Functional Model describes what • Each attribute has one or more value operations can be performed on the information stored in an LDAP • Schema define object classes to categorize them directory. Security Model describes how the information in an LDAP directory can ‣ be protected from unauthorized Functional Model access • Authentication Operations: Anonymous, User id, Clear- text password • Interrogation Operations: Search, Compare • Update Operations: Add, Delete • Modify

LDAP - More Concepts ‣ Chaining • Server forwards requests and returns to clients ‣ Referrals • Server returns referral information to client ‣ Replication • No industry standard yet, Domino is the leader

LDAP Usage ‣ Internet Mail ‣ White/Yellow Pages Lookup ‣ PK Management ‣ Policy based management in networks ‣ Directory Synchronization

Dual Key Encryption From ancient times until 1976 there notes was only conventional cryptography, which uses the same key to both scramble (encrypt) and unscramble (decrypt) information. It has following Secret (or Public) Key Public (or Secret) Key issues: • Communicating keys • Managing large number of keys E #$%&*@! #$%&*@! D • Change Management • Degree of Security • Authentication of sender • Integrity of message One key is designated as SECRET(Ks) MESSAGE MESSAGE and the other as PUBLIC(Kp). Dual key cryptography is based on ‣ Issues Resolved two keys, a private key and a public key. Single key cryptography is a one key system for both locking • Communicating keys (encrypting) and unlocking (decrypting) a message, whereas dual key (or • Change Management public key) cryptography uses different keys for locking and unlocking. In • Degree of Security public-key systems, one key can be kept private or secret while the other key is made public; knowing the public key does not reveal the private or secret key.

Digital Signatures As illustrated, to create a fixed length notes MESSAGE digital signature sender uses a hashing D-Signature A function that converts a message of any length to the same fixed length hash, or digest, of the message. Your Secret Key The Secure Hash Algorithm (SHA) is a known hash function that is part of the Digital Signature Standard. This hash # HASH E D-Signature + of a message is like a "fingerprint" of the message in that it is practically impossible for two distinct messages to result in identical hashes of these messages. After creating a hash of the MESSAGE message, sender then applies his/her secret key to the hash to create her digital signature for this message.

Digital Signatures Verification A Receiver uses sender’s public key to notes convert the digital signature to the hash that sender had computed for Your Public Key his/her message. { MESSAGE Next, receiver takes the plaintext D-Signature } D HASH message that he had received and } applies the same hash function to it and gets the hash of the received message. # HASH If the hash of the received message is identical to the hash obtained by using sender's public key to convert the Same ? digital signature, then receiver has authenticated sender's digital signature and verified the integrity of the signed message. Verified Not Verified ‣ Issues Resolved • Ensure integrity of message • Authenticate Senders ‣ Plus • Practically impossible to counterfeit • Easy to verify

Certificate Concepts ‣ However, we still need to know, notes Like Passport or Driving License without doubt, that the owner of a public key is who he claims to be. This ‣ Must exist an Issuing Authority involves the intervention of a disinterested, trusted third party that ‣ binds a public key to an individual or Certificate and Certification Authority (CA) entity that it has positively identified. This binding mechanism is know as a digital certificate. A digital certificate can be considered analogous to a passport. NAME PUBLIC KEY Like a passport, a certificate serves as EXPIRY DATE a credential; it contains information ISSUER ID Certificate that establishes an individual's identity, OTHER ATTRIBUTES along with a unique identifying number. It is an electronic credential that contains specific identification information-name, address, and company-along with the individual's CA’s DIGITAL SIGNATURE public key. With a passport, information is verified and sealed by a government (a trusted authority) so that it is tamper-proof. The government seal attests to the binding of the individual and the passport number. A digital certificate is a non-forgeable, tamper-proof electronic document that attests to the binding of an individual's identity with his or her public key. The information contained in the certificate is verified and sealed with the digital signature of a trusted third party, know as a Certificate Authority (CA). To solve this problem, the United States Postal Service (USPS) is planning certificate services for these digital signatures.

