Documente Academic
Documente Profesional
Documente Cultură
Operating Fundamentals
Student Guide
IBM® Lotus® Domino® 8 System Administration
Operating Fundamentals
Student Guide
IBM® Lotus® Domino® 8 System
Administration Operating
Fundamentals
Part Number: D8750
Course Edition: 1.0
Notices
DISCLAIMER: You may not copy, reproduce, translate, or reduce to any electronic medium or machine-
readable form, in whole or in part, any documents, software, or files provided to you without prior written
consent of IBM® Corporation, except in the manner described in the documentation.While every reasonable
precaution has been taken in the preparation of this manual, the author and publishers assume no
responsibility for errors or omissions, nor for the uses made of the material contained herein and the decisions
based on such use. Neither the author nor the publishers make any representations, warranties, or guarantees
of any kind, either express or implied (including, without limitation, any warranties of merchantability, fitness for
a particular purpose, or title). Neither the author nor the publishers shall be liable for any indirect, special,
incidental, or consequential damages arising out of the use or inability to use the contents of this book, and
each of their total liability for monetary damages shall not exceed the total amount paid to such party for this
book.
TRADEMARK NOTICES The following terms are trademarks or service marks of International Business
Machines Corporation in the United States, other countries, or both: DB2®, Domino®, Domino Designer®,
Domino.Doc®, Everyplace, ibm.com®, K-station, LearningSpace®, Lotus®, Lotus Discovery Server, Lotus
Enterprise Integrator®, Lotus Notes®, Lotus Workflow, Mobile Notes, Netfinity®, QuickPlace®, Rational®,
Sametime®, Tivoli®, VisualAge®, WebSphere®, Workplace, Workplace Messaging, and WorkPlace Shell®.
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc., in the United
States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both.
Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other
countries, or both.
UNIX is a registered trademark of The Open Group United States and other countries.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Under the copyright laws, neither the documentation nor the software may be copied, photocopied, reproduced,
translated, or reduced to any electronic medium or machine-readable form, in whole or in part, without the prior
written consent of IBM, except in the manner described in the documentation or the applicable licensing
agreement governing the use of the software.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule
Contract with IBM Corporation.
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
You must purchase one copy of the appropriate kit for each student and each instructor. For all
other education products you must acquire one copy for each user or you must acquire a
license for each copy provided to a user.
Table of Contents
Appendix D: Bibliography
Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Introduction
Course Description
Target Student
The target audience for this course is current network or mail system
administrators who are new to the Lotus Domino 8 system administra-
tion, but have some experience using the Lotus Notes 8 client, and who
need to acquire a foundational knowledge and working experience with
the Lotus Domino 8 administration tools.
Course Prerequisites
The prerequisites for this course include previous experience as a net-
work administrator or mail system administrator, and experience using
the Lotus Notes 8 client.
Introduction i
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
As a Review Tool
Some of the information covered in class may not be relevant to your envi-
ronment immediately, but it may become important later on. For this reason,
we encourage you to spend some time reviewing the topics and activities
after the course. The course can also be used in preparation for Lotus certi-
fication exams.
As a Reference
The organization and layout of the book make it easy to use as a learning
tool and as an after-class reference. You can use this book as a first source
for definitions of terms, background information on given topics, and sum-
maries of procedures.
Course Objectives
After completing this course, you should be able to:
• Describe the structural components of the IBM® Lotus®
• Perform basic IBM® Lotus® Domino® 8 administration.
• Manage IBM® Lotus Notes® and IBM® Lotus®
• Describe Domino mail routing and mail routing topologies.
• Describe Lotus Domino replication and replication topologies.
• Identify services and options that you can use to extend
ii Introduction
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
Course Requirements
Hardware
Instructor Server Hardware Requirements
The following list identifies the hardware requirements for the instructor
server machine.
• 512 MB of RAM or more recommended.
• A Pentium Class processor or higher and compatibles, Pentium 4, and
a 2.6 MHz processor is recommended.
• An SVGA (or better) video card and monitor. Support for 256 colors,
800 x 600 resolution.
• At least 1.5 GB free hard disk space per partition, 40 GB is
recommended.
• A mouse or other pointing device.
• A CD-ROM drive or access to network file server for installation.
• Internet access (recommended).
Introduction iii
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
Software
Instructor Server Software Requirements
The following list identifies the software requirements for the instructor
server machine. Please note that proper licensing for all software is required
and is the responsibility of the training organization.
• Microsoft® Windows® 2003 Server (Service Pack 1 is not required but
recommended) or Microsoft® Windows® Server 2000 with Service Pack
4.
• Lotus Domino 8 Enterprise Server.
• TCP/IP using either Hosts file or DNS with server and domain names
defined in the TCP/IP protocol configuration.
Class Setup
IBM Lotus Domino Naming Used in This
Course
This course uses the following hierarchical naming scheme.
Domain WWCorp
iv Introduction
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
Course Files
The first table describes the required course files used in the course or pro-
vided as additional tools.
Hub/SVR/WWCorp’s ID Hub.id
file
Introduction v
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
vi Introduction
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
3 Read the Lotus Licensing Agreement, and then click I accept the terms
in the license agreement to agree with the terms. Click Next.
4 Click Browse to change the drive on which to install Lotus Domino. Use the
following directory structure:
● Program files: drive:\Lotus\Domino
Click Next.
5 Click Browse to change the drive on which to install Lotus Domino. Use the
following directory structure:
● Data files: drive:\Lotus\Domino\data
Click Next.
6 Verify that Domino Enterprise Server is selected, and then click Next.
3 Read the License Agreement. Select I accept both the IBM and the
non-IBM terms, and then click Next.
Introduction vii
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
Step Action
4 Click Browse to change the drive on which to install Lotus Notes. Use the
following directory structure:
● Program files: drive:\Lotus\Notes
● Data files: drive:\Lotus\Notes\data
Click Next.
5 Select:
● Domino Administrator
● Domino Designer
● IBM Productivity Tools
● Composite Application Editor
Click Next.
The executable will copy the following files to the specified locations, creat-
ing the \lotus_ed\ directory and all necessary sub-directories, if required.
These files will be present both on the instructor server and instructor client
machines.
viii Introduction
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
\D8750\Domino\Data IDs:
● WWCorp.id
● Hub.id
● Dnotes.id
● And01.id - And12.id
● East.id
● West.id
● Svr.id
● Sales.id
● Support.id
Databases:
● Names.nsf
● Webadmin.nsf
● MarketTR.nsf
● ProdCat.nsf
● Policies.nsf
● Certlog.nsf
● Mail.box
\D8750\Domino\Data\Mail ● Dnotes.nsf
● And01.nsf through And12.nsf
● FChester.nsf
● MDomingo.nsf
● MGrassi.nsf
● TGoodwin.nsf
\D8750\Notes\Data ● WWCorp.id
● DNotes.id
● And01.id through And12.id
Introduction ix
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
2 Click Start Domino as a regular application and select the Don’t ask
me again check box. Click OK.
7 For the Domino domain name, enter WWCorp and click Next.
x Introduction
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
Step Action
8 On the Specify an Administrator name and password screen, complete
the following:
a. Select I want to use an existing Administrator ID file.
b. Click Browse to select the DNotes.id file, and then click Select.
The following fields on the screen will be filled in:
● First name: Doctor
● Last name: Notes
Click Next.
Enter lotusnotes for the password, and click OK.
10 Review the default enabled port drivers and host name. To change these
settings:
a. Click Customize.
b. Disable all ports except TCP/IP.
c. Enter the fully qualified Internet host name for the server,
hub.wwcorp.com
d. Click OK.
Click Next.
11 On the Secure your Domino Server screen, accept the defaults and click
Next.
Introduction xi
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
Step Action
14 Before starting the server, copy the supplied files to their target directories:
● Lotus\Domino\data: Names.nsf, WebAdmin.nsf, MarketTR.nsf,
ProdCat.nsf, Policies.nsf, Certlog.nsf, Mail.box
● Lotus\Domino\data\mail: DNotes.nsf and all other mail files
4 If the ID is not found in the Domino Directory, the setup program will
request the location of the Notes ID file. To locate the Notes ID file:
a. Click Browse, select Dnotes.id, and then click Open.
b. Click Next.
c. Click Yes to copy the ID file to the local data directory.
If the user ID is stored in the Domino Directory, the setup program will
automatically copy the ID file to the local data directory.
xii Introduction
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
4 If the ID is not found in the Domino Directory, the setup program will request
the location of the Notes ID file. To locate the Notes ID file:
a. Click Browse, select the appropriate ID, and then click Open.
b. Click Yes to copy the ID file to the local data directory.
c. Click Next.
If the user ID is stored in the Domino Directory, the setup program will auto-
matically copy the ID file to the local data directory.
9 Open Domino Administrator on each student machine and remove the Hub
server from the Favorites lists. Exit Domino Administrator.
Course Icons
The following table explains the icons used in this course.
Introduction xiii
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals
Introduction
xiv Introduction
1 Introducing the IBM® Lotus®
Domino® 8 Environment
■
■
Topic A: Examining the IBM® Lotus® Domino® 8 Architecture
Topic B: Investigating IBM® Lotus® Domino® Applications
■ Topic C: Exploring IBM® Lotus® Domino® Server Functionality
Introduction
IBM® Lotus Notes® and Lotus® Domino® are an integrated messaging and
Web application software platform that provide a scalable and secure infra-
structure, with the flexibility and openness needed for development and
deployment of Web applications. As the system administrator, you need to
understand the architecture and its key components before you can properly
administer the environment.
