IBM Lotus Domino 8 System Administration Operating Fundamentals

IBM® Lotus® Domino® 8 System Administration
Operating Fundamentals
Student Guide
IBM® Lotus® Domino® 8 System Administration
Student Guide
IBM® Lotus® Domino® 8 System
Administration Operating
Fundamentals
Part Number: D8750
Course Edition: 1.0
Notices
DISCLAIMER: You may not copy, reproduce, translate, or reduce to any electronic medium or machine-
readable form, in whole or in part, any documents, software, or files provided to you without prior written
consent of IBM® Corporation, except in the manner described in the documentation.While every reasonable
precaution has been taken in the preparation of this manual, the author and publishers assume no
responsibility for errors or omissions, nor for the uses made of the material contained herein and the decisions
based on such use. Neither the author nor the publishers make any representations, warranties, or guarantees
of any kind, either express or implied (including, without limitation, any warranties of merchantability, fitness for
a particular purpose, or title). Neither the author nor the publishers shall be liable for any indirect, special,
incidental, or consequential damages arising out of the use or inability to use the contents of this book, and
each of their total liability for monetary damages shall not exceed the total amount paid to such party for this
book.
TRADEMARK NOTICES The following terms are trademarks or service marks of International Business
Machines Corporation in the United States, other countries, or both: DB2®, Domino®, Domino Designer®,
Domino.Doc®, Everyplace, ibm.com®, K-station, LearningSpace®, Lotus®, Lotus Discovery Server, Lotus
Enterprise Integrator®, Lotus Notes®, Lotus Workflow, Mobile Notes, Netfinity®, QuickPlace®, Rational®,
Sametime®, Tivoli®, VisualAge®, WebSphere®, Workplace, Workplace Messaging, and WorkPlace Shell®.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc., in the United
States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both.
Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other
countries, or both.
UNIX is a registered trademark of The Open Group United States and other countries.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Copyright © 2007 IBM Corporation.

Lotus software, IBM Software Group
One Rogers Street

Cambridge, MA 02142
Under the copyright laws, neither the documentation nor the software may be copied, photocopied, reproduced,
translated, or reduced to any electronic medium or machine-readable form, in whole or in part, without the prior
written consent of IBM, except in the manner described in the documentation or the applicable licensing
agreement governing the use of the software.
All rights reserved.
Licensed Materials - Property of IBM
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule
Contract with IBM Corporation.
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
You must purchase one copy of the appropriate kit for each student and each instructor. For all
other education products you must acquire one copy for each user or you must acquire a
license for each copy provided to a user.
Table of Contents
IBM® Lotus® Domino® 8 System Administration Operating

Fundamentals
Lesson 1: Introducing the IBM® Lotus® Domino® 8

Environment
Topic A. Examining the IBM® Lotus® Domino® 8 Architecture . . . . . . . 2
IBM Lotus Domino Architecture . . . . . . . . . . . . . . . . . . . . . . . 3
Client and Server Architectural Components . . . . . . . . . . . 3
Server Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Lotus Domino Server Types . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Default Location Documents . . . . . . . . . . . . . . . . . . . . . . . . . 5
Client Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Overview of Lotus Notes 8 Features . . . . . . . . . . . . . . . . . . . . 6
Topic B. Investigating IBM® Lotus® Domino® Applications . . . . . . . . . 7
The Object Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Components of Lotus Domino Applications . . . . . . . . . . . . . 8
Database Types and Applications . . . . . . . . . . . . . . . . . . . . 9
Composite Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Required Server Applications . . . . . . . . . . . . . . . . . . . . . . . . . 11
The Domino Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Information Stored in the Domino Directory . . . . . . . . . . . . . 12
Topic C. Exploring IBM® Lotus® Domino® Server Functionality . . . . . . 12
Categories of Lotus Domino Services . . . . . . . . . . . . . . . . . . 13
Core Lotus Domino Services . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Server Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Key Server Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Lotus Domino Advanced Services . . . . . . . . . . . . . . . . . . . . . 15
© Copyright IBM Corporation 2007.

Lesson 2: Performing Basic Administration Tasks

Topic A. Starting IBM® Lotus® Domino® Administrator . . . . . . . . . . . . . 20
Lotus Domino Administration . . . . . . . . . . . . . . . . . . . . . . . . . 21
Lotus Domino Administration Tools . . . . . . . . . . . . . . . . . . . . . 22
The Lotus Domino Administrator Interface . . . . . . . . . . . . . . 22
Topic B. Using Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Online Help Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Topic C. Navigating in IBM® Lotus® Domino® Administrator . . . . . . . . 28
Lotus Domino Administrator Tabs . . . . . . . . . . . . . . . . . . . . . . 28
The Person Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Tasks on the People & Groups Tab . . . . . . . . . . . . . . . . . . . . . 29
Tasks on the Files Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Tasks on the Server Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Tasks on the Messaging Tab . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Lotus Domino Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Tasks on the Replication Tab . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Tasks on the Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . 40
Lotus Domino Directory Documents . . . . . . . . . . . . . . . . . . . 40
Topic D. Setting Administration Preferences . . . . . . . . . . . . . . . . . . . . . 43
Administration Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Lesson 3: Examining IBM® Lotus® Notes® and IBM®
Lotus® Domino® Security
Topic A. Identifying IBM® Lotus® Domino® Security Components . . . 50
IBM Lotus Domino Terminology . . . . . . . . . . . . . . . . . . . . . . . . 51
Lotus Domino Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Single versus Multiple Domains . . . . . . . . . . . . . . . . . . . . . . . . 53
Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Organizational Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Certifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Topic B. Designing a Hierarchical Naming Scheme . . . . . . . . . . . . . . 56
Hierarchical Naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Components of a Hierarchical Name . . . . . . . . . . . . . . . . . . 56
Recommendations for Spaces in Hierarchical Names . . . . 58
Hierarchical Naming Example . . . . . . . . . . . . . . . . . . . . . . . . 58
Organizational Unit Naming Recommendations . . . . . . . . 58
Separate Server OUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Server Naming Recommendations . . . . . . . . . . . . . . . . . . . . 60
Server Host Names and Common Names . . . . . . . . . . . . . . 61
User Naming Recommendations. . . . . . . . . . . . . . . . . . . . . . 61
Planning a Hierarchical Naming Scheme . . . . . . . . . . . . . . . 62
How to Design a Hierarchical Naming Scheme . . . . . . . . . . 62

Topic C. Authenticating with IBM® Lotus® Domino® Servers . . . . . . . . 65

Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Certificates and ID Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Types of Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
ID Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Types of ID Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Components of an ID File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Common Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
How Certificates are used in Authentication . . . . . . . . . . . . 70
Topic D. Controlling Access to Resources . . . . . . . . . . . . . . . . . . . . . . . 73
Introduction to Lotus Domino Access Controls . . . . . . . . . . 73
Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
How IBM Lotus Domino Controls Access . . . . . . . . . . . . . . . . 73
Stages of Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Security Using Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Group Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Best Practices for Creating Groups . . . . . . . . . . . . . . . . . . . . 80
Topic E. Determining Database Access Levels . . . . . . . . . . . . . . . . . . . 82
Access Control List Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Topic F. Determining Workstation Security Levels . . . . . . . . . . . . . . . . . 85
Execution Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
The Execution Control List . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Lesson 4: Examining IBM® Lotus® Domino® Mail
Routing
Topic A. Introducing IBM® Lotus® Domino® Messaging . . . . . . . . . . . . 88
Notes Named Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Mail Routing and Notes Named Networks . . . . . . . . . . . . . . 89
Mail Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Mail Routing Components . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Mail Settings that Affect Routing . . . . . . . . . . . . . . . . . . . . . . 93
The Mail Routing Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Topic B. Designing a Mail Routing Topology . . . . . . . . . . . . . . . . . . . . . 93
Mail Routing Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Topology Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Hub and Spoke Topology Considerations . . . . . . . . . . . . . . 95
How to Design a Mail Routing Topology . . . . . . . . . . . . . . . . 95
Lesson 5: Examining IBM® Lotus® Domino®

Replication
Topic A. Introducing IBM® Lotus® Domino® Replication . . . . . . . . . . . 102
What is Domino Replication? . . . . . . . . . . . . . . . . . . . . . . . . . 103
Components of the Replication Process . . . . . . . . . . . . . . . 103
The Server-to-Server Replication Process . . . . . . . . . . . . . . . 105
Replication Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
The Workstation to Server Replication Process . . . . . . . . . . . 105
Database Replicas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
The Database Replication Process . . . . . . . . . . . . . . . . . . . . 106
The Field Level Replication Process . . . . . . . . . . . . . . . . . . . . 107
Factors that Affect Replication . . . . . . . . . . . . . . . . . . . . . . . 108

Topic B. Designing a Replication Strategy . . . . . . . . . . . . . . . . . . . . . . . 110

Types of Replication Topologies . . . . . . . . . . . . . . . . . . . . . . . 110
Server Replication Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Replication versus Routing Topologies . . . . . . . . . . . . . . . . . 113
Considerations for Choosing a Replication Type . . . . . . . . . 114
How to Design a Replication Strategy . . . . . . . . . . . . . . . . . . 114
Lesson 6: Extending the IBM® Lotus® Domino®

Environment
Topic A. Selecting Additional IBM® Lotus® Domino® Services . . . . . . 120
Domino Standard Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Domino Internet Security Mechanisms . . . . . . . . . . . . . . . . . 122
Topic B. Implementing IBM® Lotus® Domino® Scalability Features . . 123
Scalability Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Lotus Domino Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Benefits of Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Lotus Domino Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Benefits of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Topic C. Integrating Other IBM® Products . . . . . . . . . . . . . . . . . . . . . . . 126
Sametime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
IBM DB2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . 128
WebSphere Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Lotus Domino 8 and WebSphere Integration Options . . . . . 130

Appendix A: The Worldwide Corporation
Infrastructure Plan
Appendix B: Encryption and Signing
Appendix C: Extend IBM® Lotus® Domino® Software
Appendix D: Bibliography
Appendix E: Certification and Exam Competencies
Appendix F: Instructor Preparation
Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Introduction
About This Course

This course introduces you to basic concepts that provide the foundation
for IBM® Lotus® Domino® 8 and IBM® Lotus® Notes® 8, and it is the
point of entry to the entire core system administration curriculum. This
course covers the foundational knowledge needed to perform basic
administrative tasks in a Lotus Domino 8 infrastructure. This course
does not cover how to install, configure, maintain, or troubleshoot a
Lotus Domino 8 infrastructure.
This one-day course is instructor-led, classroom training where the
instructor presents course materials to a group of students in a
classroom. The course materials provide extensive background informa-
tion, procedural tables, and best practice tips.
Course Description
Target Student
The target audience for this course is current network or mail system
administrators who are new to the Lotus Domino 8 system administra-
tion, but have some experience using the Lotus Notes 8 client, and who
need to acquire a foundational knowledge and working experience with
the Lotus Domino 8 administration tools.
Course Prerequisites
The prerequisites for this course include previous experience as a net-
work administrator or mail system administrator, and experience using
the Lotus Notes 8 client.
Introduction i
Introduction
How to Use This Book

As a Learning Guide
Each lesson covers one broad topic or set of related topics. Lessons are
arranged in order of increasing proficiency with Lotus Domino and Lotus
Notes; skills you practice in one lesson are used and developed in subse-
quent lessons. For this reason, you should work through the lessons in
sequence.
Each lesson is organized into results-oriented topics. Topics include all the
relevant and supporting information you need to master Lotus Domino and
Lotus Notes, and activities allow you to apply this information to practical
hands-on examples.
As a Review Tool
Some of the information covered in class may not be relevant to your envi-
ronment immediately, but it may become important later on. For this reason,
we encourage you to spend some time reviewing the topics and activities
after the course. The course can also be used in preparation for Lotus certi-
fication exams.
As a Reference
The organization and layout of the book make it easy to use as a learning
tool and as an after-class reference. You can use this book as a first source
for definitions of terms, background information on given topics, and sum-
maries of procedures.
Course Objectives
After completing this course, you should be able to:
• Describe the structural components of the IBM® Lotus®
• Perform basic IBM® Lotus® Domino® 8 administration.
• Manage IBM® Lotus Notes® and IBM® Lotus®
• Describe Domino mail routing and mail routing topologies.
• Describe Lotus Domino replication and replication topologies.
• Identify services and options that you can use to extend
ii Introduction
Introduction
Course Requirements
Hardware
Instructor Server Hardware Requirements
The following list identifies the hardware requirements for the instructor
server machine.
• 512 MB of RAM or more recommended.
• A Pentium Class processor or higher and compatibles, Pentium 4, and
a 2.6 MHz processor is recommended.
• An SVGA (or better) video card and monitor. Support for 256 colors,
800 x 600 resolution.
• At least 1.5 GB free hard disk space per partition, 40 GB is
recommended.
• A mouse or other pointing device.
• A CD-ROM drive or access to network file server for installation.
• Internet access (recommended).
Instructor and Student Client Hardware Requirements

The following list identifies the hardware requirements for the instructor and
student client machines.
• At least 512 MB of RAM, 1 GB is recommended.
• A Pentium Class processor.
• An SVGA (or better) video card and monitor. Support for 256 colors,
800 x 600 resolution.
• At least 900 MB of free hard disk space.
• A mouse or other pointing device.
• A CD-ROM drive or access to network file server for installation.
• Synchronize system time with all classroom machines.
• Internet access (recommended).
Introduction iii
Introduction
Software
Instructor Server Software Requirements
The following list identifies the software requirements for the instructor
server machine. Please note that proper licensing for all software is required
and is the responsibility of the training organization.
• Microsoft® Windows® 2003 Server (Service Pack 1 is not required but
recommended) or Microsoft® Windows® Server 2000 with Service Pack
4.
• Lotus Domino 8 Enterprise Server.
• TCP/IP using either Hosts file or DNS with server and domain names
defined in the TCP/IP protocol configuration.
Instructor and Student Client Software Requirements

The following list identifies the software requirements for the instructor
machine and 12 student machines. Please note that proper licensing for all
software is required and is the responsibility of the training organization.
• Microsoft® Windows® 2000 Professional with Service Pack 4 or
Microsoft® Windows® XP Professional with Service Pack 1 (Service
pack 2 is not required but recommended).
• Lotus Domino Administrator 8.
• Netscape Navigator® 4.7 or above or Microsoft® Internet Explorer® 5.5
or above.
• TCP/IP using either Hosts file or DNS with server and domain names
defined in the TCP/IP protocol configuration.
• Microsoft® Powerpoint® Viewer (instructor only).
Class Setup
IBM Lotus Domino Naming Used in This
Course
This course uses the following hierarchical naming scheme.
Table 0-1: Domino naming scheme

Naming Component Classroom Implementation
Organization certifier /WWCorp
Domain WWCorp
iv Introduction
Introduction
Naming Component Classroom Implementation

Instructor server Hub/SVR/WWCorp
Instructor user account Doctor Notes/WWCorp
Course Files
The first table describes the required course files used in the course or pro-
vided as additional tools.
Table 0-2: Required course configuration files

Title File Name Function
WWCorp’s directory Names.nsf Used to set up the
classroom servers and
/WWCorp certifier ID file WWCorp.id administrators
Hub/SVR/WWCorp’s ID Hub.id
file
Doctor Notes user ID file DNotes.id
Doctor Notes mail file DNotes.nsf
Domino Web Administra- WebAdmin.nsf Lesson 5 – used in

tor demonstration of
Domino Web Adminis-
trator client
Sample databases ● MarketTR.nsf Lesson 1 – show

sample databases
● ProdCat.nsf
Lesson 4 – demon-
● Policies.nsf strate replication
Mail files ● And01.nsf through Classroom mail files

And12.nsf
● D8750_Other_Mail.exe
Domain Routing Mailbox mail.box Contains mail for stu-

dents to view
Certification Log certlog.nsf Contains certification

log for IDs in this
course
Introduction v
Introduction
Title File Name Function

Organizational Unit svr.id, east.id, west.id, OU certification IDs
sales.id, support.id
Classroom diagrams D8750.ppt Used throughout the

course to display dia-
grams used in the
classroom
Animations ● Routing.exe ● Lesson 3 – show

● Replication.exe basic routing
● Lesson 4 – describe
replication
Checklist of Classroom Setup Tasks: New

Setup
Complete the tasks in the following table to set up the classroom prior to the
start of class. Detailed procedures for each task appear on the following
pages.
Table 0-3: Classroom setup tasks

Task Procedure
❒ 1 Install the Lotus Domino server software.
❒ 2 Install the Lotus Domino Administrator client software.
❒ 3 Install supplied files to the instructor machines.
❒ 4 Edit hosts file on each classroom machine.
❒ 5 Set up the instructor’s server.
❒ 6 Set up the instructor’s workstation.
❒ 7 Set up the student workstations.
Task 1: Install the Lotus Domino Server

Software
Follow these steps to install the Domino server software.
vi Introduction
Introduction
Table 0-4: Install the Lotus Domino server software

Step Action
1 Run the Lotus Domino 8 server install program, Setup.exe, from a CD or
other media.
2 On the Welcome screen, click Next.
3 Read the Lotus Licensing Agreement, and then click I accept the terms
in the license agreement to agree with the terms. Click Next.
4 Click Browse to change the drive on which to install Lotus Domino. Use the
following directory structure:
● Program files: drive:\Lotus\Domino
Click Next.
5 Click Browse to change the drive on which to install Lotus Domino. Use the
● Data files: drive:\Lotus\Domino\data
Click Next.
6 Verify that Domino Enterprise Server is selected, and then click Next.
7 Review the installation locations, and click Next.
8 Click Finish to complete the installation.
Task 2: Install the Lotus Domino

Administrator Client Software
Follow these steps to install the Domino Administrator client software on the
instructor client machine and each student machine in the classroom.
Table 0-5: Install the Lotus Domino Administrator client software

Step Action
1 Run the Lotus Notes 8 client install program, Setup.exe, from a CD or
other media.
3 Read the License Agreement. Select I accept both the IBM and the
non-IBM terms, and then click Next.
Introduction vii
Introduction
Step Action
4 Click Browse to change the drive on which to install Lotus Notes. Use the
● Program files: drive:\Lotus\Notes
● Data files: drive:\Lotus\Notes\data
Click Next.
5 Select:
● Domino Administrator
● Domino Designer
● IBM Productivity Tools
● Composite Application Editor
Click Next.
6 Verify that the installation path is correct, and click Install.
7 Click Finish to complete the installation.
Task 3: Install Supplied Files to the Instructor

Machines
Follow these steps to install the \lotus_ed\D8750 course folder to your
server and client machines.
Table 0-6: Install supplied files to the instructor machines

Step Action
1 To install the course data files from the interactive CD-ROM, put the
course CD in the server machine.
2 On the CD-ROM, open the D8750 folder.
3 Double-click the D8750dd.exe file.
4 Repeat the above steps on the instructor client machine.
The executable will copy the following files to the specified locations, creat-
ing the \lotus_ed\ directory and all necessary sub-directories, if required.
These files will be present both on the instructor server and instructor client
machines.
viii Introduction
Introduction
Table 0-7: Supplied course files

Directory Files Copied
\D8750 ● Replication.exe
● Routing.exe
● D8750.ppt
● IBM_Lotus_Notes_8_Tour.exe
\D8750\Domino\Data IDs:
● WWCorp.id
● Hub.id
● Dnotes.id
● And01.id - And12.id
● East.id
● West.id
● Svr.id
● Sales.id
● Support.id
Databases:
● Names.nsf
● Webadmin.nsf
● MarketTR.nsf
● ProdCat.nsf
● Policies.nsf
● Certlog.nsf
● Mail.box
\D8750\Domino\Data\Mail ● Dnotes.nsf
● And01.nsf through And12.nsf
● FChester.nsf
● MDomingo.nsf
● MGrassi.nsf
● TGoodwin.nsf
\D8750\Notes\Data ● WWCorp.id
● DNotes.id
● And01.id through And12.id
Introduction ix
Introduction
Task 4: Edit Hosts File on Each Classroom

Machine
Use any text editor to edit the hosts file on each classroom machine to
include the IP address and server names as follows.
Table 0-8: Edit hosts file on each classroom machine

HubIPaddress Hub/SVR/ hub.wwcorp.com www.wwcorp.com
WWCorp
Task 5: Set up the Instructor’s Server

Follow these steps to set up the instructor’s server as the first server in the
domain, Hub/SVR/WWCorp.
Table 0-9: Set up the instructor’s server

Step Action
1 From Windows, choose Start→All Programs→Lotus Applications→
Lotus Domino Server.
2 Click Start Domino as a regular application and select the Don’t ask
me again check box. Click OK.
4 Verify that Set up the first server or a stand-alone server is selected,

and then click Next.
5 Select I want to use an existing server ID file.

Click Browse to select the Hub.id file, and then click Select.
If you don’t have the server ID file, enter the following information if the
field is not already populated:
● Server name: Hub/SVR/WWCorp
● Server title: Worldwide Corporation Hub server
Click Next.
6 On the Choose your organization name screen:

a. Select I want to use an existing certifier ID file.
b. Click Browse to select the WWCorp.id file, and then click Select.
c. Click Next.
d. Enter lotusnotes for the password, and click OK.
7 For the Domino domain name, enter WWCorp and click Next.
x Introduction
Introduction
Step Action
8 On the Specify an Administrator name and password screen, complete
the following:
a. Select I want to use an existing Administrator ID file.
b. Click Browse to select the DNotes.id file, and then click Select.
The following fields on the screen will be filled in:
● First name: Doctor
● Last name: Notes
Click Next.
Enter lotusnotes for the password, and click OK.
9 Complete the following tasks:

a. Select Web Browser (HTTP services).
b. Click Customize.
c. Select the following tasks:
● Statistics
● Stats
● ISpy
d. Deselect the Mail Router task.
e. Click OK.
f. Click Next.
10 Review the default enabled port drivers and host name. To change these
settings:
a. Click Customize.
b. Disable all ports except TCP/IP.
c. Enter the fully qualified Internet host name for the server,
hub.wwcorp.com
d. Click OK.
Click Next.
11 On the Secure your Domino Server screen, accept the defaults and click
Next.
12 Review the information selected during this session. If all information is

correct, click Setup.
13 When setup completes, click Finish.
Introduction xi
Introduction
Step Action
14 Before starting the server, copy the supplied files to their target directories:
● Lotus\Domino\data: Names.nsf, WebAdmin.nsf, MarketTR.nsf,
ProdCat.nsf, Policies.nsf, Certlog.nsf, Mail.box
● Lotus\Domino\data\mail: DNotes.nsf and all other mail files
15 To start the server from Windows, choose Start→All Programs→Lotus

Applications→Lotus Domino Server.
Task 6: Set Up the Instructor’s Workstation

Follow these steps to set up the instructor’s workstation.
Table 0-10: Set up the instructor’s workstation

Step Action
1 From Windows, choose Start→All Programs→Lotus Notes 8.
3 On the User Information screen, enter:

● Name: Doctor Notes
● Domino server: Hub/SVR/WWCorp
Verify that I want to connect to a Domino server is selected, and then

click Next.
4 If the ID is not found in the Domino Directory, the setup program will
request the location of the Notes ID file. To locate the Notes ID file:
a. Click Browse, select Dnotes.id, and then click Open.
b. Click Next.
c. Click Yes to copy the ID file to the local data directory.
If the user ID is stored in the Domino Directory, the setup program will
automatically copy the ID file to the local data directory.
5 Enter lotusnotes for the password and click OK.
6 On the Additional Services screen, it is not necessary to select any addi-

tional services for this course. Click Next.
7 When the Notes setup is complete, click OK.
8 Close the Getting Started screen (Click the X on the tab.).

On the Notes 8 Setup screen, click Use the default.
Result: The standard Notes 8 desktop displays.
xii Introduction
Introduction
Task 7: Set up the Student Workstations

Follow these steps to set up the student workstations using the Admin
NDxx IDs.
Table 0-11: Set up the student workstations

Step Action
1 From Windows, choose Start→Programs→Lotus Applications→Lotus
Notes 8.
3 On the User Information screen, enter:

● Name: Admin NDxx where xx is the student number.
● Domino server: Hub/SVR/WWCorp
Check I want to connect to a Domino server, and click Next.
4 If the ID is not found in the Domino Directory, the setup program will request
the location of the Notes ID file. To locate the Notes ID file:
a. Click Browse, select the appropriate ID, and then click Open.
b. Click Yes to copy the ID file to the local data directory.
c. Click Next.
If the user ID is stored in the Domino Directory, the setup program will auto-
matically copy the ID file to the local data directory.
5 Enter lotusnotes for the password and click OK.
6 On the Additional Services screen, it is not necessary to select any addi-

tional services for this course. Click Next.
7 When the Notes setup is complete, click OK.
8 Close the Getting Started screen (Click the X on the tab.).

On the Notes 8 Setup screen, click Use the default.
Result: The standard Notes 8 desktop displays.
9 Open Domino Administrator on each student machine and remove the Hub
server from the Favorites lists. Exit Domino Administrator.
Course Icons
The following table explains the icons used in this course.
Introduction xiii
Introduction
Table 0-12: Course Icons

Icon Description
An activity is a student-centered learning process that allows stu-
dents to learn by performing a task. Activities can be instructor-led or
completed independently.
Scenario information is used to introduce an activity problem or goal.

