Vous êtes sur la page 1sur 624

00 0789729180 FM 10/21/03 3:25 PM Page i

Lotus Notes ®

and Domino 6 ®

System
Administrator

Tony Aveyard
Karen Fishwick
00 0789729180 FM 10/21/03 3:25 PM Page ii

Lotus Notes ® and Domino ® 6 System Administrator Publisher


Exam Cram 2 Paul Boger
Copyright © 2004 by Que Publishing

All rights reserved. No part of this book shall be reproduced, stored in Executive Editor
a retrieval system, or transmitted by any means, electronic, mechanical, Jeff Riley
photocopying, recording, or otherwise, without written permission
from the publisher. No patent liability is assumed with respect to the
Acquisitions Editor
use of the information contained herein. Although every precaution
has been taken in the preparation of this book, the publisher and Carol Ackerman
author assume no responsibility for errors or omissions. Nor is any lia-
bility assumed for damages resulting from the use of the information Development Editor
contained herein. Lorna Gentry
International Standard Book Number: 0-7897-2918-0
Managing Editor
Library of Congress Catalog Card Number: 2003109276
Charlotte Clapp
Printed in the United States of America

First Printing: November 2003 Project Editor


Tonya Simpson
06 05 04 03 4 3 2 1

Copy Editors
Trademarks Krista Hansing
All terms mentioned in this book that are known to be trademarks or Karen Annett
service marks have been appropriately capitalized. Que Publishing can-
not attest to the accuracy of this information. Use of a term in this
book should not be regarded as affecting the validity of any trademark Indexer
or service mark. Heather McNeill

Lotus Notes is a registered trademark of IBM Corporation.


Proofreader
Domino is a registered trademark of IBM Corporation. Juli Cook

Warning and Disclaimer Technical Editors


Every effort has been made to make this book as complete and as accu- Dennis Teague
rate as possible, but no warranty or fitness is implied. The information David Wilde
provided is on an “as is” basis. The authors and the publisher shall have
neither liability nor responsibility to any person or entity with respect Team Coordinator
to any loss or damages arising from the information contained in this
Pamalee Nelson
book or from the use of the CD or programs accompanying it.

Multimedia Developer
Bulk Sales Dan Scherf
Que Publishing offers excellent discounts on this book when ordered
in quantity for bulk purchases or special sales. For more information,
please contact Page Layout
Bronkella Publishing
U.S. Corporate and Government Sales
1-800-382-3419
corpsales@pearsontechgroup.com

For sales outside the U.S., please contact

International Sales
1-317-428-3341
international@pearsontechgroup.com
00 0789729180 FM 10/21/03 3:26 PM Page iii

Que Certification • 800 East 96th Street • Indianapolis, Indiana 46240

A Note from Series Editor Ed Tittel


You know better than to trust your certification preparation to just
anybody. That’s why you, and more than two million others, have
purchased an Exam Cram book. As Series Editor for the new and
improved Exam Cram 2 series, I have worked with the staff at Que Certification to
ensure you won’t be disappointed. That’s why we’ve taken the world’s best-selling
certification product—a finalist for “Best Study Guide” in a CertCities reader poll
in 2002—and made it even better.
As a “Favorite Study Guide Author” finalist in a 2002 poll of
CertCities readers, I know the value of good books. You’ll be
impressed with Que Certification’s stringent review process,
which ensures the books are high-quality, relevant, and
technically accurate. Rest assured that at least a dozen industry
experts—including the panel of certification experts at
CramSession—have reviewed this material, helping us deliver an
excellent solution to your exam preparation needs.
We’ve also added a preview edition of PrepLogic’s powerful, full-featured test
engine, which is trusted by certification students throughout the world.
As a 20-year-plus veteran of the computing industry and the original creator and
editor of the Exam Cram series, I’ve brought my IT experience to bear on these
books. During my tenure at Novell from 1989 to 1994, I worked with and around
its excellent education and certification department. This experience helped push
my writing and teaching activities heavily in the certification direction. Since then,
I’ve worked on more than 70 certification-related books, and I write about
certification topics for numerous Web sites and for Certification magazine.
In 1996, while studying for various MCP exams, I became frustrated with the
huge, unwieldy study guides that were the only preparation tools available. As an
experienced IT professional and former instructor, I wanted “nothing but the facts”
necessary to prepare for the exams. From this impetus, Exam Cram emerged in
1997. It quickly became the best-selling computer book series since “…For
Dummies,” and the best-selling certification book series ever. By maintaining an
intense focus on subject matter, tracking errata and updates quickly, and following
the certification market closely, Exam Cram was able to establish the dominant
position in cert prep books.
You will not be disappointed in your decision to purchase this book. If you are,
please contact me at etittel@jump.net. All suggestions, ideas, input, or constructive
criticism are welcome!
00 0789729180 FM 10/21/03 3:26 PM Page iv

Expand Your Certification Arsenal!

Lotus Notes and Domino 6


Application Development
Exam Cram 2
(Exam 610, 611, 612)
Tim Bankes and David Hatter
ISBN 0-7897-2917-2
$39.99 US/$60.99 CAN/£28.99 Net UK

• Key terms and concepts highlighted at the start of each chapter


• Notes, Tips, and Exam Alerts advise what to watch out for
• End-of-chapter sample Exam Questions with detailed discussions
of all answers
• Complete text-based practice test with answer key at the end of
each book
• The tear-out Cram Sheet condenses the most important items
and information into a two-page reminder
• A CD that includes PrepLogic Practice Tests for complete
evaluation of your knowledge
• Our authors are recognized experts in the field. In most cases,
they are current or former instructors, trainers, or consultants—
they know exactly what you need to know!

www.examcram2.com
00 0789729180 FM 10/21/03 3:26 PM Page v

From Tony Aveyard


I dedicate this book to the following people:
Kathi, my wife and my best friend: My life is richer because of you and was
incomplete until you joined it. Thanks for always sticking with me and
believing in me. My dreams have come true and still do because of you.
Marie, my daughter, my friend, and one of the reasons I was able to sur-
vive as a single parent for seven years: You are the twinkle in a father’s
eye, and I will always regret the day when you move out to make your own
life. Thanks for all the memories you gave your dad.
Garet, my computer partner and movie-going buddy: Don’t forget that I
can beat you at Unreal Tournament! You’re a lot of fun to be around, and
the way you look at life is refreshing and exhilarating. I love the time we
spend together and the way you laugh at the Stooges and MXC.
Terry Brooks: Your work inspires me, and when I read your books I feel like
I know the Ohmsfords personally. Thanks for all the memories and for the
inspiration. I know this isn’t a book of fiction, but at least I’m writing!
Thanks, Terry.
And last but not least, God: for giving me the strength to write again and
the patience and endurance to finish the task.
From Karen Fishwick:
I’d like to dedicate this book to my children, Beth and Cam. Thanks for
being willing to share Mommy with the computer and for obeying the sign
on the door.

00 0789729180 FM 10/21/03 3:26 PM Page vi

About the Authors


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Tony Aveyard has been in the IT business for more than 20 years. During
his career, he has worked on the desk side support team and the data com-
munications team, and has spent more than seven years in Notes adminis-
tration. He’s currently leading the Web & eBusiness team for Siemens
Business Services in Mason, Ohio. He lives in Cincinnati, Ohio, with Kathi,
his lovely bride of five years; his two kids, Marie and Garet; and the beloved
family dog, Tango. FPS and role-playing computer games are still a passion
after many years of world-conquering and Orc-killing, but the desire nearest
his heart is to be a full-time fiction writer and share his adventures with the
world.
Karen Fishwick has been actively working with Notes and Domino since
Release 3. She became a Certified Lotus Professional in Release 3 in 1995
and a Certified Lotus Instructor in 1996. She has upgraded that certification
through each release of Notes/Domino and now holds the CLP designation
for R6 in both the system administration and application development
tracks.
Karen has been delivering the certified Lotus curriculum to students all over
Canada for more than eight years. Based in Ottawa, Canada, she provides
consulting and training services to a wide array of both public- and private-
sector clients.
She has been involved as an author or technical editor for many book proj-
ects over the past five years. Karen is ideally suited to be a co-author of this
book because of her long-standing experience with the Lotus certification
tests. She has written exams in every release of the Domino System
Administration track, from R3 to R6. She has also participated as author or
editor in books dealing with Domino certification for R4, R5, and R6.
As an independent consultant, Karen has assisted many clients with both
administration and development projects. Her focus over the past couple of
years has been in the areas of administrative troubleshooting for servers and
resolving access-control problems within applications.
00 0789729180 FM 10/21/03 3:26 PM Page vii

Karen currently lives in Ottawa with her husband, Warren, and her 4-year-
old twins, Beth and Cam. In her spare time, she enjoys cooking, playing
sports, and taking an active role in her local church.

About the Contributing Author


Randy Smith lives in Omaha, Nebraska with his wife, Patty, and two sons,
Kevin and Eric. He began his Lotus Notes/Domino consulting career in
1996 and founded R.D. Smith Consulting in 2000. Randy is an IBM
Certified Advanced System Administrator and an IBM Certified Advanced
Application Developer in Lotus Notes/Domino 6. He has also attained
Principal CLP certification in Lotus Notes/Domino R5 and R4 for both
Application Development and System Administration. He is currently con-
sulting at the State of Nebraska, where he supports their Lotus
Notes/Domino infrastructure and mentors their Lotus Notes development
teams.
00 0789729180 FM 10/21/03 3:26 PM Page viii

About the Technical Editors


Dennis Teague has been working with Lotus Notes/Domino since version
4 came out. He has worked for several worldwide firms over the years doing
Notes administration and network support. He has obtained his CLP in R4,
R5, and R6 and his PCLP in R4 and R5 in Notes Administration. Thanks to
his wife for all her help in getting these certifications in Notes and Domino—
.
drilling him with question after question until he knew why the answer was
right versus knowing, when she started out saying “Heidi is a Domino admin-
istrator and has a user Milo that is having a problem replicating...,” that the
answer was C. He is glad that his wife, Susan, and his two sons, Trevor and
Devon, allowed him the time to tech edit this book, so as to reinforce some
of the practices he is already using in R6 and remind him of some other fea-
tures that could be implemented.
David C. Wilde is a Lotus Notes senior consultant and Team Lead with the
fourth-largest independent information technology services firm in North
America. His team is responsible for maintaining a Lotus Notes environment
that supports well over 20,000 users spread across Canada and the United
States. His expertise in system security and back-end system integration is in
high demand, and he has been utilized to perform security audits for many of
these clients.
David has more than 17 years of IT experience and has been specializing in
Lotus Notes for the last 8 years, with considerable time spent in both System
Administration and Application Development capacities. His Lotus Notes
background includes certifications as an IBM certified Advanced System
Administrator—Lotus Notes and Domino in versions 4, 5 and 6, as an IBM
Advanced Application Developer—Lotus Notes and Domino in versions 4, 5
and 6, and as an IBM Certified for e-business Solution Advisor.
David is also the former president and founder of the CONDORS Lotus
Notes and Domino User’s Group located in Saskatchewan, Canada. David is
currently working toward his WebSphere and SUN Java certifications.
00 0789729180 FM 10/21/03 3:26 PM Page ix

Acknowledgments
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

I would like to thank Carol Ackerman for giving me the chance to write
again and believing in me. Her patience and support have been invaluable in
driving me to keep pressing forward. I would also like to say thanks to my
friends and co-workers who gave me the encouragement and showed gen-
uine excitement at my chance to participate in another project. Andrew,
Chris, Eric, Heather, Ken, and Susan, you’re the best.
—Tony Aveyard
I’d like to thank Que Certification for allowing me the opportunity to work
with them again on an interesting publication. Thanks also to my husband,
Warren, for supporting me through the endless writing times, and to my par-
ents, who help so much with child care for my kids so that I can work on
projects like this one.
—Karen Fishwick
00 0789729180 FM 10/21/03 3:26 PM Page x

.
00 0789729180 FM 10/21/03 3:26 PM Page xi

Contents at a Glance
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Introduction xxv
Self-Assessment xxxi
Chapter 1 Overview of Domino System Administration
Certification Exams 1
Part I: Exam 620
Chapter 2 Installing and Configuring 13
Chapter 3 Mail 35
Chapter 4 Managing and Maintaining 61
Chapter 5 Replication 99
Chapter 6 Security 127
Part II: Exam 621
Chapter 7 Installing and Configuring 161
Chapter 8 Mail 189
Chapter 9 Monitoring Server Performance 207
Chapter 10 Replication 255
Chapter 11 Security 279
Part III: Exam 622
Chapter 12 Managing Non-Notes and Notes Clients 317
Chapter 13 Setting Up Server Monitoring 327
Chapter 14 Managing Servers 337
Chapter 15 Managing Users and Groups 363
00 0789729180 FM 10/21/03 3:26 PM Page xii

Chapter 16 Monitoring Server Performance 379


Chapter 17 Resolving Server Problems 391
Chapter 18 Resolving User Problems 407
Part IV: Sample Exams
Chapter 19 Practice Exam 620 425 .

Chapter 20 Answer Key for 620 445


Chapter 21 Practice Exam 621 463
Chapter 22 Answer Key for 621 485
Chapter 23 Practice Exam 622 499
Chapter 24 Answer Key for 622 519
Part V: Appendixes
Appendix A Resources 535
Appendix B What’s on the CD-ROM? 537
Appendix C Using the PrepLogic Practice Exams, Preview
Edition Software 539
Glossary 547
Index 565
00 0789729180 FM 10/21/03 3:26 PM Page xiii

Table of Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Introduction.....................................................................xxv

Self-Assessment ..............................................................xxxi

Chapter 1
Overview of Domino System Administration Certification Exams .......1
Assessing Exam-Readiness 2
The Exam Objectives 3
The Exam Situation 4
Exam Layout and Design 5
Lotus’s Testing Formats 7
Exam-Taking Techniques 7
Mastering the Inner Game 9
Additional Resources 9

Part I Exam 620 .......................................................11


Chapter 2
Installing and Configuring ...................................................13
Registering Servers 14
Server Setup 14
Setting Up Additional Domino Servers 16
Setting Up Server Protocols and Ports 17
Implementing a Hierarchical Naming Scheme 18
Maintaining Domino Certifier IDs 18
Configuring Directories 19
Understanding the Domino Domain 19
Implementing Distributed Versus Centralized Directories 20
Creating Groups in the Directory 21
Setting Up Administration Groups 22
Notes Client Configuration 22
Registering New Users 22
Installing Clients of Different License Types 23
Setting Up and Configuring a Notes R6 User 24
00 0789729180 FM 10/21/03 3:26 PM Page xiv

xiv Table
. . . .of. Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Deploying Notes User Authentication—Notes ID 25


Maintaining Notes User IDs 26
Applying Policy Documents 26
Applying Policies During New User Registration 27
Applying Policies to Existing Users 27
Exam Prep Questions 29
Need to Know More? 33

Chapter 3
Mail .............................................................................35
Server Messaging Configuration 36
Setting Up and Configuring Mail Routing 36
Setting Up and Configuring Message Distribution Using
Schedules 38
Forcing Mail to Route to a Specific Server 40
Monitoring and Maintaining Mail Routing 41
Troubleshooting Routing Problems 46
Basic Messaging Settings 48
Creating Archiving Policies 48
Implementing Mail Quotas 51
Understanding Mail Encryption 52
User Messaging Configuration 53
User Preferences Related to Mail 53
Setting Workstations for Different Locations 54
Exam Prep Questions 56
Need to Know More? 60
Chapter 4
Managing and Maintaining .................................................61
Application Deployment 62
Deploying Server-Based Applications 62
Deploying HTML-Based Applications 64
Deploying Web Applications for Internationalization 65
Deploying Applications Based on Coding: Formula Language,
LotusScript, JavaScript, C 66
Deploying Applications Based on Document Characteristics:
Document Size 69
Managing Application Design 70
Distributing Application Design Changes Using the Design
Task 70
Replicating Design Changes 73
00 0789729180 FM 10/21/03 3:26 PM Page xv

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Table
. . .of. Contents
xv
. . . . .

Application Maintenance 73
Monitoring Application Size 74
Maintaining Data Integrity 75
Domino Server Monitoring and Maintenance 77
Monitoring Server Tasks 77
Monitoring and Managing Log Files 78
Monitoring and Managing Web Services 80
Setting Up and Configuring Administration Monitoring
Tools 84
Other Maintenance Tasks 87
Migrating from a Distributed Directory to a Central
Directory 87
Creating a Policy Synopsis to Determine an Effective
Policy 88
Maintaining Users 89
Maintaining Groups 91
Exam Prep Questions 93
Need to Know More? 98
Chapter 5
Replication .....................................................................99
The Replica Task 100
Understanding Document Replication Order 101
Setting Up and Configuring Replication Through Force 101
Forcing Replication Using the Server Console 102
Setting Up and Configuring Replication Through Scheduling 104
Replication Topologies 104
Creating a Replication Connection Document 106
How Access Control Lists Affect Replication 108
Guidelines for Assigning Server Access to Databases 109
Other Access Control Settings That Affect Replication 112
Resolving Replication and Save Conflicts 113
Choosing Which Document to Keep 114
Using Design or Administration Techniques to Prevent
Replication or Save Conflicts 114
Clustered Replication 115
Monitoring and Maintaining Replication 116
Monitoring Replication History 116
Viewing the Replication Events View in the Log File 117
Using an Event Generator to Monitor Replication 118
Viewing Replication Schedules 118
Replication-Topology Maps 118
00 0789729180 FM 10/21/03 3:26 PM Page xvi

xvi Table
. . . .of. Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Exam Prep Questions 120


Need to Know More? 125

Chapter 6
Security ........................................................................127
Physical Security 128
Securing Domino Applications Based on Password
Encryption 129
Domino Server Security 129
Securing Domino Resources Based on Notes
Authentication 130
Securing Domino Resources Based on the Domino
Directory 131
Securing Domino Resources Based on Web
Authentication 134
Setting Up and Configuring Server Access 135
Monitoring and Maintaining Server Access Control 139
Troubleshooting Common Server Access Problems 140
Domino Application Security 141
Understanding the ACL 141
Securing Applications with Groups 144
Securing Applications with Authors Fields 146
Securing Applications with Readers Fields 146
Troubleshooting Data Access Control Problems 148
Creating Security Policies 149
Exam Prep Questions 152
Need to Know More? 157

Part II Exam 621 ......................................................159


Chapter 7
Installing and Configuring ..................................................161
Capacity Planning Based on Performance 162
Installing a Notes/Domino Release 6 Server 163
Setting Up Servers of Different Types 164
Running the Installation Program 164
Setting Up and Configuring a Notes/Domino Release 6 Server 165
Setting Up/Configuring Directories 169
Deploying a Corporate Standard Welcome Page 170
Creating/Registering Certificates 172
Creating an Organization Certifier ID 173
Creating an Organizational Unit Certifier ID 174
Creating/Registering Users 175
00 0789729180 FM 10/21/03 3:26 PM Page xvii

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Table
. . .of. Contents
xvii
. . . . .

Certifying with a CA Key 175


Setting Up Multiuser Support 176
Setting Up Workstations for Different Clients 176
Setting Up/Configuring Calendaring and Scheduling 177
Setting Up Servers for Sharing Resources 177
Defining the Database ACL 178
Completing the Site Profile 178
Setting Up/Configuring Transaction Logging 179
Planning the Transaction Logging Implementation 180
Setting Up Transaction Logging on the Server 181
Setting Up Servers for Load Balancing and Failover 181
Applying Policy Documents to Existing Users 183
Migrating from a Distributed Directory to a Central Directory 183
Exam Prep Questions 185
Need to Know More? 188
Chapter 8
Mail ............................................................................189
Setting Up and Configuring Message Distribution Using
Notes-Based Mail 190
Notes Routing to External Domains 191
Implementing and Changing Mail Quotas 195
Configuring Message Tracking 197
Deploying Applications Based on Routing Fundamentals 199
Exam Prep Questions 202
Need to Know More? 205

Chapter 9
Monitoring Server Performance ............................................207
Adding/Moving/Upgrading/Deleting Databases 208
Backing Up/Verifying and Restoring Databases 210
Creating Archiving Policies 210
Deploying Applications Based on Coding 212
Deploying Applications Based on Design Elements 212
Deploying Applications Based on Design Elements: Shared Versus
Nonshared 214
Deploying Applications Based on How Attachments Are
Handled 214
Deploying Applications Based on Replication Fundamentals 215
Deploying Based on the NSF Structure: NSF Components 215
Deploying Server-Based Applications: HTML 216
Distributing Application Design Changes Based on Design 216
Enabling/Disabling Compression 218
00 0789729180 FM 10/21/03 3:26 PM Page xviii

xviii Table of Contents


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Maintaining Domino Server IDs 218


Maintaining Domino User IDs 220
Managing Users 220
Creating and Setting Up Roaming Users 221
Maintaining User Profiles 222
Changing User Names 223
Deleting Users 225
Using the Administration Process 225
Monitoring Server Tasks 226
Monitoring/Maintaining Domains 228
Monitoring/Maintaining Mail Routing 229
Tracking Messages 230
Resolving Mail Routing Errors 231
Monitoring/Maintaining/Repairing Databases 231
Monitoring Database Size 232
Using Database Maintenance Utilities 232
Other Database Maintenance Tasks 234
Monitoring/Modifying Application Access Control 235
Setting Up Authentication 236
Setting Up/Configuring/Monitoring Monitors 236
Troubleshooting Administration Process Problems 237
Troubleshooting Clustering Problems 238
Troubleshooting Network/Protocol Problems 239
Troubleshooting Partitioning Problems 239
Troubleshooting Port (Modem) Problems 240
Troubleshooting User Problems 241
Using a Java-Based Domino Console 241
Launching jconsole 241
Using jconsole 242
Exiting from jconsole 244
Using Distributed and Centralized Directories 244
Using the Remote Console 245
Managing User Passwords 247
Monitoring/Maintaining Domain Access 247
Exam Prep Questions 249
Need to Know More? 253

Chapter 10
Replication ....................................................................255
Setting Up and Configuring Replication Through Force 256
Forcing Replication Using the Notes Client 257
Forcing Replication Using the Domino Administrator
Client 258
00 0789729180 FM 10/21/03 3:26 PM Page xix

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Table
. . .of. Contents
xix
. . . . .

Setting Up and Configuring Replication Through Scheduling 260


Streaming Replication 263
Planning Applications Based on the Impact of Replication on
Document Distribution 263
Understanding How the ACL Affects Replication 265
Guidelines for Assigning Server Access to Databases 266
Understanding Changes to xACL Replication 269
Replicating Design Changes 270
Monitoring and Maintaining Replication 271
Exam Prep Questions 273
Need to Know More? 277
Chapter 11
Security.........................................................................279
Setting Up Authentication 280
Setting Up and Configuring ID Backup and Recovery 282
Specifying Recovery Information for a Certifier ID File and
Creating a Mail-In Database to Store Backup ID Files 282
Making User ID Files Recoverable 284
Recovering an ID File 286
Managing User Passwords 287
Using the ICL and the CRL 289
The Issued Certificate List (ICL) 290
Certificate Revocation List (CRL) 290
Setting Up and Configuring Server Access 291
Troubleshooting Common Server Access Problems 293
The Administrator Can’t Enter Commands at the Server 293
Users Can’t See a New Server in the List of Servers 294
The Server Is Not Responding 294
Adding Security to an Application 294
Designing a Secure Application—Security Versus
Deterrence 295
Setting Up and Configuring Agent Access 297
Monitoring and Maintaining Agents 300
Setting Up and Configuring Database Access Using the
ACL 302
Securing Applications with Roles 304
Securing Applications with Authors Fields and Readers
Fields 305
Troubleshooting User Access Problems 306
Users Report That They Can’t Access the Database 306
Users Can’t Find a New Server in the List of Servers 307
00 0789729180 FM 10/21/03 3:26 PM Page xx

xx Table
. . . .of. Contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Users Complain That They Can’t Seem to “See” All the


Documents in the Database 307
A User Complains That He Can’t Edit a Document That He
Created in the Database 307
Users Complain That They Can’t Create Agents in the
Database 308
Users Complain That They Don’t Have the Correct Access
Level Within the Database 308
Exam Prep Questions 309
Need to Know More? 313

Part III Exam 622 .....................................................315


Chapter 12
Managing Non-Notes and Notes Clients .................................317
Applying Policy Documents to New Users 318
Setting Up Browser Clients 319
Setting Up Version Reporting and Updating Client Software 320
Exam Prep Questions 322
Need to Know More? 325

Chapter 13
Setting Up Server Monitoring ..............................................327
Creating Event Generators 328
Creating Event Handlers 329
Enabling Agent Logging 329
Identifying Mechanisms for Collecting Server Information 330
Starting the Statistics Collectors Task 331
Exam Prep Questions 333
Need to Know More? 336
Chapter 14
Managing Servers ...........................................................337
Analyzing Activity Data 338
Applying Policy Documents to Existing Users 341
Automating Server Tasks 342
Changing Administrator Access 343
Changing Server Access 344
Configuring Domino Network Names 344
Creating Security Policies 345
Decommissioning a Server 346
Defining a Backup Process 347
Defining Domino Domains 348
00 0789729180 FM 10/21/03 3:26 PM Page xxi

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Table
. . .of. Contents
xxi
. . . . .

Enabling Protocols 349


Enabling Transaction Logging 349
Transaction Logging Versions 350
Implementing Transaction Logging 350
Identifying a Registration Server 351
Implementing Distributed and Centralized Directories 352
Recertifying a Server ID 353
Searching for Server References in a Domain 354
Setting Up Authentication with Other Domino Organizations 355
Creating a New Organization Certifier ID 356
Creating a New Organizational Unit ID 356
Exam Prep Questions 358
Need to Know More? 362
Chapter 15
Managing Users and Groups ...............................................363
Changing a User’s Group Membership 364
Changing a User’s Location in the Hierarchy 365
Changing a User’s Name 367
Deleting Groups 368
Deleting Users 368
Extending a Notes ID’s Expiration Date 369
Managing Groups 370
Modifying Person Documents 371
Moving a User’s Mail File 371
Renaming Groups 372
Setting Up Roaming Users 372
Exam Prep Questions 375
Need to Know More? 378
Chapter 16
Monitoring Server Performance ...........................................379
Using the Domino Console 380
Using the Domino Web Administrator 382
Viewing Real-Time Statistics 384
Viewing Statistics with Server Monitor 385
Exam Prep Questions 387
Need to Know More? 390

Chapter 17
Resolving Server Problems ................................................391
Monitoring Application Size 392
Monitoring Server Tasks 393
00 0789729180 FM 10/21/03 3:26 PM Page xxii

xxii Table of Contents


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Recovering from a Server Crash 393


Solving Agent Manager Issues 394
Solving Authentication and Authorization Issues 395
Verifying Correct Domino Directory Setup 396
Verifying Server ID 397
Troubleshooting User Problems 397
Troubleshooting Administration Process Problems 397
Troubleshooting Replication Problems 398
Troubleshooting Mail Routing Issues 399
Using Event Triggers to Troubleshoot Problems 400
Exam Prep Questions 401
Need to Know More? 405
Chapter 18
Resolving User Problems ...................................................407
Tracking User Mail Messages 408
Troubleshooting Routing Problems 408
Troubleshooting Server Access Problems 409
Directory Errors 410
Other Techniques for Troubleshooting Server Access
Problems 411
Troubleshooting Connection Problems 411
Troubleshooting Data Access Control Problems 412
Troubleshooting Database Issues 413
Troubleshooting Workstation Problems 416
Exam Prep Questions 417
Need to Know More? 421

Part IV Sample Exams ...............................................423


Chapter 19
Practice Exam 620 ...........................................................425

Chapter 20
Answer Key for 620 ..........................................................445

Chapter 21
Practice Exam 621 ...........................................................463

Chapter 22
Answer Key for 621 ..........................................................485

Chapter 23
Practice Exam 622 ...........................................................499
00 0789729180 FM 10/21/03 3:26 PM Page xxiii

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Table
. . .of. Contents
xxiii
. . . . .

Chapter 24
Answer Key for 622 ..........................................................519

Part V Appendixes ...................................................533


Appendix A
Resources .....................................................................535
Print Resources 535
Web Resources 535

Appendix B
What’s on the CD-ROM ......................................................537
The PrepLogic Practice Exams, Preview Edition Software 537
An Exclusive Electronic Version of the Text 538

Appendix C
Using the PrepLogic Practice Exams, Preview Edition Software .....539
The Exam Simulation 539
Question Quality 540
The Interface Design 540
The Effective Learning Environment 540
Software Requirements 540
Installing PrepLogic Practice Exams, Preview Edition 541
Removing PrepLogic Practice Exams, Preview Edition from Your
Computer 541
How to Use the Software 542
Starting a Practice Exam Mode Session 542
Starting a Flash Review Mode Session 543
Standard PrepLogic Practice Exams, Preview Edition
Options 543
Seeing Time Remaining 544
Getting Your Examination Score Report 544
Reviewing Your Exam 544
Contacting PrepLogic 545
Customer Service 545
Product Suggestions and Comments 545
License Agreement 545

Glossary .......................................................................547

Index ............................................................................565
00 0789729180 FM 10/21/03 3:26 PM Page xxiv

We Want to Hear from You!


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

As the reader of this book, you are our most important critic and commenta-
tor. We value your opinion and want to know what we’re doing right, what we
could do better, what areas you’d like to see us publish in, and any other words
of wisdom you’re willing to pass our way.
As an executive editor for Que Publishing, I welcome your comments. You
can email or write me directly to let me know what you did or didn’t like about
this book—as well as what we can do to make our books better.
Please note that I cannot help you with technical problems related to the topic of this
book. We do have a User Services group, however, where I will forward specific tech-
nical questions related to the book.
When you write, please be sure to include this book’s title and author as well
as your name, email address, and phone number. I will carefully review your
comments and share them with the author and editors who worked on the
book.
Email: feedback@quepublishing.com

Mail: Jeff Riley


Executive Editor
Que Publishing
800 East 96th Street
Indianapolis, IN 46240 USA
For more information about this book or another Que Certification title, visit
our Web site at www.examcram2.com. Type the ISBN (excluding hyphens) or the
title of a book in the Search field to find the page you’re looking for.
00 0789729180 FM 10/21/03 3:26 PM Page xxv

Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Welcome to the Notes and Domino 6 System Administration certification


IBM CP Exam Cram. The purpose of this book is to prepare you to take—and
pass—the IBM/Lotus Certified Professional exams for version 6. This intro-
duction explains the IBM Certified Professional exam and gives you an idea of
the preparations required in getting ready to take the test. Additional infor-
mation about Prometric and exam locations can be found at www.prometric.com.
Exam Cram books are not teaching guides. They assume that the reader has
some familiarity with the subject matter and are used to reinforce and pre-
pare the tester for the exams. They will not teach you how to fully operate a
specific application or system, but they enable you to focus on passing the
exam based on your experience and study. The authors have taken the exams
and attempt to prepare you for the types of material that can be covered and
items of specific importance.

Whom Is This Book For?


Nothing can prepare you for the exam better than actually using the product
on a regular basis. Lotus Notes administration can be a challenging but
rewarding experience, and the enhanced capabilities Lotus has introduced in
version 6 have made it even more flexible and powerful as a workflow appli-
cation.
The most complete training program you can experience is actually per-
forming the administrative tasks on a regular basis. On-the-job training,
along with supervised classroom instruction led by a trainer who has actually
had experience running a Notes Network, is invaluable to becoming a world-
class administrator. Reading a book or taking a CBT will help you understand
the basics of how the Notes components all work together, but nothing can
compare to spending a weekend upgrading or installing a server and encoun-
tering all of the “challenges” that can occur. Experience is the best teacher,
and it will set you apart from the other Notes IBM CPs who have only a
paper certification with no real experience. We strongly recommend that if
00 0789729180 FM 10/21/03 3:26 PM Page xxvi

xxvi Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

you are not currently involved in daily Notes Administration, you download
and install the R6 server and client trials at www.lotus.com.

The Lotus Notes and Domino 6


System Administration Certification
CLP Exams
To achieve the IBM CP certification, you must pass three separate tests:
➤ Exam 620: “Notes Domino 6 System Administration Operating
Fundamentals.” The skills tested in this exam include installing and con-
figuring Domino Servers, using Mail, managing and maintaining Servers,
using replication, and managing security.

After you have passed the Exam 620, you earn a certification of Certified
Lotus Specialist.
➤ Exam 621: “Notes Domino 6: Building the Infrastructure.” The skills
tested in this exam are also installing and configuring Domino domains,
using Mail, managing and maintaining Domino domains, using replica-
tion, and managing security.
➤ Exam 622: “Notes Domino 6: Managing Servers and Users.” The skills
tested in this exam are managing non-Notes and Notes clients, managing
servers, managing users and groups, monitoring server performance,
resolving server problems, resolving user problems, and setting up server
monitoring.

After passing the preceding two exams, you become an IBM Certified
System Administrator—Lotus Notes and Domino 6.
One additional test is available if you want to achieve a certification of IBM
Advanced System Administrator:
➤ Exam 623: “Notes Domino 6: Configuring Domino Web Servers.” The
skills tested in this exam are handling administration, installing and con-
figuring Domino Web Servers, and managing security.
00 0789729180 FM 10/21/03 3:26 PM Page xxvii

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction
xxvii
. . . . . . .

Scheduling the Exam


After you have studied this book and taken and consistently passed the sam-
ple tests, you must schedule the exams with Prometric at www.prometric.com.
When this book was written, the cost for the exams was $100, but this is
always subject to change. You are required to pay for the exam in advance
using a credit card. If you have a problem that requires you to reschedule the
exam, you must contact the exam site directly. When you schedule the exam,
you might be required to give some or all of the following information:
➤ Your name

➤ Your Social Security, social insurance, or Prometric testing ID number

➤ Contact phone numbers

➤ Mailing address

➤ Exam number and title

➤ Eligibility information

➤ Email address

Taking the Exam


Schedule your exam at a time that will enable you to arrive early to the test
site with a minimal amount of frustration. There’s nothing more tiring or
distracting than having to fight bad traffic or inclement weather on the way
to the test site; make sure you arrive with ample time to regain your concen-
tration and composure. A good night’s sleep goes a long way toward main-
taining your concentration, so try to work that in as well.
When you arrive at the exam site, you will check in with the exam facilita-
tors, who will verify your exam time and your identity. You will be asked to
provide two valid forms of identification, one of which must be a picture ID,
such as a driver’s license. After you have successfully checked in at the exam
center, you will be asked to leave your cell phone, your keys, and any papers
or books at a designated location, where they will be monitored for you. You
will then be taken to an exam station.
When you sit down at the exam station, you will be given a piece of paper
that includes your login ID and that you can also use as scrap paper. An exam
facilitator will then assist you in logging in and selecting the test that you
00 0789729180 FM 10/21/03 3:26 PM Page xxviii

xxviii Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

have been assigned. Before you begin the test, take a look at your surround-
ings to make sure that the area is conducive to test taking. Make sure that the
lighting in the test station is adequate and that your chair is comfortable and
adjusted properly. You might be sitting in this station for more than an hour,
and you want to make sure that you are not distracted by bright lights or
excessive noise. If the conditions are not properly conducive to taking the
exam, speak to the exam facilitator and ask to have them corrected, or
reschedule the test for a later time, after the problems have been corrected.
You will be observed while you are taking the test, so be prepared to have
someone in the testing room. Additionally, depending on when you are tak-
ing the test, you might be the only person in the room or the room might be
full. If something needs to be corrected, bring it to the examiner’s attention
immediately.
The most important thing about taking the test is this: Don’t rush. You will
have an adequate amount of time to take the test, so there is no reason to
hurry. Read each question carefully, and make sure you understand exactly
what is being asked and in what context. If a question seems confusing, mark
it and come back to it later. Answer the questions that you are certain of ini-
tially, and return to the more difficult ones later. However, make sure that
you read each question completely and understand what is being asked.
Often test-takers avoid choosing incorrect answers simply by taking the time
to read the question more than once.
When you complete the exam, you might be presented with a quick survey.
The test facilitator will require you to complete the survey before allowing
you to leave. After you have completed the survey, you will be given your test
score and then escorted back to the arrival area, where you will be presented
with a printout of your score and you can pick up your personal items.

About This Book


Each Exam Cram chapter follows a standard format, along with graphical
cues containing important information that the reader will need to remem-
ber.
Each chapter begins with hotlists. These are bulleted lists that highlight
terms, concepts, and techniques that you will need to become familiar with
throughout the chapter.
➤ The first list is titled “Terms You’ll Need to Understand.” This list con-
sists of important terms that you will need to learn and understand. These
00 0789729180 FM 10/21/03 3:26 PM Page xxix

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction
xxix
. . . . . . .

terms appear in the order in which they appear in the chapter (these terms
and others are included in the book’s glossary).
➤ The second list is titled “Techniques/Concepts You’ll Need to Master.”
This list might be a mix of concepts and techniques related to exam objec-
tives that you must master by the end of the chapter before proceeding.

The chapters are presented in a logical order that builds upon each concept
covered in the certification exam. Within each chapter, pay attention to these
special elements:

An exam alert stresses concepts, terms, configurations, or activities that might relate
to one or more certification exam questions. You should note items identified by the
alert notice as vital to successfully passing an exam question.

Tips, notes, and cautions are used to describe shortcuts, some efficient ways to
accomplish a task, an “inside take” on some alternative way to accomplish a task,
asides that provide good information that supplements the regular text, or cautions
about potential pitfalls to watch for. Longer sidebars might offer case studies or
extended examples to illustrate the current topic.

➤ Practice questions—Near the end of each chapter, you’ll find a set of prac-
tice questions to test your comprehension of the material you’ve just read.
Be sure to complete each question; if you have difficulty, reread that
material in the text until you have a better understanding of the concepts.
➤ Backup detail and additional resources—At the end of each chapter is a list of
other sources you can use to further your understanding of the material
covered in that chapter of the Exam Cram. Remember, the intent of this
book is to prepare you for the exam, not teach you how to become an
experienced Notes/Domino administrator.
➤ The Cram Sheet—In the front of this book you will find a removable sheet
of tips and important points that you will need to remember for your
exam. Keep in mind that when you are in the exam center, you will not be
able to take notes or look over any study aids, so arrive early enough to
take one final look at the Cram Sheet before going into the testing area.
00 0789729180 FM 10/21/03 3:26 PM Page xxx

xxx Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

How to Use This Book


Although this book has been modeled from the proposed exam requirements
at www.lotus.com, we also have organized the content to present information
in a logical flow. If you feel comfortable with your knowledge of some of the
book’s material, focus your study on other sections of the book and pay spe-
cial attention to these items in the practice tests. .

If you find errors or material that could be presented more clearly, feel free
to contact us at feed@quepublishing.com.
00 0789729180 FM 10/21/03 3:26 PM Page xxxi

Self-Assessment
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The authors have included a Self-Assessment in this Exam Cram to help you
evaluate your readiness to take the IBM Certified System Administrator
Lotus Notes and Domino 6 certification exams. The exams are broken into
three sections; 620, “Notes Domino 6 System Administration Operating
Fundamentals”; 621, “Notes Domino 6: Building the Infrastructure”; and
622, “Notes Domino 6: Managing Servers and Users.” Before jumping in to
study the material required for the exams, let’s take a few moments to discuss
what it’s like to be a Domino Administrator.

Domino Administration in These


Challenging Times
As of the writing of this book, the IT industry is struggling as companies
reinvent themselves after the dot-com failure of the last decade. Although
the industry isn’t the free-for-all, high-salary industry it once was, it’s still
flourishing and people are working and making good salaries. What’s differ-
ent now is that, in the past, a simple paper certification would allow some-
one to get an interview and a subsequent hiring. The situation has now
changed, and candidates are interviewed and tested before they are hired to
make sure they have the experience to hit the ground running. Our goal in
the next section is to show you what is expected of a Domino Administrator
and what you can do to gain an edge over other candidates.
Whether you’re an experienced Domino Administrator and are trying to
move to the next certification level, or someone who is picking up this book
out of curiosity, everyone had to start somewhere. No one has just walked
into an exam center without ever cracking a book or administering a server
for a significant amount of time and passed all of the Notes exams on the first
try. Although the Domino product line is easy to learn when you understand
the fundamentals of the products, it is a highly specialized application and
takes skill and training to support.
00 0789729180 FM 10/21/03 3:26 PM Page xxxii

xxxii Self-Assessment
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

You need to take a skills inventory to determine your strengths and weak-
nesses and what you need to do to get to the level you desire. Keep in mind
that the authors and tech editors of this book all started in the same place.
We all built our first server, created our first user ID, and spent a late night
or early morning trying to figure out why that one troublesome server would
not route mail when everything else in the Domain worked fine. Don’t be
discouraged. It has all been worth it, and we are better for the challenges we
have faced and conquered. Our goal with this Exam Cram is to make at least
one part of the challenge easier, and that’s to help in passing the exams. We’ll
show you what to focus on when you study, and we’ll point out things we feel
are important not only in passing the test, but also in broadening your skill
base.

The “World Class” Domino


Administrator
What does it take to be a “world-class” administrator and stand out from the
crowd? In this section, we point out some items that we feel are essential to
a Domino Administrator. Based on how long you have been in the IT indus-
try, you might meet some or all of these requirements. Don’t be discouraged
if you take a look at the list and recognize only some of your skills. The goal
is to identify areas that you can work on and improve. Here are some rec-
ommended “baseline” qualifications for anyone pursuing certification as a
Domino Certified System Administrator:
➤ Academic or professional training in Windows or Linux operating sys-
tems, and certifications in each discipline at an administrator level. A
well-trained administrator will be able to see where a problem might be
occurring in the Domino configuration and will also be able to think out-
side the box for other system-related issues and how to correct them.
➤ Three-plus years of professional system administration experience,
including experience installing and upgrading operating systems, doing
performance tuning, troubleshooting problems, creating users, and man-
aging backup and recovery scenarios. There is no substitute for real-world
experience; although having a lab environment can be instrumental in
testing new configurations, it might not assist in troubleshooting prob-
lems
00 0789729180 FM 10/21/03 3:26 PM Page xxxiii

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self-Assessment
xxxiii
. . . . . . . . .

Remember, you are trying to distinguish yourself from the other administra-
tors and stand out in the crowd. Consider two things when assessing your
readiness for the certification exams:
➤ Even a modest background in computer science is helpful.

➤ Hands-on experience with a Domino server is essential for certification


success. Nothing compares to real-world experience.

We believe that most certification candidates meet these requirements. With


this level of experience in general administration, half the battle is won. Now
you just need to focus on finishing the job and acquiring the Domino knowl-
edge needed to finish the picture.

Put Yourself to the Test


The following series of questions and observations is designed to help you
determine how much work you’ll face in completing the IBM Lotus
Certification Exams and where to turn for help in getting ready for the tests.
Be absolutely honest in your answers, or you’ll end up wasting money on
exams that you’re not ready to take. There are no right or wrong answers,
only steps along the path to certification.

Educational Background
1. Have you ever taken any computer-related classes? (Yes or No)

If yes, proceed to question 2; if no, consider a CBT or class at a local


community college to gain a base understanding of computer operating
systems administration.
2. Have you taken any classes on the Domino application? (Yes or No)

If yes, you will probably be able to handle the discussions related to


Domino system administration. If you’re rusty, brush up on the basic
concepts related to building a server and creating users. If the answer is
no, consider reading a book in this area. We strongly recommend a good
Domino administration book, such as Lotus Notes & Domino Essential
Reference, by Tim Bankes and Dave Hatter (1999). If this title doesn’t
appeal to you, check out reviews for similar titles at your favorite online
bookstore.
3. Have you taken any networking concepts or technologies classes?
(Yes or No)
00 0789729180 FM 10/21/03 3:26 PM Page xxxiv

xxxiv Self-Assessment
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

If yes, you will probably be able to handle the networking terminology,


concepts, and technologies. If you’re rusty, brush up on basic network-
ing concepts and terminology. If your answer is no, you might want to
check out some titles on the Transport Communication
Protocol/Internet Protocol (TCP/IP).
4. Have you done any reading on certificates or public/private keys?
(Yes or No)
If yes, review the requirements from questions 2 and 3. If you meet
them, move to the next section, “Hands-On Experience.” If you
answered no, consult the recommended reading for both topics. This
kind of strong background will be of great help in preparing for the
Lotus exams.

Hands-On Experience
The next question assesses the extent of your hands-on experience as a
Domino server administrator. Nothing will prepare you for the exams more
than actually working on a Domino server. If we leave you with only one
realization after taking this Self-Assessment, it should be that there’s no sub-
stitute for time spent installing, configuring, and using the Domino admin-
istration procedures and processes covered in the exams.
5. Have you installed, configured, and worked with Domino version 6?
(Yes or No)
If yes, make sure you understand the basic concepts covered in Exams
620, 621, and 622.
If you haven’t installed Domino version 6, download an evaluation copy
from www.lotus.com and install the enterprise server and the three admin-
istrator clients. Then learn about the installation and administration
concepts required for the exams.

You can obtain the exam objectives, practice questions, and other information
about Domino exams from the Lotus Certification page on the Web at
www.lotus.com.

Testing Your Exam-Readiness


Whether you attend a formal class on a specific topic to get ready for an
exam or use written materials to study on your own, some preparation for
00 0789729180 FM 10/21/03 3:26 PM Page xxxv

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self-Assessment
xxxv
. . . . . . . . .

the Domino certification exams is essential. If you can, attend an instructor-


led class at an authorized Lotus training facility. If you can’t afford a class,
practice exams are available to gauge your readiness. Check for the practice
exams at the Lotus Web site, www.lotus.com. Search the Internet for Lotus
sites that might have information about what to expect from people who
have taken the exam and what their experiences were. The most effective
thing that you can do is study, study, study.
We have included in this book several practice exam questions for each chap-
ter and a sample test. If you don’t score well on the chapter questions, you
can study more and then tackle the sample tests at the end of each part.
6. Have you taken a practice exam on your chosen test subject? (Yes or No)

If yes and you passed consistently, you’re probably ready to take the real
exam. If you’re struggling, keep studying and taking the exams until you
pass. If you answered no, obtain all practice tests you can find (or afford),
study this book, and retake the tests.

Using Other Sources to Prepare for


the Lotus 620, 621, and 622 Exams
In addition to the information in this chapter, other resources are available
to help you prepare for the exams. As previously discussed, the Lotus Web
site, www.lotus.com, is a great source for information about the certification
exams. Another great Web site for general Lotus information is www.
lotusadvisor.com. If you have access to an NNTP news server, the comp
newsgroups comp.groupware.lotus-notes and comp.groupware.lotus.notes-admin
are great resources for Domino information. Whitepapers and redbooks are
also available at www.redbooks.ibm.com.

Onward, Through the Fog!


After you’ve taken a look at your skills and decided where you want to focus
your studies, nothing is left but to get started. Every journey begins with that
first step, and you have already taken it by picking up this book. Study, take
the practice exams, and then go back and study the areas where you strug-
gled. When you’re consistently passing the practice exams, go to the testing
center with confidence and pass the tests.
00 0789729180 FM 10/21/03 3:26 PM Page xxxvi

xxxvi Self-Assessment
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Remember this wisdom from Wayne Antaw: “Lessons learned by ourselves


have a greater value than lessons learned through others.”
Now, go study and pass the tests.
Good luck!
01 0789729180 CH01 10/21/03 2:47 PM Page 1

1
Overview of Domino
System Administration
Certification Exams
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Self-assessment
✓ Practice test
✓ Testing center
✓ Exam proctor
✓ Passing mark
✓ Radio button
✓ Review mark

Techniques you’ll need to master:


✓ Preparing to take a certification exam
✓ Preparing to take a certification exam using practice questions
and tests
✓ Understanding the intricacies of the testing software and its
interface
✓ Budgeting your time to allow you to answer all questions
✓ Formulating a test-taking strategy in advance to ensure
success
01 0789729180 CH01 10/21/03 2:47 PM Page 2

2 Chapter
. . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Regardless of how much you’ve studied, exam taking is not likely something
you’ll enjoy. In most cases, familiarity helps relieve test anxiety. You proba-
bly won’t be as nervous when you take your second or third Domino certifi-
cation exam as you will be when you take your first one.
Whether it is your second exam or your tenth, understanding the finer points
of exam taking (how much time to spend on questions, the setting you will
be in, and so on) and the exam software will help you concentrate on the
questions at hand rather than on the surroundings. Likewise, mastering some
basic exam-taking skills should help you recognize—and perhaps even out-
smart—some of the tricks and traps you are bound to find in several of the
exam questions.
This chapter explains the Lotus Domino System Administration exam envi-
ronment and software, and describes some proven exam-taking strategies
you can use to your advantage when preparing for and taking the exams.

Assessing Exam-Readiness
Before you take any Domino exam, we strongly recommend that you read
through and take the Self-Assessment included with this book (it appears in
the Introduction). It will help you compare your knowledge base with the
requirements for obtaining the Domino R6 System Administrator certifica-
tion and help you identify parts of your background or experience that might
need improvement through experience or learning. If you get the right set of
basics under your belt, obtaining Domino certification is that much easier.
After you’ve gone through the Self-Assessment, you’ll have a better idea of
what your strengths and weaknesses are so that you can judge how much
time to spend in studying the different subject areas.
Your next step in preparing for the Domino exams should be to visit the
Lotus Certification Web site to look at Lotus’s recommended exam-prepara-
tion strategy. Lotus outlines a preparation method for each of the three
administration exams at www.lotus.com/. Look for the link to Training and
Certification on the left side of the page, and then navigate to Lotus
Certification and finally Exam Preparation, all on the left menus.
After you’ve worked through this Exam Cram, read the supplementary mate-
rials, and taken the practice tests at the end of the book, you’ll be well
prepared to take the exam.
01 0789729180 CH01 10/21/03 2:47 PM Page 3

. . . . . . . . . . . . . . Overview
. . . . . of
. . Domino
. . . . System
. . . . .Administration
. . . . . . . .Certification
. . . . . . Exams
3
. . . .

You’ll likely want to continue practicing the tests until you achieve a score of 90%
or higher.

The Exam Objectives


Your next step in preparing for the Domino exams should be to visit the Lotus
Certification Web site to look at Lotus’s recommended exam-preparation
strategy. Use the URL mentioned in the previous section to locate the exam
Lotus exam guides. Lotus recommends that you download its exam guide for
a complete listing of exam competencies and that you prepare for the exam by
using a combination of training, hands-on practice, practice exams, and other
third-party materials. We’ve structured this Exam Cram book so that each
chapter covers all of the topics listed in the exam-preparation guide. We’ve
stuck closely to the wording used in the exam guide for each of the topics, but
we’ve reordered the topics within each chapter so that topic areas are grouped
by subject, which allows us to present the material in a more logical order.
After reading through the exam guide, you can proceed to work your way
through this Exam Cram book. This book covers the exam competencies for
all three administration exams:
➤ Exam 620, “Notes Domino 6 System Administration Operating
Fundamentals”: Chapters 2 to 6
➤ Exam 621, “Notes Domino 6: Building the Infrastructure”: Chapters 7
to 11
➤ Exam 622, “Notes Domino 6: Managing Servers and Users”: Chapters
12 to 18

If you haven’t taken any of the exams, you’ll likely want to prepare for and
take the exams in order, starting with Exam 620. You might want to consid-
er reading the material for both Exams 620 and 621 before attempting either
exam because there is quite a bit of overlap in the exam topics for those two
exams. Exam 622 has a more unique topic listing, so you can prepare for that
exam separately from the other two.
After you’ve worked your way through the chapters related to each exam and
have read some of the suggested supplementary materials, you’ll want to try
the practice tests included with this book. You might also want to purchase
additional practice tests. Refer to the Lotus Certification Web site listed ear-
lier for up-to-date listings of practice exam vendors.
01 0789729180 CH01 10/21/03 2:47 PM Page 4

4 Chapter
. . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The Exam Situation


First, it’s important to note that all Lotus exams are administered by a third-
party testing center, not by Lotus itself. To register for the exam, you’ll need
to contact the testing vendor. Two testing vendors administer the Lotus
exams:
➤ Thompson Prometric (formerly Sylvan Prometric): 1-800-74-LOTUS,
or www.prometric.com
➤ CAT Global (now owned by Promissor): www.catglobal.com

The testing vendor will ask for all of your personal information, as well as
the name of the exam you want to take, the name and location of the testing
center, and your payment method. Each exam attempt costs $100, payable at
registration.
When you arrive at the testing center where you scheduled your exam, you
will need to sign in with an exam proctor. The proctor will ask you to show
two forms of identification, one of which must be a photo ID. After you have
signed in, you will be asked to deposit any books, bags, or other items you
brought with you. The exam proctor will advise you to go to the restroom
before you start the exam because you won’t be allowed to leave the exam
room after the exam has started. Then you’ll be escorted into the closed
room that houses the exam seats.
All exams are completely closed book. In fact, you won’t be permitted to take
anything with you into the testing area. You will be furnished with a pen or
pencil and a blank sheet of paper—or, in some cases, an erasable plastic sheet
and an erasable felt-tip pen. You are allowed to write down any information
you want on both sides of this sheet. You might want to jot down notes from
the Cram Sheet on this piece of paper before you begin writing the exam.
The exam proctor will help you log in to the exam using the testing ID pro-
vided by the testing vendor.
Typically, the room will be furnished with one to half a dozen computers, and
each workstation will be separated from the others by dividers designed to
keep you from seeing what is happening on someone else’s computer. Most
test rooms feature a wall with a large picture window. This permits the exam
proctor to monitor the room, to prevent exam takers from talking to one
another, and to observe anything out of the ordinary that might go on.
All Domino certification exams allow a predetermined, maximum amount of
time in which to complete your work. This time is indicated on the exam by
an onscreen timer in the upper-right corner of the screen, so you can check
01 0789729180 CH01 10/21/03 2:47 PM Page 5

. . . . . . . . . . . . . . Overview
. . . . . of
. . Domino
. . . . System
. . . . .Administration
. . . . . . . .Certification
. . . . . . Exams
5
. . . .

the time remaining whenever you like. At the beginning of each test is a tuto-
rial that you can go through if you are unfamiliar with the testing environ-
ment. The time allocated for the tutorial is not included in the testing time.
All exams are computer generated and use a multiple-choice format. The
exams vary in the number of questions asked, the amount of time allocated
per exam, and the passing mark for each exam. Table 1.1 lists the informa-
tion available for each of the three exams at the time of printing:

Table 1.1 Exam Details for Each Exam


Number of
Exam Number Time Allocated Questions Passing Score
620 1 hour 45 75%
621 1 hour 45 70%
622 1 hour 45 72%

When Exam 622 is released in gold format, the exam format likely will follow the for-
mat for Exam 621—a one-hour exam with 45 questions and a passing score of 70%.

When you complete a Domino certification exam, the software tells you
whether you have passed or failed. The results are then broken down into
several competencies. You are shown the percentage of correct answers for
each individual competency. Even if you fail, you should ask for and keep the
detailed report that the test proctor prints for you. You can use this report to
help you prepare for another attempt, if needed. If you need to retake an
exam, you will have to schedule a new test with Prometric or CAT Global
and pay for another exam attempt. Keep in mind that because the questions
come from a pool, you will receive different questions the second time
around.
In the following section, you will learn more about how Domino test ques-
tions look and how they must be answered.

Exam Layout and Design


All exam questions present multiple-choice answers and require you to select
a single answer. At the time of this printing, Lotus has confirmed that there
are no multiple-answer questions on the Domino exams. The following
question is an example of a multiple-choice question that requires you to
01 0789729180 CH01 10/21/03 2:47 PM Page 6

6 Chapter
. . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

select a single correct answer. Following the question is a brief explanation


of why the answer is correct.