After completing this lesson, you should be able to:
● Identify the architecture and key components of the Lotus Notes and
Lotus Domino environments.
● Define IBM Lotus Domino applications.
● Describe the basic functions and processes of Lotus Domino servers.
Component Function
Lotus Domino ● A Lotus Domino server is a computer that runs the
server (Web- Lotus Domino server program and stores Notes
enabled) databases. A Lotus Domino server runs services that
manipulate Lotus Notes data.
● Depending on what the request is and who the client is,
the server can pull information from a variety of
sources, including the object store, the file system, a
relational database, or a combination of all three.
Lotus Notes and ● Lotus Notes clients can access Lotus Domino data both
Web clients on servers and locally, providing portable access to
data.
● Web clients can access Lotus Domino data on the
server to display in a browser.
Server Documents
When you register a server, the Server document is created. It contains
many of the settings that define how your server operates. Those settings
are accessible through tabs within the Server document.
Lotus Domino Enter- Includes the functionality of both the Lotus Domino
prise Server Utility and Domino Messaging Servers, including sup-
port for clusters.
Note: Each server type installed on a system requires a different server license.
Client Types
Users who have mail files on a Lotus Domino server can use either the
Lotus Notes client or an Internet mail client to access their mail:
● Lotus Notes clients: Use Lotus Notes protocols to send and access
mail on a Lotus Domino server; a Lotus Notes client can also act as an
Internet mail client.
● Internet mail clients: Access mail files through the Lotus Domino
POP3, IMAP, or HTTP servers. POP3 and IMAP clients send mail using
SMTP.
The following table describes the function of Lotus Notes clients and
Internet mail clients.
Client Function
Lotus clients:
Client Function
Internet Clients:
Features Description
Infrastructure Lotus Notes 8 presents a dynamic user work environment, and
represents an important transition in the way people communi-
cate and collaborate. It also elevates the team-based,
electronic user experience by enriching the online community
of collaboration, allowing you to improve efficiency, boost effec-
tiveness, and expedite decision-making processes.
Features Description
Productivity You will be able to complete your day-to-day tasks more effi-
ciently using one comprehensive application that streamlines
business processes and enriches the real-time collaboration
experience. The ability to share and update project information
in a single, simplified view will help you sharpen your focus on
the status of projects, and keep associates and participants in
sync.
E-mail Threaded e-mails enable you to see all messages for a spe-
cific topic grouped and arranged together at the view level. You
can also alternate between vertical and horizontal preview dis-
plays within your Inbox.
Calendar You can manage your time and meeting invitations by viewing
your calendar in a sidebar while completing other tasks. You
can also customize daily and weekly calendar views within
Lotus Notes 8.
Application extensions
Some applications have extensions other than NSF. The following table
describes these applications.
Application Description
Extension
NDK Application that contains the user desktop settings.
Application Description
Extension
NTF Application template used to create specific types of databases,
such as mail databases.
Database Description
Extension
DSK Release 5 database that contains the user’s desktop settings. This
extension is the same as NDK in Release 6 and higher.
Note: To retain the database format from a previous release, save the
database with the appropriate extension (NS4, NS5, or NS6) prior to com-
pacting the database on a Lotus Domino 8 server. Otherwise, compacting
will upgrade the database to the Lotus Domino 8 format.
Composite Applications
A composite application is a collection of two or more distinct applications
that address a business need for a specific group of users and can be
accessed from one screen. Composite applications consist of different ele-
ments that allow users to implement related tasks without having to launch
new windows or applications.
The various parts of a composite application can interact with one another
and exchange information. When views are updated or edited in one appli-
cation, the corresponding views and information in the other applications are
updated to reflect the modifications.
There are two types of composite applications that are featured in Lotus
Domino and Lotus Notes 8:
● An Lotus Notes composite application, which is stored on a Domino
server and listed in a Domino Application catalog.
● A portal composite application, which is stored on an IBM®
WebSphere® Portal server and is listed in the Portal catalog. Users can
access this type of composite application using the Lotus Notes client
or a Web browser.
For example, the IBM Lotus Notes 8 inbox is a fully functional composite
application that integrates two or more elements into one user interface.
Here is an example of the new Lotus Notes 8 inbox.
Note: Required server database names are the same as in the previous release of
Domino.
The following table lists some of the crucial files stored on each server.
Note: The Lotus Domino Directory was referenced differently in earlier releases.
Administrators with experience using these earlier releases of Lotus Notes and
Lotus Domino may use other terminology, including: Public Address Book (PAB) and
Notes Address Book (NAB).
Services Description
Application Provides the tools to create applications:
● The Lotus Domino Designer, a special client license that
provides a design environment for building customized
applications including Web applications.
● Lotus Notes templates, models for creating applications
quickly and easily.
® ®
● IBM LotusScript language, as well as support for
Java , Javascript™, C++, and CORBA®.
™
Connection Enables the use of Lotus Domino with existing relational data
sources.
Server Tasks
The core services are provided using a number of Lotus Domino server
tasks in conjunction with the key Lotus Domino server databases. A server
task is a program provided with the Lotus Domino server that runs when
loaded and activated.
Server tasks serve various purposes. Some perform specific tasks, such as
mail routing. Others run in the background to perform complex administra-
tion procedures, such as compacting databases and updating indexes.
Category Examples
Additional ● Internet protocol support:
Lotus Domino
■ LDAP - directories
Services
■ POP3 - mail clients
■ IMAP - mail clients
● Clustering
● Partitions
● Lotus Domino Enterprise Connection Services (DECS)
● Lotus Domino Internet Inter-ORB Protocol (DIIOP)
Note: Additional Lotus Domino services and products are covered in more detail
later in this course.
Lesson Summary
In this lesson, you described the structural components of the IBM Lotus
Domino 8 environment. As the system administrator, understanding the
architecture and its key components can help you properly administer the
Domino 8 environment.
Introduction
By performing basic administrative tasks in IBM® Lotus® Domino® Adminis-
trator, you should gain the hands-on experience you need to accomplish
these tasks on the job in your own Lotus Domino environment.
After completing this lesson, you should be able to:
● Identify the elements of the Lotus Domino Administrator interface.
● Use online help.
● Navigate in IBM Lotus Domino Administration and perform basic IBM
Lotus Domino Administrator tasks.
● Set administration preferences in Lotus Domino Administrator.
Tool Description
Lotus Domino Administrator Allows administrators to make
changes to the Lotus Domino environ-
ment, such as:
● Modify server settings.
● Set up server connections.
● Add new users, servers, and
groups to the Lotus Domino
environment.
● Monitor server activity.
Tool Description
Lotus Domino Console Provides a server console on any plat-
form that supports Java, allowing an
administrator to:
● Enter text-based server commands.
● Remotely start and stop the server.
The Lotus Domino Administrator is the main tool for performing administra-
tive tasks in a Lotus Domino environment. The client is included with the
server software and can be installed on any supported operating system.
Component Description
Action bar Contains buttons to act on documents displayed in the
view.
Note: You can also use the Administration menu to navigate among the Lotus
Domino Administrator tabs.
Step Action
1. From the Lotus Notes client, click Open and then click Domino
Administrator.
2. Select the Don’t show this again check box and close the Welcome page.
3. In the IBM Domino Administrator, click the Favorites icon.
4. Click the Domain servers icon to display the Bookmark window for
the WWCorp domain.
5. Click the Pin icon to anchor the Bookmark window.
6. Expand the All Servers section, and select the instructor’s server: Hub/
SVR/WWCorp.
7. To add the server to the favorites list, right-click, and choose Add Server
To Favorites from the pop-up menu.
8. (Optional) Display the Favorites list by clicking the Favorites icon to verify
that Hub/SVR/WWCorp is in the Favorites list.
9. How do you know which server is currently active:
Step Action
11. How do you display all of the servers in the domain?
Location Resources
Online ● Lotus Domino Administrator 8 Help database
● Release notes
Step Action
1. From the Lotus Domino Administrator main menu, choose Help→Help
Topics.
2. Select the Glossary view, answer the following questions, and then close
the Help window.
3. What is a domain?
5. What is replication?
7. Close Help.
Tab Contents
People & People-related Lotus Domino Directory items: person docu-
Groups ments, groups, mail-in databases, and policies.
Server Current server activity and tasks. This tab has five sub-
tabs:
● Status
● Analysis
● Monitoring
● Statistics
● Performance
Note: When you delete a user name, the associated Person document is also
deleted.
Groups
A group is a list of users and/or servers who have something in common.
Each group must have an owner, who is usually an administrator or an
application manager.
Groups can be used to:
● Provide a group of users access to a application.
● Deny a group of users access to a server or application.
● Send mail to a distribution list.
Step Action
1. In Domino Administrator, verify that the People & Groups tab is selected.
2. Verify that the Domino Directories and WWCorp’s Directory sections are
expanded. Select the People view.
3. Locate your Person document.
4. Double-click to open your Person document.
5. Examine the type of information stored for a Notes user. Close the docu-
ment when finished.
6. From the Tools pane, click People to see a list of the tools used to manage
groups.
7. Click People to close the list.
8. Click the Groups view, and from the Tools pane, click Groups to see a list
of the tools used to manage groups.
9. To see a list of the groups to which your user name belongs, scroll the
action bar to locate the Find Group Member button.
10. Click Find Group Member, type your user name, and click OK.
11. The groups to which you belong will be checked.
Step Action
1. Select the Files tab.
2. To see information about the drive on which the Lotus Domino server is
installed, under Tools, select Disk Space.
3. Approximately how much free disk space is there on the Hub server?
4. To sort the list of files by alphabetical order using the file name, click the
Filename column header.