Scenarios use fictitious people and organizations to present details,
problem statements, and parameters that are used to complete the
activity or lab exercise.
Caution statements are included in the courseware to make students

aware of potential negative consequences of an action, setting, or
decision, that are not easily known.
Tips and notes provide additional information, guidance, or a hint

about a topic or task.
An Instructor Note is a special comment to the instructor regarding

delivery, classroom strategy, classroom tools, exceptions, and other
special considerations. The Instructor Note is included in the Instruc-
tor Guide only.
Display Slide provides a prompt to the instructor to display a specific

slide. The Display Slide icon is included in the Instructor Guide only.
xiv Introduction
1 Introducing the IBM® Lotus®
Domino® 8 Environment
■
■
Topic A: Examining the IBM® Lotus® Domino® 8 Architecture
Topic B: Investigating IBM® Lotus® Domino® Applications
■ Topic C: Exploring IBM® Lotus® Domino® Server Functionality

Lesson 1 ■ Introducing the IBM® Lotus® Domino® 8 Environment
Introduction
IBM® Lotus Notes® and Lotus® Domino® are an integrated messaging and
Web application software platform that provide a scalable and secure infra-
structure, with the flexibility and openness needed for development and
deployment of Web applications. As the system administrator, you need to
understand the architecture and its key components before you can properly
administer the environment.
After completing this lesson, you should be able to:
● Identify the architecture and key components of the Lotus Notes and
Lotus Domino environments.
● Define IBM Lotus Domino applications.
● Describe the basic functions and processes of Lotus Domino servers.
2 © Copyright IBM Corporation 2007.

A Topic A: Examining the IBM® Lotus®

Domino® 8 Architecture
IBM Lotus Domino Architecture

Lotus Domino servers work with Lotus Notes (and non-Lotus Notes) clients
to form an integrated client and server environment. Its capabilities include
mail server enhancements, server-managed deployment, more openness
and interoperability, and enhanced performance, managements, and secu-
rity features. The Lotus Notes and Lotus Domino environment provides
services to allow an organization to perform tasks to store, communicate,
and exchange information.
The following figure shows a conceptual diagram of the Lotus Notes and
Lotus Domino architecture.
Figure 1-1: Lotus Notes and Lotus Domino architecture
Client and Server Architectural Components

A Lotus Notes and Lotus Domino environment consists of a combination of
the following client and server components.
© Copyright IBM Corporation 2007. 3

Component Function
Lotus Domino ● A Lotus Domino server is a computer that runs the
server (Web- Lotus Domino server program and stores Notes
enabled) databases. A Lotus Domino server runs services that
manipulate Lotus Notes data.
● Depending on what the request is and who the client is,
the server can pull information from a variety of
sources, including the object store, the file system, a
relational database, or a combination of all three.
Lotus Notes and ● Lotus Notes clients can access Lotus Domino data both
Web clients on servers and locally, providing portable access to
data.
● Web clients can access Lotus Domino data on the
server to display in a browser.
Server Documents
When you register a server, the Server document is created. It contains
many of the settings that define how your server operates. Those settings
are accessible through tabs within the Server document.
Lotus Domino Server Types

When installing a Lotus Domino server, there is an option to select one of
three server types. Each of the three types is described in the following
table.
Server Type Function

Lotus Domino Utility Provides standard Lotus Domino application services
Server and custom Lotus Domino applications for Lotus
Notes and Web clients, as well as support for clusters.
Note: This server does not include messaging
services.
Lotus Domino Mes- Provides messaging services.

saging Server Note: This server does not include application
services.
Lotus Domino Enter- Includes the functionality of both the Lotus Domino
prise Server Utility and Domino Messaging Servers, including sup-
port for clusters.

Note: Each server type installed on a system requires a different server license.
Default Location Documents

When the Lotus Notes client is installed, four Location documents are cre-
ated by default that contain communication and location-specific settings. All
three of the following clients use these settings, which are accessible
through tabs within a Location document:
● Lotus Notes
● Lotus Domino Administrator
● IBM® Lotus® Domino Designer®
Client Types
Users who have mail files on a Lotus Domino server can use either the
Lotus Notes client or an Internet mail client to access their mail:
● Lotus Notes clients: Use Lotus Notes protocols to send and access
mail on a Lotus Domino server; a Lotus Notes client can also act as an
Internet mail client.
● Internet mail clients: Access mail files through the Lotus Domino
POP3, IMAP, or HTTP servers. POP3 and IMAP clients send mail using
SMTP.
The following table describes the function of Lotus Notes clients and
Internet mail clients.
Client Function
Lotus clients:
Notes Allows users access to Lotus Notes data-

bases on a Lotus Domino server, mail, and
Web browsing.
Lotus Domino Designer Supports the creation and development of

Lotus Domino applications or applications.
(This client is not used to access mail.)
Lotus Domino Administrator Allows users with administration privileges to

perform administrative tasks in a Lotus
Domino environment. (This client is not used
to access mail.)

Client Function
Internet Clients:
IBM® Lotus® iNotes™ Web Provides on- or off-line access to Lotus

Access Domino core messaging, collaboration, and
personal information management (PIM)
functions through a Web browser.
Web Supports mail and Calendar access for Web

browsers.
POP3 Allows mail access to a POP3 compliant

server.
IMAP Supports mail access to an IMAP enabled

server.
Basic vs. Standard Client

Built on the old platform as Lotus Notes 8, the Basic client resembles Lotus
Notes 8 in its interface and functionality. The Basic client is part of the Stan-
dard client and installs with Standard.
Supported by IBM® Lotus® Expeditor and Eclipse platforms with Java™-
enabled Eclipse and SWT capabilities, the J2EE™ Standard client provides
a larger networking environment with increased functionality and innovation
opportunities.
Overview of Lotus Notes 8 Features

IBM Lotus Notes 8 provides significant features to the basic infrastructure
and core functionality of Lotus Notes. With the addition of innovative fea-
tures, Lotus Notes 8 presents a dynamic end-user work environment, and
represents an important transition in the way people communicate and
collaborate.
The following table describes some of the features of the Lotus Notes 8
environment.
Features Description
Infrastructure Lotus Notes 8 presents a dynamic user work environment, and
represents an important transition in the way people communi-
cate and collaborate. It also elevates the team-based,
electronic user experience by enriching the online community
of collaboration, allowing you to improve efficiency, boost effec-
tiveness, and expedite decision-making processes.

Features Description
Productivity You will be able to complete your day-to-day tasks more effi-
ciently using one comprehensive application that streamlines
business processes and enriches the real-time collaboration
experience. The ability to share and update project information
in a single, simplified view will help you sharpen your focus on
the status of projects, and keep associates and participants in
sync.
E-mail Threaded e-mails enable you to see all messages for a spe-
cific topic grouped and arranged together at the view level. You
can also alternate between vertical and horizontal preview dis-
plays within your Inbox.
Calendar You can manage your time and meeting invitations by viewing
your calendar in a sidebar while completing other tasks. You
can also customize daily and weekly calendar views within
Lotus Notes 8.
Contacts The Personal Address Book (PAB) is now referred to as Con-

tacts in Lotus Notes 8. You can initiate instant messaging and
e-mail correspondence from the Contacts view. You can find
information quickly by referring to business card-like views with
embedded photographs.
Components In Lotus Notes 8, Lotus Notes databases are now referred to

as applications. You can connect to different applications and
combine components from multiple systems on screen.
Productivity These tools eliminate the repetition of switching between Lotus

tools Notes 8 and other applications. You can create, edit, and col-
laborate on a wide range of file types within the Lotus Notes 8
environment.

B Topic B: Investigating IBM® Lotus®

Domino® Applications
The Object Store

The Object Store, also known as the NSF (Notes Storage Facility), is the
basic building block for the Notes architecture. The Object Store is where all
Notes data resides in the form of an NSF application.
The Object Store is unique in that it can hold any type of data including
applications, mail, directory, graphic, video, and sound files. An application
is a solution to a particular business prblem that may contain one or more
databases and other components, such as Java scripts.
Components of Lotus Domino Applications

The following table briefly describes some of the elements contained in a
Lotus Domino application.
Lotus Domino Appli- Description

cation Element
Documents (or data Contain data, such as text, graphics, and various file
notes) attachments.
Application Design Forms, views, agents, etc.

(design notes)
ACL entries Security entries to control access to the contents of

the Domino application.
Database header Information about the database itself. For example,

the database title, replication history, etc.
Application extensions
Some applications have extensions other than NSF. The following table
describes these applications.
Application Description
Extension
NDK Application that contains the user desktop settings.

Application Description
Extension
NTF Application template used to create specific types of databases,
such as mail databases.
Database extensions for other releases

The following table describes the database extensions that you might
encounter if you are upgrading from a previous release.
Database Description
Extension
DSK Release 5 database that contains the user’s desktop settings. This
extension is the same as NDK in Release 6 and higher.
ND7 Database that retains Release 7 format.
ND6 Database that retains Release 6 format.
NS5 Database that retains Release 5 format.
NS4 Database that retains Release 4 format.
Note: To retain the database format from a previous release, save the
database with the appropriate extension (NS4, NS5, or NS6) prior to com-
pacting the database on a Lotus Domino 8 server. Otherwise, compacting
will upgrade the database to the Lotus Domino 8 format.
Database Types and Applications

A user’s mail file (UserName.nsf) is one type of database. Many of the fea-
tures in the mail database, such as the layout of the Navigation and View
panes, are standard in other types of databases.

Databases are used for a broad range of applications and solutions, as

listed in the following table.
Type Sample Solutions

E-mail/ E-mail: Functional out of the box. Each user has a per-
PIM (personal sonal e-mail database.
information man- Group Calendar Management: Functional out of the box.
agement) Includes group scheduling functions and group calendars.
Voice Integration: With independent vendor Lotus
Domino-based voice services.
Broadcast/ Policies and Procedures: Part of a larger Human

Reference Resources package that may have been acquired from an
independent developer.
Product Catalog: Updated by selected personnel. Read-
able by all others.
Discussion Product Ideas: Forum for employee ideas.
Tracking/Workflow Customer Service: Customer service personnel create

documents and update from time to time or add
responses as they track problems to resolution.
Product Design: Employee creates idea documents.
Product manager approves product idea. Research and
Development (R&D) manager reviews idea.
Expense Reporting: Reporter creates expense report.
Approver approves. Bookkeeper carries out. Users track
progress of their expense reports in a tracking database.
Order Processing: Part of a Company Catalog
application. Customers or salespeople place orders, and
then track the progress of their fulfillment.
Composite Applications
A composite application is a collection of two or more distinct applications
that address a business need for a specific group of users and can be
accessed from one screen. Composite applications consist of different ele-
ments that allow users to implement related tasks without having to launch
new windows or applications.
The various parts of a composite application can interact with one another
and exchange information. When views are updated or edited in one appli-
cation, the corresponding views and information in the other applications are
updated to reflect the modifications.

There are two types of composite applications that are featured in Lotus
Domino and Lotus Notes 8:
● An Lotus Notes composite application, which is stored on a Domino
server and listed in a Domino Application catalog.
● A portal composite application, which is stored on an IBM®
WebSphere® Portal server and is listed in the Portal catalog. Users can
access this type of composite application using the Lotus Notes client
or a Web browser.
For example, the IBM Lotus Notes 8 inbox is a fully functional composite
application that integrates two or more elements into one user interface.
Here is an example of the new Lotus Notes 8 inbox.
Required Server Applications

In addition to user application databases, there are several databases that
support the configuration and proper functioning of the Lotus Domino
environment.
Note: Required server database names are the same as in the previous release of
Domino.
The following table lists some of the crucial files stored on each server.
Database File Name Function

Title (NSF)
Lotus Names Directory of information about users, servers,
Domino groups, and custom entries. The documents
Directory contain detailed information about each user
and server. The Directory is also a tool to man-
age the Lotus Domino system. For example,
administrators create documents in the Lotus
Domino Directory to connect servers for replica-
tion or mail routing, or to schedule server tasks,
and other Lotus Domino settings and
configurations.
Administra- Admin4 Tracks and records requests and processes to

tion support automating administration tasks.
Requests
Certification CertLog Maintains records of certified Lotus Domino IDs.

Log
Monitoring Events4 Stores configuration records for statistics report-

Configura- ing and monitoring tools, and stores a listing of
tion server messages.

Database File Name Function

Title (NSF)
Lotus Log Stores information about performance, statistics,
Domino and activities on the Domino server.
server log
file
Monitoring StatRep Records information about the activity on one or

Results more Lotus Domino servers.
Mail Router Mail.box Stores mail from a user that is in route to

mailbox another user.
The Domino Directory

The Lotus Domino Directory (Names.nsf) is the most important database in
a Lotus Domino environment. The directory stores the information that
allows Lotus Domino servers and clients to function properly.
The Lotus Domino Directory is created during the first server configuration
and is stored on each new server in the environment.
Note: The Lotus Domino Directory was referenced differently in earlier releases.
Administrators with experience using these earlier releases of Lotus Notes and
Lotus Domino may use other terminology, including: Public Address Book (PAB) and
Notes Address Book (NAB).
Information Stored in the Domino Directory

The following table outlines some of the information stored in the directory
and where it resides.
Information Stored in Documents

Who are the users? Person
What are the Lotus Domino Servers? Server
How do servers connect to each other and Connection

exchange information?
What user groups are available for mail distribution Group

lists and access lists?
How do servers perform special functions? Configuration

C Topic C: Exploring IBM® Lotus®

Domino® Server Functionality
Categories of Lotus Domino Services

Lotus Domino services maintain, manage, update, and distribute Lotus
Notes data. The general Domino service categories are outlined in the fol-
lowing table.
Services Description
Application Provides the tools to create applications:
● The Lotus Domino Designer, a special client license that
provides a design environment for building customized
applications including Web applications.
● Lotus Notes templates, models for creating applications
quickly and easily.
® ®
● IBM LotusScript language, as well as support for
Java , Javascript™, C++, and CORBA®.
™
Connection Enables the use of Lotus Domino with existing relational data
sources.
Infrastructure Provides the foundation for Lotus Domino:

● The application engine that runs all the scripts and puts
together the completed dynamic page.
● Core services, such as directory, messaging, security, and
replication that are the main server components of Lotus
Domino.
● Protocols that describe how to communicate with the
server.
Core Lotus Domino Services

The core Lotus Domino Services form the basis of a Lotus Domino
infrastructure. Core Domino Services include:

Topic C: Exploring IBM® Lotus® Domino® Server Functionality
Core Lotus Description

Domino Services
Directory A mechanism by which users and servers are categorized
in a Lotus Domino environment.
Security Tools and services that control access to servers and

applications.
Messaging Services, databases, and monitoring tools that support

both Lotus Notes and Internet mail.
Replication A process of periodically updating replica databases on all

servers regardless of location.
Maintenance Tools, services, and databases that support server mainte-

nance and monitoring.
Server Tasks
The core services are provided using a number of Lotus Domino server
tasks in conjunction with the key Lotus Domino server databases. A server
task is a program provided with the Lotus Domino server that runs when
loaded and activated.
Server tasks serve various purposes. Some perform specific tasks, such as
mail routing. Others run in the background to perform complex administra-
tion procedures, such as compacting databases and updating indexes.
Key Server Tasks

The following table lists some of the key server tasks and their default load
times.
Task Name Description Runs

Administration Process Automates a variety of On server startup
(Adminp) administrative tasks.
Agent manager Manages and runs On server startup

agents on a server. An
agent performs a series
of automated tasks
according to a set
schedule or at the
request of a user.

Task Name Description Runs

Database Compactor Compacts all databases Based on a schedule
on the server to reclaim
space freed by the dele-
tion of documents and
attachments.
Designer Updates all databases Based on a schedule

to reflect changes to
templates.
Event Monitor Monitors the server for As needed

selected events defined
by the administrators.
HTTP Server Enables a Lotus On server startup (if

Domino server to act as enabled)
a Web server so
browser clients can
access databases on
the server.
Replicator Replicates databases On server startup

with other servers.
Router Routes mail to other On server startup (for

servers. mail servers)
Statistics Records database activ- As needed

ity in the log file.
Lotus Domino Advanced Services

A Lotus Notes and Lotus Domino environment can support many other
applications and functionality by taking advantage of additional supplied ser-
vices and expanded resources.
Some of the additional services and products available for a Lotus Domino
implementation are listed in the following table.

Topic C: Exploring IBM® Lotus® Domino® Server Functionality
Category Examples
Additional ● Internet protocol support:
Lotus Domino
■ LDAP - directories
Services
■ POP3 - mail clients
■ IMAP - mail clients
● Clustering
● Partitions
● Lotus Domino Enterprise Connection Services (DECS)
● Lotus Domino Internet Inter-ORB Protocol (DIIOP)
Domino soft- ● Lotus® Domino® Everyplace®

ware
● Domino Off-line Services (DOLS)
extensions
● Domino Universal Connection Services (DUCS)
® ®
● IBM Tivoli Analyzer for Lotus Domino
Complementary ● IBM® Lotus® Sametime®

products ® ® ®
● IBM Lotus Quickplace
® ® ™
● IBM Lotus Discovery Server
Note: Additional Lotus Domino services and products are covered in more detail
later in this course.

Lesson Summary
In this lesson, you described the structural components of the IBM Lotus
Domino 8 environment. As the system administrator, understanding the
architecture and its key components can help you properly administer the
Domino 8 environment.

2 Performing Basic
Administration Tasks
■
■
Topic A: Starting IBM® Lotus® Domino® Administrator
Topic B: Using Online Help
■ Topic C: Navigating in IBM® Lotus® Domino® Administrator
■ Topic D: Setting Administration Preferences

Lesson 2 ■ Performing Basic Administration Tasks
Introduction
By performing basic administrative tasks in IBM® Lotus® Domino® Adminis-
trator, you should gain the hands-on experience you need to accomplish
these tasks on the job in your own Lotus Domino environment.
● Identify the elements of the Lotus Domino Administrator interface.
● Use online help.
● Navigate in IBM Lotus Domino Administration and perform basic IBM
Lotus Domino Administrator tasks.
● Set administration preferences in Lotus Domino Administrator.

A Topic A: Starting IBM® Lotus® Domino®

Administrator
Lotus Domino Administration
Each Lotus Domino implementation requires one or more people performing
administrative tasks.
Administrators are often organized into groups to facilitate controlled man-
agement of the Lotus Notes and Lotus Domino environment.
An administrators’ access to perform administrative tasks is set using a
number of security methods to allow or disallow different levels of adminis-
tration, such as:
● Access servers
● Administer one or more servers
● Add/modify users, servers, and certifiers
● Add/modify server configuration information
Lotus Domino Administration Tools

Lotus Notes and Lotus Domino 8 includes a set of tools to administer the
environment. This combination of tools allows administrators flexibility in
managing their environment. The following table lists these tools.
Tool Description
Lotus Domino Administrator Allows administrators to make
changes to the Lotus Domino environ-
ment, such as:
● Modify server settings.
● Set up server connections.
● Add new users, servers, and
groups to the Lotus Domino
environment.
● Monitor server activity.
Lotus Domino Web Administrator Provides administrators with the

majority of features available through
the Lotus Domino Administrator using
a Web browser.

Tool Description
Lotus Domino Console Provides a server console on any plat-
form that supports Java, allowing an
administrator to:
● Enter text-based server commands.
● Remotely start and stop the server.
The Lotus Domino Administrator is the main tool for performing administra-
tive tasks in a Lotus Domino environment. The client is included with the
server software and can be installed on any supported operating system.
The Lotus Domino Administrator Interface

The Lotus Domino Administrator interface is separated into panes to help
administrators manage different resources. When you click one pane, the
information in the other panes is dynamically updated.
The following table lists and describes some of the components of the Lotus
Domino Administrator interface.
Component Description
Action bar Contains buttons to act on documents displayed in the
view.
Bookmark bar Contains icons to display a list of servers in the domains

you administer and icons to start the Notes client and
Domino Designer client, if installed.
Bookmarks window Displays a list of servers in a domain.
Server pane Displays the servers in the domain, grouped in different

views.
Tabs Contain general administration tasks.
Task pane Provides a logical grouping of administration tasks orga-

nized by tabs.
Results pane Displays the results of the current task.
Tools pane Provides additional functions associated with the

selected tab.

The following figure displays an example of the Lotus Domino Administrator

interface and its components.
Figure 2-1: The Lotus Domino Administrator interface
Note: You can also use the Administration menu to navigate among the Lotus
Domino Administrator tabs.

Activity 2-1: Introducing the IBM Lotus

Domino Administrator
Scenario
All Worldwide Corporation administrators will use the Domino Administrator
client. As an administrator, you should be familiar with the Lotus Domino
Administrator environment.
Follow these steps to start Lotus Domino Administrator and select the Hub/
SVR/WWCorp server to administer.
Step Action
1. From the Lotus Notes client, click Open and then click Domino
Administrator.
Note: Lotus Domino Administrator is accessible directly from the

Lotus Applications program group. From Windows, click Start→
All Programs→Lotus Applications→Lotus Domino
Administrator 8.
2. Select the Don’t show this again check box and close the Welcome page.
3. In the IBM Domino Administrator, click the Favorites icon.
4. Click the Domain servers icon to display the Bookmark window for
the WWCorp domain.
5. Click the Pin icon to anchor the Bookmark window.
6. Expand the All Servers section, and select the instructor’s server: Hub/
SVR/WWCorp.
7. To add the server to the favorites list, right-click, and choose Add Server
To Favorites from the pop-up menu.
8. (Optional) Display the Favorites list by clicking the Favorites icon to verify
that Hub/SVR/WWCorp is in the Favorites list.
9. How do you know which server is currently active:
10. What is the Lotus Domain name for Worldwide Corporation?

Step Action
11. How do you display all of the servers in the domain?
Note: When administering servers, perform all administration

tasks from an Administration client (Lotus Domino Administrator
installed on a client machine) to prevent security breaches.
Always verify the server name before performing administrative
tasks.

Topic B: Using Online Help
B Topic B: Using Online Help
Online Help Resources

Online help is available at every stage of Lotus Domino Administrator. There
are many resources for information on the Lotus Domino system administra-
tion and the Administrator client. Additional resources are listed in the
following table.
Location Resources
Online ● Lotus Domino Administrator 8 Help database
● Release notes
Internet ● http://www.lotus.com - Support, news, and product informa-

tion
● http://www.lotus.com/ldd - Documentation, software down-
loads, and developer resources
● http://www.lotus.com/redbook - IBM Redbooks

Activity 2-2: Define IBM Lotus Domino

terms
Scenario
All Worldwide Corporation administrators will use online Help. As an admin-
istrator, you will should be familiar with IBM Lotus Domino terms. This
activity introduces you to online Help and allows you to make your first con-
nection to some of the terminology you will be learning during the course.
Follow these steps to use the Help glossary or the Search for feature to
define basic Lotus Domino concepts and terms.
Step Action
1. From the Lotus Domino Administrator main menu, choose Help→Help
Topics.
2. Select the Glossary view, answer the following questions, and then close
the Help window.
3. What is a domain?
4. What is hierarchical naming?
5. What is replication?
6. What is a user ID?
7. Close Help.

Topic C: Navigating in IBM® Lotus® Domino® Administrator
C Topic C: Navigating in IBM® Lotus®

Domino® Administrator
Lotus Domino Administrator Tabs

General administration tasks are organized by tabs as described in the fol-
lowing table.
Tab Contents
People & People-related Lotus Domino Directory items: person docu-
Groups ments, groups, mail-in databases, and policies.
Files File interaction includes databases, templates, database

links, and all other files in the server’s data directory.
Server Current server activity and tasks. This tab has five sub-
tabs:
● Status
● Analysis
● Monitoring
● Statistics
● Performance
Messaging Mail-related information. This tab has two sub-tabs:

● Mail
● Tracking Center
Replication Replication schedule, topology, and events.
Configuration All documents used to configure the server, such as:

● Server documents
● Configuration Settings documents
● Messaging and Replication connections
● Web Configuration documents
● Directory Configuration documents
● Monitoring Configuration documents

The Person Document

A Person document describes an IBM® Lotus Notes® or non-Lotus Notes
user in the Lotus Domino Directory. A Person document is created when
you register a user via the user registration interface in Lotus Domino
Administrator or when you use the Add Person action on the People &
Groups tab in Domino Administrator.
Note: When you delete a user name, the associated Person document is also
deleted.
Groups
A group is a list of users and/or servers who have something in common.
Each group must have an owner, who is usually an administrator or an
application manager.
Groups can be used to:
● Provide a group of users access to a application.
● Deny a group of users access to a server or application.
● Send mail to a distribution list.
Tasks on the People & Groups Tab

From the People & Groups tab, administrators can add, modify, and view:
● Users in the domain.
● Groups defined in the domain.
● Documents defining mail-in databases and resources for scheduling.
● Policies used to streamline workstation setup.
● Certificates used for authentication.

Activity 2-3: View Person Documents and

Groups
Scenario
As an administrator, you should be familiar with the functions on the People
& Groups tab of Domino Administrator because many user and access
issues are related to Person and Group documents.
Follow these steps to view Person and Group documents.
Step Action
1. In Domino Administrator, verify that the People & Groups tab is selected.
2. Verify that the Domino Directories and WWCorp’s Directory sections are
expanded. Select the People view.
3. Locate your Person document.
4. Double-click to open your Person document.
5. Examine the type of information stored for a Notes user. Close the docu-
ment when finished.
6. From the Tools pane, click People to see a list of the tools used to manage
groups.
7. Click People to close the list.
8. Click the Groups view, and from the Tools pane, click Groups to see a list
of the tools used to manage groups.
9. To see a list of the groups to which your user name belongs, scroll the
action bar to locate the Find Group Member button.
10. Click Find Group Member, type your user name, and click OK.
11. The groups to which you belong will be checked.

