
fb0d464e676e36d2023d357922ca5ca8.ppt
- Количество слайдов: 66
Lotus Domino Administration 101 SHARE Session 7670 Pat Berastegui Egen Patricia Egen Consulting pregen@egenconsulting. com
Agenda è Brief review of Notes/Domino concepts è What does a Domino administrator do? è What tools are available to do the job? è Demo where useful
Notes/Domino Concepts A Notes database is a file containing data in documents, and application logic to manipulate that data. Views are used to navigate through the data. The data is shared through a Domino server.
Simple Overview of a Notes Database Fill Out the Form to create a Document in the Database View Results DB. NSF enter: ______ x: text 1 x text 2 Sign by: _____ document 1 document 2 document 3 xxxxx 122 345 5 23 14 12 12 15 77 32 6
Definition of a Domino Server è Server machine providing n Connection services for user workstations n Mail routing n Database sharing n Replication n Security n Storage for Notes databases/applications n HTTP translation è most cases, server machine should be dedicated In to Domino
Types of Domino Servers u. Servers may be dedicated by function Web server u Replication hub u Mail hub u Database server u Mail server u MTA servers (FAX, LNDI, SMTP, & others) u Passthru server u NOTE S
Domain A Notes domain consists of multiple servers sharing a Public Name and Address Book (NAB) which is synchronized using replication Names. nsf
What is Replication? è Replication is the technology which allows multiple copies of a database to remain synchronized with each other è Replication between servers can be done in several flavors: Pull/Pull Push
Single Domain è Advantages Provides clear view of the Domino topology n Facilitates centralized management n Better ACL control n Easier Mail addressing n Easier to send signed mail n è Disadvantages Address book may be very large n Controlling access to the address book may be complex n
Multiple Domains è Advantages Facilitates distributed management n Local support can be responsive n Easier to deploy in a decentralized organization n Smaller N&A book n Easier to replicate è Disadvantages n Managing the overall topology may be complex n Managing ACLs in applications that span domains is challenging n Controlling domain proliferation may be difficult n
Notes Named Network è collection of servers that communicate directly on a LAN or WAN A Servers run same protocol n A constant connection on the LAN or WAN is maintained è Servers on the same named network and same domain route mail automatically è When users select File ==> Database ==> Open; Server; Other, they see a list of servers in the Notes Named Network that their home server is a part of. n
Notes Named Networks A domain may consist of multiple Notes Named Networks Names. nsf Multi-protocol Servers Mail Servers SPX NETBIOS TCP/IP
Layers of Security Network Firewalls Server ACLs Database ACLs Forms/Views Form/View ACLs Documents Reader/Author Fields Encryption
Notes Security è Passwords ID(May have multiple passwords) n Server Console è Certification and authentication n User and server verify each other's identity n è Access control lists n For servers and databases è Reader and author names fields in documents è Encryption n At the field level
Server Security è Access Server è Create Databases è Create Replicas è Passthrough Server (to and through) è Run agents
Database Access Control List ACL Level Access No Access to Database Depositor Add Documents Only Reader Read Only Author Read/Add/Change Own Editor Read/Add/Change All Designer Change Design Manager Perform All Operations
ACL Specification
Domino Implementation Overview Pre-Install Post-Install Determine server platform(s) Design topology Plan naming conventions Install hardware Install software Customize/setup Connect and maintain servers Register and maintain users Set up and maintain routing and replication Manage Notes security Set backup strategy Troubleshoot problems
What does a Notes Administrator do? è Connects, maintains and monitors servers è Registers and maintains users and groups è Sets up and maintains mail routing and database replication è Manages Notes security è Sets backup strategy è Troubleshoots problems
What authority does an administrator need? è Editor access to Name and Address Book (may be limited by roles) è Appropriate access to server and key Notes files è Access to certifier è Remote console authority
Administrator Tools è NOTES. INI è Server console commands (local or remote) è Public Address Book è Administration Control Panel New to 5. 0, can run on another computer è Administration Process (Admin. P) è Monitoring and statistics databases è Web Administration Database è Third party tools n
Key Notes Files and Databases(1) è NOTES. INI - Notes initialization settings è NAMES. NSF - Public Name & Address Book è files - Certifier, User, Server ID è LOG. NSF - Records server activity è ADMIN 4. NSF - Used by the Administration Process è WEBADMIN. NSF - Used for Administration through a browser
Key Notes Files and Databases(2) è CERTLOG. NSF -- Tracks the creation of IDs and cross-certificates è EVENTS 4. NSF - server monitoring information è STATREP. NSF -- reporting database for events è COLLECT 4. NSF -- configuration for a single server to monitor a group of servers è DESKTOP. DSK - Defines Notes client workspace
Server Characteristics è Which server tasks should be running? è How many routers and replicators should be running? è Which address books are cascaded? è Which shared mail option has been implemented? è When do administrative server tasks (e. g. , re-indexing) run?