5. From the drop-down box, choose All database types.
Step Action
9. This tool creates a full text index for searching for each of the selected
databases. Verify that Create is selected, then click OK.
Step Action
1. Select the Server tab.
2. To view the list of tasks running on the server, verify that the Status tab is
selected and click Server Tasks.
3. To view various tools related to server tasks, from the Tools pane, click
Task, User, Ports, and Server.
4. Click Server Console.
5. To start a live console session, click the Live button.
6. In the Domino Command text box, type
show server.
7. Click Send to see the results of the command.
8. Click Stop to stop the live console session.
9. Select the Analysis tab.
10. Expand the Hub’s Log section and click Miscellaneous Events view.
● Replication events
● Session information
● Miscellaneous events
● Database activity
Step Action
13. To close the document, click the Close button.
14. Select the Monitoring tab.
15. To begin server monitoring, click the Start button.
16. To monitor a new task, click Monitoring→Monitor New Task.
17. Scroll down and click the Statistic Collector task, and then click OK.
18. Click to scroll the Tasks pane to verify that the Statistic Collector task has
been added.
Step Action
33. What information is stored in the Domino Server Log file (log.nsf)?
a) Server activity
b) User activity
c) Replication activity
d) Database activity
34. Where can you view server statistics?
a) Performance tab→Activity Trends
b) Server tab→Statistics tab
c) Server tab→Monitoring tab
d) Server tab→Analysis tab
35. Statistics are available on which of the following tabs?
a) Performance tab
b) Statistics tab
c) Status tab
d) Monitoring tab
Step Action
1. Select the Messaging tab.
2. On the Mail tab select Mail Users. Expand Hub/SVR/WWCorp to see a list
of users grouped by the mail server.
3. Locate your Person document.
4. To view any messages waiting to be routed, click Hub Mailbox (mail.box).
5. To view the dead mail and waiting mail, select Mail Routing Status.
6. After a moment, statistics are displayed. Verify there is no dead or waiting
mail.
7. To see the available mail routing tools, under Tools, expand Messaging.
8. In the Messaging tab→Mail tab, what information will you be able to view?
a) Mail information
b) Routing information
c) Shared information
d) Tracking information
9. To view a visual representation of the mail system structure, you would
select which of the following?
a) Messaging tab→Mail tab→Server Mailbox (mail.box)
b) Messaging tab→Mail tab→Mail Routing Topology→By Connections
c) Messaging tab→Tracking Center tab
d) Messaging tab→Mail tab→Mail Routing Topology→By Named Networks
Step Action
1. Click the Replication tab→Replication Events view.
2. Click Replication Schedule.
3. To see a map that represents the servers with which Hub/SVR/WWCorp is
scheduled to replicate, select the Replication Topology section→By Con-
nections view.
Step Action
1. Select the Configuration tab.
2. Select the Server section→Current Server Document view. Note that:
● This view shows the settings for the selected server.
● Different settings appear on each tab in the Server document.
3. In the Server section, select the All Server Documents view to see a list
of documents for all servers.
4. In the Server section, select the Configurations view to see a list of docu-
ments that control some server settings.
Locate the Configuration document(s) that apply to Hub/SVR/WWCorp.
5. In the Server section, select the Connections view to see a list of docu-
ments that define how and when servers connect.
6. Select the Messaging section→File Identifications to view a list of file
definitions.
Step Action
7. Under what other tabs did you see Connection documents?
Administration Preferences
Administration preferences allow customizing of the Lotus Domino Adminis-
trator work environment. These preferences include the following choices:
● The domains to administer.
● The type and order of file information displayed.
● The way in which Lotus Domino collects and displays server monitoring
data.
● The defaults to use when registering users, servers, and certifiers.
Step Action
1. Select File→Preferences→Administration Preferences.
2. For Basics, select the WWCorp domain from the list, and click Edit.
3. Verify the Domino Directory server as Hub/SVR/WWCorp.
4. Verify that Do not change location is selected and click OK.
5. Click Monitoring, verify that Monitor servers From this computer is
selected.
6. In the Poll servers every x minutes, verify that 1 is entered.
7. Select Automatically monitor servers at startup.
8. Click OK to close the Administration Preferences dialog box.
6. Of how many groups are you a member? (Hint: Use either the Manage
Groups tool or an action button).
Lesson Summary
In this lesson, you performed basic administrative tasks in IBM Lotus
Domino Administrator. Gaining the hands-on experience needed to accom-
plish tasks on the job will enable you to administer and support the Lotus
Domino environment.
Introduction
Security mechanisms must be in place to ensure proper access to Domino
servers and server components. By defining IBM® Lotus Notes® and IBM®
Lotus® Domino® security, you should be able to effectively control access to
a Lotus Notes and Lotus Domino environment.
After completing this lesson, you should be able to:
● Identify components of the Domino security implementation.
● Design a hierarchical naming scheme.
● Locate and view certifiers.
● Determine how Domino security mechanisms control server access lev-
els and access to other resources.
● Determine database access levels.
● Determine workstation security levels.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Note: Lotus Domino domains are not related to NT or Internet domains. However,
many organizations choose to use the NT or Internet domain name as their Lotus
Domino domain name for consistency.
Note: Lotus Domino domain names should not have a period (.) in the name.
Organizations
A Lotus Domino organization defines the naming hierarchy for a Lotus
Domino environment, which is used for security. The organization name can
be the same as the domain name, or another name, such as a shortened
version of the company name.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Note: Most companies will set up one organization and one domain. However, a
company may create multiple organizations to separate different departments or
divisions for security or administration purposes.
Figure 3-1:
Organizational Units
An Organizational unit (OU) generally define an organization’s hierarchy as
it relates to people. OUs are the next level down from the organization and
usually represent geographical or departmental names.The following figure
shows an example of an organizational unit.
Certifiers
The Lotus Domino organization certifier is a special file created at the time
the first Lotus Domino server is set up in the company. It is the top of the
hierarchy and is used to certify the resources in the entire infrastructure.
Administrators can use the organization certifier to register other certifiers
which, in turn, can be used to register users, servers, or other certifiers.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Hierarchical Naming
Lotus Domino uses hierarchical naming, based on X.500 standards, to guar-
antee unique user and server names across a large network. Hierarchical
naming associates names with the certifiers in an organization.
Note: Since the country code is part of the fully distinguished name, each certifier
that uses a country code is a different certifier, even though the organization name
is the same.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Consider the following options for creating organizational unit certifiers when
designing the hierarchical naming scheme.
Criteria Description
Location Each locale has a separate Organizational Unit (OU) for
local administration of servers and users. Use this as an
alternative to using the country code name component. The
site or country abbreviation easily identifies the geographic
location of the server or user.
Work groups Most often used to distinguish two users with the same
name who work in the same department.
Note: Typically, a company would use the OU1 to indicate the user’s location, then
use the OU2 for the department. Workgroups are typically only used to distinguish
two users from the same region that are in the same department.
Department or workgroup OUs are not recommended if users move between depart-
ments frequently.
Benefit Description
Cross- If two organizations wanted servers to be cross-certified,
certification but did not want users to be cross-certified, then having
each organization’s servers in a separate OU would allow
the creation of a server OU to server OU cross certificate.
Since the cross certificate would be server OU to server
OU, no end user from either organization would be allowed
to directly access servers in the other organization. How-
ever, the servers would be allowed to authenticate and
replicate.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Benefit Description
Administration If the organization decided to use a unique OU for server
control registration, and that OU is tightly controlled by an upper
level administrator, the likelihood of having a renegade or
unauthorized server show up is reduced. Any server regis-
tered with a different OU will be readily apparent to
administrators through various views of Domino
Administrator.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Security Controls
Security controls determine access to servers and resources in the Lotus
Domino environment.
Use the controls to:
● Allow access to authorized users and servers.
● Block access for unidentified or specific users and servers.
The process of accessing information involves two levels of security:
● Authentication
● Access controls
Authentication establishes trust between two entities. Once trust is estab-
lished, access controls determine what information is available to the
entity. An entity can be a server or a client.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Note: The certifier ID does not provide access to anything. It acts as an electronic
stamp to validate other IDs. The certificate is the stamp left on the ID by the process
of certification. The certificate uses an electronic signature from the certifier to asso-
ciate the user or server’s name with the user or server’s public key. For example, a
certificate from /WWCorp issued to Inga Neste/Sales/WWCorp means that according
to /WWCorp, Inga Neste/Sales/WWCorp has a specific public key that is stored in
the certificate.
Types of Certificates
The two types of certificates are:
● Notes certificates: Stored in a Lotus Notes or Domino ID file that
associates a name with a public key. Certificates permit users and serv-
ers to access specific Lotus Domino servers.
● Internet (X.509) Certificates: Let a user access a server using SSL
client authentication or send an S/MIME message. Internet certificates
can be stored in the Lotus Notes ID.
Note: Certifier IDs and certificates are created on the server. However, they should
be moved to a very secure location, rather than left on the server. For example,
copy the ID to a diskette and lock in a cabinet.
ID Files
A Lotus Notes ID identifies a user or server to Lotus Domino systems. The
user and server registration process creates a unique ID.
Note: The password is used to encrypt the private key and optional encryption keys
as well as to access the ID file.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Types of ID Files
There are several types of ID files used in the Domino environment:
● The certifier ID file allows an administrator to certify Notes users with
hierarchical names. The certifier ID file stamps server, user, and other
certifier IDs with its certificate.
● The user ID file is created by the administrator and contains information
that Notes uses to identify a user. The file contains certificates, and the
the name of the ID owner.
● The server ID file is created by the system administrators and stores
IDs on the server.