Tasks on the Files Tab

From the Files tab, administrators can:
● View file information.
● View disk space information.
● Add, modify, and delete folder and database links.
● Perform database management tasks.

Activity 2-4: View the Files Tab

Scenario
As an administrator, you should be familiar with the functions on the Files
tab of Domino Administrator because you will frequently need information
related to databases.
Follow these steps to view the Files tab.
Step Action
1. Select the Files tab.
2. To see information about the drive on which the Lotus Domino server is
installed, under Tools, select Disk Space.
3. Approximately how much free disk space is there on the Hub server?
4. To sort the list of files by alphabetical order using the file name, click the
Filename column header.
5. From the drop-down box, choose All database types.
Note: Domino applications have the NSF file extension. Lotus

Domino application templates use the NTF file extension.
6. From the domain servers list, select Local. In the C:\lotus\notes\data

folder, click the Help directory.
7. In the Help directory, select the IBM Lotus Domino 8 Administrator Help
database.
8. From the Tools pane, click Database→Full Text Index.

Step Action
9. This tool creates a full text index for searching for each of the selected
databases. Verify that Create is selected, then click OK.
10. From the servers list, choose the Hub/SVR/WWCorp server.
Tasks on the Server Tab

From the Server tab, administrators can:
● Issue commands to the Lotus Domino server.
● View server information to analyze and troubleshoot server
performance.
● Monitor server tasks and statistics throughout the domain.

Activity 2-5: View the Server Tab

Scenario
As an administrator, you should be familiar with the functions on the Server
tab of Domino Administrator to verify which server tasks are running, issue
console commands, view server activity and events, or view server
statistics.
Follow these steps to view the Server tab.
Step Action
1. Select the Server tab.
2. To view the list of tasks running on the server, verify that the Status tab is
selected and click Server Tasks.
3. To view various tools related to server tasks, from the Tools pane, click
Task, User, Ports, and Server.
4. Click Server Console.
5. To start a live console session, click the Live button.
6. In the Domino Command text box, type
show server.
7. Click Send to see the results of the command.
8. Click Stop to stop the live console session.
9. Select the Analysis tab.
10. Expand the Hub’s Log section and click Miscellaneous Events view.
Note: The server automatically creates the Domino Server Log

file (log.nsf) during server startup and records server activities,
such as:
● Mail routing events
● Replication events
● Server phone calls
● Session information
● Miscellaneous events
● Database activity
11. Click the Expand All button.

12. Double-click to open the document with the most recent date and time to
view the recorded server process activity.

Step Action
13. To close the document, click the Close button.
14. Select the Monitoring tab.
15. To begin server monitoring, click the Start button.
16. To monitor a new task, click Monitoring→Monitor New Task.
17. Scroll down and click the Statistic Collector task, and then click OK.
Note: The Statistic Collector task collects data displayed on the

Monitoring tab.
18. Click to scroll the Tasks pane to verify that the Statistic Collector task has
been added.
Note: Resize the pane to see the new task.
19. To monitor a new statistic, click Monitoring→Monitor New Statistic.

20. In the Add Statistic(s) to this profile dialog box, expand Disk. Expand E,
and click Free.
21. Click OK.
22. Scroll to the right to view the Free column.
23. Select the Performance tab.
24. To display a chart of monitored statistics, click Realtime Statistics.
25. Click Performance Monitor→Add Statistic.
26. To display the disk drives in the Add Statistics dialog box, scroll down and
expand the Disk statistic.
27. To view the disk statistics, expand the C drive.
28. Click Free, and then click Add.
29. Behind the dialog box, statistics appear in the chart. Click Size, and then
click Add.
30. Size statistics appear in the chart. Click OK.
31. Click Start.
Note: This starts the monitoring process. Displaying statistics may

take several minutes.
32. Observe the statistics on the chart. Click Stop.

Step Action
33. What information is stored in the Domino Server Log file (log.nsf)?
a) Server activity
b) User activity
c) Replication activity
d) Database activity
34. Where can you view server statistics?
a) Performance tab→Activity Trends
b) Server tab→Statistics tab
c) Server tab→Monitoring tab
d) Server tab→Analysis tab
35. Statistics are available on which of the following tabs?
a) Performance tab
b) Statistics tab
c) Status tab
d) Monitoring tab
Tasks on the Messaging Tab

From the Messaging tab, administrators can:
● Monitor mail routing and issue commands to control mail routing.
● View mail routing topology maps.
● Track messages and generate reports on messages sent by users.

Activity 2-6: View the Messaging Tab

Scenario
As an administrator, you should be familiar with the functions on the Mes-
saging tab of Domino Administrator because these tools may be useful in
troubleshooting mail routing issues.
Follow these steps to view the Messaging tab.
Step Action
1. Select the Messaging tab.
2. On the Mail tab select Mail Users. Expand Hub/SVR/WWCorp to see a list
of users grouped by the mail server.
3. Locate your Person document.
4. To view any messages waiting to be routed, click Hub Mailbox (mail.box).
5. To view the dead mail and waiting mail, select Mail Routing Status.
6. After a moment, statistics are displayed. Verify there is no dead or waiting
mail.
7. To see the available mail routing tools, under Tools, expand Messaging.
8. In the Messaging tab→Mail tab, what information will you be able to view?
a) Mail information
b) Routing information
c) Shared information
d) Tracking information
9. To view a visual representation of the mail system structure, you would
select which of the following?
a) Messaging tab→Mail tab→Server Mailbox (mail.box)
b) Messaging tab→Mail tab→Mail Routing Topology→By Connections
c) Messaging tab→Tracking Center tab
d) Messaging tab→Mail tab→Mail Routing Topology→By Named Networks

Lotus Domino Replication

A process called Domino replication keeps the replica copies of the Lotus
Domino Directory and other Lotus Domino applications synchronized
throughout the domain. Lotus Domino replication is the process of
exchanging modifications between two database replicas so that the same
database may be updated and shared by many users in different locations
accessing different servers.
Tasks on the Replication Tab

From the Replication tab, administrators can:
● View the replication schedule for a server.
● View Replication Events that have previously occurred.
● View Replication Topology maps.

Activity 2-7: View the Replication Tab

Scenario
As an administrator, you should be familiar with the functions on the Repli-
cation tab of Domino Administrator to utilize the available tools when
troubleshooting replication issues.
Follow these steps to view the Replication tab.
Step Action
1. Click the Replication tab→Replication Events view.
2. Click Replication Schedule.
3. To see a map that represents the servers with which Hub/SVR/WWCorp is
scheduled to replicate, select the Replication Topology section→By Con-
nections view.
Tasks on the Configuration Tab

From the Configuration tab, administrators can change the following set-
tings:
● Server
● Messaging
● Replication
● Directory
● Web server
● Monitoring Configuration
● Cluster
● Offline Services
● Certificates
● Miscellaneous

Lotus Domino Directory Documents

Some items to remember when working on the Configuration tab include:
● Each server in the domain has a Server document that contains infor-
mation about the server. Lotus Domino uses this information during
server startup and for security.
● Some server settings are stored in the Server document; others are
stored in Configuration Settings documents. Lotus Domino uses this
information during server startup.
● Information about how servers should establish connections is stored in
Connection documents. Lotus Domino uses this information in deter-
mining how to connect to another server for replication and mail routing.
● Information about other domain connections is stored in Lotus Domain
documents. Lotus Domino uses this information for replication and mail
routing.

Activity 2-8: View the Configuration Tab

Scenario
As an administrator, you should be familiar with the functions on the Con-
figuration tab of Domino Administrator because these tools may be useful
in troubleshooting configuration issues.
Follow these steps to view the Configuration tab.
Step Action
1. Select the Configuration tab.
2. Select the Server section→Current Server Document view. Note that:
● This view shows the settings for the selected server.
● Different settings appear on each tab in the Server document.
What ports are enabled on Hub/SVR/WWCorp?
3. In the Server section, select the All Server Documents view to see a list
of documents for all servers.
4. In the Server section, select the Configurations view to see a list of docu-
ments that control some server settings.
Locate the Configuration document(s) that apply to Hub/SVR/WWCorp.
5. In the Server section, select the Connections view to see a list of docu-
ments that define how and when servers connect.
6. Select the Messaging section→File Identifications to view a list of file
definitions.
Note: Use context-sensitive help to see more information about

this topic.
Caution: The Use Directory on drop-down box can dis-

play the Lotus Domino Directory on a server other than
the selected server. When using this option, make sure
the Lotus Domino Directory is not modified on the wrong
server.

Step Action
7. Under what other tabs did you see Connection documents?

D Topic D: Setting Administration

Preferences
Administration Preferences
Administration preferences allow customizing of the Lotus Domino Adminis-
trator work environment. These preferences include the following choices:
● The domains to administer.
● The type and order of file information displayed.
● The way in which Lotus Domino collects and displays server monitoring
data.
● The defaults to use when registering users, servers, and certifiers.

Topic D: Setting Administration Preferences
Activity 2-9: Set Administration Preferences

Scenario
As an administrator, you should be familiar with setting administrative prefer-
ences in Lotus Domino Administrator.
Follow these steps to set the default settings for administering servers from
Domino Administrator.
Step Action
1. Select File→Preferences→Administration Preferences.
2. For Basics, select the WWCorp domain from the list, and click Edit.
3. Verify the Domino Directory server as Hub/SVR/WWCorp.
4. Verify that Do not change location is selected and click OK.
5. Click Monitoring, verify that Monitor servers From this computer is
selected.
6. In the Poll servers every x minutes, verify that 1 is entered.
7. Select Automatically monitor servers at startup.
8. Click OK to close the Administration Preferences dialog box.

Practice Activity 2-10: Record Current

Settings
Scenario
As an administrator, you should be familiar with recording current settings
from the Lotus Domino Administrator client.
From your Lotus Domino Administrator client, find and record the following
information.
1. What is your Short name?
2. Where is your mail file located?
3. What client platform are you using?
4. On what tab can you find your attached ID?
5. How many groups are in the directory?
6. Of how many groups are you a member? (Hint: Use either the Manage
Groups tool or an action button).
7. What is the total number of mail users on the classroom server?

Topic D: Setting Administration Preferences
8. What is the instructor’s server title?
9. What routing tasks does the instructor’s server perform?
10. What is the instructor server’s operating system?

Lesson Summary
In this lesson, you performed basic administrative tasks in IBM Lotus
Domino Administrator. Gaining the hands-on experience needed to accom-
plish tasks on the job will enable you to administer and support the Lotus
Domino environment.

3 Examining IBM® Lotus® Notes®
and IBM® Lotus® Domino®
Security
■ Topic A: Identifying IBM® Lotus® Domino® Security Components
■ Topic B: Designing a Hierarchical Naming Scheme
■ Topic C: Authenticating with IBM® Lotus® Domino® Servers
■ Topic D: Controlling Access to Resources
■ Topic E: Determining Database Access Levels
■ Topic F: Determining Workstation Security Levels

Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Introduction
Security mechanisms must be in place to ensure proper access to Domino
servers and server components. By defining IBM® Lotus Notes® and IBM®
Lotus® Domino® security, you should be able to effectively control access to
a Lotus Notes and Lotus Domino environment.
● Identify components of the Domino security implementation.
● Design a hierarchical naming scheme.
● Locate and view certifiers.
● Determine how Domino security mechanisms control server access lev-
els and access to other resources.
● Determine database access levels.
● Determine workstation security levels.

A Topic A: Identifying IBM® Lotus®

Domino® Security Components
IBM Lotus Domino Terminology

The Lotus Domino architecture and security model relies on various struc-
tures and requirements. It is helpful to be familiar with the Lotus Domino
vocabulary to properly support an implementation.

Topic A: Identifying IBM® Lotus® Domino® Security Components
Practice Activity 3-1: Review IBM Lotus

Domino Terminology
Scenario
As an administrator, you should be familiar with Lotus Domino definitions
and terms.
The following terms and definitions are important Lotus Domino security
concepts. Write the correct term or definition.
1. Define the term hierarchical naming.
2. What term is defined as a collection of servers and users that share a

single Domino Directory?
3. Define the term organization.
4. Define the term organizational unit (OU).
5. What term is defined as a central application in the Lotus Domino

domain, which contains information about users and servers, and exists
on every server in the domain?
6. Define the term Access Control List (ACL).

7. What term is defined as uniquely identifying the users and servers to

Lotus Notes and Domino and is assigned to every user and server? It
also contains an electronic stamp created by a certifier.
Lotus Domino Domains

Lotus Domino uses specific structures and terms to define the organization
of the Lotus Domino environment. A domain is a collection of servers and
users that share a single Lotus Domino Directory. The primary purpose for a
domain is mail routing. The domain name is typically the company name.
Note: Lotus Domino domains are not related to NT or Internet domains. However,
many organizations choose to use the NT or Internet domain name as their Lotus
Domino domain name for consistency.
Single versus Multiple Domains

Although it is possible to have several domains within an organization, most
companies will define themselves as a single domain because single
domains:
● Simplify the process of addressing mail.
● Optimize mail routing.
● Are easier to maintain than multiple domains.
Note: Lotus Domino domain names should not have a period (.) in the name.
Organizations
A Lotus Domino organization defines the naming hierarchy for a Lotus
Domino environment, which is used for security. The organization name can
be the same as the domain name, or another name, such as a shortened
version of the company name.

Topic A: Identifying IBM® Lotus® Domino® Security Components
Note: Most companies will set up one organization and one domain. However, a
company may create multiple organizations to separate different departments or
divisions for security or administration purposes.
Figure 3-1:
Organizational Units
An Organizational unit (OU) generally define an organization’s hierarchy as
it relates to people. OUs are the next level down from the organization and
usually represent geographical or departmental names.The following figure
shows an example of an organizational unit.
Figure 3-2: Example of an Organizational Unit
Certifiers
The Lotus Domino organization certifier is a special file created at the time
the first Lotus Domino server is set up in the company. It is the top of the
hierarchy and is used to certify the resources in the entire infrastructure.
Administrators can use the organization certifier to register other certifiers
which, in turn, can be used to register users, servers, or other certifiers.

The WWCorp Organization Certifier

The /WWCorp organizational unit certifier stamps:
● User: Doctor Notes
● Server: Hub
● Other certifiers to be discussed later in the lesson.

Topic B: Designing a Hierarchical Naming Scheme
B Topic B: Designing a Hierarchical

Naming Scheme
Hierarchical Naming
Lotus Domino uses hierarchical naming, based on X.500 standards, to guar-
antee unique user and server names across a large network. Hierarchical
naming associates names with the certifiers in an organization.
Components of a Hierarchical Name

The format of a hierarchical name is CN/OU4/OU3/OU2/OU1/O/C (for
example, Sarah Forbes/Toronto/Acme/CA).
The following table describes the components of a hierarchical name.
Component Description Characters Required

Common Name The person’s full first and 80 maximum Yes
(CN) last names, or the server
name
Organizational Typically, a department or Up to 32 per No

Unit Name (OU) location name OU
Organization Typically, a company 3 to 64 Yes

Name (O) name
Country (C) ISO standard two-letter 0 or 2 No

abbreviation for the coun-
try and top-level location
Note: Since the country code is part of the fully distinguished name, each certifier
that uses a country code is a different certifier, even though the organization name
is the same.
For example, if Worldwide Corporation decides to use country codes, there

could be three organization certifier IDs as follows:
● /WWCorp/US
● /WWCorp/CA
● /WWCorp/FR

Practice Activity 3-2: Determine Hierarchical

Names
Scenario
As an administrator, you should be able to determine hierarchical names
using the hierarchical naming example. To do this, answer the following
questions.
1. What is the full hierarchical name for Marcus Frank in HR?
2. What is the full hierarchical name for Marcus Frank in Sales?
3. What is the full hierarchical name for Pedro Lopes?
4. What is the full hierarchical name for Hub?
5. What is the full hierarchical name for East01?
6. What is the full hierarchical name for Gwen Carter?

Recommendations for Spaces in Hierarchical Names

When creating hierarchical names, do not include spaces in any of the fol-
lowing components:
● A server’s common name
● Organization name
● Organization unit name
Hierarchical Naming Example

Two users with the same name, Marcus Frank, work for Worldwide
Corporation. One works for the Sales organization in the East regional
office. The other is a member of the Human Resources department in the
West regional office.
The following figure shows how the two people with the same name are dis-
tinguished using hierarchical naming.
Figure 3-3: An example of hierarchical naming

If the user happens to be in the same organizational hierarchy, a middle ini-
tial or an organizational unit unique to the user can be used.
Organizational Unit Naming Recommendations

A hierarchical name can comprise up to four organizational units. The rec-
ommendation is to use the minimum required for unique naming.

Consider the following options for creating organizational unit certifiers when
designing the hierarchical naming scheme.
Criteria Description
Location Each locale has a separate Organizational Unit (OU) for
local administration of servers and users. Use this as an
alternative to using the country code name component. The
site or country abbreviation easily identifies the geographic
location of the server or user.
Department Each department has a separate OU, which keeps the

Domino naming scheme directly in sync with the corporate
organizational chart.
Work groups Most often used to distinguish two users with the same
name who work in the same department.
Note: Typically, a company would use the OU1 to indicate the user’s location, then
use the OU2 for the department. Workgroups are typically only used to distinguish
two users from the same region that are in the same department.
Department or workgroup OUs are not recommended if users move between depart-
ments frequently.
When determining these names, use the following guidelines:

● Use short descriptive names.
● Do not include spaces.
● Create a separate OU for servers for administrative control.
● Use three or fewer levels of OUs in the hierarchical naming scheme.
Separate Server OUs

The following table describes the benefits for creating a separate server OU.
Benefit Description
Cross- If two organizations wanted servers to be cross-certified,
certification but did not want users to be cross-certified, then having
each organization’s servers in a separate OU would allow
the creation of a server OU to server OU cross certificate.
Since the cross certificate would be server OU to server
OU, no end user from either organization would be allowed
to directly access servers in the other organization. How-
ever, the servers would be allowed to authenticate and
replicate.

Benefit Description
Administration If the organization decided to use a unique OU for server
control registration, and that OU is tightly controlled by an upper
level administrator, the likelihood of having a renegade or
unauthorized server show up is reduced. Any server regis-
tered with a different OU will be readily apparent to
administrators through various views of Domino
Administrator.
Server Naming Recommendations

The server’s common name should:
● Be a short, descriptive name.
● Contain an abbreviation for the region where it resides.
● Not contain any spaces.
● Be easily expandable.
● Be easily recognizable for the tasks the server performs.
For example:
● Hub servers in the East might be named as follows:
EastHub01, EastHub02, EastHub03, and so on.
● Mail servers in the West might be named as follows:
WestMail01, WestMail02, WestMail03, and so on.
Note: Planning server names is particularly important, as it is a time-consuming and

difficult process to change a server’s name. Carefully consider the guidelines when
naming a server.

Server Host Names and Common Names

The server’s common name can be the server’s fully qualified Internet host
name (for example, Hub). Consider the following factors in deciding which
format is best for the company.
● Use the Internet host name in the Lotus Domino server common name
if clients accessing the server are:
■ On the Internet.
■ On a large distributed TCP/IP intranet.
■ In foreign Lotus Domino domains on a TCP/IP intranet, and server
address sharing between the domains is not practical.
● Use the simple Lotus Domino server common name if clients accessing
the server are:
■ Primarily in the same Lotus Domino domain or in a domain that will
share server address information with the domain.
■ Rely heavily on network protocols other than TCP/IP.
■ Require special server naming conventions better suited to the
company.
User Naming Recommendations

Typically, a user’s common name is the user’s first name and last name.
The user’s common name is used for internal mail addressing and deter-
mines the user’s Internet address.
Note: Lotus Domino includes an administrative tool to change a user’s common

name, or the user’s place in the hierarchy, for example, under the following circum-
stances:
● A user’s marital status changes.
● A user moves to a different department.
The following table provides an example of user naming conventions.
Type Suggested Syntax Example

Lotus Domino Firstname Lastname/ Maria Lopez/Sales/East/
mail address- OU2/OU1/O @Domain WWCorp@WWCorp
ing

Type Suggested Syntax Example

Internet Mail username@company.
addressing com Where username is
one of the following:
● FirstinitialLastname ● MLopez@wwcorp.com
● Firstname_Lastname ● Maria_Lopez@wwcorp.com
Use of middle initials

Since most people often do not know a user’s middle initial, it is rarely used.
Other reasons for avoiding middle initials include:
● The format may vary. Some administrators might use a separator, like a
period (.), and some may not, causing inconsistent names.
● A differentiating OU is a better choice to ensure a unique name.
Planning a Hierarchical Naming Scheme

It is extremely important to properly plan a naming scheme for any
organization. The entire security structure is based on the information pro-
vided at the time of the first server implementation.
To plan a naming scheme for an organization, carefully consider:
● Organization name, which should be a short and easy name. Many
organizations choose to use their Internet domain or company name.
● Organizational Units:
■ Should provide an easy and simple method to organize user and
server names. Multiple OU levels may be more difficult to manage.
■ Can be used for providing unique names.
● A strategy for distinguishing identical names in the same organizational
hierarchy should be determined during the planning stages.
How to Design a Hierarchical Naming Scheme
Procedure Reference: Designing a hierarchical naming

scheme
Follow these steps to plan the hierarchical naming scheme for the Lotus
Domino environment.
1. Choose a domain name.
2. Choose an organization name.
3. Decide whether or not to use country codes.

4. Determine organizational units based on the company’s structure.

5. Determine server naming conventions.
6. Determine user naming conventions.

Practice Activity 3-3: Design a Hierarchical

Naming Scheme
Scenario
Worldwide Corporation has assigned you the task of designing a hierarchi-
cal naming scheme. As an administrator, first you need to determine how to
divide organizational units for Worldwide Corporation. To do this, answer the
following questions.
1. How should organizational units be divided: geographically, departmen-

tally, workgroup, or by some other criteria?
2. How many levels of organizational units are needed?

3. Should the servers and users be segregated, or kept together?
To create an organizational chart for Worldwide’s servers and users use

the following guidelines:
● Place the name of the organization in the top row.
● Place the first level of organizational unit in the next row.
● Place subsequent levels of organizational units, if any, below par-
ent levels.
● Place users and servers in the lowest level.
Use the following blank organizational chart as a guide. The number of

levels and number of boxes in this chart are not indicative of the final
result.

Topic C: Authenticating with IBM® Lotus® Domino® Servers
C Topic C: Authenticating with IBM®

Lotus® Domino® Servers
Security Controls
Security controls determine access to servers and resources in the Lotus
Domino environment.
Use the controls to:
● Allow access to authorized users and servers.
● Block access for unidentified or specific users and servers.
The process of accessing information involves two levels of security:
● Authentication
● Access controls
Authentication establishes trust between two entities. Once trust is estab-
lished, access controls determine what information is available to the
entity. An entity can be a server or a client.
Bank card example

To gain access to bank account information, authentication occurs through
the use of:
● A bank card containing user account information.
● A Personal Identification Number (PIN) identifying you as the owner of
the card.
The PIN, along with the card, match the account information stored in the
bank. Therefore, the bank trusts that you are the owner of the card. You are
allowed access to the account. By using the bank card, you are also trusting
that the bank will provide the correct access. This establishes two-way trust.
Once you have gained access to the account, you are allowed access to
specific information based on the type of account you have. The type of
account determines the level of access. This is similar to access controls
that can be set on entities such as servers, clients, or databases.

Certificates and ID Files

Authentication is controlled by certificates that identify and verify the entity
connecting to the server. A certificate is a unique electronic stamp stored in
an ID file that associates a name with a public key. An ID may have many
certificates.
A certifier ID is a file that generates the electronic stamp to indicate a
trusted relationship. Certifier IDs result when entities, such as organizations
and organizational units, are created during the registration process.
Note: The certifier ID does not provide access to anything. It acts as an electronic
stamp to validate other IDs. The certificate is the stamp left on the ID by the process
of certification. The certificate uses an electronic signature from the certifier to asso-
ciate the user or server’s name with the user or server’s public key. For example, a
certificate from /WWCorp issued to Inga Neste/Sales/WWCorp means that according
to /WWCorp, Inga Neste/Sales/WWCorp has a specific public key that is stored in
the certificate.
Types of Certificates
The two types of certificates are:
● Notes certificates: Stored in a Lotus Notes or Domino ID file that
associates a name with a public key. Certificates permit users and serv-
ers to access specific Lotus Domino servers.
● Internet (X.509) Certificates: Let a user access a server using SSL
client authentication or send an S/MIME message. Internet certificates
can be stored in the Lotus Notes ID.
Note: Certifier IDs and certificates are created on the server. However, they should
be moved to a very secure location, rather than left on the server. For example,
copy the ID to a diskette and lock in a cabinet.
ID Files
A Lotus Notes ID identifies a user or server to Lotus Domino systems. The
user and server registration process creates a unique ID.
Note: The password is used to encrypt the private key and optional encryption keys
as well as to access the ID file.