Question 1
When is mail routed between servers that are in the same Domino Named
Network?
❍ A. Immediately
❍ B. Every 10 minutes
❍ C. According to the schedule in the Connection document
❍ D. When there are five messages pending

Answer A is correct. The router immediately routes mail to servers in the


same Notes Named Network. The messages are immediately routed from
the MAIL.BOX file on the sender’s server to the MAIL.BOX file on the
recipient’s server. Because servers in a Notes Named Network share a com-
mon protocol and are always connected, you do not need to create
Connection documents for mail routing.

Although there are no multiple-answer questions on the exams, there might be an


answer like this one: “D. All of the above.” This answer means that A, B, and C are all
correct, and, therefore, the answer should be D. Make sure you carefully read all
answers to determine whether to choose the “All of the above” option.

This sample question format corresponds closely to the Lotus Certification


Exam format—the only difference on the exam is that questions are not fol-
lowed by answer keys. To select an answer, position the cursor over the radio
button next to the answer and then click the mouse button to select the
answer.
At the end of every chapter are several practice exam questions to help test
your knowledge of the competencies covered in that chapter. Most of the
questions are single-answer questions; however, there may be a few multiple-
answer questions in which you are asked to select more than one right
answer. We’ve included these questions to help you learn the material, but
there will be no multiple-answer questions on the exam. For that reason,
you’ll notice that the practice exams at the end of the book use single-answer
questions only.
01 0789729180 CH01 10/21/03 2:47 PM Page 7

. . . . . . . . . . . . . . Overview
. . . . . of
. . Domino
. . . . System
. . . . .Administration
. . . . . . . .Certification
. . . . . . Exams
7
. . . .

Lotus’s Testing Formats


When you start the exam, the timer begins ticking immediately. The timer
appears in the top-right corner of the screen. You’ll want to keep your eyes
on the timer from time to time to ensure that you’re managing your time
wisely.
The question number also appears on the screen, followed by the total num-
ber of questions. For example, if you’re on question 3, the screen will read
“Question 3 of 45,” so you’ll know how many questions you’ve completed of
the total number of questions. There will also be a Mark Question check
box, to allow you to mark a question to find the question easily at the end.
When you’ve completed all questions, you’re presented with a summary
screen that shows all questions with their corresponding answers. The screen
shows a mark beside the questions you chose to mark. You’ll be able to push
a button that allows you to Review All questions or to Review Marked ques-
tions. You can then go back through the questions and change your answer,
if desired.
When you’ve finished reviewing your questions, you can push the button to
end the exam. You’re prompted to confirm that you want to end the exam.
When you’ve confirmed that you have finished the exam, the computer takes
a few moments to tally your score. You then are informed of your score and
whether you passed or failed. A printout of your marks prints to the proctor.
The proctor then stamps your printout with the seal of the testing center, to
prove the printout’s authenticity. At that point, you must retrieve your
belongings, and you’re free to go.

Exam-Taking Techniques
Each exam has 45 questions (assuming that Exam 622 also follows this for-
mat), and you have 60 minutes to complete the exam. Here is our advice on
how you should approach your exam.
Read the first question quickly, and scan the list of answers provided. Then
reread the same question carefully, and read each answer carefully. If you are
sure that you know the answer to the question, choose the correct radio but-
ton. Then proceed to the next question without marking it.
If after reading the question carefully you don’t know the answer, take your
best guess and mark one of the radio buttons as your answer. Then choose
the Mark Question check box at the top of the page. Proceed this way
through the entire exam until you’ve completed all of the questions. You
01 0789729180 CH01 10/21/03 2:47 PM Page 8

8 Chapter
. . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

should allow yourself approximately 1 minute per question, which should


leave you with 15 minutes to spare at the end of the exam. Watch the clock
every so often, to see if you’re on track for your timings. If you’re on ques-
tion 23, you should have spent approximately 23 minutes on the test, and you
should have 37 minutes left. If you’re ahead of schedule, you can slow down
a bit and take more time with each remaining question. If you’re behind
schedule, you should try to speed up a bit.
When you’ve answered each question and you’re looking at the question
summary, review only the questions you’ve marked. You should have approx-
imately 15 minutes left, during which time you can proceed through the
marked questions and change your answer if you think you’ve found a better
answer. Make sure that you choose the Review Marked button and not the
Review All button so that you don’t have to go through all of the questions
again.

On the Lotus exams, you’re allowed to change your answer to the question whether
you marked it or not. You can go forward and backward through the questions and
change answers if you find you’ve made a mistake. Lotus exams are more flexible
than some types of exams that don’t allow you to go back to a question after you’ve
answered it. Rest assured that if you think you made a mistake, you can always go
back to any question and change your answer.

When you’ve reviewed all of the marked questions, if you still have time left,
you might want to consider reviewing all of the questions. Personally, I don’t
review the questions for which I am sure of the correct answer, to avoid
second-guessing myself and changing a potentially right answer to a wrong
one.

Make sure that you read each question carefully. Some questions are deliberately
ambiguous, some use double negatives, and others use terminology in incredibly
precise ways. I have taken numerous exams—both practice and live—and in nearly
every one I have missed at least one question because I didn’t read it closely or care-
fully enough.

Based on exams I’ve have taken, some interesting trends have become appar-
ent. For most questions, usually two or three of the answers will be obvious-
ly incorrect, and one or two of the answers will be possible—of course, only
one can be correct. Unless the answer leaps out at you, begin the process of
answering by eliminating those answers that are most obviously wrong. If
you have done your homework for an exam, no valid information should be
completely new to you. In that case, unfamiliar or bizarre terminology most
likely indicates a bogus answer.
01 0789729180 CH01 10/21/03 2:47 PM Page 9

. . . . . . . . . . . . . . Overview
. . . . . of
. . Domino
. . . . System
. . . . .Administration
. . . . . . . .Certification
. . . . . . Exams
9
. . . .

If you are not finished when 95% of the time has elapsed, use the last few
minutes to guess your way through the remaining questions. Remember that
guessing is potentially more valuable than not answering: Blank answers are
always wrong, but a guess could turn out to be right. Make sure that you
enter an answer for every question.

Mastering the Inner Game


Knowledge breeds confidence, and confidence breeds success. If you study
the information in this book carefully and review all the practice questions at
the end of each chapter, you should become aware of the areas for which you
need additional learning and studying.
Follow up by reading some or all of the materials recommended in the
“Need to Know More?” section at the end of each chapter, and check the
resources offered in Appendix A, “Resources.” Don’t hesitate to look for
more resources online. Remember that the idea is to become familiar enough
with the concepts and situations you find in the sample questions that you
can reason your way through similar scenarios on a real exam. If you know
the material, you have every right to be confident that you can pass the exam.
Make sure you follow up and review materials related to the questions that
you miss on the sample test before scheduling a real exam. The key is to
know the why and how. If you memorize the answers, you do yourself a great
injustice and might not pass the exam. Only when you have covered all the
ground and feel comfortable with the whole scope of the sample test should
you take a real one.
With the information in this book and the determination to supplement your
knowledge, you should be able to pass the certification exam. Get a good
night’s sleep and prepare thoroughly; you should do just fine. Don’t forget to
eat something before you attempt the exam—don’t take it on an empty stom-
ach. Good luck!

Additional Resources
A good source of information about Domino certification exams comes from
the software vendor—in this case, Lotus. The best place to go for exam-
related information is online at www.lotus.com/certification.
01 0789729180 CH01 10/21/03 2:47 PM Page 10

10 Chapter
. . . . .1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Coping with Change on the Web


Sooner or later, all the information we have shared about Web-based resources mentioned
throughout this book will go stale or be replaced by newer information. There is always a way
to find what you want on the Web if you are willing to invest some time and energy. Lotus’s site
has a site map to help you find your way around. Most large or complex Web sites offer search
engines. Finally, feel free to use general search tools to search for related information.
02 0789729180 Pt 1 10/21/03 2:38 PM Page 11

PART I
Exam 620
2 Installing and Configuring
3 Mail
4 Managing and Maintaining
5 Replication
6 Security
02 0789729180 Pt 1 10/21/03 2:38 PM Page 12
03 0789729180 CH02 10/21/03 2:39 PM Page 13

2
Installing and Configuring
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Server registration ✓ Certifier ID
✓ Server ID ✓ Organizational unit (OU)
✓ CERTLOG.NSF ✓ Directories
✓ Server setup ✓ Domain
✓ Utility server ✓ Group
✓ Messaging server ✓ User registration
✓ Enterprise server ✓ Client license
✓ Protocol ✓ Smart Upgrade
✓ Port ✓ User ID
✓ Hierarchical naming ✓ Policy settings document

Techniques and concepts you’ll need to master:


✓ Registering and setting up a Domino ✓ Implementing central and distributed
server directories
✓ Knowing server and user license types ✓ Registering, installing, and setting up
✓ Setting up server protocols and ports Notes clients
✓ Understanding Domino domains and the ✓ Maintaining and deploying Notes user IDs
role of the Domino Directory ✓ Applying policy documents
✓ Creating groups in the Domino Directory
03 0789729180 CH02 10/21/03 2:39 PM Page 14

14 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

It’s important to remember that this chapter does not provide a comprehen-
sive, step-by-step approach to installation, but rather covers only the topics
specified in the exam guide for this particular exam. For this reason, we don’t
go through the installation process from start to finish. The best way to pre-
pare for the Installation and Configuration portion of the exam is to perform
the installation and configuration tasks several times with the actual software,
and then review the exam-specific topics covered in this book.
If you’re looking for a comprehensive installation guide, please consult the
Lotus Domino Administration Help database. Look for the topic called
“Installation” in the Contents section.

Registering Servers
Setting up a Domino server involves two processes: server registration and
server setup. If the Domino server is the first server in the domain, then these
two steps are combined into a single step.
Server registration allows the administrator to create an identity for the new
server in the domain’s Domino Directory. The registration process does the
following:
➤ Creates a server ID for the new server and certifies it with the certifier
ID. The server ID is a file that uniquely identifies each server within an
organization, and allows the server to authenticate with other servers
and with users.
➤ Creates a Server document for the new server in the Domino Directory.

➤ Encrypts and attaches the server ID to the Server document and saves
the ID on a disk or in a file on the server.
➤ Adds the server name to the LocalDomainServers group in the Domino
Directory.
➤ Creates an entry for the new server in CERTLOG.NSF.

Server Setup
After registering the server, the administrator must set up the server. Server
setup involves installing the Domino software, and then configuring that
software using the ID file generated during the registration process. Perform
the following steps to install the Domino server software:
03 0789729180 CH02 10/21/03 2:39 PM Page 15

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
15
. . . . . .

1. Run the install program (SETUP.EXE), which is on the installation


CD.
2. Read the Welcome screen, and click Next. Then read the License
Agreement and click Yes.
3. Enter the administrator’s name and the company name.

4. Choose whether to install partitioned servers.

On a Domino partitioned server, all partitions share the same Domino program direc-
tory, and thus share one set of Domino executable files. However, each partition has
its own Domino data directory and NOTES.INI file; thus, each has its own copy of the
Domino Directory and other administrative databases. There will likely be at least one
exam question about partitioned servers, so it’s important to remember what this
installation option means.

5. Choose the program and data directory in which to copy the software,
and then click Next. For partitioned servers, choose only a program
directory.
6. Select one of the following server types:

➤ Domino Utility Server—Installs a Domino server that provides appli-


cation services only, with support for Domino clusters. The
Domino Utility server is a new installation type for Lotus Domino
6 that removes client access license requirements. There is NO sup-
port for messaging services.
➤ Domino Messaging Server—Installs a Domino server that provides
messaging services. There is NO support for application services or
Domino clusters.
➤ Domino Enterprise Server—Installs a Domino server that provides
both messaging and application services, with support for Domino
clusters.

Only the Domino Enterprise Server supports a service provider (xSP) environment.

7. Click Customize to choose which components to install, or click Next


to accept all components.
8. If installing partitioned servers, specify a data directory for each parti-
tion.
03 0789729180 CH02 10/21/03 2:39 PM Page 16

16 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9. Specify the program folder or accept Lotus Applications as the pro-


gram folder that will contain the software.
10. Click Finish to complete the install program.

After the installation program has finished, the administrator must start the
server in order to complete the server configuration. Choose Start,
Programs, Lotus Applications, Lotus Domino Server to start the Server
Setup program. The Domino Server Setup program guides the administra-
tor through the settings required to configure a Domino server.

Setting Up Additional Domino Servers


Setting up the first Domino server in a domain establishes a framework that
consists of the Domino Directory, ID files, and documents. When the
administrator sets up additional servers, they build upon this framework.
Setting up an additional Domino server does the following:
➤ Creates a replica of the Domino Directory, if a file location was specified
during the setup program, names it NAMES.NSF, and saves it in the
Domino data directory.
➤ Copies the server’s ID from the location specified during the setup pro-
gram, either from a file, a copy of the directory, or the existing Domino
server’s directory; names it SERVER.ID; and saves it in the Domino
data directory.
➤ Retrieves the domain name and administrator name from the Server
document in the Domino Directory.
➤ Creates a new log file, names it LOG.NSF, and saves it in the Domino
data directory.
➤ Creates a replica of the Administration Requests file, names it
ADMIN4.NSF, and saves it in the Domino data directory.
➤ Creates a replica of the Monitoring Configuration file, names it
EVENTS4.NSF, and saves it in the Domino data directory.
➤ Creates a Connection document to the existing Domino server in the
Domino Directory.
➤ Creates a replica of the Reports file, names it REPORTS.NSF, and saves
it in the Domino data directory.
➤ Updates network settings in the Server document of the Domino
Directory.
03 0789729180 CH02 10/21/03 2:39 PM Page 17

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
17
. . . . . .

➤ Configures SMTP, if selected during the setup program.

➤ If “DOLS Domino Off Line Services” was selected during the setup
program, creates the Off-Line Services file, names it
DOLADMIN.NSF, and saves it in the Domino data directory.
➤ Updates the Access Control List in all databases and templates in the
Domino data directory tree to remove Anonymous access and/or add
LocalDomainAdmin access, depending on the selections made during
the setup program.
➤ Configures xSP Service Provider information, if selected during the
install program.

For the exam, remember that in Domino R6, if there is an error generated during
server setup, the administrator has the option to either go back and correct the error,
or cancel setup. In previous releases, after an error was generated, the administra-
tor had to stop the setup, fix the problem, and restart setup again. Be prepared to
answer questions involving this new procedure on the exam.

Setting Up Server Protocols and Ports


Port and protocol settings for a Domino server can be configured either
before or after the server has been set up. A port refers to the networking
software that allows the server to communicate with other servers or clients
that share a common protocol; a protocol is the interface that allows either
two servers or a client and a server to communicate over a network. If the
administrator wants to complete port configuration during the setup pro-
gram, he should ensure that they have completed the following before
installing a Domino server:
➤ Install one or more NICs on the system.

➤ Install protocol software as necessary.

➤ Install all network drivers in the correct directories.

➤ Install any network software required for the protocols

The administrator can then use the Domino Server Setup program to accept
network defaults or customize network settings for any ports and protocols
that are detected by the setup program itself.
After the administrator has run the setup program, he or she may need to
complete one or more of these tasks to finish setting up Lotus Domino on
the network:
03 0789729180 CH02 10/21/03 2:39 PM Page 18

18 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Change the default names assigned to Notes named networks to make


them consistent with actual network topography.
➤ Fine-tune network port setup by adding, enabling, renaming, reorder-
ing, disabling, or deleting ports or by enabling network encryption or
compression on a port.
➤ Complete tasks specific to the TCP/IP, NetBIOS, or IPX/SPX protocol.

Implementing a Hierarchical
Naming Scheme
Hierarchical naming is the cornerstone of Domino security; therefore, plan-
ning it is a critical task. Hierarchical names provide unique identifiers for
servers and users in a company. When the administrator registers new
servers and users, the hierarchical names determine their certification, or
their level of access to the system, and control whether users and servers in
different organizations and organizational units can communicate with each
another.

Maintaining Domino Certifier IDs


A hierarchical name scheme uses a tree structure that reflects the actual
structure of a company. At the top of the tree is the organization name, which
is usually the company name. The organization name is associated with the
top-level certifier ID—usually called the cert.id. Below the organization name
are organizational units (OUs), which are created to suit the structure of the
company. These OUs are associated with OU certifier ID files.
The administrator can create up to four levels of organizational unit (OU)
certifiers. To create first-level OU certifier IDs, use the organization certifi-
er ID. To create second-level OU certifier IDs, use the first-level OU certi-
fier IDs, and so on.

The cert.id file is created during first server setup. Now in R6, OU IDs can also be
created during first server setup, or they can be created by the administrator at any
time using the Domino Administrator client. OU ID filenames are typically similar to
the OU name itself; for example, sales.id would be associated with the Sales/Acme
OU certifier. Watch for exam questions that test your ability to recognize that OU cer-
tifiers can now be created on first server setup.
03 0789729180 CH02 10/21/03 2:39 PM Page 19

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
19
. . . . . .

Using organizational unit certifier IDs, administrators can decentralize cer-


tification by distributing individual certifier IDs to administrators who man-
age users and servers in specific branches of the company. For example, the
Acme Company has three administrators. One administers servers and users
in West/Acme and has access to only the West/Acme OU certifier ID, and
the second administers servers and users in East/Acme and has access to only
the East/Acme OU certifier ID. The third administrator works out of Acme’s
head office and has access to the cert.id, as well as all OU IDs. He is also
responsible for generating any new OU certifiers.

Each certifier ID has a unique password, and in order to use the certifier ID for regis-
tration, the administrator must enter the password. Lotus recommends that pass-
words for certifier IDs be at least nine characters, and that certifier IDs be stored in
secure locations, only to be accessed by trusted Domino administrators.

Configuring Directories
Directory services are an integral part of how Domino facilitates client
authentication and data transmission for clients. It is necessary to understand
the Domino Directory—the most important database in the Domino system
for the administrator.

Understanding the Domino Domain


A Domino domain is a group of Domino servers that share the same Domino
Directory. The Domino Directory contains, among other documents, a
Server document for each server and a Person document for each Notes
user.
There are different scenarios for setting up Domino domains. The most
common scenario, used by many small- and medium-size companies,
involves creating only one Domino domain and registering all servers and
users in one Domino Directory. All users and servers are stamped with either
the organization certifier or an OU that inherited certificates from that top-
level certifier, so all users and servers can authenticate. Mail routing is sim-
plified, because all users and servers share the same directory.
Some companies use a multidomain scenario whereby users and servers are
registered into different Domino Directories. This scenario is harder to
manage, and usually requires that the administrator facilitate directory man-
agement using Directory Assistance and/or Directory Catalog.
03 0789729180 CH02 10/21/03 2:39 PM Page 20

20 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Often, the domain name and organization name are the same name, but they have two
separate functions. The domain name refers to the collection of users and servers in
the Domino Directory, whereas the organization name refers to the company’s secu-
rity system.
The title of the Directory is always “Domain’s Directory”; for example, “Acme’s
Directory.”

Implementing Distributed Versus


Centralized Directories
A central directory architecture is an optional directory architecture that can
be implemented in a Domino domain. This architecture is new to R6 and
differs from the traditional distributed directory architecture in which every
server in a domain has a full replica of the primary Domino Directory.
With a central directory architecture, some servers in the domain have selec-
tive replicas of a primary Domino Directory. These replicas, which are
known as Configuration Directories, contain only those documents that are
used to configure servers in a Domino domain, such as Server, Connection,
and Configuration Settings documents. A server with a Configuration
Directory uses a remote primary Domino Directory on another server to
look up information about users and groups and other information related to
traditional directory services.
A central directory architecture has the following key features:
➤ Provides secondary servers quick access to new information because the
servers aren’t required to wait for the information to replicate to them
➤ Enables secondary servers to run on less powerful machines because
they don’t have to store and maintain the primary Domino Directory
➤ Provides tighter administrative control over directory management
because only a few directory replicas contain user and group information

A server with a Configuration Directory connects to a remote server with a


primary Domino Directory to look up information in the following docu-
ments that it doesn’t store locally—Person, Group, Mail-in Database,
Resource, and any custom documents added by the administrator.
The administrator can set up a Domino Directory as either a primary
Domino Directory or a Configuration Directory in one of the following two
ways:
➤ For a new server, when an additional server is registered and set up
within the domain
03 0789729180 CH02 10/21/03 2:39 PM Page 21

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
21
. . . . . .

➤ For an existing server in the domain, by using replication settings for the
directory to change a primary Domino Directory to a Configuration
Directory or to change a Configuration Directory to a primary Domino
Directory

After a server has been designated with a Configuration Directory, it can


locate a primary Domino Directory replica by using either default logic or
can use a directory replica specified through directory assistance.

Creating Groups in the Directory


Many administration tasks can be simplified through the use of groups. A
group is a list of Domino servers or users that share common characteristics
and are grouped together for a common purpose. Groups are used mainly to
control access and as mail distribution lists.
To create a group, the administrator must have at least Author access with
the Create Documents privilege, and must be assigned to the GroupCreator
role. To edit the group, the administrator must have at least Author access,
and must either be assigned to the GroupModifier role, or must be listed in
the group document as the owner or administrator.
There are five different types of groups:
➤ Multipurpose—A group that has multiple purposes; for example, mail,
ACLs, and so on. This is the default group type.
➤ Access Control List Only—A group that is used in ACLs so that access can
be restricted for databases to servers and users.
➤ Mail Only—A group that is used as a mail distribution list.

➤ Servers Only—A special group that can be used in Connection docu-


ments and in the Domino Administrator client’s domain bookmarks for
grouping servers together.
➤ Deny List Only—A group that is used to control access to servers.
Typically used in the Deny Access field of the Server document to pre-
vent terminated employees from accessing a server.

Deny List Only groups are not listed in the Groups view in the Domino Directory.
They are, however, listed in the Deny Access Groups view. An administrator must be
assigned to either the GroupModifier or NetModifier role to be able to access this
view.
03 0789729180 CH02 10/21/03 2:39 PM Page 22

22 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up Administration Groups


Typically, the administrator creates one or more multipurpose groups specif-
ically for administrators of the Domino system. In a small company, there
may be only one group of administrators who all do the same jobs. Typically,
this one group would be given high access to resources. Larger organizations
may have several different groups of administrators, based on the jobs those
groups perform. For example, there may be one group called “Senior
Administrators” that is given high access to resources and another group
called “Junior Administrators” that is given limited access to resources.
Administrators can also be given different access rights to the server through
the use of Administrator fields on the Server document. Please consult the
topic “Restricting Administrator Access to the Server” in Chapter 6,
“Security,” for a detailed overview of administrator rights.

Notes Client Configuration


Like the Domino server, Notes client configuration involves two steps—reg-
istering the client and running the setup program to configure the client.

Registering New Users


The administrator needs to register users before he can install Notes on
users’ workstations. The administrator can use either the Notes
Administrator client or the Web Administrator client to perform the regis-
tration. For each user, the user registration process creates:
➤ A Person document in the Domino Directory

➤ A user ID that is stamped with appropriate certificates (does not apply to


non-Notes users)
➤ A mail file (optional)

The user’s name and the certificates that a user’s ID inherits depend upon which cer-
tifier ID is chosen during registration. If the administrator chooses the OU ID called
West/Acme when registering Mary Green, then her name will be Mary
Green/West/Acme, and she will have two certificates—one for the organization,
/Acme, and one for the OU, /West/Acme.

Notes offers different options for registering users, as follows:


➤ Basic user registration

➤ Advanced user registration


03 0789729180 CH02 10/21/03 2:39 PM Page 23

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
23
. . . . . .

➤ Text file registration

➤ Migration tools registration (for companies using an external mail sys-


tem or directory)

Installing Clients of Different License Types


Depending on the size of the company, the administrator may need to pro-
vide an installation method for only a few users or for thousands of users. In
addition, they may need to customize the installation process so that users
install only the features they need. There are three types of clients that can
be installed:
➤ Notes client

➤ Domino Administrator client

➤ Domino Designer client

A user might require one or a combination of the preceding clients. If the Domino
Administrator or Designer client is installed, the Notes client is also installed. The
client installation software also offers the option to install all three clients.

Domino offers several methods or types of installation that the administra-


tor can make available to the Domino Notes users in their company.
Companies must purchase a client license for each client they want to install.
A client license is an authorization purchased from Lotus that allows the
administrator to register and set up a client machine running the Lotus
Notes client, the Notes Administrator client, or the Designer client.
➤ Single-user Client Installation—This installation is usually done from the
CD or from files placed on the network.
➤ Multiuser Installation—This option allows the administrator to configure
the workstation for use by more than one user. This option is available
only for Notes client installation, not for installing the Domino
Administrator client or Domino Designer.
➤ Shared Installation—This option installs all program files to a file server
while the users’ data files reside on their local workstations.
➤ Automated Client Installations (Silent Installation)—This option can be
used with or without a transform file depending on whether the admin-
istrator wants to customize the silent installation.
03 0789729180 CH02 10/21/03 2:39 PM Page 24

24 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Customized Installations—This option uses a transform file to customize


the installation process.
➤ Batch File Installation—This option enables users to install the clients by
running a batch file that you create for them.
➤ Installation with Command-line Utilities—This option allows users to
install the clients using a command-line utility that is provided for them
by the administrator.
➤ Scriptable Setup—This option uses a setting in the NOTES.INI file to
provide information to the Client Setup Wizard.

After the R6 client software has been installed and configured, administra-
tors will likely need to upgrade the client installation over time. Lotus Notes
6 provides the following options for upgrading Notes clients:
➤ Upgrade-by-mail

➤ IBM Lotus Notes Smart Upgrade

➤ Administrative installation

Lotus Notes Smart Upgrade is a new R6 upgrade option that works with the Lotus
Notes 6 update kits or incremental installers that can be downloaded from the Lotus
Developer Domain (www.lotus.com/ldd/smartupgrade). Smart Upgrade sends a
notification to users to upgrade their Notes clients. Smart Upgrade lets you set a
grace period in which users must upgrade their clients. This upgrade method uses
policy and settings documents to help manage updates. Because this is a new R6
feature, watch for exam questions that test your understanding of how the Smart
Upgrade process works.

Setting Up and Configuring a Notes R6 User


Lotus Notes 6 users are people who use the Notes client to access Domino
servers and databases and have a Notes ID, a Person document, and, if they
use Notes Mail, a mail file. After the administrator has registered the new
user and installed the client software on the user’s workstation, they must run
setup at that workstation.
To run the client setup program, choose Start, Programs, Lotus
Applications, Lotus Notes. The setup wizard asks a series of questions and
uses the answers to configure all of the client connections. During setup,
users are asked to provide the following information:
➤ Notes name

➤ ID file, to which they must know the password


03 0789729180 CH02 10/21/03 2:39 PM Page 25

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
25
. . . . . .

➤ Name of mail server

➤ Names of Internet mail server, newsgroup server, and directory server


for Internet address searching (optional)
➤ Whether to connect to the Internet through a proxy server (optional)

➤ Whether to set up a schedule for replicating mail (optional)

For all these options, users are asked whether the physical connection
method is a local area network or a dial-up modem.

Clients can create new or modify existing connections at any later time by choosing
File, Preferences, Client Reconfiguration Wizard, or by creating connections directly
in their Personal Address Book (names.nsf).

Deploying Notes User Authentication—


Notes ID
Domino uses ID files to identify users and to control access to servers. Every
Domino server and Notes user must have an ID in order to authenticate. ID
files are created during the registration process. A user ID file contains:
➤ The owner’s name—A user ID file may also contain one alternative name.

➤ A permanent license number—This number indicates that the owner is


legal and specifies whether the owner has a North American or
International license to run Domino or Notes.
➤ At least one Notes certificate from a certifier ID—A Notes certificate is a
digital signature added to a user ID or server ID. This signature, which
is generated from the private key of a certifier ID, verifies that the name
of the owner of the ID is correctly associated with a specific public key.
➤ A private key—Notes uses the private key to sign messages sent by the
owner of the private key and to decrypt messages sent to its owner.
➤ Internet certificates (optional)—An Internet certificate is used to secure
SSL connections and encrypt and sign S/MIME mail messages.
➤ One or more secret encryption keys (optional)—Encryption keys are created
and distributed by users to allow other users to encrypt and decrypt
fields in a document.
03 0789729180 CH02 10/21/03 2:39 PM Page 26

26 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Maintaining Notes User IDs


When ID files are created, the certificates on the ID are stamped with an
expiration date. After the expiration date, the ID becomes unuseable. Before
a user ID reaches its expiration date, the administrator should recertify it
using the original certifier ID. The user ID is recertified without renaming
the user.
Administrators can use the Certificate Expiration view to determine which
certifiers need to be recertified. Access this view from within certlog.nsf from
the Files tab in the Administrator client. All certifiers are listed by expiration
date within the By Expiration Date view.

A user whose ID is close to expiring will start to receive a warning message every day
starting three months before the expiration date. At that time, the user can ask the
administrator to update the ID file. If the ID file expires, it becomes unuseable and the
administrator must either recertify a backup ID or create a new ID for the user.
Administrators should be checking the certlog.nsf and monitoring the IDs coming up
for expiration, allowing them to be proactive about preventing IDs from expiring.

If a user loses or damages an ID file or forgets a password, the user can work
with administrators to recover the ID file from backup. Administrators must
have a database within which they have saved a backup copy of each user ID
they want to recover. When the user notifies the administrator of a problem
with the ID, the administrator must detach the backup copy of the ID from
the database. He can then send the copy of the user ID to the user, and pro-
vide the user with the recovery password required to recover the ID file.

Usually, users need to be in contact with an administrator by phone in order to


receive the recovery password, because they can’t access their mail file without
their ID.

Applying Policy Documents


Using a policy, administrators can control how users work with Notes. A pol-
icy is a document that identifies a collection of individual policy settings doc-
uments. Each of these policy settings documents defines a set of defaults that
apply to the users and groups to which the policy is assigned. After a policy
is in place, administrators can easily change a setting, and it will automati-
cally apply to those users to whom the policy is assigned.
03 0789729180 CH02 10/21/03 2:39 PM Page 27

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
27
. . . . . .

Policy settings documents cover these administrative areas:


➤ Registration

➤ Setup

➤ Desktop

➤ Mail archiving

➤ Security

Applying Policies During New User


Registration
Ideally, administrators should plan and create policies before they register
and set up users. Then, during user registration, they can assign the policies.
If users are already registered, administrators can plan and create policies,
but they cannot assign any registration and setup policy settings, because
those apply only once, during user registration and setup.
There are two types of policies: organizational and explicit. An organiza-
tional policy automatically applies to all users registered in a particular orga-
nizational unit. An explicit policy assigns default settings to individual users
or groups.
To plan and assign policies, administrators should complete the following
steps:
1. Determine which settings to assign to all users in specific organization-
al units. For these settings, create organizational policies.
2. Determine which settings to assign to individual users or groups. For
these settings, create explicit policies.
3. Register users and assign explicit policies during registration.

Applying Policies to Existing Users


Administrators can assign explicit policies manually in one of three ways:
during user registration, in the Person document, or by using the Assign
Policy tool.
03 0789729180 CH02 10/21/03 2:39 PM Page 28

28 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Assigning Explicit Policies in the Person Document


When the administrator wants to change policies for one or a few users, he
can assign or change a user’s explicit policies directly in the Person docu-
ment. Changes to the Desktop, Security, or Archive policy settings that are
associated with an explicit policy can be distributed this way. Changes to a
user’s settings that were previously defined using registration and setup pol-
icy settings are not made retroactively, so administrators would need to make
any changes to those settings manually in the Person document; for example,
roaming user settings can be defined in a Registration policy setting docu-
ment, but administrators can’t change a user’s roaming user status by chang-
ing the Registration policy setting document for that user.

Assigning Explicit Policies Using the Assign Policy Tool


Administrators also have the option of assigning an explicit policy using the
Assign Policy tool. Administrators should use this tool when they want to
make changes to multiple users or groups. Administrators can distribute
changes to the Desktop, Security, or Archive policy settings that are defined
in explicit policies using this tool. When changing the explicit policy for a
user or group using this tool, administrators have the option of viewing the
way the policy assignment change impacts the effective policy for that user
or group.
03 0789729180 CH02 10/21/03 2:39 PM Page 29

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
29
. . . . . .

Exam Prep Questions


Question 1
Which of the following is not true of the Domino Utility server?
❍ A. Includes an integrated Web server
❍ B. Provides application services
❍ C. Provides mail services
❍ D. Provides support for clusters

Answer C is correct. The Domino Utility server provides application servic-


es only, with support for Domino clusters. The Domino Utility server is a
new installation type for Lotus Domino 6 that removes client access license
requirements and can be hosted on multiple platforms. There is NO support
for messaging services, and none of the Domino servers can host ASPs.

Question 2
Cam was installing a Domino R6 server and encountered the following error:
“An error occurred during setup. The file server.id already exists.”
55% of the setup had already completed. Cam confirmed that there was a server.id
left over from a previous attempt at the setup process. What can he do to fix the
problem?
❍ A. Go back and correct the problem and either continue with the setup or
cancel the setup.
❍ B. Domino will automatically fix the problem and continue with the setup.
❍ C. Cam must exit out of setup, fix the problem, and restart setup again.
❍ D. Cam must exit out of setup and reinstall the server software before
attempting the setup process again.

Answer A is correct. The new Domino 6 server setup allows you to go back
and correct any problems, and then continue with the setup or you can
choose to cancel the setup. Answer B is incorrect because Domino has never
“fixed” problems in setup automatically, and answers C and D are incorrect
because the administrator does not have to halt setup in R6 to fix errors.
03 0789729180 CH02 10/21/03 2:39 PM Page 30

30 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Question 3
Bert is upgrading his Domino server to R6 in order to be able to take advantage
of policy documents. Which of the following statements is true about policy-
based administration?
❍ A. Policy documents can be defined for either organizations or servers.
❍ B. Policy documents can be defined for either organizations or organiza-
tional units (OUs).
❍ C. Policy documents can be defined for either users or servers.
❍ D. Policy documents can be defined for groups, users, or servers.

Answer B is correct. Policy documents can be defined for organizations or


organizational units. An organizational policy is automatically applied at the
organization level, and organizational unit policy is automatically applied to
an organizational unit. Policies can also be explicit. Policies can never be
applied to servers—only to users.

Question 4
A user at Acme Company received a message indicating that his ID was about
to expire. The user ignored the warning, and the ID eventually expired. What
must happen before the user can use the ID again?
❍ A. A new Person document must be created for the user.
❍ B. The administrator must extend the expiration date on the expired ID.
❍ C. The ID file must be recertified by an administrator.
❍ D. The user must request a recovery password from the administrator to
unlock his ID file.

Answer C is correct. ID files contain expiration dates. To assign a new expi-


ration date, you must recertify the ID file. Expired IDs cannot be recovered,
so answer D is incorrect. Answer B is incorrect because once an ID file has
expired, the expiration date cannot be extended. Answer A is incorrect
because the ID file is not stored on the Person document—it is stored local-
ly on the workstation.
03 0789729180 CH02 10/21/03 2:39 PM Page 31

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
31
. . . . . .

Question 5
Which of the following is true of a partitioned server installation?
❍ A. Partitioned servers share the same Domino data directory.
❍ B. Partitioned servers share the same Domino program directory.
❍ C. Partitioned servers share the same NAMES.NSF.
❍ D. Partitioned servers share the same NOTES.INI.

Answer B is correct. Domino server partitioning lets you run multiple


Domino servers on a single computer. Using partitioned servers reduces
hardware expenses and minimizes the number of computers that you have to
administer. Each partitioned server has its own Domino data directory and
NOTES.INI file and data files, so answers A, C, and D are incorrect.

Question 6
Which of the following is not true about the Server registration process?
❍ A. An ID file is created for the server.
❍ B. The server name is added to the LocalDomainServers group in the
Domino Directory.
❍ C. The MAIL.BOX is created on the server.
❍ D. A new Server document is created for the server in the Domino
Directory.

Answer C is correct. The server registration process creates an ID file for the
server, a Server document, adds the server to the LocalDomainServers group
and adds an entry for the server in CERTLOG.NSF. The MAIL.BOX file
does not get created until the server is started for the first time.

Question 7
Joan created a group in the Domino Directory, but after saving and closing the
group, she can’t find it listed in the Groups view. Which type of group did she
create?
❍ A. A Mail-only group
❍ B. A Multipurpose group
❍ C. A User group
❍ D. A Deny Access group
03 0789729180 CH02 10/21/03 2:39 PM Page 32

32 Chapter
. . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Answer D is correct. The Deny Access list denies access to users listed in the
group. A Deny Access group usually contains former employees of compa-
nies in which the user may still have their Notes ID file. The Deny Access
group type doesn’t display in the Groups view of the Domino Directory, but
rather displays in a separate Deny Access Groups view.
03 0789729180 CH02 10/21/03 2:39 PM Page 33

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
33
. . . . . .

Need to Know More?


Gunther, Jeff and Randall Tamura. Special Edition Using Lotus Notes
and Domino 6. Indianapolis, IN: Que Publishing, 2003.
Installing Domino Servers: www-12.lotus.com/ldd/doc/uafiles.nsf/
docs/Domino6PR2/$File/install.pdf.

Webcast: Lotus Live! Series: What’s New in Notes/


Domino 6 Administration: http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci857398,00.html.

Webcast: Preparation & Test Taking Strategies with


Lotus Education Managers: http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci876208,00.html.
03 0789729180 CH02 10/21/03 2:39 PM Page 34
04 0789729180 ch03 10/21/03 2:32 PM Page 35

3
Mail
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Domino Named Network (DNN) ✓ MTSTORE.NSF
✓ Notes Remote Procedure Call (NRPC) ✓ Mail usage reports
✓ MAIL.BOX ✓ ISpy
✓ Router ✓ Delivery failure
✓ Routing tables ✓ Archiving policy
✓ Connection document ✓ Mail quota
✓ Routing cost ✓ Warning threshold
✓ Pending mail ✓ Encryption
✓ Dead messages/mail ✓ Public key
✓ Held mail ✓ Private key
✓ Shared mail ✓ Location document
✓ Message tracking

Techniques you’ll need to master:


✓ Defining the role of the DNN in message ✓ Controlling mail archiving through policies
transfer and settings
✓ Scheduling mail routing between servers ✓ Controlling mail file size by implementing
using Connection documents mail quotas and warning thresholds
✓ Monitoring and maintaining mail routing ✓ Understanding the role of the public and
✓ Troubleshooting mail-routing problems private keys in encryption
using administrative tools ✓ Setting workstation preferences and loca-
tions to use mail
04 0789729180 ch03 10/21/03 2:32 PM Page 36

36 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

This chapter outlines the basic messaging-configuration options that enable


the Domino administrator to set up servers for mail routing and to monitor
and troubleshoot mail routing within the Domino network. The chapter also
covers basic messaging settings such as mail-archiving policies, mail quotas,
and mail encryption. We finish the chapter with a brief look at configuring
the Notes client workstation to work with different locations for both local
and server-based mail.
For the purposes of the exam, it is important to understand when mail routes
automatically within a Domino Named Network, as opposed to mail that
needs to be scheduled between networks with a Connection document. As
with every chapter, it’s also important to learn and memorize the console
commands related to routing.

Server Messaging Configuration


Configuring the Domino servers for mail routing involves understanding
how mail routes between servers based on the server’s Domino Named
Network (DNN). A DNN is a group of servers in a given Domino domain
that share a common protocol and are constantly connected. The adminis-
trator must then be capable of creating any necessary Connection documents
and using tools to help monitor and maintain routing. A Connection docu-
ment is a document that contains all of the settings necessary to schedule
mail routing between servers in different DNNs.

Setting Up and Configuring Mail Routing


By default, Domino uses Notes Remote Procedure Calls (NRPC), also called
Notes routing, to transfer mail between servers. Notes routing uses infor-
mation in the Domino Directory to determine where to send mail addressed
to a given user. Notes routing moves mail from the sender’s mail server to
the recipient’s mail server.
A user creates a mail message in the mail database. When the user sends the
message, a workstation task called the MAILER transfers the message to the
MAIL.BOX database on the user’s server (also known as the user’s mail serv-
er or home server). MAIL.BOX is the transfer point for all messages being
routed to and from a server. The ROUTER task polls MAIL.BOX and asks
two questions about the messages waiting to be routed:
➤ Where this message should be delivered—to which recipients on which
servers?
➤ How this message should be delivered—which routes and connections
should be used?
04 0789729180 ch03 10/21/03 2:32 PM Page 37

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
37
. .

The router consults its routing tables to determine where the recipient’s mail
database is stored. Routing tables are built in memory on the server when the
router first starts and are refreshed every few minutes. These routing tables
are built using information in various documents in the Domino Directory—
Person documents, Connection documents, Domain documents, and so on.
The location of the recipient’s mail database determines how the message is
dispatched by the router. A recipient’s mail database can be stored in any of
the following locations:
➤ On the same server as the sender’s mail database—If the sender and the
recipient share the same mail server, the message is delivered immedi-
ately and the Router task is not involved in the message transfer. The
Router task is invoked only for transfer to another server.
➤ On a different server in the same DNN—If the Server document for the
destination server is found within the Domino Directory, the router
checks that document to determine the network information for the
server.
➤ On the ports—On the Notes Network Ports tab of the Server document,
the server is assigned to one or more DNNs. As you learned earlier, a
DNN is a group of servers in a given Domino domain that share a com-
mon protocol and are constantly connected. If the two servers share a
DNN, the Router immediately routes the message from the MAIL.BOX
file on the sender’s server to the MAIL.BOX file on the recipient’s server.

Because mail routes automatically between servers in the same DNN, you do not
need to create any Connection documents to facilitate mail routing. Mail routing
within a DNN is always automatic and instantaneous.

➤ On a server in a different DNN within the local Domino domain—When


servers are members of two different DNNs, the Domino administrator
must create connections between the two networks.
➤ On a server in an external Domino domain—In this case, the Router must
find a Connection document between domains or must route the mes-
sage using SMTP, configured to route outside of the local domain.

The exam will likely use scenario questions to test your ability to understand mail
routing between servers, based on your understanding of DNNs and domains. When
taking the exam, you may find it helpful to draw a diagram of servers with labels for
each of the server names. Then place a circle around each of the servers in the same
DNN so that you’re able to clearly see where automatic mail routing occurs and
where it needs to be scheduled by the administrator.
04 0789729180 ch03 10/21/03 2:32 PM Page 38

38 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up and Configuring Message


Distribution Using Schedules
By default, when using Notes routing, Domino can transfer messages only to
other servers in the same DNN. To extend Notes routing beyond a single
DNN, you must create Connection documents in the Domino Directory
and specify a routing schedule. Domino does not automatically create
Connection documents for mail routing.
The best way to prepare for this exam topic is to practice creating sample
Connection documents and populating all of the settings. If you’re able to
configure some Domino servers and clients, practice putting two Domino
servers in different DNNs and practice scheduling mail routing between the
two servers with Connection documents.
To schedule Notes routing using a Connection document, follow these steps:
1. From the Domino Administrator, click the Configuration tab and
expand the Messaging section.
2. Click Connections.

3. Click the Add Connection button.

4. On the Basics tab, enter the names of both the source (originating) and
target (destination) servers, as well as their domain names and the
name(s) of the network ports that the two servers will use to connect.
Optionally, you can also enter a network address for the target.
5. Click the Schedule tab and complete the following fields in the
Scheduled Connection section:
➤ Schedule—Choose either Enabled to use this schedule to control
connections between the specified servers, or Disabled to cause the
server to ignore the schedule.
➤ Connect at Times—Enter a time range during which you want mail to
route. The default is 8 a.m. to 10 p.m.

For 24-hour mail routing, enter 12 a.m. to 11:59 p.m.


04 0789729180 ch03 10/21/03 2:32 PM Page 39

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
39
. .

➤ Repeat interval of—The number of minutes between routing


attempts; the default is 360 minutes.
➤ Days of week—The days of the week when the server should use this
schedule and route mail. The default is to use this connection for
each day of the week.

6. Click the Replication/Routing tab and complete the following fields in


the Routing section:
➤ Routing task—Choose either Mail Routing to enable Notes mail
routing between the servers, or SMTP Mail Routing to enable rout-
ing in Internet mail to a server that can connect to the Internet
➤ Route at once if—The number of normal-priority messages that accu-
mulate before the server routes mail. The default is 5.

Entering a value of 1 in the Route at Once field causes each mail message to route
as soon as it is received in MAIL.BOX.

➤ Routing Cost—The relative cost of this server connection. This field


affects the building of least-cost routes in the router’s routing tables
on the server.
➤ Router Type—The router can route in one direction with either the
Pull or Push options, or the router can trigger two-way routing,
with either the Pull Push or the Push Wait options. In the case of
the Pull Push routing option, the router on the originating server
pushes mail to the destination server and then triggers the destina-
tion server to route mail back again. With the Push Wait routing
option, the source server first pushes to the target server and then
waits to receive a connection from the target. This last option is
usually used between servers with dialup connections.

New connections or changes to existing Connection documents take effect after the
next router configuration update, which typically occurs every 5 minutes on the
server, when the routing tables are refreshed. To put the new setting into effect
immediately, reload the routing configuration by entering the following console
command:
Tell router update config
04 0789729180 ch03 10/21/03 2:32 PM Page 40

40 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Forcing Mail to Route to a Specific Server


To force the server to immediately route all pending mail to another server, use
the Route command at the server console. Pending mail is mail that is sitting in
the MAIL.BOX waiting to be routed. The syntax of the command is as follows:
Route servername

The Route command initiates mail routing with a specific server. This command
overrides any mail-routing schedules that you create using Connection documents in
the Domino Directory. Use the Route command to send mail to or request mail from
a server immediately.

Here are some examples of how to use the Route command:


➤ Route ServerA/Acme—Sends mail to ServerA in the Acme organization.
The server console displays messages indicating when routing begins.
➤ Route “Server B/Acme”—Sends mail to Server B. Use quotes around server
names that are more than one word.
➤ Route *—Sends mail to all pending destinations.

In the exam questions, be sure to note which server is initiating the command. A
server cannot successfully route mail to itself; for example, if the administrator was
using the console on ServerA, the command Route ServerA would have no effect.
The exam questions will test your ability to read and understand which server con-
sole is being used to issue the commands.

If no mail is queued for routing, Domino ignores the Route command. Use
the Tell Router show command at the console to check for messages pending
for local delivery or to check for held mail—messages that the administrator
has configured the router to hold in order to examine them. Often the
administrator will configure the router to hold undeliverable messages in
order to examine them before releasing them, as in the case of spam. To
check which servers have mail queued, use this command at the console:
Tell Router show

As an alternative to using the console, the administrator can route mail directly from
the Server, Status tab in the Domino Administrator client interface. This interface
mimics the Route command at the console.
To route mail directly from the Server, Status tab, follow these steps:
1. From the Domino Administrator, click the Server, Status tab.
2. If necessary, click Tools to display the toolbar and then click Server, Route
Mail.
3. Under Route Mail with Server, enter the name of the server you want to route
mail to, or select the name of the server from the list.
4. Click Route.
04 0789729180 ch03 10/21/03 2:32 PM Page 41

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
41
. .

Monitoring and Maintaining Mail Routing


Domino provides the administrator with many tools to monitor and main-
tain mail routing between Domino servers. This section is designed to give
the reader a broad overview of many of the tools. Consult Domino
Administrator Help for detailed descriptions of how to use each tool.

For the purposes of the exam, it’s important to understand what each tool does, but
it’s not necessary to memorize each command or button in the interface. That being
said, the best way to study the monitoring tools is to use them in the Domino
Administrator interface so that you can recall the purpose of each tool.

Using the Messaging, Mail tab


The Domino Administrator client has an entire section dedicated to the
monitoring and maintaining of mail. The Domino administrator uses this
tab extensively during the work day. Using the Messaging, Mail tab, the
administrator can observe and monitor the following:
➤ Mail users—You can display a view of the Domino Directory that lists all
users by mail server and provides each user’s Notes mail address and
mail filename. From this view, you can add, edit, and delete Person doc-
uments and send upgrade notifications.
➤ Routing mailboxes—You can display the current contents of each
MAIL.BOX database on the server. Servers can be configured to have
multiple mailboxes using the Messaging Configuration document.
MAIL.BOX databases on the server can contain three types of undeliv-
erable messages: pending messages, designated with no icon; dead mes-
sages, designated by a stop-sign icon; and held messages, designated by a
red exclamation point.
➤ Pending messages—These messages are waiting to be routed by the router
on the server. Pending messages are not problematic for the administra-
tor unless they start to pile up in the MAIL.BOX, indicating that there
is a routing problem.
➤ Dead messages—These messages are “stuck” in MAIL.BOX because they
can’t be delivered to the recipient and they can’t deliver their failure to
the originator of the message. The most common cause of dead mail is
spam. The spammer guesses incorrectly the name of a person in your
mail system. When the router can’t deliver the message, it attempts to
deliver a failure to the spammer. The spammer has purposely not pro-
vided a way to return messages, so the message gets stuck in your serv-
er’s mailbox. In the case of spam, the administrator usually uses the
04 0789729180 ch03 10/21/03 2:32 PM Page 42

42 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

information in the dead message to assist in blocking spam and then


deletes the dead message. Dead messages might also indicate networking
or other problems with the company. In that case, the administrator cor-
rects the problem and then releases the dead message; the failure mes-
sage then is attempted again.
➤ Held messages—These messages are held because the administrator has
configured the server to hold mail for manual transfer. This is another
setting available in the Mail Configuration document. When you config-
ure the router to hold messages, each held message remains in
MAIL.BOX indefinitely and is processed only if an administrator releases
the message.

You can improve mail performance significantly by creating multiple MAIL.BOX


databases on a server. Using multiple MAIL.BOX databases removes contention for
a MAIL.BOX, allows multiple concurrent processes to act on messages, and increas-
es server throughput. As a further benefit, having multiple MAIL.BOX databases
provides failover in case one MAIL.BOX becomes corrupted. Watch for the exam to
mention using multiple MAIL.BOX databases as a way to improve messaging effi-
ciency. When this feature is enabled, the mailbox databases are named MAIL1.BOX,
MAIL2.BOX, and so on.

➤ Shared mail—You can display shared mail statistics from the Object
Store Usage view of the server’s Notes Log database. Shared mail, some-
times referred to as the Single Copy Object Store (SCOS), offers an
alternative to message-based mail, allowing servers to store a single copy
of messages received by multiple recipients in a special central database
or object store. By default, the Domino mail system employs a message-
based model for mail storage, delivering a separate and complete copy of
every document to each recipient’s mail file. To use disk space more effi-
ciently, the administrator can set up shared mail on each mail server
after setting up the Domino mail system.
➤ Mail routing status—You can displays a Java applet providing a graphic
representation of current mail.dead and mail.waiting statistics for this
server. Domino refreshes the information in this view at intervals of
approximately 1 minute.
➤ Mail routing events—You can display the Routing Events view of the
server’s Notes Log. This view enables the administrator to scan and
search through all console messages related to mail.
➤ Mail routing topology—You can display Java applets providing graphic
representations of the available routing paths defined by Connection
documents and Notes Named Networks.
04 0789729180 ch03 10/21/03 2:32 PM Page 43

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
43
. .

➤ Reports—You can display information from the server’s Reports database.


For more information, see the section “Generating Mail Usage
Reports,” later in this chapter.

Message Tracking
Domino administrators often get requests from users asking them to pin-
point where a mail message is at any given point in time. Domino has a mes-
sage-tracking system that is similar to the sophisticated tracking systems used
by courier companies to trace packages.
Message tracking enables the administrator to check the status of any message
that has been routed within the Domino network. Message tracking is con-
figured using the Message Tracking tab in the Messaging Configuration doc-
ument. Because message tracking isn’t enabled by default, the administrator
must enable it in the Configuration document and complete the fields to
establish the settings for message tracking.
When you configure mail tracking, you can specify which types of informa-
tion Domino records. For example, Domino administrators can decide
whether to track message subjects, they can disable tracking for certain
groups of users, and they can decide who should be allowed to track messages
from server to server.
The Mail Tracker Collector task (MTC) reads special mail tracker log files
(MTC files) produced by the router and copies certain messaging information
from them to the MailTracker Store database (MTSTORE.NSF). The
MailTracker Store database is created automatically when you enable mail
tracking on the server. When an administrator searches for a particular mes-
sage, Domino searches the MailTracker Store database to find the information.

The Mail Tracker Collector differs from the Statistics Collector (Collect task), which is
responsible for gathering statistical information about servers.

When Message Tracking has been enabled, the administrator can issue track-
ing requests using the Messaging, Tracking Center tab of the Domino
Administrator client. The administrator issues the request by clicking the
New Tracking Request button and completing the fields in the New
Tracking Request dialog box, as illustrated in Figure 3.1.
04 0789729180 ch03 10/21/03 2:32 PM Page 44

44 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 3.1 The Messaging, Tracking Center tab of the Domino Administrator.

The administrator clicks OK to complete the request. Domino then displays


summary results that include the sender’s name, recipient, delivery time, and
message subject, if subject tracking is allowed. The administrator can then
select a message and click Track Selected Message. When the message has
been found, Domino displays the following information about the message:
delivery status, mailbox status, previous server, next server, unique message
ID, inbound message ID, outbound message ID, inbound originator, out-
bound originator, subject, disposition time, message arrival time, and mes-
sage size in bytes.

Generating Mail Usage Reports


Over time, the Domino MailTracker Store database (MTSTORE.NSF)
accumulates valuable data about message-routing patterns on the server. The
Domino administrator can then generate mail usage reports from this data.
For example, you can generate reports of recent messaging activity, message
volume, individual usage levels, and heavily traveled message routes. You can
use the Reports database (REPORTS.NSF) to generate and store mail usage
reports. The Reports database is typically created automatically when you set
up the first server in the domain, or the administrator can manually create
the Reports database from a template.
On the Messaging, Mail tab, the administrator locates the Reports database
at the bottom of the left navigation pane and either generates a new report
04 0789729180 ch03 10/21/03 2:32 PM Page 45

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
45
. .

with the New Report button or opens an existing report. The administrator
then completes all of the fields in the Create New Report dialog box. Here
is a list of some of the types of reports that can be created:
➤ Top 25 users by count

➤ Top 25 users by size

➤ Top 25 senders by count

➤ Top 25 senders by size

➤ Top 25 receivers by count

➤ Top 25 receivers by size

➤ Top 25 most popular “next hops”

➤ Top 25 most popular “previous hops”

➤ Top 25 largest messages

➤ Message volume summary

➤ Message status summary

Mail usage reports provide important information that you can use to resolve
problems and improve the efficiency of the mail network. In addition, this
information is valuable when you plan changes or expansions to the mail net-
work. For example, you can generate reports that show the 25 users who
received the most mail over a given period of time (a day, a week, a month,
and so forth) or the volume of mail sent by a specified user over some inter-
val. With this information, you can identify users who might be misusing the
mail system. Other reports show the most frequently used next and previous
hops, enabling you to assess compliance with mail-use policies.
Agents stored in the Reports database let administrators schedule reports on
a one-time, daily, weekly, and monthly basis. By default, Domino generates
scheduled reports at midnight at the interval you specify—daily, weekly, or
monthly. When a report query is run, the active report agent examines the
data collected in the Domino MailTracker Store database to generate the
resulting report. You can configure a report to save results in the Reports
database or mail results to one or more administrators. Saved reports are
organized in the Reports database under several different views.