Components of an ID File
An ID file contains information to identify the owner of the ID in order to
determine access to resources in a domain. Each user or server ID contains
the following information:
Note: The password is used to encrypt the private key and optional encryption keys
as well as to access the ID file.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Common Certificates
In order to authenticate, each side (server and client or server and server)
must have a common certificate. A common certificate is a certificate
derived from the same Lotus Notes or Internet (X.509) certifier, or one of its
ancestors in the organizational hierarchy.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Authenticate Using
In the Lotus Notes/Lotus Domino envi- Lotus Notes certificate
ronment
In the Lotus Notes/Domino environ- Lotus Notes and Internet (X.509) cer-
ment and outside the Lotus Domino/ tificate (with S/MIME to sign Internet
Notes environment messages between different mail
Example: Internet e-mail to a Lotus packages)
Notes client
Figure 3-5:
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Step Action
1. Select the Configuration tab→Certificates section→Certificates view.
2. Expand the Notes Certifiers section and WWCorp.
3. Double-click /WWCorp to open the certificate.
4. Click Cancel to close the certificate.
5. What is the first Internet Certificate?
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Roles
A role identifies a set of users and/or servers. Roles only apply to the data-
base in which they are created.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Stage Description
1 Successful authentication extracts the name in the Person document
(ID file). The name is then checked against the server, file, database,
data, and field access.
5 Data access: Name is checked for view, form, read, and edit access
to the document in the database.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Note: If you have questions regarding the settings, use the context sensitive Help.
Wildcards can be used for a group of servers; for example: */SVR/WWCorp.
Follow these steps to complete the activity. Document the current Worldwide
security settings and answer the questions.
Step Action
1. Select the Configuration tab→Server section→Current Server Document
view.
2. Select the Security tab.
3. For the Administrators section, who are the authorized administrators?
4. In the Security Settings section, does the server allow Lotus Notes users to
access anonymously?
Yes
No
5. In the Security Settings section, does the server verify the user’s public key
before allowing access?
Yes
No
6. Scroll to the Server access section. Who can create new databases on the
server?
Note: Open the document in edit mode and use field help.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Step Action
8. Scroll to the Programmability Restrictions section. Who can run unrestricted
methods and operations?
Use Example
Provide a group of users with LocalDomainAdmins: Allows administrators
access to a database. full access to the Lotus Domino Directory.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Group Types
Group types are used to define the purpose of the group and determine
the views in the Domino Directory where the group name appears.
For example, the group of terminated employees appears in the Deny List
view, and access control groups appear in the Access Control view.
Using specific group types improves performance by reducing the size of
view indexes in the Domino Directory.
The following table describes the purpose of various group types.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Caution: Too many nested groups may cause confusion and be cumbersome to
manage.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Step Action
1. Select the People & Groups tab→Domino Directories section.
2. Select WWCorp’s Directory→Groups.
3. Open the Administrator group (LocalDomainAdmins).
4. Who are the members in the Administrator group (LocalDomainAdmins)?
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Reader Can read documents, but can- ● Can replicate to receive only
not create, edit, or delete (not send documents)
them
● Minimum access for servers
to get data
Author Can create and read docu- ● Can replicate new docu-
ments, and edit own ments, but cannot modify
documents if Authors fields documents
are used
● Minimum access for servers
Note: Designers can modify a
to send data
database to allow users to
edit their own documents. Note: This ACL level is not
normally assigned to servers.
Editor Can create, read, and edit all Can replicate all new and
documents changed documents
Designer Can modify the database Can replicate all new and
design, but cannot modify the changed documents, and repli-
ACL or delete the database cate design elements
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Step Action
1. Select the Files tab.
2. Open WWCorp’s directory.
3. In the About Domino Directory document, click Close this document to
view the database.
4. Select File→Application→Access Control.
5. Record the server group names and access.
8. Click Cancel.
9. Close the WWCorp’s Directory database.
10. Using available help information, define a role.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Step Action
1. Exit Lotus Domino Administrator and Lotus Notes and re-open Domino
Administrator.
2. Students who can access the server, try to open the Domino Directory and
select the People & Groups tab.
3. Why are some not able to access the server or the Domino Directory?
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Note: By default, scripts and formulas, whether signed or unsigned, do not execute
on a workstation without displaying a warning message. However, scripts and formu-
las created using a Lotus Notes template, and signed “Lotus Notes Template
Development/Lotus Notes” have complete execution access.
Lesson 3 ■ Examining IBM® Lotus® Notes® and IBM® Lotus® Domino® Security
Lesson Summary
In this lesson, you managed IBM Lotus Notes and Lotus Domino security.
Understanding the process of ensuring proper access to Domino servers
with security mechanisms in place will allow you to effectively control access
to a Lotus Notes and Lotus Domino environment.
Introduction
IBM® Lotus® Domino® supports two mail transfer protocols; Lotus Domino’s
native routing protocol, NRPC (Notes Remote Procedure Calls), and the
Internet standard, SMTP (Simple Message Transport Protocol).
Note: NRPC uses port 1352 for server-to-server and server-to-client communica-
tions, not just mail transport.
Term Definition
Mail file The Domino application in which the user creates, sends,
retrieves, and stores mail messages.
Mail server A user’s mail server is the server where the user’s mail file
resides and is specified in the Person document in the Domino
Directory.
Mailer The Mailer resides on the workstation and performs these tasks:
● Verifies the existence and spelling of the name(s) if the recipi-
ent is listed in the Domino Directory.
● Converts the message to Multi-purpose Internet Mail Exten-
sions (MIME), if necessary.
● Deposits the message in Mail.box on the sender’s mail
server.
Domino Direc- The Domino application that stores information about the send-
tory er’s (and possibly recipient’s) mail server, mail file system, mail
file name, mail address, and connections to other servers for
transfer and delivery.
Mail.box A special database that resides on every server used for mail
delivery. Mail is temporarily stored in Mail.box before the router
delivers or transfers the mail.
Term Definition
Router A server-based task that delivers and transfers mail. It checks
the Lotus Domino Directory for connections to other servers and
deposits mail in users’ mail files and other servers’ Mail.box.
Settings Options
Server ● Messaging settings
● Connection documents
● Domain documents
● Configuration documents, including:
■ Inbound controls: SMTP controls for mail from the
Internet
■ Outbound controls: SMTP controls for mail to the
Internet
Topology Types
A topology defines how mail servers are set up within an organization.
Types of topologies vary depending on the size and type of organization:
● Small firms (four or fewer servers): Use peer-to-peer mail routing, which
quickly disseminates mail to all servers.
● Mid-size firms (four to six servers): May use a combination of peer-to-
peer and hub-and-spoke.
● Large organizations (six or more servers): Use hub-and-spoke mail
routing.
Further information on mail topologies will be discussed later in this course.
Note: Implement hub-and-spoke topology for maximum efficiency with high volume
mail traffic and to allow for easier expansion, such as adding servers or clustering
servers.
Guidelines
Below are some guidelines for designing a mail routing topology.
● Determine the number and server membership of Lotus Domino Named
Networks based on the network protocols in use.
● Determine the appropriate topology type based on the size and type of
the organization. For example, peer-to-peer, hub-and-spoke, end-to-
end, or hybrid.
● If using hub-and-spoke:
■ Determine the number of hubs and the appropriate system
resources for each hub.
■ Determine if clustering the hubs is necessary.
Note: The written questions for this exercise are similar to the format used in the
IBM Software Services for Lotus Certification exams.
Step Action
1. Which of the following numbers of NNNs would be appropriate for World-
wide’s deployment?
a) One
b) None
c) Two
d) Three
2. Which one of the following hierarchical naming levels would best organize
the servers and users?
a) Country
b) Organizational unit
c) ID
d) ACL
3. If there is more than one NNN, then which one of the following is the best
mechanism to route mail from server to server?
a) Program document
b) No action required
c) Connection document
d) Configure a gateway
4. If high speed lines connect all Worldwide’s systems, which one of the fol-
lowing would be the most appropriate mail routing topology?
a) Mixed
b) Peer-to-peer
c) Ring
d) Hub-and-spoke
5. Circle and label the appropriate number of NNNs.
6. Draw lines between servers in which mail will route automatically.
7. Draw lines between servers to represent a Connection document to route
mail on a schedule. Use arrows to indicate the direction in which mail will
route. Draw as many lines as will be Connection documents.
Lesson Summary
In this lesson, you described mail transfer protocols supported by IBM Lotus
Domino. Understanding the NRPC and SMTP mail transfer protocols can
help you administer mail routing for your organization.
Introduction
The Lotus Domino Directory is the central database in the IBM® Lotus®
Domino® domain, and exists on every server in the domain. Likewise, there
are other databases that Lotus Domino uses to function properly, such as
the Certification Log and Administration Requests database, that need to be
synchronized on all servers in the domain. A process called Domino Repli-
cation keeps the Domino Directory synchronized on all servers in the
domain.
Additionally, users in the Lotus Domino environment use databases to col-
laborate and exchange information. These databases can reside on
geographically dispersed servers and also need to be synchronized so all
users have access to the same information.
After completing this lesson, you should be able to:
● Identify how replication works.
● Design a replication strategy.
Term Definition
Replicator The Replicator is a server task that is loaded, but not initi-
ated, at server startup. The Replicator pulls data from, or
pushes data to, another server.
Term Definition
Unique Notes The unique value assigned to a document when it is first
Identification saved. The Replicator looks for documents with the same
Number (UNID) UNID to synchronize.
The UNID is found on the tab in Document
Properties.