Types of ID Files
There are several types of ID files used in the Domino environment:
● The certifier ID file allows an administrator to certify Notes users with
hierarchical names. The certifier ID file stamps server, user, and other
certifier IDs with its certificate.
● The user ID file is created by the administrator and contains information
that Notes uses to identify a user. The file contains certificates, and the
the name of the ID owner.
● The server ID file is created by the system administrators and stores
IDs on the server.
Components of an ID File
An ID file contains information to identify the owner of the ID in order to
determine access to resources in a domain. Each user or server ID contains
the following information:
Note: The password is used to encrypt the private key and optional encryption keys
as well as to access the ID file.

Common Certificates
In order to authenticate, each side (server and client or server and server)
must have a common certificate. A common certificate is a certificate
derived from the same Lotus Notes or Internet (X.509) certifier, or one of its
ancestors in the organizational hierarchy.
Example of two organizations

Worldwide Corporation created another organization called Earth after
acquiring a new regional office. They wanted to restrict access to Earth until
the office was up and running.
The following figure shows IDs containing certificates. The certificates in the
same organizational hierarchy (WWCorp) can authenticate with one another.
A certificate from another organizational hierarchy (Earth) cannot authenti-
cate with a Worldwide server.
In the following example, Marcus Frank can authenticate with the APPS
server. But Corretta Juarez in the regional office (Earth) cannot authenticate
with APPS because they do not have a common certifier or ancestor.
Figure 3-4: Certificates and Hierarchies

How Certificates are used in Authentication

Server settings control required access to the server by specifying authenti-
cation levels. The following table explains the strong authentication methods
used.
Authenticate Using
In the Lotus Notes/Lotus Domino envi- Lotus Notes certificate
ronment
Between Lotus Domino and other Internet (X.509) certificate

applications using Internet protocols
In the Lotus Notes/Domino environ- Lotus Notes and Internet (X.509) cer-
ment and outside the Lotus Domino/ tificate (with S/MIME to sign Internet
Notes environment messages between different mail
Example: Internet e-mail to a Lotus packages)
Notes client
The following figure illustrates authentication.
Figure 3-5:

Other authentication methods

In addition to Strong authentication using Lotus Notes and Internet certifi-
cates, the other types of authentication are:
● Anonymous: No credentials. Examples of Anonymous access include
Web pages for advertising and catalogs.
● Simple: User name and password. Can be used for customers to
access information about their own orders or shipments.

Activity 3-4: Identify and Locate Certifiers

Scenario
Worldwide Corporation has established a domain in place. As an administra-
tor, you should be aware of what certifiers exist in your Domino
environment.
Follow these steps to view certificates and answer the questions.
Step Action
1. Select the Configuration tab→Certificates section→Certificates view.
2. Expand the Notes Certifiers section and WWCorp.
3. Double-click /WWCorp to open the certificate.
4. Click Cancel to close the certificate.
5. What is the first Internet Certificate?

D Topic D: Controlling Access to

Resources
Introduction to Lotus Domino Access Controls
Lotus Domino controls secure information so it is only available to those
who require it. Lotus Domino provides settings to selectively control access
to server resources. Controls can be placed on many levels: the server,
database (including information in fields on a form), agents, applets, and
Web pages.
The controls used depend on the security level required for applications and
the user access required. Many of the decisions involving application
deployment are made by the developer. However, security is often imple-
mented by the administration staff. There are many settings in the Lotus
Domino Server Configuration Settings documents that control access to the
application.
Access Control Lists

An access control list (ACL) determines access to a given database, and
the type of access allowed. Every Domino application has an Access Con-
trol List.
Roles
A role identifies a set of users and/or servers. Roles only apply to the data-
base in which they are created.
How IBM Lotus Domino Controls Access

Lotus Domino uses roles and an Access Control List to control access to
databases.
The following table describes how Lotus Domino controls access.

Topic D: Controlling Access to Resources
Access to... Is controlled by...

Server, including Lotus Notes clients, ● Server settings and restrictions
Web clients, and other Lotus Domino
● Settings that allow and deny access
servers
to users, servers, Lotus Notes, and
Web clients
● Restrictions that allow or deny
access to server software and
applications
● Groups
Domino file folders File folder access controls and restric-

tions
Run Java applets Server restrictions
Run Lotus Domino agents (programs Server restrictions

that perform specific tasks within a
database, such as sending mail mes-
sages)
Databases ● Access control lists (ACLs)

● Forms and views ● Groups
● Documents ● Roles
● Fields ■ Subsets of users or servers in an
ACL
■ This adds an additional level of
access control over those
already controlled by the ACL
● Encryption, for field control
Web pages Web server controls

Stages of Access Control

The following graphic shows the stages of access control that can be set on
specific Lotus Domino Components.
Figure 3-6: Stages of access control

The following table describes the access control stages.
Stage Description
1 Successful authentication extracts the name in the Person document
(ID file). The name is then checked against the server, file, database,
data, and field access.
2 Server access: Name is checked in Server Restrictions or Deny

Access for access to the server.
3 File access: Name or group is allowed access to the server’s file

folders.
4 Database access: Name is checked for access to the database.
5 Data access: Name is checked for view, form, read, and edit access
to the document in the database.
6 Field access: ID is checked for the appropriate encryption key to

access the field in the document.

Settings in the Server document determine who has access to specific

components. For example:
● Administrators may have access to monitoring tools while users may
not.
● Some users may have permission to run agents.

Activity 3-5: Identify Server Access

Scenario
Worldwide Corporation has enabled some security mechanisms in the
Domino environment. As an administrator, you need to be aware of what
security mechanisms are currently in use.
Note: If you have questions regarding the settings, use the context sensitive Help.
Wildcards can be used for a group of servers; for example: */SVR/WWCorp.
Follow these steps to complete the activity. Document the current Worldwide
security settings and answer the questions.
Step Action
1. Select the Configuration tab→Server section→Current Server Document
view.
2. Select the Security tab.
3. For the Administrators section, who are the authorized administrators?
4. In the Security Settings section, does the server allow Lotus Notes users to
access anonymously?
Yes
No
5. In the Security Settings section, does the server verify the user’s public key
before allowing access?
Yes
No
6. Scroll to the Server access section. Who can create new databases on the
server?
7. In the Server access section, who can use monitors?
Note: Open the document in edit mode and use field help.

Step Action
8. Scroll to the Programmability Restrictions section. Who can run unrestricted
methods and operations?
9. In the Programmability Restrictions section, who can sign agents to run on

behalf of someone else?
Security Using Groups

The following table provides examples of what groups can be used to do.
Use Example
Provide a group of users with LocalDomainAdmins: Allows administrators
access to a database. full access to the Lotus Domino Directory.
Provide a group of servers with LocalDomainServers: Allows servers

permission to replicate a access to Administration Requests.
database.
Deny a group of users access to Group of terminated employees: Restricts

a server or database. access of specific employees to sensitive
corporate information.
Examples of group access

Administrators create and maintain groups in the Lotus Domino Directory.
The database administrator is subsequently responsible for providing the
appropriate level of access and security to each database.
For example, Worldwide Corporation has the groups listed in the following
table. Each group has access to a database relevant to its responsibility
within the company.
Database Group Access

Personnel records ● Individual users ● Reader access to own
documents only
● Reader access to
● Department managers
documents of all sub-
ordinates

Database Group Access

Policies ● HR staff ● Editor access to all
records
● Corporate staff ● Reader access to all
documents
Allowing access to parts of the hierarchy

Users and servers in specific parts of the Domino hierarchy can be
assigned access by using a wildcard (*). For example, assigning access for
*/East/WWCorp allows access to all users in the Organizational Unit East
without creating a group.
Group Types
Group types are used to define the purpose of the group and determine
the views in the Domino Directory where the group name appears.
For example, the group of terminated employees appears in the Deny List
view, and access control groups appear in the Access Control view.
Using specific group types improves performance by reducing the size of
view indexes in the Domino Directory.
The following table describes the purpose of various group types.
Group Type Purpose

Multi-purpose Multiple uses; for example, mail, ACLs, and so on
Access Control List Adding to ACLs

only
Mail only Mailing list groups
Servers only Server groups
Deny List only Terminated users or other users

Note: Deny List groups appear in a different listing

Best Practices for Creating Groups

The most effective way of allowing or denying access to a server is to cre-
ate and maintain appropriate groups. To do this:
● Assign a group name that identifies the content. For example:
■ The region in which the entries are located
■ Global if it is a group that contains names that span the entire
organization
● Nest groups for easier maintenance.
Caution: Too many nested groups may cause confusion and be cumbersome to
manage.

Activity 3-6: Determine Group Access To

the Server
Scenario
Worldwide Corporation allows server and administration access using
groups. As an administrator, you should be able to determine which groups
have access to the server and which groups can administer the server.
Follow these steps to determine which groups have access to the server
and which groups can administer the server, and answer the questions.
Step Action
1. Select the People & Groups tab→Domino Directories section.
2. Select WWCorp’s Directory→Groups.
3. Open the Administrator group (LocalDomainAdmins).
4. Who are the members in the Administrator group (LocalDomainAdmins)?
5. Click Cancel to close the group.

6. Select the Configuration tab→Server section→Current Server Document
view→Security tab.
7. After reviewing the Security tab in the Current Server Document, do any
groups have administration capabilities on the server?
8. Scroll to view the Server Access section.

9. After reviewing the Server Access section, do any groups have access to
the server?

Topic E: Determining Database Access Levels
E Topic E: Determining Database Access

Levels
Access Control List Levels

The following table lists the access levels for Lotus Domino.
Level User Access Server Access

No Access No access to the database No access to the database
(except, optionally, for a special
class of documents called pub-
lic documents)
Depositor Can create documents in the Cannot replicate

database, but cannot read, Note: This ACL level is not
edit, or delete documents, normally assigned to servers.
including those they create
Reader Can read documents, but can- ● Can replicate to receive only
not create, edit, or delete (not send documents)
them
● Minimum access for servers
to get data
Author Can create and read docu- ● Can replicate new docu-
ments, and edit own ments, but cannot modify
documents if Authors fields documents
are used
● Minimum access for servers
Note: Designers can modify a
to send data
database to allow users to
edit their own documents. Note: This ACL level is not
normally assigned to servers.
Editor Can create, read, and edit all Can replicate all new and
documents changed documents
Designer Can modify the database Can replicate all new and
design, but cannot modify the changed documents, and repli-
ACL or delete the database cate design elements
Manager Can perform all operations on Can replicate ACL changes as

the database, including well as all document and
changing ACLs and deleting design changes
the database

Activity 3-7: Identify Access to the IBM

Lotus Domino Directory
Scenario
Worldwide Corporation has an active Domino Directory structure in place.
As an administrator, you should be able to identify which groups have
access to the IBM Lotus Domino Directory.
Follow these steps to determine which groups have access to WWCorp’s
directory and what type of access they have.
Step Action
1. Select the Files tab.
2. Open WWCorp’s directory.
3. In the About Domino Directory document, click Close this document to
view the database.
4. Select File→Application→Access Control.
5. Record the server group names and access.
6. Record the Person group names and access.
7. Record individually defined names and access.
8. Click Cancel.
9. Close the WWCorp’s Directory database.
10. Using available help information, define a role.

Topic E: Determining Database Access Levels
Activity 3-8: Test Security

Scenario
As the administrator, you will need to be familiar with testing security in the
Lotus Domino environment. Follow these steps to test security.
Step Action
1. Exit Lotus Domino Administrator and Lotus Notes and re-open Domino
Administrator.
2. Students who can access the server, try to open the Domino Directory and
select the People & Groups tab.
3. Why are some not able to access the server or the Domino Directory?

F Topic F: Determining Workstation

Security Levels
Execution Access
Protect user workstations by specifying different types of execution access
for different people or organizational certifiers who run Notes scripts and
formulas. For example, assign all types of execution access to a Lotus
Domino administrator, but allow no execution access to unsigned scripts or
formulas.
Note: By default, scripts and formulas, whether signed or unsigned, do not execute
on a workstation without displaying a warning message. However, scripts and formu-
las created using a Lotus Notes template, and signed “Lotus Notes Template
Development/Lotus Notes” have complete execution access.
The Execution Control List

The default Execution Control List (ECL) defines workstation security for
the Lotus Notes client. If a group is not specified in the ECL, Lotus Notes
warns the user when an application attempts to run on that client. The fol-
lowing screen shows a sample ECL.
Figure 3-7: Execution Control List

Topic F: Determining Workstation Security Levels
Lesson Summary
In this lesson, you managed IBM Lotus Notes and Lotus Domino security.
Understanding the process of ensuring proper access to Domino servers
with security mechanisms in place will allow you to effectively control access
to a Lotus Notes and Lotus Domino environment.

4 Examining IBM® Lotus®
Domino® Mail Routing
■
■
Topic A: Introducing IBM® Lotus® Domino® Messaging
Topic B: Designing a Mail Routing Topology

Lesson 4 ■ Examining IBM® Lotus® Domino® Mail Routing
Introduction
IBM® Lotus® Domino® supports two mail transfer protocols; Lotus Domino’s
native routing protocol, NRPC (Notes Remote Procedure Calls), and the
Internet standard, SMTP (Simple Message Transport Protocol).
Note: This lesson covers only intranet mail routing.

● Describe Domino mail routing.
● Design a mail routing topology.

A Topic A: Introducing IBM® Lotus®

Domino® Messaging
Notes Named Networks

Servers that meet the following criteria can be members of the same Lotus
Notes Named Network (NNN):
● Are in the same Domino domain.
● Share a common Local Area Network (LAN) protocol.
● Can maintain a constant connection on the same LAN or bridged/routed
Wide Area Network (WAN).
NNN best practices

Servers that meet the criteria can belong to the same NNN. However, con-
sider separating servers into different NNNs under the following
circumstances:
● To control when mail routes between servers:
Administrators may want to control when mail routes between servers
rather than allow mail to route automatically, as is the case between
servers in the same NNN.
● To reduce network traffic between regions:
Regional administrators would instruct users to access applications on
servers in their own region.
Mail Routing and Notes Named Networks

Mail routing occurs automatically between servers in the same NNN.
To enable communication between servers in other Lotus Notes Named
Networks, configure Connection documents. Connection documents include
specific connection information, such as server definitions, delivery schedule
requirements, and message queue lengths.
When routing mail between servers in separate NNNs, each mail server
requires a Connection document.

Mail Routing Protocols

It is possible to use a combination of SMTP and NRPC within an
organization. For example, Worldwide Corporation could route mail within
the company intranet using Lotus Domino’s native routing protocol, NRPC,
and route mail to the Internet using the SMTP protocol.
The following table defines the mail routing protocol options in Lotus
Domino and the connection ports they use.
Protocol Definition Port

NRPC Notes Remote Procedure Calls. NRPC can 1352
be set up to route mail within a Lotus Domino
domain and to route mail between Lotus
Domino domains.
SMTP Simple Messaging Transfer Protocol. SMTP 25

is an industry standard Internet routing protocol
which is native in Lotus Domino.
Note: SMTP supports the TCP/IP protocol only.
Note: NRPC uses port 1352 for server-to-server and server-to-client communica-
tions, not just mail transport.
Using NRPC vs. SMTP

Use the following guidelines when determining which protocol to use.
● Use SMTP alone under these circumstances:
■ For Internet communication.
■ If Lotus Domino is being used for mail only.
● Use NRPC to take advantage of these Lotus Domino features:
■ Sending document and database links via e-mail.
■ Lotus Notes public key security.
■ Mail-enabled workflow applications.

Mail Routing Components

Mail routing is one of the key features for many Lotus Domino
implementations. The Domino mail files and tasks work together to provide
a consistent and reliable messaging environment. These messaging compo-
nents include:
● Mail file
● Mail server
● Mailer (IBM® Lotus Notes® clients)
● Lotus Domino Directory
● Mail.box
● Router task
The following information describes the mail components and their interac-
tion in mail routing.
Mail component definitions

The following table describes the key components of Domino messaging.
Term Definition
Mail file The Domino application in which the user creates, sends,
retrieves, and stores mail messages.
Mail server A user’s mail server is the server where the user’s mail file
resides and is specified in the Person document in the Domino
Directory.
Mailer The Mailer resides on the workstation and performs these tasks:
● Verifies the existence and spelling of the name(s) if the recipi-
ent is listed in the Domino Directory.
● Converts the message to Multi-purpose Internet Mail Exten-
sions (MIME), if necessary.
● Deposits the message in Mail.box on the sender’s mail
server.
Domino Direc- The Domino application that stores information about the send-
tory er’s (and possibly recipient’s) mail server, mail file system, mail
file name, mail address, and connections to other servers for
transfer and delivery.
Mail.box A special database that resides on every server used for mail
delivery. Mail is temporarily stored in Mail.box before the router
delivers or transfers the mail.

Term Definition
Router A server-based task that delivers and transfers mail. It checks
the Lotus Domino Directory for connections to other servers and
deposits mail in users’ mail files and other servers’ Mail.box.
Mail Settings that Affect Routing

Settings for servers and users control how and when mail routes. The fol-
lowing table introduces some of the messaging settings available in Lotus
Domino.
Settings Options
Server ● Messaging settings
● Connection documents
● Domain documents
● Configuration documents, including:
■ Inbound controls: SMTP controls for mail from the
Internet
■ Outbound controls: SMTP controls for mail to the
Internet
User ● Mail storage format

■ Native MIME (Multi-purpose Internet Mail Extensions):
Internet mail formats
■ Notes Rich Text: Lotus Notes and Domino format

The Mail Routing Process

Mail routing occurs automatically between servers in the same NNN, using
routing information in the Lotus Domino Directory.
The following graphic shows how mail is routed.
1. User creates and sends a mail message from the workstation.

2. Client Mailer program checks names in the directory .
3. Client Mailer puts mail in Mail.box on home server specified in

the user’s Location document.
4. Router task on home server polls Mail.box for new messages.
5. Router checks directory for routing information and for addresses on

the message and determines message route.
6. Router transfers message to Mail.box on next destination server.
7. Router task on destination server polls Mail.box for new messages.
8. Router checks directory for routing information for addresses on the
message.
9. Router delivers mail to recipient’s Mail file.

B Topic B: Designing a Mail Routing

Topology
Mail Routing Topologies

A mail routing topology establishes which servers are connected and how
they communicate specific information.
Lotus Domino identifies topologies for:
● Replication: Determines how to connect servers to exchange database
changes.
● Mail routing: Determines how to connect servers to send mail.
For example, the structure identified for sending mail between servers is a
topology.
Topology Types
A topology defines how mail servers are set up within an organization.
Types of topologies vary depending on the size and type of organization:
● Small firms (four or fewer servers): Use peer-to-peer mail routing, which
quickly disseminates mail to all servers.
● Mid-size firms (four to six servers): May use a combination of peer-to-
peer and hub-and-spoke.
● Large organizations (six or more servers): Use hub-and-spoke mail
routing.
Further information on mail topologies will be discussed later in this course.
Note: Implement hub-and-spoke topology for maximum efficiency with high volume
mail traffic and to allow for easier expansion, such as adding servers or clustering
servers.

Sample hub-and-spoke topology

The following figure shows an example of a hub-and-spoke topology.
Figure 4-1: Hub-and-spoke topology
Hub and Spoke Topology Considerations

Considerations for a hub-and-spoke topology include the following:
● Use hubs when there are six or more servers in the Domino domain.
● A hub machine requires considerable system resources (memory, disk
space, and network protocols).
● Use a cluster for hubs to provide failover.
How to Design a Mail Routing Topology

Designing a mail routing topology will assist you in ensuring that the servers
in a Lotus Notes and Lotus Domino environment are properly connected,
and that they communicate the appropriate information.

Guidelines
Below are some guidelines for designing a mail routing topology.
● Determine the number and server membership of Lotus Domino Named
Networks based on the network protocols in use.
● Determine the appropriate topology type based on the size and type of
the organization. For example, peer-to-peer, hub-and-spoke, end-to-
end, or hybrid.
● If using hub-and-spoke:
■ Determine the number of hubs and the appropriate system
resources for each hub.
■ Determine if clustering the hubs is necessary.

Activity 4-1: Design a Mail Routing

Topology for Worldwide Corporation
Scenario
Worldwide Corporation administrators need to design a mail routing topol-
ogy that supports the hardware configuration, network protocols in use, and
types of Lotus Domino servers in place. The following table provides the
Worldwide Corporation hardware configuration. As an administrator, you
should be familiar with designing a mail routing topology.
Follow these steps to design the topology and determine the possible
connections.
Location Systems Network

Corporate Headquarters ● One large mainframe Running TCP/IP through-
(HQ) running Lotus Domino out the building
mail and other busi-
ness applications
● System has additional
capacity and network
bandwidth
Eastern Region Three departmental serv- ● LAN connections

ers: among all servers
● One running only ● Lotus Domino server
Lotus Domino mail with TCP/IP connectiv-
● Two running Lotus ity
Domino mail and other ● Network router connec-
applications tion to Corporate
Western Region Three departmental serv- ● LAN connections

ers: among all servers
● One running only ● Lotus Domino server
Lotus Domino mail with TCP/IP connectiv-
● Two running Lotus ity
Domino mail and other ● Network router connec-
applications tion to Corporate

The following graphic illustrates the environment.

Note: The written questions for this exercise are similar to the format used in the
IBM Software Services for Lotus Certification exams.
Step Action
1. Which of the following numbers of NNNs would be appropriate for World-
wide’s deployment?
a) One
b) None
c) Two
d) Three
2. Which one of the following hierarchical naming levels would best organize
the servers and users?
a) Country
b) Organizational unit
c) ID
d) ACL
3. If there is more than one NNN, then which one of the following is the best
mechanism to route mail from server to server?
a) Program document
b) No action required
c) Connection document
d) Configure a gateway
4. If high speed lines connect all Worldwide’s systems, which one of the fol-
lowing would be the most appropriate mail routing topology?
a) Mixed
b) Peer-to-peer
c) Ring
d) Hub-and-spoke
5. Circle and label the appropriate number of NNNs.
6. Draw lines between servers in which mail will route automatically.
7. Draw lines between servers to represent a Connection document to route
mail on a schedule. Use arrows to indicate the direction in which mail will
route. Draw as many lines as will be Connection documents.

Lesson Summary
In this lesson, you described mail transfer protocols supported by IBM Lotus
Domino. Understanding the NRPC and SMTP mail transfer protocols can
help you administer mail routing for your organization.

5 Examining IBM® Lotus®
Domino® Replication
■
■
Topic A: Introducing IBM® Lotus® Domino® Replication
Topic B: Designing a Replication Strategy

Lesson 5 ■ Examining IBM® Lotus® Domino® Replication
Introduction
The Lotus Domino Directory is the central database in the IBM® Lotus®
Domino® domain, and exists on every server in the domain. Likewise, there
are other databases that Lotus Domino uses to function properly, such as
the Certification Log and Administration Requests database, that need to be
synchronized on all servers in the domain. A process called Domino Repli-
cation keeps the Domino Directory synchronized on all servers in the
domain.
Additionally, users in the Lotus Domino environment use databases to col-
laborate and exchange information. These databases can reside on
geographically dispersed servers and also need to be synchronized so all
users have access to the same information.
● Identify how replication works.
● Design a replication strategy.

A Topic A: Introducing IBM® Lotus®

Domino® Replication
What is Domino Replication?

Replication is the process of synchronizing documents from the same data-
bases on different workstations or servers over time. Replication enables
exchanging modifications between special copies of databases called
replicas.
Components of the Replication Process

The following table describes the terms used for replication.
Term Definition
Replicator The Replicator is a server task that is loaded, but not initi-
ated, at server startup. The Replicator pulls data from, or
pushes data to, another server.
Replica ID The unique value assigned to a database when it is first

created. Replicas of the same database share the same rep-
lica ID. The Replicator looks for databases with the same
replica ID to synchronize.
The replica ID is found on the tab in Database
Properties.
Note: A database copy does not share the same replica ID

as the original database. Only database replicas share the
same replica ID.

Term Definition
Unique Notes The unique value assigned to a document when it is first
Identification saved. The Replicator looks for documents with the same
Number (UNID) UNID to synchronize.
The UNID is found on the tab in Document
Properties.
Replication His- A list of dates and times when two servers or a server and
tory workstation successfully replicated. The Replicator uses Rep-
lication History to determine which documents are new,
changed, or deleted since the last time the two databases
replicated.

The Server-to-Server Replication Process

The following figure shows how replication works using a replication type
called Pull-Pull, where both servers share the workload.
East01 initiates Pull-Pull replication with West01. In this example, Pull-Pull is
accomplished by configuring Pull Only replication on both servers.
Replication Tools
Administrators use the following methods to initiate server-to-server
replication.
Tool Usage
Connection document Used to schedule replication between
two servers
Server console Used to force replication between two

servers
The Workstation to Server Replication Process

Since the workstation software does not have a Replicator, it is the worksta-
tion software itself that reads changed documents from the application the
server and writes those changes to the local replica. The workstation also
pushes its changed documents to the application on the server. The server’s
Replicator is not involved in workstation-to-server replication.
As with server-to-server replication, the ACL, design, and document
changes are distributed based on server, database, and document settings.