Certificates Establishing Secured Transaction ‣ Certificates along with digital notes Validate by signatures can be used to establish a secured transaction between two • Establishing Trust resources without putting any thing confidential in plain text on the wire. - Certificates are exchanged Remember, server and requester are - after masking private data, if any two networked resources. For example, one can be user workstation and another can be a mail server. - By Comparing the certificates - Trust the public key, if the two have common certifier - Possible in hierarchical situation ‣ Authenticate by • Challenging each other - Requester generates a random # and challenges the server to sign it - Server signs and sends it back - Requester verifies the signature - Same process repeats for server also - If both can verify, authentication is successful

Internet Mail Addressing mailbox domain ssaxena@me.com This was designed for ASCII text (7- notes Domain gets translated bit) messages only. To send and in to an IP address by receive 8-bit data UUENCODE and DNS UUDECODE was used. POP3 is essential for dial-up connection to the mail server (when IP address is usually assigned dynamically). CLIENT SERVER REMOTE CLIENT

Internet Mail Mime ‣ Multipurpose Internet Mail Extension ‣ Does not change SMTP ‣ Allows sending of - Audio - Video - Image - Application - HTML

POP & IMAP ‣ POP • Retrieve Messages • Delete Messages • Not for sending mail ‣ IMAP • Retrieve Messages • Delete Messages • Organize Messages on server • Add Messages • Disconnected client can sync with server • Not for sending messages

High Availability - An Introduction ‣ Eliminating • Downtime - Planned - UnPlanned • Single Point of Failure (SPOF) • Fault Resilience - Not fault tolerant ‣ Possible Strategies • Hardware Level with OS Support - HACMP of RS/6000 • Operating System Level - Microsoft Cluster Service (MCS) • Application level - Domino

Domino Environment Basic Terminology ‣ Domino =Server ‣ Notes = Client ‣ Application = Database ‣ Database = Record ‣ Item = Field ‣ View = Record Set ‣ Form = UI with template with BI records ‣ Replication = optimised information dissemination ‣ Objects = AWT, SWING,... ‣ Mail = Another Special database ‣ Agent = Customer code, triggered against events

Domino Environment Components notes ‣ Lotus Domino lets people access, Domino Server track, share, and organize information in several useful ways, even if they are ‣ Client occasionally connected to a network. It comprises of a set of databases that reside along with an excellent messaging infrastructure. Leveraging the distributed storage & messaging Client communicates over the Network with Domino Server; features, the integrated rapid application development environment System Administrator sets them up and manages it. provided by Domino/Domino enables rapid application development & deployment of strategic enterprise- wide business applications. Domino applications are nothing but Domino databases. Domino databases contain semi-structured records, called documents. Domino comes with many type of design elements which are used to create a range of applications. The Domino integrated rapid development environment is the single interface to all Domino application design elements. However, Domino is not a relational database. This is a key distinction since Domino does not provide capabilities usually associated with RDBMS, like referential integrity, real time access to data, locking record or table. In fact, Domino & RDMS are complementary. Domino seamlessly integrates with Internet and follow Internet standards and open standards like servlets, JSP, XML, SMTP, POP3/IMAP, etc.

About Domino Server ‣ notes Domino server runs under a NOS such Stores database that end-users share as Microsoft NT, LINUX, etc. You should try to avoid running file ‣ Perform mail routing & delivery services together with Notes server for these reasons: ‣ Replicates databases across servers • Security may be compromised if Notes data directories are ‣ inadvertently shared; Ensures database security • Performance of one service may suffer because of other service; ‣ Manages calendar information • Stability of one service may be affected by the other service. ‣ Runs additional server tasks