Server Tasks è Admin. P è Catalog è Compact è Event è Fixup è Design è Updall è Replica è Reporter è Router è Statlog è Stats è HTTP è Web è Sched è Calconn
Controlling Notes through NOTES. INI è The NOTES. INI file contains the initialization and configuration settings for a Notes server Directories and paths n What tasks should start automatically n Information about the environment n è There are 5 ways NOTES. INI is modified Edit NOTES. INI directly n Set a Configuration Variable at the Server console n Modify the Server Document or create a Configuration Document in the NAB n UNIX environment variables n User interface actions n
Example of NOTES. INI [Notes] Kit. Type=2 Directory=d: notesdata Win. NTIcon. Path=d: notesdataW 32 $$Has. LANPort=1 Preferences=-1584919439 Console_Log. Level=2 VIEWIMP 1=Lotus 1 -2 -3 Worksheet, 0, _IWKSV, , . WKS, . WK 1, . WRK, . WK 3, . WK 4, . . . Stacked. Icons=1 DESKWINDOWSIZE=16 23 420 288 Server. Tasks=replica, router, update, stats, amgr, adminp File. Dlg. Directory=D: notesdatanotesids Key. Filename=notesidsuslwoody. id TCPIP=TCP, 0, 15, 2000 LAN 0=NETBIOS, 0, 15, 0 Mail. System=0 Timezone=6. . .
Modifying NOTES. INI è Change the interval field in the Admin. P section of the Server Document or è console, type At Set Config ADMINPINTERVAL=15 or è Create a Configuration Document in the Address Book that sets ADMINPINTERVAL to 15 or è Edit NOTES. INI to read ADMINPINTERVAL=15 For example, to set how often the Admin Process should look for work to do:
Controlling Notes at the Server Console or from an Administration PC. è HELP è SHOW TASKS n USERS n DISKSPACE n MEMORY n PORT n CONFIG n è QUIT
More Console Commands. . . è SET CONFIG n SECURE n è LOAD è TELL è REPLICATE è PUSH è PULL è ROUTE è BROADCAST
Remote Console
The Name and Address Book è The Public Address Book is a Lotus Notes database, stored on the server, that contains key information abou a Lotus Notes domain, its configuration, and its users. It file name is NAMES. NSF è server will not start without access to the Public A Address Book è Additional address books (e. g. , foreign) may be "cascaded"
Public Address Book Documents è Groups è Locations è People è Server Certificates n Clusters n Configurations n Connections n Domains n Servers n and more. . . n 15
Server Document
Person Document
Public vs. Personal Address Book è Each Notes client also has a personal address book stored on the workstation that contains the user's personal groups and frequen correspondents, as well as information about how the user interacts with servers and the network è The file name for the personal Name and Address Book is also NAMES. NSF è the administrator using the server as a For workstation, the NAB is shared
Database Management Tools
Registering and Connecting Additional Servers è Having multiple servers in a domain allows servers to focus on different tasks such as replication, mail routing, or passthru. è The administrator must register a new server before the Notes server code is installed, using the Administration Control Panel n Registration creates an ID file for the server and adds a Server document to the Public Address Book n At setup time, the new server gets a replica copy of the NAB from the first server
Two Naming Models: Flat and Hierarchical è Used for both servers and users è Flat name: "John Smith" or "Pluto" è Hierarchical name: "John Smith/CAM/Lotus" or "Pluto/Solar System/Universe" è Domino supports both è Hierarchical has advantages è Mixed environments are the most complex
What's a Hierarchical Name? è Inspired by X. 500 è Name includes organizational structure è Always has a Common Name and Organization name è Optional Country code and up to four levels of Organizational Unit names n e. g. , John Smith/CAM/Lotus CN OU O Direct ory
Hierarchical Naming Conventions è Based on business unit e. g. , John Smith/Sales/Acme è Based on geography u e. g. , John Smith/NY/Acme u. Based on business unit and geography u e. g. , John Smith/Sales/NY/Acme u. Keep organizational units to a minimum u. Use middle initials or user-unique organizational units to make identical names unique u. Avoid commas and periods u
Server Naming Conventions è Memorable names e. g. , Marketing, Accounting è Descriptive hierarchical names u e. g. , Marketing/M/NYC è Descriptive flat names u e. g. , Acme_NY_Mail 1, Acme_NY_DB 2, Acme_NY_Hub 1 u
Registering/Certifying Users è Every user who will access Notes with a Notes client must be registered è User Registration is performed through the Administration Contro Panel or in batch from an ASCII file è User Registration: At n A user ID file is created, containing the user's name, password, and encryption keys, and stamped with a certificate n A person document for the user is added to the server's Public Name and Address Book n A mail file is created for the user on the designated Home server
Authentication è file contains: ID n User/server name and password n Creation/expiration info n License number n Certificates n Public key n Private key n Encryption key(s) è files whose certificates share a common ancesto ID can authenticate with each other
Interacting with Other Organizations è Cross-certificates can "connect" whole organizations with a singl step, allowing organizations, organizational units, users or server with no common ancestral heritage to authenticate è With flat names, individual members of organizations must cross certify n If there is someone with the same name in the foreign organization cross certification is not secure!