Database Replicas
Lotus Domino makes it easy to collaborate with others by allowing users to
work in database replicas that are located in geographically dispersed serv-
ers or on local workstations with Domino replication keeping those
databases synchronized.
Manager access to local replicas

The user can be permitted Manager access to a local replica of a database
resulting in the user being able to make any number of changes to the local
replica. However, additions, changes, and deletions to notes in the database
will replicate back to the server based on the ACL of the database on the
server.
For example, if a user has Reader access to the server replica, no changes
made to the local replica will replicate back to the server replica.
The Database Replication Process

The following table describes how information in applications is kept
updated on all servers during replication.
Stage Description
1 The Replicator compares its list of applications with the called serv-
er’s list of applications to determine which application they have in
common.
2 Working on one application at a time, the initiating server builds a

list of ACL, design, and document modifications that have occurred
since the last time these two servers replicated.
3 The Replicator pulls (reads and writes) ACL and design and docu-
ment changes, based on permissions set in each server,
application, and document.
4 Upon completion of replication with the first application, the

Replicator updates the replication history for that application and
moves on to the next application in common. It repeats Stages 2
and 3.
5 When the initiating server has replicated all application in common

with the called server, the Replicator will tag the called server’s
Replicator to repeat the same process in the other direction.

The Field Level Replication Process

Field-level replication is the process of copying only fields that have
changed since the last time the two databases replicated.
If the target document is unchanged, the Replicator uses field-level replica-
tion by default and copies only the source document’s changed fields to the
target document. Field-level replication occurs automatically without any
intervention from the administrator or database designer.
The following figure shows that only the changed field containing X is
replicated.
Benefits of field-level replication

Field-level replication reduces:
● Replication time. Only fields that have changed are copied, instead of
the entire document.
● Network traffic, provided large fields in the document have not changed.
● The number of replication conflicts, when different fields on the same
form have been edited on different servers.
The application designer can reduce replication time by designing applica-
tions with field-level replication in mind. Large fields that will be edited
frequently might be better broken up into many smaller fields.

Factors that Affect Replication

There are any number of factors that may cause applications to not repli-
cate as desired. Security settings may prevent a server from authenticating
with another server or prevent access to the application to replicate the cor-
rect documents. As seen in the last section, the replication schedule and
selected replication type are critical to successful replication.
The following table summarizes some of the factors that affect if and how
data transfer occurs during replication of Lotus Domino applications. Con-
sider these factors when setting up or troubleshooting replication issues.
This is not an exhaustive list of factors that affect replication.
Factors Potential Problem

Replication schedule Incorrect information in the Connection document can
prevent replication. For example, an incorrect server
name.
Replication type Incorrect replication type can prevent bi-directional

replication.
Server access list If the initiating server is not allowed access to the
called server, replication stops.
Authentication Servers that do not have a certificate in common can-

not authenticate, and replication will not occur.
Replica ID Applications that do not have the same replica ID can-

not replicate.
Replication Settings A database where replication has been temporarily dis-

abled cannot replicate.
Access Control List If the called server does not have the appropriate appli-
cation ACL access on the initiating server, some
application elements might not replicate correctly.

Activity 5-1: Create a Local Replica and Test

Replication
Scenario
Worldwide employees need to work in a local replica of an application when
they are out of the office and disconnected from the network. As an adminis-
trator, you should be able to create a local replica of an application from the
server for remote employees to use while they are out of the office.
Follow these steps to create a local replica of the Marketing TeamRoom
application from Hub/SVR/WWCorp, add a document, and replicate the
changes to the server.
Step Action
1. From Lotus Domino Administrator, select the Files tab.
2. Open the Marketing TeamRoom database from the list.
3. Choose File→Replication→New Replica.
4. Make the following selections:
● Select Local from the list of servers.
● Accept the default path and file name.
● Expand Replication settings and if necessary, select Create
Immediately.
● Click OK to create the replica.
5. Create a document in the new local replica database.
a. Open the local copy of Marketing TeamRoom.
b. Expand Team Documents and click By Date.
c. Click New Document.
d. Type a subject for the new document.
e. Click Save and then click Close.
6. Choose File→Replication→Replicate.
7. Select Replicate with options and click OK.
8. Verify that Hub/SVR/WWCorp is in the with text box, and click OK twice.
9. Open the Marketing TeamRoom application on Hub/SVR/WWCorp to
verify your document was added.

B Topic B: Designing a Replication

Strategy
Types of Replication Topologies

Topologies establish which servers are connected and how they communi-
cate specific information. It is critical to carefully plan a replication topology
to ensure that Lotus Domino functions properly and that users have access
to the information they need in a timely manner.
A topology could specify replication between hub and spokes, server-to-
server, or any combination that works for the organization. The following
table describes each topology.
Topology Advantages Disadvantages

Hub-and-spoke ● Easy to set up and ● Hub server must be
One central server (hub) add servers. powerful.
initiating mail routing
● Better security. ● If no backup to the
and replication to spoke
● Centralized hub, replication and
servers.
management. mail routing stop.
● Minimizes network
traffic.
● Highly scalable –
allows for expansion
and growth.
Peer-to-peer ● Management of all ● Less centralized.

Each server initiates connections is local. ● Requires more Con-
connections to each
● Easy to manage nection documents.
other (also called Full
fewer servers. ● Increases administra-
Mesh).
● Decreased potential tion of replication
for replication schedules.
problems.

Topology Advantages Disadvantages

End-to-end Fewer Connection docu- ● If one server in the
ments to maintain than sequence is down,
some other topologies. replication throughout
the domain stops.
● Replication from the
source server to the
destination server
could take a signifi-
cant amount of time.
Hybrid Information is kept ● Most complex to set

Combination of other up-to-date because up and manage.
topologies. databases are replicat-
● May require more
ing between several
disk space.
servers.
The following figure illustrates hub-and-spoke topology.
Figure 5-1: Hub-and-spoke topology

The following figure illustrates peer-to-peer topology.
Figure 5-2: Peer-to-peer topology

The following figure illustrates end-to-end topology.
Figure 5-3: End-to-end topology

Server Replication Types

The following table describes server-to-server replication. The compound
replication types available are given in the first two entries of the table. The
last two entries are simple replications. Together, the four types make any
replication topology possible.
Replication Description Number of

Type Required Con-
nection
Documents
Pull-Pull Each server’s Replicator does the work 1
and pulls data from the other, writing
changes in its own applications.
Pull-Push The initiating server’s Replicator pulls 1

changes from the called server and then
pushes data to the called server; only the
initiating server’s Replicator does the
work, writing in both servers.
Pull Only The initiating server’s Replicator does the 2

work and pulls data from the called
server.
Push Only The initiating server’s Replicator does the 2

work and pushes data to the called
server.
Replication versus Routing Topologies

Different mail and replication topologies may be required within the same
organization due to special needs for either routing mail or replicating
applications. Stress that the needs for both mail routing and application rep-
lication should be considered to ensure the most optimum topology.
Note: The same topology may be used for both mail routing and replication.
Considerations for Choosing a Replication Type

Choose the best type of scheduled replication for the company’s needs,
based on the nature of the application and the time of day replication is
scheduled. For example, if the hub replicates with each spoke during the
night, the hub should push all changes to the spokes in the morning.

How to Design a Replication Strategy

Designing a replication topology will assist you in ensuring that the servers
in a Lotus Notes and Lotus Domino environment are properly connected
and that they communicate the appropriate information.
Below are some guidelines for designing a replication topology.
● Determine the appropriate topology type based on the size and type of
the organization. For example, peer-to-peer, hub-and-spoke, end-to-
end, or hybrid.
● If using hub-and-spoke:
■ Determine the number of hubs and the appropriate system
resources for each hub.
■ Determine if clustering the hubs is necessary.
■ Determine which servers will initiate replication (i.e., which replica-
tion types to use: Pull-Pull, Pull-Push, Pull Only, or Push Only).
■ Determine if you will use server groups.

Lesson Summary
In this lesson, you described the Domino Replication process and it’s
functions. As an administrator, you need to understand how Lotus Domino
uses replication to keep the Domino Directory, the Certification Log, the
Administration Requests database, and user databases synchronized on all
servers in the domain.

Lab 5-1: Develop a Replication Strategy

Scenario
Consider the following to develop a replication strategy:
● The corporate hub should control when and how replication occurs and
handle the entire work load during each session.
● The hub should replicate with one server in each region, which will in
turn replicate changes to all other servers in that region.
● All system databases required by Lotus Domino to function properly
should be synchronized frequently as they are high priority databases.
This includes the Domino Directory, Administration Requests database,
and Certification log.
● Users will need the information in employee databases updated several
times each day.
● A complete replication session should occur regardless of the length of
the connection.

1. Draw lines on the diagram below showing how Worldwide Corporation’s

servers will replicate. Indicate the replication type for each connection.

6 Extending the IBM® Lotus®
Domino® Environment
■
■
Topic A: Selecting Additional IBM® Lotus® Domino® Services
Topic B: Implementing IBM® Lotus® Domino® Scalability Features
■ Topic C: Integrating Other IBM® Products

Lesson 6 ■ Extending the IBM® Lotus® Domino® Environment
Introduction
An organization can extend the IBM® Lotus® Domino® environment with
various services, tools, and software products. These additions can enhance
and expand the services available to the user community.
● Identify additional IBM Lotus Domino services.
● Identify Domino scalability options.
● Identify other IBM server types that might be incorporated into a
Domino environment.

A Topic A: Selecting Additional IBM®

Lotus® Domino® Services
Domino Standard Services

An IBM® Lotus Notes® and IBM® Lotus® Domino® environment can support
many other applications and functionality by taking advantage of additional
standard supplied services.
Some of the additional services available for a Lotus Domino server envi-
ronment are listed in the following table.
Service or Task Definition Description

Internet services:
● HTTP ● Hyper Transfer Proto- ● Supports the Internet
col protocol used to
transfer files from one
computer to another
for Web browser
access.
● LDAP ● Lightweight Directory ● Allows connection to
Access Protocol and from Internet
standard directories.
● Post Office Protocol ● Supports users run-
● POP3 Version 3 ning POP standard
clients for mail.
● Allows clients to
● Internet Mail Access retrieve mail from a
● IMAP Protocol host mail server also
running the protocol.
IMAP is similar to
POP3 but has addi-
tional features.
DECS Domino Enterprise Con- Allows real-time back-

nection Services end connectivity
between Lotus Domino
and external systems to
support application and
application access to
non-Lotus Domino infor-
mation and data.

Topic A: Selecting Additional IBM® Lotus® Domino® Services
Domino Internet Security Mechanisms

When using Lotus Domino connected to the Internet, there are additional
options to secure the Lotus Domino servers and services available to the
community.
The following table describes some of the Internet security settings available
with Lotus Domino.
Security Definition Description and Benefits

Option
SSL Secure Sockets Security protocol that provides communi-
Layer cations privacy and authentication for
Lotus Domino server tasks that operate
over TCP/IP. SSL offers these security
benefits:
● Data is encrypted to and from clients,
so privacy is ensured during
transactions.
● An encoded message digest accompa-
nies the data and detects any
message tampering.
● The server certificate accompanies
data to assure the client that the server
identity is authentic.
● The client certificate accompanies data
to assure the server that the client
identity is authentic. Client authentica-
tion is optional and may not be a
requirement for your organization.
S/MIME Secure Multi- A protocol used by clients to sign mail

purpose Internet messages and send encrypted mail mes-
Mail Extensions sages over the Internet to users of mail
applications that also support the S/MIME
protocol. S/MIME benefits include:
● Encrypted mail messages cannot be
read by unauthorized users while the
message is in transit.
● Electronically signed messages show
that the person who signed the mes-
sage had access to the private key
associated with the certificate stored in
the signature.

Security Definition Description and Benefits

Option
CA Certificate A certificate authority (CA), or certifier, is
Authority a trusted administration tool that issues
and maintains digital certificates. Certifi-
cates verify the identity of an individual, a
server, or an organization, and allow them
to use SSL to communicate and to use
S/MIME to exchange mail. Certificates
are stamped with the certifier’s digital sig-
nature, which assures the recipients of
the certificate that the bearer of the certifi-
cate is the entity named in the certificate.

B Topic B: Implementing IBM® Lotus®

Domino® Scalability Features
Scalability Options
When implementing or supporting a Lotus Domino installation, it is important
to consider the performance and scalability of the available hardware. Lotus
Domino offers options to maximize usage of CPU power, memory, and disk
space on high powered systems. The following table describes these Lotus
Domino options.
Service or Description
Task
Clustering A Lotus Domino cluster is a group of two or more servers
that provides users with constant access to data, balances
the workload between servers, improves server performance,
and maintains performance when you increase the size of
the Lotus Domino environment.
Partitions Enable running multiple instances of the Lotus Domino

server on a single computer.
Lotus Domino Clusters

A Lotus Domino cluster is a group of two to six servers that:
● Are on a high-speed LAN.
● Are on the same Lotus Domino Named Network.
● Are in the same Lotus Domino domain and share a Lotus Domino
Directory.
● Run the TCP/IP network protocol.
● Contain application replicas.
● Use a dedicated network adapter for cluster-to-cluster traffic.
For more information on Lotus Domino clusters, refer to the Lotus Domino
Administrator 8 Help topic Clusters.

Benefits of Clustering
The following table lists some of the benefits of using a cluster.
Benefit Description
High availability of Automatic redirection of user requests to available
applications servers. This failover capability provides consistent
access to critical applications, even if one server is
down for maintenance.
Workload balancing User requests to heavily used servers are redirected

to other cluster members.
Scalability Administrators can:

● Add cluster members.
● Add application replicas.
● Reallocate users across the cluster.
Data synchronization Cluster replication maintains current data across

replicas.
Ease of upgrade and Software and hardware upgrades on one cluster

migration member do not affect other members.
System backup Cluster member can act as server backup for critical
data. Clustering does not take the place of backup.
At least one server in the cluster must be backed up
to tape, as well as other servers that contain unique
files (such as logs).
Lotus Domino Partitions

Lotus Domino server partitioning software allows the creation of a maximum
of six Lotus Domino servers on a single computer.

Partitions:
● Are available with the Lotus Domino Enterprise server.
● Are supported on all Lotus Domino supported operating system
platforms.
● Share Lotus Domino executables.
● Have unique:
■ Lotus Domino data directories.
■ Initialization files (Notes.ini).
● Can be clustered.
Note: Lotus Domino partitions should not be confused with specific operating sys-
tem partitions, which segment system hardware.
For more information on Lotus Domino partitions, refer to the Lotus Domino
Administrator 8 Help topic Partitioned servers.
Benefits of Partitions
Partitioned servers optimize hardware usage. The following table lists some
of the benefits of using partitions.
Benefit Description
Reduce hardware Runs multiple Lotus Domino servers on a single
expenses computer.
Minimize the number of Easier to administer a single server than multiple

administered systems servers.
Maximize usage of high- More efficient use of hardware. For example, you
powered systems can purchase a single, more powerful computer
and run multiple Lotus Domino servers on the
single machine.
Are very effective in differ- ● Separate servers for individual customers.

ent domains
● Support multiple Web sites.
Add scalability Running partitioned servers from the same domain

on a multi-processor computer can improve perfor-
mance because the computer simultaneously runs
certain processes.

C Topic C: Integrating Other IBM®

Products
Sametime
Leveraging a mix of Web technology, IBM® Lotus Notes® technology, and
T.120 data-conferencing technology, IBM® Lotus® Sametime® provides an
environment where users can participate in interactive conversations and
meetings within online communities.
The Lotus Sametime server supports several types of real-time communica-
tion:
● Users can participate in instant chat sessions with other online partici-
pants through the exchange of text as well as using audio and
videobased information in real time.
● Users can transfer files in an instant or scheduled meeting.
● Users can collaborate in real-time meetings using the Web
Conferencing interface with advanced organizational collaboration that
includes instant polls and reach out to a community of experts.
● Users can participate in broadcast style meetings where many users
can tune to a meeting and watch it without interaction.
● A community of users to collaborate in real-time through presence and
instant messaging server applications.
Note: Lotus Sametime is an integrated installation option and cannot be

unchecked when installing the Notes 8 client.
IBM DB2
IBM Lotus Domino offers the ability to store, protect, and manage mission
critical Domino collaborative application data in a robust, enterprise class
IBM DB2 relational data store.
The following table describes some of the basic DB2 terminology.
DB2 term Description

Instance DB2 code that manages data. It controls what
can be done to the data, and manages sys-
tem resources assigned to it. Each instance is
a complete logical database server
environment. Each Domino server uses its
own instance for DB2 data.

Topic C: Integrating Other IBM® Products
DB2 term Description

DB2 Administration Server A DB2 process that keeps track of DB2
(DAS) instances. It is automatically created and con-
figured when DB2 is initially installed on the
host computer and is automatically started
whenever the host computer starts.
Schema A collection of named objects. Schemas pro-

vide a logical classification of objects in the
database. A schema can contain tables,
views, nicknames, triggers, functions, and
other objects.
Table A defined number of columns and any number

of rows. Table data is accessed through Struc-
tured Query Language (SQL), a standardized
language for defining and manipulating data in
a relational database, A query is used in appli-
cations of by users to retrieve data from a
database.
Table space The organized parts of a database. A table

space is a place to store tables. All database
and table data is assigned to table spaces.
Relational database A structure that presents data as a collection

of tables. Each database includes a set of
system catalog tables that describe the logical
and physical structure of the data, a configu-
ration file containing the parameter values
allocated for the database, and a recovery log
with transactions.
View A way of representing data without needing to

maintain it. A view is not an actual table and
requires no permanent storage. A “virtual
table” is created and used. A view can include
all or some of the columns or rows in the
tables on which it is based.
WebSphere Application Server

The IBM® WebSphere® Application Server is the implementation by IBM of
the Java 2 Enterprise Edition (J2EE™) platform. It conforms to the J2EE 1.4
specification and provides the runtime environment for enterprise
applications. The WebSphere Application Server supplies application servers
which provide the functions that are required to host applications. It also
provides the ability to define external servers to the administration process.

WebSphere Portal
The IBM® WebSphere® Portal is a J2EE application that runs on
WebSphere Application Server. Its main function is to serve the portal
framework to the desktops and mobile devices of end users. The
WebSphere Portal creates an environment that provides the required con-
nectivity, administration, and presentation services.
The major functional components of the Portal include:
● Security and member services, which provide authentication and role-
based access control to portal resources.
● Page aggregation services to assemble the appropriate markup of the
content that is accessible to the current user in a device-appropriate
and locale-appropriate format.
● A portlet container and services, which provide a rich set of services
allowing portlets to bring rich content and applications to the portal.
The WebSphere Portal consists of middleware, applications, and develop-
ment tools for building and managing secure business-to-business (B2B),
business-to-consumer (B2C), and business-to-employee (B2E) portals.
The WebSphere Portal Platform

IBM WebSphere Portal is part of the WebSphere software platform. The
platform is organized into three areas of functionality.
WebSphere Function
Area
Foundation and For building, running, and deploying applications. The
tools WebSphere Application Server, host integration technologies, and
state-of-the-art development tools form a solid base for the
platform. The foundation and tools provide the Internet expertise
you need, enable you to build and use Web Services, and link
you to a greater technical community of developers and other
WebSphere users.
Business portals For personalizing Web-based content and making it accessible to

any device. These WebSphere products fine-tune your users’
experience and provide road access for your customers, employ-
ees, business and trading partners, and remote branch offices.
The WebSphere Portal is an example of a business portal
because it provides personalization, end user customization of
content, and delivery to multiple device types.

WebSphere Function
Area
Business integra- For integrating internal business processes, including processes
tion that involve IBM Business Partners and customers, WebSphere
offers the WebSphere Integration Developer. This tool is used to
develop the Business Process Execution Language (BPEL) pro-
cedures that run on the WebSphere Process Server. These
procedures simplify the implementation of applications and busi-
ness processes, including supply chain management and the
integration of existing processes with the Web.
Lotus Domino 8 and WebSphere Integration Options

There are a series of administration options that provide a rich integration of
Lotus Domino 8 and WebSphere. These integration options are outlined in
the table below.
Integration option Description

Domino, WebSphere Portal, and ● Integration of monitoring capabilities
WebSphere Application Server inte- and information for extended products
gration
● Ability to monitor WAS from Lotus
Domino 8 and DDM with auto-
discovery
● New SSO token format, LtpaToken2,
added for WebSphere 6.0
interoperability
● Portal and Domino installation
improvements
● Integration of Portal and Domino
administration UIs

Integration option Description

Domino Portal Integration (DPI) Wiz- ● A standalone DPI wizard that is a new
ard integration utility to connect Domino and Portal
● Makes Domino and Portal integration
seamless and painless
● Eliminates over 120 separate configu-
ration steps
● Greatly reduces the time it takes to
configure
● Can be used for separately or
co-installed configurations
● Available with Portal 6.0.1

Lesson Summary
In this lesson, you identified services and options used to extend and
enhance the functionality of the Lotus Domino environment. By using vari-
ous services, tools, and software products to extend the IBM Lotus Domino
environment, you can enhance and expand the services available to the
community.

Lesson Follow-up ■
Follow-up
In this course, you were introduced to foundational concepts needed to per-
form basic administrative tasks in a Lotus Domino 8 infrastructure. In
addition, that knowledge has prepared you to move forward and obtain the
additional knowledge needed for building a Lotus Domino 8 infrastructure or
managing the servers and users that make up a Lotus Domino 8
infrastructure.
What’s Next?
This course is the first in a series of system administration courses. The
material in IBM® Lotus® Domino® 8 System Administration Operating Fun-
damentals provides foundational knowledge needed to administer a Lotus
Domino 8 infrastructure. Once you have completed IBM® Lotus® Domino® 8
System Administration Operating Fundamentals, you can take either Build-
ing the IBM® Lotus® Domino® 8 Infrastructure or Managing IBM® Lotus®
Domino® 8 Servers and Users. The recommended next step in the series is
the Building the IBM® Lotus® Domino® 8 Infrastructure course.
133
Appendix A
The Worldwide
Corporation Infrastructure
Plan
About This Appendix
This appendix provides an overview of Worldwide Corporation’s
infrastructure. It is intended to provide an overall view of the environ-
ment as designed by the planning team. It does not provide details on
specific IBM® Lotus® Domino® functionality.
This document will be continually updated. Administrators should refer to
the Policies and Procedures application on any Worldwide Corporation
server for the latest version of this document.
IBM® Lotus Notes® and Domino is Worldwide Corporation’s global stan-
dard for electronic mail and for developing and deploying groupware
applications.
© Copyright IBM Corporation 2007

Appendix
Appendix A ■ The Worldwide Corporation Infrastructure Plan
Organization Structure
The structure of Worldwide Corporation appears in the following figure.
Figure A-1: Structure of Worldwide Corporation
User Needs
Worldwide Corporation’s users require the following access to applications.
Information Groups Who Lotus Domino Server

E-mail/Communication All Application
Policies and procedures All Web
Product Information: ● Sales Application

● Price list Web
● Customers
● Product catalogue ● Resellers
Customer Information: ● Sales Application

● Customer service Mail
● Support
application Communication
● Distribution
136 © Copyright IBM Corporation 2007

Information Groups Who Lotus Domino Server

Process information: ● Development Application
● Product design Web
● Product management
● Order processing ● Manufacturing
● Sales
Human Resources All Application
Note: User needs were determined by function across all geographies.
Servers By Task
Worldwide Corporation will designate servers to specific tasks based on
Information Groups. The following table lists the servers, associated tasks,
and rationale behind the decision.
Server Type Tasks Rationale

Hub Routes mail and replication Provide easier administra-
applications to and from other tion and maintenance.
hub or spoke servers.
Internet Mes- Provides non-Domino mail ser- Use Lotus Domino server
saging vices, such as: to provide employees with
● POP3 access to non-Lotus
Domino mail files.
● IMAP
● SMTP
● NNTP
● LDAP
© Copyright IBM Corporation 2007 137

Appendix
Server Type Tasks Rationale

Mail Stores users’ mail and applica- ● Provide easier
tions and routes mail across the administration.
intranet and Internet.
● Minimize server proces-
sor load.
● Reduce network traffic.
● Provide predictable
server performance and
grouping of users.
● Allow user access to
applications when mail
server is down.
Application Stores application applications. ● Provide easier

administration.
● Group applications by
usage, replication
needs, and/or security
requirements.
● Allow tuning of server to
optimize performance
and response time inde-
pendent of mail usage.
● Ease expansion by add-
ing new application
servers as usage and
storage needs increase.
Web Provides access to an applica- ● Can place outside the

tion from the Internet or to firewall for Internet
corporate intranet. Can use access.
either:
● Provide employees with
● Lotus Domino Web server access to corporate
● Microsoft IIS information from a
browser.
Servers By Location
Worldwide Corporation will have one Lotus Domino Domain (WWCorp) that
includes all Worldwide Corporation offices. Worldwide Corporation’s Internet
domain name has been registered as WWCorp.com.

Topology
Worldwide Corporation has selected a hub-and-spoke topology for ease of
management and future expansion. Each regional office will have a hub
server and one or more spoke servers. Each site will be set up to run inde-
pendently, although they will be connected to the corporate hub.
Connection documents are required for replication to tell the corporate hub
how and when to communicate with other servers and for spoke servers to
connect to the corporate hub.
Headquarters is the center of the infrastructure and houses the main hub
server, which has high-speed links running to the offices. Each individual
Lotus Domino server is responsible for its own mail routing and replication
events. The hub server is responsible for replication of the critical applica-
tions between all its spoke servers.
The following figure shows the locations and types of servers.
Figure A-2: Server types and locations
The headquarters hub server

The hub server is the administration server for the Worldwide Corporation
domain and replicates the Directory Catalog and the Administration
Requests application to all other Lotus Domino servers within the Worldwide
Corporation domain (WWCorp).
Sales offices and sales representatives will connect to their local regional
hub server using Lotus Notes clients and Internet clients, such as browsers.