Replication His- A list of dates and times when two servers or a server and
tory workstation successfully replicated. The Replicator uses Rep-
lication History to determine which documents are new,
changed, or deleted since the last time the two databases
replicated.
Replication Tools
Administrators use the following methods to initiate server-to-server
replication.
Tool Usage
Connection document Used to schedule replication between
two servers
Database Replicas
Lotus Domino makes it easy to collaborate with others by allowing users to
work in database replicas that are located in geographically dispersed serv-
ers or on local workstations with Domino replication keeping those
databases synchronized.
Stage Description
1 The Replicator compares its list of applications with the called serv-
er’s list of applications to determine which application they have in
common.
3 The Replicator pulls (reads and writes) ACL and design and docu-
ment changes, based on permissions set in each server,
application, and document.
Server access list If the initiating server is not allowed access to the
called server, replication stops.
Access Control List If the called server does not have the appropriate appli-
cation ACL access on the initiating server, some
application elements might not replicate correctly.
Step Action
1. From Lotus Domino Administrator, select the Files tab.
2. Open the Marketing TeamRoom database from the list.
3. Choose File→Replication→New Replica.
4. Make the following selections:
● Select Local from the list of servers.
● Accept the default path and file name.
● Expand Replication settings and if necessary, select Create
Immediately.
● Click OK to create the replica.
5. Create a document in the new local replica database.
a. Open the local copy of Marketing TeamRoom.
b. Expand Team Documents and click By Date.
c. Click New Document.
d. Type a subject for the new document.
e. Click Save and then click Close.
6. Choose File→Replication→Replicate.
7. Select Replicate with options and click OK.
8. Verify that Hub/SVR/WWCorp is in the with text box, and click OK twice.
9. Open the Marketing TeamRoom application on Hub/SVR/WWCorp to
verify your document was added.
Note: The same topology may be used for both mail routing and replication.
Lesson Summary
In this lesson, you described the Domino Replication process and it’s
functions. As an administrator, you need to understand how Lotus Domino
uses replication to keep the Domino Directory, the Certification Log, the
Administration Requests database, and user databases synchronized on all
servers in the domain.
Introduction
An organization can extend the IBM® Lotus® Domino® environment with
various services, tools, and software products. These additions can enhance
and expand the services available to the user community.
After completing this lesson, you should be able to:
● Identify additional IBM Lotus Domino services.
● Identify Domino scalability options.
● Identify other IBM server types that might be incorporated into a
Domino environment.
Scalability Options
When implementing or supporting a Lotus Domino installation, it is important
to consider the performance and scalability of the available hardware. Lotus
Domino offers options to maximize usage of CPU power, memory, and disk
space on high powered systems. The following table describes these Lotus
Domino options.
Service or Description
Task
Clustering A Lotus Domino cluster is a group of two or more servers
that provides users with constant access to data, balances
the workload between servers, improves server performance,
and maintains performance when you increase the size of
the Lotus Domino environment.
Benefits of Clustering
The following table lists some of the benefits of using a cluster.
Benefit Description
High availability of Automatic redirection of user requests to available
applications servers. This failover capability provides consistent
access to critical applications, even if one server is
down for maintenance.
System backup Cluster member can act as server backup for critical
data. Clustering does not take the place of backup.
At least one server in the cluster must be backed up
to tape, as well as other servers that contain unique
files (such as logs).
Partitions:
● Are available with the Lotus Domino Enterprise server.
● Are supported on all Lotus Domino supported operating system
platforms.
● Share Lotus Domino executables.
● Have unique:
■ Lotus Domino data directories.
■ Initialization files (Notes.ini).
● Can be clustered.
Note: Lotus Domino partitions should not be confused with specific operating sys-
tem partitions, which segment system hardware.
For more information on Lotus Domino partitions, refer to the Lotus Domino
Administrator 8 Help topic Partitioned servers.
Benefits of Partitions
Partitioned servers optimize hardware usage. The following table lists some
of the benefits of using partitions.
Benefit Description
Reduce hardware Runs multiple Lotus Domino servers on a single
expenses computer.
Maximize usage of high- More efficient use of hardware. For example, you
powered systems can purchase a single, more powerful computer
and run multiple Lotus Domino servers on the
single machine.
IBM DB2
IBM Lotus Domino offers the ability to store, protect, and manage mission
critical Domino collaborative application data in a robust, enterprise class
IBM DB2 relational data store.
The following table describes some of the basic DB2 terminology.
WebSphere Portal
The IBM® WebSphere® Portal is a J2EE application that runs on
WebSphere Application Server. Its main function is to serve the portal
framework to the desktops and mobile devices of end users. The
WebSphere Portal creates an environment that provides the required con-
nectivity, administration, and presentation services.
The major functional components of the Portal include:
● Security and member services, which provide authentication and role-
based access control to portal resources.
● Page aggregation services to assemble the appropriate markup of the
content that is accessible to the current user in a device-appropriate
and locale-appropriate format.
● A portlet container and services, which provide a rich set of services
allowing portlets to bring rich content and applications to the portal.
The WebSphere Portal consists of middleware, applications, and develop-
ment tools for building and managing secure business-to-business (B2B),
business-to-consumer (B2C), and business-to-employee (B2E) portals.
WebSphere Function
Area
Foundation and For building, running, and deploying applications. The
tools WebSphere Application Server, host integration technologies, and
state-of-the-art development tools form a solid base for the
platform. The foundation and tools provide the Internet expertise
you need, enable you to build and use Web Services, and link
you to a greater technical community of developers and other
WebSphere users.
WebSphere Function
Area
Business integra- For integrating internal business processes, including processes
tion that involve IBM Business Partners and customers, WebSphere
offers the WebSphere Integration Developer. This tool is used to
develop the Business Process Execution Language (BPEL) pro-
cedures that run on the WebSphere Process Server. These
procedures simplify the implementation of applications and busi-
ness processes, including supply chain management and the
integration of existing processes with the Web.
Lesson Summary
In this lesson, you identified services and options used to extend and
enhance the functionality of the Lotus Domino environment. By using vari-
ous services, tools, and software products to extend the IBM Lotus Domino
environment, you can enhance and expand the services available to the
community.
Lesson Follow-up ■
Follow-up
In this course, you were introduced to foundational concepts needed to per-
form basic administrative tasks in a Lotus Domino 8 infrastructure. In
addition, that knowledge has prepared you to move forward and obtain the
additional knowledge needed for building a Lotus Domino 8 infrastructure or
managing the servers and users that make up a Lotus Domino 8
infrastructure.
What’s Next?
This course is the first in a series of system administration courses. The
material in IBM® Lotus® Domino® 8 System Administration Operating Fun-
damentals provides foundational knowledge needed to administer a Lotus
Domino 8 infrastructure. Once you have completed IBM® Lotus® Domino® 8
System Administration Operating Fundamentals, you can take either Build-
ing the IBM® Lotus® Domino® 8 Infrastructure or Managing IBM® Lotus®
Domino® 8 Servers and Users. The recommended next step in the series is
the Building the IBM® Lotus® Domino® 8 Infrastructure course.
133
Appendix A
The Worldwide
Corporation Infrastructure
Plan
About This Appendix
This appendix provides an overview of Worldwide Corporation’s
infrastructure. It is intended to provide an overall view of the environ-
ment as designed by the planning team. It does not provide details on
specific IBM® Lotus® Domino® functionality.
This document will be continually updated. Administrators should refer to
the Policies and Procedures application on any Worldwide Corporation
server for the latest version of this document.
IBM® Lotus Notes® and Domino is Worldwide Corporation’s global stan-
dard for electronic mail and for developing and deploying groupware
applications.
Organization Structure
The structure of Worldwide Corporation appears in the following figure.
User Needs
Worldwide Corporation’s users require the following access to applications.
Servers By Task
Worldwide Corporation will designate servers to specific tasks based on
Information Groups. The following table lists the servers, associated tasks,
and rationale behind the decision.
Internet Mes- Provides non-Domino mail ser- Use Lotus Domino server
saging vices, such as: to provide employees with
● POP3 access to non-Lotus
Domino mail files.
● IMAP
● SMTP
● NNTP
● LDAP
Servers By Location
Worldwide Corporation will have one Lotus Domino Domain (WWCorp) that
includes all Worldwide Corporation offices. Worldwide Corporation’s Internet
domain name has been registered as WWCorp.com.
Topology
Worldwide Corporation has selected a hub-and-spoke topology for ease of
management and future expansion. Each regional office will have a hub
server and one or more spoke servers. Each site will be set up to run inde-
pendently, although they will be connected to the corporate hub.
Connection documents are required for replication to tell the corporate hub
how and when to communicate with other servers and for spoke servers to
connect to the corporate hub.
Headquarters is the center of the infrastructure and houses the main hub
server, which has high-speed links running to the offices. Each individual
Lotus Domino server is responsible for its own mail routing and replication
events. The hub server is responsible for replication of the critical applica-
tions between all its spoke servers.
The following figure shows the locations and types of servers.
System Administration
System administration is locally controlled by region, but monitored from the
Corporate office. Administration tasks are controlled by regional
administrators. General policies and guidelines are maintained and distrib-
uted from the Corporate office. Implementation and design changes are
carried out after business justifications are submitted and approved.
All system administrators use the Lotus Domino Administrator and Web
Administrator for all administration tasks.
Network Strategy
Worldwide Corporation’s strategy includes these components:
● Incorporating TCP/IP as their primary network protocol.
● Using a global frame relay network as its global WAN.
● Providing high-bandwidth networking connections to all offices from
Headquarters.
● Upgrading existing server network cards as necessary to meet demand.