You cannot generate mail reports if servers are not configured to do message track-
ing. Reports are generated using the information collected in MTSTORE.NSF on each
server. For reporting and tracking to be most effective, message tracking should be
enabled on all or most Domino servers in the domain.
04 0789729180 ch03 10/21/03 2:33 PM Page 46

46 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Mail-Routing Event Generators


To monitor a mail network, you can configure mail-routing event generators
to test and gather statistics on mail routes. These event generators are also
known as mail probes. In essence, a mail probe “pokes” at a server’s router to
see how quickly that server responds to mail requests.
To test a mail route, the ISpy task sends a mail-trace message to a specified
user’s mail server. This event generator creates a statistic that indicates the
amount of time, in seconds, that it takes to deliver the message. If the mail-
routing trace fails, the statistic has the value -1. If the Statistic Collector task
is running, the Monitoring Results database (STATREP.NSF) stores the sta-
tistics. The format of a mail routing statistic is as follows:
QOS.Mail.RecipientName.ResponseTime

In addition, the ISpy task monitors the local mail server by default and gen-
erates events for traces that fail. To monitor other Domino mail servers, cre-
ate a mail probe and set up an event handler to notify you when an event has
occurred. Probes are created in Domino Administrator by clicking the
Configuration tab and then opening the Monitoring Configuration view.
Open the Event Generators, Mail view; then click New Mail Routing Event
Generator and complete the fields.

The ISpy task must be running on the server to generate the statistics gathered by the
mail probe. To check whether this task is running on the server, enter Show Tasks at
the server console. If the ISpy task isn’t running, start the task using the command
Load runjava ISpy. Add the ISpy task to the server’s NOTES.INI file if you want the
task to start up the next time the server restarts. The notation of the ISpy task is case
sensitive; the task will not initiate if the command is entered as ispy or Ispy.

Troubleshooting Routing Problems


A variety of error conditions can prevent Domino from properly sending and
delivering mail. These topics describe common mail-routing problems and
tools you can use to help resolve them.

Delivery Failure Reports


A delivery failure is a message that is returned to the sender indicating that the
message was not delivered successfully. Delivery failures are generated for
one of two reasons:
➤ The address of the mail recipient is incorrect.

➤ The connection to the recipient is not available or is not working.


04 0789729180 ch03 10/21/03 2:33 PM Page 47

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
47
. .

Users should always try to resend a memo for which they receive a delivery
failure report. In resending, the user is presented with the opportunity to fix
the address of the recipient. When a memo has been resent once and the user
is certain that the address is correct, the user should alert the administrator
to the problem so that the administrator can investigate mail connections
and server routes.

Mail Trace
To troubleshoot mail routing or test mail connections, trace a mail delivery to
test whether a message can be successfully delivered without actually sending
a test message. The results of the trace are returned to the administrator’s mail
database in the form of a mail message, listing every server in the route.
1. From the Domino Administrator, click the Messaging, Mail tab.

2. If necessary, click Tools to display the toolbar.

3. From the toolbar, click Messaging, Send Mail Trace.

4. Address the message to the person you want to trace. Choose Last Router
Only to receive a message from the last server to successfully route the
message; otherwise, you’ll receive a message from each server hop.

Mail-Routing Topology Maps


Mail-routing topology maps are useful to track mail-routing problems
between servers because the administrator has a pictorial view of the con-
nections between servers in the domain. To create a mail-routing topology
map, follow these steps:
1. From the Domino Administrator, click the Messaging, Mail tab.

2. Choose one of the two available views:

➤ Mail Routing Topology by Connections

➤ Mail Routing Topology by Named Networks

Console Commands Used to Troubleshoot Mail Routing


In the interest of saving time, many Domino administrators use console
commands where possible instead of using the equivalent option in the
Domino Administrator interface. For this reason, Lotus often includes sev-
eral exam questions related to console commands in all exams. The follow-
ing is a listing of console commands that are helpful in troubleshooting
mail-routing problems or in displaying mail-related information:
04 0789729180 ch03 10/21/03 2:33 PM Page 48

48 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Tell Router Delivery Stats—Shows router delivery statistics


➤ Tell Router Compact—Compacts MAIL.BOX and cleans up open router
queues. You can use this command to compact MAIL.BOX at any time.
If more than one MAIL.BOX is configured for the server, each
MAIL.BOX database will be compacted in sequence.

By default, MAIL.BOX is automatically compacted at 4 a.m.

➤ Tell Router Show Queues—Shows mail held in transfer queues to specific


servers and mail held in the local delivery queue.
➤ Tell Router Exit or Tell Router Quit—Stops the router task on a server.
➤ Load Router—Starts the router task on a server.
➤ Tell Router Update Config—Updates the server’s routing tables to imme-
diately modify how messages are routed. This removes the 5-minute
delay before a router configuration change takes effect.

Basic Messaging Settings


The following sections address a few of the basic settings that can be applied
to mail and messaging. Other messaging settings are covered in more detail
in the Mail chapters in this book related to the other exams (Chapter 8,
“Mail,” for Exam 621, and Chapter 17, “Resolving Server Problems,” for
Exam 622).

Creating Archiving Policies


An archiving policy is a document that defines and can control the settings for
mail archiving for users in the domain. For the first time in Domino Release
6, administrators can centrally control mail file archiving using policies.
Archiving is particularly useful for mail databases because users typically save
both sent and incoming mail, causing the mail file to increase in size.
Archiving the mail file frees up space and improves the performance of the
mail database by storing documents in an archive database when they are old
or not in use anymore.
04 0789729180 ch03 10/21/03 2:33 PM Page 49

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
49
. .

The mail archive database is a Notes database and can be accessed like any
other Notes database. The views in a user’s mail archive mirror the views in
the mail file. The archive includes the folder hierarchy of the original mail
database, enabling users to easily find and read messages in the archive.
Mail file archiving is a three-step process that includes selecting documents
(deciding which ones should be archived), copying files to an archive data-
base, and performing mail file cleanup.
When you use policies to manage archiving, you use either server-based
archiving or client-based archiving. The terms server-based and client-based
don’t refer to the storage location for the archive, but rather to where the
archiving process occurs: either on a server or on the client’s workstation.
The server performs archiving using the Compact task. The administrator
triggers the server to archive by scheduling the running of the Compact task
using a Program document. Client-based archiving assumes that the user will
be initiating the archiving process, which means that the workstation must
be running for archiving to be successful.

If the user schedules client-based archiving when the workstation is not running,
archiving will not occur.

An Example of How to Use Policies to Manage


Mail Archiving
The administrator at Acme Corporation has had difficulty controlling or
supporting users who want to archive mail. She plans to use policy-based
archiving to solve some of the following problems and issues related to mail
archiving:
➤ Acme needs a centralized archive server.

➤ Space is limited on the current mail server.

➤ Because archiving increases network traffic, Acme wants all mail archiving
to happen during off-peak hours.
➤ To ensure consistency, users must not be allowed to control their archive
settings. Archive settings will be implemented and changed only by
administrators.
➤ Users within different organizational units will need to have slightly
different archiving settings.
04 0789729180 ch03 10/21/03 2:33 PM Page 50

50 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

To resolve Acme’s archiving issues, the administrator uses these Archive


policy settings and applies them to all users via organizational policies:
➤ Server-based archiving is enabled from a mail server to a designated
archive server.
➤ Archive settings are centrally managed and enforced by the administra-
tor; users are prohibited from changing or creating archive settings.
➤ Archiving is scheduled to be server-based and will occur during off-peak
hours.
➤ Optionally, the administrator can implement pruning (removing attach-
ments and body of mail, but leaving header information intact), which
might help conserve server disk space.

Creating an Archive Policy Settings Document


Setting up mail file archiving is a two-step process: You must create the fol-
lowing three documents in the Domino Directory:
➤ The Archiving Settings document(s)—This specifies whether users are
allowed to archive. If they are, all further archiving settings are created
in this document.
➤ The Archive Criteria Settings document(s)—This document is created from
within the Archiving Settings document. The criteria determine which
documents are archived and how the mail file is cleaned up.
➤ The Policy document that references the correct Archiving Settings document—
This policy refers to the correct Archiving Settings document and might
also refer to other Settings documents.

The Archiving Settings document specifies whether to allow archiving either


centrally by administrators or privately by Notes users. If you prevent all
archiving, that is essentially the only setting listed in your Archiving Settings
document. You must then reference that Settings document in your Policy
document. If you prevent private archiving, the Archiving Settings document
determines how documents in the user’s mail file are archived, and users can-
not change these settings or create private archive settings.
If you allow archiving, use the Archiving Settings document to define
whether archiving is server-based or client-based, to specify source and des-
tination archive servers, and to set the archive schedule. You can also change
the name and location of the default archive log file if you want.
04 0789729180 ch03 10/21/03 2:33 PM Page 51

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
51
. .

Implementing Mail Quotas


Users can receive and save a high volume of email, including their own sent
messages, in their mail files. Large mail files can overwhelm a server’s disk
capacity and reduce the performance of the mail client. Because you gener-
ally cannot provide users with unlimited storage space, set a size limit, or
database quota, for each mail file; these limits are called mail quotas. When
delivering mail to a user’s mail file, the router checks the current size of the
mail file against the specified mail quota.
You can set two types of size limits on a user’s mail file: a warning threshold
and an absolute quota size. Set a warning threshold to provide users with
advance notice when their mail files approach the designated mail file quota,
so they can reduce the size of their mail files before message flow is inter-
rupted. Set a quota if you intend to establish a policy of interrupting users’
mail usage if their mail files exceed a specified size.

You must set a quota before you can set a warning threshold.

You can configure the router to respond in several ways when a mail file
exceeds its quota, each representing a higher level of enforcement. The least
restrictive response is to have the router issue automatic notifications to users
when their mail files exceed the quota. If users fail to respond to notifications,
you can hold pending messages in MAIL.BOX or return messages to the
senders as undeliverable until the users reduce the size of their mail files.
Along with the methods the router uses to enforce quotas, the Notes client
displays a warning to any user who has exceeded the designated warning
threshold or quota whenever the user attempts to send mail.

Setting the Quota or Warning Threshold on a Mail Database


You can set quota limits and warning thresholds in one of two ways:
➤ During registration—Quotas specified during registration apply only to
new users, not to existing users. You can also set mail quotas before reg-
istration by listing the quota information in the Registration Policy doc-
ument and applying this document during registration.
➤ Per database—Using the Domino Administrator, you can manually speci-
fy the warning threshold and quota of one or more mail files. This
method works for any database, including the mail database. Quotas and
warning thresholds are set using the Quotas tool in the File Tab of the
Administrator client.
04 0789729180 ch03 10/21/03 2:33 PM Page 52

52 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Understanding Mail Encryption


Encryption protects data from unauthorized access. Using Notes and
Domino, you can encrypt the following:
➤ Mail messages sent to other users—Encryption can be applied to outgoing
messages, in which case an unauthorized user cannot read the message
while it is in transit. You can also encrypt saved and incoming messages.
➤ Network ports—Information can be encryption when being sent between
a Notes workstation and a Domino server, or between two Domino
servers, thereby preventing unauthorized users from reading the data
while it is in transit.
➤ SSL transactions—You can use SSL to encrypt information sent between
an Internet client, such as a Notes client, and an Internet server, to pre-
vent unauthorized users from reading the data while it is in transit.
➤ Fields, documents, and databases—Application developers can encrypt
fields within a document, an entire document, and local databases,
allowing only the specified users to read the information.

The Role of Public and Private Keys in Mail Encryption


Domino uses public and private keys so that data encrypted by one of the
keys can be decrypted only by the other. The public and private keys are
mathematically related and uniquely identify the user. Both keys are stored
in the ID file. The certificate containing the public key is also stored in the
user’s Person document in the Domino Directory, where it is available to
other users.
Domino uses two types of public and private keys: Notes and Internet. You
use the Notes public key to encrypt fields, documents, databases, and mes-
sages sent to other Notes users; the Notes private key is used for decryption.
Similarly, you use the Internet public key for S/MIME encryption and the
Internet private key for S/MIME decryption. For both Notes and Internet
key pairs, electronic signatures are created with private keys and verified with
public keys.
To properly understand mail encryption, it is best to use a scenario. Let’s say
that John wants to send an encrypted mail message to Carol. John and Carol
both work for Acme Corporation and are listed in the Domino Directory.
John creates the mail message and chooses to encrypt it in the Delivery
Options for the message. When he pushes the Send button, his Notes work-
station encrypts the message by applying three keys:
04 0789729180 ch03 10/21/03 2:33 PM Page 53

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
53
. .

1. John’s public key from his user ID

2. John’s private key from his user ID

3. Carol’s public key from her Person document in the Domino Directory

While the message is in transit, the body of the message is encrypted. When
Carol receives the message, her workstation decrypts it using the private key
located on her ID file.

Only the Body field in a mail message is encrypted. The only key that can decrypt the
message is the recipient’s private key, which is mathematically related to the public key
and is only stored on the ID file. The To, cc, bcc, and Subject fields are not encrypted
and can be read by anyone who can access the message in the mail database.

In general, mail sent to users in an external domain cannot be encrypted.


However, if the recipient of the mail uses Lotus Notes and the sender has
access to the recipient’s public key, the sender can encrypt the mail message.
The recipient’s public key can be stored in the Domino Directory, in an
LDAP directory to which the sender has access, or in the sender’s Personal
Address Book. If a user attempts to send an encrypted message to someone
and the user can’t access the recipient’s public key, encryption will fail at the
time of sending, prompting the user with an error message that asks whether
to continue sending the message in unencrypted format.

User Messaging Configuration


Users can configure their workstations with a number of different settings
that affect mail and mail routing. Nearly all of these settings are configured
using documents in the user’s Personal Address Book (NAMES.NSF). Most
users lack the expertise and interest to configure their own workstations, so
administrators often sit down at the user’s client machine to configure the
workstation on behalf of the user, for the sake of efficiency and accuracy. For
the purposes of the exam, it’s important to be familiar with the documents in
the Personal Address Book that relate to messaging configuration: specifi-
cally, the Location document and the Connection document.

User Preferences Related to Mail


Users have a number of options available to them for dictating how the work-
station processes and handles mail. The user accesses these settings by choos-
ing File, Preferences, User Preferences, Mail. The following is a list of settings
in the General section of the User Preferences dialog box (see Figure 3.2):
04 0789729180 ch03 10/21/03 2:33 PM Page 54

54 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Configuration—Lists the user’s local address books and an optional alter-


nate mail memo editor
➤ Sending—Indicates whether sent mail is saved and whether sent mail is
automatically signed or encrypted
➤ Forwarding—Indicates whether a forwarding prefix is used

➤ Receiving—Specifies the polling interval in minutes that the workstation


uses to check for new mail
➤ When New Mail Arrives—Enables the user to choose the interface
prompt for new mail: sound, pop-up, and so on

Figure 3.2 The Mail, General section of the User Preferences dialog box.

Additionally, an Internet mail preferences section lists preferences for


Internet mail.

Setting Workstations for Different Locations


Users can specify mail settings, such as whether to use their mail on a server
or use their local replica, from the Mail tab of a Location document. A Location
document contains communication and location-specific settings for use
with the Notes client. The user switches locations to change the way in
which the workstation sends, receives, and stores mail.
Here is a brief description of the main fields on the Mail tab of the Location
document:
04 0789729180 ch03 10/21/03 2:33 PM Page 55

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
55
. .

➤ Mail File Location—Select On Server to use the mail file directly on a


server, or select Local to use a local replica of the mail file. When the
user uses a local replica, Notes transfers outgoing mail to a local outgo-
ing mailbox (MAIL.BOX) until replication occurs.
➤ Mail File—The path to the mail file. Notes opens the mail file that you
specified in this field when the user chooses a mail command from the
main menu, clicks the Mail icon in the Bookmark bar or Welcome page,
or forwards a mail message.
➤ Domino Mail Domain—The name of the Domino domain.

➤ Internet Domain for Notes Addresses When Connecting Directly to the


Internet—The name of the Internet domain to use if the user has set up
any Internet mail accounts.
➤ Recipient Name Typeahead—Where the typeahead feature looks for mail
addresses.
➤ Format for Messages Addressed to Internet Addresses—Notes Rich Text
Format allows all messages over the Internet to be sent as plain text,
while MIME Format converts the message to MIME format before
sending.
04 0789729180 ch03 10/21/03 2:33 PM Page 56

56 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Exam Prep Questions


Question 1
When is mail routed between servers that are in the same Domino Named
Network?
❍ A. Immediately
❍ B. Every 10 minutes
❍ C. According to the schedule in the Connection document
❍ D. When there are five messages pending

Answer A is correct. The router immediately routes mail to servers in the


same Notes Named Network. The messages are immediately routed from
the MAIL.BOX file on the sender’s server to the MAIL.BOX file on the
recipient’s server. Because servers in a Notes Named Network share a com-
mon protocol and are always connected, you do not need to create
Connection documents for mail routing.

Question 2
Debbie, the Domino administrator, has noticed that one of her servers is pro-
cessing a huge volume of mail compared to the other two mail servers in her
domain. What can she do to increase mail throughput in the server?
❍ A. Enable multiple router tasks
❍ B. Enter the following setting in the server’s NOTES.INI:
MailServerThreads = 3
❍ C. Change the users’ Location documents to send mail directly to the
destination server
❍ D. Enable multiple MAIL.BOX databases on the server

Answer D is correct. She can configure the Domino server to route mail
using multiple MAIL.BOX databases. A substantial performance improve-
ment can be gained by multiple MAIL.BOX databases because the router can
push messages through more than one transfer point.
04 0789729180 ch03 10/21/03 2:33 PM Page 57

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
57
. .

Question 3
A TCP/IP networking problem caused mail to stop transferring between ServerA
and ServerB. After fixing the networking problem, what command should the
administrator use to manually router mail from ServerA to ServerB?
❍ A. Route Mail ServerB
❍ B. Route ServerB
❍ C. Tell Router Route ServerB
❍ D. Send Mail ServerB

Answer B is correct. The administrator can issue the Route command to ini-
tiate mail routing with a specific server. Issuing the Route command overrides
any mail-routing schedules that have been created using Connection docu-
ments in the Domino Directory. For server names that contain multiple
words or spaces, enclose the entire name in quotes.

Question 4
Using the Domino console, what command can the Domino administrator use
to determine which servers have mail waiting to be transferred in MAIL.BOX?
❍ A. Tell Router Config
❍ B. Tell Router Show Queues
❍ C. Load Router
❍ D. Tell Router Quit

Answer B is correct. To display mail held in transfer queues to specific


servers, the administrator would issue the console command Tell Router Show
Queues.

Question 5
Where are Person documents stored?
❍ A. In MAIL.BOX on the server
❍ B. In the Domino Directory on the server
❍ C. In names.nsf on the workstation
❍ D. In log.nsf on the server
04 0789729180 ch03 10/21/03 2:33 PM Page 58

58 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Answer B is correct. Person documents are stored in the Domino Directory


(names.nsf) on the server. In previous releases, the Domino Directory was
sometimes referred to as the Public Address Book or the Name and Address
Book (NAB).

Question 6
Sean needs to ensure that all mail is routed between servers in the same
Domino Named Network. How many Connection documents should he create?
❍ A. 1
❍ B. 2
❍ C. 0
❍ D. One for every pair of servers in the domain

Answer C is correct. Mail is routed immediately by the router to servers in


the same Domino Named Network. The messages are immediately routed
from the MAIL.BOX file on the sender’s server to the MAIL.BOX file on the
recipient’s server. Because servers in a DNN share a common protocol and
are always connected, you do not need to create Connection documents for
mail routing.

Question 7
Which of the following best describes mail servers that the ISpy task monitors
by default?
❍ A. All mail servers
❍ B. The local mail server only
❍ C. All servers in the domain
❍ D. None

Answer B is correct. By default, the ISpy task monitors the local mail server
on which it is running. However, you can monitor other Domino mail
servers by creating probe documents. The ISpy task must be running to
monitor the server.
04 0789729180 ch03 10/21/03 2:33 PM Page 59

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
59
. .

Question 8
Sean needs to ensure that all mail is routed between ServerA and ServerB. The
two servers are not in the same Domino Named Network. What should Sean do
to schedule mail routing between the two servers?
❍ A. Create Connection documents in the Domino Directory
❍ B. Create Connection documents in the names.nsf on his workstation
❍ C. Create a Domain document in the Domino Directory
❍ D. Nothing—the two servers will route mail automatically

Answer A is correct. When two servers are not in the same Domino Named
Network, mail routing must be configured using at least one Connection
document in the Domino Directory.
04 0789729180 ch03 10/21/03 2:33 PM Page 60

60 Chapter
. . . . .3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Need to Know More?


Tulisalo, Tommi et al. Upgrading to Lotus Notes and Domino 6. IBM
Redbooks, 2002. Also available on the Web at www.redbooks.ibm.
com/. For references to mail, consult Chapter 9, “New Messaging
Administration Options.”
Gunther, Jeff and Randall Tamura. Special Edition Using Lotus Notes
and Domino 6. Indianapolis, Indiana: Que Publishing, 2003.
Lotus Domino 6 Technical Overview: www-10.lotus.com/ldd/
today.nsf/3c8c02bbcf9e0d2a85256658007ab2f6/
089a22f9f8a573af85256a1b00782950?OpenDocument. For references to
mail, consult the section “Messaging.”
Webcast: “Lotus Live! Series: What’s New in Notes/Domino 6
Administration.” http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci857398,00.html.

Webcast: “Preparation and Test Taking Strategies with Lotus


Education Managers.” http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci876208,00.html.
05 0789729180 CH04 10/21/03 2:46 PM Page 61

4
Managing and Maintaining
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Full-text index ✓ Program document
✓ Web server ✓ LOG.NSF
✓ HTML ✓ DOMLOG.NSF
✓ Home URL ✓ Memory cache
✓ Character set mapping ✓ Timeout
✓ Execution Control List (ECL) ✓ Web Site rule
✓ Agent signer ✓ Web Administrator
✓ Network compression ✓ EVENTS4.NSF
✓ Design template ✓ Live console
✓ Refresh and Replace Design ✓ Central directory
✓ Compact ✓ Distributed directory
✓ Fault recovery ✓ Policy synopsis
✓ Fixup

Techniques you’ll need to master:


✓ Deploying applications for the Notes client ✓ Maintaining the integrity of a database
and the Web client ✓ Monitoring the Domino server environ-
✓ Deploying applications based on other ment: monitoring server tasks, managing
characteristics, such as document size and and monitoring log files, maintaining Web
coding content services, and configuring administration
✓ Managing the design of a database using monitoring tools
both the Design task and replication ✓ Migrating from a distributed to a central
✓ Understanding the role of the workstation directory
ECL ✓ Creating a policy synopsis
✓ Effectively monitoring application size
05 0789729180 CH04 10/21/03 2:46 PM Page 62

62 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

In this chapter, we discuss many of the maintenance tasks that an adminis-


trator would perform in order to maintain Domino servers and applications.
Some of these tasks are performed on a scheduled basis—once a day or once
a week, for example—whereas others are performed in an ad hoc or on an as-
needed basis.
In this chapter, we show you how to deploy many different kinds of Domino
applications. We then show you how to manage and maintain an application’s
design, size, and integrity. The latter half of the chapter is devoted to server
monitoring—all the different ways the administrator can monitor the tasks
and processes running on a server.
This is likely one of the more tedious chapters you’ll read, because adminis-
trators rarely enjoy maintenance and monitoring—configuring and trou-
bleshooting are much more fun! However, the material presented here is just
as important to an exam scenario as the material in other chapters. In fact,
there are more competencies listed for this chapter than for any of the other
chapters for the 620 exam.

Application Deployment
One of the administrator’s most critical day-to-day jobs is to ensure that
applications are implemented and maintained properly, so that users and
servers can access data in a timely manner. In the sections that follow, we
show how different kinds of Domino applications are deployed, based on
where they are stored, what types of information they contain, and which
types of clients will access the application. For the purposes of this and other
chapters, the word “application” is synonymous with “database.”

Deploying Server-Based Applications


The following are some of the tasks that an administrator should complete
in order to deploy a database in production. Domino Administrators must
have Manager access in the database Access Control List (ACL) to perform
these tasks. Follow these steps to deploy server-based applications:
1. Set up the database ACL for users and servers that require access. If
there will be multiple replicas of a database, make sure that the data-
base ACL lists the name of each server containing a replica. If the
database uses roles, all roles should be assigned to each server so that
the server can successfully replicate all documents.
05 0789729180 CH04 10/21/03 2:46 PM Page 63

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
63
. . . . . .

2. Verify that server access is set up correctly in the Server document.


Without proper access to the server, users and servers won’t have
access to databases on that particular server.
3. Copy the new database to a server. Consider server disk space, topolo-
gy, and network protocols; for example, there must be adequate disk
space on the server to store the database, and the server’s resources
must be sufficient for the number of clients who will access the data-
base. Placing a database on a cluster requires that you consider cluster
resources.
4. Verify that the database appears in the Open Database dialog box as
specified in the Database Properties box.
5. Decide which servers require replicas of the database and then create
the replicas on those servers. Consider the purpose and size of the
database, the number and location of users who need access to the
database, and the existing replication schedules between servers.
6. Create or edit Connection documents to schedule replication. For
more information on scheduled replication, consult Chapter 5,
“Replication,” in this book.

Optionally, the administrator might want to consider performing some or all


of the following tasks, none of which are absolutely necessary to successful
database deployment, but which may enhance the user’s experience with the
database.
➤ Create About This Database and Using This Database documents—These
documents help to provide valuable information to the user about where
and how to seek out help for the database.
➤ Create a full-text index—A full-text index is a collection of files that
indexes the text in a database to allow Notes to process users’ search
queries. Creating this index for the database allows users to perform
full-text searches.
➤ Create a Mail-In Database document—If the database is designed to
receive mail, you must create a Mail-In Database document in the
Domino Directory.
➤ List the database in the database catalog—This assists users in finding data-
bases on different servers.
➤ Publish the database in a database library—Administrators can create data-
base libraries that list the database name, filename, location, and a brief
05 0789729180 CH04 10/21/03 2:46 PM Page 64

64 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

description of the database. A library allows a user to “browse” through


a listing of databases in order to find one of interest easily.
➤ Add the database to the Domain Index—If an application database will be
useful to a wide audience, include the database in the Domain Index.
➤ Notify users that the database is available—Provide the database title, file-
name, and server location. Administrators can also provide a link to the
database in an email so that users can easily launch the database.

Deploying HTML-Based Applications


Domino provides an integrated Web application server that can host Web
sites that both Internet and intranet clients can access, and can serve pages
that are stored in the file system or in a Domino database. When a Web
browser requests a page in a Domino database, Domino translates the docu-
ment into HTML. HyperText Markup Language (HTML) is an Internet-
standard language that allows text to be rendered to the Web browser client.
When a Web browser requests a page in an HTML file, Domino reads the
file directly from the file system. The Web server then uses HTTP to trans-
fer the information to the Web browser. A Web server is a Domino server
that is running the HTTP task to allow Web client access to data.
Domino looks for individual HTML, CGI, and icon files in specific directo-
ries on the server’s hard drive. The administrator can change the URL path
for icons and CGI program files. The URL path is where Domino looks for
icons or CGI programs when it encounters a reference in the HTML code
to one of these.
Mapping rules are set in the Server document, on the Internet Protocols,
HTTP tab, in the “Mapping” section. The following list offers a basic
description of each of the mapping rules:
➤ Home URL—The URL command to perform when users access the
Web site without specifying a resource; for example, the user simply
types http://www.acme.com.
➤ HTML Directory—The directory that will be used to find HTML files if
a URL does not specify a path; for example, http://www.acme.com/welcome.
html.The default path is domino\html, relative to the Domino data
directory.
➤ Icon Directory—The directory where icon files are located, either a rela-
tive or fully qualified path.
05 0789729180 CH04 10/21/03 2:46 PM Page 65

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
65
. . . . . .

➤ Icon URL Path—The URL path that is used to map to the icon directory.
The default is /icons; for example, the URL http://servername/icons/
abook.gif returns the file c:\lotus\domino\data\domino\icons\
abook.gif.
➤ CGI Directory—The default directory where CGI programs are located.
The default is domino\cgi-bin.
➤ CGI URL Path—The URL path that is used to map to the default CGI
directory. The default is cgi-bin; for example, the URL http://servername/
cgi-bin/test123.pl runs the CGI program c:\lotus\domino\data\domino\
cgi-bin\test123.pl.
➤ Java Applet Directory—The directory where the Domino Java applets are
located. The default is domino\java.
➤ Java URL Path—The URL path that is used to access files in the default
Java directory. The default is /domjava.

Deploying Web Applications for


Internationalization
Domino uses the default character set and character set mapping selection to
generate HTML text for the browser. Character set mapping is a “map” or
template used by the Web server to generate character sets for HTML text.
For international users who need to see text in nonwestern languages, the
administrator needs to make changes to the settings. The character set set-
ting affects all databases on the server.
Character set mapping is specified in the Server document on the Internet
protocols tab, on the Domino Web Engine tab, under “Character Set.” The
following list describes the character set mapping options:
➤ Default Character Set Group—Choose a character set group to allow users
to choose their preferred character set when they create or edit docu-
ments. The default is Western.
➤ Use UTF-8 for Output—Choose Yes to generate pages using UTF-8;
choose No (default) to generate pages using the character set mapping
selected by the administrator.
➤ Use Auto-Detection if Database Has No Language Information—Choose Yes
to detect automatically the language to use for the database if no default
language is selected on the Design tab of the Database Properties box;
choose No (default) to use the language specified by the Use UTF-8 for
Output field.
05 0789729180 CH04 10/21/03 2:46 PM Page 66

66 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

If the language is specified for a database on the Design tab of the Database
Properties box, Domino uses that language for text in the database.

➤ Character Set in Header—Choose Yes (default) to add the character set to


the “Content-Type” HTTP header of an HTML page; choose No to
exclude the characters from the HTTP header of an HTML page. This
option should be used if there are early versions of browsers that do not
understand the character set tag in the HTTP header.
➤ Meta Character Set—Choose Yes to add the character set to the
<META> tag of an HTML page; choose No (default) to exclude the
character set from the <META> tag of an HTML page.

Deploying Applications Based on Coding:


Formula Language, LotusScript,
JavaScript, C
There are several ways in which an administrator can protect and restrict
users and servers from executing unauthorized code. An administrator can
restrict and control how agents run on the Domino server, and the adminis-
trator can also dictate which code gets executed on the client workstation
through the deployment of an Execution Control List (ECL). The following
sections detail each of these methods.

Controlling Agents That Run on a Server


To control the types of agents users can run on a server, the administrator
must set up restrictions for server agents in the Security section of the Server
document. The fields in this section are organized hierarchically with regard
to privileges. “Run Unrestricted Methods and Operations” has the highest
level of privilege and “Run Simple and Formula Agents” has the lowest.

A user or group name in one list will automatically receive the rights of the lists
beneath. Therefore, a name has to be entered in only one list, which then gives that
user the highest rights.

Here is the list of fields in the Programmability Restrictions section of the


Security tab on the Server document:
05 0789729180 CH04 10/21/03 2:46 PM Page 67

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
67
. . . . . .

➤ Run Unrestricted Methods and Operations—The names of users and groups


who are allowed to select, on a per agent basis, one of three levels of
access for agents signed with their ID. Users with this privilege select
one of three access levels when they are using Domino Designer 6 to
build an agent. Those levels include Restricted Mode, Unrestricted
Mode, and Unrestricted Mode with Full Administration Rights.

To have the ability to run agents in Unrestricted Mode with Full Administration Rights,
the agent signer should be listed in this field, or in the Full Access Administrator field,
as well as have this mode selected in the Agent Builder. Being listed in the Full Access
Administrator list alone is not sufficient to run agents in this mode. The agent signer
is the last user to save the agent, thereby signing it with their user ID.

➤ Sign Agents to Run on Behalf of Someone Else—The names of users and


groups who are allowed to sign agents that will be executed on anyone
else’s behalf. The default is blank, which means that no one can sign
agents in this manner.

This privilege should be used with caution because the name for whom the agent is
signed is the name used to check ACL access in the database when the agent runs.

➤ Sign Agents to Run on Behalf of the Invoker of the Agent—The names of


users and groups who are allowed to sign agents that will be executed on
behalf of the invoker, when the invoker is different from the agent sign-
er. This setting is ignored if the agent signer and the invoker are the
same. This is used currently only for Web agents. The default is blank,
which means that everyone can sign agents invoked in this manner (this
is for backward compatibility).
➤ Run Restricted LotusScript/Java Agents—The names of users and groups
allowed to run agents created with LotusScript and Java code, but
excluding privileged methods and operations, such as reading and writ-
ing to the file system. This field should be left blank to deny access to
all users and groups.
➤ Run Simple and Formula Agents—The names of users and groups allowed
to run simple and formula agents, both private and shared. Leave the
field blank to allow all users and groups to run simple and formula
agents, both private and shared.
05 0789729180 CH04 10/21/03 2:46 PM Page 68

68 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Sign Script Libraries to Run on Behalf of Someone Else—The names of users


and groups who are allowed to sign script libraries in agents executed by
someone else. For the purposes of backward compatibility, the default
value is to leave the field empty, to allow all.

Be careful when studying fields on the Server document that allow or restrict access.
For some fields, blank allows everyone, whereas for other fields, blank allows no one.

The Execution Control List (ECL)


An ECL protects user workstations against active code from unknown or sus-
pect sources, and can be configured to limit the action of any code that runs
on workstations. The ECL determines whether the signer of the code is
allowed to run that code on a given workstation, and defines the access that
the code has to various workstation functions. For example, an ECL can pre-
vent another person’s code from running on a computer and damaging or
erasing data. Figure 4.1 shows the ECL within the User Security dialog box.

Figure 4.1 The workstation ECL as displayed in the User Security dialog box.

There are two kinds of ECLs:


➤ The administration ECL, which resides in the Domino Directory

➤ The workstation ECL, which is stored in the user’s Personal Address


Book
05 0789729180 CH04 10/21/03 2:46 PM Page 69

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
69
. . . . . .

The administration ECL is the template for all workstation ECLs. The
workstation ECL is created when the Notes client is first installed. The setup
program copies the administration ECL from the Domino Directory to the
Notes client to create the workstation ECL. For this reason, the administra-
tion ECL should be evaluated and modified prior to the installation of the
majority of Notes clients.
A workstation ECL lists the signatures of trusted authors of code. “Trust”
implies that the signature comes from a known and safe designer. For exam-
ple, every system and application template shipped with Domino or Notes
contains a signature for the Lotus Notes Template Development.
Administrators should ensure that every template and database within the
organization contains the signature of either a trusted application developer
or the administrator. Administrators can easily sign design elements using
the Sign tool in the Files tab of the Domino Administrator.
Workstation ECLs can be altered and maintained even after they have been
created on client setup. Administrators can deploy updates to the worksta-
tion ECL through one of the following methods:
➤ Using a Security policy settings document (explained in detail at the end
of Chapter 6, “Security”)
➤ Using the @Refresh ECL function, through a memo or common data-
base event
➤ Having users update their ECLs through the User Security dialog box

Deploying Applications Based on Document


Characteristics: Document Size
When an administrator deploys an application and wants to reduce the
amount of data transmitted between a Notes workstation and Domino serv-
er or between two Domino servers, he can enable network compression for
each enabled network port. Network compression is a style of compression
that speeds up data transmission either between a Notes client and a Domino
server or between two Domino servers.
For compression to be successful, the administrator must enable it on both
sides of a network connection. To enable compression for a network port on
a server, the administrator chooses the Configuration tab in the Domino
Administrator by selecting Tools, Server, Setup Ports. To enable compres-
sion on network ports on Notes workstations, the administrator can use a
05 0789729180 CH04 10/21/03 2:46 PM Page 70

70 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

setup or Desktop policy settings document. The user can also enable net-
work compression on client ports using the User Preferences dialog box.

The benefits of using network compression can only be realized if the data being trans-
mitted is not already compressed. In the case of a network dial-up service such as the
Microsoft Remote Access Service (RAS), which includes built-in compression,
enabling compression on Notes network ports does not provide any additional benefit.

There is also a new Domino R6 database property that the administrator can
enable to save space in documents in a database, called “Use LZ1
Compression for Attachments.” Administrators can now choose to compress
attachments using the new LZ1 algorithm instead of the older Huffman
algorithm. Because LZ1 compression can be performed quickly and effi-
ciently, it is favored over the Huffman method.

If the administrator is working in an environment that uses different versions of


client and server software (for example, a Lotus Domino Designer 6 client and an
R5 server) and he chooses the LZ1 compression option, attachments are automat-
ically recompressed on the server using the Huffman method. For best perform-
ance, administrators should use LZ1 in primarily Domino 6 environments.

Managing Application Design


Design changes are typically not made directly in a database after the data-
base goes into production and there are users actively creating, editing, and
deleting documents. Usually a separate database called a template is created
to allow the designer to make and test new design changes before migrating
those changes to the production copy of the database.

Distributing Application Design Changes


Using the Design Task
Before design changes can be copied from the template to the production
database, the administrator must designate the template as a Master Design
template in the Database Properties box. Then, he must set the Database
Properties of the Production database to inherit design changes from the
template.
The name that is used as the Master Design template name must match up
with the name used in the inheriting database. It often saves confusion if the
template name is the same as or similar to the filename of the template itself.
05 0789729180 CH04 10/21/03 2:46 PM Page 71

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
71
. . . . . .

Figure 4.2 shows the Database Properties of a database that has been desig-
nated as a Master Design template.

Figure 4.2 The Design tab of the Database Properties box showing a database designated as a
Master Design template.

Figure 4.3 depicts the properties of the production database that inherits
design changes from the template designated as the Master Design template
(the properties of which you saw in Figure 4.2). Note that the template name
is exactly the same in each properties list.
After the relationship between the template and the production database has
been established through the database properties of both the template and
the database, the administrator is ready to update the design of the produc-
tion database through a Design Refresh.
The administrator can refresh the design of a database either manually or
automatically. If the Master Design template and the production database
are both located on the same server, the Design task on the server will initi-
ate the Design Refresh automatically. The Design task is scheduled to run
on the server every day at 1:00 a.m. The administrator can change the tim-
ing of the Design tasks by editing the notes.ini file on the server, and chang-
ing the number in the following line:
ServerTasksAt1 = Design
05 0789729180 CH04 10/21/03 2:46 PM Page 72

72 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 4.3 The Design tab of the Database Properties box.

The administrator also has the option of scheduling the Design task using a
Program document. A Program document is a document that is used to auto-
matically run a server task at a specific time.
If the Master Design template and the database are not located on the same
server, the administrator must refresh the design of the production database
manually by opening the production database and initiating the File,
Database, Refresh Design command. The administrator is prompted to
choose the location of the template (server or local). The Design Refresh
then proceeds as long as there is a related template in the location specified
by the administrator.

The Refresh Design command is similar to another command called Replace Design.
The Refresh Design command updates the production database with any design ele-
ments that have been added, changed, or deleted since the last Design Refresh. The
Replace Design command deletes the design of the production database and com-
pletely replaces it with the design of the chosen template. The Replace Design
command is often invoked when the administrator wants to upgrade a database
from one version of a template to another (for example, R5 to R6 mail), or when he
suspects that the database could be corrupted, and he wants to replace the design
of the database without affecting the actual Data documents.
Watch out for exam questions that may try to confuse you as to how these com-
mands differ. Refresh is a partial refresh based on changes, whereas Replace is com-
plete replacement of design elements.
05 0789729180 CH04 10/21/03 2:46 PM Page 73

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
73
. . . . . .

Replicating Design Changes


When the administrator invokes the Refresh Design command either man-
ually or by scheduling the Design task, only the Design documents are trans-
ferred from the Master Design template to the production database. This
transfer happens only in one direction, and does not affect the ACL of the
database or the Data documents.
The administrator can also rely on replication to transfer design changes
from one database to another. There are two major differences between the
Design Refresh and replication:
➤ Replication transfers the ACL, Design documents, and Data documents,
not just the Design documents as in a Design Refresh.
➤ Replication can be bidirectional, whereas the Design Refresh can occur
in only one direction.

Most designers prefer to manage design changes through the use of Design
templates and Design Refreshes. This method provides designers several
advantages:
➤ They can carry out rigorous testing of their design elements using sam-
ple data in the template, without worrying about having that data trans-
fer to the production database.
➤ They can maintain a separate ACL for the template.

➤ They can better manage and control the frequency of the design updates
through the Refresh command than with replication. You must have at
least Designer access to the production database to be able to initiate a
Design Refresh, but anyone with Depositor access and above could initi-
ate a replication between replicas.

Application Maintenance
There are many tasks that an administrator should perform on a daily, week-
ly, and as-needed basis to keep database applications in good working order.
In this section, we focus on some of the database maintenance tasks related
to managing database size, maintaining data integrity, and maintaining
groups.
05 0789729180 CH04 10/21/03 2:46 PM Page 74

74 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Monitoring Application Size


When an administrator effectively monitors and minimizes database size,
database applications typically show increased performance. Database opera-
tions require less I/O and fewer CPU resources, view indexing and updating
is faster, and memory and disk space allocation is improved. The maximum
database size in Domino R6 is 64GB on the Windows and Unix platforms.
The administrator has a variety of methods and tools at his disposal to help
control and minimize database size:
➤ Compact databases—When documents and attachments are deleted from
a database, Domino tries to reuse the unused space rather than immedi-
ately reduce the file size. Administrators should regularly compact data-
bases so that the fragmented or “white space” can be reused effectively.
Compact is the process by which a database is compressed, in order to
reclaim space freed by the deletion of documents and attachments. The
Compact command can be issued manually from within the database
properties or by invoking the Load Compact command at the server
console. Most administrators choose to schedule Compact to run at an
off-peak time on a daily or weekly basis through the use of a Program
document.
➤ Set database size quotas to prevent databases from growing beyond a specified
size—Quotas are set using the tools on the Files tab of the Domino
Administrator client. When a database reaches its quota, users receive an
error message stipulating that the database has exceeded its quota. Data
cannot be saved in the database until the file size has been reduced.
➤ Delete inactive documents using the document archiving tool or using agents—
Archiving allows the administrator to move old or inactive documents to
an archive database, thus freeing up space in the production database.
➤ Disable soft deletions in databases—Documents that have been soft deleted
remain in the database until the specified time interval has passed.
➤ Disable the default user activity recording in databases—By default, each
database logs and records information about each user who has read or
written to and from the database. Disabling this feature in the database
properties reduces the size of the database.

To prevent Statlog from automatically recording activity in User Activity dialog


boxes, add No_Force_Activity_Logging=1 to the NOTES.INI file on the server. Then,
the administrator can enable activity recording per database, as needed.
05 0789729180 CH04 10/21/03 2:46 PM Page 75

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
75
. . . . . .

The administrator can further control database size by setting database per-
formance properties that also reduce database size. There are several settings
in the Database Properties box that can be set to help reduce database size:
➤ Allow Use of Stored Forms in This Database—This option should be dese-
lected so that the form isn’t saved with every document in the database.
➤ Don’t Maintain Unread Marks—This option should be selected so that
the database doesn’t have to track unread documents for each user.
➤ Limit Entries in $UpdatedBy Fields; Limit Entries in $Revisions Fields—This
option limits the entries in both of these fields, saving space.

In addition to the options in the preceding list that help control and reduce
application size, the administrator should use the following tools on a daily
or as-needed basis to monitor database size:
➤ Domino Administrator Files tab—The Files tab lists all files stored on the
Domino server, from the root data directory through all subdirectories.
The administrator can use the Files tab to quickly glance at the database
size as well as the quota and warning amounts set on each database. This
Files view can be sorted in ascending or descending order by size.
➤ Log file (LOG.NSF): Database—Sizes view—Similar to the Files tab, the
Notes log for the server has a sizes view that lists each database with its
corresponding size. The Statlog task on a server runs by default once a
day at 5:00 a.m., at which time it reports database activity for databases
on the server in Database Activity Log entries in the Usage—By Date
and Usage—By Size views of the log file (LOG.NSF) and to the User
Activity dialog box of individual databases.

Maintaining Data Integrity


Domino server crashes can cause data corruption in applications. New in
Domino R6, the administrator can set up fault recovery to automatically han-
dle server crashes. When the server crashes, it shuts itself down and then
restarts automatically, without any administrator intervention. A fatal error
such as an operating system exception or an internal panic terminates each
Domino process and releases all associated resources. The startup script
detects the situation and restarts the server. Fault recovery is enabled on the
Basics tab of the Server document. Here is a listing of the fields on the Server
document related to fault recovery:
➤ Fault Recovery—Specifies whether the server automatically restarts fol-
lowing a crash.
05 0789729180 CH04 10/21/03 2:46 PM Page 76

76 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Cleanup Script Name—Specifies the name of an optional script that runs


after a crash and before any other cleanup takes place. Enter the com-
plete path and script name, including file extension.
➤ Cleanup Script Maximum Execution Time—Specifies the time, in seconds
that the cleanup script is allowed to run. If the script does not complete
within the specified interval, it is stopped.
➤ Maximum Fault Limits—Specifies the number of times the server is
allowed to restart during a specified time period, in minutes; for exam-
ple, two faults within 7 minutes. If the number of crashes exceeds the
number of allowed restarts for the interval, the server exits without
restarting.
➤ Mail Crash Notification to—Specifies the name of a user or group that
Domino sends mail to after server restart.

Domino records crash information in the data directory. When the server
restarts, Domino checks to see if it is restarting after a crash. If it is, an email
is sent automatically to the person or group in the “Mail Fault Notification
to” field. The email contains the server name, the time of the crash, and, if
available, the FAULT_RECOVERY.ATT file is attached, detailing addition-
al failure information from the cleanup script.

The fault-recovery system is initialized before the Domino Directory can be read.
During this initialization, fault-recovery settings are read from the NOTES.INI file,
and then later read from the Domino Directory and saved back to the NOTES.INI
file. Any changes to the Domino Directory or the NOTES.INI file become effective
when the Domino server is restarted.

When the server restarts after a crash, it quickly searches for any unlogged
databases that were modified but improperly closed. A few minutes after
server startup is complete, the Fixup task then runs on these databases to
attempt to fix any inconsistencies that resulted from partially written opera-
tions caused by a failure.
The administrator can also invoke the Fixup task manually with the follow-
ing console command:
Load fixup databasepath options

databasepath specifies the files on which to run Fixup and options indicates the
Fixup command-line options.
05 0789729180 CH04 10/21/03 2:46 PM Page 77

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
77
. . . . . .

Domino Server Monitoring and


Maintenance
Not only does the Domino Administrator monitor and maintain database
applications, but he must also monitor and maintain the Domino servers
themselves. Server monitoring can involve a huge range of tasks that are per-
formed by the administrator or by a team of administrators. For the purpos-
es of this exam, we examine how to monitor server tasks, how to manage log
files, how to maintain and monitor Web services, and how to configure some
of the available server monitoring tools.

Monitoring Server Tasks


Server tasks perform complex administration procedures, for example, com-
pacting databases, updating indexes, transferring mail, gathering statistics,
and running agents. The administrator has several options for invoking serv-
er tasks:
➤ Run a server task manually by loading the task at the server console.

➤ Run a server task manually by using the Domino Administrator Task,


Start tool.
➤ Run the task automatically when the server starts by adding the name of
the task to the ServerTasks= line in the server’s NOTES.INI file.
➤ Run the task automatically by editing or adding ServerTasksAt settings
in the NOTES.INI file. (The number that follows the “At” is the time
according to the 24-hour clock.)
➤ Create a Program document in the Domino Directory to run a task at
scheduled intervals.

To start tasks, administrators often use the console commands. To load a task, enter
the word load, followed by the task name; for example, load router, load adminp,
load updall. To stop a task using the console, the administrator enters the tell task
quit command; for example, tell router quit, tell replica quit. By using the console
interface and memorizing the names of the most common commands, administrators
can quickly start and stop tasks.

The administrator can also use the Domino Server Monitor on the Server,
Monitoring tab of the Administrator client (see Figure 4.4). This tab displays
real-time statistics and provides a graphical representation of the status of
servers and server tasks. You can view all servers or a subset of servers, and
you can view the status by state or by time line. Many administrators use this
05 0789729180 CH04 10/21/03 2:46 PM Page 78

78 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

view when they first log in to get a quick, accurate picture of what is running
on each server.

Figure 4.4 The Server, Monitoring tab of the Domino Administrator.

Monitoring and Managing Log Files


Every Domino server has a log file (LOG.NSF) that reports all server activi-
ty and provides detailed information about databases and users on the serv-
er. The log file is created automatically when you start a server for the first
time. The server cannot start without a log. The log for each server can be
accessed on the Server, Analysis tab of the Domino Administrator client (see
Figure 4.5).
By default, the log file records information about the Domino server system.
Because the log file can become quite large, it is important to manage its size.
The administrator can control the size of the log file automatically, using
NOTES.INI settings, user preferences, and other settings. For example, the
Log setting in the NOTES.INI file determines how long documents are
maintained before being deleted from the log file.

By default, documents in the log are deleted after seven days. You must do a com-
plete backup of the information in the log at least once a week to ensure that you
have accurate historical log information for the server.
05 0789729180 CH04 10/21/03 2:46 PM Page 79

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
79
. . . . . .

Figure 4.5 The Design Miscellaneous Events view of the Notes Log, shown in the Server, Analysis
tab of the Domino Administrator.

The Log setting in the NOTES.INI file on the server specifies the contents
of the log file and controls other logging actions. There is no UI option to
control this particular setting—the administrator must edit the INI file
directly. The syntax of the command is as follows:
Log = logfilename, log_option, not_used, days, size

The following list details each portion of the preceding command:


➤ logfilename—The log database file name, usually LOG.NSF
➤ log_option—The log options: 1 = Log to the console; 2 = Force database
fixup when opening the log file; 4 = Full document scan
➤ not_used—Always set to zero; this parameter is not currently used
➤ days—The number of days to retain log documents
➤ size—The size of log text in event documents

Example:
Log = LOG.NSF,1,0,14,20000

This setting ensures that the log file documents are kept for 14 days and can
contain up to 20,000 bytes. All log information is also sent to the console.
05 0789729180 CH04 10/21/03 2:46 PM Page 80

80 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

In addition to monitoring the Domino server log (LOG.NSF), the adminis-


trator also has the option of setting up logging for the Web server. Web serv-
er logging is configured on the Server document on the Internet Protocols,
HTTP tab, as shown in Figure 4.6. Domino Web server requests can be
logged to a database or to text files. Remember the following points when
choosing:
➤ Text files—Text files are smaller and can be used with third-party analysis
tools.
➤ Domino Web Server Log (DOMLOG.NSF)—Logging to a database allows
the administrator to create views and view data in different ways.
However, the size of the database can become large so that maintenance
becomes an issue.

Figure 4.6 The Log File Names section of the Server document.

The administrator can choose to log to both text files and to the DOMLOG.NSF data-
base. These options are not mutually exclusive, but would result in duplicate infor-
mation being logged.

Monitoring and Managing Web Services


The administrator has control over many settings that control the operation
and performance of the Web server. A Domino server is considered to be a
Web server when it is running the HTTP task. The HTTP task can be start-
ed automatically by adding it to the ServerTasks= line in the server’s
NOTES.INI file, or by issuing the Load HTTP command at the server con-
sole.
After the Web server has been started, the administrator can use different
documents in the Domino Directory to configure the Web server services.
05 0789729180 CH04 10/21/03 2:46 PM Page 81

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
81
. . . . . .

Managing the Memory Cache on the Web Server


Mapping information about databases and authenticating users can take valu-
able server time. To optimize response time, Domino uses a memory cache
(command cache) to store this information. The memory cache stores the
information for quick access.
To monitor the effectiveness of the memory cache settings, the Domino
Administrator can look at the Domino.Cache statistics using the Server,
Statistics tab of the Domino Administrator client.
To manage memory cache on a Web server, open the Server document and
choose Internet Protocols, Domino Web Engine. Under Memory Caches,
complete the following fields:
➤ Maximum Cached Designs—The number of database design elements to
cache for users. The default is 128.
➤ Maximum Cached Users—The number of users to cache. The default is 64.

➤ Cached User Expiration Interval—The time interval in seconds during


which Domino regularly removes usernames, passwords, and group
memberships from the cache. The default is 120.

Specifying the Number of Threads Used by the Web Server


An HTTP request is processed by a thread. A server thread, in turn, can han-
dle a number of network connections. The administrator can specify the
number of threads the Web server can process. In general, the number of
threads specified is an indication of the number of users who can access the
server simultaneously.
If the number of active threads is reached, the Domino server queues new
requests until another request finishes and threads become available. The more
power the server machine has, the higher the number of threads the adminis-
trator should specify. Web server threads are set and changed on the Server
document, on the Internet Protocols, HTTP tab. The administrator must
enter a number in the Number Active Threads field. The default number is 40,
which means that there could only be approximately 40 users connected to the
Web server at one time.

Specifying Network Timeouts on the Web Server


Open, inactive sessions can prevent other users from accessing the server.
Administrators should specify time limits for activities between the Domino
Web server and clients or CGI programs so connections do not remain open
if there is no network activity between them.
05 0789729180 CH04 10/21/03 2:46 PM Page 82

82 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Network timeouts on the Web server are specified on the Server document
on the Internet Protocols, HTTP tab in the Timeouts section (see Figure
4.7). A timeout is the amount of time that passes before Domino drops an
inactive thread.

Figure 4.7 The Timeouts section of the Server document.

The following list describes the available timeout options:


➤ HTTP Persistent Connections—Indicates whether persistent HTTP con-
nections should be enabled on the Web server.
➤ Maximum Requests per Persistent Connection—The maximum number of
HTTP requests that can be handled on one persistent connection. The
default is five.
➤ Persistent Connection Timeout—The length of time for which persistent
connections should remain active. The default is 180 seconds.
➤ Request Timeout—The amount of time for the server to wait to receive
an entire request. The default is 60 seconds. If the server doesn’t receive
the entire request in the specified time interval, the server terminates the
connection.
➤ Input Timeout—The time, in seconds, that a client has to send a request
after connecting to the server. The default is 15 seconds. If no request is
sent in the specified time interval, then the server terminates the con-
nection. If only a partial request is sent, the input timer is reset to the
specified time limit in anticipation of the rest of the data arriving.
➤ Output Timeout—The maximum time, in seconds, that the server has to
send output to a client. The default is 180 seconds.
➤ CGI Timeout—The maximum time, in seconds, that a CGI program
started by the server has to finish. The default is 180 seconds.
05 0789729180 CH04 10/21/03 2:46 PM Page 83

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
83
. . . . . .

Running Web Agents


Administrators can specify whether Web application agents, that is, agents
triggered by browser clients, can run concurrently. These include application
agents invoked by the WebQueryOpen and WebQuerySave form events, and
for agents invoked by the URL command “OpenAgent.” If the administra-
tor chooses to enable this option, the agents run concurrently; otherwise, the
server runs one agent at a time. Also, the administrator should set an execu-
tion time limit for Web application agents. The purpose of the time limit is
to prevent Web agents from running indefinitely and using server resources.
Web application agents options are set in the Server document on the
Internet Protocols, Domino Web Engine tab under Web Agents using the
following two fields:
➤ Run Web Agents Concurrently?—Choose either Enabled to Allow More
Than One Agent to Run on the Web Server Concurrently or Disabled
(default) to Run Only One Agent at a Time.
➤ Web Agent Timeout—The maximum number of seconds (elapsed clock
time) for which a Web application agent is allowed to run. A 0 value
(default value) allows Web application agents to run indefinitely.

The Web agent timeout setting has no effect on scheduled agents or other types of
server or workstation agents.