Appendix
Customers and vendors will have access through a Web server at

Headquarters.
Notes Named Networks

The regional sites will be logically grouped into Notes Named Networks
(NNNs), since they share a common protocol (TCP/IP) and are constantly
connected.
Grouping the Notes Named Networks this way will ensure that users see
information on their local servers to reduce network traffic.
Each country office has one or more Lotus Domino servers. The following
table shows the countries to be configured and the Lotus Notes Named Net-
works (NNNs) for each country.
Region Code NNN Connect Status

Headquarters HQ WWCorpHQ WAN
East East WWCorpEast WAN
West West WWCorpWest WAN
System Administration
System administration is locally controlled by region, but monitored from the
Corporate office. Administration tasks are controlled by regional
administrators. General policies and guidelines are maintained and distrib-
uted from the Corporate office. Implementation and design changes are
carried out after business justifications are submitted and approved.
All system administrators use the Lotus Domino Administrator and Web
Administrator for all administration tasks.
Domino Domain Monitoring

System Administrators will use Domino Domain Monitoring and the inte-
grated IBM support assistant to proactively monitor the WWCorp Domain.
Network Strategy
Worldwide Corporation’s strategy includes these components:
● Incorporating TCP/IP as their primary network protocol.
● Using a global frame relay network as its global WAN.
● Providing high-bandwidth networking connections to all offices from
Headquarters.
● Upgrading existing server network cards as necessary to meet demand.

Although the WAN is robust and high-speed, Worldwide Corporation does

not want to rely solely on the network. They purchased additional servers
for regional offices to ensure reliability and consistency across geographical
locations.
Directory Strategy
There will be only one Lotus Domino domain (WWCorp) for the entire
Worldwide Corporation Domino environment. The model matches the physi-
cal layout of the Worldwide Corporation WAN. The first configured server
(the corporate hub) will have full administration rights over the entire
domain.
The Lotus Domino Directory will reside on the corporate hub server at head-
quarters, and replicate to each regional hub server. The corporate hub will
create Directory Catalogs, and replicate to regional hubs for use by remote
users. Remote users can keep a local replica of the Directory Catalog on
the client for faster response time and timely encryption of messages.
System administrators will periodically update the Directory Catalog and rep-
licate once a day to hub servers.
Directory access is from:
● Lotus Notes clients
● Web browsers
● Other e-mail and directory clients
Replication Topology
A hub-and-spoke topology will be used for replication. This structure con-
sists of a main hub with two spoke servers, which are the regional hub
servers. Each regional hub server also has its own spoke servers.
The corporate hub server will be the primary hub and share control of repli-
cation with regional hub servers.
Streaming Replication
Connection documents are required for replication to tell the corporate hub
how and when to communicate with other servers and for spoke servers to
connect to the corporate hub. To take advantage of the new streaming repli-
cation feature in Lotus Domino 8, connections between Hub servers will use
the Pull/Pull replication strategy.
Administrators will create Connection documents between the WWCorp
Domain Hub and regional Hub servers using the Pull:Pull strategy. This will
take advantage of the speed of Streaming Replication. It is important to note
that WWCorp employees are not expected to access these servers, so all
Hub servers can share the replication workload.

Appendix
Note: Employees are not expected to access Hub servers.
The following figure shows Worldwide Corporation’s replication topology.
Figure A-3: Worldwide Corporation’s replication topology
Application Types
Types of applications will be separated and reside on different application
servers to isolate problems and simplify management. All applications will
be replicated to the corporate hub for central control and reliability.
Design Note Compression/On Demand Collection Features

In addition new applications will be created using the new Lotus Domino 8
Design Note Compression and on demand Collation features. This will
reduce I/O and space utilization and provide the opportunity to reduce sys-
tem resources.
Database Redirect
Administrators will use database redirect to automatically update client refer-
ences to databases that have been relocated or deleted.

Application Resides on Cor- Replication Policies and

Type porate Schedule Restrictions
Application
Server and...
Customer service All regional appli- Daily during Local languages
application cation servers mutual off-peak and customs,
hours for Lisbon escalation proce-
and regional hub dures
Purchasing appli- All regional appli- Daily during Local languages

cation cation servers mutual off-peak and regulations
hours for Lisbon
and regional hub
Policies and pro- All regional appli- When changes Local languages
cedures cation servers are made and customs
application
Price lists All regional appli- When changes Local languages

cation servers are made and currencies
Catalogs All regional appli- Quarterly, or Local languages

cation servers when changes
are made
Enterprise West application When changes Local languages

Resource Plan- server are made
ning (ERP)
application
Composite appli- All regional appli- When changes Local languages

cations cation servers are made and currencies
Integrated Db2 Technology

Administrators will leverage the speed of Db2 Server Technology while
maintaining Domino security access to data in the Db2 environment.
Mail Routing Strategy

Each region will have its own server that is responsible for local mail deliv-
ery, but will rely on the corporate mail server for inbound Internet mail:
● Simple Mail Transfer Protocol (SMTP) will route mail to the Internet.
● Notes Remote Procedure Call (NRPC) will route mail within the corpo-
rate intranet.

Appendix
The following configuration provides for ease of configuration and optimum

load balancing and failover:
● One Internet domain.
● ISP as a relay host to Internet.
● Regional Domino Named Networks (one for each region).
● The corporate hub is enabled to route external mail using the SMTP
protocol.
● All mail servers have Connection documents and route mail using
NRPC internally.
The WWCorp Domain Hub will be configured to send and receive Internet
mail. Administrators will use whitelists and blacklists to improve mail routing
performance. In addition, Transfer and Delivery Reports will be used to
notify users if their mail is unable to be delivered.
Mail Administrators
Administrators must perform the following tasks:
● Store the Internet domain name in the Foreign SMTP and Global
Domain documents.
● List the inbound mail servers in the Mail Exchange (MX) records in the
Domain Name Service under the domain’s name. Only one is required.
(Note that load balancing for multiple servers is dependent on the algo-
rithm used by the client SMTP system to select a server from the MX
records.)
● Configure complete address lookup or configure local part only lookup
to identify each mail recipient’s mail server so that the router can make
the final delivery.
Mail clients
Initially, all mail users will have Lotus Notes mail files. In the future, some
mail users may use other Internet mail client software. At that time, World-
wide Corporation will set up select Internet POP3 Messaging Servers for
non-Notes mail clients to access mail files on the Lotus Domino server.
Mail monitors and controls

The following mechanisms will be put into place for monitoring and control-
ling mail:
● Automated testing of mail routers
● Mail quotas
● Inbox cleanup
● Mail journaling
● Set options for Mail Recall
● Set options for Out of Office agent

● Reject inbound ambiguous names/deny mail to groups

● Maximum message size for inbound and outbound message set to 10
megabytes
● User restrictions, such as full-text indexing and other Policy Manage-
ment enhancements
Server managed provisioning

Administrators will use the Eclipse Provisioning model to deploy Lotus Notes
8 Client features, components, and composite applications.
Mail routing topology

The following figure shows Worldwide Corporation’s mail routing topology.
Figure A-4: Worldwide Corporation’s mail routing topology
Reverse Path setting for forwarded messages

Administrators will use this function to specify how the mail router handles
delivery failure reports when e-mails are automatically forwarded by an
action in a user’s mail rule. This will reduce inadvertant rejection of legiti-
mate mail by some SPAM filters when automatic mail forwarding is enabled.
Worldwide Corporation Naming Conventions

The following table defines the Worldwide Corporation naming scheme.

Appendix
Organization Compo- Vale Certifier

nent
Organization (O) WWCorp Cert.id
Organizational Units HQ: Headquarters Hq.id

(OU) WEST: West West.id
EAST: East East.id
SVR: All servers Svr.id
Organizational units are based on geographical regions.

The servers’ organizational unit will be used for better control of manage-
ment and creation of servers.
All organizational units and common names are descendants of the organi-
zation certifier /WWCorp.
User Naming
The following table provides user naming conventions.
Type Syntax
Common name for Lotus Firstname Lastname
Domino environment
Internet mail addressing username@WWCorp.com where username

= Firstinitial_Lastname
Server Naming
The following table provides examples for regional server names.
Region Code Server Names (Server Types)

Headquarters HQ HQHUB/SVR/WWCorp (Hub/Comm)
HQAPP01/SVR/WWCorp (Application)
HQMAIL01/SVR/WWCorp (Mail)
East East EASTHUB/SVR/WWCorp (Hub)

EASTAPP01/SVR/WWCorp (Application)
EASTMAIL01/SVR/WWCorp (Mail)
West West WESTHUB/SVR/WWCorp (Hub)

WESTAPP01/SVR/WWCorp (Application)
WESTMAIL01/SVR/WWCorp (Mail)

Naming Examples
The following table provides naming examples for international sites.
If you want to ... Then ...

Create a new server. Use the name XXType##/SVR/WWCorp, where:
● XX is the standard country code.
● Type is the server type, for example, Mail.
● ## is the server number of this type.
For example, the first mail server in Australia might
be: AUMAIL01/SVR/WWCorp
Create a new organiza- Use the standard country code that identifies the
tional unit. location of the organizational unit.
A new organizational unit for Canada might be:
/CN/WWCorp
Create a new user. Certify under the regional organizational unit where
the user works.
A new user named Sara Jones in London would be:
Sara Jones/UK/WWCorp
The corresponding Internet name would be:
Sara_Jones@WWCorp.com
Certifier/ID Management Policy

The following table describes the certifier/ID management policy.
Type Management Policy

Organization certifier ● Corporate system administrators create the O
certifier.
● Corporate system administrators create the OU
certifiers.
● Access is limited to two administrators using mul-
tiple passwords.
● Store IDs in protected areas.

Appendix
Type Management Policy

Organizational unit ● Corporate administrators keep copies of OU
certifiers certifiers.
● OU certifiers are migrated to the CA process.
● Regional administrators use the CA process to reg-
ister users and servers using these OU certifiers.
● Store IDs in protected areas.
Server IDs ● Corporate system administrators create all server

IDs.
● Store IDs on the server.
● Use only for the server.
User IDs ● Regional administrators create user IDs.

● Regional system administrators keep copies of IDs
in a secure application on the regional hub server.
● Use a Certification Log application to track
certification.
● All Certifier IDs have multiple passwords and expi-
ration dates of two years from date of creation.
● Store backups in a secure off-site location.
Key files for Interent ● Using Lotus Domino as a Certificate Authority,

(X.509) Certificates administrators will create X.509 certificates using
the Certificate Authority Application on a workstation
and store the CA key ring on that workstation, not
on the server.
● Do not distribute these files to other administrators
in the organization.
● Store the certificates in a secure off-site location.
● Store in corporate user Lotus Notes ID files.
● Store in trusted LDAP directories (for customers).

Hierarchical Naming for Worldwide Corporation

The following figure shows the organization hierarchy, including currently
planned server names.
Figure A-5: Worldwide Corporation’s organization hierarchy
Remote Access
Worldwide Corporation has determined specific Internet access for remote
employees, vendors, resellers, and customers, based on their needs.
Internet Access
The following Internet access will be used:
● Authenticated access for employees
● Public access Web server for vendors, resellers, and customers, includ-
ing controlled access to servers, applications, and data
The following table describes types of access.

Appendix
Employees Customers Vendors Resellers

X.509 certificates Anonymous Anonymous Authenticated
access to catalog access access through
and public com- outside LDAP
pany information. directories.
Future:
Username and
password access
to information
about their own
orders, for
example, ship-
ping information.
Internet security features

Administrators will use XACL’s to protect against to decipher hashed
passwords. Internet Password Lockout will be used to restrict Internet users
to three login attempts before account lockout.
Remote Users
Users at home offices that do not have direct connections to the WAN can
use an Internet Server Provider (ISP) to access the Lotus Domino system
through a local Firewall server.
Remote users can connect to their mail server through the local Firewall
servers.
Server Configurations and Security

Worldwide Corporation has determined configurations for servers, including
licensing, file structure, and server tasks. Server security has been defined
as group access to servers.
Server Types
The following table lists the server licenses that will be used for each of the
server types.
Server Type Server License Rationale

Lotus Domino Mail and Lotus Domino Messag- To provide Lotus
Internet Messaging ing Server Domino and Internet
servers mail services

Server Type Server License Rationale

Application and Web Lotus Domino Utility To provide custom appli-
servers Server cation applications for
Lotus Notes and Web
clients
Hub server Lotus Domino Enter- To provide the following

prise Server services:
● Clustering
● Partitioning
File Structure
The following table lists the standard file structure on the servers.
Path Contents Description

Domino System files, client files Client files will be
installed for network dis-
tribution purposes.
Domino\data Applications, general Domino system applica-

data files tions that are required
for Domino to function
properly.
Domino\data\critical Applications Critical applications that

require frequent
replication.
Use the standard installation file paths whenever possible to ensure stan-
dardized training and ease of support and troubleshooting.
Note: Store Lotus Domino executables on a separate disk than Domino data for
better performance.
These areas of the Lotus Domino file structure are only accessible to desig-
nated personnel for installation purposes. All other Lotus Domino data is
protected by operating system security and is accessible to Lotus Domino
administrators only.
Configuration Documents
Every Worldwide Corporation server has its own Configuration document.
This ensures that each server configuration can be modified separately and
that there is a log of any changes made.

Appendix
The Lotus Domino configuration application will be used for server setup to
streamline and automate setup.
A Configuration document exists for each server type (for example, hub,
mail, application) and is then distributed to other servers of the same type.
Lotus Domino Tasks by Server Type

The following table lists the minimum requirements for all Configuration
documents.
Domino Server Type Recommended Tasks

Standard services for all servers ● Mail Router
● Replicator
● Indexer
● Agent Manager
● Administration Process
● Event Manager
● Statistics
Mail servers ● Calendar Connector

● Schedule Manager
● HTTP for Web mail
Application servers ● Standard services only, no addi-

tional services
Hub servers ● HTTP, both mail and applications

● SMTP (Headquarters hub only)
Web servers ● HTTP for Web applications
Internet messaging servers ● POP3 and SMTP

● IMAP
● LDAP
● NNTP

Group Naming for Servers

Groups will be used to determine access to servers and for added security.
The following naming convention will be used to identify the location and
type of group:
region[global]descriptionofgroup
For example: HQAdmins or GlobalSales.
Within groups, names are sorted in alphabetical order.
Deny Access Groups

As an added security feature, Worldwide Corporation will use four groups,
which represent access denial to any Worldwide Corporation servers. In
each server restrictions setting, these groups will be added in the Not
access server fields.
The following table describes the four groups.
Group Name Description

Deny Access A-F Denial for people whose surnames begin
with A-F.
Deny Access G-L Denial for people whose surnames begin

with G-L.
Deny Access M-R Denial for people whose surnames begin

with M-R.
Deny Access S-Z Denial for people whose surnames begin

with S-Z.
Before deleting a user from the Lotus Domino system, add the user to one
of these groups. This will ensure immediate denial to any Worldwide Corpo-
ration server.
Note: This is subject to replication of the changes throughout the domain, which will
take no longer than 60 minutes.
Server Configuration Plan

The following table describes the server configuration plan.
Standard Requirement
Application size quotas No application size quotas

Appendix
Standard Requirement
Application names No database naming standards
File system directory structure Standard directory structure, for example:

\Domino\Data\Global\HR1
\Domino\Data\Global\Marketing
\Domino\Data\Local\Marketing
\Domino\Data\Local\Dev1
Groups spanning the entire ● One group for all server administrators,
organization for example: GlobalAdmins
● Groups for specific categories of employ-
ees, for example: GlobalSales
Groups at all sites ● A group for each region, for example:

EastAll (for all Worldwide Corporation
employees in East)
● One group for administrators per region,
for example: WestAdmins (for all server
administrators in West)
Client Configurations and Security

Worldwide Corporation has determined configurations for clients, including
licensing and registration and desktop settings. Client security has been
defined using security policies, including client IDs and certificates and
group access to databases.
Client Licenses
Client licenses will be:
● Lotus Notes Client for most users, all generic IDs, and any contractual
or affiliate accounts.
● Lotus Domino Designer for users who will create, modify, or design
databases.
● Lotus Domino Administrator for system administrators.
Client Deployment
Desktop, registration, and security policies will be used to set up users’
environments.
For Internet mail, account documents will be created locally for each mail
protocol. Mail will be stored in Notes Rich Text format.

Worldwide Corporation will use policy documents to create and update

Location and Connection documents on workstations for dial-up users to
determine where and how to locate the servers.
Client IDs and Certificates

The following table describes the policy regarding client IDs and certificates.
Type Policy
Lotus Notes client IDs ● Certify all IDs using a Lotus Domino
certificate.
● Users responsible for secure or encrypted
information, such as pricing information to
resellers, will hold an Internet (X.509)
certificate.
● Stored on workstations for all users and
encrypted locally.
● Copies are kept in a secure location by
regional as well as corporate
administrators.
Internet client browsers ● Accept CA certificate as a trusted root.

● Store internal signed client certificates for
access to secure information.
Longer Encryption Keys

Administrators will use the Lotus Domino 8 Certifier Key rollover to upgrade
user, server, and certifier ids taking advantage of the new 2048 bit encryp-
tion for users and servers, and 4096 bit keys for certifier ids.
File Storage
Client-based data files, such as IDs, Notes.ini, and *.dsk, will be stored on
the workstation for all users and encrypted locally.
Implementing the Deployment Plan

Complete these tasks to implement the Lotus Notes and Lotus Domino
components of the Worldwide Corporation deployment plan.
Task Procedure
❒ 1 Set up the first server.

Appendix
Task Procedure
❒ 2 Add an administrator’s workstation.
❒ 3 Set up access to the Lotus Domino Directory.
❒ 4 Add Lotus Domino servers.
❒ 5 Add Organizational Units.
❒ 6 Register administrators.
❒ 7 Add Lotus Notes clients.
❒ 8 Create user groups.
❒ 9 Create organizational policy.
❒ 10 Register users.
❒ 11 Set administration preferences.
❒ 12 Set up access to servers.
❒ 13 Set up server logging.
❒ 14 Synchronize Lotus Domino system databases throughout the

domain.
❒ 15 Route mail internally.
❒ 16 Route mail to the Internet.
❒ 17 Set mail controls.
❒ 18 Test mail routing and delivery.

Appendix B
Encryption and Signing
What Is Encryption and Signing?
A key is a set of numbers that allows access to data using methods that
are coded in IBM® Lotus® Domino®. A key is used to encrypt data, then
a key (either the same key or a different key) is used to decrypt the
data.
Types of Key Systems

There are two types of key systems used in Lotus Domino: a single key
encryption system and a dual key system. The following table defines
both key systems.
Key System Description Example

Single keys A single key makes data secret by Network
encrypting and decrypting using the encryption
same key. In order to decrypt, the user
must have access to the key used to
encrypt. In Lotus Domino, the single
key method is used in both field-level
encryption and network data
encryption.

Appendix
Appendix B ■ Encryption and Signing
Key System Description Example

Dual keys ● A dual key system uses two differ- Mail encryption
ent keys for encryption and
decryption. The keys are referred to
as private and public. Either one
can be used to encrypt data, and
the other one is used to decrypt the
data. Keys are also stored in the
Person document of the Lotus
Domino Directory.
● Lotus Domino uses the RSA
Cryptosystem technology for dual
key encryption. RSA keys come in
pairs: one public and one private.
RSA is an internationally recognized
standard for key encryption. It is the
de facto standard in Europe, and is
currently being considered for adop-
tion as the U.S. standard.
Public and Private Keys

The private key is available to one owner (person, server, or certifier). It is
contained in the owner’s ID file.
The public key is available to everyone. It is stored in the owner’s ID file
and recorded in the Lotus Domino Directory.
When data is encrypted by the public key, only the private key can decrypt
it.
Signing
Signing is used when the recipient of data wishes to verify the data has not
been tampered with. Important messages, such as authorizing release of
funds, should always be signed to verify authenticity.
Signing does not prevent tampering, but it does tell the recipient if tamper-
ing has occurred. If the message has been compromised, a message such
as Document has been modified or corrupted since signed displays in
the status bar.

Signing Example
Signing: The message data is signed with the sender’s private key. The sig-
nature is appended to the message along with the corresponding public key
and all of the sender’s certificates.
Verification: To verify the signature, the recipient uses the certificates to vali-
date the sender’s public key, which is then used to verify the signature.
If the recipient cannot validate the certificate, signature validation fails when
the recipient attempts to read the message.
Signing is also used in applications to track user edits to documents.
Signing Analogy
Signing is a very old concept. In medieval times, a king needed a way to
get secure messages to his knights. He used a secret seal that a knight
would examine before he left. There was only one seal and the king had
possession of it (sometimes it was a signet ring).
When the king would send secure messages, he would write the message,
seal it with wax, and press the seal into the wax. When a knight received
the message, he examined the seal to verify it was the king’s. If the seal
was not broken, he had the assurance that the message was really from the
king.

Appendix
How Security System Mechanisms Work

The following figure describes how Lotus Domino uses keys to encrypt and
sign data.
Figure B-1: Encryption and decryption in Lotus Domino

The following table lists the security types.
Security Type Relevant Points Example

Single key ● Both keys are exactly the same. Field encryp-
tion
● This mechanism is a shared secret.
● All entities owning the key can encrypt
and decrypt data.
Dual key The keys are different and they work Outgoing mail
together. encryption
Signing ● The sender’s private key is used to Signing a

encrypt a hash of the document to cre- document
ate a signature.
● The signature is validated by using the
public key from the directory.

Appendix C
Extend IBM® Lotus®
®
Domino Software
Extend IBM® Lotus® Domino® Software
IBM® Lotus® Domino® software offers software that can add functionality
to an existing Lotus Domino infrastructure. These add-ons greatly
enhance the capabilities of Lotus Domino and provide specific solutions.
These solutions can be categorized as:
● Connectivity extensions
● Application extensions
For additional information on any of these products, refer to the IBM
Lotus software listings or the Lotus Web site at www.lotus.com.
Domino Connectivity Extensions

The following table lists some of the available products to extend IBM®
Lotus Notes® and Lotus Domino for Web, remote, and mobile access.

Appendix
Appendix C ■ Extend IBM® Lotus® Domino® Software
Add-on Definition Description and Benefits

DUCS Lotus Domino ● Unified Messaging represents the conver-
Unified Com- gence of voice mail, e-mail, and fax so that
munications all messages are stored in a single location
Services and can be accessed from a variety of
devices, including telephones and PCs.
● Unified Communications (UC) takes Unified
Messaging a step further by extending mes-
sage access to additional devices and
technologies, such as mobile phones, pag-
ers, personal digital assistants (PDAs), and
browsers. In addition, UC provides notifica-
tion features that will alert subscribers in
different ways when they receive a mes-
sage that meets certain criteria.
● Lotus has formed partnerships to deliver
complete solutions. DUCS provides the plat-
form and these key services on which
partners can build Unified Communications
solutions that use Lotus Domino as the Uni-
fied Message store.
IBM® Allows the use of a Personal Digital Assistant

Lotus® (PDA) to:
EasySync® ● Create new mail messages.
Pro
● Schedule meetings.
● Update a to-do list.
Users can choose exactly which information

they want to upload to their desktop by map-
ping fields from Lotus Notes to a handheld
device.
EasySync works with the following devices:
● IBM WorkPads
● Palm OS computing devices
● Windows CE/Pocket PC
Lotus Domino Application Extensions

Software available to enhance the Lotus Domino application tools and ser-
vices are listed in the following table.

Add-on Definition Description and Benefits

Lotus Composed of: LEI is a server-based data distribution
Domino ● Lotus Enterprise product that the enables high-
Enterprise Integrator 6 (LEI performance, scalable exchange of data
Integration® 6) between Lotus Domino and a large num-
ber of host and relational applications,
● Lotus Enterprise
including:
Solution Builder
(ESB) ● IBM® DB2®
● Lotus Connec- ● Oracle
tors ● Sybase
● OLE-D
● Text
● ODBC data sources
● ERP applications
IBM® Lotus® Lotus Domino Enterprise-level document control and

Domino® Document Man- management system for business docu-
Document agement ments and corporate information. It
Manager supports all key document management
features, including:
● Check-in/check-out
● Versioning
● Full-text search across all managed
content
● Audit trails
● Profiling
● Multi-level versioning
● Change notification
Lotus Stand-alone application development tool

Workflow that works on top of Lotus Domino to
provide the ability to develop, manage,
and monitor business processes.
Adding to the Lotus Domino Environment

Along with software to add functionality to a Lotus Domino implementation,
there are several IBM Lotus software packages that can be added to any
environment to improve an organizations communication and collaboration.