Directory Strategy
There will be only one Lotus Domino domain (WWCorp) for the entire
Worldwide Corporation Domino environment. The model matches the physi-
cal layout of the Worldwide Corporation WAN. The first configured server
(the corporate hub) will have full administration rights over the entire
domain.
The Lotus Domino Directory will reside on the corporate hub server at head-
quarters, and replicate to each regional hub server. The corporate hub will
create Directory Catalogs, and replicate to regional hubs for use by remote
users. Remote users can keep a local replica of the Directory Catalog on
the client for faster response time and timely encryption of messages.
System administrators will periodically update the Directory Catalog and rep-
licate once a day to hub servers.
Directory access is from:
● Lotus Notes clients
● Web browsers
● Other e-mail and directory clients
Replication Topology
A hub-and-spoke topology will be used for replication. This structure con-
sists of a main hub with two spoke servers, which are the regional hub
servers. Each regional hub server also has its own spoke servers.
The corporate hub server will be the primary hub and share control of repli-
cation with regional hub servers.
Streaming Replication
Connection documents are required for replication to tell the corporate hub
how and when to communicate with other servers and for spoke servers to
connect to the corporate hub. To take advantage of the new streaming repli-
cation feature in Lotus Domino 8, connections between Hub servers will use
the Pull/Pull replication strategy.
Administrators will create Connection documents between the WWCorp
Domain Hub and regional Hub servers using the Pull:Pull strategy. This will
take advantage of the speed of Streaming Replication. It is important to note
that WWCorp employees are not expected to access these servers, so all
Hub servers can share the replication workload.
Application Types
Types of applications will be separated and reside on different application
servers to isolate problems and simplify management. All applications will
be replicated to the corporate hub for central control and reliability.
Database Redirect
Administrators will use database redirect to automatically update client refer-
ences to databases that have been relocated or deleted.
Policies and pro- All regional appli- When changes Local languages
cedures cation servers are made and customs
application
Mail Administrators
Administrators must perform the following tasks:
● Store the Internet domain name in the Foreign SMTP and Global
Domain documents.
● List the inbound mail servers in the Mail Exchange (MX) records in the
Domain Name Service under the domain’s name. Only one is required.
(Note that load balancing for multiple servers is dependent on the algo-
rithm used by the client SMTP system to select a server from the MX
records.)
● Configure complete address lookup or configure local part only lookup
to identify each mail recipient’s mail server so that the router can make
the final delivery.
Mail clients
Initially, all mail users will have Lotus Notes mail files. In the future, some
mail users may use other Internet mail client software. At that time, World-
wide Corporation will set up select Internet POP3 Messaging Servers for
non-Notes mail clients to access mail files on the Lotus Domino server.
User Naming
The following table provides user naming conventions.
Type Syntax
Common name for Lotus Firstname Lastname
Domino environment
Server Naming
The following table provides examples for regional server names.
Naming Examples
The following table provides naming examples for international sites.
Create a new organiza- Use the standard country code that identifies the
tional unit. location of the organizational unit.
A new organizational unit for Canada might be:
/CN/WWCorp
Create a new user. Certify under the regional organizational unit where
the user works.
A new user named Sara Jones in London would be:
Sara Jones/UK/WWCorp
The corresponding Internet name would be:
Sara_Jones@WWCorp.com
Remote Access
Worldwide Corporation has determined specific Internet access for remote
employees, vendors, resellers, and customers, based on their needs.
Internet Access
The following Internet access will be used:
● Authenticated access for employees
● Public access Web server for vendors, resellers, and customers, includ-
ing controlled access to servers, applications, and data
The following table describes types of access.
Remote Users
Users at home offices that do not have direct connections to the WAN can
use an Internet Server Provider (ISP) to access the Lotus Domino system
through a local Firewall server.
Remote users can connect to their mail server through the local Firewall
servers.
Server Types
The following table lists the server licenses that will be used for each of the
server types.
File Structure
The following table lists the standard file structure on the servers.
Use the standard installation file paths whenever possible to ensure stan-
dardized training and ease of support and troubleshooting.
Note: Store Lotus Domino executables on a separate disk than Domino data for
better performance.
These areas of the Lotus Domino file structure are only accessible to desig-
nated personnel for installation purposes. All other Lotus Domino data is
protected by operating system security and is accessible to Lotus Domino
administrators only.
Configuration Documents
Every Worldwide Corporation server has its own Configuration document.
This ensures that each server configuration can be modified separately and
that there is a log of any changes made.
The Lotus Domino configuration application will be used for server setup to
streamline and automate setup.
A Configuration document exists for each server type (for example, hub,
mail, application) and is then distributed to other servers of the same type.
Before deleting a user from the Lotus Domino system, add the user to one
of these groups. This will ensure immediate denial to any Worldwide Corpo-
ration server.
Note: This is subject to replication of the changes throughout the domain, which will
take no longer than 60 minutes.
Standard Requirement
Application size quotas No application size quotas
Standard Requirement
Application names No database naming standards
Groups spanning the entire ● One group for all server administrators,
organization for example: GlobalAdmins
● Groups for specific categories of employ-
ees, for example: GlobalSales
Client Licenses
Client licenses will be:
● Lotus Notes Client for most users, all generic IDs, and any contractual
or affiliate accounts.
● Lotus Domino Designer for users who will create, modify, or design
databases.
● Lotus Domino Administrator for system administrators.
Client Deployment
Desktop, registration, and security policies will be used to set up users’
environments.
For Internet mail, account documents will be created locally for each mail
protocol. Mail will be stored in Notes Rich Text format.
Type Policy
Lotus Notes client IDs ● Certify all IDs using a Lotus Domino
certificate.
● Users responsible for secure or encrypted
information, such as pricing information to
resellers, will hold an Internet (X.509)
certificate.
● Stored on workstations for all users and
encrypted locally.
● Copies are kept in a secure location by
regional as well as corporate
administrators.
File Storage
Client-based data files, such as IDs, Notes.ini, and *.dsk, will be stored on
the workstation for all users and encrypted locally.
Task Procedure
❒ 1 Set up the first server.
Task Procedure
❒ 2 Add an administrator’s workstation.
❒ 6 Register administrators.
❒ 10 Register users.
Signing
Signing is used when the recipient of data wishes to verify the data has not
been tampered with. Important messages, such as authorizing release of
funds, should always be signed to verify authenticity.
Signing does not prevent tampering, but it does tell the recipient if tamper-
ing has occurred. If the message has been compromised, a message such
as Document has been modified or corrupted since signed displays in
the status bar.
Signing Example
Signing: The message data is signed with the sender’s private key. The sig-
nature is appended to the message along with the corresponding public key
and all of the sender’s certificates.
Verification: To verify the signature, the recipient uses the certificates to vali-
date the sender’s public key, which is then used to verify the signature.
If the recipient cannot validate the certificate, signature validation fails when
the recipient attempts to read the message.
Signing is also used in applications to track user edits to documents.
Signing Analogy
Signing is a very old concept. In medieval times, a king needed a way to
get secure messages to his knights. He used a secret seal that a knight
would examine before he left. There was only one seal and the king had
possession of it (sometimes it was a signet ring).
When the king would send secure messages, he would write the message,
seal it with wax, and press the seal into the wax. When a knight received
the message, he examined the seal to verify it was the king’s. If the seal
was not broken, he had the assurance that the message was really from the
king.
Dual key The keys are different and they work Outgoing mail
together. encryption
Software Description
® ®
IBM Lotus Supports immediate communication for users within an organi-
Sametime® zation through secure text messaging, audio and video, or full
collaborative meetings.
The Lotus Sametime family includes:
● Lotus Sametime server
■ T-120 compliant and works with Microsoft NetMeeting
■ Works with any browser or with Lotus Notes
■ Has audio and video capabilities to enhance online
meetings
● Lotus Sametime Connect client
● A range of Application Developer Tools
IBM® Lotus® Self-service Web tool for team collaboration. Users can create
QuickPlace® a secure and central workspace on the Web structured for
immediate participation, for teams to:
● Coordinate – people, tasks, plans, and resources
● Collaborate – share ideas and discussion, resolve issues,
co-author documents, exchange files, manage due dili-
gence
● Communicate – actions and decisions, key findings and
lessons, publish knowledge captured to a broader base of
readership
Lotus QuickPlace is available on five platforms and in fourteen
languages. Uses include:
● Project management
● Rapid response to ad-hoc initiatives
● Team Web sites
● To facilitate discrete business processes that span the
extended enterprise and value chain
IBM® Lotus® IBM Lotus Quickr is team collaboration software that helps
Quickr® you share content, collaborate and work faster online with
your teams -- inside or outside firewall.
Software Description
Lotus Connec- Collaborative software that combines components to provide
tions connection between people and the work objectives or com-
mon interests. The components of Lotus Connections that
work together are:
● Profiles
● Communities
● Blogs
● Dogear
● Activies
Software Description
Lotus Expedi- IBM® Lotus® Expeditor is IBM’s universal managed client soft-
tor ware to extend composite applications to laptops, desktops,
kiosks and mobile devices and is the follow-on release of IBM
WebSphere® Everyplace® Deployment. It can be used to
extend your IBM Lotus, IBM WebSphere, IBM® Workplace™
or Eclipse™ infrastructures to a managed client environment.
An alternative to Microsoft®.NET client software, Lotus Expe-
ditor provides the flexibility that comes from service oriented
architecture (SOA) and a standards-based programming
model from the OSGi™ Alliance and the Eclipse Foundation.