Domino Server Classification ‣ notes Mail servers store user mail Mail Server (Domino and / or SMTP) databases and route mail across the network. Mail servers also maintain the ‣ Database/Application Server Free Time databases and process free time queries for Calendar system. ‣ Passthru Server Database/Application servers store application databases such as ‣ discussions, tracking, and online Hub Server documentation databases. ‣ Passthru servers acts as a stepping Backup Server stone allowing user to connect to a server without worrying for routing ‣ Gateway Server steps required to make the connections. ‣ Search Server Hub servers are used to route mail & replicate databases among other hub ‣ servers or spoke machines. Clustered Server Backup servers are used to store ‣ database replicas that are critical to Partitioned Server users, which can be easily backed up on tape instead of performing backup on different servers. Gateway servers connect to non- Notes systems, for example fax. Search servers that provide users with the ability to perform searches across all servers in a domain. Clustered servers provide users with constant access to data by giving automated load-balancing and failover. Partitioned servers run multiple instances of the Domino server on a single computer.

About Notes Client ‣ Provide GUI to end-users ‣ Client/Server Operation ‣ Allow access to Domino Mail ‣ Lets end-user run Domino Applications • Applications are Domino Databases ‣ Lets Designers develop Domino Applications ‣ Lets Administrator manage Domino Applications and Servers ‣ Replicates changes from local copy to server

Notes Client Classification by Usage ‣ Mailing ‣ Collaboration ‣ Designer ‣ Administration

System Administrator Responsibilites ‣ Planning Domino System Topology - notes Plan new Domino Systems and Upgrades connecting Notes servers physically & logically to provide optimum ‣ Deploy Domino Systems communication including mail routing & replication. Organizational structure ‣ - outlining a method for organizing & Maintain databases, servers, clients, connections... naming servers & users. Calendar System - set-up Notes scheduling ‣ Monitor Domino System Performance based on organization structure. Security Policy - to prevent ‣ Perform ongoing Administrative tasks unauthorized access of information. Internet – SMTP Mailing & Application ‣ Server planning, setup, and security Manage Certification & Control Security including integration with firewall/ reverse proxy ‣ Troubleshooting Supporting Notes End-user Notes, System Administration, Application Development training End-user support Troubleshooting server, network, mail routing, replication problems Developing Administrative Processes Server Processes - Naming convention, backup/restore policy, standard configuration Support Processes - In-house support & problem escalation methods to Lotus authorized support General Admin Processes - User registration, adding databases including resource databases & their admin, centralized vs. decentralized control, monitoring servers & network, other regular admin tasks

How Domino Communicates Domino server and workstations are notes ‣ Over LAN and/or WAN connected over a network. Server-to- Server and workstation-to-server can ‣ Intermittently through be connected all the above methods. You can even extend your Notes • Dial-up Connection Network to allow workstations and servers to communicate with each other over the Internet. This is very • Remote LAN services useful to mobile users who visit places where corporate network in not - Eg. Microsoft Remote RAS/DUN present but Internet is available. • Combination of the two The Domino Server Setup program automatically places all servers that are in a Domino domain and that run the same network protocol in the same Notes named network (NNN). In the ‣ Notes Named Network (NNN) Server document, the setup program assigns each NNN a default name in NNN is a group of servers that can connect to each other directly the format port name network. through a common LAN protocol and network pathway. Servers on the same NNN route mail to each another automatically, whereas you need a Connection document to route mail between servers on different NNNs.

Notes Named Networks Benefits One of the key reasons for NNN notes ‣ Encourage users to access Servers that are close to them creation based on physical/logical grouping is to promote users to access ‣ Simplifies Administrative Tasks servers that are close/relevant to them and to discourage accessing the • Managing Replication servers that are remote (and therefore more expansive to access). This happens, when a user chooses File - • Managing Mail Routing Open Database, the list of servers contains the servers of his NNN only. The user has to explicitly mention the server that is not there in his NNN. Mail routing takes place automatically in a NNN, without a requiring connection document to determine a routing path. For replication, a NNN can easily fit into a hub-and-spoke topology, where all the servers of a NNN are spokes of a hub server.

