Скачать презентацию Lotus Domino Administration 101 SHARE Session 7670 Pat Скачать презентацию Lotus Domino Administration 101 SHARE Session 7670 Pat

fb0d464e676e36d2023d357922ca5ca8.ppt

  • Количество слайдов: 66

Lotus Domino Administration 101 SHARE Session 7670 Pat Berastegui Egen Patricia Egen Consulting pregen@egenconsulting. Lotus Domino Administration 101 SHARE Session 7670 Pat Berastegui Egen Patricia Egen Consulting [email protected] com

Agenda è Brief review of Notes/Domino concepts è What does a Domino administrator do? Agenda è Brief review of Notes/Domino concepts è What does a Domino administrator do? è What tools are available to do the job? è Demo where useful

Notes/Domino Concepts A Notes database is a file containing data in documents, and application Notes/Domino Concepts A Notes database is a file containing data in documents, and application logic to manipulate that data. Views are used to navigate through the data. The data is shared through a Domino server.

Simple Overview of a Notes Database Fill Out the Form to create a Document Simple Overview of a Notes Database Fill Out the Form to create a Document in the Database View Results DB. NSF enter: ______ x: text 1 x text 2 Sign by: _____ document 1 document 2 document 3 xxxxx 122 345 5 23 14 12 12 15 77 32 6

Definition of a Domino Server è Server machine providing n Connection services for user Definition of a Domino Server è Server machine providing n Connection services for user workstations n Mail routing n Database sharing n Replication n Security n Storage for Notes databases/applications n HTTP translation è most cases, server machine should be dedicated In to Domino

Types of Domino Servers u. Servers may be dedicated by function Web server u Types of Domino Servers u. Servers may be dedicated by function Web server u Replication hub u Mail hub u Database server u Mail server u MTA servers (FAX, LNDI, SMTP, & others) u Passthru server u NOTE S

Domain A Notes domain consists of multiple servers sharing a Public Name and Address Domain A Notes domain consists of multiple servers sharing a Public Name and Address Book (NAB) which is synchronized using replication Names. nsf

What is Replication? è Replication is the technology which allows multiple copies of a What is Replication? è Replication is the technology which allows multiple copies of a database to remain synchronized with each other è Replication between servers can be done in several flavors: Pull/Pull Push

Single Domain è Advantages Provides clear view of the Domino topology n Facilitates centralized Single Domain è Advantages Provides clear view of the Domino topology n Facilitates centralized management n Better ACL control n Easier Mail addressing n Easier to send signed mail n è Disadvantages Address book may be very large n Controlling access to the address book may be complex n

Multiple Domains è Advantages Facilitates distributed management n Local support can be responsive n Multiple Domains è Advantages Facilitates distributed management n Local support can be responsive n Easier to deploy in a decentralized organization n Smaller N&A book n Easier to replicate è Disadvantages n Managing the overall topology may be complex n Managing ACLs in applications that span domains is challenging n Controlling domain proliferation may be difficult n

Notes Named Network è collection of servers that communicate directly on a LAN or Notes Named Network è collection of servers that communicate directly on a LAN or WAN A Servers run same protocol n A constant connection on the LAN or WAN is maintained è Servers on the same named network and same domain route mail automatically è When users select File ==> Database ==> Open; Server; Other, they see a list of servers in the Notes Named Network that their home server is a part of. n

Notes Named Networks A domain may consist of multiple Notes Named Networks Names. nsf Notes Named Networks A domain may consist of multiple Notes Named Networks Names. nsf Multi-protocol Servers Mail Servers SPX NETBIOS TCP/IP

Layers of Security Network Firewalls Server ACLs Database ACLs Forms/Views Form/View ACLs Documents Reader/Author Layers of Security Network Firewalls Server ACLs Database ACLs Forms/Views Form/View ACLs Documents Reader/Author Fields Encryption

Notes Security è Passwords ID(May have multiple passwords) n Server Console è Certification and Notes Security è Passwords ID(May have multiple passwords) n Server Console è Certification and authentication n User and server verify each other's identity n è Access control lists n For servers and databases è Reader and author names fields in documents è Encryption n At the field level