Lotus Orga- IBM Lotus Organizer 6.1 is an electronic day planner with tabs
nizer 6.1 for each section and pages that turn. You can quickly see all
your calendar, contacts, to do’s, calls, notes, Web information
and more at a glance. No more looking for sticky-note remind-
ers or lost scraps of paper. It’s all there, right before your
eyes.
Lotus Collaboration across time zones and locations has never been
Sametime easier -- or faster. IBM Lotus Sametime software helps you
Enterprise keep pace with your real-time work environment with market-
Meeting leading, award-winning enterprise instant messaging and Web
Server conferencing capabilities.
Lotus Team Lotus Team Workplace will allow your end-users to quickly
Workplace establish and participate in virtual communities working
towards a common set of goals, called teams. These teams
can create team workspaces, and start collaborating
immediately.
Software Description
Lotus Virtual IBM Lotus Virtual Classroom is easy to install and use, allow-
Classroom ing you to quickly and easily develop and deliver just-in-time
training to various audiences - anywhere, anytime. As one
component of the blended learning solution, IBM Lotus Virtual
Classroom integrates with IBM Lotus Learning Management
System, IBM Workplace Collaborative Learning, or with your
existing Learning Management System to protect your current
investments.
Workplace Cli- The foundation products and components of the IBM Work-
ent place Client Technology, Micro Edition family are available in a
Technology single package, Workplace Client Technology, Micro Edition
Client Micro 5.7, which provides an integrated platform for the extension of
Edition existing enterprise applications to server-managed client
devices.
● This package provides a platform for the extension of exist-
ing enterprise applications to server-managed client
devices such as desktop computers, laptop systems, per-
sonal digital assistants, (PDAs), and other mobile and
pervasive devices.
● The integrated package combines the tools (WebSphere
Studio Device Developer and Micro Environment Toolkit for
WebSphere Studio), run-times (WebSphere Everyplace
Micro Environment, Service Management Framework, and
WebSphere Everyplace Custom Environment), and
middleware (DB2e, MQe, Web Services) for building, test-
ing, and deploying server-managed client software to
pervasive devices.
Software Description
Workplace IBM® Workplace™ Collaboration Services is a single product
Collaboration that provides a full range of integrated ready-to-use communi-
Services cation and collaboration tools to enable people to do their jobs
more effectively – anytime, anywhere.
Software Description
Workplace IBM® Workplace™ Documents provides a low cost, standards-
Documents based collaborative document management solution for your
employees. IBM Workplace Documents makes it easy to
collaboratively create, organize and share important docu-
ments and information in a security-rich environment across
the organization.
The product facilitates document reviews and approvals,
versioning, search and private drafts for spreadsheet, presen-
tation, word processing, e-mail, drawing files, project plans
and more – so you can work collaboratively – on demand. It
provides a standard browser interface -- though for a more
feature enhanced ″rich client″ user experience, you can add
IBM® Workplace Managed Client™. IBM Workplace products
provide the front-end to IBM’s service oriented achitecture
(SOA) strategy.
Workplace for IBM® Workplace™ for Business Controls and Reporting helps
Business Con- provide a common platform for companies to easily document,
trols and evaluate and report the status of controls management across
Reporting multiple initiatives in your company.
IBM Workplace for Business Controls & Reporting v2.6 is now
available - improving business foresight with customizable,
self-assessment surveys, more in-depth real-time executive
dashboards and an agreement with the ISACA organization to
license CoBIT.
Software Description
Workplace IBM Workplace Forms Server 2.7 enables the creation and
Forms Server delivery of XML forms applications. It provides a common,
2.7 open interface to enable integration of e-forms data with
server-side applications using industry-standard XML
schemas.
Workplace for IBM® Workplace™ for SAP® Software leverages existing SAP
SAP software investments to help improve people productivity by integrating
SAP content with IBM leading collaboration and performance
management technology. SAP and IBM capabilities are com-
bined into role-based, high performance work environments.
Software Description
Workplace IBM® Workplace Managed Client™ delivers fully integrated
Managed Cli- server-managed collaboration to the end user’s desktop. It
ent provides flexibility and portability of client-side applications,
combined with server-side control and cost savings tradition-
ally associated with Web-based computing -- for the best of
both worlds. IBM Workplace Managed Client capabilities
include online and offline access to messaging, documents,
instant messaging, Activity Explorer, productivity tools, and
data access.
IBM Workplace Managed Client is built on IBM Workplace Cli-
ent Technology, the foundation for next-generation, network-
centric computing. Please contact your IBM sales
representative if you are interested in obtaining the IBM Work-
place Managed Client.
Workplace IBM Workplace Services Express gets any team up and run-
Services ning quickly with team collaboration, document management
Express and an integrated portal.
Featured Capablilites:
● Team Collaboration
● Document Management
● Ready to use
Software Description
Workplace IBM Workplace Web Content Management software offers
Web Content end-to-end Web content management -- content can be cre-
Management ated (using a WYSIWYG rich text editor), managed and
published to multiple Web sites.
● Streamlines content creation, lifecycle and publication
● Helps remove Webmaster/IT bottlenecks
● Publishes information on demand in minutes, not days
● Helps you tailor and personalize content by role or user
preference
● Ensures a consistent, professional look and feel across
multiple sites
Appendix D ■ Bibliography
I. General references
Consult these references for general information about Lotus Domino 8 and
Lotus Notes 8:
● Lotus Domino Administrator 8 online Help (Hint: Create a full text index
the first time you search, by selecting the Search view and searching
for text strings. To limit the number of documents returned by a search,
use wildcards and Boolean logic. For example, enter a search string
such as mail rules & journal* & quarantine.)
● Lotus Domino Administrator 8 online Help – Glossary view
● Lotus Notes 8 and Lotus Domino Designer 8 online Help
● Lotus developerWorks: http://www.ibm.com/developerworks/lotus
● Lotus Support Services: http://www.ibm.com/software/lotus/support/
● Lotus product documentation: http://www.lotus.com/ldd/doc
● Download and install the IBM Support Assistant (ISA) tool from http://
www.ibm.com/software/support/isa/
● Redbooks: http://www.redbooks.ibm.com
● Release notes for Lotus Notes 8, Lotus Domino 8 and Lotus Domino
Designer 8: http://www.lotus.com/ldd/notesua.nsf/RN?OpenView
● Download the book Inside Notes: The Architecture of Notes and the
Domino Server from: http://www.lotus.com/ldd/notesua.nsf/find/inside-
notes
Planning
Download the Redbook: A Roadmap for Deploying Domino in the Organiza-
tion from http://www.lotus.com/home.nsf/welcome/redbook.
Appendix D ■ Bibliography
Multi-user Installations
Refer to the following Lotus Domino Administrator 8 Help topic: Multi-user
installation
Naming Requirements
Refer to the following Lotus Domino Administrator 8 Help topic: Naming
rules.
License Tracking
Refer to the following Lotus Domino Administrator 8 Help topic: License
tracking.
Clusters
Refer to the following Lotus Domino Administrator 8 Help topic: Clusters.
Partitions
Refer to the following Lotus Domino Administrator 8 Help topic: Partitioned
servers.
Registering Users
Refer to the following Lotus Domino Administrator 8 Help topic: User
registration.
Appendix D ■ Bibliography
Administration Process
For more information on configuring the Administration Process, refer to the
following Lotus Domino Administrator 8 Help topic: Administration Process
Trusted Directories
Web users must be listed in the Domino Directory or a trusted directory in
order to access restricted resources on the Web server. For more informa-
tion on setting up Directory Assistance to authenticate via a trusted
directory, refer to the Lotus Domino Administrator 8 Help topic Directory
Assistance Document.
Mail Routing
Refer to the following Lotus Domino Administrator 8 Help topic: Planning a
mail routing topology.
Appendix D ■ Bibliography
Shared Mail
For more information on shared mail and unlinking shared mail files, refer to
the following Lotus Domino Administrator 8 Help topics:
● Shared mail overview
● How shared mail works
● Setting up shared mail databases
● Managing a shared mail database
Message Tracking
Refer to the following Lotus Domino Administrator 8 Help topic: Tracking a
mail message.
Mail Journaling
Download the IBM Lotus C API Toolkit for Notes and Domino 8 for more
information on how to combine journaling with third-party archiving tools.
The toolkit is available at http://www.ibm.com/developerworks/lotus/
downloads/toolkits.html.
Mail Controls
Refer to the developerWorks article titled Controlling spam: Advanced SMTP
settings in Lotus Domino.
SMTP Configurations
Refer to the following Lotus Domino Administrator 8 Help topic: Sending
mail outside the local Internet domain .
V. Replication
Consult the following resources for information about replication.
Server-to-Server Replication
Refer to the following Lotus Domino Administrator 8 Help topic: Scheduling
server-to server replication.
Replication Types
Refer to the following Lotus Domino Administrator 8 Help topic: Specifying
replication direction.
Appendix D ■ Bibliography
Backup Utilities
For more information on the backup utilities that are available for Domino 8,
refer to the following Web sites:
● Lotus developerWorks
● IBM® Tivoli® Software: http://www.ibm.com/software/tivoli/
Transaction Logging
Refer to the following articles available on the Lotus developerWorks Web
site:
● Assessing the impacts of new transaction logging features
● More on Domino 6 transaction logging
Appendix D ■ Bibliography
Server Monitoring
Refer to the following articles on the Lotus developerWorks Web site:
● Start using Domino 6 Server Health Monitoring now!
● Jim Rouleau on Domino 6 server availability
● The new Domino 6 NotesBench workloads: Heavier by request!
● Analyzing system resources with platform statistics
● Ask Professor INI: Agent variables
VII. Security
Consult the following resources for information about Lotus Domino security.