Defining Groups è group is a named list of users stored in the NAB A è Groups may be multi-purpose, or specific Mailing List (Distribution List) n Access Control List n Deny List è The Notes Administrator defines Groups in the Public Address Book through the Administrator Control Panel or by viewing the NAB è Groups can also be implicit n Entries of the form */Acme can be listed on an ACL to give rights to all members of an organization n
Managing Users è Users' names need to be changed è Access must be revoked for users who leave è Users must be recertified when certifications expire è Users may move between organizational units è Servers or domains may need to be consolidated
Moving Mail Users to a New Server è Copy the user's mail file to the new server è Change the user's person document in the NAB è Replicate the NAB è Delete the old mail file è Change the user's location document
Administration Process è The Administration Process (Admin. P) automates certain administrative tasks by scheduling updates across multiple servers Change User's or Server's Common Name l Update ACLs With Name Changes n Recertify an ID n Move Users and Servers Within a Hierarchy n Delete Users, Servers, and Groups n Globally Convert IDs from Flat to Hierarchical è Each database to be managed by ADMINP has an administrativ server assigned è Admin. P requests are stored in ADMIN 4. NSF n
Setting Up Mail Databases è Mail may be stored in shared mail databases (single copy object store) or individual mai databases è With shared mail, the router splits the mail message into two parts: Header - put into each recipient's mail file n Content (body) - put into active shared mail database n è Shared mail options (NOTES. INI) n 0 - Shared mail not in use n 1 - Shared mail used when recipients = 2 or more n 2 - Shared mail used always è Administrator creates shared mail databases, monitors size, switches to new databases, and links and un-links mail files from the shared mail database
Setting Up Mail and Mail Routing è Mail routing is handled automatically between mail servers in the same Domain and Notes Named Network è Connection Documents must be created between server in different Notes Named Networks è Connection Documents and Adjacent or Non-Adjacent Domain Documents are needed to route mail to another Domain è Connection Documents and Foreign Domain Documents are needed to connect to a non-Notes network such as the Internet
Mail Routing Between Domains Domain 1 Non-Adjacent Domain 1 -3 Connection 1 -2 Domain 3 Connection 2 -3 Domain 2
Mail Routing to Foreign Domain DOM 001 Foreign Domain Document Office. Vision NAB Gateway
Mail Addressing è Routing automatic within same domain è Connection records needed for: Adjacent domains n Non-adjacent domains è Master Address Book or Cascading Public Address Books n Provide type-ahead across multiple domains n Eliminate explicit addressing n Domain A Domain B Domain C User @ Domain C @ Domain B
Mail Priority è High priority n Routed immediately, regardless of routing schedule è Normal priority Routed immediately within the same Notes Named Network n Routed at next scheduled time n Routed if "route-at-once" limit is reached n Default n è Low priority Routed between 12: 00 AM and 6: 00 AM n Not routed with normal or high mail during other times n
Setting up Database Replication è Replication is the process through which Notes databases are synchronized è Replication task running on a server pulls or pushes informatio A from the database on one server to the replica copy on another server è Replication is normally scheduled via a connection document, bu can be started manually è Multiple concurrent replication tasks may run on a server
Peer-to-peer topology D-C A-B A-D D C A C-A B-D B-C B
Hub-and-spoke topology To Hub X G Connections in N/A Book A-B A-C A-D A-E A-F A-G A-X B A F C Domino Hub Server E D
Hub-and-spoke replication schedule : 20 Single Replicator Hub : 10 : 00 - All work done at Hub - Scheduled at 10 minutes per spoke - 60 minute cycle : 30 : 50 : 40
Backing up the System è Key files should be backed up on a regular basis è a 24 x 7 operation, backup tools must be able to In backup open files è Notes clustering can provide automated backup for applications
Monitoring the System è Statistics How big/active are the databases? n Which databases replicated today? n How much disk space is available? n Is there mail that cannot be delivered? n è Events The replication could not complete n The disk hit 95% full n An unauthorized user tried to access the server n
Monitoring Tools è The Notes log captures key information Logging levels can be set n The log can be searched for specific strings n è The Statistics and Events database controls which events are reported è The Reporter task reports events for a specific server è The Collector task can run on a single server, and collect information from other servers è Certain events can cause notification to be sent to an administrator
Web Server è Enabled by running the HTTP task è Settings specified in the HTTP section in the server document in the NAB Basic settings n Operational information n Mapping settings n Logging n Timeouts n Security n
Advanced Services è Domino Advanced Services include n Clustering l n Partitioning l n Running multiple servers as a logical unit Running multiple separate servers on a single machine Billing l Capturing chargeback statistics
Clustering è to 6 servers per cluster Up è Single nab shared è Cluster replication n Real-time replication scheme - not reliant on timedriven connection documents è Cluster names are cached n Name cache allows a server to track status of other servers in the cluster n Offers intelligent fail-over & load balancing n Users are pushed to other servers when thresholds are set (e. g. , number of active users)
Help Desk Support è Document problems è Build a question and answer database è Interface with Lotus Technical Support è Develop procedure for. . . n Handling problems n Applying fixes n Upgrading to new releases è Develop disaster recovery plan