Server Security è Access Server è Create Databases è Create Replicas è Passthrough Server Server Security è Access Server è Create Databases è Create Replicas è Passthrough Server (to and through) è Run agents

Database Access Control List ACL Level Access No Access to Database Depositor Add Documents Database Access Control List ACL Level Access No Access to Database Depositor Add Documents Only Reader Read Only Author Read/Add/Change Own Editor Read/Add/Change All Designer Change Design Manager Perform All Operations

ACL Specification ACL Specification

Domino Implementation Overview Pre-Install Post-Install Determine server platform(s) Design topology Plan naming conventions Install Domino Implementation Overview Pre-Install Post-Install Determine server platform(s) Design topology Plan naming conventions Install hardware Install software Customize/setup Connect and maintain servers Register and maintain users Set up and maintain routing and replication Manage Notes security Set backup strategy Troubleshoot problems

What does a Notes Administrator do? è Connects, maintains and monitors servers è Registers What does a Notes Administrator do? è Connects, maintains and monitors servers è Registers and maintains users and groups è Sets up and maintains mail routing and database replication è Manages Notes security è Sets backup strategy è Troubleshoots problems

What authority does an administrator need? è Editor access to Name and Address Book What authority does an administrator need? è Editor access to Name and Address Book (may be limited by roles) è Appropriate access to server and key Notes files è Access to certifier è Remote console authority

Administrator Tools è NOTES. INI è Server console commands (local or remote) è Public Administrator Tools è NOTES. INI è Server console commands (local or remote) è Public Address Book è Administration Control Panel New to 5. 0, can run on another computer è Administration Process (Admin. P) è Monitoring and statistics databases è Web Administration Database è Third party tools n

Key Notes Files and Databases(1) è NOTES. INI - Notes initialization settings è NAMES. Key Notes Files and Databases(1) è NOTES. INI - Notes initialization settings è NAMES. NSF - Public Name & Address Book è files - Certifier, User, Server ID è LOG. NSF - Records server activity è ADMIN 4. NSF - Used by the Administration Process è WEBADMIN. NSF - Used for Administration through a browser

Key Notes Files and Databases(2) è CERTLOG. NSF -- Tracks the creation of IDs Key Notes Files and Databases(2) è CERTLOG. NSF -- Tracks the creation of IDs and cross-certificates è EVENTS 4. NSF - server monitoring information è STATREP. NSF -- reporting database for events è COLLECT 4. NSF -- configuration for a single server to monitor a group of servers è DESKTOP. DSK - Defines Notes client workspace

Server Characteristics è Which server tasks should be running? è How many routers and Server Characteristics è Which server tasks should be running? è How many routers and replicators should be running? è Which address books are cascaded? è Which shared mail option has been implemented? è When do administrative server tasks (e. g. , re-indexing) run?

Server Tasks è Admin. P è Catalog è Compact è Event è Fixup è Server Tasks è Admin. P è Catalog è Compact è Event è Fixup è Design è Updall è Replica è Reporter è Router è Statlog è Stats è HTTP è Web è Sched è Calconn

Controlling Notes through NOTES. INI è The NOTES. INI file contains the initialization and Controlling Notes through NOTES. INI è The NOTES. INI file contains the initialization and configuration settings for a Notes server Directories and paths n What tasks should start automatically n Information about the environment n è There are 5 ways NOTES. INI is modified Edit NOTES. INI directly n Set a Configuration Variable at the Server console n Modify the Server Document or create a Configuration Document in the NAB n UNIX environment variables n User interface actions n

Example of NOTES. INI [Notes] Kit. Type=2 Directory=d: notesdata Win. NTIcon. Path=d: notesdataW 32 Example of NOTES. INI [Notes] Kit. Type=2 Directory=d: notesdata Win. NTIcon. Path=d: notesdataW 32 $$Has. LANPort=1 Preferences=-1584919439 Console_Log. Level=2 VIEWIMP 1=Lotus 1 -2 -3 Worksheet, 0, _IWKSV, , . WKS, . WK 1, . WRK, . WK 3, . WK 4, . . . Stacked. Icons=1 DESKWINDOWSIZE=16 23 420 288 Server. Tasks=replica, router, update, stats, amgr, adminp File. Dlg. Directory=D: notesdatanotesids Key. Filename=notesidsuslwoody. id TCPIP=TCP, 0, 15, 2000 LAN 0=NETBIOS, 0, 15, 0 Mail. System=0 Timezone=6. . .