Server-based CA
Refer to the following Lotus Domino Administrator 8 Help topic: Domino
server-based certification authority.
Cross-certification
For more information on cross-certification and authenticating with other
organizations, refer to the following Lotus Domino Administrator 8 Help top-
ics:
● Issuing cross-certificates
● Examples of cross-certification
● Adding a Notes cross-certificate for IDs by Notes mail
● Adding a Notes cross-certificate for IDs by postal service
● Adding a Notes or Internet cross-certificate on demand
Appendix D ■ Bibliography
Internet Security
Refer to the following Lotus Domino Administrator 8 Help topics:
● Security
● SSL and S/MIME for clients
● Setting up an internet certificate authority
VIII. Troubleshooting
Consult the following resources for information about troubleshooting vari-
ous issues.
Error Messages
Look up any error messages on the Lotus Support Services Web site.
Appendix D ■ Bibliography
On the developerWorks Web site, refer to the article titled Testing TCP/IP
connection with NotesCONNECT.
If recent changes to a server include host name, IP address, or port names,
it may be necessary to clear some system fields in the Server document.
Refer to the following technotes on the Lotus Support Services Web site:
● How to Disable Server Cache of the Last Known Address
● Where are Server Addresses Cached in Notes and Domino?
Appendix D ■ Bibliography
Appendix D ■ Bibliography
Also refer to the following articles and white papers on the developerWorks
Web site:
● New workloads and features in Lotus Domino 7
● Lotus Domino 7 server performance, Part 1, Part 2, and Part 3
● Lotus Domino 7 performance in production at IBM on pSeries servers
● Troubleshooting application performance: Part 1: Troubleshooting tech-
niques and code tips
● Troubleshooting application performance: Part 2: New tools in Lotus
Notes/Domino 7
● IBM Lotus Domino 7 Performance Improvements
● Rules-of-thumb for monitoring Windows NT/2000 and Domino statistics
Place in certification
IBM® Lotus® Domino® 8 System Administration Operating Fundamentals is
listed as one of the preparation resources for the following exam:
Exam 847 - IBM Lotus Notes Domino 8 System Administration
Operating Fundamentals
This exam is part of the path for IBM Certified System Administrator - Lotus
Notes and Domino 8 certification. The complete path is described here:
IBM Associate System Administrator - Lotus Notes and Domino 8
Exam 847 - IBM Lotus Notes Domino 8 System Administration Operat-
ing Fundamentals
IBM Certified System Administrator - Lotus Notes and Domino 8
Successfully pass the following three exams:
● Exam 847 - IBM Lotus Notes Domino 8 System Administration
Operating Fundamentals
● Exam 848 - IBM Lotus Notes Domino 8 Building the Infrastructure
● Exam 849 - IBM Lotus Domino 8 Managing Servers and Users
IBM Certified Advanced System Administrator - Lotus Notes and
Domino 8
Exam information not yet available.
Step Action
1 Review the exam competencies.
Online learning This includes online tuto- See the individual exam
rials and other learning preparation page for rec-
resources. ommended online
learning resources.
For the most up-to-date resource listing for this exam, visit the individual
exam preparation page. Go to http://www.ibm.com/lotus/certification and
select the exam name from the Select an exam drop-down menu. These
individual pages will give you the most up to date list of resources available.
Course Strategy
Approach
The business context for this course is small- to medium-sized company
that is using Lotus Notes and Lotus Domino as their basic mail
infrastructure. The course uses the fictitious company Worlwide Corpora-
tion to provide scenarios for installing and setting up the infrastructure.
The company uses a single domain with Lotus Notes mail internally and
SMTP externally. This course assumes a classroom of 12 student
machines. To provide all students with a comprehensive hands-on expe-
rience, we have designed this course so that all students administer
their own servers. To accommodate this, we instruct students to use the
client and server software on the same machine. The Domino server
and Lotus Notes client software supports this configuration provided that
the server and client software is installed in separate directories on the
Recommended Agenda
The following table shows the recommended agenda for the class.
15 minutes Break
1 hour Lunch
15 minutes Break
Lesson 2
Activity 2-1:
Activity 2-2:
3. What is a domain?
A lotus Domino domain is a collection of servers and users that
share common domino directory information.
5. What is replication?
The process of exchanging modifications between replicas. Through rep-
lication, Lotus Notes makes all of the replicas essentially identical over
time.
Activity 2-4:
3. Approximately how much free disk space is there on the Hub server?
Answers will vary depending on your classroom equipment.
Activity 2-5:
33. What information is stored in the Domino Server Log file (log.nsf)?
✓ a) Server activity
✓ b) User activity
✓ c) Replication activity
✓ d) Database activity
Activity 2-6:
Activity 2-8:
Activity 2-10:
6. Of how many groups are you a member? (Hint: Use either the Manage
Groups tool or an action button).
Depends on classroom configuration. Show the Find Group Member
action button on the listing pane.
Lesson 3
Activity 3-1:
Activity 3-2:
Activity 3-3:
Activity 3-4:
Activity 3-5:
4. In the Security Settings section, does the server allow Lotus Notes
users to access anonymously?
Yes
✓ No
5. In the Security Settings section, does the server verify the user’s public
key before allowing access?
Yes
✓ No
6. Scroll to the Server access section. Who can create new databases
on the server?
Blank = All.
Activity 3-6:
Activity 3-7:
Lesson 4
Activity 4-1:
3. If there is more than one NNN, then which one of the following is the
best mechanism to route mail from server to server?
a) Program document
b) No action required
✓ c) Connection document
d) Configure a gateway
4. If high speed lines connect all Worldwide’s systems, which one of the
following would be the most appropriate mail routing topology?
a) Mixed
✓ b) Peer-to-peer
c) Ring
✓ d) Hub-and-spoke
Lesson 5 Follow-up
Lesson 5 Lab 1
access controls
Determine what information is available to the entity.
application
A solution to a particular business prblem that may contain one or more
databases and other components, such as Java scripts.
authentication
Establishes trust between two entities.
certificate
A unique electronic stamp stored in an ID file that associates a name
with a public key.
certifier ID
A file that generates the electronic stamp to indicate a trusted
relationship.
cluster
A group of two or more servers that provides users with constant access
to data, balances the workload between servers, improves server perfor-
mance, and maintains performance when you increase the size of the
Lotus Domino environment.
common certificate
A certificate derived from the same Lotus Notes or Internet (X.509) certi-
fier, or one of its ancestors in the organizational hierarchy.
composite application
A collection of two or more distinct applications that address a business
need for a specific group of users, and can be accessed from one
screen.
decrypt
To decode protected data.
domain
A collection of servers and users that share a single Lotus Domino
Directory.
encrypt
To protect data from unauthorized access.
group
A list of users and/or servers who have something in common. Each group
must have an owner, who is usually an administrator or a application
manager.
group types
Used to define the purpose of the group and determine the views in the
Lotus Domino Directory where the group name appears.
hierarchical name
Associates names with the certifiers in an organization.
Location document
One of six created by default when the Lotus Notes client is installed that
contain communication and location-specific settings for use with the Lotus
Domino administrator.
Lotus Domino Directory
A database that stores information that allows Lotus Domino servers and
clients to function properly.
Lotus Domino Enterprise Server
Includes the functionality of both the Lotus Domino Utility and Domino Mes-
saging Servers, including support for clusters.
Object Store
A place where all Notes data resides in the form of an NSF application.
organization
Defines the naming hierarchy for a Lotus Domino environment, which is
used for security.
organization certifier
A special file created at the time the first Domino server is set up in the
company.
organizational unit
Defines an organization’s hierarchy as it relates to people.
Person document
Describes a Lotus Notes or non-Lotus Notes user in the Lotus Domino
Directory.
private key
A key that is available to one owner (person, server, or certifier).
public key
A key that is available to everyone.
replica
A special copy of a database.
replication
The process of synchronizing documents from the same databases on dif-
ferent workstations or servers over time.
Replicator
A server task that is loaded, but not initiated, at server startup.
role
Identifies a set of users and/or servers.
Server document
Created when you register a server; it contains many of the settings that
define how your server operates.
server task
A program provided with the Lotus Domino server that runs when loaded
and activated.
signing
Used when the recipient of data wishes to verify the data has not been tam-
pered with.
T.120
A family of open standards that contain a series of communications and
application protocols and services which provide support for real-time,
multipoint communication.
Web client
A computer that can access Lotus Domino data on the server to display in a
browser.
A F
access control list, 73 Features of Lotus Notes 8, 6
access control options, 73 field-level replication, 107
anonymous, 71 File tab tasks, 31
authentication
access controls, 66
G
group, 29
C group types, 79
certificate, 67
certifier ID, 67
clients H
Lotus Notes, 5 hierarchical name, 56
Internet mail
cluster, 124
I
common certificate, 69
IBM® DB2, 127
Composite application, 10
IBM® Lotus Notes® and IBM® Lotus®
Configuration tab views, 39 Domino®, 3
IBM Websphere® Portal, 129
®
ID file types, 68
D
Internet (X.509) certificates, 67
Database and Applications Types, 10
deny list, 79
domain, 53 L
Domino standard services, 121 Location document, 5
Lotus Domino Directory, 12
Lotus Domino Enterprise Server, 4
E
Lotus Domino Messaging Server, 4
execution access, 85
Lotus Domino partitions, 126
Execution Control List (ECL), 85
S
N Server document, 4
Notes certificates, 67 server host names
common names, 61
server task, 14
O simple, 71
Object Store, 8
organization, 53
organization certifier, 54 T
organizational unit, 54 T.120, 127
Also See: organization
W
P Web client, 3
People & Groups tab, 30