Factors Influencing Choice of NNNs’ Some ideas for deciding the NNNs: notes ‣ Servers in one location with a single protocol ‣ Based on departments/division/ Servers in multiple location with a single protocol locations within your organization that need to communicate frequently should • Cost of communication involved across locations be in same NNN to enable faster mail routing. ‣ Logical grouping of servers Based on communication costs to ‣ Servers that run more than one protocol discourage users accessing the servers without explicit need and to schedule ‣ mail routing at off-peak hours. Mail routing and replication issues Mail routing is a resource intensive task, therefore it is recommended to have a relatively large server designated as mail server in each NNN. Servers running multiple protocols may be part of several NNNs based on connection type and communication costs. This is required for mail routing & replication.

Domino Domain Definition A Domino domain is a group of Domino notes ‣ Organization of Servers for servers that share the same Domino Directory that is the control and • Administrative Boundary administration center for Domino servers in a domain. The Domino • Security Boundary Directory contains, among other documents, a Server document for each server and a Person document for • Unit of Mail Topology each Notes user. • Unit of Replication Topology ‣ Can be of varying sizes • Numbers of servers/users

Domino Directory Definition The Domino Directory (earlier referred to notes ‣ Stores information about the domain as the Public Address Book or Name and Address Book) is a database that • Users, Servers, Groups... Domino creates automatically on every server. The Domino Directory is a • Administration & Control of the domain directory of information about users, servers, and groups, as well as custom entries you may add. Registering users - Replication & Mailing thru ‘connection doc’ and servers in a domain automatically creates corresponding Person - Scheduled server tasks documents and Server documents in the Domino Directory for the domain. These documents contain detailed ‣ Contains documents for information about each user and server. The Domino Directory is also a tool that • Certificates, Config settings, Connection, Domain, administrators use to manage the Domino system. For example, Group, Person, Program, Resource, Server location.. administrators create documents in the Domino Directory to connect servers for replication or mail routing, to schedule server tasks, and so on. When a server runs the LDAP service, the Domino Directory is accessible through the Lightweight Directory Access Protocol (LDAP). Typically, a Domino Directory is associated with a Domino domain. When you set up the first server in a Domino domain, Domino automatically creates the Domino Directory database and gives it the file name NAMES.NSF. When you add a new server to the domain, Domino automatically creates a replica of the Domino Directory on the new server. You can also create a Domino Directory manually from the PUBNAMES.NTF template and use it as a secondary directory to store, for example, entries for your Internet users.

Domino Directory Additional Services Directory catalog is an optional notes ‣ Directory Catalog directory database that typically contains information aggregated from • Consolidate key info from Domino Directory(s) in to multiple Domino Directories. Clients and servers can use a directory catalog to small/light-weight DB look up mail addresses and other information about the people, groups, mail-in databases, and resources • Mobile Directory Catalog throughout an organization, regardless of the number of Domino domains and • Directory Assistance Domino Directories the organization uses. A directory catalog includes the - Manage name lookups from multiple Domino and/or type of information that is important for directory services, and excludes other types of information that are part of a third party LDAP directories Domino Directory, for example Domino configuration information, such as • LDAP Service information in Connection documents. - LDAP V3 complaint server Directory assistance is a feature a server can use to look up information in a directory other than a local primary Domino Directory (I.e. NAMES.NSF). You can configure directory assistance to use a particular directory for services like Client authentication, Group lookups for database authorization, Notes mail addressing, and LDAP service searches or referrals. A Domino directory is a directory created form the PUBNAMES.NTF template and accessed via NAMELookup calls. Servers can use directory assistance to do lookups in either local or remote replicas of a Domino directory.

Additional Services Comparison

Notes IDs Definition Name of the ID owner identifies the user notes ‣ Unique binary file that identifies a legitimate Domino user or server by name. Notes ID number identifies a user as having legitimate or server and contains: use of Notes. The ID number is permanently associated with the User • Name of the ID owner ID and cannot be changed. A public key and a private key a string of numbers used during authentication and to • Domino ID number decrypt mail messages. Notes also stores a copy of each user's public key • A Public key & a Private key in the Public Address Book. Encryption keys a string of numbers used to • One or more encryption keys (optional) encrypt and decrypt fields in a document. Users distribute these keys to other users to ensure that only • A password (recommended) intended recipients can read a document. Password an optional • One or more certificate License type security feature to protect the ID from unauthorized use. Certificates a certificate, issued by a certifier, that verifies the association between the name of a given user, server, or another Notes certifier and its associated public key. A Notes server or user ID can have one or more certificates. The way that flat IDs and hierarchical IDs collect certificates is very different. License type identifies a user as having legitimate use of Notes.