Modifying NOTES. INI è Change the interval field in the Admin. P section of Modifying NOTES. INI è Change the interval field in the Admin. P section of the Server Document or è console, type At Set Config ADMINPINTERVAL=15 or è Create a Configuration Document in the Address Book that sets ADMINPINTERVAL to 15 or è Edit NOTES. INI to read ADMINPINTERVAL=15 For example, to set how often the Admin Process should look for work to do:

Controlling Notes at the Server Console or from an Administration PC. è HELP è Controlling Notes at the Server Console or from an Administration PC. è HELP è SHOW TASKS n USERS n DISKSPACE n MEMORY n PORT n CONFIG n è QUIT

More Console Commands. . . è SET CONFIG n SECURE n è LOAD è More Console Commands. . . è SET CONFIG n SECURE n è LOAD è TELL è REPLICATE è PUSH è PULL è ROUTE è BROADCAST

Remote Console Remote Console

The Name and Address Book è The Public Address Book is a Lotus Notes The Name and Address Book è The Public Address Book is a Lotus Notes database, stored on the server, that contains key information abou a Lotus Notes domain, its configuration, and its users. It file name is NAMES. NSF è server will not start without access to the Public A Address Book è Additional address books (e. g. , foreign) may be "cascaded"

Public Address Book Documents è Groups è Locations è People è Server Certificates n Public Address Book Documents è Groups è Locations è People è Server Certificates n Clusters n Configurations n Connections n Domains n Servers n and more. . . n 15

Server Document Server Document

Person Document Person Document

Public vs. Personal Address Book è Each Notes client also has a personal address Public vs. Personal Address Book è Each Notes client also has a personal address book stored on the workstation that contains the user's personal groups and frequen correspondents, as well as information about how the user interacts with servers and the network è The file name for the personal Name and Address Book is also NAMES. NSF è the administrator using the server as a For workstation, the NAB is shared

Database Management Tools Database Management Tools

Registering and Connecting Additional Servers è Having multiple servers in a domain allows servers Registering and Connecting Additional Servers è Having multiple servers in a domain allows servers to focus on different tasks such as replication, mail routing, or passthru. è The administrator must register a new server before the Notes server code is installed, using the Administration Control Panel n Registration creates an ID file for the server and adds a Server document to the Public Address Book n At setup time, the new server gets a replica copy of the NAB from the first server

Two Naming Models: Flat and Hierarchical è Used for both servers and users è Two Naming Models: Flat and Hierarchical è Used for both servers and users è Flat name: "John Smith" or "Pluto" è Hierarchical name: "John Smith/CAM/Lotus" or "Pluto/Solar System/Universe" è Domino supports both è Hierarchical has advantages è Mixed environments are the most complex

What's a Hierarchical Name? è Inspired by X. 500 è Name includes organizational structure What's a Hierarchical Name? è Inspired by X. 500 è Name includes organizational structure è Always has a Common Name and Organization name è Optional Country code and up to four levels of Organizational Unit names n e. g. , John Smith/CAM/Lotus CN OU O Direct ory

Hierarchical Naming Conventions è Based on business unit e. g. , John Smith/Sales/Acme è Hierarchical Naming Conventions è Based on business unit e. g. , John Smith/Sales/Acme è Based on geography u e. g. , John Smith/NY/Acme u. Based on business unit and geography u e. g. , John Smith/Sales/NY/Acme u. Keep organizational units to a minimum u. Use middle initials or user-unique organizational units to make identical names unique u. Avoid commas and periods u