Appendix
Additional IBM and Lotus Products

The following table lists some of the additional products available from IBM
Lotus software. For additional information on any of these products, refer to
the IBM Lotus software listings or the Lotus Web site at www.lotus.com.
Software Description
® ®
IBM Lotus Supports immediate communication for users within an organi-
Sametime® zation through secure text messaging, audio and video, or full
collaborative meetings.
The Lotus Sametime family includes:
● Lotus Sametime server
■ T-120 compliant and works with Microsoft NetMeeting
■ Works with any browser or with Lotus Notes
■ Has audio and video capabilities to enhance online
meetings
● Lotus Sametime Connect client
● A range of Application Developer Tools
IBM® Lotus® Self-service Web tool for team collaboration. Users can create
QuickPlace® a secure and central workspace on the Web structured for
immediate participation, for teams to:
● Coordinate – people, tasks, plans, and resources
● Collaborate – share ideas and discussion, resolve issues,
co-author documents, exchange files, manage due dili-
gence
● Communicate – actions and decisions, key findings and
lessons, publish knowledge captured to a broader base of
readership
Lotus QuickPlace is available on five platforms and in fourteen
languages. Uses include:
● Project management
● Rapid response to ad-hoc initiatives
● Team Web sites
● To facilitate discrete business processes that span the
extended enterprise and value chain
IBM® Lotus® IBM Lotus Quickr is team collaboration software that helps
Quickr® you share content, collaborate and work faster online with
your teams -- inside or outside firewall.

Lotus Connec- Collaborative software that combines components to provide
tions connection between people and the work objectives or com-
mon interests. The components of Lotus Connections that
work together are:
● Profiles
● Communities
● Blogs
● Dogear
● Activies
IBM® Lotus® Lotus LearningSpace is an open, Web-based e-learning solu-

LearningSpace® tion to train one group or an entire enterprise with a complete
Management e-learning management and delivery system.
System Lotus LearningSpace is part of IBM Mindspan Solutions, a
family of services and technologies designed to support
e-learning in the organization.
IBM® Tivoli® IBM Tivoli Analyzer for Lotus Domino:

Analyzer for ● Is a performance analysis and management solution that
Lotus® runs within the IBM Lotus Domino 6 Administrator, provid-
Domino® ing the ability to maximize the performance of Lotus
Domino server software.
● Includes:
■ Powerful, predictive analysis tools
■ Intelligent server health monitoring
■ Workload balancing and change management tools
Lotus Compo- IBM® Lotus® Component Designer V6 is a software develop-

nent Designer ment tool that helps developers quickly create new
6.0 applications that provide rich user interfaces and supporting
business logic without writing code. These applications form
the constituent components of the work environment delivered
by IBM WebSphere® Portal Express V6. Previously called
Workplace Designer.

Appendix
Lotus Expedi- IBM® Lotus® Expeditor is IBM’s universal managed client soft-
tor ware to extend composite applications to laptops, desktops,
kiosks and mobile devices and is the follow-on release of IBM
WebSphere® Everyplace® Deployment. It can be used to
extend your IBM Lotus, IBM WebSphere, IBM® Workplace™
or Eclipse™ infrastructures to a managed client environment.
An alternative to Microsoft®.NET client software, Lotus Expe-
ditor provides the flexibility that comes from service oriented
architecture (SOA) and a standards-based programming
model from the OSGi™ Alliance and the Eclipse Foundation.
Lotus Mobile IBM Lotus® Mobile Connect software is a communications

Connect software platform to help enterprises provide a mobile virtual
private network (VPN) that encrypts data over wireless and
wired network connections. The software (the follow-on
release to WebSphere Everyplace Connection Manager) helps
you efficiently extend your existing instant messaging and
enterprise applications to mobile workers.
Lotus Orga- IBM Lotus Organizer 6.1 is an electronic day planner with tabs
nizer 6.1 for each section and pages that turn. You can quickly see all
your calendar, contacts, to do’s, calls, notes, Web information
and more at a glance. No more looking for sticky-note remind-
ers or lost scraps of paper. It’s all there, right before your
eyes.
Lotus Collaboration across time zones and locations has never been
Sametime easier -- or faster. IBM Lotus Sametime software helps you
Enterprise keep pace with your real-time work environment with market-
Meeting leading, award-winning enterprise instant messaging and Web
Server conferencing capabilities.
Lotus Lotus SmartSuite delivers powerful desktop tools to the home

SmartSuite and office user. A better value. A better way to work the Web.
Check out our award-winning spreadsheet, word processor,
time and contact manager, presentation software, and
database.
Lotus Team Lotus Team Workplace will allow your end-users to quickly
Workplace establish and participate in virtual communities working
towards a common set of goals, called teams. These teams
can create team workspaces, and start collaborating
immediately.

Lotus Virtual IBM Lotus Virtual Classroom is easy to install and use, allow-
Classroom ing you to quickly and easily develop and deliver just-in-time
training to various audiences - anywhere, anytime. As one
component of the blended learning solution, IBM Lotus Virtual
Classroom integrates with IBM Lotus Learning Management
System, IBM Workplace Collaborative Learning, or with your
existing Learning Management System to protect your current
investments.
Lotus IBM Lotus® Workflow is a stand-alone application develop-

Workflow ment tool that works on top of IBM Lotus Domino® and
speeds the creation and deployment of workflow-oriented
applications. Lotus Workflow allows organizations to standard-
ize and streamline time-consuming, people-based activities
and track their progress. Business processes can be per-
formed more consistently, with fewer errors, because steps
are predefined and documented.
Workplace Cli- IBM Workplace Client Technology Client Administrator extends

ent centralized management capabilities, security features and a
Technology portal-based desktop environment to bank-branch
Client Adminis- workstations. Built using IBM Workplace Client Technology
trator software, the Client Administrator application provides a new
way for IBM, its customers and IBM Business Partners to
develop, deliver and centrally manage end-user applications in
a network-centric computing model.
Workplace Cli- The foundation products and components of the IBM Work-
ent place Client Technology, Micro Edition family are available in a
Technology single package, Workplace Client Technology, Micro Edition
Client Micro 5.7, which provides an integrated platform for the extension of
Edition existing enterprise applications to server-managed client
devices.
● This package provides a platform for the extension of exist-
ing enterprise applications to server-managed client
devices such as desktop computers, laptop systems, per-
sonal digital assistants, (PDAs), and other mobile and
pervasive devices.
● The integrated package combines the tools (WebSphere
Studio Device Developer and Micro Environment Toolkit for
WebSphere Studio), run-times (WebSphere Everyplace
Micro Environment, Service Management Framework, and
WebSphere Everyplace Custom Environment), and
middleware (DB2e, MQe, Web Services) for building, test-
ing, and deploying server-managed client software to
pervasive devices.

Appendix
Workplace IBM® Workplace™ Collaboration Services is a single product
Collaboration that provides a full range of integrated ready-to-use communi-
Services cation and collaboration tools to enable people to do their jobs
more effectively – anytime, anywhere.
Workplace IBM® Workplace Collaborative Learning™ is an enhanced

Collaborative IBM® Workplace™ product and part of the integrated collabo-
Learning rative environment delivered by IBM® Workplace™
Collaboration Services. It provides learning services that help
organizations manage their training programs more efficiently
and integrates learning resources on the desktop. Integration
with other Workplace Collaboration Services capabilities deliv-
ers blended learning experiences and provides students with
enhanced tools such as course discussion areas, document
sharing, web conferencing, and chat rooms.
Workplace IBM WebSphere® Dashboard Framework is a powerful and

Dashboard flexible tool for rapidly building, SOA dashboards for
Framework WebSphere® Portal.
WebSphere Dashboard Framework augments the capabilities
of WebSphere Portal, adding dashboard-specific features,
such as a robust alerting module, hi-fidelity charting.
● By leveraging WebSphere Dashboard Framework, compa-
nies can quickly deploy highly tailored dashboards that
consolidate data and processes from multiple back-end
systems.
● In addition, dashboards built using WebSphere Dashboard
Framework can facilitate problem resolution by enabling
action right from the dashboard. As a result, with
WebSphere Dashboard Framework, companies can help
dramatically reduce their development costs and speed the
time-to-value for their dashboard initiatives.
Workplace Now called Lotus Component Designer 6.0

Designer

Workplace IBM® Workplace™ Documents provides a low cost, standards-
Documents based collaborative document management solution for your
employees. IBM Workplace Documents makes it easy to
collaboratively create, organize and share important docu-
ments and information in a security-rich environment across
the organization.
The product facilitates document reviews and approvals,
versioning, search and private drafts for spreadsheet, presen-
tation, word processing, e-mail, drawing files, project plans
and more – so you can work collaboratively – on demand. It
provides a standard browser interface -- though for a more
feature enhanced ″rich client″ user experience, you can add
IBM® Workplace Managed Client™. IBM Workplace products
provide the front-end to IBM’s service oriented achitecture
(SOA) strategy.
Workplace for IBM® Workplace™ for Business Controls and Reporting helps
Business Con- provide a common platform for companies to easily document,
trols and evaluate and report the status of controls management across
Reporting multiple initiatives in your company.
IBM Workplace for Business Controls & Reporting v2.6 is now
available - improving business foresight with customizable,
self-assessment surveys, more in-depth real-time executive
dashboards and an agreement with the ISACA organization to
license CoBIT.
Workplace for Now called IBM Lotus® ActiveInsight.

Business
Strategy
Execution
IBM Lotus® IBM Lotus® ActiveInsight software is a solution that helps

ActiveInsight organizations define and communicate goals, view real-time
metrics, and take action via composite, role-based dash-
boards and scorecards – thus helping to improve overall
performance. Previously called Workplace for Business Strat-
egy Execution.
IBM Work- IBM® Workplace Forms™ enables easy-to-use, open

place Forms standards-based electronic forms (eForms) that help reduce
inefficiencies inherent to paper-based forms. It provides orga-
nizations across many industries with security-rich electronic
forms that adapt to existing resources and systems, simplify
complex forms, enable business process automation, and help
speed IT development.

Appendix
Workplace IBM Workplace Forms Server 2.7 enables the creation and
Forms Server delivery of XML forms applications. It provides a common,
2.7 open interface to enable integration of e-forms data with
server-side applications using industry-standard XML
schemas.
Workplace IBM Workplace Forms Express V2.6 enables small and

Forms Server medium businesses (SMB) to create a dynamic and intelligent
Express front-end to On Demand Business processes that:
● Automates filling of the forms
● Easily retrieves forms via Web site or e-mail
● Provides a pixel-precise, personalized, and security-rich
solution for the most demanding forms
● Gathers information faster and more accurately with a user-
friendly front-end process to an organization’s systems
● Attaches and files associated documents with forms
● Enables quick approval and sign-off
● Uses built-in wizards to complete forms faster
● Gathers information via browser or rich client viewer
● Provides IT and IBM Business Partners with robust plat-
form for forms data interchange with back-end systems
Workplace IBM Workplace Forms Viewer 2.7 is a feature-rich desktop

Forms Viewer application used to view, fill, sign, submit, and route e-forms,
2.7 and is able to function on the desktop or within a browser.
Workplace IBM Workplace Forms Viewer Express 2.7 is a feature-rich

Forms Viewer desktop application used to view, fill, sign, submit, and route
Express 2.7 e-forms.
Workplace for IBM® Workplace™ for SAP® Software leverages existing SAP
SAP software investments to help improve people productivity by integrating
SAP content with IBM leading collaboration and performance
management technology. SAP and IBM capabilities are com-
bined into role-based, high performance work environments.

Workplace IBM® Workplace Managed Client™ delivers fully integrated
Managed Cli- server-managed collaboration to the end user’s desktop. It
ent provides flexibility and portability of client-side applications,
combined with server-side control and cost savings tradition-
ally associated with Web-based computing -- for the best of
both worlds. IBM Workplace Managed Client capabilities
include online and offline access to messaging, documents,
instant messaging, Activity Explorer, productivity tools, and
data access.
IBM Workplace Managed Client is built on IBM Workplace Cli-
ent Technology, the foundation for next-generation, network-
centric computing. Please contact your IBM sales
representative if you are interested in obtaining the IBM Work-
place Managed Client.
Workplace IBM Workplace Services Express gets any team up and run-
Services ning quickly with team collaboration, document management
Express and an integrated portal.
Featured Capablilites:
● Team Collaboration
● Document Management
● Ready to use
Workplace lBM® Workplace Team Collaboration™ -- part of IBM® Work-

Team Collabo- place Collaboration Services™ -- integrates business instant
ration messaging and presence awareness, Web conferencing, and
customizable team spaces. Workplace Team Collaboration
can help simplify your infrastructure and business processes
while helping bring together team members, increase produc-
tivity, improve customer responsiveness and enable faster and
better decision making. This helps individuals, teams and
entire organizations -- together with their customers, business
partners and suppliers -- to be better informed, more produc-
tive and more efficient. IBM Workplace products provide the
front-end to IBM’s service oriented achitecture (SOA) strategy.

Appendix
Workplace IBM Workplace Web Content Management software offers
Web Content end-to-end Web content management -- content can be cre-
Management ated (using a WYSIWYG rich text editor), managed and
published to multiple Web sites.
● Streamlines content creation, lifecycle and publication
● Helps remove Webmaster/IT bottlenecks
● Publishes information on demand in minutes, not days
● Helps you tailor and personalize content by role or user
preference
● Ensures a consistent, professional look and feel across
multiple sites

Appendix D
Bibliography
About This Appendix
This appendix contains references to documentation, White Papers,
Web sites, Redbooks, and other resources containing information related
to IBM® Lotus® Domino® 8 and IBM® Lotus Notes® 8.
While some of these references were written based on earlier versions
on Lotus Domino and Lotus Notes, the general content and best prac-
tices will, for the most part, be applicable to future versions of this
product as well. Additionally, there may be updated versions of some of
these references written for Lotus Domino 8 and Lotus Notes 8. Refer to
the Web sites listed in the General references section of this appendix
for Web site addresses containing the most up-to-date information.

Appendix
Appendix D ■ Bibliography
I. General references
Consult these references for general information about Lotus Domino 8 and
Lotus Notes 8:
● Lotus Domino Administrator 8 online Help (Hint: Create a full text index
the first time you search, by selecting the Search view and searching
for text strings. To limit the number of documents returned by a search,
use wildcards and Boolean logic. For example, enter a search string
such as mail rules & journal* & quarantine.)
● Lotus Domino Administrator 8 online Help – Glossary view
● Lotus Notes 8 and Lotus Domino Designer 8 online Help
● Lotus developerWorks: http://www.ibm.com/developerworks/lotus
● Lotus Support Services: http://www.ibm.com/software/lotus/support/
● Lotus product documentation: http://www.lotus.com/ldd/doc
● Download and install the IBM Support Assistant (ISA) tool from http://
www.ibm.com/software/support/isa/
● Redbooks: http://www.redbooks.ibm.com
● Release notes for Lotus Notes 8, Lotus Domino 8 and Lotus Domino
Designer 8: http://www.lotus.com/ldd/notesua.nsf/RN?OpenView
● Download the book Inside Notes: The Architecture of Notes and the
Domino Server from: http://www.lotus.com/ldd/notesua.nsf/find/inside-
notes
New Features in Lotus Notes 8 and Lotus Domino 8

Refer to the following Lotus Domino Administrator 8 Help topics:
● What’s new in IBM Lotus Domino 8.0?
Refer to the following articles from the developerWorks Web site:
● New features in Lotus Domino 8.0
● New features in Lotus Notes and Domino Designer 8.0
● All about AutoSave in Lotus Notes/Domino 8
II. Planning and Installation

Consult the following resources for information about planning installations
and installing Lotus Domino 8 and Lotus Notes 8.
Planning
Download the Redbook: A Roadmap for Deploying Domino in the Organiza-
tion from http://www.lotus.com/home.nsf/welcome/redbook.

Platforms and Requirements

Refer to the Release Notes database; (readme.nsf) By Category view; navi-
gate to Installation, migration, upgrade, and configuration
information→Software requirements→Notes and Domino 8 platforms
and system requirements.
Multi-user Installations
Refer to the following Lotus Domino Administrator 8 Help topic: Multi-user
installation
Naming Requirements
Refer to the following Lotus Domino Administrator 8 Help topic: Naming
rules.
License Tracking
Refer to the following Lotus Domino Administrator 8 Help topic: License
tracking.
Server Setup Profiles

Refer to the following Lotus Domino Administrator 8 Help topic:
● Server Setup Profile
■ Creating
■ Silent
■ Using
Clusters
Refer to the following Lotus Domino Administrator 8 Help topic: Clusters.
Partitions
Refer to the following Lotus Domino Administrator 8 Help topic: Partitioned
servers.
III. Users, Groups, and Non-Notes Clients

Consult the following resources for information about users, groups, and
non-Notes clients.
Registering Users
Refer to the following Lotus Domino Administrator 8 Help topic: User
registration.

Appendix
Administration Process
For more information on configuring the Administration Process, refer to the
following Lotus Domino Administrator 8 Help topic: Administration Process
Requesting a Name Change

Users can request a name change via e-mail. The name change is com-
pleted via mail actions by the administrator and the user. For more
information, refer to the Lotus Domino Administrator 8 Help topic Rename
Person.
Delegating Mail Access

For information on delegating mail, refer to the Lotus Notes 8 Help topic
Delegating access to your mail.
Trusted Directories
Web users must be listed in the Domino Directory or a trusted directory in
order to access restricted resources on the Web server. For more informa-
tion on setting up Directory Assistance to authenticate via a trusted
directory, refer to the Lotus Domino Administrator 8 Help topic Directory
Assistance Document.
Managing with Policies

● Creating Policies
● Managing Policies
● Using the Policy Viewer
● Using the Policy Synopsis tool to determine the effective policy
IV. Mail Routing and Administration

Consult the following resources for information about mail routing and
administration.
Mail Routing
Refer to the following Lotus Domino Administrator 8 Help topic: Planning a
mail routing topology.

Shared Mail
For more information on shared mail and unlinking shared mail files, refer to
the following Lotus Domino Administrator 8 Help topics:
● Shared mail overview
● How shared mail works
● Setting up shared mail databases
● Managing a shared mail database
Message Tracking
Refer to the following Lotus Domino Administrator 8 Help topic: Tracking a
mail message.
Mail Journaling
Download the IBM Lotus C API Toolkit for Notes and Domino 8 for more
information on how to combine journaling with third-party archiving tools.
The toolkit is available at http://www.ibm.com/developerworks/lotus/
downloads/toolkits.html.
Mail Controls
Refer to the developerWorks article titled Controlling spam: Advanced SMTP
settings in Lotus Domino.
Calendaring and Scheduling

Refer to the developerWorks article titled New Rooms and Resources fea-
tures in Lotus Notes/Domino 8.
SMTP Configurations
Refer to the following Lotus Domino Administrator 8 Help topic: Sending
mail outside the local Internet domain .
V. Replication
Consult the following resources for information about replication.
Server-to-Server Replication
Refer to the following Lotus Domino Administrator 8 Help topic: Scheduling
server-to server replication.
Replication Types
Refer to the following Lotus Domino Administrator 8 Help topic: Specifying
replication direction.

Appendix
VI. Server Management and Monitoring

Consult the following resources for information about server management
and monitoring.
Color-Coding the Server Console

Refer to the following Lotus Domino Administrator 8 Help topic: Customizing
the appearance of the Domino server console and Domino Administrator
console.
Backup Utilities
For more information on the backup utilities that are available for Domino 8,
refer to the following Web sites:
● Lotus developerWorks
● IBM® Tivoli® Software: http://www.ibm.com/software/tivoli/
Transaction Logging
Refer to the following articles available on the Lotus developerWorks Web
site:
● Assessing the impacts of new transaction logging features
● More on Domino 6 transaction logging
Activity Logging/Activity Trends

For more information about activity logging information, refer to the Lotus
Domino Administrator 8 Help topic The information in the log file.
Automating Server Tasks

Refer to the following Lotus Domino Administrator 8 Help topics for com-
plete details on command line options for the Updall and Compact server
tasks:
● Updall options
● Compact options
Decommissioning a Domain Search server

For more information, refer to the Lotus Domino Administrator 8 Help topic
Decommissioning a Domain Search server.

Server Monitoring
Refer to the following articles on the Lotus developerWorks Web site:
● Start using Domino 6 Server Health Monitoring now!
● Jim Rouleau on Domino 6 server availability
● The new Domino 6 NotesBench workloads: Heavier by request!
● Analyzing system resources with platform statistics
● Ask Professor INI: Agent variables
Domino Domain Monitoring

● DDM probes
● Maintaining the Domino Domain Monitor database
Refer to the Domino Domain Monitoring Redpaper available on the IBM
Redbooks Web site.
VII. Security
Consult the following resources for information about Lotus Domino security.
Securing Certifier IDs

Refer to the following Lotus Domino Administrator 8 Help topic: Assigning
multiple passwords to server and certifier IDs.
Server-based CA
Refer to the following Lotus Domino Administrator 8 Help topic: Domino
server-based certification authority.
Cross-certification
For more information on cross-certification and authenticating with other
organizations, refer to the following Lotus Domino Administrator 8 Help top-
ics:
● Issuing cross-certificates
● Examples of cross-certification
● Adding a Notes cross-certificate for IDs by Notes mail
● Adding a Notes cross-certificate for IDs by postal service
● Adding a Notes or Internet cross-certificate on demand

Appendix
Internet Security
● Security
● SSL and S/MIME for clients
● Setting up an internet certificate authority
VIII. Troubleshooting
Consult the following resources for information about troubleshooting vari-
ous issues.
Error Messages
Look up any error messages on the Lotus Support Services Web site.
Solving Server Access Problems

View the Domino Server Log (Log.nsf) for error messages and problems.
Refer to the following topics in Lotus Domino Administrator 8 Help:
● Checking the Domino Directory for errors that affect server access
● Checking the server ID for a problem that affects server access
Solving Administration Process Problems

Check the following views in the Administration Requests database for pos-
sible reasons the request failed:
● All Errors by Date
● All Errors by Server
● Administration Process – Problems and error messages
● How to troubleshoot the Administration Process
● Administration request messages
Solving Connection Problems

View the Domino Server Log (Log.nsf) for error messages and problems.
● Modems and remote connections – Troubleshooting
● Network connections over NRPC – Troubleshooting
● Network dialup connections – Troubleshooting
From the Lotus Developer Domain Sandbox Web site at http://www.lotus.
com/ldd/sandbox.nsf, download the Notes Connect diagnostic tool, Nping, or
the Java-based diagnostic tool, JPing.

On the developerWorks Web site, refer to the article titled Testing TCP/IP
connection with NotesCONNECT.
If recent changes to a server include host name, IP address, or port names,
it may be necessary to clear some system fields in the Server document.
Refer to the following technotes on the Lotus Support Services Web site:
● How to Disable Server Cache of the Last Known Address
● Where are Server Addresses Cached in Notes and Domino?
Solving Agent Manager Problems

● Tools for troubleshooting Agent Manager and agents
● Agent manager and agents – Problems and error messages
Refer to the Lotus Domino Designer 8 Help topic Security for agents on
servers and the Web.
Refer to the developerWorks article titled: Troubleshooting agents in Notes/
Domino 5 and 6.
Solving Replication Problems

● Tools for troubleshooting replication
● Replication – Problems and error messages
Search for technotes on the Lotus Support Services Web site with the fol-
lowing keywords:
● replication purge interval
● replication database ACL
● replication settings
● replication readers field
● replication history
● replication conflict
Minimizing Replication and Save Conflicts

For more information on document locking, refer to the following additional
resources:
● Document Locking in Lotus Domino Designer 8 Help
● Locking Documents in Lotus Notes 8 Help
For more information on merging replication conflicts, refer to the Lotus
Domino Designer 8 Help topic Forms Properties box -Form Info Tab – Con-
flict Handling.

Appendix
Troubleshooting a Server Crash

Refer to the following developerWorks articles and whitepapers:
● Troubleshooting Notes/Domino Server Crashes
● Troubleshooting Notes/Domino Server Performance
● Notes from Support: Calling Support with a Domino server crash
Also refer to the following Lotus Domino Administrator 8 Help topics:
● How to troubleshoot server crashes
● Server crashes – Problems and error messages
● Fault recovery
Resolving User Workspace and Database Issues

Refer to the following topics in Lotus Domino Administrator 8 Help
● Database performance – Troubleshooting
● Managing databases with the Files tab
● Monitoring database activity
● Determining the file format of a database
● Database maintenance
Additionally, refer to the following topics in Lotus Notes 8 Help:
● Troubleshooting
● Documents resulting from searching for keywords: desktop, error, or
cache
IX. Performance Tuning

For more information on monitoring server performance, refer to the follow-
ing Lotus Domino Administrator 8 Help topics:
● Tools for measuring server performance
● Improving Domino server performance
● Improving Database and Domino Directory performance
● Server.Load

Also refer to the following articles and white papers on the developerWorks
Web site:
● New workloads and features in Lotus Domino 7
● Lotus Domino 7 server performance, Part 1, Part 2, and Part 3
● Lotus Domino 7 performance in production at IBM on pSeries servers
● Troubleshooting application performance: Part 1: Troubleshooting tech-
niques and code tips
● Troubleshooting application performance: Part 2: New tools in Lotus
Notes/Domino 7
● IBM Lotus Domino 7 Performance Improvements
● Rules-of-thumb for monitoring Windows NT/2000 and Domino statistics
X. Lotus Domino Web Server

Refer to the following articles on the developerWorks Web site:
● Lotus Notes/Domino 7 Web Services
● Securing a Lotus Domino Web server

Appendix E
Certification and Exam
Competencies
IBM Software Services for Lotus Training and
Certification
IBM Software Services for Lotus offers training and certification pro-
grams designed to help customers take full advantage of technology
investments to improve business processes.
Lotus software training ensures that individuals get up to speed quickly
and effectively whether delivered in the classroom, on the desktop, or
via distributed learning. For more information on Lotus software training,
please visit http://www.ibm.com/lotus/training.
The IBM Certified Professional for Lotus Software program provides indi-
viduals with a means to benchmark their technical knowledge and
achieve industry recognition, which results in increased business value
to both the individual and their organization. As a member of a highly
regarded certified community, individuals enjoy benefits commensurate
to their certification level. For more information on certification, please
visit http://www.ibm.com/lotus/certification.
Skills Roadmaps are available to guide you on your path to knowledge.
Roadmaps identify courses in their logical sequence to complete a spe-
cific curriculum or certification program. To view Skills Roadmaps for
Lotus, please visit http://www.ibm.com/lotus/trainingroadmaps.
Lotus Professional Certification

Lotus software has robust certification programs in support of IBM Lotus
software and technical skills. For complete information on the Lotus pro-
fessional certification program, visit the IBM Software Services for Lotus
Certification Web page at http://www.ibm.com/lotus/certification.