Using Web Site Rules


Web Site rules are documents that help the administrator maintain the organ-
ization of a Web site. Rules have two main uses:
➤ Enable the administrator to create a consistent and user-friendly naviga-
tion scheme for a Web site, which is independent of the site’s actual
physical organization
➤ Allow parts of the site to be relocated or reorganized without breaking
existing links or browser bookmarks

There are four types of Web Site rules. If more than one type of Web Site
rule has been created for a Web Site document, the Rules documents are
evaluated in this order:
1. Substitution

2. Redirection
05 0789729180 CH04 10/21/03 2:46 PM Page 84

84 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3. Directory

4. HTTP Response Header

Setting Up and Configuring Administration


Monitoring Tools
Domino includes many server-monitoring features that work together to
inform you about the processes, networks, and use of the Domino system.
The administrator would use one of three tools to monitor the system:
➤ The Domino Administrator client

➤ The Web Administrator client

➤ The server

Using the Monitoring Tools in the Domino Administrator


Client
In “Monitoring Server Tasks,” earlier in the chapter, we described how to use
the Server, Monitoring tab to display a graphical picture of tasks and statis-
tics for each server. In order for the Server, Monitoring tab to function prop-
erly, the administrator should set their administration preferences correctly
for their client.
The administrator can use the default monitoring preferences or can cus-
tomize them by choosing File, Preferences, Administration Preferences. On
the Monitoring tab, complete the following fields:
➤ Do Not Keep More Than <n> MB of Monitoring Data in Memory
(4–99MB)—This option sets the maximum amount of virtual memory,
in MB, used to store monitoring data. Default is 4 MB.
➤ Not Responding Status Displayed After <n> Minutes of Inactivity—This
option sets the amount of time after which the “not responding” status
displays. The default is 10 minutes.
➤ Generate Server Health Statistics—This option includes health statistics in
charts and reports.

You must enable the Generate Server Health Statistics option to use the Server
Health Monitor, which is part of the IBM Tivoli Analyzer for Lotus Domino. This part
of the product is purchased and licensed separately.
05 0789729180 CH04 10/21/03 2:46 PM Page 85

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
85
. . . . . .

➤ Monitor Servers—This option allows you to choose “From This


Computer” to monitor servers from the local Domino Administrator
client, or choose “From Server” and then click Collection Server to
select the Domino server running the Collector task for the servers
being monitored by the location you selected.
➤ Poll Server Every <n> Minutes (1-60 minutes)—This option sets the serv-
er’s polling interval, in minutes.
➤ Automatically Monitor Servers at Startup—This option starts the Domino
Server Monitor automatically when the Domino Administrator client is
started, instead of relying on the administrator clicking the Start button.

There is also a monitoring section used to configure statistics and monitor-


ing on the Configuration tab of the Administrator client. The administrator
chooses the Monitoring Configuration section to access the Monitoring
Configuration database (EVENTS4.NSF), which includes a set of default
documents used to set up system monitoring. The administrator can then
choose to edit the default documents or use the configuration wizards in the
Monitoring Configuration database to create new ones. The Monitoring
Configuration database includes these documents:
➤ Event Generator—Defines the parameters of an event

➤ Event Handler—Describes what action to take when an event occurs

➤ Event Notification Method—Defines the notification method to use when


the Event Handler document prescribes notification
➤ Log Filter—Specifies events that you do not want to log

➤ Server Console Configuration—Sets the text, background, and color attrib-


utes for the Domino server console
➤ Statistic Description—Describes a statistic

➤ Server Statistic Collection—Specifies one or more servers from which sta-


tistics are collected and identifies the server that performs the collecting

Using the Web Administrator Client


The Web Administrator client is almost identical to the Domino
Administrator client with very few exceptions. The user interface looks the
same, and most menu options, dialog boxes, and information boxes are iden-
tical, although the Web Administrator may occasionally display additional
information. For example, the Mail tab in the Web Administrator offers
additional mail-specific statistics—Mail Routing Schedule, Mail Routing
05 0789729180 CH04 10/21/03 2:46 PM Page 86

86 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Statistics, and Mail Retrieval Statistics. This information is available in the


Domino Administrator; however, it is not displayed in the same way.
The Web Administrator includes most of the Domino Administrator func-
tionality; however, the Domino Server Monitor and performance charting
are not available in the Web Administrator.
The Web Administrator uses the Web Administrator database (WEBADMIN.
NSF). The first time the HTTP task starts on a Web server, Domino auto-
matically creates this database in the Domino data directory; however, the
administrator needs to ensure that the Web browser and server meet the fol-
lowing requirements for the Web Administrator to run:
➤ Web browser requirements include Microsoft Explorer 5.5 or higher on
Windows 98, Windows NT 4, Windows 2000, or Windows XP; or
Netscape 4.7x or higher on Windows 98, Windows NT 4, Windows
2000, Windows XP, or on Linux 7.x.
➤ Domino server tasks that must be running on the server include

➤ The Administration Process (AdminP) task.

➤ The Certificate Authority (CA) process must be running on the


Domino 6 server that has the Issued Certificate List database on it to
register users or servers.
➤ The HTTP task.

Using the Domino Administrator Server Console to Monitor


Events
The administrator can choose to create a Server Console Configuration doc-
ument for the server they are monitoring in order to specify the text, back-
ground, and color attributes that the Domino server console uses to display
monitoring information.
To customize the appearance of the Domino server console, the administra-
tor must access the Server, Status tab, open the Server Console view, and
from the menu, select Live Console, Server, Console Attributes. The Live
Console is the console interface to the Domino server that allows the admin-
istrator to issue console commands from the Notes Administrator client. The
administrator then selects a server and clicks the color palette to select a color
attribute for the background and event text. Color choices can be viewed in
real time at the console display beneath the palette.
When the administrator uses the Domino Administrator server console to
monitor events, they can set a stop trigger for an event. The stop trigger
05 0789729180 CH04 10/21/03 2:46 PM Page 87

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
87
. . . . . .

causes the console to pause and display only the event and the next 10 lines
of console text when the event occurs.
In addition, administrators can retrieve information about error messages,
including possible causes and solutions, and create event handlers. All of
these options can be set or changed by accessing the Server, Status tab,
choosing Server Console and using the buttons or the options on the Live
Console menu.

Other Maintenance Tasks


The following topics are included in the Monitoring and Maintaining chap-
ter topics for the exam but don’t necessarily fit into any of the other cate-
gories or topics in this chapter.

Migrating from a Distributed Directory to a


Central Directory
A central directory architecture is an optional directory architecture that can
be implemented in a Domino domain. This architecture is new to R6 and
differs from the traditional distributed directory architecture in which every
server in a domain has a full replica of the primary Domino Directory.
With a central directory architecture, some servers in the domain have selec-
tive replicas of a primary Domino Directory. These replicas, which are
known as Configuration Directories, contain only those documents that are
used to configure servers in a Domino domain, such as Server, Connection,
and Configuration Settings documents. A server with a Configuration
Directory uses a remote primary Domino Directory on another server to
look up information about users and groups and other information related to
traditional directory services.
A central directory architecture has the following key features:
➤ Provides secondary servers quick access to new information because the
servers aren’t required to wait for the information to replicate to them
➤ Enables secondary servers to run on less powerful machines because
they don’t have to store and maintain the primary Domino Directory
➤ Provides tighter administrative control over directory management
because only a few directory replicas contain user and group information
05 0789729180 CH04 10/21/03 2:46 PM Page 88

88 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A server with a Configuration Directory connects to a remote server with a


primary Domino Directory to look up information in the following docu-
ments that it doesn’t store locally—Person, Group, Mail-in Database,
Resource, and any custom documents added by the administrator.
The administrator can set up a Domino Directory as either a primary
Domino Directory or a Configuration Directory in one of the following
ways:
➤ For a new server, when an additional server is registered and set up
within the domain. When the new server is set up for the first time, a
replica of the Domino Directory is pulled from the Registration server.
This replica can be configured as either a full directory or a
Configuration directory.
➤ For an existing server in the domain, use replication settings for the
directory to change a primary Domino Directory to a Configuration
Directory or to change a Configuration Directory to a primary Domino
Directory. Figure 4.8 shows the Replication Settings dialog box with the
settings for a Configuration Directory.

Figure 4.8 The Replication Settings dialog box for a Configuration Directory.

Creating a Policy Synopsis to Determine an


Effective Policy
The effective policy for a user is a set of derived policy settings that are
dynamically calculated at the time of execution. The field values in an effec-
tive policy may originate from many different policy settings documents.
Each hierarchical level can have an associated policy, so users may have a
05 0789729180 CH04 10/21/03 2:46 PM Page 89

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
89
. . . . . .

combination of policy settings that include the values set at their OU level,
and those inherited from a parent policy. The resolution of those settings,
stepping up through the organizational hierarchy, determines the effective
policy for each user.

In addition to organizational policies, users may also have explicit policies assigned
to them. In that case, the order of resolution is that all organizational policy settings
are resolved first, and any explicit policy settings are resolved next.

There are two tools that can help the administrator determine the effective
policy governing each user. The Policy Viewer shows the policy hierarchy
and associated settings documents, and a Policy Synopsis report shows the
policy from which each of the effective settings was derived. The adminis-
trator can use the Policy Synopsis tool to generate a report that is written to
the Policy Synopsis Results database (POLCYSYN.NSF).

Maintaining Users
Administrators will often find themselves in a situation in which they must
perform various maintenance tasks associated with usernames and ID files.
The most common maintenance tasks are renaming a user, moving a user to
another certifier, and deleting a user. Domino has automated these types of
maintenance tasks with something called the Administration Process. This
process performs all of the routine maintenance steps for the administrator,
which saves the administrator time and cuts down on errors. The
Administration Process automates the following tasks:
➤ Name management tasks, such as rename person, rename group, delete
person, delete group, delete server name, recertify users, and store
Internet certificate.
➤ Mail file management tasks, such as delete mail file and move mail file.

➤ Server document-management tasks, such as store CPU count, store


platform, and place network protocol information in Server document.
➤ Roaming user management, such as roaming user setup, move roaming
users to other servers, upgrade a nonroaming user to roaming status,
and downgrade roaming user to nonroaming status.
➤ User mail file management tasks, such as performing Access Control
List (ACL) changes and enabling agents. For example, the “Out of
Office” agent is enabled and disabled by Notes client users.
05 0789729180 CH04 10/21/03 2:46 PM Page 90

90 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Person document management tasks, such as storing the user’s Notes


version and client platform information.
➤ Replica management tasks, such as create replica, move replica, or delete
all replicas of a database.

The Administration Process (also referred to as AdminP) must be configured


as follows:
1. There must be an Administration Server for the Domino Directory in the
domain—This step is done during installation. There is always one
server in the domain that is responsible for making the changes to doc-
uments in the Directory. Those changes are then replicated to the
other servers in the domain.
2. The administrator must specify an Administration Server for other databases
in the domain—In order for AdminP to change database ACLs and doc-
uments within databases, each database replica must be “covered” by
an Administration Server, meaning that there is one server designated
to make the AdminP changes to that replica of the database.
Administrators set the Administration Server in the Advanced tab of
the database ACL.
3. Each server must have a replica of the Administration Requests database
(ADMIN4.NSF)—ADMIN4.NSF is created on first server setup, and a
replica is created on every other server in the domain on additional
server setup. This database tracks and processes all AdminP requests.
4. NAMES.NSF and ADMIN4.NSF must be replicating around the domain
frequently—Ideally, these two databases should be replicating several
times a day, so that requests are replicated to the Administration
Servers for different databases.
5. Each server involved in the Administration Process must have a certification
log (CERTLOG.NSF)—This database is created on first server setup,
and keeps track of all AdminP tasks that involve certification of ID
files.
6. The AdminP task must be running on all servers involved in the process—
This task is designed to start up by default on server startup.
7. (Optional) The administrator can configure the settings and intervals for the
Administration Process on the Server document for each server—If the
administrator chooses not to alter any settings, then the default settings
will apply and the AdminP process will function properly.
05 0789729180 CH04 10/21/03 2:46 PM Page 91

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
91
. . . . . .

After the Administration Process has been configured properly, all AdminP
requests should be processed automatically, without assistance from the
administrator. The administrator initiates the request using the Domino
Administrator client, and can then monitor the status of each request using
the different views in the ADMIN4 database. The Administration Process
should always be used to rename and delete users, to save time, and to ensure
accuracy. Administrators initiate all AdminP requests using the Tools section
within the People view of the People and Groups tab (see Figure 4.9).

Figure 4.9 The Tools section of the People and Groups tab in the Domino Administrator client,
showing the Rename and Delete commands.

Maintaining Groups
After the Administration Process has been configured as described in the
preceding section, the administrator can use the Process to manage and
maintain groups. If groups need to be renamed or deleted, AdminP should
be used.

Administrators should not rename or delete groups manually. Group names could
be referenced in many places—within other groups, in Server documents, in
Person documents, in ACLs, and so on. If the administrator doesn’t use the
Administration Process to initiate renaming or deleting, he may not “catch” every
instance of the group name.
05 0789729180 CH04 10/21/03 2:46 PM Page 92

92 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

All AdminP requests associated with groups are initiated from the Tools sec-
tion within the Groups view in the People and Groups tab of the Domino
Administrator (see Figure 4.10). The requests can then be monitored using
the views within ADMIN4.NSF.

Figure 4.10 The Server, Analysis tab of the Domino Administrator, showing the Admin Requests
database.
05 0789729180 CH04 10/21/03 2:46 PM Page 93

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
93
. . . . . .

Exam Prep Questions


Question 1
Which of the following properties can be set to improve the database perform-
ance of a database called TEST.NSF?
❍ A. Enable the Maintain Last Accessed property.
❍ B. Disable the database cache for TEST.NSF.
❍ C. Disable the Don’t Allow Headline Monitoring database property.
❍ D. Enable the Don’t Maintain Unread Marks database property.

Answer D is correct. The Notes & Domino 6 Administration Help recom-


mends enabling the Don’t Maintain Unread Marks database property on sev-
eral reference databases, such as the help databases, the Domino Directory,
and the server’s log file (LOG.NSF), and on any other database in which
unread marks are not necessary.

Question 2
Which of the following is not a real Domino server task?
❍ A. Fixup
❍ B. Design
❍ C. Report
❍ D. HTTP

Answer C is correct. There is no such task as the Report task, although this
task did exist in Release 4 of the Domino product.

Question 3
Toby wants to administer the server using a Web browser. Which of the follow-
ing fields on the Server document must reference his name?
❍ A. Administer server from a browser
❍ B. Access server from a browser
❍ C. Web browser administrator
❍ D. Database administrator
05 0789729180 CH04 10/21/03 2:46 PM Page 94

94 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Answer A is correct. By default, the Domino server grants users listed in the
Administrators field of the Server document in the Domino Directory the
ability to administer the server from a browser when the Web Administrator
database is created; however, if you need to add a new user and allow them
to administer the server from a browser, you need to add their name to the
Administer Server from a Browser field on the Security tab of the Server
document, as well as add their name to the Access Control List (ACL) of the
WEBADMIN.NSF database.

Question 4
Tom is creating a Web Site Rules document. Which of the following is not a valid
type of rule?
❍ A. Redirection
❍ B. HTTP Response Header
❍ C. HTTP Request Header
❍ D. Substitution

Answer C is correct. The Web Site Rules document is created from within
the corresponding Web Site document. The four types of Web Site Rules
documents are
➤ A Directory Rules document is used to direct incoming URLs to a spe-
cific directory, and to assign an access level.
➤ A Redirection Rules document is used to specify that designated incom-
ing URL patterns be redirected to a specified URL.
➤ A Substitution Rules document is used to replace a specified URL pat-
tern with another specified URL pattern.
➤ An HTTP Response Header Rules document is used to specify HTTP
headers that are to be added to HTTP responses.
05 0789729180 CH04 10/21/03 2:46 PM Page 95

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
95
. . . . . .

Question 5
Web users are complaining that they can’t seem to complete the download of a
large file from the Web server. Which of the following settings should be
changed to allow the downloads to work successfully?
❍ A. Decrease the Input Timeout setting.
❍ B. Increase the Output Timeout setting.
❍ C. Reduce the number of active threads.
❍ D. Decrease the CGI Timeout setting.

Answer B is correct. The Output Timeout setting is the number of seconds


that Domino can take to send output to requesting Web clients. The default
value for this is 180 seconds.

Question 6
Which of the following is not true about Program documents?
❍ A. They are stored in ADMIN4.NSF.
❍ B. They are stored in NAMES.NSF.
❍ C. They can be used to run a server task at a regularly scheduled time.
❍ D. They can be used to run a command-line executable.

Answer A is correct. All Program documents are stored in the Domino


Directory and can be used to run tasks on a server at a regularly scheduled
time or at server startup and to run a command such as an OS/2 command
file or a Unix shell script or program.

Question 7
Which of the following best describes the steps required to enable compression
for file attachments?
❍ A. Enable the Use LZ1 Compression for Attachments option on the
Database Properties box.
❍ B. Enable the Use LZ1 Compression for Attachments option on the Form
Properties box.
❍ C. Enable the Use LZ1 Compression for Attachments option in the Server
document.
❍ D. Enable the Use LZ1 Compression for Attachments in the Replication
Settings box.
05 0789729180 CH04 10/21/03 2:46 PM Page 96

96 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Answer A is correct. To enable LZ1 compression for attachments, open the


Advanced Options tab of the database properties and select Use LZ1
Compression for File Attachments. Doing this may increase the amount of
I/O overhead. By default, Notes uses a compression method known as
Huffman Encoding when compressing file attachments. LZ1 (Lempzel/Ziv
Level 1) compression replaces the current Huffman Encoding compression
algorithm used by R5.

Question 8
Bob is interested in implementing a centralized directory structure. Which one
of the following statements best describes this structure?
❍ A. A centralized directory structure is not supported in R6.
❍ B. In a centralized directory structure, a small number of servers store
full Domino Directories, whereas a large number of servers store
Configuration Directories.
❍ C. In a centralized directory structure, a large number of servers store full
Domino Directories, whereas a small number of servers store
Configuration Directories.
❍ D. None of the answers are correct.

Answer B is correct. Notes & Domino 6 support both a distributed directo-


ry architecture and a central directory architecture. In a distributed directo-
ry architecture, all servers use the standard Domino Directory. In a central
directory architecture, many servers store Configuration Directories (con-
tain configuration settings only) and then use the full Domino Directories on
remote servers for lookups. Only a few servers store the full Domino
Directory.

Question 9
Timothy noticed the following line in the NOTES.INI file on the server. Given this
example, how many days will documents be kept in the LOG.NSF?
Log = LOG.NSF,1,0,10,20000

❍ A. 10
❍ B. 7
❍ C. 1
❍ D. Forever
05 0789729180 CH04 10/21/03 2:46 PM Page 97

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing
. . . . . and
. . .Maintaining
97
. . . . . .

Answer A is correct. The syntax for the LOG= key is as follows:


log=logfilename, log_option, not_used, days, size

In this case, the number of days is 10.

Question 10
John, the administrator, moved a database from ServerA to ServerB. Now users
are complaining that they cannot find the database to be able to launch it for the
first time. What should John do to fix this problem?
❑ A. He can create a database.
❑ B. He can ask users to launch the database from within the database cat-
alog.
❑ C. He can publish the database in a library.
❑ D. He can create a Database Redirection document.

Answers A, B, and C are correct. Directory links and database links are text
files that are created by an administrator and appear as directory or database
icons in the Domino data directory. Using the Domino Administrator or the
Lotus Notes client Open Database dialog box in the Notes client, directory
links appear to the user as a directory folder icon, and database links appear
as a database icon. They provide a pointer to a new location of a directory or
database. The administrator can also point users to the catalog or a library
database.
05 0789729180 CH04 10/21/03 2:46 PM Page 98

98 Chapter
. . . . .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Need to Know More?


Gunther, Jeff and Randall Tamura. Special Edition Using Lotus Notes
and Domino 6. Indianapolis, IN: Que Publishing, 2003.
What’s in Store for the Domino R6 Database: www-10.lotus.com/
ldd/today.nsf/8a6d147cf55a7fd385256658007aacf1/acc8a09b7e3e624f85256
af700621c8a?OpenDocument.

Webcast: Lotus Live! Series: What’s New in Notes/Domino 6 Admin-


istration: http://searchdomino.techtarget.com/webcastsTranscriptSecurity/
1,289693,sid4_gci857398,00.html.

Webcast: Preparation & Test Taking Strategies with Lotus


Education Managers: http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci876208,00.html.
06 0789729180 ch05 10/21/03 2:38 PM Page 99

5
Replication
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Replication ✓ Replication topologies
✓ Replica ID ✓ Source versus destination servers
✓ Replication history ✓ Repeat interval
✓ Document-level sequence number ✓ Replication conflict
✓ Field-level sequence number ✓ Merge conflicts
✓ ACL ✓ Clustered replication
✓ Push ✓ Event
✓ Pull-pull replication ✓ Monitor
✓ Connection document

Concepts and techniques you’ll need to master:


✓ Understanding document replication order ✓ Understanding how a server’s access level
✓ Using remote console commands to force in the database ACL affects replication
replication ✓ Resolving replication conflicts keeping
✓ Scheduling replication of databases either the main document or the conflict
between servers using Connection docu- document
ments ✓ Identifying the tools used for monitoring
✓ Understanding the relationship between replication
the Call at Times field and the Repeat
Interval field on the Replication Connection
document
06 0789729180 ch05 10/21/03 2:38 PM Page 100

100 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Replication involves the synchronization of data between two replica copies of


a database. Replicas can be stored either locally or on the Domino server.
Replication between two server-based databases is called server-to-server
replication. Replication involving a local database is called workstation-
to-server replication. This chapter focuses mainly on server-to-server
replication, which is typically administered and scheduled by the Domino
administrator. Workstation-to-server replication is usually forced or sched-
uled by the user, and the Notes client performs all of the work involved in
pushing and pulling the data to the server-based replica.
For the purposes of the exam, it is important to remember that replication
never happens automatically, as is the case with mail routing. Replication
must be either forced or scheduled with a Connection document. You should
memorize all of the console commands to force replication, and you should
be familiar with all of the fields on the Connection document that relate to
replication and its schedule. The best way to understand replication is to
study the case studies included in this chapter. Practice replication by creat-
ing replicas on different servers and by forcing and scheduling replication to
occur. Then verify that replication has occurred by looking at the replication
history and at LOG.NSF on the server.

You can verify that two or more databases are replicas by comparing the replica IDs
of the two databases using the second tab of the Database Properties box.
Databases are replicas when the replica ID of each database is identical. A replica
ID uniquely identifies a replica and is assigned when the replica is first created.
Filenames of two or more replicas may be different, and a server can store more
than one replica of a database.

The Replica Task


The server task involved in replication is the Replica task. The Replica task
initializes on server startup and sits idle, waiting to perform replication tasks.
You can enable multiple Replica tasks on a server to increase the amount of
replication activity that the server can perform.
When replication is initiated, the Replica task first checks the time stamp of
the last replication by reading the replication history. The replication history
is a record of successful replications, including the time stamp and the name
of the server involved in the replication. The Replica task then builds a list
of documents in the database that have been changed, added, or deleted since
the last successful replication. After creating this list in memory, the Replica
task performs a sophisticated examination of both document- and field-level
06 0789729180 ch05 10/21/03 2:38 PM Page 101

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
101
. . . . . .

sequence numbers to determine which documents and fields to replicate. A


document-level sequence number records the number of times the docu-
ment has been edited, while the field-level sequence number records the
number of times an individual field has been edited.
Replication then proceeds on a document-by-document basis at the field
level; that is, field contents are replicated if they have been changed, added,
or deleted since the last replication. The Replica task does not replicate fields
within documents that haven’t changed, thereby allowing replication to pro-
ceed as quickly as possible.

Understanding Document
Replication Order
It is important to understand the order in which the Replica task on the
Domino server proceeds with the replication of documents. The exam may
use scenario questions to test your understanding of replication order, and
it’s easy to become confused. You may want to consider jotting down the doc-
ument order before you start the exam. The Replica task replicates docu-
ments in the following order:
1. Access Control List (ACL) document

2. Design documents

3. Data documents

The Access Control List (ACL) is a listing of the users and servers that are
authorized to access the database. The document replication order can affect
the way in which replication continues between two replicas and can affect
exactly which documents replicate. For example, if in replicating the ACL
document the destination server is denied access to the database, replication
could not proceed for the Design documents or the Data documents. For
more information, see “How Access Control Lists Affect Replication,” later
in this chapter.

Setting Up and Configuring


Replication Through Force
If replication must be performed immediately and cannot wait until the
next scheduled replication, the Domino administrator has the option of
06 0789729180 ch05 10/21/03 2:38 PM Page 102

102 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

forcing replication between replicas. The administrator can force replication


manually using several different methods.

Forcing Replication Using the Server


Console
One of the fastest ways to force replication between replicas on two differ-
ent servers involves using replication commands at the console. You will like-
ly encounter many exam questions that test your ability to use the console to
force replication. The best way to prepare for these types of questions is to
practice entering the console commands so that you can easily recall the syn-
tax of each command. Activate the live remote console on the Administrator
client by performing the following steps:
1. From the Domino Administrator, click the Server, Status tab.

2. Open the Server Console view.

3. (Optional) Click the Live button to turn on the Live console.

Turning on the Live console enables the administrator to view console commands
in real time, as they are processed by the server. It is helpful to have the Live con-
sole interface turned on before issuing console commands, to see the results that
follow the initiation of the command. If you forget to turn on the Live console before
issuing a command, you will simply receive the following message: “Command has
been executed on remote server. Use Live console option, in future, to view
responses from the server.”

The Replicate Command


The Replicate command is used to force two-way replication between two
servers—the server where you enter this command and the server specified
in the command.
The syntax of this command is as follows:
Replicate servername [databasename]

You should specify the server’s full hierarchical name. If the server name is
more than one word, enclose the entire name in quotes. You can also substi-
tute a server group in place of a server name. If you specify a server group,
the initiating server (the server where you enter this command) replicates
with each server in the list in the order in which the servers are listed in the
group document.
06 0789729180 ch05 10/21/03 2:38 PM Page 103

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
103
. . . . . .

If you don’t specify a database name, the Replica task replicates every data-
base replica that the two servers have in common. To force replication of a
particular database replica, specify the database name after the server name.
The initiating server (where you’re currently working) first pulls changes
from the other server and then gives the other server the opportunity to pull
changes from it. This type of replication is also referred to as pull-pull repli-
cation. Pull-pull replication is two-way replication that involves the Replica
task on both servers.
For example, if you are using the console on ServerA/Acme, the following
command would issue two-way replication of all databases in common
between ServerA/Acme and ServerB/Acme:
Replicate ServerB/Acme

Alternatively, if you were using the console on ServerB/Acme, the following


command would issue two-way replication of the Administration Requests
database between ServerB/Acme and ServerA/Acme:
Rep ServerA/Acme admin4.nsf

The short form of the Replicate command is Rep.

For the exam, remember that when issuing replication commands through the con-
sole, it is important to understand which server is initiating the command. The serv-
er where you issue the console command is the initiator, also known as the source
server. The server or server group listed in the command itself is the destination
server, also known as the target server. The exam questions will test your ability to
read and understand which server is the source; for example, if the question indi-
cates that the administrator is using the console on ServerA, the command Rep
ServerA/Acme would have no effect because a server can’t replicate with itself. Make
sure that you read the question carefully so that you know which server is the source
server. Then you can easily eliminate answer choices that don’t make sense.

The Pull Command


The Pull command issues one-way replication between the server specified
in the command and the server at which you issue the command. The syntax
of the command is as follows:
Pull servername [databasename]
06 0789729180 ch05 10/21/03 2:38 PM Page 104

104 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The initiating server receives data from the named server but doesn’t request
that the other server pull data from it. This forces a server to replicate imme-
diately with the initiating server, overriding any replication scheduled in the
Domino Directory.
For example, if you are using the console on ServerA/Acme, the following
command would pull all changes, additions, and deletions from ServerB’s
replica of the Domino Directory. No changes, additions, or deletions would
be sent from ServerA to ServerB.
Pull ServerB/Acme names.nsf

The Push Command


The Push command is similar to the Pull command, except that it forces repli-
cation in the opposite direction. The Push command instructs the initiating
server to send data to the named server but doesn’t request data in return.
The syntax of the command is as follows:
Push servername [databasename]

Setting Up and Configuring


Replication Through Scheduling
Domino has the facility to allow the administrator to schedule replication
through a Connection document. A Connection document is a document that
contains all of the settings necessary to schedule replication between servers.
Connection documents can also be used to schedule mail routing. When
replication is scheduled, the server’s Replica task carries out replication with
no prompting or initiation from the administrator.
For the purposes of the exam, it is important to remember that replication
never happens automatically, as is the case with mail routing. If servers are in
the same Domino Named Network (DNN), mail routing happens automat-
ically and the administrator never needs to create a Connection document to
get mail routing working. Replication never happens automatically; it must
be either forced or scheduled. Be careful to watch for exam questions that try
to confuse you into thinking that replication is automatic.

Replication Topologies
The number of servers and database replicas in your Domino domain
determines the type of topology the administrator chooses for scheduled
06 0789729180 ch05 10/21/03 2:38 PM Page 105

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
105
. . . . . .

replication. A replication topology is the configuration an administrator uses to


connect servers for replication. A topology ensures that all servers are updat-
ed in a timely and orderly manner instead of replicating haphazardly. As the
number of servers and replicas increases, so does the amount of replication
required to distribute information across the network. Planning is required
to determine how servers will connect to perform replication.
You can use several different configurations, or topologies, to control how
replication occurs between servers. Here are a few of the more common
topologies:
➤ Hub-and-spoke—This topology is generally the most common and effi-
cient replication topology in larger organizations because it minimizes
network traffic. Hub-and-spoke replication establishes one central server
as the hub, which then schedules and initiates all replication with all of
the other servers, or spokes. To set up replication in a hub-and-spoke
system, you create one Connection document for each hub-and-spoke
connection.
➤ Peer-to-peer—In this topology, replication is less centralized than in a
hub-and-spoke configuration, with every server being connected to
every other server. Because peer-to-peer replication quickly distributes
changes to all servers, it is often the best choice for use in small organi-
zations or for sharing databases locally among a few servers.
➤ Ring—Servers are connected in a circle, where documents replicate from
one server to another in a single direction.

Regardless of which replication topology you choose, you need to create


Connection documents to connect servers for the purposes of automating
replication.

Connection documents are used to connect servers for replication and for mail rout-
ing. A single connection can be created to schedule the transfer of mail as well as the
replication of documents. If a single connection is created, both mail and replication
will follow the same schedule. Where mail and replication follow different schedules,
the administrator should consider creating separate connections. It is often easier to
troubleshoot replication problems if the scheduling of replication is automated
through connections that do not include the routing of mail.
This chapter outlines the steps required to create connections for replication. Mail
connections were discussed in Chapter 3, “Mail.”
06 0789729180 ch05 10/21/03 2:38 PM Page 106

106 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Creating a Replication Connection


Document
Many fields on the Connection document control the settings required to
schedule replication. The best way to study for the exam is to create several
Connection documents, carefully filling out each field and using your mouse
to point to the field help for instructions about the contents of each field.
The exam won’t test your ability to memorize the contents of the
Connection document, but it will likely have at least a couple of scenario
questions that refer to scheduled replication. It’s important to be able to pic-
ture the fields on the Connection document in your mind.
Follow these steps to create a Replication Connection document:
1. From the Domino Administrator, click the Configuration tab.

2. Click Server and then click Connections, or Click Replication and then
Connections.
3. Click the Add Connection button to create a new connection. To edit
an existing connection, click the connection you want to edit and then
click Edit Connection.

To set basic options, choose from among these options on the Basics tab:
➤ Connection Type—Indicates how the servers will connect—for example,
via network connection (LAN) or via dialup
➤ Usage Priority—Choose Normal to force the server to use the network
information in the current Connection document to make the connec-
tion
➤ Source Server—Specifies the name of the calling server (the server initiat-
ing the replication request)
➤ Source Domain—Specifies the name of the calling server’s domain

➤ Use the Port(s)—Specifies the name of the network port (or protocol)
that the calling server uses
➤ Destination Server—Specifies the name of the target or destination server

➤ Destination Domain—Specifies the name of the target server’s domain

To configure replication or mail routing settings, choose from among these


options on the Replicating/Routing tab:
➤ Replication Task—Choose Enabled for scheduled replication
06 0789729180 ch05 10/21/03 2:38 PM Page 107

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
107
. . . . . .

➤ Replicate Databases of Priority—If the administrator chooses to set a repli-


cation priority for a database, replication of databases of different priori-
ty can be scheduled at different times. A priority of Low, Medium, or
High is set for each database in that database’s Replication Settings dia-
log box.
➤ Replication Type—Four different types of replication exist. The type you
choose affects the direction of replication as well as which of the servers
performs the work of the replication.
➤ Pull Pull—Replication is bidirectional, whereby the source server initi-
ates replication and pulls documents from the target server. The source
server then signals the target server’s Replica task to pull documents in
the opposite direction. Both servers are involved in the replication.
➤ Pull Push (default)—Replication is bidirectional, whereby the source
server’s Replica task performs all of the work, pushing and pulling docu-
ments to and from the target server. The target server’s Replica task is
never engaged.
➤ Pull Only—Replication is one-way, whereby the source server pulls doc-
uments from the target.
➤ Push Only—Replication is one-way, whereby the source server pushes
documents to the target.

Pull-push replication is the only replication type in which the target server’s replica-
tor is involved. The other three types of replication involve only the source server’s
Replica task. Watch for exam questions that test your knowledge of whether replica-
tion is one-way or two-way, and that ask you to figure out which server is doing all
of the work. During the exam, it may be easier to figure out the replication scenario
if you draw a diagram of the servers, labeled with the servers’ names, and arrows
that represent the direction of the replication.

➤ Files/Directory Paths to Replicate—These are the names of specific data-


bases or directories of databases that you want to replicate. You can list
either database names or directories.
➤ Files/Directory Paths to Not Replicate—These are the names of specific
databases or directories of databases that should be excluded from repli-
cation. You can list either database names or directories.
➤ Replication Time Limit—This is the amount of time, in minutes, that
replication has to complete. This setting is usually used only for dialup
connections.
06 0789729180 ch05 10/21/03 2:38 PM Page 108

108 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

To schedule the replication, choose from among these options on the


Schedule tab:
➤ Schedule—Choose Enabled to enable the schedule; choose Disabled to
suspend the schedule.
➤ Connect at Times—Indicates times or a time range during which you
want the source server to initiate replication. This field can contain a
single time entry, a list of times separated by commas, or a time range
separated by the dash. Use this field in conjunction with the Repeat
Interval field to determine how many times a day a server attempts to
initiate replication.
➤ Repeat Interval Of—Specifies the number of minutes between replication
attempts. If you specify a repeat interval of 0, the server connects only
once.
➤ Days of Week—Specifies the days of the week to use this replication
schedule; the default has all days of the week selected.

If you specify a time range during which a source server attempts replication, the
next replication attempt is made at the specified interval after which the replication
has completed. For example, let’s say you specify a Connect at Times range of 7
a.m. to 11 p.m., with a Repeat interval of 60 minutes. The source server attempts
to replicate at 7:00 and is successful in initiating the replication. The total time of
the replication between servers takes 7 minutes. The source server then attempts
to call the target server again at 8:07 a.m.
For more examples of scheduled replication timing, consult the document titled
“Scheduling Server-to-Server Replication” in the Lotus Domino Administration
Help database. The exam may have a scenario question asking about the timing of
scheduled replication.

How Access Control Lists Affect


Replication
For a server to replicate changes to documents in a database, that server must
have sufficient access in the replica’s Access Control List (ACL). Servers
must be listed explicitly or within a group in the ACL, with an access level
that is appropriate for the documents the server is allowed to propagate to
other replicas.
06 0789729180 ch05 10/21/03 2:38 PM Page 109

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
109
. . . . . .

A server must have these types of access:


➤ Editor access to replicate changes to documents

➤ Designer access to replicate changes to design elements such as views,


forms, and agents
➤ Manager access to replicate ACL changes

Guidelines for Assigning Server Access to


Databases
The best way to explain the different access levels assigned to servers is to use
a case study or a series of examples. These examples will help you prepare for
the exam by using scenarios similar to the scenarios used in many of the exam
questions. Don’t attempt to memorize the different scenarios; use them to
test your understanding of how server access in the ACL affects replication.
Again, during the exam you may find it helpful to draw diagrams of the
servers and databases, and label the diagrams with the servers’ access level, to
help you arrive at the correct answer.
Let’s assume that there are two servers in our examples—ServerA/Acme and
ServerB/Acme. Let’s examine the implications of creating an ACL that lists
the different servers with different levels of access. We’ll refer to a discussion
database in this example called the Marketing Research Forum. This data-
base is used by the Marketing group to share ideas about new promotion
research for the company’s products. The ACL of the database contains
references to servers and to a group for the administrators
(LocalDomainAdmins), as well as to a group containing the company’s
Domino developers (CorpDesigners).

Scenario 1: Both Servers Have Manager Access


Here is the ACL listing for this scenario:
ServerA/Acme: Manager
ServerB/Acme: Manager
LocalDomainAdmins: Manager
CorpDesigners: Designer
Marketing: Author

In this scenario, both servers are capable of replicating any changes to ACL,
Design, or Data documents in any direction. For example, if Joe
06 0789729180 ch05 10/21/03 2:38 PM Page 110

110 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Smith/Acme in the LocalDomainAdmins group changed the ACL on


ServerB’s replica, ServerB/Acme could successfully replicate that ACL
change to ServerA/Acme. If Susan Jones/Acme in the CorpDesigners group
changed the background color of a form on ServerA’s replica, ServerA/Acme
could replicate that form design change to ServerB/Acme. Data documents
could be changed, added, or deleted on either server and would replicate suc-
cessfully to the other server.

Scenario 2: One Server Has Manager Access and the Other


Has Designer Access
Here is the ACL listing for this scenario:
ServerA/Acme: Manager
ServerB/Acme: Designer
LocalDomainAdmins: Manager
CorpDesigners: Designer
Marketing: Author

In this scenario, both servers are capable of replicating any changes to


Design or Data documents in any direction, but ServerA/Acme is the only
server capable of replicating changes to the ACL. For example, if Joe
Smith/Acme in the LocalDomainAdmins group changed the ACL on
ServerB’s replica, that ACL change would not replicate to ServerA/Acme. If
Joe made that same ACL change on ServerA’s replica, the change would
replicate to ServerB/Acme. All other design or data changes would replicate
as in Scenario 1.

Scenario 3: One Server Has Manager Access and the Other


Has Editor Access
Here is the ACL listing for this scenario:
ServerA/Acme: Manager
ServerB/Acme: Editor
LocalDomainAdmins: Manager
CorpDesigners: Designer
Marketing: Author

In this scenario, ServerA/Acme is the only server capable of replicating the


ACL and the Design documents. For example, if Joe Smith/Acme in the
LocalDomainAdmins group changed the ACL on ServerB’s replica, that
06 0789729180 ch05 10/21/03 2:38 PM Page 111

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
111
. . . . . .

ACL change would not replicate to ServerA/Acme. If Susan Jones/Acme in


the CorpDesigners group created a shared view on ServerA’s replica,
ServerA/Acme could replicate that new view to ServerB/Acme. But if she
made that same change on ServerB’s replica, the change couldn’t replicate to
ServerA/Acme. In a hub-and-spoke configuration, the spoke servers are
often given Editor access, while the hub has Manager access. All ACL and
design changes would have to be made on the hub.

Scenario 4: One Server Has Manager Access and the Other


Has Reader Access
Here is the ACL listing for this scenario:
ServerA/Acme: Manager
ServerB/Acme: Reader
LocalDomainAdmins: Manager
CorpDesigners: Designer
Marketing: Author

In this scenario, replication of changes, additions, and deletions can happen


in only one direction: from ServerA/Acme to ServerB/Acme. If any docu-
ments are changed, added, or deleted by administrators, designers, or users
on ServerB/Acme, the documents will not replicate to ServerA/Acme. In a
hub-and-spoke configuration, when the spoke servers are given Reader
access, they effectively become “read-only” servers. In this scenario, all
changes, additions, and deletions would need to be made on the hub server
to propagate to the spokes.

Scenario 5: Both Servers Have Editor Access


Here is the ACL listing for this scenario:
ServerA/Acme: Editor
ServerB/Acme: Editor
LocalDomainAdmins: Manager
CorpDesigners: Designer
Marketing: Author

In this scenario, each server can replicate only changes, additions, and dele-
tions involving Data documents. Design elements will never replicate. This
scenario is effective when a company wants to maintain two different ACLs
or designs for a database on two different servers. For example, Susan
06 0789729180 ch05 10/21/03 2:38 PM Page 112

112 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Jones/Acme in the CorpDesigners group could create two different sets of


views in each replica of the database. But the documents added by users in
the Marketing group would continue to replicate between servers.

During the exam, if you encounter replication questions that involve analyzing access
control scenarios, you might find it helpful to draw a diagram with the servers, repli-
cas, and ACL listings. Draw three documents in each replica—one each for the ACL,
Design documents, and Data documents. Then you can draw arrows among the
replicas as you analyze the replication scenario.

Other Access Control Settings That Affect


Replication
Several other settings can affect the way documents replicate from server to
server. The following settings are worth mentioning here, but it’s unlikely
that the exam questions would test your knowledge of these finer points.

Appropriate Access to Intermediate Servers


If replication occurs through an intermediate server, the intermediate server
acts first as a destination server and then as a source server, and must have
the access level necessary to pass along the changes. For example, if you want
ACL changes on ServerA’s replica to replicate to ServerC by way of ServerB,
ServerB’s replica must give Manager access to ServerA, and ServerC’s repli-
ca must give Manager access to ServerB.

Enforcing a Consistent ACL


You can ensure that an ACL remains identical on all database replicas on
servers by selecting the Enforce a Consistent Access Control List setting on
the Advanced tab of the ACL. Setting this option ensures that the replica
whose server has Manager access to other replicas will keep the Access
Control List the same across all server replicas of a database. If you select a
replica whose server does not have Manager access to other replicas, replica-
tion fails because the server has inadequate access to replicate the ACL.

Read Access Lists for Database Design Elements and


Documents
Simply put, if the server can’t read something in the database, it can’t repli-
cate it. Replication problems sometimes arise when a database designer
restricts the reading of design elements such as forms and views but forgets
to include the server or a server group in the read access lists. Similarly, if the
designer restricts reading of documents with a Readers field, he must ensure
06 0789729180 ch05 10/21/03 2:38 PM Page 113

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
113
. . . . . .

that the servers are listed in that field if the servers should be replicating the
data to other server-based replicas.

Resolving Replication and Save


Conflicts
A replication conflict occurs when two or more users edit the same document
and save the changes in different replicas between replications. A save con-
flict occurs when two or more users open and edit the same document at the
same time on the same server, even if they’re editing different fields. When
these conditions occur, Domino stores the results of one editing session in a
main document and stores the results of additional editing sessions as
response documents. These response documents have the title Replication or
Save Conflict.

The exam will test your ability to understand how conflicts are generated and how
they can be resolved. Remember that conflicts are created because too many people
have too high of a level of access to documents. Domino R6 includes a new feature
called document locking that enables a user to lock a document during editing so that
other users cannot save edits to the document. Document locking can help reduce
save conflicts, in which more than one person edits the same document in the same
replica; however, this feature can’t help with replication conflicts, when more than
one person edits the same document in different replicas.

When a conflict is generated, Domino applies the following rules in order to


determine whether a document is saved as the main document (the “winner”)
or a conflict document (the “loser”):
1. The document edited and saved the most times becomes the main doc-
ument; other documents become Replication or Save Conflict docu-
ments.
2. If all of the documents are edited and saved the same number of times,
the document saved most recently becomes the main document, and
the others become Replication or Save Conflict documents.
3. If a document is edited in one replica but is deleted in another replica,
the deletion takes precedence unless the edited document is edited
more than once or the editing occurs after the deletion.
06 0789729180 ch05 10/21/03 2:38 PM Page 114

114 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Choosing Which Document to Keep


When a conflict is generated, the administrator (or someone with enough
access to edit the documents in the database) must choose which document
should be kept and which one should be deleted. If the main document is
your “winner,” you can simply delete the conflict. If the conflict document
should be the real winner, you must promote the conflict document to be a
main document before you delete the original main document. Because the
conflict document is saved as a response to the main document, the conflict
will be “orphaned” and will disappear from the view if the main document is
deleted while the conflict is still a child.
To save the main document, follow these steps:
1. Copy any information that you want to save from the Replication
Conflict document into the main document.
2. Delete the conflict document.

To save the Replication or Save Conflict document, do this:


1. Copy any information that you want to save from the main document
into the Replication Conflict document.
2. Save the conflict document. If you didn’t make any changes to the con-
flict, you must “force” a save by choosing File, Save. The conflict doc-
ument then becomes a main document.
3. Delete the original main document.

Using Design or Administration Techniques


to Prevent Replication or Save Conflicts
You can reduce or eliminate replication conflicts by using either designer or
administrator techniques. Although this is an administration exam, it’s possi-
ble that the exam may also test your knowledge of design techniques that
minimize replication. The following designer techniques can reduce or elim-
inate replication conflicts:
➤ Select the form property Merge Conflicts from the Conflict Handling
field on the first tab of the Form Properties box to automatically merge
conflicts into one document if no fields conflict. When this property is
turned on, Domino can combine the changed fields into a single docu-
ment and does not generate a conflict, as long as different fields are
06 0789729180 ch05 10/21/03 2:38 PM Page 115

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
115
. . . . . .

changed in the documents. If the same field is changed in two docu-


ments in different replicas, a conflict is generated. This form property is
not turned on by default. To view the properties of a design element, you
need to install and use the Designer client.
➤ Specify a form property for versioning so that edited documents auto-
matically become new documents.
➤ Use LotusScript to write a custom conflict handler.

As an administrator, you can use these techniques to resolve or avoid repli-


cation conflicts:
➤ Assign users Author access or lower in the database ACL to prevent
users from editing other users’ documents.
➤ Keep the number of replicas to a minimum.

Clustered Replication
Clustered replication refers to replication that happens between servers that are
clustered for failover. Replication in a cluster is quite different from standard
replication. Cluster replication is event-driven rather than schedule-driven,
so replication happens in real time instead of according to a schedule. The
standard Replica task is replaced with the Cluster Replica task. To start the
Clustered Replicator, the administrator enters the following console com-
mand:
LOAD CLREPL

When the Cluster Replicator learns of a change to a database, it immediate-


ly pushes that change to other replicas in the cluster. If there is a backlog of
replication events, the Cluster Replicator stores these in memory until it can
push them to the other cluster servers. If a change to the same database
occurs before a previous change has been sent, the Cluster Replicator pools
these changes and sends them together to save processing time.
In addition, the Cluster Replicator does not honor the settings on the
Advanced panel in the Replication Settings dialog box. Therefore, you can-
not disable the replication of specific elements of a database, such as the
ACL, agents, and design elements. The Cluster Replicator always attempts
to make all replicas identical so that users who fail over do not notice that
they failed over. Failover refers to Domino’s capability to redirect a user to
another server’s replica for database access if the server is down or is too busy.
06 0789729180 ch05 10/21/03 2:38 PM Page 116

116 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Replication with a cluster is more reliable than replication with an individual


server because Domino replicates with any server in the cluster that contains
a replica of the database it is processing. Therefore, if a server in the cluster
is unavailable, replication can still proceed if another replica exists in the
cluster. Replication with a cluster can also improve performance because
Domino uses workload balancing when choosing a server with which to
replicate.

Monitoring and Maintaining


Replication
Several tools can be used to monitor replication. Some of the tools, such as
the replication history and the log file, are historical, meaning that they pro-
vide the administrator with information about how replication has happened.
The replication monitor document allows the administrator to be notified if
replication hasn’t happened within a specified time period. Viewing replica-
tion schedules and topology maps provides the administrator with a graphi-
cal view of the replication schedule for the domain.

Monitoring Replication History


A database’s replication history can be accessed from the Basics tab of the
Database Properties box or by choosing File, Replication, History. The first
time one server replica successfully replicates with a replica on another serv-
er, Domino creates an entry in the replication history. The entry contains the
name of the other server, as well as the date and time of the replication.
Separate entries are created when a replica sends information and when a
replica receives it.
On each subsequent replication with a specific server, Domino updates the
entry in the history to reflect the most recent replication time. If a database
doesn’t replicate successfully, Domino doesn’t update the replication history.
Domino uses the replication history to determine which documents to scan
for changes during the next replication.
If you have Manager access to a database, you can clear the database replica-
tion history if you think the database doesn’t contain all the documents that
it should or if the database replication history is not synchronized with that
of other replicas.
06 0789729180 ch05 10/21/03 2:38 PM Page 117

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
117
. . . . . .

Clear the replication history only as a last resort to solve replication problems. If you
clear the history, during the next replication Domino must make a more comprehen-
sive evaluation of documents to use for candidates for replication. Normally, you
would clear this setting only if you suspect time/date problems with server or client
clocks.

Viewing the Replication Events View in the


Log File
The replication log entries in the Replication Events view of the log file
(LOG.NSF) display detailed information about the replication of specific
databases (see Figure 5.1). For each database that has replicated on a speci-
fied server, a replication log shows the access the server has to the database;
the number of documents added, deleted, and modified; the size of the data
exchanged; and the name of the replica that this database replicated with.
The Events section of a replication log shows any problems that occurred
when a specific database replicated. For example, the Events section shows
whether replication is disabled or whether the database ACL is preventing
replication.

Figure 5.1 The Replication Events view of LOG.NSF as shown on the Server, Analysis tab of the
Domino Administrator.
06 0789729180 ch05 10/21/03 2:38 PM Page 118

118 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using an Event Generator to Monitor


Replication
A database event generator can monitor database use and ACL changes. If an
administrator creates a database event generator and checks off the Monitor
Replication field, he can choose to be notified if replication doesn’t occur
within a specified time period. A more correct name for this monitor is
Database Replication Failure Monitor. A server administrator creates data-
base event generators as a part of configuring the Event Monitor task. All
monitor documents are created in events4.nsf.
To create a database event generator from the Domino Administrator, per-
form the following steps:
1. Click the Configuration tab, and then open the Monitoring
Configuration view.
2. Open the Event Generators, Database view, and then click New
Database Event Generator.
3. On the Basics tab in the Databases to Monitor section, select Monitor
Replication. In the field labeled Filename, enter the name(s) of data-
bases to monitor (see Figure 5.2).
4. On the Replication tab, select which servers to monitor, and then enter
a time period in hours, which represents the maximum time allowed to
elapse between replications.

Viewing Replication Schedules


You can see a graphical representation of the replication schedules of the
servers in your Domino system. To view replication schedules, from the
Domino Administrator, click the Replication tab.

Replication-Topology Maps
View a replication-topology map to display the replication topology and
identify connections between servers. To view replication topology maps,
from the Domino Administrator, click the Replication tab (see Figure 5.3).
You must load the Topology Maps task before you can view a replication
topology map. Use this graphical view to verify that each server is connect-
ed for replication.
06 0789729180 ch05 10/21/03 2:38 PM Page 119

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
119
. . . . . .

Figure 5.2 The Database Event Generator document.

Figure 5.3 The Replication Topology, By Connections view on the Replication tab of the Domino
Administrator.
06 0789729180 ch05 10/21/03 2:38 PM Page 120

120 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Exam Prep Questions


Question 1
Dave wants to force one-way replication from ServerA to ServerB. Assuming
that he’s using the console on ServerA, what command would he issue?
❍ A. Push ServerB
❍ B. Push ServerA
❍ C. Pull ServerA
❍ D. Pull ServerB

Answer A is correct. By issuing Push ServerB at the server console, the admin-
istrator forces a one-way replication from the server they are on to the spec-
ified server in the command. This command forces one-way replication of all
replicas in common between the two servers. An optional parameter allows
replication of a single database from the server you are on to the specified
server. For example, Push Server1 ADMIN4.NSF forces a one-way replication of
ADMIN4.NSF from the server they are on to the specified server in the
command.

Question 2
Jenny, the Lotus Domino administrator, has just finished rebooting ServerB
after a crash. She now wants to pull all of the documents created on ServerA
while ServerB was down. Which one of the console commands can she issue?
❍ A. Documents cannot be pulled from one replica to another after a server
crash.
❍ B. Push ServerA
❍ C. Pull ServerA
❍ D. Replicate ServerB, ServerA

Answer C is correct. By issuing Pull ServerA at the server console, the admin-
istrator forces a one-way replication from the specified server (the target
server) to the server referenced in the command (the source server). This
command forces one-way replication of all replicas in common between the
two servers since the last replication. This command can be issued after a
server has crashed and rebooted.
06 0789729180 ch05 10/21/03 2:38 PM Page 121

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
121
. . . . . .

Question 3
Which of the following are valid types of replication as listed in the Replication
Connection document? (Choose all that apply.)
❑ A. Push Wait
❑ B. Pull Only
❑ C. Push Only
❑ D. Replicate

Answers B and C are correct. Four types of replication can be scheduled in a


Connection document: pull-pull, push-pull, pull only, and push only. Push
Wait is a type of mail connection choice, and Replicate doesn’t exist as an
option for scheduled replication, although it is one of the commands an
administrator can issue for forced replication.

Question 4
What can a database designer do to minimize replication conflicts? (Choose all
that apply.)
❑ A. Enable the form property Merge Conflicts
❑ B. Enable the database property Merge Replication Conflicts
❑ C. Specify a form property for versioning so that edited documents auto-
matically become new documents
❑ D. Specify a database property for versioning so that edited documents
automatically become new documents
❑ E. Write custom code using LotusScript to prevent documents from
being edited.

Answers A, C, and E are correct. Merge Replication Conflicts and


Document Versioning are both form properties, not database properties.
LotusScript is a language that can trap for the moment that a user tries to
edit a document, thereby enabling the designer to write a custom conflict
handler. Also, this release of Domino supports document locking.
06 0789729180 ch05 10/21/03 2:38 PM Page 122

122 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Question 5
Which of the following commands could the Domino administrator use to start
the Clustered Replicator task on the server?
❍ A. Replicate Cluster
❍ B. Load CLREPL
❍ C. Load Updall
❍ D. Start CLUSTREPL

Answer B is correct. Answers A and D are not recognized console com-


mands. The Updall task is the task on the server that updates view indexes
and full-text indexes.

Question 6
Which one of the following can the Domino administrator use to view detailed
information about replication of a database between two servers?
❍ A. names.nsf
❍ B. log.nsf
❍ C. noteslog.nsf
❍ D. admin4.nsf

Answers B is correct. The Domino Directory (names.nsf) stores information


about replication connections but doesn’t track replication information.
There is no database called noteslog.nsf. The Administration Requests data-
base (admin4.nsf) tracks information about requests processed by adminp.
The adminp process can be used to create replicas on servers but doesn’t track
information about replication activity.

Question 7
Users are complaining that there are many replication conflicts in a database.
What can a Domino administrator do to minimize replication conflicts?
❑ A. Decrease or limit the number of replicas on servers
❑ B. Increase the number of replicas on servers
❑ C. Grant Editor access to all users of the application
❑ D. Grant Author access to all users of the replicas
06 0789729180 ch05 10/21/03 2:38 PM Page 123

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
123
. . . . . .

Answers A and D are correct. The fewer the number of replicas there are,
the less potential there is for multiple users to be opening the same docu-
ment on different replicas. Ensuring that users have only Author access to
the application means that users can edit only their own documents, not doc-
uments being edited by other users. Granting Editor access to users of an
application increases the potential for conflicts because multiple users could
edit any document in any replica.

Question 8
Acme Corporation has just rolled out an inventory-tracking database to allow its
IT department to track equipment within the organization. Acme has decided to
create three replicas across three servers to allow IT staff across the country to
access the database. Replicas are created on the following servers:
Server1/Acme, Server2/Acme, and Server3/Acme.
John, the Domino administrator, wants to make sure that he sets the ACL cor-
rectly to allow documents in the tracking database to replicate across servers.
He wants all ACL changes and design changes to be made on Server2/Acme.
Users should be able to add, edit, and delete documents on any of the three
servers. Data documents should then replicate around to the other replicas.
How should he grant access to the three servers in the ACL of the tracking data-
base?
❑ A. Server1/Acme: Reader; Server2/Acme: Manager; Server3/Acme:
Reader
❑ B. Server1/Acme: Author; Server2/Acme: Manager; Server3/Acme: Author
❑ C. Server1/Acme: Editor; Server2/Acme: Manager; Server3/Acme: Editor
❑ D. All three servers should have Manager access in the ACL.