Server Naming Conventions è Memorable names e. g. , Marketing, Accounting è Descriptive hierarchical Server Naming Conventions è Memorable names e. g. , Marketing, Accounting è Descriptive hierarchical names u e. g. , Marketing/M/NYC è Descriptive flat names u e. g. , Acme_NY_Mail 1, Acme_NY_DB 2, Acme_NY_Hub 1 u

Registering/Certifying Users è Every user who will access Notes with a Notes client must Registering/Certifying Users è Every user who will access Notes with a Notes client must be registered è User Registration is performed through the Administration Contro Panel or in batch from an ASCII file è User Registration: At n A user ID file is created, containing the user's name, password, and encryption keys, and stamped with a certificate n A person document for the user is added to the server's Public Name and Address Book n A mail file is created for the user on the designated Home server

Authentication è file contains: ID n User/server name and password n Creation/expiration info n Authentication è file contains: ID n User/server name and password n Creation/expiration info n License number n Certificates n Public key n Private key n Encryption key(s) è files whose certificates share a common ancesto ID can authenticate with each other

Interacting with Other Organizations è Cross-certificates can Interacting with Other Organizations è Cross-certificates can "connect" whole organizations with a singl step, allowing organizations, organizational units, users or server with no common ancestral heritage to authenticate è With flat names, individual members of organizations must cross certify n If there is someone with the same name in the foreign organization cross certification is not secure!

Defining Groups è group is a named list of users stored in the NAB Defining Groups è group is a named list of users stored in the NAB A è Groups may be multi-purpose, or specific Mailing List (Distribution List) n Access Control List n Deny List è The Notes Administrator defines Groups in the Public Address Book through the Administrator Control Panel or by viewing the NAB è Groups can also be implicit n Entries of the form */Acme can be listed on an ACL to give rights to all members of an organization n

Managing Users è Users' names need to be changed è Access must be revoked Managing Users è Users' names need to be changed è Access must be revoked for users who leave è Users must be recertified when certifications expire è Users may move between organizational units è Servers or domains may need to be consolidated

Moving Mail Users to a New Server è Copy the user's mail file to Moving Mail Users to a New Server è Copy the user's mail file to the new server è Change the user's person document in the NAB è Replicate the NAB è Delete the old mail file è Change the user's location document

Administration Process è The Administration Process (Admin. P) automates certain administrative tasks by scheduling Administration Process è The Administration Process (Admin. P) automates certain administrative tasks by scheduling updates across multiple servers Change User's or Server's Common Name l Update ACLs With Name Changes n Recertify an ID n Move Users and Servers Within a Hierarchy n Delete Users, Servers, and Groups n Globally Convert IDs from Flat to Hierarchical è Each database to be managed by ADMINP has an administrativ server assigned è Admin. P requests are stored in ADMIN 4. NSF n

Setting Up Mail Databases è Mail may be stored in shared mail databases (single Setting Up Mail Databases è Mail may be stored in shared mail databases (single copy object store) or individual mai databases è With shared mail, the router splits the mail message into two parts: Header - put into each recipient's mail file n Content (body) - put into active shared mail database n è Shared mail options (NOTES. INI) n 0 - Shared mail not in use n 1 - Shared mail used when recipients = 2 or more n 2 - Shared mail used always è Administrator creates shared mail databases, monitors size, switches to new databases, and links and un-links mail files from the shared mail database

Setting Up Mail and Mail Routing è Mail routing is handled automatically between mail Setting Up Mail and Mail Routing è Mail routing is handled automatically between mail servers in the same Domain and Notes Named Network è Connection Documents must be created between server in different Notes Named Networks è Connection Documents and Adjacent or Non-Adjacent Domain Documents are needed to route mail to another Domain è Connection Documents and Foreign Domain Documents are needed to connect to a non-Notes network such as the Internet

Mail Routing Between Domains Domain 1 Non-Adjacent Domain 1 -3 Connection 1 -2 Domain Mail Routing Between Domains Domain 1 Non-Adjacent Domain 1 -3 Connection 1 -2 Domain 3 Connection 2 -3 Domain 2