Notes ID - More Details Choose a name you want to keep. notes ‣ Classification Changing a server name involves recertifying the server ID and changing • User ID the name in the Server document, Group documents, ACLs, and • Server ID Connection documents. Choose a name without a space. When you use server console commands, you must • Certifier ID use quotation marks around a server name containing spaces. Keep in mind that replication and mail routing tasks are usually performed based on numeric rather than alphabetical order. ‣ Naming Conventions For example, in the case where the router is faced with multiple choices for • Domain name should be a single word containing up to a routing path, Notes routes mail to the server 01Finance before routing to the 31 characters. Do not use period (.) in a domain name. server Accounting, and it routes to Accounting before routing to the server Research. A server name can contain • Organization name is the name of Certifier ID and is up to 79 characters, but in certain networks the first several characters appended to all users & server names.The name can be must be unique in order for the network to identify the server. With NetBIOS, the up to 64 characters. Usually the organization name is first 15 characters must be unique; with AppleTalk, the first 32 must be unique; same as the domain name, and there is only one and with SPX, the first 47 must be unique. organization in a domain. • NNN name can be up to 31 characters. • Server names can be up to 79 characters. It can have any character except “(“, ”)”, ”@”, ”/”, ””, ”=“, “+”.

Connecting Domino Servers An important part of planning a Notes notes ‣ Key step in Domino System planning/ deployment; deployment is deciding how to arrange interconnections of servers and required for workstations to achieve the most effective use of Notes in your • mail routing organization. At this point, you should not confuse with layer 1 or layer 2 topology or interconnection schemes. • replication Here, the attempt is to define the application level topology. • calendar system ‣ Define application level topology

Domino Topology Classification Hub-and-spoke A central server, notes ‣ Hub and Spoke known as the hub, replicates with spoke servers in turn. This topology is ‣ Binary Tree common in large sites and is the most adaptable for system growth and ‣ change. Binary tree One server Peer-to-peer replicates with two servers at a lower level, and those two replicate with two servers each, and so on, until replication is complete. Tree topology is an advantage in international organizations where distances between locations and local country issues are a consideration. Peer-to-peer Each server replicates directly with other servers. This topology is best reserved for small organizations that have only a few

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Lotus Domino Admin Training - Create ID Valut - YouTube

For Complete Lotus Domino Admin Training ... ITIM 5.1 Lotus Notes ID Vault Password Change: Part ... LOTUS NOTES ADMIN training video | LOTUS ...
Read more

How to add Domino Users client - YouTube

How to add Domino Users client ... Lotus Domino Admin Training -Class 2 ... Installing Lotus Domino server on Vista part 1 of 3 ...
Read more

Lotus Notes Training Manual - scribd.com

Lotus Notes Training Manual,Lotus,Domino by ... The schedule part determines when to perform activities such as replication ... Local Admin Training.
Read more

A Beginner’s Guide to Lotus Notes - IBM

Notes is a trademark and Lotus, Lotus Notes, ... to complete common Lotus Notes® tasks without making you read ... Getting the hard part out of the way ...
Read more

Free Domino Designer (and Admin) download for 8.5.3 is here

Training: Support: Forums & community: Events: ... IBM Lotus Notes/Domino 8.5 Forum (includes Lotus Notes Traveler) ... Free Domino Designer (and Admin) ...
Read more

IBM Education - IBM Training and Skills - Global

IBM Training and Skills. Featured Categories. Analytics; Cloud; Cognitive Engagement; ... Organizations can transform their business with data as part of a ...
Read more