Appendix
Appendix E ■ Certification and Exam Competencies
Place in certification
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals is
listed as one of the preparation resources for the following exam:
Exam 847 - IBM Lotus Notes Domino 8 System Administration
This exam is part of the path for IBM Certified System Administrator - Lotus
Notes and Domino 8 certification. The complete path is described here:
IBM Associate System Administrator - Lotus Notes and Domino 8
Exam 847 - IBM Lotus Notes Domino 8 System Administration Operat-
ing Fundamentals
IBM Certified System Administrator - Lotus Notes and Domino 8
Successfully pass the following three exams:
● Exam 847 - IBM Lotus Notes Domino 8 System Administration
● Exam 848 - IBM Lotus Notes Domino 8 Building the Infrastructure
● Exam 849 - IBM Lotus Domino 8 Managing Servers and Users
IBM Certified Advanced System Administrator - Lotus Notes and
Domino 8
Exam information not yet available.
Preparing for a Lotus certification exam

Attending this course and using this Student Guide will help you prepare for
certification. Some topics covered on the exam are not covered in this
course and some of the objectives covered in this course are not tested on
the exam. Be sure to follow all the steps listed in order to prepare fully for
the exam.
Step Action
1 Review the exam competencies.
2 Get hands-on experience.
3 Use the exam preparation page.
4 Use all available resources.

Step 1: Review the exam competencies

Review the exam competencies to see the complete listing of possible top-
ics for the exam. Use the competency listing as your checklist to determine
your weaknesses and the areas on which you will want to focus more atten-
tion in your studies and preparation.
You will find the competencies listed in:
● The Exam Competencies Appendix included in this course.
● The Exam Guides located on the IBM Software Services for Lotus Cer-
tification Web page at http://www.ibm.com/lotus/certification.
Step 2: Get hands-on experience

Actual hands-on experience is a critical component in preparing for the
exam. The exam is looking to measure how well you perform tasks, not how
well you memorize features and functions:
● Spend time using the product and applying the skills learned.
● Direct application of the skills learned in this class cannot be replaced
by any other single resource listed here.
Step 3: Use the exam preparation page

The exam preparation page lists resources available for each individual
exam. To find the exam preparation page for this exam, go to http://www.
ibm.com/lotus/certification and use the Select an exam drop-down menu.
Select the exam name and link to the exam preparation page.
Step 4: Use all available resources

We recommend using a range of resources when preparing to take an
exam. The following table describes the types of resources available to pre-
pare for certification exams. For a listing of resources specific to each exam,
use the individual exam preparation page located at http://www.ibm.com/
lotus/certification.
Resource Brief description Where to find resource

Exam guides Complete version Abbreviated version is
includes certification available in the Exam
titles and paths, sample Competencies Appendix
questions, and registra- included in this course.
tion information. Complete version is avail-
able on the IBM Software
Services for Lotus Certifi-
cation Web page at http://
www.ibm.com/lotus/
certification.

Appendix
Resource Brief description Where to find resource

Lotus authorized Offered at Education A complete list of courses
courses Centers for IBM Soft- and education centers are
ware (ECIS) and Lotus on the IBM Software Ser-
education locations vices for Lotus Education
worldwide. Web page at http://www.
ibm.com/lotus/education.
CBT programs Used as an alternate Additional information is

learning tool or supple- available at The Educa-
ment to courses or both. tion Store on the IBM
Software Services for
Lotus Education Web
page at http://www.ibm.
com/lotus/education.
Practice tests Available from a variety Available from the IBM

of vendors. Visit the indi- Software Services for
vidual exam preparation Lotus Certification Web
page to determine what page at http://www.ibm.
practice tests are avail- com/lotus/certification.
able for a specific exam.
Online learning This includes online tuto- See the individual exam
rials and other learning preparation page for rec-
resources. ommended online
learning resources.
Product Documenta- Official Lotus product Additional information

tion documentation. available at http://www-
10.lotus.com/ldd/doc.
IBM Redbooks Technical cookbooks Ordering information is

that address topics that available at http://www.
the reference manuals redbooks.ibm.com.
may not cover.
Preparing for the IBM Lotus Notes Domino 8 System Administration

Operating Fundamentals exam
The following materials are available for the IBM Lotus Notes Domino 8
System Administration Operating Fundamentals exam:
● IBM® Lotus® Domino® 8 System Administration Operating Fundamen-
tals Course
● CertFX Practice Test
● Notes, Domino, and Domino Designer 8 Release Notes
● Lotus Domino 8 Administrator Help

For the most up-to-date resource listing for this exam, visit the individual
exam preparation page. Go to http://www.ibm.com/lotus/certification and
select the exam name from the Select an exam drop-down menu. These
individual pages will give you the most up to date list of resources available.
IBM Lotus Notes Domino 8 System Administration

Operating Fundamentals Exam Competencies
The exam competencies are one tool for preparing for IBM Certified for
Lotus Software exams. The exam competencies along with a complete list-
ing of learning resources are included on the Lotus Certification Web site
available at www.lotus.com/certification.

Appendix F
Instructor Preparation
Preparation Checklist
When preparing to teach this course, consider doing the following:
● Read through the Instructor Guide.
● Perform all activities in the course.
● Perform all demonstrations and activities described in the Instructor
Guide.
● Refer to the Interactive Instructor Guide to get updated information
on the course.
● Refer to the Instructor Lounge to gather useful teaching tips and
techniques that other instructors have used to teach this course.
● Use the information in this section to find additional resources to
further your knowledge of the subject.
● Practice the classroom setup.
Course Strategy
Approach
The business context for this course is small- to medium-sized company
that is using Lotus Notes and Lotus Domino as their basic mail
infrastructure. The course uses the fictitious company Worlwide Corpora-
tion to provide scenarios for installing and setting up the infrastructure.
The company uses a single domain with Lotus Notes mail internally and
SMTP externally. This course assumes a classroom of 12 student
machines. To provide all students with a comprehensive hands-on expe-
rience, we have designed this course so that all students administer
their own servers. To accommodate this, we instruct students to use the
client and server software on the same machine. The Domino server
and Lotus Notes client software supports this configuration provided that
the server and client software is installed in separate directories on the

Appendix
Appendix F ■ Instructor Preparation
machine. While we recognize that this is not an optimal nor a recommended

configuration to deploy in a “real world” environment, we use this environ-
ment in the classroom to provide all students with the experience of
administering their own servers.
Recommended Agenda
The following table shows the recommended agenda for the class.
Time Lessons or Topics

15 minutes Introductions
1 hour, 15 minutes Lesson 1: Introducing the IBM® Lotus® Domino® 8 Envi-

ronment
15 minutes Break
1 hour, 15 minutes Lesson 2: Performing Basic Administration Tasks
1 hour Lunch
1 hour, 30 minutes Lesson 3: Examining IBM® Lotus® Notes® and Lotus®

Domino® Security
15 minutes Break
1 hour Lesson 4: Examining IBM® Lotus® Domino® Mail Routing
45 minutes Lesson 5: Examining IBM® Lotus® Domino® Replication
45 minutes Lesson 6: Extending the IBM® Lotus® Domino® Environ-

ment
CLI Private Site

For more information on how to teach this course, refer to the CLI Private
Site located at http://www.lotus.com/cli.
If you have already registered, enter your user name and password to
access the Instructor Lounge and other private areas of the Web site to gain
additional information for teaching this course.
If you have not registered, visit the Education Zone located at http://www.
lotus.com/educationzone and follow the instructions to register for the
certified community. After registering, you will be able to access the CLI Pri-
vate Site using your user name and password.

Appendix F ■ Instructor Preparation
CLI Certification Requirements

To learn about the requirements for becoming a CLI or to upgrade your cur-
rent certification, visit the IBM Software Services for Lotus Certification Web
site at http://www.lotus.com/certification.

Solutions
Lesson 2
Activity 2-1:
9. How do you know which server is currently active:

Currently selected server name is listed under the tabs.
10. What is the Lotus Domain name for Worldwide Corporation?

WWCorp.
11. How do you display all of the servers in the domain?

Domain bookmark displays the servers in the domain.
Activity 2-2:
3. What is a domain?
A lotus Domino domain is a collection of servers and users that
share common domino directory information.

Solutions
4. What is hierarchical naming?

A system of naming associated with Notes IDs that reflects the relation-
ship of names to the certifiers in an organization. Hierarchical naming
helps distinguish users with the same common name for added security
and allows for decentralized management of certification. The format of a
hierarchical name is: common name/organizational unit/organization/
country code—for example, Pam Tort/Fargo/Acme/CA.
5. What is replication?
The process of exchanging modifications between replicas. Through rep-
lication, Lotus Notes makes all of the replicas essentially identical over
time.
6. What is a user ID?

A file assigned to every user and server that uniquely identifies them to
Lotus Notes and Domino. Similar in function to accessing a bank’s com-
puter using an ATM card.
Activity 2-4:
3. Approximately how much free disk space is there on the Hub server?
Answers will vary depending on your classroom equipment.
Activity 2-5:
33. What information is stored in the Domino Server Log file (log.nsf)?
✓ a) Server activity
✓ b) User activity
✓ c) Replication activity
✓ d) Database activity
34. Where can you view server statistics?

a) Performance tab→Activity Trends
✓ b) Server tab→Statistics tab
c) Server tab→Monitoring tab
d) Server tab→Analysis tab

35. Statistics are available on which of the following tabs?

✓ a) Performance tab
✓ b) Statistics tab
c) Status tab
✓ d) Monitoring tab
Activity 2-6:
8. In the Messaging tab→Mail tab, what information will you be able to

view?
✓ a) Mail information
✓ b) Routing information
c) Shared information
d) Tracking information
9. To view a visual representation of the mail system structure, you would

select which of the following?
a) Messaging tab→Mail tab→Server Mailbox (mail.box)
✓ b) Messaging tab→Mail tab→Mail Routing Topology→By Connections
c) Messaging tab→Tracking Center tab
d) Messaging tab→Mail tab→Mail Routing Topology→By Named Networks
Activity 2-8:
7. Under what other tabs did you see Connection documents?

Messaging tab→Mail tab→Mail Routing Topology section→By Connec-
tions view.
Replication tab→Replication Topology section→By Connections view.
Activity 2-10:
1. What is your Short name?

Depends on user account.
2. Where is your mail file located?

On the Instructor (Hub) server.

Solutions
3. What client platform are you using?

Depends on classroom equipment; appears on Administration tab.
4. On what tab can you find your attached ID?

On all tabs; part of the Person document.
5. How many groups are in the directory?

Depends on classroom configuration.
6. Of how many groups are you a member? (Hint: Use either the Manage
Groups tool or an action button).
Depends on classroom configuration. Show the Find Group Member
action button on the listing pane.
7. What is the total number of mail users on the classroom server?

Depends on classroom setup.
8. What is the instructor’s server title?

Hub/SVR/WWCorp.
9. What routing tasks does the instructor’s server perform?

Mail, Replication.
10. What is the instructor server’s operating system?

Depends on classroom equipment.
Lesson 3
Activity 3-1:
1. Define the term hierarchical naming.

System of naming associated with notes IDs that reflects the relationship
of names and certifiers in an organization. Distinguishes users with the
same common name.
2. What term is defined as a collection of servers and users that share a

single Domino Directory?
Domain.

3. Define the term organization.

An entity that authorizes users and servers to authenticate with one
another. The primary purpose is security.
4. Define the term organizational unit (OU).

Typically, a department or location within the organization.
5. What term is defined as a central application in the Lotus Domino

domain, which contains information about users and servers, and exists
on every server in the domain?
Domino Directory.
6. Define the term Access Control List (ACL).

A list of application users (individual users, Lotus Domino servers, and
groups of users and/or servers) created and updated by a database
manager.
7. What term is defined as uniquely identifying the users and servers to

Lotus Notes and Domino and is assigned to every user and server? It
also contains an electronic stamp created by a certifier.
IDs (user, server, certifier).
Activity 3-2:
1. What is the full hierarchical name for Marcus Frank in HR?

Marcus Frank/HR/West/WWCorp.
2. What is the full hierarchical name for Marcus Frank in Sales?

Marcus Frank/Sales/East/WWCorp.
3. What is the full hierarchical name for Pedro Lopes?

Pedro Lopes/Mktg/East/WWCorp.
4. What is the full hierarchical name for Hub?

Hub/SVR/WWCorp.
5. What is the full hierarchical name for East01?

East01/SVR/WWCorp.
6. What is the full hierarchical name for Gwen Carter?

Gwen Carter/Services/East/WWCorp.

Solutions
Activity 3-3:
1. How should organizational units be divided: geographically, departmen-

tally, workgroup, or by some other criteria?
Geographically. Staff moves between geographic regions are less fre-
quent, so would require less recertification.
2. How many levels of organizational units are needed?

One or two. Try to keep the hierarchy as simple as possible.
3. Should the servers and users be segregated, or kept together?

Segregated. Lotus Domino server management is easier if the servers are
kept in their own organizational unit.
Activity 3-4:
5. What is the first Internet Certificate?

EMAIL=certificate@trustcenter.de/OU=TC TrustCenter class 0 C
Activity 3-5:
3. For the Administrators section, who are the authorized administrators?

LocalDomainAdmins and LocalDomainServers
4. In the Security Settings section, does the server allow Lotus Notes
users to access anonymously?
Yes
✓ No
5. In the Security Settings section, does the server verify the user’s public
key before allowing access?
Yes
✓ No
6. Scroll to the Server access section. Who can create new databases
on the server?
Blank = All.

7. In the Server access section, who can use monitors?

* = Everyone.
8. Scroll to the Programmability Restrictions section. Who can run unre-

stricted methods and operations?
No one.
9. In the Programmability Restrictions section, who can sign agents to

run on behalf of someone else?
Local Domain Admins
Activity 3-6:
4. Who are the members in the Administrator group

(LocalDomainAdmins)?
Doctor Notes/WWCorp, Admin ND01/WWCorp, Admin ND02/
WWCorp, Admin ND03/WWCorp, Admin ND03/WWCorp, Admin ND05/
WWCorp, Admin ND12/WWCorp, Francis Chester/Sales/
WWCorp, Manuel Domingo/Support/WWCorp
7. After reviewing the Security tab in the Current Server Document, do

any groups have administration capabilities on the server?
LocalDomainAdmins, LocalDomainServers
9. After reviewing the Server Access section, do any groups have

access to the server?
Yes.
Activity 3-7:
10. Using available help information, define a role.

Database-specific groups created to simplify the maintenance of
restricted fields, forms, and views. You can apply a role to Authors fields
and Readers fields and read and create access lists in forms and views.

Solutions
Lesson 4
Activity 4-1:
1. Which of the following numbers of NNNs would be appropriate for

Worldwide’s deployment?
✓ a) One
b) None
c) Two
✓ d) Three
2. Which one of the following hierarchical naming levels would best

organize the servers and users?
a) Country
✓ b) Organizational unit
c) ID
d) ACL
3. If there is more than one NNN, then which one of the following is the
best mechanism to route mail from server to server?
a) Program document
b) No action required
✓ c) Connection document
d) Configure a gateway
4. If high speed lines connect all Worldwide’s systems, which one of the
following would be the most appropriate mail routing topology?
a) Mixed
✓ b) Peer-to-peer
c) Ring
✓ d) Hub-and-spoke

Lesson 5 Follow-up
Lesson 5 Lab 1
1. Draw lines on the diagram below showing how Worldwide Corporation’s

servers will replicate. Indicate the replication type for each connection.

Solutions
Review replication topology design.The following graphic shows the

exercise solution for replication topology design:
One Connection document from East01 to a servers group (EastServers)

would handle replication to all servers in the East region. Likewise, one
Connection document from West01 to a servers group (WestServers)
would handle replication to all servers in the West region.The recom-
mended replication schedule is every two hours for Domino Directory
and every six hours for all other databases.

Glossary
access control list
(ACL) determines access to a given database, and the type of access
allowed.
access controls
Determine what information is available to the entity.
application
A solution to a particular business prblem that may contain one or more
databases and other components, such as Java scripts.
authentication
Establishes trust between two entities.
certificate
A unique electronic stamp stored in an ID file that associates a name
with a public key.
certifier ID
A file that generates the electronic stamp to indicate a trusted
relationship.
cluster
A group of two or more servers that provides users with constant access
to data, balances the workload between servers, improves server perfor-
mance, and maintains performance when you increase the size of the
Lotus Domino environment.
common certificate
A certificate derived from the same Lotus Notes or Internet (X.509) certi-
fier, or one of its ancestors in the organizational hierarchy.
composite application
A collection of two or more distinct applications that address a business
need for a specific group of users, and can be accessed from one
screen.

Solutions
decrypt
To decode protected data.
domain
A collection of servers and users that share a single Lotus Domino
Directory.
encrypt
To protect data from unauthorized access.
Execution Control List (ECL)

Defines workstation security for the Lotus Notes client.
field-level replication
The process of copying only fields that have changed since the last time the
two databases replicated.
group
A list of users and/or servers who have something in common. Each group
must have an owner, who is usually an administrator or a application
manager.
group types
Used to define the purpose of the group and determine the views in the
Lotus Domino Directory where the group name appears.
hierarchical name
Associates names with the certifiers in an organization.
Location document
One of six created by default when the Lotus Notes client is installed that
contain communication and location-specific settings for use with the Lotus
Domino administrator.
Lotus Domino Directory
A database that stores information that allows Lotus Domino servers and
clients to function properly.
Lotus Domino Enterprise Server
Includes the functionality of both the Lotus Domino Utility and Domino Mes-
saging Servers, including support for clusters.
Lotus Domino Messaging Server

Provides messaging services. It does not include application services.
Lotus Domino replication

A process of exchanging modifications between two database replicas so
that the same database may be updated and shared by many users in dif-
ferent locations accessing different servers.

Lotus Domino server

A computer that runs the Lotus Domino server program, stores Lotus Notes
databases, and runs services that manipulate Lotus Notes data.
Lotus Domino Utility Server
Provides standard Lotus Domino application services and custom Lotus
Domino applications for Lotus Notes and Web clients, as well as support for
clusters. It does not include messaging services.
Lotus Notes and Lotus Domino

A client and server environment that provides services to allow an organiza-
tion to perform tasks to store, communicate, and exchange information.
Lotus Notes client

A computer that can access Lotus Domino data both on servers and locally,
providing portable access to data.
Lotus Notes ID
Identifies a user or server to Lotus Domino systems.
mail routing topology

Establishes which servers are connected and how they communicate spe-
cific information.
Object Store
A place where all Notes data resides in the form of an NSF application.
organization
Defines the naming hierarchy for a Lotus Domino environment, which is
used for security.
organization certifier
A special file created at the time the first Domino server is set up in the
company.
organizational unit
Defines an organization’s hierarchy as it relates to people.
Person document
Describes a Lotus Notes or non-Lotus Notes user in the Lotus Domino
Directory.
private key
A key that is available to one owner (person, server, or certifier).
public key
A key that is available to everyone.
replica
A special copy of a database.

Solutions
replication
The process of synchronizing documents from the same databases on dif-
ferent workstations or servers over time.
Replicator
A server task that is loaded, but not initiated, at server startup.
role
Identifies a set of users and/or servers.
Server document
Created when you register a server; it contains many of the settings that
define how your server operates.
server task
A program provided with the Lotus Domino server that runs when loaded
and activated.
signing
Used when the recipient of data wishes to verify the data has not been tam-
pered with.
T.120
A family of open standards that contain a series of communications and
application protocols and services which provide support for real-time,
multipoint communication.
Web client
A computer that can access Lotus Domino data on the server to display in a
browser.

Index
A F
access control list, 73 Features of Lotus Notes 8, 6
access control options, 73 field-level replication, 107
anonymous, 71 File tab tasks, 31
authentication
access controls, 66
G
group, 29
C group types, 79
certificate, 67
certifier ID, 67
clients H
Lotus Notes, 5 hierarchical name, 56
Internet mail
cluster, 124
I
common certificate, 69
IBM® DB2, 127
Composite application, 10
IBM® Lotus Notes® and IBM® Lotus®
Configuration tab views, 39 Domino®, 3
IBM Websphere® Portal, 129
®
ID file types, 68
D
Internet (X.509) certificates, 67
Database and Applications Types, 10
deny list, 79
domain, 53 L
Domino standard services, 121 Location document, 5
Lotus Domino Directory, 12
Lotus Domino Enterprise Server, 4
E
Lotus Domino Messaging Server, 4
execution access, 85
Lotus Domino partitions, 126
Execution Control List (ECL), 85

Index
Lotus Domino replication, 38 person document, 29

Lotus Domino server, 3
Lotus Domino Service Categories, 13
Lotus Domino Utility Server, 4 R
Lotus Notes client, 3 replicas, 103
Lotus Notes ID, 67 replication, 103
Replication tab tasks, 38
Replicator, 103
M required server applications, 11
mail routing topology, 94 role, 73
Messaging tab tasks, 36
S
N Server document, 4
Notes certificates, 67 server host names
common names, 61
server task, 14
O simple, 71
Object Store, 8
organization, 53
organization certifier, 54 T
organizational unit, 54 T.120, 127
Also See: organization
W
P Web client, 3
People & Groups tab, 30

IBMD8750SG rev 1.0

IBM Lotus Domino 8 System Administration Operating Fundamentals

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

IBM Lotus Domino 8 System Administration Operating Fundamentals

Încărcat de

Drepturi de autor:

Formate disponibile

IBM® Lotus® Domino® 8 System Administration

Copyright © 2007 IBM Corporation.

One Rogers Street

All rights reserved.

Licensed Materials - Property of IBM

IBM® Lotus® Domino® 8 System Administration Operating

Lesson 1: Introducing the IBM® Lotus® Domino® 8

© Copyright IBM Corporation 2007.

Lesson 2: Performing Basic Administration Tasks

© Copyright IBM Corporation 2007.

© Copyright IBM Corporation 2007.

Topic C. Authenticating with IBM® Lotus® Domino® Servers . . . . . . . . 65

© Copyright IBM Corporation 2007.

Lesson 5: Examining IBM® Lotus® Domino®

© Copyright IBM Corporation 2007.

Topic B. Designing a Replication Strategy . . . . . . . . . . . . . . . . . . . . . . . 110

Lesson 6: Extending the IBM® Lotus® Domino®

© Copyright IBM Corporation 2007.

Appendix B: Encryption and Signing

Appendix C: Extend IBM® Lotus® Domino® Software

Appendix E: Certification and Exam Competencies

Appendix F: Instructor Preparation

© Copyright IBM Corporation 2007.

About This Course

How to Use This Book

Instructor and Student Client Hardware Requirements

Instructor and Student Client Software Requirements

Table 0-1: Domino naming scheme

Naming Component Classroom Implementation

Instructor user account Doctor Notes/WWCorp

Table 0-2: Required course configuration files

Doctor Notes user ID file DNotes.id

Doctor Notes mail file DNotes.nsf

Domino Web Administra- WebAdmin.nsf Lesson 5 – used in

Sample databases ● MarketTR.nsf Lesson 1 – show

Mail files ● And01.nsf through Classroom mail files

Domain Routing Mailbox mail.box Contains mail for stu-

Certification Log certlog.nsf Contains certification

Title File Name Function

Classroom diagrams D8750.ppt Used throughout the

Animations ● Routing.exe ● Lesson 3 – show

Checklist of Classroom Setup Tasks: New

Table 0-3: Classroom setup tasks

❒ 2 Install the Lotus Domino Administrator client software.

❒ 3 Install supplied files to the instructor machines.

❒ 4 Edit hosts file on each classroom machine.

❒ 5 Set up the instructor’s server.

❒ 6 Set up the instructor’s workstation.

❒ 7 Set up the student workstations.

Task 1: Install the Lotus Domino Server

Table 0-4: Install the Lotus Domino server software

2 On the Welcome screen, click Next.

7 Review the installation locations, and click Next.

8 Click Finish to complete the installation.

Task 2: Install the Lotus Domino

Table 0-5: Install the Lotus Domino Administrator client software

2 On the Welcome screen, click Next.

6 Verify that the installation path is correct, and click Install.

7 Click Finish to complete the installation.

Task 3: Install Supplied Files to the Instructor

Table 0-6: Install supplied files to the instructor machines

2 On the CD-ROM, open the D8750 folder.