Mail Routing to Foreign Domain DOM 001 Foreign Domain Document Office. Vision NAB Gateway Mail Routing to Foreign Domain DOM 001 Foreign Domain Document Office. Vision NAB Gateway

Mail Addressing è Routing automatic within same domain è Connection records needed for: Adjacent Mail Addressing è Routing automatic within same domain è Connection records needed for: Adjacent domains n Non-adjacent domains è Master Address Book or Cascading Public Address Books n Provide type-ahead across multiple domains n Eliminate explicit addressing n Domain A Domain B Domain C User @ Domain C @ Domain B

Mail Priority è High priority n Routed immediately, regardless of routing schedule è Normal Mail Priority è High priority n Routed immediately, regardless of routing schedule è Normal priority Routed immediately within the same Notes Named Network n Routed at next scheduled time n Routed if "route-at-once" limit is reached n Default n è Low priority Routed between 12: 00 AM and 6: 00 AM n Not routed with normal or high mail during other times n

Setting up Database Replication è Replication is the process through which Notes databases are Setting up Database Replication è Replication is the process through which Notes databases are synchronized è Replication task running on a server pulls or pushes informatio A from the database on one server to the replica copy on another server è Replication is normally scheduled via a connection document, bu can be started manually è Multiple concurrent replication tasks may run on a server

Peer-to-peer topology D-C A-B A-D D C A C-A B-D B-C B Peer-to-peer topology D-C A-B A-D D C A C-A B-D B-C B

Hub-and-spoke topology To Hub X G Connections in N/A Book A-B A-C A-D A-E Hub-and-spoke topology To Hub X G Connections in N/A Book A-B A-C A-D A-E A-F A-G A-X B A F C Domino Hub Server E D

Hub-and-spoke replication schedule : 20 Single Replicator Hub : 10 : 00 - All Hub-and-spoke replication schedule : 20 Single Replicator Hub : 10 : 00 - All work done at Hub - Scheduled at 10 minutes per spoke - 60 minute cycle : 30 : 50 : 40

Backing up the System è Key files should be backed up on a regular Backing up the System è Key files should be backed up on a regular basis è a 24 x 7 operation, backup tools must be able to In backup open files è Notes clustering can provide automated backup for applications

Monitoring the System è Statistics How big/active are the databases? n Which databases replicated Monitoring the System è Statistics How big/active are the databases? n Which databases replicated today? n How much disk space is available? n Is there mail that cannot be delivered? n è Events The replication could not complete n The disk hit 95% full n An unauthorized user tried to access the server n

Monitoring Tools è The Notes log captures key information Logging levels can be set Monitoring Tools è The Notes log captures key information Logging levels can be set n The log can be searched for specific strings n è The Statistics and Events database controls which events are reported è The Reporter task reports events for a specific server è The Collector task can run on a single server, and collect information from other servers è Certain events can cause notification to be sent to an administrator

Web Server è Enabled by running the HTTP task è Settings specified in the Web Server è Enabled by running the HTTP task è Settings specified in the HTTP section in the server document in the NAB Basic settings n Operational information n Mapping settings n Logging n Timeouts n Security n

Advanced Services è Domino Advanced Services include n Clustering l n Partitioning l n Advanced Services è Domino Advanced Services include n Clustering l n Partitioning l n Running multiple servers as a logical unit Running multiple separate servers on a single machine Billing l Capturing chargeback statistics

Clustering è to 6 servers per cluster Up è Single nab shared è Cluster Clustering è to 6 servers per cluster Up è Single nab shared è Cluster replication n Real-time replication scheme - not reliant on timedriven connection documents è Cluster names are cached n Name cache allows a server to track status of other servers in the cluster n Offers intelligent fail-over & load balancing n Users are pushed to other servers when thresholds are set (e. g. , number of active users)

Help Desk Support è Document problems è Build a question and answer database è Help Desk Support è Document problems è Build a question and answer database è Interface with Lotus Technical Support è Develop procedure for. . . n Handling problems n Applying fixes n Upgrading to new releases è Develop disaster recovery plan