Answer C is correct. If Server1/Acme and Server3/Acme had either Reader


or Author access in the ACL, neither server would be capable of replicating
additions, changes, or deletions made by users on those servers. A server
must have a minimum of Editor access to replicate Data document changes.
Granting Manager access would allow ACL and design changes to be made
on all replicas, when the question specified that those types of changes were
to be made only on Server2/Acme.
06 0789729180 ch05 10/21/03 2:38 PM Page 124

124 Chapter 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Question 9
Dawn is setting up scheduled replication between ServerA and ServerB. She has
specified a Connect at Times range of 6 a.m. to 8 p.m., with a repeat interval
of 120 minutes. Give the first and second replication times, assuming the
following:
The first replication connection was successful.
The first replication took 8 minutes to complete.
❍ A. 6 a.m., 7 a.m.
❍ B. 6 a.m., 8 a.m.
❍ C. 6 a.m., 8:08 a.m.
❍ D. 6:08 a.m., 8:08 a.m.

Answer C is correct. If the first replication connection was successful and


completed in 8 minutes, the second replication would occur 120 minutes
after the completion of the first replication.
06 0789729180 ch05 10/21/03 2:38 PM Page 125

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
125
. . . . . .

Need to Know More?


Gunther, Jeff and Randall Tamura. Special Edition Using Lotus Notes
and Domino 6. Indianapolis, Indiana: Que Publishing, 2003.
What’s in Store for the Domino R6 Database: www-10.lotus.com/
ldd/today.nsf/8a6d147cf55a7fd385256658007aacf1/acc8a09b7e3e624f8525
6af700621c8a?OpenDocument.

Webcast: “Lotus Live! Series: What’s New in Notes/Domino 6


Administration.” http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci857398,00.html.

Webcast: “Preparation and Test Taking Strategies with Lotus


Education Managers.” http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci876208,00.html.
06 0789729180 ch05 10/21/03 2:38 PM Page 126
07 0789729180 ch06 10/21/03 2:31 PM Page 127

6
Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Physical security ✓ Anonymous access
✓ Server access ✓ Basic name-and-password authentication
✓ ACL ✓ Session-based name-and-password
✓ Roles authentication
✓ Encryption ✓ Authors field
✓ Public key ✓ Readers field
✓ Private key ✓ Group document
✓ ID file ✓ Deny Access group
✓ Certificates ✓ User type
✓ Domino Directory ✓ Security settings document
✓ File protection document ✓ Policy document

Techniques and concepts you’ll need to master:


✓ Understanding each layer of the Domino ✓ Troubleshooting techniques for both server
security model and database access
✓ Securing an application using password ✓ Understanding the ACL, roles, user types,
encryption and the different levels of access within
✓ Securing Domino resources using Notes the ACL
authentication and Web authentication ✓ Providing security through the use of
✓ Understanding the role of Domino groups
Directory in the security model ✓ Understanding the role of Authors and
✓ Describing the different types of Domino Readers fields in securing edit and read
administrators and the tasks they can per- access for documents
form
✓ Controlling access to the server using the
Server document
07 0789729180 ch06 10/21/03 2:31 PM Page 128

128 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The security model within the Domino environment is designed to protect


resources. Information about access rights and privileges is stored with each
protected resource; thus, a given user or server can have different sets of
access rights, depending on the resources to which that user or server
requires access.
Five basic layers make up the Domino security model:
1. Physical security

2. Network and operating system security

3. Authentication

4. Server access

5. Database (application) access

This chapter explores the basic security settings that apply first to physical
security and then to the Domino server and the Domino application. We fin-
ish with a brief discussion of security policies. For exam purposes, it’s impor-
tant to remember that security is applied in a “top-down” method through
the security layers in order. You may want to jot down the security layers
before you begin to write the exam. You’ll also need to remember each of the
seven database access levels and what they mean. Most of the exam questions
will present scenarios involving the different layers.

Physical Security
Physical security involves securing the Domino server’s hardware and software
from local, physical access. Physically securing servers and databases is as
important as preventing unauthorized user and server access. Unauthorized
users or servers must be prevented from having direct physical or network
access to Domino servers. All Domino servers should be locked away in a
ventilated, secure area. Without physical security in place, unauthorized
users could circumvent the database ACL and access applications directly on
the server, use the operating system to copy or delete files, or physically dam-
age the server hardware itself. Physical network security concerns should also
include disaster planning and recovery.
07 0789729180 ch06 10/21/03 2:31 PM Page 129

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
129
. . . .

Securing Domino Applications Based on


Password Encryption
Password encryption for databases is designed to prevent unauthorized
access to locally stored databases. Encryption protects data from unauthorized
access, using a dual-key system to secure (encrypt) and decode (decrypt) data.
Database encryption provides an additional layer of security because Access
Control List (ACL) settings do not necessarily protect locally stored databas-
es. The ACL is a listing of the users and servers that are authorized to access
the database.
Database encryption uses a public-key algorithm. Encryption generates a
random encryption key, encrypts this key with the public key associated with
a specific user ID, and appends the resulting key to the specified database.
The public key is the key that is used to encrypt the data. A user can access
an encrypted database only if the user’s private key can decrypt the appended
key. The private key is used to decrypt the data and is mathematically relat-
ed to the public key so that only the holder of the private key can properly
decrypt that data. You can also use local encryption to encrypt databases on
a server with the server ID if you fear that those databases could be accessed
locally using the network operating system. In this case, only those Domino
administrators with access to the server ID can read the database.

Local databases are often encrypted if they are stored on a portable computer because
the security of a portable computer is easily compromised. For example, let’s say that
somebody steals a laptop computer from the vice president of sales. The VP stores
replicas of his mail database and the Domino Directory, as well as the Corporate Sales
Tracking database, all of which contain sensitive information. If the local replicas have
not been encrypted with the ID file and password of the owner, anyone who can
access the operating system files can read the data in the databases.

Local database encryption is applied by accessing the Database Properties


box and choosing the Encryption Settings button.

Domino Server Security


The Domino server is the most critical resource to secure. Server access is the
collection of security settings that control access to the server’s resources.
You can specify which users and servers have access to the server and restrict
activities on the server; for example, you can restrict who can create new
databases and use passthru connections.
07 0789729180 ch06 10/21/03 2:31 PM Page 130

130 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

You can also restrict and define administrator access by delegating access
based on the administrator duties and tasks. For example, you can enable
access to operating system commands through the server console for system
administrators, and you can grant database access to those administrators
who are responsible for maintaining Domino databases.

Securing Domino Resources Based on


Notes Authentication
A Notes or Domino ID uniquely identifies a user or server. Domino uses the
information contained in IDs to control the access that users and servers
have to other servers and applications. One of the administrator’s responsi-
bilities is to register and protect IDs and to make sure that unauthorized
users do not use them to gain access to the Domino environment.
An ID file is a file that uniquely identifies a certifier, server, or user within the
Domino security environment, using certificates stored on the ID. Three
different types of ID files can be generated by the Domino Administrator,
using the Administrator client:
➤ Certifier ID—Used as a “stamp” to register a new server or user ID

➤ Server ID—Used to identify each unique server in the organization

➤ User ID—Used to identify each unique person in the organization

An ID file contains the following components:


➤ The owner’s name

➤ A permanent license number. This number indicates that the owner has
purchased a legal Domino/Notes license for the software and specifies
whether the owner has a North American or international license to run
Domino or Notes.
➤ At least one Notes certificate from a certifier ID. A Notes certificate is a
digital signature added to a user ID or server ID.
➤ A private key. Notes uses the private key to sign messages sent by the
owner of the private key, to decrypt messages sent to its owner, and, if
the ID belongs to a certifier, to sign certificates.
➤ (Optional for the Notes client only) Internet certificates. An Internet
certificate is used to secure SSL connections and to encrypt and sign
S/MIME mail messages. An Internet certificate is issued by a
Certification Authority (CA) and verifies the identity of the user.
07 0789729180 ch06 10/21/03 2:31 PM Page 131

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
131
. . . .

➤ (Optional) Secret encryption keys. These are keys created and distrib-
uted by developers to allow other users to encrypt and decrypt fields in a
document.

When two Domino servers want to authenticate, or when a user authenti-


cates with a server, each party presents its ID file to the other to verify that
they hold a certificate in common. A fairly complex but rapid comparison
process between the two entities involves generating random numbers using
certificates and keys. When the two entities have ascertained that they have
a certificate in common, authentication proceeds.
If the authentication process fails, the error message that results on the client
or in the log always has the word authenticate in it—for example, “ServerA
does not have any certificates capable of authenticating you.”

Securing Domino Resources Based on the


Domino Directory
The Domino Directory is the most important administrative application in the
Domino environment. The Directory contains a listing of all of the docu-
ments that help to control security and mail routing for the entire Domino
domain: Server documents, Person documents, file protection documents,
certificates, and so on. Anyone who can add documents to or edit documents
in the directory can control access to many of the resources in the system.
The Domino Directory is protected from unauthorized editing by the fol-
lowing security features:
➤ The ACL and roles

➤ A file protection document

Understanding the Domino Directory’s Access Control List


(ACL) and Roles
Access Control Lists define the users and servers who are authorized to
access the database and are discussed in detail in a later section. We briefly
illustrate the features of the ACL for the Domino Directory here, since the
exam competencies specify that the ACL for the Domino Directory must be
examined in detail. To save confusion, we’ve kept all topics related to the
Directory together in the chapter; however, you may want to reread this sec-
tion after reading the more detailed explanation of the ACL. Figure 6.1
shows a typical Directory’s default ACL.
07 0789729180 ch06 10/21/03 2:31 PM Page 132

132 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 6.1 The ACL of a Domino Directory.

Here are the points to remember about the major features of the ACL:
➤ The Default access level for the Directory is typically set to Author, with
no Create or Delete privileges checked in the check boxes and no Roles
assigned. This level allows the average user to read all of the documents
in the Directory, to effectively address mail. Users can also edit their
own Person documents in the Directory, allowing them to change cer-
tain fields such as their Internet password and address information.
Users are allowed to edit only their own Person documents because they
are listed in an Authors field for that document (see the section on
Authors fields later in this chapter).
➤ The Anonymous access level is usually assigned the level No Access.
This level prevents Web users from accessing the Directory.
➤ Servers and server groups listed in the ACL are typically assigned
Manager access, with all of the Create and Delete privileges and Roles
assigned. This high level of access ensures that servers can replicate
changes, additions, and deletions to the Directory to other replicas on
other servers.
➤ There is also typically an Administrators group listed in the Directory’s
ACL (or perhaps several Person groups). Different groups of adminis-
trators are typically assigned different access levels and roles within the
ACL. The Domino Directory ACL includes Creator and Modifier roles
that can be assigned to administrators so that they have the authority to
create and edit specific types of documents.
07 0789729180 ch06 10/21/03 2:31 PM Page 133

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
133
. . . .

Roles are useful when groups of administrators have specialized responsibili-


ties. A role defines a set of users and/or servers, and is unique to each data-
base. For example, senior administrators might have all of the roles assigned,
allowing them to create and modify every type of Directory document, while
junior administrators might have only the GroupCreator and
GroupModifier roles to allow them to create and modify groups.
Here is a complete listing of all of the roles within the Directory’s ACL:
➤ GroupCreator—Can create Group documents

➤ GroupModifier—Can edit Group documents

➤ NetCreator—Can create all documents except Person, Group, Policy, and


Server documents
➤ NetModifier—Can edit all documents except Person, Group, Policy, and
Server documents
➤ PolicyCreator—Can create Policy documents

➤ PolicyModifier—Can edit Policy documents

➤ PolicyReader—Can read Policy documents

➤ ServerCreator—Can create Server documents

➤ ServerModifier—Can edit Server documents

➤ UserCreator—Can create Person documents

➤ UserModifier—Can edit Person documents

The access defined in the ACL by a role never exceeds a general access level. For
example, even if you give the UserCreator role to an administrator who has Reader
access in the ACL, the administrator cannot use the Create menu to create Person
documents.

Securing the Directory with a File Protection Document


A file protection document is created in the Domino Directory during initial
server startup. This document provides administrators with Write, Read, and
Execute access to the Domino Directory. Other users are assigned No
Access. The file protection document is a security feature that protects the
files on a server’s hard drive by controlling the Web clients’ access to files.
The file protection document for the Directory ensures that Web users can-
not access or edit any of the documents in the Directory using a browser.
07 0789729180 ch06 10/21/03 2:31 PM Page 134

134 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Securing Domino Resources Based on Web


Authentication
Web users authenticate with the Domino server using their name and an
Internet password. The name and Internet password are stored in a Person
document in the Domino Directory for the server’s domain. This type of
Web authentication is called name-and-password authentication.
To set up name-and-password authentication for Web clients, one of two
methods can be used:
➤ Basic name-and-password authentication uses the name and password
recorded in the user’s Person document in the Directory. These Person
documents either can be created by the administrator or can be created
via agents using some kind of registration database.
➤ Session-based name-and-password authentication is a more sophisticated
authentication model that includes additional functionality that is not
available with basic name-and-password authentication.

A session is the time during which a Web client is actively logged onto a serv-
er with a cookie. The administrator has two options when enabling session-
based authentication in the Server document:
➤ Single Server—Causes the server to generate a cookie that is honored
only by the server that generated it
➤ Multiserver—Generates a cookie that allows single sign-on with any
server that shares the Web SSO configuration document

To use session-based authentication, Web clients must use a browser that


supports cookies. Domino uses cookies to track user sessions.
Web clients can also authenticate with the Domino server anonymously. To
set up Web clients for anonymous access, you set up either the Internet site or
the server for anonymous access, and then set up database ACLs to include
the entry Anonymous with an access level of at least Depositor. Anonymous
access means that a Web browser client is not required to enter a name and
password to access the Web page. If you do not allow anonymous access and
a user tries to access the server anonymously, the user is prompted to authen-
ticate, as shown in Figure 6.2.
07 0789729180 ch06 10/21/03 2:31 PM Page 135

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
135
. . . .

Figure 6.2 The Web Authentication dialog box.

Setting Up and Configuring Server Access


An administrator can configure many settings to control access to the
Domino server. After a user successfully authenticates with the server, that
user must negotiate the server access layer to gain access to resources stored
on the server.

Securing the Server Console


You can password-protect the server console to force administrators to know
the console password to enter console commands. The syntax of the com-
mand for doing so is as follows:
Set Secure currentpassword

After the console has been password-protected, administrators can’t use the
Load, Tell, Exit, Quit, and Set Configuration server commands until they enter
the password. Console security remains in effect until the password is cleared
by entering a second Set Secure command with the same password.
Here are some examples of the how the Set Secure command can be used:
➤ Set Secure TesTing123—Password-protects the console if no password is
currently in effect. In this case, the new password is TesTing123.
➤ Set Secure TesTing123 456neWpassWord—Changes the existing password
from TesTing123 to 456neWpassWord.
➤ Set Secure TesTing123—Ifthe console is already protected by a
password—in this case, TesTing123—entering a second Set Secure com-
mand with the same password clears the password.
07 0789729180 ch06 10/21/03 2:31 PM Page 136

136 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Restricting Administrator Access to the Server


You can specify various access levels for different types of administrators in
your organization. For example, you might want to give only a few people
high administrative access, while all of the administrators on your team are
designated as database administrators.
Administrators are listed either as individuals or as members of groups in the
different administrator fields on the Security tab of the Server document
located in the Domino Directory. Here is a list of the administrator fields
that control administrative access to the server:
➤ Full-access administrators—These administrators have full access to
administer the server. This is the highest level of administrative
privilege.

The feature to assign full-access administrators replaces the need to run a Notes
client locally on a server. Full-access administrators are automatically assigned
Manager access with all roles in every database ACL, thus allowing them full access
to every application on the server. This feature is new in Release 6 and will probably
appear in at least one exam question because it is new and gives a great deal of
power to the administrator. Be sure to study the different administrator fields and
know what each type of administrator is allowed to do.

➤ Administrators—Administrators listed here have the following rights:

Manager access to the Web Administrator database (WEBADMIN.NSF)


Capability to create, update, and delete folder and database links
Create, update, and delete directory link ACLs
Compact and delete databases
Create, update, and delete full-text indexes
Create databases, replicas, and master templates
Get and set certain database options (for example, in/out of service, data-
base quotas, and so on)
Use message tracking and track subjects
Use the console to remotely administer Unix servers
Issue any remote console command

➤ Database administrators—These administrators are responsible for


administering databases on the server. Users listed here have the follow-
ing rights only:
Create, update, and delete folder and database links
Create, update, and delete directory link ACLs
07 0789729180 ch06 10/21/03 2:31 PM Page 137

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
137
. . . .

Compact and delete databases


Create, update, and delete full-text indexes
Create databases, replicas, and master templates
Get and set certain database options (for example, in/out of service, data-
base quotas, and so on)

Database administrators are not automatically granted Manager access to databases


on the server, nor do they have any access to the Web Administrator database. On
the exam, make sure that you don’t confuse this level with the level of full-access
administrators, which is the only type of administrator that can bypass the ACL.

➤ Full remote console administrators—These administrators can use the


remote console to issue commands to the server.
➤ View-only administrators—These administrators can use the remote con-
sole to issue only those commands that provide system status informa-
tion, such as SHOW TASKS and SHOW SERVER. View-only administrators
cannot issue commands that affect the server’s operation.
➤ System administrators—These administrators are allowed to issue a full
range of operating system commands to the server.
➤ Restricted system administrators—These administrators are allowed to
issue only the operating system commands that are listed in the
Restricted System Commands field.

Allowing and Denying Access to the Server


To control user and server access to other servers, Domino uses the settings
specified on the Security tab in the Server document. If a user or server can
authenticate and the settings in the Server document allow access, the user
or server is allowed access to the server.
The administrator can specify Notes users and Domino servers that are
allowed to access the server, as well as users who access the server using
Internet protocols (HTTP, IMAP, LDAP, POP3). All of these settings are
specified in the Security section of the Server document in the Domino
Directory.
Notes user and Domino server access to a Domino server is controlled
through the following fields in the Security section of the server document:
➤ Access Server—The administrator can allow server access to users listed
in all trusted directories, or only to specific Notes users, servers, and
groups. If the Access Server field is left blank, all users and servers that
can authenticate can access the server.
07 0789729180 ch06 10/21/03 2:31 PM Page 138

138 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Some administrators use an asterisk followed by a certificate name to control


access to the server; for example, */Sales/Acme would give all users in the Sales
OU access. An asterisk followed by the name of a view, such as *($Users), would
give all names that appear in a specific view in the Domino Directory access. It is
handy to be able to use this reference within an ACL to save the time of adding sev-
eral groups to the ACL. For example, instead of having to maintain and update an
All Users group in the Directory, the administrator can use */Acme to refer to all
users in the company.

➤ Not Access Server—These users, servers, and groups are denied access to
the server. Again, administrators also have the option of using the aster-
isk notation. The default value for this field is blank, which means that
all names entered in the Access Server field can access the server.

Remember that names entered in the Not Access Server field take precedence over
names entered in the Access Server field. For example, if you enter a group name in
the Access Server field and enter the name of an individual member of this group in
the Not Access Server field, the user will not be capable of accessing the server.
Typically, the Domino Administrator lists a Deny Access group in this field to deny
access to servers within the company for people who have left the company. See the
discussion about groups and group types later in this chapter.

➤ Create Databases and Templates—These specific servers, users, and groups


are allowed to create databases with the File, Database, New command.
Typically, this capability is restricted to administrators or designers. The
default value for this field is blank, which means that all users can create
new databases.
➤ Create New Replicas—These specific servers, users, and groups are
allowed to create replicas using the File, Replication, New Replica com-
mand. The default value for this field is blank, which means that no one
can create new replicas.
➤ Create Master Templates—These specific servers, users, and groups are
allowed to create master design templates. Servers, users, and groups
who cannot create new databases or replicas on the server cannot create
or update templates. The default for this field is blank, which means that
no one can create master design templates on the server.

Controlling Access to a Specific Network Port


Administrators can use a port access list to allow or deny Notes user and
Domino server access to a specific network port. If the administrator uses
both a port access list and a server access list, users and servers must be list-
ed on both to gain access to the server.
07 0789729180 ch06 10/21/03 2:31 PM Page 139

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
139
. . . .

Access to a specific port is controlled using these NOTES.INI settings:


Allow_Access_portname = names
Deny_Access_portname = names

Here, portname is the name of the port, and names is a list of users, servers, and
groups to which you want to deny or allow access. These names must be con-
tained in the Domino Directory.

Monitoring and Maintaining Server Access


Control
Not too many hands-on tools provided with the Domino Administrator
client are designed to assist the administrator with monitoring or maintain-
ing access control for servers. But the administrator can put in place some
strategies and plans to help keep a tight rein on server security.
Develop strategies to protect your computing environment. When you
understand the potential threats to your Domino environment, you can cre-
ate procedures to protect each part of your Domino computing infrastruc-
ture. This can include developing procedures and rules for some of the
following areas:
➤ Limits on physical access to the Domino servers

➤ Network access and protection

➤ Messaging infrastructure, through the use of antispam and antivirus


products
➤ Change control, to help manage changes to your security model

➤ User training for organizational security rules and technology

➤ Security incident reporting

➤ Development of incident-handling procedures

➤ Planning and delivery of employee security training

➤ Keeping security processes and documentation current and up-to-date

Domino administrators should periodically review the Administrator fields


on the Server document, as well as the fields on the Security section of the
Server document, to assess whether access to the server is being properly
granted or denied.
07 0789729180 ch06 10/21/03 2:31 PM Page 140

140 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting Common Server Access


Problems
Many scenarios illustrate situations in which users and servers can have dif-
ficulty accessing Domino servers. The following sections illustrate these
potential problems. Each section lists a common error resulting in a server
access problem and documents the solutions to those problems.

The Administrator Can’t Enter Commands at the Server


If an administrator can’t run the workstation program on the server, run
standalone server programs, or use the Load, Tell, or Set Configuration com-
mands, the console has likely been password-protected. The administrator
needs to use the Set Secure command at the console or use the Domino
Administrator client to clear the password. The administrator must know the
password to clear it.
An administrator might also fail to enter commands at the console because
he isn’t listed as an administrator in the Administrator fields in the Server
document, or he might be listed as a view-only administrator, with limited
access to enter console commands.

Users Can’t See a New Server in the List of Servers


If users can’t see a new server when they try to add, create, copy, or replicate
a database, the administrator should make sure that the Domino Directory
contains a Server document for the new server and that the information in
the document is accurate and correctly spelled. If no Server document exists,
the administrator should register the new server and ensure that the Server
document gets added to the Directory and then replicated to other servers in
the domain. If a Server document exists and contains accurate information
for the new server, the administrator can check the log file on both the user’s
home server and the inaccessible server to see if there are network problems.

The Server Is Not Responding


The message “Server not responding” might appear when you install a client
or try to open any database on a particular server. Here are some strategies
for resolving this problem, listed in the order in which they should be
attempted:
1. Check that the Domino server and the network are running.

2. Check whether the server has been renamed or recertified. When a


user tries to open a database on a server that has been recertified or
renamed, the message “Server not responding” might appear.
07 0789729180 ch06 10/21/03 2:31 PM Page 141

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
141
. . . .

3. If the client and server are using NetBIOS, make sure that the protocol
is configured properly and that it’s running on the workstation and
server. The workstation and the server must use the same version of
NetBIOS, and the server must be enabled for sufficient NetBIOS ses-
sions.

The User Received the Error Message “You Are Not


Authorized to Access the Server”
When this message appears, the most likely cause is that the user or server is
being denied access to the server through the Deny Access field in the Server
document. Check the names and groups listed in that field, and, if necessary,
remove the name from the field or from the group.

Any direct changes to the Server document require that the server be restarted for the
changes to take effect. For example, if Joe Smith/Acme was listed in the Deny Access
field on the Server document and the administrator removed his name from the field,
the server would need to be restarted for Joe to gain access to the server. But if Joe
was listed as a member of a group in the Deny Access field and the administrator
removed him from the Group document, the server would not need to be restarted for
Joe to gain access to the server. Groups are usually used to grant and deny access to
the server so that the server doesn’t need to be restarted each time someone is added
or removed from the group.

Domino Application Security


As the final layer in the Domino security model for resources, administrators
must understand how to apply security to the database, also known as the
application. The security for the database itself is also multilayer, beginning
with the database Access Control List. Within the database, security can also
be provided for design elements (views, forms, agents, and so on), docu-
ments, sections of documents, and fields. The following sections of this
chapter focus on three main security features: the database ACL with both
individual and group listings, Authors fields, and Readers fields.

Understanding the ACL


Every database has an Access Control List (ACL) that specifies the level of
access that users and servers have to that database. Only someone with
Manager access can create or modify the ACL.

Although the names of access levels are the same for users and servers, those levels
assigned to users determine the tasks that they can perform in a database. Those
assigned to servers determine what information within the database the servers can
replicate.
07 0789729180 ch06 10/21/03 2:31 PM Page 142

142 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

To control the access rights of Notes users, select the access level, user type,
and access-level privileges for each user or group in a database, within the
ACL by choosing File, Database, ACL. Access levels assigned to users in a
database ACL control which tasks users can perform in the database. Access-
level privileges enhance or restrict the access level assigned to each name in
the ACL. For each user, group, or server added in the ACL, you select the
user type and access level in the User Type and Access drop-down lists. To
further refine the access, you select a series of access privileges by selecting
or deselecting the various check boxes located on the right side of the Basics
tab of the ACL. If the application designer created roles, assign them to the
appropriate users, groups, or servers. Figure 6.3 shows the ACL of a data-
base.

Figure 6.3 A database ACL showing entries for groups and individuals.

All changes to the ACL are tracked through the ACL log, which can be
accessed within the ACL itself by choosing File, Database, ACL and choos-
ing the Log tab. Each entry in the list shows when the change occurred, who
made the change, and what changed. The log stores only 20 lines of changes,
not the complete history. Only users who have manager access in the ACL
can view the ACL log.

Access Levels in the ACL


Here is a listing of the seven access levels, from lowest to highest, along with
a brief description of what each level means:
07 0789729180 ch06 10/21/03 2:31 PM Page 143

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
143
. . . .

➤ No Access—Denies access to the database. The error message that


appears to the user is “You are not allowed to access this database.”

The exception to the No Access level is the Public Access level. If the designer of the
database creates Public Access forms and documents are created with these forms,
the documents are marked as Public. Anyone in the ACL with Public Access can read
or write Public documents. The Public Access level is granted by checking the Read
or Write Public Documents check box in the ACL. This technology is used in the Mail
database, where calendar documents get marked as public documents so that access
to those documents can be controlled separately from access to mail messages. Be
careful when selecting the Public Access option—you should check with the data-
base designer to see if public access forms were used in the database so that access
to those documents can be properly set in the ACL.

➤ Depositor—Allows the writing or adding of documents only. Users can-


not read, edit, or delete documents, with the exception of public docu-
ments.
➤ Reader—Allows the reading of documents only. Users cannot add, edit,
or delete documents.
➤ Author—Allows users to read documents and to edit documents in which
they are listed in an Authors field (see the topic later in this chapter
regarding Authors fields). Optionally, users may create or delete docu-
ments.
➤ Editor—Allows the creating, reading, and editing of all documents. This
is the highest level of access to the document data, but it does not grant
access to design documents or to the ACL.
➤ Designer—Includes all the rights of Editors, as well as access to create,
edit, and delete all Design documents in the database such as forms,
shared views, navigators, and so on.
➤ Manager—Includes all the rights of designers, as well as the capability to
modify the ACL and delete the database from the server using the client
user interface commands (File, Database, Delete).

Users and servers who are granted Reader access or higher can be allowed or
denied access to read documents through the use of a Readers field. See the topic
later in this chapter regarding Readers fields.

In some cases, users can have high access to a database that is not defined in the
database ACL. Administrators who are designated as full-access administrators in
the Server document have manager access to all databases, with all privileges and
roles enabled, regardless of whether they are listed in the database ACLs.
07 0789729180 ch06 10/21/03 2:31 PM Page 144

144 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrators who are designated as administrators or database administrators in


the Server document are allowed to delete any database on the server or modify the
database (for example, designate an administration server or create a full-text index),
even if they are not listed as managers in the database ACL. Don’t forget about these
special database privileges when answering exam questions related to database
security and ACLs.

User Types in the ACL


A user type identifies whether a name in the ACL is for a person, server, or
group. A user type is assigned to a name to associate an ID type with that
name so that only that type of ID can access the application. For example, if
you entered a value of Training as the ACL entry and assigned a user type of
Server, the Training server could gain access to the database, but the person
group called Training couldn’t gain access. The user types are Person,
Server, Mixed Group, Person Group, Server Group, and Unspecified. The
default group in the ACL is always assigned Unspecified as the user type. If
you have added Anonymous to the ACL, it should have a user type of
Unspecified.

User types provide additional security for a database. For example, assigning the
Person user type to a name other than Unspecified prevents an unauthorized user
from creating a group document with the same person name, adding his or her
name to the group, and then accessing the database through the group name.
Designating a name as a server or server group prevents a user from using the
server ID at a workstation to access a database on the server.

Securing Applications with Groups


Most administrators control access to databases through the use of groups.
Group documents are created in the Domino Directory to create a single ref-
erence point for people and servers for easy citation within ACLs and mail
messages. An administrator must have at least Author access to the Directory
with the GroupCreator role to create groups. Using groups can help simpli-
fy many administration tasks. Figure 6.4 shows a sample Group document.
Groups are lists of users, groups, and servers that have common traits. Groups
are given a name, group type, description, domain, and Internet address. The
administrator then lists the members of the group in the Members field. The
two group types that are suitable for ACLs are Multipurpose and Access
Control List Only. It’s important to provide a description for the group so
that administrators can keep track of the purpose of each group in the
Directory.
07 0789729180 ch06 10/21/03 2:31 PM Page 145

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
145
. . . .

Figure 6.4 A Group document in the Domino Directory.

One of the group types in the Group Type list is the Deny List Only group. The Deny
Access group is typically listed in the Not Access Server field in the Server docu-
ment, and it is used to deny access to servers for people who have left the compa-
ny. These groups cannot be seen within the Groups view. Deny Access groups are
located within their own view in the Directory called Deny Access Groups. To see this
view, you must be assigned the GroupModifier role. Watch out for references to this
group type on the exam, and remember that these groups are always located within
their own, separate view.

After the group has been created, the Administrator can easily add the group
to the ACL and assign access privileges to it. It is much easier to add and
remove members from a Group document than it is to add and remove indi-
vidual users from the ACL.
When someone is listed in the ACL more than once, the following rules
apply:
➤ If the user or server is listed in the ACL as an individual, that user or
server gets the access level assigned as an individual, regardless of
whether the user or server is also listed in one or more groups. For
example, if Jim Smith/Acme is listed in the ACL as a Reader but is also
in the group called Acme Employees with an assigned level of Author
access, Jim will get Reader access to the database. If his individual access
level is Designer, he will get Designer access to the database.
07 0789729180 ch06 10/21/03 2:31 PM Page 146

146 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ If the user or server is not listed in the ACL as an individual but is listed
in more than one group, that user or server gets the highest of the group
access. For example, if Jim Smith/Acme is listed in the Acme Employees
group with Reader access and in the Administrators group with Manager
access, he will have Manager access to the database.

Securing Applications with Authors Fields


An Authors field works in conjunction with Author access in the database
ACL, and it is used to grant access to edit a document. For someone with
Author access to edit a document, that person must be listed in an Authors
field on that document. In a typical scenario, someone with Author access
has the Create Document privilege and can create documents in the data-
base. Usually the designer of the database places an Authors field on the
form, and computes and stores the name of the user who created the docu-
ment. That user then can edit the document later. The Authors field can also
be editable, in which case the creator or editor of a document can enter other
names into the Authors field, thus allowing those users to edit the document.

Always remember that Authors fields apply only to users who have Author access in
the ACL. Entries in an Authors field cannot override the database ACL; they can only
refine it. Users who have been assigned Reader access or lower in an ACL can never
edit a document, even if they are listed in an Authors field. Users who have Editor
access or higher in the ACL can edit all the documents in the database and are not
affected by an Authors field.

If the designer of the database chooses not to place an Authors field on the
form, users with Author access to the database might be able to create docu-
ments but will never be able to edit those documents after they have been
created and saved in the database.

Securing Applications with Readers Fields


A designer can limit reading on a per-document basis by including a Readers
field on the form. A Readers field can be populated with the name of a group,
role, user, or server name. If any group, role, user, or server is listed in the
Readers field, only that entity can read the document, regardless of some-
one’s access level in the database ACL.
For example, a designer could architect the Main Topic form of a Discussion
database with a button called Mark Private that would allow any author of a
Main Topic document to mark a document so that it was visible only to that
author, and a Mark Public button that would make the document visible to
07 0789729180 ch06 10/21/03 2:31 PM Page 147

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
147
. . . .

all readers of the database. When the user pushes the Mark Private button in
any document that he is capable of editing, a Readers field gets populated
with the name of the user who pushed the button. When that user then saves
the document, that user is the only person who can read the document.
Other users who have access levels in the database that range from Reader
right up to Manager cannot see or read the document.
There are several exceptions to the rules surrounding Readers fields:
➤ If someone is listed in an Authors field on the document, that person
can read the document, regardless of whether he is listed in the Readers
field.
➤ If the Readers field on a document is empty, everyone with Reader
access and higher to the database can read the document.
➤ Full-access administrators can always read all the documents in a data-
base, regardless of whether they are listed in a Readers field for those
documents.

Don’t forget that servers also need to read documents to replicate them. Readers
fields are useful when the designer wants to ensure that some documents can be
read only by certain people or groups. But many designers forget that servers also
need to read documents to replicate them. If a designer decides to use a Readers
field on a form, that designer should always ensure that a server or server group is
computed in a Readers field so that servers can replicate all the documents in the
database to other servers.

Form Read Access Lists


A Form Read Access List lists users, server, roles, or groups that can read
documents created with the form. Many people confuse the Readers field
with the Form Read Access List. Every form in a database contains a section
in which the designer can list users, server, roles, or groups that can read doc-
uments created with the form. You can access this list on the last tab (the
Security tab, marked with a key icon) of the Form Properties box, as shown
in Figure 6.5.
If the designer removes the check mark from the box All Readers and Above
and places the check mark next to one of the entries in the list, any docu-
ments saved with the form are saved with a $Readers field. This field con-
tains the names of all the entries checked in the form’s Read Access List. The
$Readers field achieves the same result as the Readers field, restricting read
access for the document to those users listed in the field.
07 0789729180 ch06 10/21/03 2:31 PM Page 148

148 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 6.5 The Security tab of the Form Properties box.

Troubleshooting Data Access Control


Problems
Many scenarios can cause problems for users and servers who are attempting
to access or perform tasks in a database. The following sections discuss some
of the more common complaints that relate to application access control.

Servers Aren’t Replicating Document Deletions to Other


Replicas
To receive document deletions, the ACL on a destination server replica must
give the source server Editor access or higher and must have the access-level
privilege Delete Documents selected. If servers don’t have adequate access to
the database, they might not be capable of properly replicating changes,
additions, or deletions to the database.

Users Are Complaining That They Can’t Seem to Lock


Documents in a Database
When administrators set the database property Allow Document Locking,
users with Author access or higher can lock documents in that database as
long as they are listed in an Authors field for that document. Locking a doc-
ument prevents editing and replication conflicts by ensuring that the person
who locks the document has exclusive rights to modify the document.
Managers of a database cannot edit a locked document; however, managers
can unlock documents that are locked. If a user is experiencing difficulty
when attempting to lock a document, the most likely problem is that the user
doesn’t have enough access to edit the document.
07 0789729180 ch06 10/21/03 2:31 PM Page 149

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
149
. . . .

Users Complain That They Can’t Seem to “See” All the


Documents in the Database
If users cannot locate or read documents in a database, they likely have been
excluded from reading a document because they aren’t listed in the Readers
field for those documents. If the user needs to be able to read certain docu-
ments, that user needs to find out how to get added to the Readers field—
likely through the use of a role or group.

A User Complains That He Cannot Edit a Document That He


Created in the Database
If a user has Author access in the database and cannot edit a document that
he originally created, that user likely isn’t listed in an Authors field on that
document. The user should look at the database documentation or consult
with the designer or manager of the database. Perhaps the database has been
architected to prevent users from editing their own documents for business
reasons that support the business rules for the application. Or perhaps the
designer has omitted the Authors field by mistake, in which case the design-
er will need to add an Authors field to the form(s) and run agents in the data-
base to populate the Authors fields on existing documents. When the user’s
full hierarchical name has been stored in the document, that user should be
able to edit that document.

Users Complain That They Can’t Create Agents in the


Database
If a user can’t create agents in a particular database, the administrator should
check the database ACL to see if the user has the access level required to cre-
ate agents in that database. To create personal agents, a user must have at
least Reader access to the database, with the Create Private Agents privilege
checked. To create shared agents, a user must have at least Designer access.
If the designer wants to create agents that use either LotusScript or Java
code, the Create LotusScript/Java Agents privilege also must be checked.

Creating Security Policies


Domino policies are a way of distributing administrative settings, standards,
and configurations to users, groups, or entire organizations. A policy document
is a collection of administrative settings that addresses an administrative area.
An administrator can then use this document to establish and enforce admin-
istrative standards and to distribute them throughout the organization. The
administrator can easily modify and maintain security standards across an
07 0789729180 ch06 10/21/03 2:31 PM Page 150

150 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

organization by simply editing a security settings document. Security settings


documents can be used to control the management and deployment of the
following security settings:
➤ Execution control lists (ECLs)

➤ Notes and Internet password settings and synchronization

The security settings document has two major sections: the Password
Management tab and the Execution Control List tab. Here is a summary and
brief explanation of the fields on the Password Management tab:
➤ Allow Users to Change Internet Password over HTTP—Allows users to use a
Web browser to change their Internet passwords
➤ Update Internet Password When Notes Client Password Changes—Allows
users to use the same password to log in to both Notes and the Internet
➤ Check Notes Password—Requires Notes client IDs to use a password for
Notes authentication
➤ Enforce Password Expiration—Enables or disables password expiration for
Notes only, Internet only, or both Notes and Internet passwords

If password expiration has been enabled, the administrator must complete


the following fields:
➤ Required Change Interval—The number of days a password can be in
effect before it must be changed.
➤ Allowed Grace Period—The number of days users have to change an
expired password before being locked out.
➤ Password History (Notes only)—The number of expired passwords to store.
Storing passwords prevents users from reusing old passwords.
➤ Required Password Quality—Sets password quality or length requirements
for passwords.

An ECL protects user workstations against active code from unknown or


suspect sources, and can be configured to limit the action of any code that
runs on workstations. The ECL determines whether the signer of the code
is allowed to run that code on a given workstation, and it defines the access
that the code has to various workstation functions. For example, an ECL can
prevent another person’s code from running on a computer and damaging or
erasing data. The following settings are set on the Execution Control List
tab of the security settings document:
07 0789729180 ch06 10/21/03 2:31 PM Page 151

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
151
. . . .

➤ Admin ECL—Choose Edit to edit the default administration ECL, or


choose New to create a new administration ECL.
➤ Update Mode—Choose Refresh to update workstation ECLs with
changes made to the Administration ECL, or choose replace to over-
write the workstation ECL with the Administration ECL.
➤ Update Frequency—Choose Once Daily, When Admin ECL Changes, or
Never to control how often the workstation ECL is updated.
07 0789729180 ch06 10/21/03 2:31 PM Page 152

152 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Exam Prep Questions


Question 1
Which of the following best describes the role of the full-access administrator?
❍ A. Performs database creation and deletion.
❍ B. Performs user registration and deletion.
❍ C. Performs day-to-day database maintenance.
❍ D. Performs any administrative task, including full access to all databas-
es. Can be used for emergency use.

Answer D is correct. Full-access administrators have Manager access with all


roles to all databases on the server, regardless of the database ACL. This
administrative access level can be for emergency use, when the administrator
needs to be able to access data for troubleshooting purposes.

Question 2
Which of the following is not a valid level of administrative access to the Domino
server?
❍ A. Database administrator
❍ B. Domino administrator
❍ C. Restricted system administrator
❍ D. Full-access administrator

Answer B is correct. Domino administrators is not a valid option on the serv-


er document. The valid options are:
Full-Access Administrators
Administrators
Database Administrators
Full Remote Console Administrators
View-Only Administrators
System Administrator
Restricted System Administrator
07 0789729180 ch06 10/21/03 2:31 PM Page 153

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
153
. . . .

Question 3
Colin, a Notes user, wants to lock a document in a database. Which of the fol-
lowing is the lowest level of access he can have to the database that allows him
to lock the document?
❍ A. Reader
❍ B. Editor
❍ C. Author
❍ D. Manager

Answer C is correct. To lock a document in Notes, you must be able to edit


the document. The lowest level of database access that allows document edit-
ing is Author access. Colin’s name would also need to be listed in an Authors
field on the document to allow him to edit it. Additionally, document lock-
ing must be enabled for the database.

Question 4
Which of the following statements about password synchronization is true?
❍ A. Users can synchronize their Notes and Internet passwords in the User
Security dialog box in the Notes client.
❍ B. Users can synchronize their Notes and Internet passwords by access-
ing their own Person document in the Directory.
❍ C. Notes and Internet passwords can be synchronized by the administra-
tor if he creates a security settings document specifying that both
passwords should be synchronized, and applies that security setting
through the use of a policy document.
❍ D. Notes and Internet passwords cannot be synchronized.

Answer C is correct. The Domino administrator can choose to synchronize


the Internet password with the Notes password through the use of policies
and security settings, thus giving the end user the same password to log into
both Notes and the Internet.
07 0789729180 ch06 10/21/03 2:31 PM Page 154

154 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Question 5
Wendy needs to change some of the fields on a security settings document.
Which of the following roles does she need to make the changes?
❍ A. PolicyEditor
❍ B. PolicyModifier
❍ C. PolicyCreator
❍ D. PolicyAuthor

Answer B is correct. Three ACL roles are associated with policies: the
PolicyCreator role, the PolicyReader role and the PolicyModifier role.
The PolicyCreator role is required to create a policy document. The
PolicyModifier role is required to modify a policy document. The
PolicyReader role is required to read a policy document.

Question 6
Beth, one of the Domino administrators in the Acme Corporation, needs to use
the Domino Administrator client to create a replica of a Discussion database on
ServerB/Acme. Which of the following best describes the rights she needs to
accomplish this task?
❍ A. She must be listed in the Access Server field for ServerA/Acme.
❍ B. She must be listed in the Create New Databases and Templates field
for ServerB/Acme.
❍ C. She must be listed in the Create Replica Databases field for
ServerB/Acme.
❍ D. She must be added to the Administrators group in the Directory.

Answer C is correct. The Create Replica Databases field contains a list of


users who are authorized to create new replica databases on the Domino
server. If the field is blank, no one can create replica databases. Answer D
isn’t necessarily correct because we don’t know whether the Administrator
group is listed in the Create Replica Databases field.
07 0789729180 ch06 10/21/03 2:31 PM Page 155

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
155
. . . .

Question 7
Bob just finished creating a group within the Domino Directory, but he can’t
locate the group within the Groups view. Which type of group did he create?
❍ A. Multipurpose
❍ B. User
❍ C. ACL Only
❍ D. Deny List Only

Answer D is correct. The Deny List Only group denies access to users listed
in the group when the group name is used within a server access list. A Deny
List Only group usually contains the names of former employees of compa-
nies. The Deny List Only group type doesn’t display in the Groups view of
the Domino Directory, but rather displays within the Deny Access Groups
view. To see this view, you must be assigned to the GroupModifier role.

Question 8
Susan locked a document within a database and then went on vacation the next
day. She isn’t scheduled to return to the office for another two weeks, and Jesse
needs to be able to edit the document in her absence. Which of the following
access levels does Jesse need to unlock the document?
❍ A. Manager
❍ B. Designer
❍ C. Editor
❍ D. Author

Answer A is correct. Document locks prevent any users from immediately


editing the document, including those with Manager access to the database.
However, a user with Manager access to a database can unlock a locked doc-
ument, and then proceed to edit it.
07 0789729180 ch06 10/21/03 2:31 PM Page 156

156 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Question 9
Joey enters the following command at the server console:
Set secure passwordabc

Which of the following statements is true?


❑ A. If the console was password-protected using the password password-
abc, then by entering this command, Joey has cleared the current
password and the console is no longer protected.
❑ B. If the console was password-protected using the password 123abcdef,
then by entering this command, Joey has reset the console password
to passwordabc.
❑ C. If the console was not password-protected, then by entering this com-
mand, Joey has protected the console with the password pass-
word123.
❑ D. Joey has not used the correct syntax for the set secure command;
therefore this command will have no effect at the server console.

Answers A and C are correct. If a the console is already password-protected,


you must enter the set secure command with the current password to unlock
the console. If the console isn’t password-protected, entering the set secure
command with a password secures the console with that password. To reset
a password on a secure console, you must enter the following command:
Set secure “oldpassword” “newpassword”
07 0789729180 ch06 10/21/03 2:32 PM Page 157

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
157
. . . .

Need to Know More?


Tulisalo, Tommi et al. Upgrading to Lotus Notes and Domino 6. IBM
Redbooks, 2002. Also available on the Web at www.redbooks.ibm.com/.
For references to security, consult Chapter 10, “Security.”
Gunther, Jeff and Randall Tamura. Special Edition Using Lotus Notes
and Domino 6. Indianapolis, Indiana: Que Publishing, 2003.
Policy-based system administration with Domino 6: www-10.lotus.com/
ldd/today.nsf/8a6d147cf55a7fd385256658007aacf1/d78ede75b351cf8100256b
e9005b7d35?OpenDocument.

Lotus Domino 6 Technical Overview: www-10.lotus.com/


ldd/today.nsf/3c8c02bbcf9e0d2a85256658007ab2f6/089a22f9f8a573af8525
6a1b00782950?OpenDocument. For references to security, consult the sec-
tion “New Security Features.”
Accessing and protecting the file system: www-10.lotus.com/
ldd/today.nsf/f01245ebfc115aaf8525661a006b86b9/a115026680fd74498525
6b34000f4c1b?OpenDocument.

Webcast: “Lotus Live! Series: What’s New in Notes/


Domino 6 Administration.” http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci857398,00.html.

Webcast: “Preparation and Test Taking Strategies with Lotus


Education Managers.” http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci876208,00.html.
07 0789729180 ch06 10/21/03 2:32 PM Page 158
08 0789729180 Pt 2 10/21/03 2:31 PM Page 159

PART II
Exam 621
7 Installing and Configuring
8 Mail
9 Monitoring Server Performance
10 Replication
11 Security
08 0789729180 Pt 2 10/21/03 2:31 PM Page 160
09 0789729180 CH07 10/21/03 2:45 PM Page 161

7
Installing and Configuring
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Domino server types
✓ Transaction logging
✓ Domino clustering
✓ Domino Welcome page
✓ Certificate authority
✓ Multiuser support

Techniques you’ll need to master:


✓ Capacity planning based on performance
✓ Setting up and configuring a Notes/Domino Release 6 Server
✓ Installing a Notes/Domino Release 6 server
✓ Setting up servers of different types
✓ Setting up/configuring Directories
✓ Deploying a corporate standard Welcome page
✓ Creating/registering certificates
✓ Creating/registering users
✓ Certifying with a CA key
✓ Setting up multiuser support
✓ Setting up workstations for different clients
✓ Setting up/configuring calendaring and scheduling
✓ Setting up/configuring transaction logging
✓ Setting up servers for load balancing and failover
✓ Setting up servers for sharing resources
✓ Applying policy documents to existing users
✓ Migrating from a distributed directory to a central directory
09 0789729180 CH07 10/21/03 2:45 PM Page 162

162 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

In this chapter, we cover how to install and configure the prime components
of a Domino domain. Topics discussed include setting up and installing a
server, the different server types available, and how to ensure that you have
planned properly for the maximum performance throughout the domain.

Capacity Planning Based on


Performance
Capacity planning in a Domino domain consists of establishing the parame-
ters that will be used to make sure the servers and network are running at
optimum efficiency. Domino is a powerful application, but it must be set up
properly to achieve peak performance. Before beginning the setup of a
Domino server, take the time to map out the domain and plan accordingly to
deploy a premium installation. Items to consider when creating a capacity
plan for the domain include
➤ Create a map of the proposed Domino network and the anticipated
number of users as well as the proposed size of the databases as the
domain grows. Engage a Domino consultant if necessary to assist with
the project scope to help determine the manner in which the network
should be defined.
➤ Configure the server with the fastest processor or multiple processors
available if possible. Specific Domino tasks, such as the indexer and
replicator, perform more efficiently on faster machines and reduce the
performance overhead.
➤ Domino can be disk intensive. Use high-speed disk arrays with RAID
striping enabled to achieve the quickest reads and writes in the disk sub-
system. Use drives with a low seek time and install disk controllers with
disk caching.
➤ Most programs use memory if it is available and Domino is no excep-
tion. Using large amounts of memory with Domino causes less disk
swapping to occur because the paging file requires minimal access;
therefore, having the most memory available is the optimal choice.
➤ User and servers are required to connect to the server, so network infra-
structure should be a prime consideration when deploying the servers.
Setting up servers on a congested network causes problems from the
start, so take the time to perform proper network diagramming before
installing the servers.
09 0789729180 CH07 10/21/03 2:45 PM Page 163

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
163
. . . . . .

When planning for a Domino installation, make sure that the network cards in the
server can make the best use of the available bandwidth. Using a 10Mbps card on
a 100Mbps network will not allow the server to participate on the network effi-
ciently.

➤ Consider the work hours of the user community when scheduling sys-
tem tasks such as server backups. Domino has specific tasks, such as
Compact or Fixup, that run more efficiently when the server access is
low, so Lotus schedules these programs to run in the early morning
hours when the server load is light. Backing up the system is no different
and proper care should be taken to schedule backups so that they will
start when users are logged off the server and before the nightly mainte-
nance routines launch.

After the server has been built and the Domino server software has been
installed, consider these options to gain the maximum performance in the
domain:
➤ Certain tasks are loaded by default when the server is built. If not all
services are being used, remove them from the server configuration to
allow the server to process only the necessary tasks. For instance, if cal-
endaring and scheduling is not being used in the server, remove Calconn
and Sched from the Notes.ini file. Take a look at all tasks that are being
loaded and remove what isn’t necessary.
➤ Take advantage of special codes that Lotus has written to maximize the
performance of the server. For instance, if the server only has a single
processor installed, set the SERVER_MAXSESSIONS to a specific
number to manage the number of concurrent Notes client sessions.

Lotus has created an entire white paper, “Maximizing Domino Perfor-


mance” that addresses these issues as well as other recommendations. The
paper is available at http://www-10.lotus.com/ldd/.

Installing a Notes/Domino Release


6 Server
Lotus has spent a considerable amount of time making it as easy as possible
for an administrator to install the server. These are the major phases of the
setup process:
09 0789729180 CH07 10/21/03 2:45 PM Page 164

164 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Creation of the Domino Directory

➤ Creation of the ID files, including the server ID, certifier ID, and the
administrator ID
➤ Creation of the Domino log

➤ Definition of appropriate network configurations

Before beginning the install, make sure that thought has been given to the require-
ments needed for the most efficient hardware platform to provide the optimum per-
formance. Copious amounts of RAM, adequate bandwidth, and fast drive arrays are
well worth the investment to building a premium server.

Lotus has provided multiple server types to allow administrators to have various
options for creating a Domino domain that will perform as needed based on the
user’s requirements. Make sure that you are familiar with these different types and
that you install each of them in your development environment when studying for the
exam.

Setting Up Servers of Different Types


Before launching the setup program, consider the type of server that needs
to be running based on the needs of the organization. There are three types
of servers that can be installed:
➤ Domino Utility Server—Select this server type if the requirement is for
application services only and no messaging services. This selection does
support Domino clustering. The Utility server is a new product type
provided by Domino release version 6.
➤ Domino Messaging Server—Select this server type if the requirement is
for messaging services only. The Messaging server does not support
Domino clustering.
➤ Domino Enterprise Server—Select this server type if the requirement is for
application services, messaging services, and Domino clustering services.

Running the Installation Program


After launching the installation program, the setup utility will guide the
administrator through the following steps:
1. The setup program unpacks the installation files to a temporary direc-
tory. This is an automatic process and requires no intervention from
the administrator.
09 0789729180 CH07 10/21/03 2:45 PM Page 165

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
165
. . . . . .

2. The Lotus Domino program dialog box appears after the files are
decompressed. Click Next to continue.
3. The license agreement appears next. Read the agreement and click Yes
to continue.
4. A dialog box appears asking for your name, company name, and a
check box allowing the administrator to choose a partitioned server if
required. Complete the fields and select Next to continue.
5. The next screen that appears allows the administrator to select the
server locations for the Program folder and the Data folder. Typically,
the Program folder is small in size and can be placed on a system vol-
ume. The Data folder contains all the databases on the server and
should be placed on the fastest drives on the server where there is suffi-
cient room for growth. Select the destination folders and click Next to
continue.
6. A dialog box appears allowing the administrator to select the type of
server to install (see “Setting Up Servers of Different Types,” earlier in
this chapter). As each server type is selected, the text next to the
Customize button at the bottom of the dialog box changes, allowing
each server type to be set up as needed based on custom selections that
are chosen. Select the server type and click Next to continue.
7. The next screen provides the choices for Program folders. Either type
the name of a new folder or select an existing folder from the list.
Click Next to continue. The setup program will now install the server.
8. After the software installation program has finished, click Finish to exit
the setup program.

Setting up and configuring a Domino server is a key skill needed by an experienced


administrator. Carefully review the information in the following section when prepar-
ing for the exam. If it has been some time since you have installed a server, make
sure you spend time drilling on these concepts and, as stated before, install a serv-
er in your development environment. Real-world, hands-on experience is the best
teacher, but the information here can help extend your knowledge.

Setting Up and Configuring a


Notes/Domino Release 6 Server
After the server software is installed, it needs to be configured. To start the
configuration process, select the Lotus Domino Server selection on the
Program menu and follow these steps:
09 0789729180 CH07 10/21/03 2:45 PM Page 166

166 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1. The Server Setup screen loads. On this screen, there is an option to


change the fonts if desired. Click Next to continue.
2. Server Setup now needs to know if this is the first server in a domain
or is a server being added to an existing domain. The two choices are
➤ Set up the first server or a stand-alone server. This will set up a new
Domino server and a new Domino domain.
➤ Set up an additional server. This will setup an additional Domino
server into an existing Domino domain. This requires that the serv-
er is already registered in the Domino Directory. (You may need to
obtain additional information from your Domino administrator.)
Select “Setup the first server or a stand-alone server” and click Next to
continue.

Selecting the option to set up an additional server requires a server ID that has already
been created from the domain’s registration server. If this option is being chosen,
make sure that the ID is available before continuing. The setup program will then
make a connection to the registration server and obtain a copy of the Domino
Directory to finish the setup. To get a true understanding of the total process involved
in setting up a server from scratch, we are going to assume that we are selecting the
first option and setting up the first server in a domain.

3. At this time, a server name and title need to be provided. In the Server
Name field, enter a unique name for the server, keeping in mind that
the name chosen is difficult to change and should be reflective of the
purpose of the server, such as “Sales Hub” or “Primary Domain
Server.” The default name populated in this field is the host name of
the server but should be changed as necessary to provide a logical
domain name.
4. An optional field on this page is the Server Title. Use this field to pro-
vide a description of this server’s purpose. A check box also exists in the
event that an existing server ID is available. Complete the required
fields and click Next to continue.
5. The next screen allows the administrator to select the organization
name. Each server and user ID has the organization name as a compo-
nent of its name, so care should be taken to use a short name identifier.
Complete the Organization Name field. This is an active field.
Directly below the Input field, the setup program displays an example
of a server name as well as a username.
6. The other two fields on this page are related to the Organization
Certifier password. Enter a password, a minimum of five characters,
09 0789729180 CH07 10/21/03 2:45 PM Page 167

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
167
. . . . . .

and then enter it again in the Confirm Password field. A check box
exists in the event that a certifier ID that the administrator would want
to use with this domain already exists.
7. Select the Customize button and the Advanced Organization Settings
screen loads. Enter the Organizational Unit name in the blank field.
8. Enter an Organization Certifier password, using a minimum of five
characters, and then enter it again in the Confirm Password field. A
check box exists in the event that a certifier ID that the administrator
would want to use with this domain already exists.
9. If this server is going to be used in a country other than the United
States, select a Country code from the drop-down box at the bottom of
the page and click OK to continue. The setup program now returns to
the Organization Name page. If an Organizational Unit name was cho-
sen, it is now displayed on this page with the example names. Click
Next to continue.
10. The setup program now needs to define the Domino domain name.
The Choose the Domino Domain Name dialog box appears. There is
only one field on this page to be completed. Enter the name of the
Domino domain and click Next to continue.
11. Domino now requires the identification of an administrator before
continuing the setup process. The Specify an Administrator Name and
Password dialog box appears. Enter the first name, middle initial, and
last name of the person who will serve as the administrator for the
server.
12. The other two fields on this page are related to the Organization
Certifier password. Enter a password, a minimum of five characters,
and then enter it again in the Confirm Password field. Check boxes on
this page allow the saving of a local copy of the ID file to a location of
the administrator’s choice, or allow an existing administrator ID to be
used if one exists. Complete the selections on this page and click Next
to continue.
13. The next screen is used to determine what Internet services this server
will offer. The default services available on the screen include
➤ Web Browsers (HTTP Services)

➤ Internet Mail Clients (SMTP, POP3, and IMAP Services)

➤ Directory Services (LDAP Services)


09 0789729180 CH07 10/21/03 2:45 PM Page 168

168 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

In addition, this screen has a Customize button that opens the


Advanced Domino Services dialog box, which is used to select
advanced Domino services to run on the server. The following services
are available:
➤ Database Replicator

➤ Mail Router

➤ Agent Manager

➤ Administration Process

➤ Calendar Connector

➤ Schedule Manager

➤ Statistics

➤ DIIOP CORBA Services

➤ DECS Domino Enterprise Connection Services

➤ DOLS Domino Offline Services

➤ Billing

➤ HTTP Server

➤ IMAP Server

➤ Ispy

➤ LDAP Server

➤ POP3 Server

➤ Remote Debug Server

➤ SMTP Server

➤ Stats

➤ Statistics Collector

➤ Web Retriever

➤ Change Manager

Select the desired choices for this server and click OK to return to the
Internet Services screen. Click Next to continue.
14. The Domino Network Settings dialog box now appears and displays
enabled port drives and host names. To change these settings, click the
Customize button. The Advanced Network Settings dialog box is
09 0789729180 CH07 10/21/03 2:45 PM Page 169

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
169
. . . . . .

displayed. Make the changes as needed for the server and click OK.
Click Next to continue.
15. Security is now set using the Secure Your Domino Server dialog box.
Two check boxes are available on this page.
➤ Prohibit Anonymous Access to All Databases and Templates

➤ Add LocalDomainAdmins Group to All Databases and Templates

Select the desired options and click Next to continue.


16. A summary page now appears with the choices that have been selected
during setup. If changes need to be made, select the Back button to
return to the setup page needing to be changed, make the desired
changes, and click Next to return to this page. If everything is correct,
click Setup.
17. Server setup now starts and a progress bar is displayed until the process
is completed. The setup summary screen reappears when the process is
finished. Click Finish to close the setup.

Setting Up/Configuring Directories


The primary application on the Domino server is the Domino Directory.
The first server in a domain always starts with the primary Directory in the
domain and is sometimes known as a Hub server. Without the Directory, the
server is unable to function, so care should be taken to maintain it and set it
up properly. The Directory contains information about users, servers, and
groups, as well as information needed to communicate with other servers in
the domain and the Internet. Administrators use the Domino Directory to
maintain security throughout the domain and control how the servers oper-
ate. Mail routing, database replication, and Web access are all controlled
within the Directory. The default database name associated with the
Directory is NAMES.NSF and the template used for the design of the
Directory is PUBNAMES.NTF.
The Domino Directory can be configured by accessing the database from
the client workspace, by using the Administrator client or by accessing the
server with a Web browser. The Directory contains the following sections
that can be modified:
➤ People

➤ By Organization

➤ Alternate Languages
09 0789729180 CH07 10/21/03 2:45 PM Page 170

170 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Certificate Expiration

➤ Policies

➤ Groups

➤ By Organization

➤ Deny Access Groups

➤ Configuration

➤ Servers

➤ Messaging

➤ Replication

➤ Directory

➤ Policies

➤ Web

➤ Clusters

➤ Certificates

➤ Miscellaneous

Editing the Directory consists of selecting a section, opening the documents,


making the changes, and then saving the changes by clicking the Save &
Close button.

Deploying a Corporate Standard


Welcome Page
In these days of Web pages and Program menus, there are some users who
are intimidated by the sight of the Lotus Workspace. In an effort to accom-
modate these users, Lotus has given administrators the ability to modify the
Welcome page and customize it so that users can easily access the informa-
tion they need to do their daily job. The Welcome Page is a customizable
application interface that allows users to easily run these programs by using
icons and dialog buttons. To create the Welcome page, perform the follow-
ing steps:
09 0789729180 CH07 10/21/03 2:45 PM Page 171

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
171
. . . . . .

1. Launch the Domino Administrator. Open the File menu, select


Database, and then select New. Complete the following fields:
➤ Server field—Leave this set to Local.

➤ Title field—Enter a name for the database.

➤ File Name field—The File Name field populates automatically based


on the Title field. It can be changed if necessary to be a more
descriptive filename.
2. Click the check box at the bottom of the page to select advanced tem-
plates.
3. Scroll down the window to select the Bookmarks (6) template.

4. Click OK to create the Welcome Page database. The Welcome Page


now displays three options:
➤ 1—Click Here to Create a New Welcome Page

➤ 2—Click Here to See What’s New in Lotus Notes 6

➤ Check mark—No Thanks, Just Give Me the Defaults

5. Click selection 1 to create a custom Welcome page.

6. A New Page dialog box appears. Enter the name of the new page in
the field provided and click Next.
7. Decide how the page should be displayed. Select Frames or Personal
Page and click Next. If you selected Personal Page, go to step 8 to fin-
ish the process; if you selected Frames, complete steps 9 through 13 to
finish the process.
8. Select a layout from the Welcome Page gallery and click Next; then
click Finish to launch the new Welcome page.
9. Select the Frame contents to be displayed on the page and select Next.

10. Choose a frame layout and click Next.

11. Select the content on the Content Placement page to place it on the
Welcome page.
12. Check the box to either load the Launch Pad and/or the Action Bar
buttons and click Next to continue.
13. Click Finish to launch the new Welcome page.
09 0789729180 CH07 10/21/03 2:45 PM Page 172

172 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 7.1 This is an example of a very basic Welcome page.

Creating/Registering Certificates
Lotus uses certificates to allow users and servers to be identified with a
unique digital signature. Servers and user IDs contain at least one certificate
that will be set to expire within a specific amount of time. Certificates are
created when IDs are created and can also be added when a user or server
needs to access a new resource that requires a common certificate to exist.
Certificate information can be determined by selecting File, Security, User
Security, and then selecting Your Identity, Your Certificates. The following
information is shown in this view:
➤ Certificate names

➤ Issue date

➤ Issuer

➤ Activation date

➤ Expiration date

➤ Type

➤ Key identifier
09 0789729180 CH07 10/21/03 2:45 PM Page 173

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
173
. . . . . .

As mentioned earlier, in the event that Domino organizations are required to


exchange data, they need to share a common certificate. This is accom-
plished by using an organization certifier ID file. Cross certifying a user or
server ID with an organizational certifier guarantees that both IDs have a
common certificate. Domino uses two types of certifier IDs related to organ-
izations:
➤ Organization certifier ID—The default name for this ID file is CERT.ID.
This ID file is created when the server is deployed. This ID typically
includes the company name and is the highest point on the hierarchy
tree.
➤ Organizational Unit certifier IDs—This level of organizational certifier is
typically used to delineate the next level on the hierarchy tree, usually
identifying county or department names.

Creating an Organization Certifier ID


To create a new organization certifier ID, follow these steps:
1. Using the Administrator client, select the Configuration tab and open
the Tools pane. Select Registration, and then click Organization.
2. In the dialog box that appears, complete the following information:

➤ Organization name

➤ Country code (optional)

➤ Certifier password

3. Use the Password quality slide bar to determine the quality of pass-
word security to assign to the ID file. The default location of the slider
is to the extreme left, which is no password and a value of 0. Sliding
the bar to the extreme right forces a very strong password and a value
of 16.
4. Choose a Security type; the two choices are North American and
International.
5. In the Mail Certification Requests to (Administrator) field, supply the
name of the administrator.
6. Optionally, complete the Location and Comments fields.

7. Click Register to create the new certifier ID.


09 0789729180 CH07 10/21/03 2:45 PM Page 174

174 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Creating an Organizational Unit Certifier ID


To create a new Organizational Unit certifier ID, complete these steps:
1. Using the Administrator client, select the Configuration tab and select
the Server document for the server to be recertified.
2. Open the Certification menu option under the Tools pane and select
Organizational Unit; a dialog box appears.
3. Click the Server button to select the registration server and click OK.
Choose one of these two options:
➤ Supply Certifier ID and Password—A file navigation dialog box
appears when this option is selected. Navigate to the required certi-
fier ID and select OK.
➤ Use the CA Process—This option allows the administrator to recertify
the ID without having access to the certifier ID or the certifier pass-
word. A drop-down box is provided to allow the administrator to
select a CA-configured certifier from the ones available on the server.
4. After you’ve selected one of the two options, click OK. If Supply
Certifier ID and Password is chosen, a dialog box appears requiring the
certifier password. Enter the password and select OK to continue.
5. The Register Organizational Unit Certifier dialog box appears; select
the registration server.
6. Select the certifier ID.

7. Select Set ID File to define the location for the new certifier ID being
created.
8. Complete the Organizational field.

9. Complete the Certifier Password field.

10. Use the Password quality slide bar to determine the quality of password
security to assign to the ID file. The default location of the slider is to
the extreme left, which is no password and a value of 0. Sliding the bar
to the extreme right forces a very strong password and a value of 16.
11. Choose a Security type; the two choices are North American and
International.
12. Complete the Mail Certification Requests to (Administrator) field.

13. Optionally, complete the Location and Comment fields.

14. Click Register to create the new ID file.


09 0789729180 CH07 10/21/03 2:45 PM Page 175

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
175
. . . . . .

Creating/Registering Users
To create a new user, follow these steps:
1. Launch the Domino Administrator and select the People & Groups tab.

2. Using the Tools pane, select People and Register. A dialog box appears
requiring the certifier password. Enter the password and click OK to
continue.
3. The Register Person—New Entry dialog box appears. Enter the rele-
vant user information related to name and password.
4. Select the Create a Note ID for This Person option and then click
Register.
5. A dialog box appears asking if you want to add the new person to the
pending registration queue. Click Yes to continue and create the ID
and register the user.

Certifying with a CA Key


A certificate authority is used to issue a trusted certificate that will be used to
enable a client and a server or two servers to communicate in a secure man-
ner. A CA key, or Certificate Authority key, is made available to the domain via
a Domino Web server. To provide CA certification, follow these steps:
1. Configure the server to act as a Web server. Make sure the HTTP task
is running.
2. Launch the Domino Administrator. Open the File menu, select
Database, and then select New. Complete the following fields:
➤ Server field—Leave this set to Local.

➤ Title field—Enter a name for the database.

➤ File Name field—The File Name field populates automatically based


on the Title field. It can be changed if necessary to be a more
descriptive filename.
3. Click the check box at the bottom of the page to select advanced tem-
plates.
4. Scroll down the window to select the Domino Certificate Authority (6)
template (CCA50.NTF).
5. Click OK to create the Certificate Authority Setup application.
09 0789729180 CH07 10/21/03 2:45 PM Page 176

176 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6. Select Create a CA Key Ring File and CA Certificate.

7. Complete the fields on the form and click Create Certificate Authority
Key Ring. A summary page is generated containing information about
the CA key. Click OK to continue.
8. Open the Configurations tab and select the Server document.

9. Open the Server document, navigate to the Ports document, and select
the Internet Ports tab.
10. Complete the SSL information on this tab and select Save & Close to
enable certificate authentication.

Setting Up Multiuser Support


Multiuser support allows users to share a workstation but still retain their own
settings and desktop when logging into the server. It is only supported on
Domino clients that are loaded on Microsoft Windows operating systems.
Setting up multiuser support requires extra work for the administrator on the
Domino workstation. The Multiuser installation is only available in the
Notes installation kit. A single instance of the Notes client software is
installed on the workstation, but each user has his own data directory to
retain their distinct settings. System administrator access is required to
install the Multiuser installation.

Setting Up Workstations for


Different Clients
Historically, the most common way to access the Domino server has been to
use the Domino client. Over time, Lotus has provided multiple solutions to
access the server. The various ways to access the server include
➤ Notes clients—This option includes the Administrator and Designer
clients.
➤ IMAP clients—The most common IMAP client in use today is probably
Microsoft Outlook. Using IMAP clients requires the IMAP service and
the SMTP listener task to be active.
09 0789729180 CH07 10/21/03 2:45 PM Page 177

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
177
. . . . . .

➤ POP3 clients—Typically known as Internet mail clients, examples include


Microsoft Outlook and Netscape Messenger. The POP3 service and the
SMTP listener task need to be active.
➤ Web browsers—Internet Explorer and Netscape Communicator are sup-
ported.
➤ iNotes Web Access clients—This option is used by users whose mail file was
created using the iNotes Web Access (R6.0) template (iNotes60.ntf).
This client requires the HTTP service to be running on the server.
➤ iNotes Web Access for Microsoft Outlook—Users running Microsoft
Outlook can access the server if their mailbox was created using the
Extended Mail (R6) template (mail6ex.ntf). Domino Offline Services, or
DOLS, must be running on the server.

Setting Up/Configuring Calendaring


and Scheduling
Calendaring and scheduling is used on the server to allow users to coordinate
their schedules and plan meetings, schedule resources such as conference
rooms, and plan vacations and holidays. The Schedule Manager task (Sched)
and the Calendar Connector task (Calconn) are loaded by default when a
new server is deployed and added to the ServerTasks line in the Notes.ini file.
The Schedule Manager then creates the Free Time database and assigns it
the name BUSYTIME.NSF for nonclustered servers and CLUBUSY.NSF
for clustered servers. The database is then populated with the names of all
users who have completed a Calendar Profile.
The Calendar Profile dictates who can access the user’s free time informa-
tion and displays the time that a user may be free for a meeting invitation.

Setting Up Servers for Sharing


Resources
Domino uses the Resource Reservations database to facilitate resource
scheduling within the domain. As discussed previously, resources can be con-
ference rooms, but can also include equipment or even fleet cars. Using a
reservation system, users can select a resource and schedule it as needed
09 0789729180 CH07 10/21/03 2:45 PM Page 178

178 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

without having to involve someone in the process by simply letting Domino


manage the task. To create the Resource Reservations database, follow these
steps:
1. Launch the Domino Administrator. Open the File menu, select
Database, and then select New. Complete the following fields:
➤ Server field—Leave this set to Local.

➤ Title field—Enter a name for the database.

➤ File Name field—The File Name field populates automatically based


on the Title field. It can be changed if necessary to be a more
descriptive filename.
2. Click the check box at the bottom of the page to select advanced tem-
plates.
3. Scroll down the window to select the Resource Reservations (6) tem-
plate and click OK to create the database.

Defining the Database ACL


After the database is created, access needs to be defined to determine who
can modify the database. Follow these steps to define the database ACL:
1. Open the File menu, select Database, and then select Access Control.

2. Add the groups or users who will be allowed to create Resources and
Site Profile documents and assign the CreateResource role to their
name. Click OK to continue.

Completing the Site Profile


The Resource Reservations database uses Site Profile documents to deter-
mine the location of the resources to be shared. The Site Profile must be cre-
ated before resources can be reserved. Follow these steps to complete the
Site Profile document:
1. Select Site and click New Sites; the Site Profile is displayed.

2. Complete the Site Name fields, to indicate the physical location of the
resource.
3. Complete the Domain Name field (enter the domain name of the data-
base).
09 0789729180 CH07 10/21/03 2:45 PM Page 179

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
179
. . . . . .

If the domain name is not automatically populated, edit the current location document
being used on the desktop. Navigate to the Mail tab and enter the domain name on
the Domino Mail Domain tab. Save and close the document, close the Reservation
database, reopen it, and reopen the site document. The domain field should now be
populated properly.

4. The Resource Reservation Server and Resource Reservation File Name


fields should autocomplete with the name of the server hosting the
database and the name of the Reservation database.
5. Click Save & Close to continue.

Resource documents can now be created and reservations can be made as


needed.

Setting Up/Configuring Transaction


Logging
Transaction logging is available for Domino servers running release 5 or later
and databases using release version 5 or later On Disk Structure (ODS).
Database changes are sent to a transaction log database and then written later
to the target database. Transaction logging provides the following benefits
for system activities:
➤ Backup throughput is increased because transaction logs back up quicker
than normal databases.
➤ Disaster recovery is more complete in that data that was stored in the
transaction log can be supplemented to the full system recovery so data
is not lost. Data that is stored in the transaction log file is written to the
database when the log file is recovered from tape.
➤ Database views are stored in the log file so database views may not need
to be rebuilt.

Although transactional logging is a form of backup, it does not replace a true archiv-
ing system, such as tape or optical media. In the event of a server crash, full system
backups will be needed to recover. In addition, special backup software is required
that specifically backs up the transactional log, so make sure that it is supported by
the software vendor. Transaction logging may also cause an increase in the amount of
time required to boot the server.

Transactional logging also creates a unique database instance ID (DBIID)


for each database. When transactions are added to the log, the DBIID is
09 0789729180 CH07 10/21/03 2:45 PM Page 180

180 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

assigned so that the source database can be recorded. DBIID tags are
assigned at each of these times:
➤ The first time transaction logging occurs

➤ In some instances when the Compact task is executed

➤ When Fixup is used to correct a corrupted database

➤ When a database is moved to a server using transaction logging

Transaction logging is a powerful component of Domino. Be certain that you are


familiar with its planning and implementation when preparing for the exams.

Planning the Transaction Logging


Implementation
Transaction logging needs to be properly planned before it can be imple-
mented. Steps to consider before implementing include
➤ Make sure the server hardware is properly configured. Use a disk array
with at least RAID 1 support and a dedicated disk controller.
➤ Define a backup plan and use software that supports Domino servers
running transaction logging.
➤ Plan on using logging on all available databases, but remember that only
databases using the R5 ODS or later will be able to use transaction log-
ging.

You also must decide which version of logging to use. You can choose from
these three versions:
➤ Circular—This version of logging uses up to 4GB of disk space and then
begins writing over the oldest log information in the database. The
transaction log database should be backed up daily using this deploy-
ment version.
➤ Linear—This version of logging is similar to circular logging, but can
use more than 4GB of disk space.
➤ Archived—This version of logging creates transaction logs as needed.
Log files are not overwritten; they are archived. Ensure that the logs are
being backed up regularly or the server may run out of disk space.
09 0789729180 CH07 10/21/03 2:45 PM Page 181

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
181
. . . . . .

Setting Up Transaction Logging on the


Server
To set up transaction logging on the server, follow these steps:
1. Using the Domino Administrator, select the Configuration tab, select
the Server document, and click Edit Server Document.
2. Select the Transactional Logging tab.

3. In the Transactional Logging field, select either Enabled or Disabled.

4. In the Log Path field, enter the explicit path to the transaction log
database.
5. In the Logging Style field, select either Circular, Linear, or Archived.

6. Make a selection in the Use All Available Space On Log Device area
(the default selection is No); if you select Yes, the next option,
Maximum Log Space, is removed as a valid selection.
7. If the Maximum Log Space area remains active, enter the amount of
space in MB to be used for the transaction log database.
8. Choose to enable or disable Automatic Fixup of Corrupt Databases.

9. Choose a Runtime/Restart Performance option; valid options are


Favor Runtime, Standard, and Favor Restart Recovery Time.
10. Choose a Quota Enforcement option; valid options are Check Space
Used in File when Adding a Note, Check Filesize when Extending the
File, and Check Filesize when Adding a Note.
11. Select Save & Close to start transaction logging.

Setting Up Servers for Load


Balancing and Failover
Domino addresses the issue of load balancing and failover by utilizing clus-
ter technology. A Domino cluster is a group of servers set up so that a user can
attach to any server in the group and access data. Replicas are stored on all
servers and load balancing is set up so that the work is shared equally among
the servers so that no single server in the group is overworked. When a data-
base in the cluster is updated, all replicas are updated so that the next time a
user accesses the data, the information is updated regardless of which server
09 0789729180 CH07 10/21/03 2:45 PM Page 182

182 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

they access. Performance is usually improved and the domain can increase in
size simply by adding additional servers to the cluster. Lotus lists the bene-
fits of the Domino cluster with these points:
➤ High availability of important databases

➤ Workload balancing

➤ Scalability

➤ Data synchronization

➤ Analysis tools

➤ Ease of changing operating systems, hardware, or versions of Domino

➤ Data backup and disaster planning

➤ Easy administration

➤ Use of any hardware and operating system that Domino supports

In the event that a server crash occurs or a server’s performance is degraded


due to heavy use, users are redirected to other servers in the cluster using a
failover process. Domino uses a process called the Cluster Manager to mon-
itor the cluster and direct users to the available resource with the best per-
formance.
Lotus states the following conditions exist when failover does not occur:
➤ A server crash or network outage occurs while a user has a database
open.
➤ A user chooses File, Database, Properties or File, Database, Open on a
specific database on a distinct server in the cluster.
➤ The mail router tries to deliver mail and mail routing failover has been
disabled or the parameter MailClusterFailover in the Notes.ini file is set
to 0.
➤ The domain template server is unavailable because of a crash or network
outage and an attempt is made to create a new database.
➤ A server crash or network outage occurs while agents are being
processed.
➤ A server crash or network outage occurs while the Administration
Process (AdminP) is processing requests.
➤ An attempt is made to replicate with a server that has access denied by
the administrator.
09 0789729180 CH07 10/21/03 2:45 PM Page 183

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
183
. . . . . .

Applying Policy Documents to


Existing Users
Policy documents are used to regulate how users can access the system and
perform specific functions. Policy documents can be changed after they are
assigned and are then applied to all policy users.

All clients and servers participating in policy document deployment must be running
a minimum of version 4.67a or greater or directory replication errors will occur.

Policy documents that can be applied to users include


➤ Archiving—Defines policy settings related to users’ ability to archive
mail.
➤ Desktop—Enforces consistent client settings. If a client setting is changed
and then the workstation logs out of the server, the settings are reset the
next time the user logs into the server.
➤ Registration—Implements these policies when a new user is created dur-
ing registration.
➤ Setup—Enforces settings in the client’s location document.

➤ Security—Defines password management and ECL setup.

Types of Domino policies to consider include


➤ Explicit policies—Use this type of policy when specific groups or users in
the organization may need specific access; explicit policies define their
access. Use this policy when making changes to users already defined in
the domain.
➤ Organizational policies—Use this type of policy when specific settings are
required for users in a specific organization.

Migrating from a Distributed


Directory to a Central Directory
In the event there is a need to have a single central directory instead of a distrib-
uted directory configuration, there are several items that should be considered.
09 0789729180 CH07 10/21/03 2:45 PM Page 184

184 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

First, consider the consequences of moving to a single, central directory.


How will users be affected by now having to access a single directory on a
server? Can the server handle the load of all the users in the domain now
accessing the server at a single location? Make sure that a high-powered serv-
er with abundant memory and disk space is used to handle the load of the
migration. Second, how will it affect other servers inside and outside of the
domain? Much the same as a user, if the servers are going to a single point of
access for the directory, make sure the server can handle the added load of all
users and servers using a single directory for authentication and server tasks.
To migrate to a central directory, follow these general guidelines:
➤ If the server is being retired, follow the steps listed in this book related
to decommissioning a server covered in Chapter 14, “Managing
Servers.”
➤ If a manual migration is being done, be sure that all Connection docu-
ments and Program documents are changed to reflect the new configu-
ration.
➤ Notify all users of the planned change and carefully document the
required changes before proceeding. Ensure that a valid backup of the
directory exists and has been verified. Perform the migration during off-
hours so users are not affected by the change. After the migration is
complete, test all connections and make sure mail is routing.
09 0789729180 CH07 10/21/03 2:45 PM Page 185

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
185
. . . . . .

Exam Prep Questions


Question 1
Which server component affects how well Domino tasks, such as the indexer
and the replicator, perform?
❍ A. Memory
❍ B. Disk Array Controller
❍ C. Processor
❍ D. Redundant Bit Arrays

Answer C is correct. Specific Domino tasks, such as the indexer and replica-
tor, perform more efficiently on machines with fast processors and reduce
the performance overhead.

Question 2
Which of the following incidents are not supported by failover?
❍ A. A server crash
❍ B. A network outage
❍ C. Excessive users on the system
❍ D. A server crash that occurs while a user has a database open
❍ E. None of the above

Answer D is correct. When a server crashes or a network outage occurs while


a user has a database open, failover will not execute for the user.

Question 3
What is the database template name that is used to create the Welcome Page
database?
❍ A. Welcome.ntf
❍ B. Bookmark.ntf
❍ C. Bookmarks (6)
❍ D. Welcome Local.ntf
09 0789729180 CH07 10/21/03 2:45 PM Page 186

186 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Answer C is correct. The database template name used to create the


Welcome database is Bookmarks (6). The filename for the template is book-
mark.ntf.

Question 4
What amount of disk space can linear transaction logging utilize on the server?
❍ A. 1GB
❍ B. < 4GB
❍ C. 3GB
❍ D. > 4GB

Answer D is correct. Linear logging is similar to circular logging but can use
more than 4GB of disk space.

Question 5
How does Domino present CA keys to users in the domain?
❍ A. Via email
❍ B. Using a Web server
❍ C. SSL Transport mechanisms
❍ D. Domino Offline Services

Answer B is correct. A CA key, or Certificate Authority key, is made available


to the domain via a Domino Web server.

Question 6
What server type supports application services, messaging and Domino clus-
tering?
❍ A. Domino Hub Services
❍ B. Domino Cluster Controller
❍ C. Domino Messaging
❍ D. Domino Enterprise

Answer D is correct. Domino Enterprise Server provides support for appli-


cation services, messaging services, and Domino clustering services.
09 0789729180 CH07 10/21/03 2:45 PM Page 187

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing
. . . . . and
. . .Configuring
187
. . . . . .

Question 7
Which of the following selections does the Domino setup program create?
❑ A. Domino Directory
❑ B. Server ID
❑ C. SMTP Connection documents
❑ D. Domino log
❑ E. All of the above

Answers A, B, and D are correct. The Domino setup program creates the fol-
lowing items during setup: the Domino Directory, ID files, and the log file.

Question 8
How does Lotus provide users with digital signatures?
❍ A. Encrypted signature encoding
❍ B. Certificates
❍ C. Layered ID scripting
❍ D. Digital key multifaceted encryption

Answer B is correct. Lotus uses certificates to allow users and servers to be


identified with a unique digital signature.

Question 9
Which of the following items are considered to be a benefit of Domino clustering?
❍ A. High availability of important databases
❍ B. Workload balancing
❍ C. Scalability
❍ D. All of the above

Answer D is correct. High availability of important databases, workload bal-


ancing, and scalability are all benefits of Domino clustering.
09 0789729180 CH07 10/21/03 2:45 PM Page 188

188 Chapter 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Need to Know More?


The Lotus Developers Domain: www-10.lotus.com/ldd.

Maximizing Domino Performance White Paper: www-10.lotus.com/ldd.

Upgrading to Domino 6: Performance Benefits: www.ibm.com/redbooks.


10 0789729180 CH08 10/21/03 2:30 PM Page 189

8
Mail
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Domino Named Network (DNN)
✓ Connection document
✓ Notes Remote Procedure Calls (NRPC)
✓ MAIL.BOX
✓ Routing tables
✓ Adjacent domain
✓ Non-adjacent domain
✓ Message tracking
✓ Mail Tracking Collector (MTC)
✓ MTSTORE.NSF
✓ Mail-In Database document

Techniques you’ll need to master:


✓ Defining the role of the DNN in message transfer
✓ Scheduling mail routing between servers using Connection
documents
✓ Scheduling and restricting mail routing between adjacent and
non-adjacent domains
✓ Controlling mail file size by implementing mail quotas
✓ Configuring message tracking using the Configuration
document
✓ Enabling a database to receive mail using a Mail-In Database
document
10 0789729180 CH08 10/21/03 2:30 PM Page 190

190 Chapter 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

This chapter on mail is one of the shorter chapters in the book simply
because there aren’t many exam competencies related to mail listed for this
particular exam. We begin with an explanation of how Notes mail routes
between servers. This discussion is explored in more depth in Chapter 3,
“Mail” (for Exam 620) so refer to that chapter for a more detailed review of
mail routing concepts. We then discuss mail quotas and how to change them.
We discussed mail quotas briefly in Chapter 3, but we expand our discussion
on quotas in more detail for the purposes of this exam. This chapter finishes
with a description of how to configure mail tracking and instructions on how
to deploy mail-enabled applications.
For the purposes of the exam, you may want to consider using both this chap-
ter and Chapter 3 as study tools for preparing for both the 620 and 621
exams. There is some overlap in topics related to mail between these two
exams, and you may find it helpful to know the “complete picture” regarding
mail routing before attempting either exam.

Setting Up and Configuring Message


Distribution Using Notes-Based Mail
Configuring the Domino servers for mail routing involves understanding
how mail routes between servers based on the server’s Domino Named Network
(DNN). A DNN is a group of servers in a given Domino domain that share
a common protocol and are constantly connected. Mail routing between
servers in the same DNN happens automatically, without any configuration
by the administrator. The administrator must create Connection documents
to enable mail routing between servers that are in different DNNs. A
Connection document is a document that contains all the settings necessary to
schedule mail routing between servers in different DNNs.
By default, Domino uses Notes Remote Procedure Calls (NRPC), also called
Notes routing, to transfer mail between servers. Notes routing uses informa-
tion in the Domino Directory to determine where to send mail addressed to
a given user. Notes routing moves mail from the sender’s mail server to the
recipient’s mail server.
A user creates a mail message in the mail database. When the user sends the
message, a workstation task called the MAILER transfers the message to the
MAIL.BOX database on the user’s server (also known as the user’s mail serv-
er or home server). MAIL.BOX is the transfer point for all messages being
routed to and from a server. The Router task polls MAIL.BOX and asks two
questions about the messages waiting to be routed:
10 0789729180 CH08 10/21/03 2:30 PM Page 191

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
191
. .

➤ Where this message should be delivered—To which recipients on which


servers?
➤ How this message should be delivered—Which routes and connections
should be used?

The Router consults its routing tables to determine where the recipient’s
mail database is stored. Routing tables are built in memory on the server when
the router first starts and are refreshed every few minutes. These routing
tables are built using information in various documents in the Domino
Directory—Person documents, Connection documents, Domain docu-
ments, and so on. The location of the recipient’s mail database determines
how the message is dispatched by the router. A recipient’s mail database can
be stored in any of the following locations:
➤ On the same server as the sender’s mail database—If the sender and the
recipient share the same mail server, the message is delivered immedi-
ately and the Router task is not involved in the message transfer. The
Router task is invoked only for transfer to another server.
➤ On a different server in the same DNN—If the two servers share a DNN,
the Router immediately routes the message from the MAIL.BOX file on
the sender’s server to the MAIL.BOX file on the recipient’s server.
➤ On a server in a different DNN within the local Domino domain—When
servers are members of two different DNNs, the Domino Administrator
must create Connection documents between the two networks.
➤ On a server in an external Domino domain—In this case, the Router must
find a Connection document between domains or must route the mes-
sage using SMTP, configured to route outside of the local domain.

In most cases, if the mail message is leaving the current domain, it is routed via
SMTP. The Router is capable of routing both NRPC and SMTP mail. Message trans-
fer over SMTP routing is performed as a point-to-point exchange between two
servers. The sending SMTP server contacts the receiving SMTP server directly and
establishes a two-way transmission channel with it. The sending server looks up the
domain name of the addressee in a Domain Name Service (DNS) and transfers the
message using the destination IP address provided by the DNS via an MX record.
For this exam, SMTP is not listed in the required competencies; however, it’s useful
to understand the basics of SMTP routing to use as a comparison with Notes routing,
and so that you understand that the Router is capable of routing any type of mail mes-
sage, whether internal or external, NRPC or SMTP.

Notes Routing to External Domains


Although not explicitly listed in the exam competencies, the exam may make
mention of Notes routing to adjacent or non-adjacent domains. An adjacent
10 0789729180 CH08 10/21/03 2:30 PM Page 192

192 Chapter 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

domain is another Domino domain with which you can establish a physical
connection. Non-adjacent domains are Domino domains that are not direct-
ly connected, but have an intermediary domain, to which both domains can
connect. For example, if Domain A can connect to Domain B, and Domain
B can connect to Domain C, then A and B are adjacent, and B and C are adja-
cent, but A cannot connect to C; therefore, A and C are non-adjacent and
can connect only through Domain B. Sometimes, an administrator who
manages multiple domains will configure routing using NRPC and
Connection documents, rather than with SMTP and a DNS.
To route mail to an adjacent domain, the administrator simply creates a
Connection document, specifying the external domain’s server name and
domain name as the target server. The process of creating a Connection doc-
ument is described in detail in Chapter 3 in the “Setting Up and Configuring
Message Distribution Using Schedules” section. The process used to create
Connection documents between servers in different domains is no different
than creating Connection documents between servers in different DNNs.
The administrator can further restrict mail routing between adjacent
domains using an Adjacent Domain document. For example, if you are in
Domain B and want to prevent mail from an adjacent Domain A from tra-
versing your domain to reach another adjacent Domain C, create an
Adjacent Domain document that names C as the adjacent domain and denies
mail from A.

Adjacent Domain documents do not provide connectivity between adjacent domains,


and are not required to enable connections between adjacent domains. To define
routes between adjacent domains, create Connection documents. Watch out for
exam questions that refer to using an Adjacent Domain document to connect two dif-
ferent domains. Adjacent Domain documents are used only when the administrator
wants to restrict or deny mail from adjacent domains.

To create an Adjacent Domain document from the Domino Administrator,


click the Configuration tab, expand the Messaging section, choose Domains,
and then click Add Domain. Then complete the fields on both the Basics and
Restrictions tabs.
Figures 8.1 and 8.2 show an Adjacent Domain document created in Domain
B’s Directory, denying mail addressed from Domain A from going to
Domain C, as in the scenario described previously.
10 0789729180 CH08 10/21/03 2:30 PM Page 193

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
193
. .

Figure 8.1 The Basics tab of the Domain document, showing “Adjacent Domain” as the Domain type
and Domain C as the adjacent domain.

Figure 8.2 The Restrictions tab of the same Adjacent Domain document, showing that mail is being
denied from Domain A.
10 0789729180 CH08 10/21/03 2:30 PM Page 194

194 Chapter 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrators can enable message transfer between non-adjacent domains


using a Non-adjacent Domain document. A Non-adjacent Domain docu-
ment serves three functions:
➤ Specifies a routing path to the non-adjacent domain by supplying next-
hop domain information
➤ Restricts mail from other domains from routing to the non-adjacent
domain
➤ Defines the Calendar server used to enable free time lookups between
two non-adjacent domains

If an administrator for Domain A wanted to route mail to non-adjacent


Domain C using adjacent Domain B as the relay, he would create a Non-
adjacent Domain document in the Directory. To create a Non-adjacent
Domain document from the Domino Administrator, click the Configuration
tab, expand the Messaging section, choose Domains, and then click Add
Domain. Specify “Non-adjacent Domain” as the domain type, and complete
the fields on the Basics tab. Figure 8.3 shows the Non-adjacent Domain doc-
ument for the preceding scenario, routing from A to C through B.

Figure 8.3 The Basics tab of the Domain document, showing “Non-adjacent Domain” as the Domain
type, and specifying the route to Domain C through Domain B.
10 0789729180 CH08 10/21/03 2:30 PM Page 195

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
195
. .

Implementing and Changing Mail


Quotas
You can set two types of size limits on a user’s mail file: a warning threshold
and an absolute quota size. Set a warning threshold to provide users with
advance notice when their mail files approach the designated mail file quota,
so they can reduce the size of their mail files before message flow is inter-
rupted. Set a quota if you intend to establish a policy of interrupting users’
mail usage if their mail files exceed a specified size.
Administrators can configure the Router to respond in several ways when a
mail file exceeds its quota, each representing a higher level of enforcement.
The least restrictive response is to have the Router issue automatic notifica-
tions to users when their mail files exceed the quota. Quota controls enable
the Router to selectively hold or reject mail if the destination mail file has
exceeded its quota. When the Router has new mail to deliver to a user whose
mail file is already full, it checks the Configuration Settings document to
determine the appropriate action. By default the Router continues to deliver
mail, even after a mail file exceeds its quota. To change the default behavior,
you must configure the Router to refuse or hold mail. If users fail to respond
to notifications, you can hold pending messages in MAIL.BOX or return
messages to the senders as undeliverable until the users reduce the size of
their mail files.

For the purposes of the exam, it’s important to remember the interface steps for set-
ting quotas on mail databases, and how the router enforces those quotas. It’s also
interesting to note that quotas were never enforced on mail databases prior to
Domino R5, so it’s possible that the exam questions may try to make you think that
the Router doesn’t obey mail quotas, which is false. To prepare for this topic, walk
through the methods for setting quotas using the Domino Administrator client, and
then examine the settings related to Router management of quotas in the
Configuration Settings document for each mail server. The steps for performing all
of these operations are listed in this chapter.

Administrators can set quotas and warning thresholds in one of two ways:
➤ During registration—Quotas specified during registration apply only to
new users’ mail files, not to existing users’ mail files. Figure 8.4 shows
the Mail tab of the User Registration dialog box.
10 0789729180 CH08 10/21/03 2:30 PM Page 196

196 Chapter 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 8.4 The User Registration dialog box, Mail tab, showing how the administrator can set a
quota and/or warning threshold during registration.

➤ Using the Quotas tool in the Domino Administrator client—The administra-


tor can use this method to either set an initial quota or to change an
existing quota on a mail database.

To set a size quota on a mail database, perform the following steps from with-
in the Domino Administrator:
1. Click the Files tab.

2. Select the mail databases for which you want to set quotas.

3. In the Tools pane on the right, select Database, Quotas.

4. Below “Database Size Quotas,” click “Set Database Quota to x MB”


and specify a maximum size in megabytes the selected databases can
attain.
5. Optionally, below “Quota Warning Thresholds,” click “Set Warning
Threshold to x MB” and specify a size in megabytes at which a mes-
sage appears in the log file (LOG.NSF).
6. Click OK. When processing is complete, a dialog box indicates how
many databases were affected and if any errors occurred.

To configure how the Router responds to a mail quota, edit the


Configuration document for the Domino server that stores the mail data-
base, and perform the following steps:
10 0789729180 CH08 10/21/03 2:30 PM Page 197

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
197
. .

1. Click the Router/SMTP, Restrictions and Controls, Delivery Controls


tab.
2. In the Quota Controls section, complete these fields:

➤ Over Warning Threshold Notifications—Specifies how often the


Router delivers notifications to users who exceed their warning
threshold
➤ Warning Interval—Specifies how long the Router waits to send the
next over warning threshold notification
➤ Over Quota Notification—Specifies how often the Router delivers
notifications to users who exceed their quota
➤ Over Quota Enforcement—Specifies the action the Router takes when
receiving new mail for a user whose mail file is larger than the speci-
fied quota
3. If the administrator selects the Hold Mail and Retry option in the
Over Quota Enforcement field, there are additional fields to complete:
➤ Attempt Delivery of Each Message—Specifies whether the Router
delivers messages small enough to fit the available space in a desti-
nation mail file.
➤ Maximum Number of Messages to Hold Per User—Specifies the maxi-
mum number of messages that the Router will hold in MAIL.BOX
for a given mail file. After the number of pending messages reaches
the specified number, the Router returns a delivery failure report to
the sender of each additional message in first-in, first-out order.
➤ Maximum Message Size to Hold—Specifies the maximum size, in KB,
of messages that the Router can hold in MAIL.BOX for over quota
users. If a message larger than the specified size is received for the
user, the Router returns a delivery failure report to the sender.

A user attempting to access a mail database that has exceeded its quota receives the
following message: “Cannot allocate database object—database would exceed its disk
quota.”

Configuring Message Tracking


Message tracking allows the administrator to track specific mail messages to
determine if the intended recipients received them.
10 0789729180 CH08 10/21/03 2:30 PM Page 198

198 Chapter 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The administrator enables message tracking in the Configuration document


for the server. After the administrator configures the server for message
tracking and restarts the server, the Mail Tracking Collector (MT Collector or
MTC task) starts up automatically. The MT Collector automatically creates
the Domino MailTracker Store database (MTSTORE.NSF) in the MTDATA
subdirectory of the Domino data directory. The MTC task collects messag-
ing information from raw data accumulated in special mail tracker log files
(MTC files) produced by the Router. This message summary data includes
information about the originators, recipients, arrival times, and delivery sta-
tus of the messages processed by the server. At scheduled intervals, the MT
Collector writes this information to the Domino MailTracker Store data-
base. Administrators use the information stored in the Domino MailTracker
Store database to complete mail tracking requests and to generate mail usage
reports.

The administrator should not edit the MailTracker Store database directly. This data-
base is designed to act as a data repository. The data in this database is queried by
the Mail Tracking interface in Domino Administrator when a tracking request is
issued. If the administrator edits the information in MTSTORE.NSF directly, they risk
“breaking” the functionality of the Tracking request option.

To configure a server for message tracking, perform the following steps:


1. Edit the Configuration document for the mail server or servers for
which you want to configure message tracking; then click the
Router/SMTP, Message Tracking tab.
2. Complete the following fields, save and close the document, and then
restart the server:
➤ Message Tracking—Choose enabled to start the MTC task, which
starts logging mail information to MTSTORE.NSF.
➤ Don’t Track Messages for—Enter the names of users and/or groups
whose messages will not be logged and, therefore, cannot be
tracked. The default (blank) means that administrators can track
messages for all users and groups on all servers that are enabled for
mail tracking.

On servers running the ISpy task to test mail connectivity, this task sends trace
messages at 5-minute intervals. To prevent the Domino MailTracker Store database
from filling up with entries for these trace messages, enter the name of the ISpy
Mail-In Database on the server in this field, for example, ISpy on ServerA.
10 0789729180 CH08 10/21/03 2:30 PM Page 199

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
199
. .

➤ Log Message Subjects—Choose Yes to have the MTC task log mes-
sage subjects; choose No to have subjects ignored by the MTC task.
➤ Don’t Log Subjects for—Enter the names of users and/or groups
whose message subjects will not be logged and, therefore, cannot be
tracked.
➤ Message Tracking Collection Interval—Enter a number that represents
how often, in minutes, you want to log message tracking activity in
the MailTracker Store database. The default is 15 minutes.
➤ Allowed to Track Messages—Enter the names of servers and/or users
allowed to track messages on this server.

If you leave this field blank (default), only members of the LocalDomainServers
group are authorized to track messages on this server. If you add any entries to this
field, you must list all servers and/or users that are allowed to track messages on this
server. Watch for the exam to test your knowledge of whether “blank allows all,” or
“blank allows no one”—these fields appear in both the Configuration document and
the Server document. In the case of message tracking, the default of blank actually
prevents administrators from using this feature, so most administrators enter the
LocalDomainAdmins group at a minimum.

➤ Allowed to Track Subjects—Enter the names of servers and/or users


allowed to track messages by subject on this server. Again, in this
case, blank means no one is allowed to track messages by subject.

To issue a tracking request, the administrator uses the Mail, Tracking Center
tab in the Domino Administrator and clicks the New Tracking Request button.

Deploying Applications Based on


Routing Fundamentals
The administrator may be required to provide administrative support for
databases that must receive mail. For example, a developer could create an
Expenses database into which employees must mail a copy of expense
reports. For a database to receive mail, it must have an identity in the
Domino Directory in order to be known to the Router. The administrator
must create a Mail-In Database document in the Domino Directory so that the
Router can deliver mail to the target database.
Let’s assume that the administrator must enable the Expenses database just
mentioned to receive mail. The name of the database is EXPENSE.NSF,
10 0789729180 CH08 10/21/03 2:30 PM Page 200

200 Chapter 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

and it is being stored on ServerA/Acme in the Acme domain. The adminis-


trator would complete the following steps to create a Mail-In Database doc-
ument in the Directory. The administrator must have at least Author access
with the Create Documents privilege in the Access Control List for the
Directory.
1. From the People & Groups tab of the Domino Administrator, choose
Create, Server, Mail-In Database.
2. On the Basics tab, shown in Figure 8.5, complete the Mail-In Name
field—the entry for this database in the Domino Directory. Users and
applications use this name to send documents to the database; for
example, ExpenseDB.
3. Choose a preference for Internet Message Storage; No Preference is
the default setting, but you can choose Prefers MIME or Prefers Notes
Rich Text.
4. In the Internet Address field, add an SMTP address (in the format
mailfile@organization.domain)
if you want Internet users to be able to
send messages to the database; for example, expenses@acme.com.
5. In the Domain field, type the name of the Domino domain of the serv-
er in which the database resides; for example, Acme.
6. Complete the Server field by typing the fully distinguished hierarchical
name of the server in which the database resides; for example,
ServerA/Acme.

7. In the File Name field, type the path and filename of the database rela-
tive to the Domino Directory; for example, if the database named
EXPENSE.NSF is in the MAIL directory of the DATA directory,
enter MAIL\EXPENSE.NSF.
8. In the Encrypt Incoming Mail field, type Yes or No. Mail sent to the
mail-in database is encrypted with the Notes certified public key
entered in the “Notes Certified Public Key” field on the
Administration tab.
9. Open the Administration tab.

10. In the Owners field, list the fully distinguished hierarchical name of
users allowed to modify this document.
11. In the Administrators field, list users or groups who can edit this docu-
ment.
12. Choose an option in the Foreign Directory Sync Allowed area. Yes
allows entry to be exchanged with foreign directories; for example, a
10 0789729180 CH08 10/21/03 2:30 PM Page 201

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
201
. .

cc:Mail directory, so that users on the other system can look up the
Mail-In Database in the cc:Mail post office directory and send mail to it.
13. In the Notes Certified Public Key field, enter the certified public key
to use when encrypting mail sent to this database. To copy a certified
public key from the Domino Directory to this field, click Get
Certificates and choose a name.

Figure 8.5 The Basics tab of the Mail-In Database document for the Expenses database.

The administrator must give the name of the database to users and develop-
ers so they can enter it in the SendTo field of messages destined for the data-
base.

To test to see whether the Mail-In Database document is working, the administra-
tor should attempt to send a mail message to the database from his own mail data-
base. Address the memo to the name assigned to the database, in this case
ExpenseDB.

Exam questions will test your knowledge of where and how to create a Mail-In
Database document. Prepare for the exam by creating a Mail-In Database document
for a database on a server, and then send a mail message to that database to ensure
that it arrived. Ask a developer to assist you in building a view using the Domino
Designer client in order to show your mailed-in document because the document
may not show in any of the existing views in the database. You will need to enlist a
developer’s help in order to write the correct view column and view selection formu-
las for the view.
10 0789729180 CH08 10/21/03 2:30 PM Page 202

202 Chapter 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Exam Prep Questions


Question 1
Bob needs to ensure that all mail is routed between servers in the same Domino
Named Network. How many Connection documents are required?
❍ A. 0
❍ B. 1
❍ C. 2
❍ D. One for every pair of servers in the domain

Answer A is correct. Mail is routed immediately by the router to servers in


the same Domino Named Network. The messages are immediately routed
from the MAIL.BOX file on the sender’s server to the MAIL.BOX file on the
recipient’s server. Because servers in a DNN share a common protocol and
are always connected, you do not need to create Connection documents for
mail routing.

Question 2
When is mail routed between servers that are in the same Domino Named
Network?
❍ A. Immediately
❍ B. Every 5 minutes
❍ C. According to the schedule in the Connection documents
❍ D. When there are five messages pending

Answer A is correct. The router immediately routes mail to servers in the same
Notes named network. The messages are immediately routed from the
MAIL.BOX file on the sender’s server to the MAIL.BOX file on the recipient’s
server. Because servers in a Notes named network share a common protocol
and are always connected, you do not need to create Connection documents
for mail routing.
10 0789729180 CH08 10/21/03 2:31 PM Page 203

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
203
. .

Question 3
Sean needs to ensure that all mail is routed between ServerA and ServerB. The
two servers are not in the same Domino Named Network. What should Sean do
to schedule mail routing between the two servers?
❍ A. Create Connection documents in the Domino Directory.
❍ B. Create Connection documents in the names.nsf on his workstation.
❍ C. Create an Adjacent Domain document in the Domino Directory.
❍ D. Do nothing—the two servers will route mail automatically.

Answer A is correct. When two servers are not in the same Domino Named
Network, mail routing must be configured using at least one Connection
document in the Domino Directory. Adjacent Domain documents are used
to restrict routing between domains, not for scheduling routing.

Question 4
Bonnie is reviewing the NOTES.INI file on her server and notices the entry “MTC”
in the “ServerTasks=” line. Which of the following best describes what MTC is?
❍ A. The MTC task reads log files and writes information to MTSTORE.NSF.
❍ B. This task was used in Domino R5 and is no longer used in R6.
❍ C. The MTC task routes mail from one non-adjacent domain to another.
❍ D. The MTC task is engaged when an administrator sends a mail trace
message to another server.

Answer A is correct. The Mail Tracking Collector (MTC) task reads special
mail tracker log files (MTC files) produced by the Router and copies certain
messaging information from them to the MailTracker Store database
(MTSTORE.NSF). The MailTracker Store database is created automatical-
ly when you enable mail tracking on the server. When an administrator or
user searches for a particular message, either a message tracking request or a
mail report, Domino searches the MailTracker Store database to find the
information.
10 0789729180 CH08 10/21/03 2:31 PM Page 204

204 Chapter 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Question 5
Joe has been asked to configure the server so that mail can be delivered to the
bug tracking database, called BUGS.NSF. What must he do to enable users to
mail bug tracking reports to the database?
❍ A. He must install and configure Lotus Workflow 3.0 on the Domino server.
❍ B. He must enable the Domino Enterprise Connection Services (DECS) on
the server.
❍ C. He doesn’t need to do anything. The BUGS database is automatically
capable of receiving mail.
❍ D. He must create a Mail-In Database document in the Directory listing
BUGS.NSF as the mail-in database.

Answer D is correct. The Mail-In Database document defines the properties


and location of a database that can receive mail. Whenever you define a data-
base as being able to receive mail, you must create a corresponding Mail-In
Database document.

Question 6
How often does the MTC task log information to MTSTORE by default?
❍ A. Every 5 minutes
❍ B. Every 15 minutes
❍ C. Once per hour
❍ D. Continuously

Answer B is correct. The Mail Tracking Collector task (MTC) reads special
mail tracker log files (MTC files) produced by the Router and copies certain
messaging information from them to the MailTracker Store database
(MTSTORE.NSF). When you enable message tracking in the Configuration
document, the default collection interval is 15 minutes.
10 0789729180 CH08 10/21/03 2:31 PM Page 205

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Mail
205
. .

Need to Know More?


Tulisalo, Tommi et al. Upgrading to Lotus Notes and Domino 6. IBM
Redbooks, 2002. Also available on the Web at www.redbooks.ibm.com/.
For references to mail, consult Chapter 9 within this redbook, “New
Messaging Administration Options.”
Gunther, Jeff and Randall Tamura. Special Edition Using Lotus Notes
and Domino 6. Indianapolis, IN: Que Publishing, 2003.
Lotus Domino 6 Technical Overview: www-10.lotus.com/ldd/
today.nsf/3c8c02bbcf9e0d2a85256658007ab2f6/089a22f9f8a573af85256a1b
00782950?OpenDocument. For references to mail, consult the section on
“Messaging.”
Webcast: Lotus Live! Series: What’s New in Notes/
Domino 6 Administration: http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci857398,00.html.

Webcast: Preparation & Test Taking Strategies with Lotus


Education Managers: http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci876208,00.html.
10 0789729180 CH08 10/21/03 2:31 PM Page 206
11 0789729180 CH09 10/21/03 2:45 PM Page 207

9
Monitoring Server Performance
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Archiving ✓ Update
✓ Explicit policies ✓ Updall
✓ Organizational policies ✓ Fixup
✓ Style sheets ✓ Compact
✓ JavaScript Libraries ✓ In-place compacting
✓ NON-NSF Libraries ✓ Copy style compacting
✓ Adjacent Domain document ✓ jconsole
✓ Non-Adjacent Domain document ✓ Distributed directories
✓ Foreign Domain document ✓ Centralized directories
✓ Foreign SMTP Domain document ✓ Hybrid directories
✓ Global Domain document

Techniques you’ll need to master:


✓ Adding/moving/upgrading/deleting databases ✓ Managing users
✓ Applying policy documents to existing users ✓ Monitoring server tasks
✓ Backing up/verifying and restoring databases ✓ Monitoring/maintaining domains
✓ Creating archiving policies ✓ Monitoring/maintaining mail routing
✓ Deploying applications based on coding ✓ Monitoring/maintaining/repairing databases
✓ Deploying applications based on design ✓ Monitoring/modifying application access
elements control
✓ Deploying applications based on design ✓ Setting up authentication
elements: shared versus nonshared ✓ Setting up/configuring/monitoring monitors
✓ Deploying applications based on how ✓ Troubleshooting Administration Process
attachments are handled problems
✓ Deploying applications based on replication ✓ Troubleshooting clustering problems
fundamentals ✓ Troubleshooting network/protocol problems
✓ Deploying based on the NSF structure: NSF ✓ Troubleshooting partitioning problems
components ✓ Troubleshooting port (modem) problems
✓ Deploying server-based applications: HTML ✓ Troubleshooting user problems
✓ Distributing application design changes ✓ Using a Java-based Domino Console
based on design ✓ Using distributed and centralized directories
✓ Enabling/disabling compression ✓ Using the remote console
✓ Maintaining Domino server IDs ✓ Managing user passwords
✓ Maintaining Domino user IDs ✓ Monitoring/maintaining domain access
11 0789729180 CH09 10/21/03 2:45 PM Page 208

208 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

To ensure that the Domino domain is running at peak efficiency, a Domino


administrator must understand the requirements for monitoring a server and
the steps that can be taken to optimize performance. This chapter discusses
how to check and make sure the server is running correctly and also instructs
the reader in correcting issues that may cause a server to experience per-
formance issues.

Adding/Moving/Upgrading/Deleting
Databases
This section covers the steps required to perform specific database tasks.
Database maintenance is more than just running system utilities such as
Fixup or Updall. It also includes adding databases, upgrading their design,
moving them in the domain, and deleting them. This section covers these
tasks. To add a new database to the server, complete the following tasks:
1. Launch the Domino Administrator. Open the File menu, select
Database, and then select New.
2. In the Server field, indicate the destination server; keep the default set-
ting of Local, or change it to the required destination server. Make
sure that access is set up on the destination server that allows the cre-
ation of new databases from the source server.
3. In the Title field, enter a name for the database.

4. The File Name field populates automatically based on the Title field.
It can be changed if necessary to be a more descriptive filename.
5. Click the check box at the bottom of the page to select advanced tem-
plates.
6. Scroll down the window and select the database template to be used
for the database.
7. Click OK to create the new database.

An existing database can also be added to other servers in the domain by forc-
ing new replicas to the servers. Access rights must be set equal to Create
Database access in the Server document of the target server and Reader access
in the database of the source server. Databases can also be replicated between
servers by using the Administrator and dragging them. Select the database to
be copied from the Files tab and drag it to the destination server in the left
pane. The Administration Process then copies the server to the new location.
11 0789729180 CH09 10/21/03 2:45 PM Page 209

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
209
. . . . . . .

Occasionally, it’s necessary to move a database to another server. Follow


these steps to move the database:
1. Launch the Domino Administrator and open the File tab.

2. Select the databases to be moved in the main view window.

3. Expand the Tools pane on the right. Select Database and then click
Move.
4. The Move Database dialog box appears. Select the Destination data-
base and server. Fill in the destination file path.
5. Two check boxes are available, Copy Access Control List and Create
Full Text Index for Searching. Select either check box if desired and
click OK to move the databases.

Although it is not necessary to upgrade a Lotus database to R6 format, there


are distinct advantages to doing so. Lotus has added a more efficient com-
pression format, LZ1, along with other features that an administrator should
consider in moving to R6. To upgrade a database, issue the Compact com-
mand and the system upgrades the ODS to version 6. If the database needs
to remain in a pre-R6 ODS format, there are three options available:
➤ Issue the Compact command with a -R option to retain the current ODS
structure.
➤ Make a copy of the database and rename the file extension to NS4 to
prohibit upgrading.
➤ Do not run the compact task on the database at all.

To delete a database:
1. Launch the Domino Administrator and select the File tab. Select the
database to be deleted and select Delete from the Tools pane.
2. The Confirm Database Delete dialog box appears. A check box is avail-
able to delete all replicas on all servers. Check the box and click OK to
delete the database.

Policy documents are used to regulate how users can access the system and perform
specific functions. Policy documents can be changed after they are assigned and will
then be applied to all policy users. For a complete description of the policy documents
that can be applied to users and the types of Domino policies, see the “Applying Policy
Documents to Existing Users,” section in Chapter 7, “Installing and Configuring.”
11 0789729180 CH09 10/21/03 2:45 PM Page 210

210 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Backing Up/Verifying and Restoring


Databases
Although it is true that a replica of a database is, in effect, a backup copy of
the database, in the event that corruption of a database is replicated, be sure
that a backup exists on some type of archival media, such as digital tape or
another form of reliable media. Be certain that the backup software has the
ability to back up open files and has been certified to back up Domino data-
bases. Be certain that the Domino C API Toolkit is supported and that all
media is verified after the backup.

Creating Archiving Policies


New to Domino 6 is central mail file archiving. Archiving is beneficial for
administrators and users in that it frees up database space by storing docu-
ments in an archive database. Physical database size is smaller and perform-
ance increases because the database is smaller and easier to search. The
database structure is the same as the user’s database, so the views and folders
are the same.
The three components of mail archiving are
➤ Document selection—Selects the documents to be archived based on how
often they are accessed and whether the folder they are stored in is
being accessed
➤ Copying—Chooses documents to be copied from the original database to
the archive database
➤ Mail file clean up—Reduces the size of the original database by deleting
documents after they are moved to the archival database

Two types of archiving are available:


➤ Client-based—This type of archiving allows the user to archive the mail
either on the server, an archival server, or on their local workstation.
➤ Server-based—This type of archiving allows the server to store the archive
file, or allows storing of the archive file on a designated archival server.

Setting up mail archiving requires defining a policy in the Domino Directory. Editor
access with either the PolicyCreator role or PolicyModifier role defined for the admin-
istrator is required.
11 0789729180 CH09 10/21/03 2:45 PM Page 211

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
211
. . . . . . .

To set up mail archiving, follow these steps:


1. Launch the Administrator client, select the People & Groups tab, and
navigate to the Settings view.
2. Click the Add Settings view and select Archive from the drop-down
menu.
3. In the Basics tab, complete the Name and Description fields.

4. Optionally, select Prohibit Archiving to prohibit archiving. Prohibit


Private Archiving Criteria is another setting, which you can use to
prohibit users from creating private archives.
5. Choose an Archiving Will Be Performed On option; select either
User’s Local Workstation or Server.
6. Choose an Archiving Source Database Is On option; select either
Local, Specific Server, or Mail Server Where the File Is Located. If
you choose Specific Server, a new dialog box appears at the bottom of
the page allowing the administrator to choose the source server from a
drop-down menu.
7. Choose a Destination Database Is On option; select either Local,
Specific Server, or Mail Server Where the File Is Located. If Specific
Server is selected, a new dialog box appears at the bottom of the page
allowing the administrator to choose the source server from a drop-
down menu.
8. Navigate to the Selection Criteria tab and select either New Criteria,
Add Criteria, or Remove Criteria and complete the information for
each tab.
9. Navigate to the Logging tab and select Log All Archiving into a Log
Database.
10. At the bottom of the page is an Include Document Links to Archived
Documents check box. Checking this field allows users to open
archived documents from the log database. Leaving it deselected causes
users to open the archive database itself to view archived documents.
11. If you decided to use client-based archiving, navigate to the Schedule
tab and complete the options to schedule the times that archiving will
occur. In the Location section, specify Any Location or Specific
Location to determine where the archiving source should be located.
12. Navigate to the Advanced tab. There is one option on this page: Don’t
Delete Documents That Have Responses. Selecting this check box
11 0789729180 CH09 10/21/03 2:45 PM Page 212

212 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

does not delete documents that contain responses; leaving it deselected


deletes documents containing responses.
13. After completing all desired selections, click Save & Close to save the
document.

Deploying Applications Based on


Coding
Typically, the roles of administrator and developer are supported by separate
employees in the organization. Administrators should create a process that
developers can follow that allows applications to be created and deployed as
efficiently as possible.
Developers who are upgrading applications should take the proper steps to
make sure that users don’t experience downtime while the upgrade occurs.
When deploying new code in applications
➤ Be certain that any changes being made are communicated to the
administrator and scheduled using a change control process.
➤ Test all changes in a development environment and pilot the changes
with a group of users before moving it to the production environment.
➤ Communicate with the users of the application upgrade and create a for-
mal plan for dealing with issues that occur.

Deploying Applications Based on


Design Elements
Application design is the cornerstone of Domino and proper planning is
required to ensure that the application meets the user’s requirements and
performs optimally within the domain. Consider the following items when
planning the deployment of a new application:
➤ Gather a set of requirements from the users and then review the
requirements to make sure that there is a common understanding of
what is expected and the delivery date. Create a baseline for the users
based on how they expect the application to perform and define a main-
tenance window for future application upgrades and enhancements.
11 0789729180 CH09 10/21/03 2:45 PM Page 213

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
213
. . . . . . .

➤ Determine how the users will access the application. Plan the applica-
tion design to perform optimally based on whether users will be using a
Notes client or a Web browser.
➤ If the application is going to be used by dial-up users who may have a
bandwidth limitation, be sure to consider this during the design phase.
➤ International use of an application can cause an added layer of complexi-
ty. In the event that global users will be using the application, be certain
that the design is easy to understand and that the verbiage used in the
application is written either in easy-to-understand English or is translat-
ed to the country in which the users reside.
➤ Don’t add unneeded layers of design to the application. Keep unneces-
sary designs out of the application and use lean coding.

When making design changes to applications, be prepared to test the changes


before rolling them out to the production environment. Consider these
points when rolling out design element changes to Domino applications:
➤ If the application is going to be Web-based, be certain that the test plan
includes using the possible browser configurations that may be used to
access the system. Test the application using Netscape and Internet
Explorer as these are the most commonly used browsers. The require-
ments for previewing design work using a browser include
➤ Windows 95, 98, 2000, XP , or NT workstation.

➤ A database ACL must be set to at least Reader to allow a developer


to preview pages, framesets, documents, navigators, and views. To
view forms, an ACL needs to be set up with Author access.
Typically, Default or Anonymous user types are used for this testing
process.
➤ The server must be running the HTTP task where the database is
running.
➤ The design elements being changed must not be marked with hid-
den attributes to keep them from being viewed by the browsers.
➤ Verify that the design element changes and how they affect client ver-
sions are clearly communicated to users. If the changes require a specific
version of the client, be sure that all users are notified.
➤ Use the Design preview option in the Designer client or test the code in
the Web browsers before moving the changes to the production server.
11 0789729180 CH09 10/21/03 2:45 PM Page 214

214 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Deploying Applications Based on


Design Elements: Shared Versus
Nonshared
Designers might not be working in the same location or might be required to
work on the same database with other developers. To share design elements
with other designers, Lotus has implemented the following data components:
➤ Style sheets—Used to allow the designer to control the look and feel of
various design features
➤ JavaScript libraries—Used to store and share common JavaScript pro-
grams and codes
➤ Non-NSF libraries—Used to share Non-NSF libraries across databases to
allow the designer to have increased flexibility in the design of the appli-
cation

There are occasions when designers will want to have absolute control over
an application while it is being created or updated. To accomplish this task,
they can lock out all other designers by changing the ACLs on a database, or
they can lock design elements so that they cannot be changed. To provide the
ability to lock design elements, follow these steps:
1. Open the database and select File, Database, and then Properties.

2. Navigate to the Design tab and select Allow Design Locking and click
the X to close the Properties window and save the change.

At this point, a designer can now highlight a design element in the database
and lock the element when necessary.

Deploying Applications Based on


How Attachments Are Handled
Users might need to access a database to download or launch an attachment.
To create an attachment in a database, follow these steps:
1. Open the database in the Domino Designer client.

2. Open the page, form, or subform where the attachment should be


located.
11 0789729180 CH09 10/21/03 2:45 PM Page 215

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
215
. . . . . . .

3. Select the location in the form where the attachment should reside and
place the cursor in that location.
4. Select File from the menu and choose Attachment. A file navigation
menu appears. Select the attachment and click OK. Press Escape to exit
and save the new form with the attachment inserted.

Deploying Applications Based on


Replication Fundamentals
Database design changes can be made by each database in the domain by
applying a completely new template to the database or by replicating changes
made by the designer. The most efficient way to perform the upgrades is by
making the changes in one database and letting them replicate throughout
the domain so that there are no errors made by the designer manually mak-
ing the changes in each replica. Keep in mind that based on the amount of
design changes being made, the replication could take a lot of time, so sched-
ule the changes to be made at a time when the server is not experiencing a
peak amount of traffic. Items to consider when replicating a design change
include
➤ Create the initial designs on a test database in a development environ-
ment so that users are not affected. Be sure that a pilot group of users
is selected to test the design changes before the database moves to pro-
duction.
➤ Use a master template in the design process and then apply the template
to the database.
➤ Be certain that backups are being completed and verified in the event
that databases need to be restored due to a design error.

Deploying Based on the NSF


Structure: NSF Components
Although Lotus does supply templates that can be used to create databases,
there are times when a special application will need to be created and the pro-
vided templates will not be able to address the requirements needed for the
application. In the event that this situation occurs, follow these steps to use a
blank template to design the application:
11 0789729180 CH09 10/21/03 2:45 PM Page 216

216 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1. Launch the Domino Designer client and select File, Database, New.
The New Database dialog box appears.
2. Leave the Server field set to Local, or change it to the required desti-
nation server. Be sure that access is set up on the destination server
that allows the creation of new databases from the source server.
3. In the Title field, enter a name for the database.

4. The File Name field populates automatically based on the Title field.
It can be changed if necessary to be a more descriptive filename.
5. Click the check box at the bottom of the page to select advanced tem-
plates.
6. Scroll down the window and select Blank for the template to be used
for the database.
7. Click OK to create the new database.

Deploying Server-Based
Applications: HTML
The Domino design process provides multiple ways to include HTML data
in an application. To include existing HTML code in the application, com-
plete the following steps:
1. Convert Domino data to HTML and then use an HTML editor to
modify the code.
2. Use existing Web data by importing it directly into the application.

3. Paste existing Web data directly into a Domino page, form, or sub-
form.
4. Code HTML directly into the application.

Distributing Application Design


Changes Based on Design
Lotus provides the Replace Design option to distribute design changes to
databases that use a template for design inheritance. Designer access in the
11 0789729180 CH09 10/21/03 2:45 PM Page 217

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
217
. . . . . . .

ACL of the database is required to replace the database’s design. The fol-
lowing components are not replaced by default using the Replace Design
option:
➤ Database icon

➤ Database title and category

➤ Database ACL and encrypt database settings

➤ Using Database and About Database documents

➤ Design elements protected from updates

➤ Design elements that inherit from a template

➤ List as Advanced Template in “New Database Dialog” option

➤ Options on the Advanced tab of the File, Database Properties box except
Document Table Bitmap Optimization and Don’t Support Specialized
Response Hierarchy

The following components are replaced by default using the Replace Design
option:
➤ Forms, fields, form actions, and event scripts

➤ Pages

➤ Views, folders, and view actions

➤ Agents

➤ Navigators

➤ Framesets

➤ Shared fields

➤ Database Properties selections, except the Advanced Template option

➤ All options on the Design tab of the File, Database Properties box,
except List as Advanced Template in ‘New Database’ Dialog
➤ Options Document Table Bitmap Optimization and Don’t Support
Specialized Response Hierarchy on the Advanced tab of the File,
Database Properties box

To replace the design of a database, follow these steps:


1. Select the database using either the Designer client or by choosing
File, Database, Replace Design.
11 0789729180 CH09 10/21/03 2:45 PM Page 218

218 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2. The Replace Database Design dialog box appears. Select the template
to be used to redesign the database and click Replace to continue.
3. A Caution dialog box reminds the designer that the database views,
forms, agents, fields, and roles will be changed based on the template
being used. Select Yes and the database’s design will be replaced.

Enabling/Disabling Compression
To allow a minimal amount of bandwidth to be used between workstations or
servers, Lotus has created the ability for network ports to compress the data
being exchanged. Compression must be enabled at both ends of the data path
or it doesn’t work. If a user wants to use port compression, then it must be
enabled on the client as well as on the server. Compression only increases the
speed at which the data is transmitted if the data is not already compressed.
Precompressed data does not see a performance increase. Data compression
also causes an increase in server load on the memory and the processor, so
evaluate whether the extra overhead on the server is worth enabling the
process.
To enable compression, complete these steps:
1. Open the Domino Administrator, select the Configuration tab, and
choose the Server document for the server requiring network compres-
sion.
2. Open the Tools pane and select Server, Setup Ports. The Port Setup
dialog box appears.
3. Select the Port to be compressed, click the Compress Network Data
check box, and then click OK. A dialog box appears stating “You must
restart port(s) or the server for changes to take effect.” Click OK to
continue.
4. Select the Server tab and then select the Status tab. Select the port that
has compression enabled and click Restart on the Tools pane. A Restart
Port verification dialog box appears. Click OK to continue. The server
port will now restart and compression will be enabled.

Maintaining Domino Server IDs


Periodically, certificates associated with a server ID will expire. When
this occurs, the ID needs to be recertified. To recertify a server ID, the
11 0789729180 CH09 10/21/03 2:45 PM Page 219

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
219
. . . . . . .

administrator must have either Author access to the Domino Directory and
the ServerModifier role assigned or Editor access to the directory. In addi-
tion, the administrator must have Author access or greater to the
Certification log. Follow these steps to recertify a server ID:
1. Using the Administrator client, select the Configuration tab and then
select the Server document for the server to be recertified.
2. Open the Certification tab under the Tools pane and select Certify to
open the Certify dialog box.
3. Click the Server button to select the registration server and click OK.

4. Choose one of these two options:

➤ Supply Certifier ID and Password—A file navigation box appears when


this option is selected. Navigate to the required certifier ID and
select OK.
➤ Use the CA Process—This option allows the administrator to recertify
the ID without having access to the certifier ID or the certifier pass-
word. A drop-down menu is provided to allow the administrator to
select a CA-configured certifier from the ones available on the server.
5. Click OK. If you chose the Supply Certifier ID and Password option, a
dialog box appears requiring the certifier password. Enter the password
and select OK to continue.
6. A file navigation box appears prompting for the ID to be certified.
Select the server’s ID file and click OK.
7. The Certify ID dialog box appears. The configurable options in the
box are
➤ Expiration Date—This field determines when the server will need to
be recertified. The default time is two years, but can be changed as
needed.
➤ Subject Name List—This field allows the administrator to assign a
common name if desired. This is an optional field.
➤ Password Quality—A slide bar is available here to determine the
quality of password security to assign to the ID file. The default
location of the slider is to the extreme left, which is no password
and a value of 0. Sliding the bar to the extreme right forces a very
strong password and a value of 16. Although it is true that this is
optimal for servers, each time the server is loaded, a password is
required at the console before the server will start.
11 0789729180 CH09 10/21/03 2:45 PM Page 220

220 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8. Select Certify to continue and recertify the ID.

9. A dialog box appears asking if the administrator wants to certify anoth-


er ID. Select Yes to certify more IDs or No to exit the certification
process.

Maintaining Domino User IDs


Follow these steps to recertify a user ID:
1. Launch the Domino Administrator and select the People & Groups
tab. Click People; in the Tools pane, select People and Recertify.
2. In the Choose a Certifier dialog box, choose one of the following
options:
➤ Server—This option is used to select the registration server.

➤ Supply Certifier ID and Password—This option is used to use a certifi-


er ID file. A dialog box is available under this option that allows the
administrator to navigate to the ID on the server.
➤ Use the CA Process—Using the CA process allows the changes to be
made without having access to a certifier ID file.
3. Click OK to continue. If the option to use a certifier ID was selected, a
dialog box appears requesting the password. Enter the password and
click OK to continue.
4. The Renew Certificates in Selected Entries dialog box appears. In the
New Certificate Expiration Date field, change the date to reflect the
desired expiration date and select OK to continue.
5. A Recertify User dialog box appears showing the common name and
the qualifying org unit. Click OK to continue.
6. The user ID recertification is processed and a Processing Statistics dia-
log box appears displaying the results of the change process. Click OK
to close the dialog box and continue.

Managing Users
User mail files might need to be moved when a user changes departments or
moves to another location in the country that supports his new Domino
needs. Domino provides a tool that moves the user’s mail file and changes the
11 0789729180 CH09 10/21/03 2:45 PM Page 221

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
221
. . . . . . .

Directory to reflect the new mail file location. To move a user’s mail file, fol-
low these steps:
1. Launch the Domino Administrator and select the People & Groups
tab. Click People and using the Tools pane, select People and Move to
another server.
2. The Move Users(s) to Another Server dialog box appears. The selected
user is displayed in the box along with a drop-down menu that allows
the administrator to select the destination server.
3. Optional selections to be completed are

➤ Move Roaming Files into This Folder on “Server Name”

➤ Move Mail Files into This Folder on “Server Name”

➤ Link to Object Store

➤ Delete Old Replicas in Current Cluster

4. Make the required selections and click OK to complete the process of


moving the mail file.

Creating and Setting Up Roaming Users


Roaming users are able to access Notes from multiple clients in the domain
and retain their personal information. A roaming server is used and the user’s
files are stored on this server. When a user logs onto the server as a roaming
user, their information is retrieved from the server and presented to the user.
When a roaming user makes changes, they are replicated to the server so that
they are available when the user logs in at a later time.
Roaming users are created during user registration. To define the settings for
roaming users, follow these steps:
1. Launch the Domino Administrator and select the People & Groups tab.

2. Using the Tools pane, select People and Register. A dialog box appears
requiring the certifier password. Enter the password and click OK to
continue.
3. The Register Person—New Entry dialog box appears. Enter the rele-
vant user information related to name and password and then select
Enable Roaming for This Person.
4. Check the Advanced button and a new menu displays on the left.
Select the Roaming button to configure the Roaming settings.
11 0789729180 CH09 10/21/03 2:45 PM Page 222

222 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

When Roaming users are created, the files Personal Address, Bookmark, and Journal
are also created and stored based on the settings on the Roaming tab.

5. Choose Put Roaming User Files on Mail Server or click the Roaming
Server button to select the location to store the files.
6. Enter the personal roaming folder name.

7. Choose a subfolder format.

8. Choose to Create Roaming Files Now or Create Roaming Files in


Background.
Selecting the Create Roaming Files Now option instructs the server to
execute the file creation task immediately, causing the administrator to
wait until the task is completed. If the Create Roaming Files in
Background option is selected, the server creates the files in a separate
thread and allows the administrator to continue with the setup option.
9. You can select Roaming Replicas if a Domino cluster is available. This
field is optional and should be ignored if a Domino cluster is not
installed.
10. Select a Clean-up option.

11. Click Done to create the roaming user.

Maintaining User Profiles


From time to time, users change departments or leave the company. When
this happens, administrators are required to perform regular maintenance on
the user profile—in this case, changing how a user is defined in a group.
Editing a group requires ACL access to the Domino Directory with one of
the following defined security assignments:
➤ At least Editor with Create Documents privilege

➤ The UserModifier role

Follow these steps to change group membership assignments:


1. Using the Domino Administrator client, navigate to the People &
Groups tab.
11 0789729180 CH09 10/21/03 2:45 PM Page 223

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
223
. . . . . . .

2. Expand the Domino Directories item and select Groups. A list of the
valid groups on the server displays in the main navigation window.
Select the group that needs to be edited and then click Edit Group.
3. On the Basics tab, edit the Group Name (the assigned name of the
group) if appropriate; this should not be changed unless absolutely nec-
essary because changing the group name also requires changing the
ACLs in databases associated with this name. The maximum length for
group names is 62 characters.
4. Choose a new Group Type if appropriate. The available group types are

➤ Multipurpose—Used for multiple types of users; the default selection

➤ Access Control List Only—Exclusively used to maintain database and


server authentication
➤ Mail Only—Exclusively used for mail users

➤ Server Only—Exclusively used for Connection documents and the


Administrator client’s group domain bookmarks
➤ Deny List Only—Exclusively used for denying access to the server

5. In the Category field, Administration is the only selection.

6. Edit the Description field if appropriate; this is a free form field used
to provide a description of the group.
7. In the Mail Domain field, enter the name of the mail domain used by
this group.
8. If appropriate, complete the Internet Address field; this field is used to
identify the group with an Internet address so that it can receive
Internet mail.
9. Edit the Members field by adding or removing member users’ names
as appropriate.
10. Click Save & Close to save the group changes.

Changing User Names


Users may also require a name change to their account information in the
Domino Directory. To change a user’s name, follow these steps:
1. Launch the Domino Administrator and select the People & Groups
tab. Click People and choose the user to be changed.
11 0789729180 CH09 10/21/03 2:45 PM Page 224

224 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2. Using the Tools pane, select People and Rename. In the People and
Rename dialog box, choose from among the following three options:
➤ Upgrade to Hierarchical

➤ Change Common Name

➤ Request Move to New Certifier

3. At the bottom of the dialog box is an Honor Old Names for Up to XX


Days option. The default value for this selection is 21 days, but the
value can be changed to reflect a number from 14 to 60 days.
4. Select Change Common Name to continue. In the Choose a Certifier
dialog box, select from these options:
➤ Server—This option is used to select the registration server.

➤ Supply Certifier ID and Password—This option is used to use a certifi-


er ID file. A dialog box is available under this option that allows the
administrator to navigate to the ID on the server.
➤ Use the CA Process—Using the CA process allows the changes to be
made without having access to a certifier ID file.
5. Click OK to continue. If the option to use a certifier ID was selected, a
dialog box appears requesting the password. Enter the password and
click OK to continue.
6. The Certificate Expiration Date dialog box appears. The default set in
this box is two years from the current date. Change the date if required
or leave it at the default and click OK to continue.
7. A Rename Person dialog box appears with fields to be completed.
Complete these fields:
➤ First Name

➤ Middle Name

➤ Last Name

➤ Qualifying Org Unit (optional)

➤ Short Name (optional)

➤ Internet Address (optional)

➤ Rename Windows NT User Account (optional)

8. Click OK. The name change is processed and a Processing Statistics


dialog box appears displaying the results of the change process. Click
OK to close the dialog box and continue.
11 0789729180 CH09 10/21/03 2:45 PM Page 225

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
225
. . . . . . .

Deleting Users
Deleting a user requires an administrator to have:
Author access with the Create Documents privilege to the Certification log
and Author access with the ability to delete documents and the UserModifier
role assigned
Or
Editor access to the Domino Directory

The following steps should be taken to delete a user from the Domino
Directory:
1. Launch the Domino Administrator and select the People & Groups
tab. Click People and select the user to be deleted.
2. Select People from the Tools pane and choose Delete. The Delete
Person dialog box appears.
3. In the What Should Happen To The User’s Mail Database? section,
choose from these options:
➤ Do Not Delete the Database

➤ Delete the Mail Database on the User’s Home Server

4. Optionally, choose to Add Deleted Users To Deny Access Group.

5. If appropriate, choose to Delete User’s Windows NT/2000 Accounts,


if existing.
6. If appropriate, choose to Delete Users from This Domino Directory
Immediately.
7. Click OK to delete the user.

Using the Administration Process


The Administration Process helps you manage users by automating many of
the associated administrative tasks. For example, if you rename a user, the
Administration Process automates changing the name throughout databases
in the Notes domain by generating and carrying out a series of requests,
which are posted in the Administration Requests database (ADMIN4.NSF).
Changes are made, for example, in the Person document, in databases, in
ACLs, and in Extended ACLs. However, the Administration Process can be
used only if the database is assigned an administration server.
11 0789729180 CH09 10/21/03 2:45 PM Page 226

226 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Monitoring Server Tasks


Domino uses events to determine when a server task is in need of attention.
The database EVENTS4.NSF is used to define which system tasks need
monitored and at what point a system alarm is generated. The Domino
administrator defines the threshold state for each event. The Event Monitor
watches the system and sends events to the database as they occur. When the
threshold is reached, the action that is defined for that event is executed. If
an event takes place and no event generator is defined, no action takes place.
The Event Monitor loads automatically when the server starts.

In previous versions of Domino, the Event Monitor was known as the Event task.

Event generators can be defined to monitor the following:


➤ Database—Database space and access as well as replication history are
monitored. ACL changes are also recorded.
➤ Domino Server—Network health, including port status, is monitored.

➤ TCP Server—TCP services are monitored and statistics are generated


reporting response time for the running services. The time is recorded
in milliseconds.
➤ Mail Routing—Statistics are reported stating the time required to route a
mail message. The time is recorded in seconds.
➤ Statistics—Specified Domino statistics are monitored.

➤ Task Status—Specified Domino tasks are monitored.

Event handlers are used to determine which tasks occur when an event is
triggered. EVENTS4.NSF includes predefined events that can be used to
monitor the server, but the most efficient use of the handler task is when an
administrator defines events specific to the domain he is monitoring. An
administrator may decide to just log events and then maintain them weekly,
or he may decide to be alerted immediately when an event occurs so that he
can resolve the issue.
The EVENTS4.NSF database includes wizards that assist administrators in
creating event handlers, creating event generators, and troubleshooting
common configuration errors.
11 0789729180 CH09 10/21/03 2:45 PM Page 227

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
227
. . . . . . .

➤ Event Handler Wizard—Creates a new event handler that generates a


notification when a specified event occurs
➤ Database and Statistic Wizard—Creates an event generator that fires
when something happens to a server or database
➤ Mail Routing and Server Response Wizard—Creates an event generator
that generates statistics or fires an event based on the availability of a
resource
➤ Troubleshooting Wizard—Identifies some common configuration errors in
the EVENTS4.NSF database and suggests possible resolutions

Event handlers can also be created by using the Domino Administrator and
navigating to the Configuration tab and selecting the Monitoring
Configuration, Event Handler view. Each event has a Basics, Event, and
Action tab that must be completed.
In addition to event generators and event handlers, Domino provides other
methods that allow an administrator to gather information about the health
of a server. For instance, executing a show server command from the server
prompt on a test server displays the following information:
➤ Server name: R6Test/R6TestOrg—R6Test

➤ Server directory: C:\r6server\data

➤ Partition: C.r6server.data

➤ Elapsed time: 21:57:45

➤ Transactions/minute: Last minute: 0; Last hour: 0; Peak: 86

➤ Peak # of sessions: 2 at 07/26/2003 02:28:55 PM

➤ Transactions: 357 Max. concurrent: 20

➤ ThreadPool Threads: 40

➤ Availability Index: 100 (state: AVAILABLE)

➤ Mail Tracking: Not Enabled

➤ Mail Journaling: Not Enabled

➤ Shared mail: Not Enabled

➤ Number of Mailboxes: 1

➤ Pending mail:0 Dead mail: 0

➤ Waiting Tasks: 0
11 0789729180 CH09 10/21/03 2:45 PM Page 228

228 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Transactional Logging: Not Enabled

➤ Fault Recovery: Not Enabled

➤ Activity Logging: Not Enabled

➤ Server Controller: Enabled

This is a typical example of tasks running on a new server with the default
tasks running. This list can vary based on the tasks that have been launched
by server tasks or manually by an administrator.
Server information can also be found in various databases on the server
including these
➤ Domino Log database

➤ Statistics database

➤ Events database

Tools available on the server to provide information on demand include


➤ Server Monitor

➤ Mail-in statistics

➤ Paging

Monitoring/Maintaining Domains
Domino domains consist of a group of servers that have the same Domino
Directory shared between them. Monitoring the domain is similar to moni-
toring a single server, but requires the administrator to keep track of replica-
tion and mail routing processes between all servers. The Domino Console
can be used to monitor the domain or an administrator can check the
Domino log file to verify that replication and mail routing is running prop-
erly. Examples of tasks required by an administrator include
➤ Registering users

➤ Solving replication issues

➤ Correcting mail routing issues, including dead mail

➤ Maintaining groups

➤ Adding and decommissioning servers


11 0789729180 CH09 10/21/03 2:45 PM Page 229

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
229
. . . . . . .

Domains are defined by creating Domain documents. Multiple document


types are available based on the requirements needed to route mail. The fol-
lowing types of documents are available:
➤ Adjacent Domain document—This document is used to route mail
between servers that are not in the same Notes named network.
➤ Non-adjacent Domain document—This document serves three functions:

➤ Supplies next-hop routing information to route mail

➤ Prohibits mail from routing to the domain

➤ Provides Calendar server synchronization between two domains

➤ Foreign Domain document—This document is used for connections


between external applications. Typical applications used would be a fax
or pager gateway.
➤ Foreign SMTP Domain document—This document is used to route
Internet mail when the server does not have explicit DNS access.
➤ Global Domain document—This document is used to route mail to
Internet domains. Configuration information regarding message conver-
sion rules are defined in the document.

Monitoring/Maintaining Mail
Routing
The most common task related to mail routing is making sure that mail is
moving through and outside of the Domino network. A typical sign that mail
routing is not working correctly is a report from a user that he is not receiv-
ing mail or cannot send mail. Suggestions for troubleshooting mail routing
issues include
➤ Request a delivery failure report from the user. Examine the information
in the report to determine how the problem may be resolved.
➤ Perform a mail trace to determine where the mail is stopping along the
route and correct the problem.
➤ Check the Domino Directory and ensure that mail routing is enabled.

➤ Verify that the settings in the Connection documents are configured


properly for mail routing between servers.
➤ Make sure that the mail.box file on the server is not corrupted.
11 0789729180 CH09 10/21/03 2:45 PM Page 230

230 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Check the server and make sure that there is sufficient disk space to
allow the server to process the mail.
➤ Examine the Domino log to see if errors are occurring in the Mail
Routing Events section.
➤ Check the mail.box file for undeliverable mail and examine the errors
that are occurring to determine how to correct the problem.

Tracking Messages
Domino provides the capability for administrators as well as users to track
their messages. The tool that enables this is the Mail Tracking Collector.
From time to time, users may state that mail is not being delivered in a time-
ly fashion, or may not be reaching the intended recipient at all. When this
occurs, one of the tools that can be used to determine the problem is mail
tracking.
The database used for this task is the MailTracker Store database, or
MSTORE.NSF. The database is populated by data that is fed from the Mail
Tracking Collector task, or MTC. The MTC processes log files generated
by the Router task and then copies specific data to the MSTORE.NSF data-
base. When a message-tracking request is generated, Domino uses the
MSTORE.NSF database to perform the trace. When a trace is initiated, it
starts at the user or Administrator client and continues through the entire
domain until the route expires. When the trace is completed, the user is pre-
sented with one of the following delivery status messages:
➤ Delivered—Delivery was successful.

➤ Delivery failed—Delivery was unsuccessful.

➤ In queue—Domino has queued the message in the Router task.

➤ Transferred—The message was sent to the next defined mail hop.

➤ Transfer failed—The message could not be transferred.

➤ Group expanded—A group message sent to the server was expanded to all
recipients.
➤ Unknown—The status of the delivery is not known.

Although it is true that users and administrators can track mail, users can track only
their own mail.
11 0789729180 CH09 10/21/03 2:45 PM Page 231

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
231
. . . . . . .

Resolving Mail Routing Errors


Mail routing errors can occur for various reasons. Server configuration
errors, client configuration errors, and network issues can all be possible
problems. The key to resolving the issue is to use the tools provided by
Domino to correct the problem. If the MAIL.BOX database has dead or
pending mail, the most common things to check first include the following:
➤ System logs detailing delivery failures and mail traces.

➤ Errors in the Directory itself, possibly related to connection configura-


tions. Also be certain that the Mail Routing field is enabled on the
Basics tab of the Server document.
➤ Errors in the recipient’s address.

➤ Network configuration errors prohibiting correct routing paths.

➤ System errors, such as full disks or memory errors.

➤ Shared mail configuration errors.

Tools available to administrators to troubleshoot routing problems include


the following:
➤ Delivery Failure Reports, which contain a description of why the mes-
sage failed
➤ Mail Trace from the Domino Administrator

➤ Mail routing topology maps that display routes by connections and


named networks
➤ Mail Routing status in the Domino Administrator

➤ Mail routing events in the Domino server log

Monitoring/Maintaining/Repairing
Databases
Application, or database, size can directly affect the manner in which a sys-
tem performs. A database that has grown in size and isn’t maintained regu-
larly causes the server to have performance issues.
11 0789729180 CH09 10/21/03 2:45 PM Page 232

232 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Monitoring Database Size


The maximum database size on Windows and Unix servers is 64GB. To
check the size of a database, follow these steps:
1. On the Domino workspace, select the database; then navigate to the
File menu, select Database, and then select Properties.
2. The Database Properties box opens. Database size is listed on the sec-
ond tab, the Info Tab, labeled with an “i.” This tab displays:
➤ The database size

➤ The number of documents in the database

➤ The database creation date

➤ The last day the database was modified

➤ The replica ID of the database

➤ The ODS version of the database

➤ % used—Displays the amount of the database in use calculated in


percent
➤ Compact—Initiates a compact on the database

➤ User Detail—Shows information related to the owner of the data-


base
Additional ways to check database size are
➤ View the database size on the Files tab of the Domino Administrator

➤ Check the database size in the Domino log file

➤ View the statistics reports in the Statistics database

Using Database Maintenance Utilities


Database issues can occur if they are not maintained properly. Database per-
formance and data loss can be attributed to not performing regular database
housekeeping tasks. Database usage and replication can be tracked in the
Domino log file, typically named LOG.NSF.
Domino has system tasks that can be scheduled at predefined times to ensure
that all databases are performing at an optimum level. Key system tasks
include Update, Updall, Fixup, and Compact. The following sections
describe these database utilities in detail.
11 0789729180 CH09 10/21/03 2:45 PM Page 233

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
233
. . . . . . .

Update
The purpose of Update is to update a database’s view indexes. Update runs
automatically when the server is started and continues to run while the serv-
er is up. Update waits about 15 minutes before processing the database so
that all changes in the database are finished processing. When the views are
updated, it then searches the domain for databases set for immediate or
scheduled hourly index updates. When Update finds a corrupted view or full-
text index, it rebuilds the full-text index and tries to solve the issue.

Updall
Updall is used to rebuild corrupted views and full-text index searches, as Update
does, and has various options that can be defined when launched by using a
software switch. Updall is executed by default at 2:00 a.m. and, unlike Update,
can be run manually. Deletion stubs are removed, and views that haven’t been
used for 45 days are deleted unless they are protected by the database designer.
Setting the parameter Default_Index_Lifetime_Days in the Notes.ini file enables
an administrator to determine when Updall removes unused views.

Fixup
Fixup is used to repair databases that were open when a server failure
occurred. Fixup runs automatically when the server starts, but it can also be
run from the Domino Console, when necessary. Databases are checked for
data errors generated when a write command to the database was issued and
a failure occurred causing a corruption in the database. When Fixup is run-
ning on a database, user access is denied until the job completes. Fixup should
be run if Updall does not fix the database errors.

Compact
Compact can be used to recover space in a database after documents are delet-
ed. Deleting documents from a Domino database does not actually decrease
the size of the database. A deletion stub is created and the document is
removed permanently when Compact is run, and the size of the database is
then reduced. Three types of compacting are available:
➤ In-place compacting with space recovery—Unused space is recovered, but the
physical size of the database remains the same. Unlike with Update and
Updall, access to the database is not denied while the Compact task is
running. When Compact is launched without switches or with a -b
switch, in-place compacting with space recovery is the type of compact-
ing used. The DBIID, or database instance ID used to identify the data-
base, remains the same. In-place compacting is used for databases that
have the system configured to run transaction logging.
11 0789729180 CH09 10/21/03 2:45 PM Page 234

234 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Use in-place compacting when possible because it is the quickest and generates the
smallest amount of system activity.

➤ In-place compacting with space recovery and reduction in file size—This ver-
sion reduces the physical database size and recovers unused space, but it
takes longer to complete. The DBIID is changed with this Compact
version. Running Compact without a software switch option compacts
databases not associated with transaction logging.
➤ Copy-style compacting—A copy is created, and when the compact is com-
plete, the original database is deleted. Because of this, there needs to be
sufficient disk space available to make the copy of the database, or an
error will occur and the compact will not work. During this type of
compacting, a new database is created and a new DBIID is assigned.
Because a new database is actually being created, this option locks out all
users and servers from editing the database. Access using this version of
Compact for read only can be enabled if the -L switch is used at the time
it is run.

Compact should be run on all databases at least weekly, if possible, but it should
be run at a minimum of once a month using the format compact -B to minimize the
amount of disk space. If Fixup does not correct a database problem, running
Compact with the switch of -c can attempt to correct the problem.

Other Database Maintenance Tasks


Databases should be monitored on a regular basis to make sure that they are
performing efficiently. In addition to using the database maintenance utili-
ties described in the preceding section, these tasks and practices can aid in
maintaining strong database performance:
➤ Move the database to another server in the domain, if necessary. Make
sure that the server itself is tuned occasionally and running at peak effi-
ciency. Defragment disk drives and run preventive maintenance tasks on
the server to foresee any possible hardware problems that may occur.
Also make sure that backups are scheduled to complete before nightly
Domino server tasks launch.
➤ Domino 6 database design provides a significant speed improvement. If
possible, upgrade the database to version 6 if it’s running as an earlier
version.
11 0789729180 CH09 10/21/03 2:45 PM Page 235

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
235
. . . . . . .

➤ Implement transaction-based logging, if the hardware configuration


makes it a possible solution as this is very processor, memory, and disk
access intensive.
➤ Schedule nightly system tasks to complete before users access the system
at the start of a workday.
➤ Verify that a task such as Compact or Updall isn’t stuck on a database,
expending system resources.
➤ Monitor database usage. A database used constantly by many users
might need separate replicas on other servers in the domain, to make
sure that access is not creating an unneeded system load.
➤ Examine the database design to see if any improvements can be made
that would allow it to perform better.
➤ Check the Database, Enhanced tab to see if any options can be enabled
to improve performance.
➤ Create a replica of a database if Fixup, Update, and Updall don’t correct
the problem. If all else fails, restore the database from backup.

Monitoring/Modifying Application
Access Control
Domino provides multiple ways for administrators to monitor databases and
applications in the domain. Administrators can access the Domino log file or
can set up applications to automatically inform them when issues occur.
Typically, when ACLs are defined, users will not experience problems unless
something changes on the server or on the user’s workstation. This section
of the book offers administrators ways to monitor application access.
Data access control problems can cause users as well as servers to be denied
access to a specific database, a server, or an entire domain. Administrators can
ensure that database access is constant by making sure that Enforce a
Consistent Access Control List is selected on the database ACL Advanced tab.

Although enforcement of a consistent ACL does assist in maintaining ACL integrity,


it’s not a complete solution. If a user replicates a copy of a database to his local
machine, group membership does not replicate along with the database. If the user
then wanted to share that replica with another user, the new user would not to be able
to access the database because group information would not be inherited. One other
thing to keep in mind is local replica security. Because a uniform ACL is not imposed
on the database, a local replica should be encrypted to maintain security.
11 0789729180 CH09 10/21/03 2:45 PM Page 236

236 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrators can get a complete view of all database ACLs by accessing the
Access Control List in the database catalog file, typically called CATA-
LOG.NSF. The CATALOG.NSG database is populated by the CATALOG
task. These three views are available:
➤ By Database—This is an alphabetical list of all databases in the domain,
sorted by the actual filename on the server.
➤ By Level—This is a list of all databases, sorted by access level.

➤ By Name—This is a list of all valid ACLs on the system, sorted by each


specific type.

Setting Up Authentication
Domino provides for multiple types of authentication in the domain. Follow
these steps to set up authentication:
1. Launch the Domino Administrator, select the Configuration tab, and
open the Server document.
2. Select Ports and choose Internet Ports. A subpage opens for Webs,
Directory, Mail, and IIOP.
3. Choose the protocol to set up authentication. Navigate to the
Authentication Options section and change the Name and Password
fields to Yes. Perform the same task on all required protocol pages.
4. Click Save & Close to save the document.

Setting Up/Configuring/Monitoring
Monitors
As discussed previously in this chapter, Domino uses events to determine
when a server task is in need of attention. The database EVENTS4.NSF is
used to define which system tasks are monitored and at what point a system
alarm is generated. Thresholds created by the administrator are monitored
and alarms for system alerts are generated when the thresholds are met or
exceeded.
Lotus has provided a tool called the Domino Server Monitor for system
administrators to watch the status of the servers and make sure no problems
11 0789729180 CH09 10/21/03 2:45 PM Page 237

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
237
. . . . . . .

exist. The Server Monitor displays statistics in real time and allows adminis-
trators to view server status in a graphical format. The Server Monitor can
be set up to allow statistics to be viewed by a specific timeline, or by the state
of the servers. The Server Monitor has monitoring criteria set up by default,
but administrators also have the option of choosing which criteria they want
to monitor and then saving those settings for later use.

For the exam, remember that the Server Monitor is only available using the Domino
Administrator client. The Domino Web Administrator client cannot access the Server
Monitor.

Server monitoring is accessed using the Domino Administrator and navigat-


ing to the Server, Monitoring tab. The Server Monitor is displayed on this
tab and can be started by clicking the green arrow. The server is stopped by
clicking the red stop button.
To start the server automatically, select File, Preferences, Administration
Preferences. After the Administration Preferences dialog box has appeared,
check the Automatically Monitor Servers at Startup check box at the bottom
of the dialog box. This automatically starts the Server Monitor and does not
require the administrator to manually start the monitor.

Troubleshooting Administration
Process Problems
The Administration Process is a tool provided by Lotus that automates var-
ious administrative tasks on the server. Examples of such tasks include user
management, group management, and database management.
As we have discussed earlier in this book, a server that does not have the
proper hardware configuration can cause a myriad of problems. The
Administration Process is a memory-intensive process and care should be
taken to ensure that the server has an adequate amount of memory to exe-
cute the task. Possible problems that may need attention regarding the
Administration Process are new users not being registered properly or group
changes that are not propagating. To troubleshoot possible problems with
the Administration Process, follow these steps:
1. Make sure that no system changes have been made at the operating
system level or to the network infrastructure that could cause commu-
nication failures within the domain.
11 0789729180 CH09 10/21/03 2:45 PM Page 238

238 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2. Configuration errors on the server may be causing problems. Try run-


ning the Administration Process on a different server in the domain to
see if the problem persists.
3. Type at the server prompt and check to make sure that the
show tasks
AdminP task is running.
4. Verify that an administration server is defined in the Directory and in
all databases in the domain. If the Administration Server is not defined
in the databases, the AdminP process will not be able to run against
them.
5. Check the replication events in the Domino log file to make sure that
the Directory and the Administration Requests database is replicating
properly in the domain.

Troubleshooting Clustering
Problems
This section addresses some problems that may occur related to Domino
clusters. Problems that may occur can be related to authentication, database
replication, or failover in the event of a server outage.
When troubleshooting clustering problems, follow these steps:
1. Make sure that the Cluster Replicator task is running on all of the
servers in the cluster.
2. Ensure that the database exists on all servers in the cluster and that the
replica IDs are the same.
3. Check the log files to see if errors are occurring related to the replica-
tion task. Check to see if there is an excessive amount of replication
requests queued that may hint at a server performance issue.
4. Examine the Cluster Database Directory and make sure that the data-
bases are enabled for replication.
5. Make sure there is only one copy of the database on each cluster.

6. Verify that the ACLs in the databases are set correctly to allow servers
to communicate. The User type for servers must be set to Server or
Server group.
11 0789729180 CH09 10/21/03 2:45 PM Page 239

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
239
. . . . . . .

7. Check the Server documents on all servers in the cluster and make sure
that each server is assigned a valid, unique IP address and that all IP
addresses related to the Cluster Manager are defined properly.
8. Verify that all servers in the cluster are running.

Troubleshooting Network/Protocol
Problems
Network problems can manifest themselves as users unable to access servers,
servers unable to communicate, or mail unable to route inside or outside of
the domain. Check these items when communication problems are occur-
ring:
➤ Verify that the server is able to communicate with other network devices
by launching a Web browser and accessing a Web site. Ping a network
device such as another server or a router and also run a trace route to
ensure that the network is available and that the network hardware is
working properly.
➤ Perform a mail trace from the client as well as the server to make sure
that there is not an error.
➤ Check the Domino Directory for save/replication errors. Verify that all
of the information in the Server documents related to network informa-
tion and port information is set up correctly.
➤ Check the Domino log for possible errors that may be occurring.

Troubleshooting Partitioning
Problems
Typical problems that can appear when running Domino on a partitioned
server include partitions in use and communication infrastructure/setup
issues.
Here are some guidelines for troubleshooting partitioning problems:
➤ Only one server can be running per partition. If an error occurs stating
that a partition is already in use, verify that a server process is not
already running on the server. A server reboot may be required to cor-
rect this issue.
11 0789729180 CH09 10/21/03 2:45 PM Page 240

240 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Verify that the server is running in the event that users are receiving an
error that the server is unreachable.
➤ If a port-mapping server is sharing the same network card as the desti-
nation server, make sure that the server is running.
➤ Verify that information in the NOTES.INI file related to port-mapping
is set up correctly.
➤ Verify that all the information related to the communications set up for
the server is correct in the Domino Directory.

Troubleshooting Port (Modem)


Problems
There will be occasions when a dial-up connection is needed on the server
for specific tasks. In the event that modem problems are occurring, follow
these steps to troubleshoot the problem:
1. Enable call logging in the Domino log file.

2. Check the messages in the log file to determine the cause. Check the
Miscellaneous view for problems that may be occurring. Check the
Phone Calls view to see if errors are being logged.
3. Install a handset on the modem line to determine if there is a dial tone
and that a voice call can be made on the line. If call waiting is enabled
on the line, disable it.
4. Check the documentation for the modem to determine further trou-
bleshooting ideas.
5. Reboot the server to see if the problem corrects itself.

6. If the server is using the modem to dial out, ensure the phone number
information is set up correctly.
7. Verify that the information in the Domino Directory is set up correctly
related to ports in the Server document and User Preferences. Also
verify that the information in Connection documents using the modem
exists and is configured properly.
11 0789729180 CH09 10/21/03 2:45 PM Page 241

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
241
. . . . . . .

Troubleshooting User Problems


Troubleshooting user problems can be challenging if the administrator does
not have a complete understanding of possible issues and how they can be
corrected. When considering troubleshooting user problems, the following
list includes items that should be considered by an administrator:
➤ Tracking user mail messages and resolving mail routing problems

➤ Correcting server access problems by users and servers

➤ Fixing connection issues for servers and users

➤ Maintaining databases and how they are accessed

➤ Correcting issues related to workstation problems

➤ Verifying that an actual technical problem is occurring and that user


training is not required to solve the issue.

The information here is just a summary of the topic of troubleshooting user


problems. For a detailed discussion of this topic and each of the items in the
preceding list, see Chapter 18, “Resolving User Problems.”

Using a Java-Based Domino


Console
One of the tools available to maintain a server is the Domino Console. The
Domino Console is an application that enables administrators to send com-
mands to the server as if they were using the console on the server itself. The
Domino Console is installed when the Domino server is installed or when
the Administrator client is installed. The Console is a Java application and
can also be loaded as a Windows Service when running Windows 2000 or
Windows XP.

Launching jconsole
The application provided by Lotus to run the Domino Console is called
jconsole. To start the Domino Console manually, change to either the client
or server directory and run the jconsole executable. The Domino server must
be running. If you are running a server controller, the Domino Console
starts automatically.
11 0789729180 CH09 10/21/03 2:45 PM Page 242

242 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

You can launch the Console in four ways:


1. Launch the jconsole application by selecting the program icon in the server
or admin client directory when the server is already running.
2. Create a shortcut or execute nserver -jc at the command prompt to run
the server controller, the Domino server, and the Console.
3. Create a shortcut or execute nserver -jc -c at the command prompt to
run the server controller and the Domino server.
4. Create a shortcut or execute nserver -jc -s at the command prompt to
run the server controller and the Console.
5. Create a shortcut or execute nserver -jc -c -s to run the server con-
troller by itself.

As mentioned earlier, the Domino Console enables administrators to send


commands to the server as if they were using the console on the server itself.
Typical commands such as show server and show tasks can be sent to the serv-
er and then are displayed in the Console window. The Console window also
displays server events, such as AdminP processes, as they are launched. A
sample Console window is shown in Figure 9.1.

Figure 9.1 The Domino Console allows administrators to execute commands on the server and to
monitor the server in real time.

Using jconsole
The Console has predefined commands available via the File menu or the
Commands button at the bottom of the Console.
11 0789729180 CH09 10/21/03 2:45 PM Page 243

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
243
. . . . . . .

The following options are available using the File menu:


➤ Open Server

➤ Disconnect

➤ Show Users

➤ Show Processes

➤ Broadcast—Sends a message to all server users

➤ Local Logging

➤ Stop Server

➤ Kill Server

➤ Quit Controller

➤ Refresh Server List

➤ Exit the Console Program

The Commands button has the typical commands that an administrator


would use to manage the server, as well as an option to create and save cus-
tom commands.
You can configure the Console to show the following views:
➤ Header—Specifies the user, platform type, server name, and release num-
ber
➤ Bookmarks—Includes the available icons Connect Local Server,
Connected Servers, and Domain
➤ Event Filter—Displays one of the following at the bottom of the Console
of the events monitored: Fatal, Failure, Warning (High), Warning
(Low), Normal, and Unknown
➤ Secure Password—Is an empty field used by the administrator to secure
the Console
➤ Connected Servers—Lists the servers available to the Console

➤ Domain—Provides a hierarchical graphical view of the domain structure


available to the Console
➤ Debug Output Window—Launches an active Debug window used for
troubleshooting
➤ Look and Feel—Changes the theme used to display the Console window
11 0789729180 CH09 10/21/03 2:45 PM Page 244

244 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

An example of the Console window with these commands is shown in


Figure 9.2.

Figure 9.2 Lotus has provided commonly used commands for administrators to assist them in
using the Domino Console.

Exiting from jconsole


To stop the Console, select Exit from the File menu (Alt+Q). After you have
selected to shut down the Console, you are presented with a dialog box to
either shut down the Console itself or shut down the Console and the serv-
er controller simultaneously. Three additional buttons are available on the
Web Administrator: Logout, Preferences, and Help.

Although the Domino Console is a powerful tool, it is still limited in its uses. You still
need either the Domino Administrator client or the Web Administrator client to main-
tain the server.

Using Distributed and Centralized


Directories
Domino provides multiple options when presenting directories in the domain.
The key point to remember is that the Domino Directory is accessed by all
11 0789729180 CH09 10/21/03 2:45 PM Page 245

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
245
. . . . . . .

users as well as servers, so care should be taken to ensure that access is opti-
mal. Three ways to provide directory access are
➤ Distributed—This method assumes that each server has a replica copy of
the directory on each server in the domain. This method is optimal
when many users are on the network or the communications infrastruc-
ture may have many points of congestion.
➤ Centralized—This method uses the administration server as the central
point for the directory and configuration directories. Configuration
directories host Server, Connection, and Configuration Setting docu-
ments. Typically, a second server also has these directories for disaster
recovery in the event that the registration server fails.
➤ Hybrid—This method uses a combination of distributed and centralized
directories. Local users may use the centralized directory while remote
users would have a local copy of the directory on their server so that
bandwidth would not be an issue.

Using the Remote Console


The Domino Web Administrator allows remote administration using only a
browser client. Although the Web Administrator is essentially the same as
the Administrator client, the navigation is slightly different, so make sure you
are familiar with it. To use the Web Administrator, the following browser
configurations are required:
➤ Microsoft Internet Explorer 5.5 or greater on Windows 98, 2000, XP, or
NT4
➤ Netscape Navigator 4.7 or greater on Windows 98, 2000, XP, or NT4

Even though Release 6 does support the Web Administrator client on NT4, you must
also install the Microsoft Windows Management Instrumentation Software
Development Kit (WMI SDK) before the task will work properly. We recommend
migrating to Windows 2000 or XP before installing the Domino application because
Microsoft support for NT4 is scheduled to expire over the next 18 months.

Even though Release 6 supports the Web Administrator client on NT4, you must also
install the Microsoft Windows Management Instrumentation Software Development
Kit (WMI SDK) before the task will work properly. We recommend migrating to
Windows 2000 or XP before installing the Domino application because Microsoft
support for NT4 is scheduled to expire over the next 18 months. To check the
expiration schedule of software platforms, Microsoft provides this link:
http://www.microsoft.com/windows/lifecycle.mspx.
11 0789729180 CH09 10/21/03 2:45 PM Page 246

246 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Here are some keys things to remember about the differences between the
Web Administrator and the Web client:
➤ The Messaging tab on the Web client now has a task tool that enables
you to issue Tell, Start, Stop, and Restart commands on the mail server
tasks.
➤ The Messaging tab on the Web client also has a task tool that enables
you to issue Tell, Start, Stop, and Restart commands on the replication
server tasks.
➤ The Mail tab on the Web client displays mail statistics differently than in
the Administrator client. Mail routing, retrieval, DNSBL (DNS blacklist
filter), and destination routing statistics are available on this tab.
➤ Server Monitor and performance charts are not available in the Web
client.

AdminP, CA (Certificate Authority), and the HTTP task must all be running
on the Domino server for the Web Administration client functionality to
operate. In addition, the WEBADMIN.NSF database ACLs need to be con-
figured to allow administrators to access the server.
When the WEBADMIN.NSF database is created, these default ACLs are
created:
➤ Administrators and full access administrators, the Named server, and
LocalDomainServers are set as Manager.
➤ Default, OtherDomainServers, and Anonymous are all set to No Access.

The HTTP task updates the WEBADMIN.NSF database with ACL changes
generated from the modification of the Domino Directory’s Server document
about every 20 minutes. You can also force an immediate update for admin-
istrator access by editing the Security tab on the Server document. Editing
the ACLs in the WEBADMIN.NSF database also permits immediate access.
Select a user, define the user as a manager, and then add the roles required
for the managers to have access.
After the ACL access has been defined, you need to define the authentication
method that will be used to access the server. The two options are to define
an Internet password in the Person document or to define an SSL certificate.
When you have finished the configuration, make sure that the HTTP task is
running on the server and then enter the URL of your server followed by
/webadmin.nsf; for example, http://r6test.test.com/webadmin.nsf, or https://
r6test.test.com/webadmin.nsf if SSL authentication is enabled.
11 0789729180 CH09 10/21/03 2:45 PM Page 247

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
247
. . . . . . .

The first screen that is presented is a server status screen. This is helpful for
a quick glimpse of server health, but you must access the other tabs to actu-
ally perform maintenance activities.

Managing User Passwords


When new users are registered, a password is required to be assigned.
Password quality is determined by a slide bar to determine the quality of
password security to assign to the ID file. The default location of the slider
is to the extreme left, which is no password and a value of 0. Sliding the bar
to the extreme right forces a very strong password and a value of 16.
Although it is true that this is optimal for servers, each time the server is
loaded, a password is required at the console before the server will start.
Passwords for Internet users are defined in Person documents in the Domino
Directory. The passwords can be changed manually or by using a Security
Settings policy document. Users can be required to change their passwords,
and standards can be set to determine the type and quality of password
required. Domino provides password synchronization for users that are Web
users as well as Notes client users.
Domino allows administrators to
➤ Allow users to change their passwords based on security policies

➤ Force users to change their passwords within a specific amount of time

➤ Allow users to access the servers without having to enter a password

➤ Lock out users

➤ Require users to verify their passwords

Monitoring/Maintaining Domain
Access
Domains are used to define user groups that share the same Domino
Directory. Setting up a domain depends on the configuration of the Domino
network. Typically, a single domain exists for a company and all users and
servers are registered in this domain. This works well for small- and
medium-sized companies. A large company may need to deploy multiple
domains in order to keep distinct users and groups segmented from other
11 0789729180 CH09 10/21/03 2:45 PM Page 248

248 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

parts of the company. Domains may also need to be segmented based on how
a company’s network infrastructure is defined. A remote group may need a
local domain with their own Directory if they are only able to communicate
over a modem back to the company’s home network and are primarily inde-
pendent, so they do not have a need to be constantly connected.
Domains are defined by creating Domain documents, as described earlier in
this chapter (see “Monitoring/Maintaining Domains”).
Domain access is supported by using groups or user authentication defined
in the Domino Directory. Users must be authenticated to the Directory
before they are able to access the domain. After they have access to the
domain, Lotus has created levels of security that prohibit the user from
accessing data unless they are authorized. Examples of this include:
➤ A user may be prohibited from accessing the domain using a Web client
if the administrator has not defined his access in the Directory.
➤ A user might be able to authenticate to the domain via the directory, but
he might not be able to access all the databases in the domain because
he does not have ACL access.
➤ A user may be completely prohibited from the domain by entering the
username in a Deny Access list.

Domain access can be monitored in real time at the Domino Console or


checked manually in the Domino Log database. Attempts to access the
domain are included with the username as well as the time the access
attempts occurred. Administrators can then determine if the user has incor-
rect access or is simply attempting to access prohibited data. After the deter-
mination has been made, they can contact the user to approve access to the
resource or can lock out the user entirely if they suspect malicious behavior.
11 0789729180 CH09 10/21/03 2:45 PM Page 249

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
249
. . . . . . .

Exam Prep Questions


Question 1
Which of the following options can be used to keep a database from upgrading
to the R6 ODS database format?
❍ A. Compact the database with a -N option.
❍ B. Copy the database and rename the file extension with .NS4.
❍ C. Rename the database filename.
❍ D. Edit the Notes.ini file and add the line R6_Database_Version = 0.

Answer B is correct. The following steps can be taken to ensure that a data-
base retains its ODS database format:
➤ Issue the Compact with a -R option to retain the current ODS structure.
➤ Make a copy of the database and rename the file extension to NS4 to
prohibit upgrading.
➤ Do not run the compact task on the database at all.

Question 2
Which of the following selections are not valid policy document types that can
be applied to users?
❍ A. Archiving
❍ B. Desktop
❍ C. Registration
❍ D. Setup
❍ E. Security
❍ F. All of the above are valid

Answer F is correct. The valid policy document types that can be applied to
users include:
➤ Archiving—Defines policy settings related to users’ ability to archive
mail.
➤ Desktop—Enforces consistent client settings. If a client setting is changed
and then the workstation logs out of the server, the settings are reset the
next time the user logs into the server.
11 0789729180 CH09 10/21/03 2:45 PM Page 250

250 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Registration—Implements these policies when a new user is created dur-


ing registration.
➤ Setup—Enforces settings in the client’s location document.

➤ Security—Defines password management and ECL setup.

Question 3
What is a primary requirement for data port compression to work properly?
❍ A. The communication driver must be RPC level 3 compliant.
❍ B. The server must have a compression client loaded.
❍ C. Compression must be enabled at both ends of the data stream.
❍ D. CRC error checking must be established before transmitting data.

Answer C is correct. Compression must be enabled at both ends of the data


path or it will not work.

Question 4
What is the maximum size of a database on Windows and Unix servers?
❍ A. The only limitation is the size of the server.
❍ B. 100GB
❍ C. 1TB
❍ D. 64GB

Answer D is correct. The maximum database size on Windows and Unix


servers is 64GB.

Question 5
Which of the following choices are valid options when renaming a user?
❍ A. Migrate to Hierarchical
❍ B. Change Common Name Length
❍ C. Request Move to New Certifier
❍ D. Qualify User for Web Access
11 0789729180 CH09 10/21/03 2:45 PM Page 251

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
251
. . . . . . .

Answer C is correct. The available options when renaming a user are


➤ Upgrade to Hierarchical

➤ Change Common Name

➤ Request Move to New Certifier

Question 6
Which database is used to define what system tasks are monitored?
❍ A. MONITOR.NSF
❍ B. EVENTTASKS.NSF
❍ C. LOG.NSF
❍ D. EVENTS4.NSF

Answer D is correct. The database EVENTS4.NSF is used to define which


system tasks will be monitored and at what point a system alarm is generated.

Question 7
What view is used in the Domino log file to display possible problems with users
and servers connecting with modems?
❍ A. Modem calls
❍ B. Phone call
❍ C. Data calls
❍ D. Dial-up calls

Answer B is correct. Check the Phone Calls view to see if errors are being
logged.

Question 8
Where are passwords defined for Domino users who access the server using a
Web browser?
❍ A. INTERNET.NSF
❍ B. The Domino Directory
❍ C. PASSWORDS.NSF
❍ D. The Domino Catalog
11 0789729180 CH09 10/21/03 2:45 PM Page 252

252 Chapter 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Answer B is correct. Passwords for Internet users are defined in Person doc-
uments in the Domino Directory.

Question 9
Which database is used to determine who can use the Domino Web
Administrator to access the server?
❍ A. ADMIN.NSF
❍ B. ACCESS.NSF
❍ C. WEBADMIN.NSF
❍ D. ADMINWEB.NSF

Answer C is correct. Access using the Domino Web Administrator is main-


tained by the database WEBADMIN.NSF.

Question 10
What are domains used for?
❍ A. For mail storage
❍ B. To define users sharing the same Domino Directory
❍ C. For replication scheduling and error checking
❍ D. For application performance balancing

Answer B is correct. Domains are used to define user groups that share the
same Domino Directory.
11 0789729180 CH09 10/21/03 2:45 PM Page 253

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitoring
. . . . . . Server
. . . . Performance
253
. . . . . . .

Need to Know More?


The Lotus Developers Domain: www-10.lotus.com/ldd.

Upgrading to Domino 6: Performance Benefits: www.ibm.com/redbooks.


11 0789729180 CH09 10/21/03 2:45 PM Page 254
12 0789729180 CH10 10/21/03 2:50 PM Page 255

10
Replication
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Replication
✓ Pull
✓ Push
✓ Source server
✓ Target server
✓ Connection document
✓ Streaming replication
✓ Extended Access Control List (xACL)

Techniques and concepts you’ll need to master:


✓ Using client commands to force replication
✓ Scheduling replication of databases between servers using
Connection documents
✓ Planning applications based upon how selective replication
settings can affect the documents distributed to different
replicas
✓ Understanding streaming replication
✓ Understanding how a server’s access level in the database ACL
affects replication
✓ Understanding how an Extended ACL affects replication
✓ Using replication to distribute design changes
✓ Identifying the tools used for monitoring replication
12 0789729180 CH10 10/21/03 2:50 PM Page 256

256 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Replication involves the synchronization of data between two replica copies of


a database. Replicas can be stored either locally or on the Domino server.
Replication between two server-based databases is called server-to-server
replication. Replication involving a local database is called workstation-to-
server replication. This chapter focuses mainly on server-to-server replica-
tion, which is typically administered and scheduled by the Domino
Administrator. Workstation-to-server replication is usually forced or sched-
uled by the user, and the Notes client performs all of the work involved in
pushing and pulling the data to the server-based replica.
Several of the topics in this chapter are also addressed in Chapter 5,
“Replication.” As with the mail topic, you may want to consider reading both
chapters on replication before taking either Exam 620 or Exam 621, for a
more complete understanding of this subject area. Any duplication of topics
between both chapters has been carefully noted in the appropriate section.
For the purposes of the exam, it is important to remember that replication
never happens automatically, as is the case with mail routing. Replication
must either be forced or scheduled with a Connection document. You should
memorize all of the console commands to force replication, and be familiar
with all of the fields on the Connection document that relate to replication
and its schedule. The best way to understand replication is to study the case
studies included in this chapter, which are similar to the case studies in
Chapter 5.
For the exam, you’ll need to understand the impact of different database
security features on replication, such as the Access Control List (ACL) and
Readers and Authors fields. You will also need to focus on learning all about
the Extended ACL (xACL), which is new to R6. You can prepare for the
exam by practicing many of the techniques in this chapter with a minimum
of two servers and an Administration client. Replication can’t be tested or
learned in a single server environment.

Setting Up and Configuring


Replication Through Force
This topic was covered extensively in Chapter 5, so I’ve chosen to repeat a
summary of the most important points here in this chapter.
Replication never happens automatically, and must either be forced or sched-
uled by the user or administrator. Administrators usually schedule server-to-
server replication in order to avoid having to be present to manually force
12 0789729180 CH10 10/21/03 2:50 PM Page 257

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
257
. . . . . .

replication using commands; however, there are many times when adminis-
trators may want to force replication immediately. It is useful for adminis-
trators to know how to force replication immediately, so that documents can
be distributed to different replicas without delay.
Replication can be forced by the administrator in a number of different
ways—using the Notes client and using the Administrator client. Using the
Notes client to force server-to-server replication limits the administrator to
manually replicating one database at a time, but this method is useful if for
some reason the administrator doesn’t have access to the Administrator
client. Using the Domino Administrator client, the administrator can access
the remote console and force replication using console commands. This
method is faster, and allows the administrator to force replication of data-
bases, directories of databases, or every database in common with a server or
a server group.

Forcing Replication Using the Notes Client


The administrator can force server-to-server replication using the Notes
client by performing the following steps:
1. Open a database or select a database from the workspace.

2. Choose File, Replication, Replicate.

3. Select one of the following choices:

➤ Choose Replicate via Background Replicator to allow replicate to


operate as a background workstation task, replicating with the last
server with which replication was successful.
➤ Choose Replicate with Options to be presented with a dialog box
whereby the administrator can choose the server with which to
replicate, as well as which documents will replicate, and whether to
send or receive or both.
4. Choose OK to initiate replication.

Many users use the Replicator page to force replication of several databases at once.
This interface can be activated using the Replicator page bookmark button.
Unfortunately, this interface is designed to force workstation-to-server replication, not
server-to-server replication. Database replicas are automatically added to this page
upon local replica creation. If the administrator wants to force server-to-server repli-
cation of several databases at once, he must use the Administrator client.
12 0789729180 CH10 10/21/03 2:50 PM Page 258

258 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Forcing Replication Using the Domino


Administrator Client
The Domino Administrator client gives the administrator access to the
remote console. Using the remote console to force replication allows the
administrator to use a command-line interface for forcing replication
between one or more servers, for one or more databases.
Activate the live remote console on the Administrator client by performing
the following steps:
1. From the Domino Administrator, click the Server, Status tab.

2. Open the Server Console view.

3. (Optional) Click the Live button to turn on the Live console.

Turning on the Live console enables the administrator to view console commands
in real time, as they are processed by the server. It is helpful to have the Live con-
sole interface turned on before issuing console commands, to see the results that
follow the initiation of the command. If you forget to turn on the Live console before
issuing a command, you will simply receive the following message: “Command has
been executed on remote server. Use Live console option, in future, to view
responses from the server.”

The administrator can use the following commands at the console to force
replication:
➤ Replicate (Rep)—Forces two-way replication whereby the initiating server
(also known as the source server) pulls updates, changes, and deletions
to the target server, and then gives the other server the opportunity to
pull changes from it. This type of replication is also referred to as pull-
pull replication. Pull-pull replication is two-way replication that involves
the Replica task on both servers.
➤ Pull—Forces one-way replication whereby the source server pulls
updates, changes, and deletions from the target server.
➤ Push—Forces one-way replication whereby the source server pushes
updates, changes, and deletions from the target server.

The syntax of the three commands is as follows:


Replicate servername [databasename] or Rep servername [databasename]

Pull servername [databasename]

Push servername [databasename]


12 0789729180 CH10 10/21/03 2:50 PM Page 259

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
259
. . . . . .

For the servername parameter, the administrator should specify the server’s
full hierarchical name. If the server name is more than one word, enclose the
entire name in quotes. You can also substitute a server group in place of a
server name. If you specify a server group, the initiating server (the server at
which you enter this command) replicates with each server in the list in the
order in which the servers are listed in the group document.
If you don’t specify a database name, the Replica task replicates every data-
base replica that the two servers have in common. To force replication of a
particular database replica, specify the database name after the server name.
You also have the option of specifying a directory instead of a database name.

Remember that replication synchronizes changes, additions, and deletions for three
different types of documents: the ACL document, Design documents, and Data docu-
ments, in that order.

Here is a list of examples of the console commands, along with an explana-


tion of what each command would accomplish. For each of the commands,
assume that the administrator is using the console on ServerA/Acme.
➤ Rep ServerB/Acme—Replicates all replicas in common between
ServerA/Acme and ServerB/Acme.
➤ Pull ServerC—Pulls all updates, changes, and deletions from
ServerC/Acme to ServerA/Acme, for all replicas in common. Note that
the common name of the server is used instead of the fully distinguished
name, which will work, but we don’t know whether ServerC is a server
or a server group.
➤ Rep AllServers names.nsf—Forces two-way replication between
ServerA/Acme and every server listed in the server group called
“AllServers,” for only the Domino Directory database (NAMES.NSF).
➤ Push ServerB/Acme apps\support.nsf—Pushes all updates, changes, and
deletions from ServerA/Acme to ServerB/Acme, for the Support data-
base, which is located in the \apps directory within the Domino data
directory.
12 0789729180 CH10 10/21/03 2:50 PM Page 260

260 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

For the exam, remember that when issuing replication commands through the
console, it is important to understand which server is initiating the command. The
server at which you issue the console command is the initiator, also known as the
source server. The server or server group listed in the command itself is the desti-
nation server, also known as the target server. The exam questions test your ability
to read and understand which server is the source; for example, if the question indi-
cates that the administrator is using the console on ServerA, the command “Rep
ServerA/Acme” would have no effect because a server can’t replicate with itself. Be
certain that you read the question carefully so that you know which server is the
source server. Then, you can easily eliminate answer choices that don’t make sense.

Setting Up and Configuring


Replication Through Scheduling
Again, this topic is repeated from Chapter 5, so much of the material in this
section is repeated and summarized from that chapter.
Domino has the facility to allow the administrator to schedule replication
through a Connection document. A Connection document is a document that
contains all of the settings necessary to schedule replication between servers.
Connection documents can also be used to schedule mail routing. When
replication is scheduled, the server’s Replica task carries out replication with
no prompting or initiation from the administrator.

For the purposes of the exam, it is important to remember that replication never hap-
pens automatically, as is the case with mail routing. If servers are in the same
Domino Named Network (DNN), mail routing happens automatically and the admin-
istrator never needs to create a Connection document to get mail routing working.
Replication never happens automatically, and must be either forced or scheduled. Be
careful to watch for exam questions that try to confuse you into thinking that repli-
cation is automatic.

Connection documents are used to connect servers for replication and for mail rout-
ing. A single connection can be created to schedule the transfer of mail as well as the
replication of documents. If a single connection is created, both mail and replication
will follow the same schedule. Where mail and replication follow different schedules,
the administrator should consider creating separate connections. It is often easier to
troubleshoot replication problems if the scheduling of replication is automated
through connections that do not include the routing of mail.
This chapter outlines the steps required to create connections for replication. Mail
connections were discussed in Chapter 3, “Mail” and in Chapter 8, “Mail.”

To create a Connection document, perform the following steps from within


the Domino Administrator:
12 0789729180 CH10 10/21/03 2:50 PM Page 261

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
261
. . . . . .

1. Click the Configuration tab.

2. Click Server and then click Connections, or Click Replication and then
Connections.
3. Click the Add Connection button to create a new connection. To edit
an existing connection, select the connection you want to edit and then
click Edit Connection.

To set basic options, choose from among these options on the Basics tab:
➤ Connection Type—Indicates how the servers will connect—for example,
via network connection (LAN) or via dial-up
➤ Usage Priority—Forces the server to use the network information in the
current Connection document to make the connection (if you choose
Normal)
➤ Source Server—Specifies the name of the calling server (the server initiat-
ing the replication request)
➤ Source Domain—Specifies the name of the calling server’s domain

➤ Use the Port(s)—Specifies the name of the network port (or protocol)
that the calling server uses
➤ Destination Server—Specifies the name of the target or destination server

➤ Destination Domain—Specifies the name of the target server’s domain

To configure replication and/or mail routing settings, choose from among


these options on the Replicating/Routing tab:
➤ Replication Task—Choose Enabled for scheduled replication.

➤ Replicate Databases of Priority—If the administrator chooses to set a repli-


cation priority for a database, replication of databases of different priori-
ty can be scheduled at different times. A priority of Low, Medium, or
High is set for each database in that database’s Replication Settings dia-
log box.
➤ Replication Type—Four different types of replication exist. The type you
choose affects the direction of replication as well as which of the servers
performs the work of the replication.
➤ Pull Pull—Replication is bidirectional, whereby the source server initi-
ates replication and pulls documents from the target server. The source
server then signals the target server’s Replica task to pull documents in
the opposite direction. Both servers are involved in the replication.
12 0789729180 CH10 10/21/03 2:50 PM Page 262

262 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Pull Push (default)—Replication is bidirectional, whereby the source


server’s Replica task performs all of the work, pushing and pulling docu-
ments to and from the target server. The target server’s Replica task is
never engaged.
➤ Pull Only—Replication is one-way, whereby the source server pulls doc-
uments from the target.
➤ Push Only—Replication is one-way, whereby the source server pushes
documents to the target.
➤ Files/Directory Paths to Replicate—These are the names of specific data-
bases or directories of databases that you want to replicate. You can list
either database names or directories.
➤ Files/Directory Paths to NOT Replicate—These are the names of specific
databases or directories of databases that should be excluded from repli-
cation. You can list either database names or directories.
➤ Replication Time Limit—This is the amount of time, in minutes, that
replication has to complete. This setting is usually used only for dial-up
connections.

To schedule the replication, choose from among these options on the


Schedule tab:
➤ Schedule—Enables or suspends the schedule by choosing Enabled or
Disabled, respectively.
➤ Connect at Times—Indicates times or a time range during which you
want the source server to initiate replication. This field can contain a
single time entry, a list of times separated by commas, or a time range
separated by the dash. Use this field in conjunction with the Repeat
Interval field to determine how many times per day a server attempts to
initiate replication.
➤ Repeat Interval of—Specifies the number of minutes between replication
attempts. If you specify a repeat interval of 0, the server connects only
once.
➤ Days of Week—Specifies the days of the week to use this replication
schedule; the default has all days of the week selected.
12 0789729180 CH10 10/21/03 2:50 PM Page 263

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
263
. . . . . .

If you specify a time range during which a source server attempts replication, the
next replication attempt is made at the specified interval after which the replication
has completed. For example, let’s say you specify a Connect at Times range of 7:00
a.m. to 11:00 p.m., with a Repeat interval of 60 minutes. The source server attempts
to replicate at 7:00 a.m. and is successful in initiating the replication. The total time
of the replication between servers takes 7 minutes. The source server then attempts
to call the target server again at 8:07 a.m.
For more examples of scheduled replication timing, consult the document titled
“Scheduling Server-to-Server Replication” in the Lotus Domino Administration Help
database. The exam may have a scenario question asking about the timing of sched-
uled replication.

Streaming Replication
Streaming replication is new to Domino R6. Streaming replication allows the
replicator task to send multiple changes in one request, and to replicate
smaller documents first. This method of replication has two distinct advan-
tages:
1. It is faster than replication that is nonstreaming.

2. It allows users to access and use documents that are replicated first,
while replication continues until all documents are available.

Streaming replication requires no additional configuration by the adminis-


trator, but it is only used when the replication type is Pull-Pull or Pull only.
For this reason, many administrators are revising their Connection docu-
ments after upgrading to R6 and changing the replication type to Pull-Pull.

During Pull-Pull replication, both the source and the target server’s Replica tasks are
involved in doing the work of replication. Administrators should ensure that each
server participating in Pull-Pull replication has enough server resources to perform
the task properly. Streaming replication won’t increase replication performance if one
of the servers doesn’t have enough server resources to do the pulling in a timely way.

Planning Applications Based on the


Impact of Replication on Document
Distribution
Administrators might encounter times when they don’t want replication to
synchronize every document in every replica. Administrators can apply
replication settings to selectively replicate a subset of documents to different
replicas.
12 0789729180 CH10 10/21/03 2:50 PM Page 264

264 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

For example, the Acme Company has a database called Product Ideas on
ServerA/Acme, which it uses to post information about ideas for new prod-
ucts. The database displays suggestions made by customers (as opposed to
employee ideas) in a view called Customer Suggestions. Acme has two
servers at satellite sales offices: ServerEast/Acme and ServerWest/Acme. The
satellite sales offices are only interested in customer suggestions and not in
other product ideas; therefore, Acme wants to replicate only the contents of
the Customer Suggestions view to these servers.
To accomplish this limited distribution of the data, the administrator must
first plan and diagram which servers will store subsets of the data, and what
that subset will be. He can then customize replication settings for multiple
replicas of a database from one central source replica and then replicate these
custom settings to the appropriate replicas. This approach to customizing
replication allows for centralized replication management.

Changing centrally administered replication settings requires two replications for the
changes to take effect: the first replication to replicate the new settings from the
source server to the target servers and a second replication to replicate based on the
new settings. The second replication doesn’t occur until the source database is updat-
ed in some other way; to force the new settings to take effect if the source database
isn’t updated, clear the replication history.

To change replication settings for multiple replicas, perform the following


steps:
1. Ensure you have Manager access in the ACL of the central source
replica, and ensure that the central source replica has Manager access
in the ACL of all destination replicas.
2. Open the central source replica, and then choose File, Replication,
Settings to modify existing replication settings. Choose the Advanced
section.
3. To specify a destination server, click the computer icon next to “When
Computer,” specify the name of the destination server, select Add
Server, and then click OK.
4. To specify a source server, click the computer icon next to “Receives
from,” specify the name of a source server, select Add Server, and then
click OK.
5. To delete a server, click either computer icon, select a server, select
Delete Server, and then click OK.
12 0789729180 CH10 10/21/03 2:50 PM Page 265

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
265
. . . . . .

6. To have the specified destination replica receive a subset of documents,


click “Documents in Specified Views or Folders” or “Documents by
Selection Formula” or “Selected Documents.”
7. To specify which nondocument elements the replica should receive,
select appropriate options under “Receive These Elements from Other
Replicas.” You must select “Replication Formula.”
8. Repeat steps 3 through 7 for each additional destination/source server
combination. Click OK.

Figure 10.1 shows the Advanced tab of the Replication Settings dialog box.

Figure 10.1 The Advanced tab of the Replication Settings dialog box.

For the purposes of studying for the exam, make sure that you have studied
each tab of the Replication Settings dialog box, with a special focus on the
Advanced tab. Try to set up selective replication between servers by attempt-
ing a scenario like the one described previously.

Understanding How the ACL Affects


Replication
Again, much of the information in this particular section is repeated from
Chapter 5; however, to help practice for the exam we’ve created different
case study examples. These case studies supplement the material from
Chapter 5 and help test your ability to understand how a server’s access level
in the Access Control List affects replication.
12 0789729180 CH10 10/21/03 2:50 PM Page 266

266 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

For a server to replicate changes to documents in a database, that server must


have sufficient access in the replica’s ACL. Servers must be listed explicitly or
within a group in the ACL, with an access level that is appropriate for the
documents the server is allowed to propagate to other replicas.
A server is usually assigned one of these levels of access:
➤ Editor access to replicate changes to documents

➤ Designer access to replicate changes to design elements such as views,


forms, and agents
➤ Manager access to replicate ACL changes

Guidelines for Assigning Server Access to


Databases
The best way to explain the different access levels assigned to servers is to use
a case study or a series of examples. These examples will help you prepare for
the exam by using scenarios similar to the scenarios used in many of the exam
questions. Don’t attempt to memorize the different scenarios; rather, use
them to test your understanding of how server access in the ACL affects
replication. Again, during the exam, you may find it helpful to draw diagrams
of the servers and databases and label the diagrams with the server’s access
level, to help you arrive at the correct answer.
Let’s assume that there are two servers in our examples—ServerA/Acme and
ServerB/Acme. Let’s examine the implications of creating an ACL that lists
the different servers with different levels of access. We’ll refer to a database
in this example called the Product Support database. This database is used by
the Help Desk to share ideas about how to support Acme’s many product
offerings. The ACL of the database contains references to servers and to a
group for the administrators (LocalDomainAdmins), as well as to a group
containing the company’s Domino developers (CorpDesigners). The ACL
also makes reference to a group of Help Desk technicians (HelpDesk).

Scenario 1: Both Servers Have Manager Access


Here is the ACL listing for this scenario:
ServerA/Acme: Manager
ServerB/Acme: Manager
LocalDomainAdmins: Manager
CorpDesigners: Designer
HelpDesk: Author
12 0789729180 CH10 10/21/03 2:50 PM Page 267

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
267
. . . . . .

In this scenario, both servers are capable of replicating any changes to ACL,
Design, or Data documents in any direction. For example, if Bob Jones/Acme
in the LocalDomainAdmins group added a new group to the ACL on
ServerB’s replica, ServerB/Acme could successfully replicate that ACL
change to ServerA/Acme. If Susan Brown/Acme in the CorpDesigners group
added a new view to ServerA’s replica, ServerA/Acme could replicate that new
design element to ServerB/Acme. Data documents could be changed, added,
or deleted by the Help Desk users on either server and would replicate suc-
cessfully to the other server.

Scenario 2: One Server Has Manager Access and the Other


Has Editor Access
Here is the ACL listing for this scenario:
ServerA/Acme: Manager
ServerB/Acme: Editor
LocalDomainAdmins: Manager
CorpDesigners: Designer
HelpDesk: Author

In this scenario, ServerA/Acme is the only server capable of replicating the


ACL and the Design documents. For example, if Bob Jones/Acme in the
LocalDomainAdmins group added a group to the ACL on ServerB’s replica,
that ACL change would not replicate to ServerA/Acme. If Susan
Brown/Acme in the CorpDesigners group created a new shared agent on
ServerA’s replica, ServerA/Acme could replicate that new agent to
ServerB/Acme. But if she made that same change on ServerB’s replica, the
change couldn’t replicate to ServerA/Acme. In this scenario, all ACL and
design changes need to be made on ServerA/Acme in order to have them
replicate to ServerB/Acme. But the Help Desk users could continue to cre-
ate, edit, and delete documents on either server’s replica, and all Data docu-
ment changes would successfully replicate between servers.

Scenario 3: One Server Has Manager Access and the Other


Has Reader Access
Here is the ACL listing for this scenario:
ServerA/Acme: Manager
ServerB/Acme: Reader
LocalDomainAdmins: Manager
CorpDesigners: Designer
HelpDesk: Author
12 0789729180 CH10 10/21/03 2:50 PM Page 268

268 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

In this scenario, replication of changes, additions, and deletions can happen


in only one direction: from ServerA/Acme to ServerB/Acme. If any docu-
ments are changed, added, or deleted by administrators, designers, or users
on ServerB/Acme, the documents will not replicate to ServerA/Acme. In this
scenario, ServerB/Acme has effectively become a “read-only” server. All
changes, additions, and deletions would need to be made on ServerA/Acme
in order to propagate to ServerB/Acme.

Scenario 4: Both Servers Have Reader Access


Here is the ACL listing for this scenario:
ServerA/Acme: Reader
ServerB/Acme: Reader
LocalDomainAdmins: Manager
CorpDesigners: Designer
HelpDesk: Author

In this case, the administrators, designers, and Help Desk users could all
make changes to the ACL, Design documents, and Data documents, respec-
tively, on either ServerA/Acme or ServerB/Acme. But neither server would
be able to propagate any changes to the other server. Over time, the two
replicas would become very unsynchronized, because neither server would
be able to replicate any changes. This isn’t a likely scenario because there
would be no replication between the two replicas.

Scenario 5: One Server Has Manager Access and the Other


Has No Access
Here is the ACL listing for this scenario:
ServerA/Acme: Manager
ServerB/Acme: No Access
LocalDomainAdmins: Manager
CorpDesigners: Designer
HelpDesk: Author

This scenario produces the same result as Scenario 4—replication would not
proceed between the two servers. The administrators, designers, and Help
Desk users could all make changes to the ACL, Design documents, and Data
documents, respectively, on either ServerA/Acme or ServerB/Acme. But nei-
ther server would be able to propagate any changes to the other server. Over
time, the two replicas would become very unsynchronized, because neither
12 0789729180 CH10 10/21/03 2:50 PM Page 269

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
269
. . . . . .

server would be able to replicate any changes. This scenario is no more like-
ly than the previous one because there would be no replication between the
two replicas.

Understanding Changes to xACL


Replication
An Extended Access Control List (xACL) is an optional directory access-control
feature available for a Domino Directory or an Extended Directory Catalog.
The extended ACL is new to Domino R6 and can only be accessed using the
ACL dialog box using a Notes 6 Client or a Domino Administrator 6 client.
The xACL can restrict or refine a user’s access to the database, but it cannot
be used to increase the access the database ACL allows. The xACL can be
used to set access for the following:
➤ All documents with hierarchical names at a particular position in the
directory name hierarchy; for example, all documents whose names end
in OU=East/O=Acme
➤ All documents of a specific type; for example, all group documents

➤ A specific field within a specific type of document

➤ A specific document

An Extended ACL allows the administrator to extend access in the following


ways:
➤ Delegate Domino administration; for example, allow a group of admin-
istrators to manage only documents named under a particular
Organizational Unit.
➤ Set access to precise portions of the directory contents.

➤ Set access to documents and fields easily and globally at one source,
rather than requiring the administrator to control access through fea-
tures such as multiple Readers and Authors fields.
➤ Control the access of users who access the directory through any sup-
ported protocol: Notes (NRPC), Web (HTTP), LDAP, POP3, and
IMAP.

To enable extended access for a Domino Directory or Extended Directory


Catalog, perform the following steps:
12 0789729180 CH10 10/21/03 2:50 PM Page 270

270 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1. Open the database, and choose File, Database, Access Control.

2. Click Advanced, and then select Enable Extended Access.

3. At this prompt, click Yes to continue: “Enabling extended access con-


trol enforces additional security checking. See Domino Administrator
Help for more details. Do you want to continue?”
4. At this prompt, which appears only if the advanced database ACL
option “Enforce a Consistent Access Control List Across All Replicas”
is not yet enabled, click Yes: “Consistent access control must be
enabled first. Do you want to enable it now?”
5. At this prompt, click OK: “If more than one administrator manages
extended access control for this database, enable document locking on
the database to avoid conflicts.”
6. Click OK in the Access Control List dialog box.

7. At this prompt, click OK: “Enabling extended access control restric-


tions. This may take a while.” Look at the status bar on the client to
see the status of this process.

Enabling an Extended ACL for a Directory or a Directory Catalog has some


effects on the way in which that Directory replicates:
➤ To ensure that the database replicates properly, extended access requires
the use of the advanced database ACL option “Enforce a Consistent
Access Control List Across All replicas.” This option forces the ACL of
every replica to be identical. If a change is made to the ACL of a replica
on any server, that change replicates to other servers in order to main-
tain the same ACL on every replica.
➤ After an administrator enables extended access, changes cannot be made
to a replica of the database on a server running an earlier Domino
release because the changes can’t replicate to a Domino R6 server. If you
enable extended access, administrators must make directory changes
only to a replica on a Domino R6 server.

Replicating Design Changes


There are two ways to update design changes from one database to another:
➤ Use a database design template (this database is not a replica).

➤ Use replication to update design elements from one replica to another.


12 0789729180 CH10 10/21/03 2:50 PM Page 271

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
271
. . . . . .

Most administrators rely on both methods to distribute design changes


around to the servers in the company. Typically, a designer creates a design
template that is not a replica in order to implement and test design changes.
After the designer is satisfied with the design changes, these changes are
transferred over to a production version of the database using the Refresh
Design method.
When the administrator invokes the Refresh Design command either man-
ually or by scheduling the Design task, only the Design documents are trans-
ferred from the Master Design template to the production database. This
transfer happens only in one direction, and does not affect the ACL of the
database or the Data documents.
After design changes have successfully migrated from the template to the
production database, the administrator can then use replication to transfer
design changes from that first production replica to other replicas. The
administrator can either force replication manually or can schedule replica-
tion through the use of Connection documents. There are two major differ-
ences between the Design Refresh and replication:
1. Replication transfers the ACL, Design documents, and Data docu-
ments, not just Design documents as in a Design Refresh.
2. Replication can be bidirectional, whereas the Design Refresh can occur
in only one direction.

Remember that if a server needs to replicate design changes to another replica, the
source server must have at least Designer access in the ACL of the database. Watch
out for exam questions that test your knowledge of replication as it involves design
elements. Most of these types of questions involve some kind of Access Control List
scenario. Refer to the scenarios earlier in this chapter to confirm your understand-
ing of which documents transfer via replication based on ACL settings.

Monitoring and Maintaining


Replication
This topic was covered in detail, along with supporting screen shots in
Chapter 5. Rather than repeat the entire topic here, we simply summarize
the monitoring and maintenance tasks that relate to replication, and refer
you to Chapter 5 for detailed explanations.
Because replication never occurs automatically and must always be forced or
scheduled, the administrator must also devote some time to monitoring
replication, and making adjustments as required. The Domino
12 0789729180 CH10 10/21/03 2:50 PM Page 272

272 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator client offers many tools and interfaces to assist the adminis-
trator in these maintenance efforts. The following list summarizes those
tools:
➤ Monitor Replication History—Choose File, Replication, History to view a
history of successful replications with other servers. If you have Manager
access to a database, you can clear the database replication history if you
think the database doesn’t contain all the documents that it should or if
the database replication history is not synchronized with that of other
replicas. Normally, you would clear this setting only if you suspect
time/date problems with server or client clocks.
➤ View the Replication Events View in the Log File—The server log
(LOG.NSF) contains detailed information about the replication of
server-based databases, such as the number of documents added, deleted,
and modified; the size of the data exchanged; and the name of the repli-
ca that this database replicated with.
➤ Use an Event Generator to Monitor Replication—A database event genera-
tor can monitor database use and ACL changes. If an administrator cre-
ates a database event generator and checks the Monitor Replication
field, they can choose to be notified if replication doesn’t occur within a
specified time period.
➤ View Replication Schedules—You can see a graphical representation of the
replication schedules of the servers in your Domino system. To view
replication schedules from the Domino Administrator, select the
Replication tab.
➤ Replication-Topology Maps—View a replication-topology map to display
the replication topology and identify connections between servers. To
view replication topology maps from the Domino Administrator, click
the Replication tab. Use this graphical view to verify that each server is
connected for replication.
12 0789729180 CH10 10/21/03 2:50 PM Page 273

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
273
. . . . . .

Exam Prep Questions


Question 1
Bob is setting up scheduled replication between ServerA and ServerC. He has
specified a Connect at Times range of 9:00 a.m. to 11:00 p.m., with a repeat
interval of 60 minutes. Give the first and second replication times, assuming the
following:
The first replication connection was successful.
The first replication took 12 minutes to complete.
❍ A. 9:00 a.m., 11:00 a.m.
❍ B. 9:00 a.m., 10:00 a.m.
❍ C. 9:00 a.m., 10:12 a.m.
❍ D. 9:12 a.m., 10:12 a.m.

Answer C is correct. If the first replication connection was successful and


completed in 12 minutes, the second replication would occur 60 minutes
after the completion of the first replication.

Question 2
Acme Company has just rolled out an inventory-tracking database to allow its IT
department to track equipment within the organization. Acme has decided to
create three replicas across three servers to allow IT staff across the country to
access the database. Replicas are created on the following servers:
Server1/Acme, Server2/Acme, and Server3/Acme.
John, the Domino administrator, wants to make sure that he sets the ACL cor-
rectly to allow documents in the tracking database to replicate across servers.
He wants all ACL changes to be made on Server1/Acme. He wants all design
changes to be made on Server1/Acme or Server2/Acme. Users should be able
to add, edit, and delete documents on any of the three servers. Data documents
should then replicate around to the other replicas. How should he grant access
to the three servers in the ACL of the tracking database?
❍ A. Server1/Acme: Reader; Server2/Acme: Manager; Server3/Acme:
Reader
❍ B. Server1/Acme: Author; Server2/Acme: Manager; Server3/Acme: Author
❍ C. Server1/Acme: Manager; Server2/Acme: Designer; Server3/Acme:
Editor
❍ D. All three servers should have Manager access in the ACL.
12 0789729180 CH10 10/21/03 2:50 PM Page 274

274 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Answer C is correct. If Server1/Acme and Server3/Acme had either Reader


or Author access in the ACL, neither server would be capable of replicating
additions, changes, or deletions made by users on those servers. A server
must have a minimum of Editor access to replicate Data document changes.
Granting Manager access would allow ACL changes to be made on all repli-
cas, when the question specified that those types of changes were to be made
only on Server1/Acme. Granting Designer access to Server2/Acme ensures
that design changes could be made and propagated by either Server1 or
Server2.

Question 3
Which of the following options are valid types of replication as listed in the
Replication Connection document?
❑ A. Push Only
❑ B. Pull Only
❑ C. Push Wait
❑ D. Replicate

Answers A and B are correct. Four types of replication can be scheduled in a


Connection document: pull-pull, push-pull, pull only, and push only. Push
Wait is a type of mail connection choice, and Replicate doesn’t exist as an
option for scheduled replication, although it is one of the commands an
administrator can issue at the console for forced replication.

Question 4
Amanda wants to force one-way replication from ServerA to ServerB. Assuming
that she’s using the console on ServerB, what command would she issue?
❍ A. Push ServerB
❍ B. Push ServerA
❍ C. Pull ServerA
❍ D. Pull ServerB

Answer C is correct. By issuing Pull ServerA at ServerB’s console, the admin-


istrator forces a one-way replication from the target server to the server
where she is using the console. This command forces one-way replication of
all replicas in common between the two servers. An optional parameter
12 0789729180 CH10 10/21/03 2:50 PM Page 275

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
275
. . . . . .

allows replication of a single database from the server you are on to the spec-
ified server. For example, Pull Server1 ADMIN4.NSF forces a one-way replica-
tion of ADMIN4.NSF from Server1 to the server the administrator is using.

Question 5
Warren wants to view an updated replication-topology map for his domain.
Which task must be running on the server in order to generate a topology map?
❍ A. MTC
❍ B. Maps
❍ C. Design
❍ D. Catalog

Answer B is correct. To view the replication topology of a Domino environ-


ment using the Domino Administrator client, the MAPS task must be run-
ning on the server. The topology information is refreshed every night at
midnight. (Though you only read a summary of this topic in this chapter, the
cross-reference to Chapter 5 pointed you toward complete information; keep
in mind how closely the information in these chapters is related, as you study
for the exam.)

Question 6
Which one of the following can the Domino administrator use to view detailed
information about replication of a database between two servers?
❍ A. admin4.nsf
❍ B. log.nsf
❍ C. noteslog.nsf
❍ D. names.nsf

Answer B is correct. The Domino Directory (names.nsf) stores information


about replication connections but doesn’t track replication information.
There is no database called noteslog.nsf. The Administration Requests data-
base (admin4.nsf) tracks information about requests processed by AdminP.
The AdminP process can be used to create replicas on servers but doesn’t track
information about replication activity.
12 0789729180 CH10 10/21/03 2:50 PM Page 276

276 Chapter 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Question 7
Which of the following types of replication support streaming replication?
❑ A. Pull-Pull
❑ B. Pull-Push
❑ C. Pull Only
❑ D. Push Only

Answers A an C are correct. Streaming replication is only supported by the


Pull-Pull and Pull Only replication types.
12 0789729180 CH10 10/21/03 2:50 PM Page 277

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication
277
. . . . . .

Need to Know More?


Gunther, Jeff and Randall Tamura. Special Edition Using Lotus Notes
and Domino 6. Indianapolis, IN: Que Publishing, 2003.
What’s in Store for the Domino R6 Database: www-10.lotus.com/
ldd/today.nsf/8a6d147cf55a7fd385256658007aacf1/acc8a09b7e3e624f8525
6af700621c8a?OpenDocument.

Webcast: Lotus Live! Series: What’s New in Notes/


Domino 6 Administration: http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci857398,00.html.

Webcast: Preparation & Test Taking Strategies with


Lotus Education Managers: http://searchdomino.techtarget.com/
webcastsTranscriptSecurity/1,289693,sid4_gci876208,00.html.
12 0789729180 CH10 10/21/03 2:50 PM Page 278
13 0789729180 CH11 10/21/03 2:41 PM Page 279

11
Security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Terms you’ll need to understand:


✓ Authentication
✓ ID file
✓ Basic name-and-password authentication
✓ Session-based name-and-password authentication
✓ ID backup and recovery
✓ Mail-in database
✓ Password verification
✓ Issued Certificate List (ICL)
✓ Certificate Revocation List (CRL)
✓ Agent
✓ Agent log
✓ Activity logging
✓ Role

Techniques and concepts you’ll need to master:


✓ Understanding each layer of the Domino security model
✓ Setting up authentication for Notes and Web clients
✓ Backing up and recovering user ID files
✓ Managing user passwords
✓ Using the ICL and CRL
✓ Configuring access to the server
✓ Configuring access to the application using the ACL, roles, and
Authors and Readers fields
✓ Designing a secure application, and understanding the difference
between design elements that control security versus design ele-
ments that simply deter a user from finding data
✓ Configuring, monitoring, and maintaining agent access
✓ Troubleshooting a user’s access to an application
13 0789729180 CH11 10/21/03 2:41 PM Page 280

280 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

As with other chapters covering Exam 621, there are a few topics in this
chapter that are also mentioned in Chapter 6, “Security.” Again, you might
want to read both Chapter 6 and Chapter 11 before attempting either Exam
620 or Exam 621, in order to get the full picture of security. We specifically
point out when there is a topic that appears in both chapters, and indicate
whether the topic is dealt with in more or less detail in this chapter. If you’ve
already read Chapter 6, you’ll be able to use this chapter as a review of some
subject areas, and you can test your understanding of those subjects as you
read.
One reason that Lotus has chosen to test your knowledge of security on two
different exams is that security is a huge subject area that spans many parts
of the Domino product. It would have been impossible to outline the entire
security model in only one chapter.
Remember that five basic layers make up the Domino security model:
1. Physical security

2. Network and operating system security

3. Authentication

4. Server access

5. Database (application) access

As with Chapter 6, we take a “top-down” approach to security in this chap-


ter, starting with authentication and moving into server security, database
security, and finally security for documents and design elements within the
database. We do not discuss the first two layers—physical or network and
operating system security. Refer to Chapter 6 for a discussion of those two
layers.

Setting Up Authentication
Authentication was covered in detail in Chapter 6, so we briefly review that
topic here. An ID file is a file that uniquely identifies a certifier, server, or user
within the Domino security environment, using certificates stored on the ID.
Authentication refers to the process by which ID files are checked to see if
they are trusted; that is, that they have a certificate in common.
Domino uses the information contained in IDs to control the access that
users and servers have to other servers and applications. One of the admin-
istrator’s responsibilities is to register and protect IDs and to make sure that
13 0789729180 CH11 10/21/03 2:41 PM Page 281

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
281
. . . .

unauthorized users do not use them to gain access to the Domino environ-
ment. Three different types of ID files can be generated by the administra-
tor, using the Domino Administrator client:
➤ Certifier ID—Used as a “stamp” to register a new server or user IDs

➤ Server ID—Used to identify each unique server in the organization

➤ User ID—Used to identify each unique person in the organization

To set up authentication between servers and users within a company, the


administrator must create ID files. During the first server setup, the first cer-
tifier IDs are created, along with the ID file for the first server and first
administrator. The certifier ID for the organization is created, and is used to
create other OU certifiers, depending on the naming scheme that the admin-
istrator will use. The administrator then uses a certifier ID to register every
other server and user within the organization. Each ID file will contain a cer-
tificate for the top-level organization certifier, so that every server and user
in the organization will have a certificate in common, and can authenticate.
For a more detailed description of how to register both servers and users,
refer to Chapters 2 and 7, both titled “Installing and Configuring.”
Web users don’t use Notes ID files to authenticate with the Domino
server—they simply use their name and an Internet password, both of which
are stored in a Person document in the Domino Directory for the server’s
domain. This type of Web authentication is called name-and-password
authentication.
To set up name-and-password authentication for Web clients, one of two
methods can be used:
➤ Basic name-and-password authentication uses the name and password
recorded in the user’s Person document in the Directory.
➤ Session-based name-and-password authentication is a more sophisticated
authentication model that uses cookies to track user sessions.

A session is the time during which a Web client is actively logged onto a serv-
er with a cookie. The administrator has two options when enabling session-
based authentication in the Server document:
➤ Single Server—Causes the server to generate a cookie that is honored
only by the server that generated it
➤ Multiserver—Generates a cookie that allows single sign-on with any
server that shares the Web SSO Configuration document
13 0789729180 CH11 10/21/03 2:41 PM Page 282

282 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Setting Up and Configuring ID


Backup and Recovery
To recover from loss of, or damage to, an ID file, administrators must keep
backup copies of server and user ID files in a secure place; for example, on a
disk stored in a locked area. Losing or damaging an ID file or forgetting the
password to an ID has serious consequences. Without an ID, users cannot
access servers or read messages and other data that they encrypted with the
lost ID. To prevent problems that occur when users lose or damage ID files
or forget passwords, administrators can set up Domino to recover ID files.
This process is called ID backup and recovery.
Before ID files can be recovered, an administrator must perform the follow-
ing steps to set up for recovery:
➤ An administrator who has access to the certifier ID file(s) must specify
recovery information for those files.
➤ A mail-in database must be created to store recoverable copies of all ID
files.
➤ The user ID files themselves must be made recoverable. There are three
ways to enable this feature:
➤ At registration, administrators create the ID file with a certifier ID
that contains recovery information.
➤ Administrators export recovery information from the certifier ID
file and have the user accept it. This is usually accomplished
through the use of Notes mail messages.
➤ Users authenticate to their home server after an administrator has
added recovery information to the certifier. This method applies
only for servers using the server-based certification authority.

Specifying Recovery Information for a


Certifier ID File and Creating a Mail-In
Database to Store Backup ID Files
Domino stores ID recovery information in the certifier ID file. The infor-
mation stored includes the names of administrators who are allowed to
recover IDs, the address of the mail or mail-in database where users send an
13 0789729180 CH11 10/21/03 2:41 PM Page 283

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
283
. . . .

encrypted backup copy of their ID files, and the number of administrators


required to unlock an ID file.
For an administrator to eventually recover a backup copy of an ID file, these
IDs must be stored somewhere safe. When the administrator enables recov-
ery for certifier IDs, he is automatically prompted to create a mail-in database
to use as the storage container for ID file copies. A mail-in database is a data-
base that can receive mail because it is known to the Router via a Mail-In
Database document in the Directory. The administrator should perform the
following steps before anyone loses or corrupts an ID, ideally before regis-
tering users.
1. From the Domino Administrator, click the Configuration tab, and then
click Certification.
2. Click Edit Recovery Information.

3. In the Choose a Certifier dialog box, click Server and select the regis-
tration server name from the Domino Directory.
4. Choose the certifier for which you are creating recovery information.
If you are using a server-based certification authority, click Use the CA
Process and select a certifier from the drop-down list. You must be a
Certificate Authority (CA) administrator for the certifier in order to
change ID recovery information. If you are not using a server-based
certification authority, click Supply Certifier ID and Password. If the
certifier ID path and filename does not appear, click Certifier ID,
select the certifier ID file, and enter the password.
5. Click OK. The Edit Master Recovery Authority List dialog box
appears (see Figure 11.1).
6. Enter the number of recovery authorities that are required to recover
an ID file. It is recommended that you choose at least three.
7. Click Add and select the names of the administrators who are the des-
ignated recovery authorities.
8. Choose whether you want to use an existing mailbox for recovery
information or create a new one.
9. If you have a mail or mail-in database already set up for recovery infor-
mation, click I Want to Use an Existing Mailbox. Click Address and
select the database from the Domino Directory.
13 0789729180 CH11 10/21/03 2:41 PM Page 284

284 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 11.1 The Edit Master Recovery Authority List dialog box.

10. If you want to create a new database to store recovery information,


click the Address button, then choose I Want to Create a New
Mailbox. In the Create New Mailbox dialog box, enter the name of the
server on which the database is to be created and the database title. You
can use the filename that is created from the database title, or you can
create a new one. Click OK.
11. If you are using a server-based certification authority, you must enter
the following console command to start the CA process with the new
recovery information, or refresh it if it is already running:
load ca

12. Enter this console command to process the request to add recovery
information to the certifier:
tell adminp process all

The CA process is discussed briefly later in this chapter.

Making User ID Files Recoverable


If the administrator performs the preceding steps before registering users, a
copy of every user ID is mailed to the mail-in database every time a user is
registered. The new user ID automatically contains the recovery information
inherited from the certifier ID with which it was registered.
If there were user ID files that existed within the company before recovery
information was specified for the certifiers, then those ID files must be
13 0789729180 CH11 10/21/03 2:41 PM Page 285

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
285
. . . .

updated with the new recovery information, and a copy of the ID must be
mailed to the mail-in database. This process involves both the administrator
and the user. The administrator must initiate a mailout that exports the new
recovery information to each user. Then, the user must accept the recovery
information and mail a copy of their ID file back to the database.
The administrator performs the following steps to send recovery informa-
tion to the user:
1. From the Domino Administrator, click the Configuration tab, and then
click Certification. Click Edit Recovery Information.
2. In the Choose a Certifier dialog box, if the correct server name does
not appear, click Server and select the registration server name from
the Domino Directory.
3. Choose the certifier for which you are creating recovery information.
If you are using a server-based certification authority, click Use the CA
Process and select a certifier from the drop-down list. If you are not
using a server-based certification authority, click Supply Certifier ID
and Password. If the certifier ID path and filename do not appear, click
Certifier ID and select the certifier ID file and enter the password.
4. Choose Export, and then enter the certifier ID’s password twice

5. Complete the To field with the names of the users whose ID files you
want to update and back up, and enter a Subject and Body with
instructions for the user (or accept the default instructions); then click
Send.

The user completes the following steps to accept recovery information in the
ID file:
1. After the administrator sends the recovery information, open the mes-
sage in the mail database.
2. Choose Actions, Accept Recovery Information from the menu bar, and
then enter the password for the ID file.

Domino automatically sends the encrypted backup ID file to the mail-in database
specified by the administrator. The backup ID is encrypted with the administrator’s
public key. You can store multiple copies of the ID file in the centralized mail or mail-
in database. Domino creates a new document every time an ID file is backed up. When
attempting to recover an ID file, you should use the most recent backup. If this fails,
you can try to use the older versions.
13 0789729180 CH11 10/21/03 2:41 PM Page 286

286 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Recovering an ID File
If a user loses or damages an ID file or forgets a password, the user can work
with administrators to recover the ID file from backup. Some of the recov-
ery steps are performed by the user, whereas others are performed by the
administrator.
The user completes the following steps:
1. Contact the administrator to obtain the password(s) needed to recover
the ID. The recovery password is randomly generated and unique to
each recoverable ID file and administrator. If the user can’t access the
user ID file, the administrator must provide the user with a copy of the
backup ID from the mail-in database. Then, the user can proceed with
recovery to unlock the password, if necessary.
2. When the user first logs in to Notes and the Password dialog box
appears, do not enter the password; simply click OK.
3. Click Recover Password in the Wrong Password dialog box.

4. Select the user ID file to recover in the Choose ID File to Recover


dialog box.
5. Enter the password(s) given to you by your administrator(s) in the
Enter Passwords dialog box, and repeat until all passwords have been
entered, at which time the user is prompted to enter a new password
for the user ID.
6. Enter a new password for the user ID, and confirm the password when
prompted.

The user should immediately replace all backups and copies of the user ID file with
the newly recovered user ID file; otherwise, the user will need to perform the recov-
ery steps for each copy of the ID, which is time-consuming.

The administrator performs the following steps:


1. When contacted by the user, detach the encrypted backup of the user’s
ID file from the mail or mail-in database to the local hard drive.
2. If the user’s ID file is damaged, send a copy of the ID file from the
centralized mail or mail-in database to the user.
3. From the Domino Administrator, click the Configuration tab, and
choose Certification, Extract Recovery Password.
13 0789729180 CH11 10/21/03 2:41 PM Page 287

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
287
. . . .

4. Enter the password to the administrator’s ID file.

5. Specify the ID file you want to recover. This is the same ID you
detached in Step 1.
6. Give the user the recovery password that is displayed.

Users and administrators usually exchange the recovery password over the phone,
because users who can’t access their ID files also can’t access their mail.

Managing User Passwords


Administrators can manage user passwords by enabling a feature called pass-
word verification so that a Notes user can authenticate with a server only after
providing the correct password that is associated with the user ID. If an
unauthorized user obtains an ID and learns the ID’s password, the author-
ized owner of the ID can immediately change the password thus preventing
the unauthorized user from continuing to use the ID with the old password
to authenticate with servers. The next time the unauthorized user tries to use
the ID with the old password to access a server, the server verifies the pass-
word, determines that the password entered does not match the new pass-
word, and denies the unauthorized user access to the server. Also, if the
administrator sets up password verification, he can require users to change
the passwords on their IDs on a regular basis. As the time for the required
password change approaches, a prompt appears to remind the user to change
the password. When users change the password, the current ID and Person
document are updated with the new password.
If a user has multiple ID files, the user must change the password in each of
them to match the new password. Each time a user changes a password, the
user must specify a unique password. Notes keeps a record of up to 50 pass-
words that have been previously used. If the administrator enables password
history checking through the use of a Security Settings document, he can
configure the number of new passwords that must be used before a given
password can be reused.

Password verification during authentication will not work for Internet users because
they do not have Notes user IDs (unless their Notes and Internet passwords have
been synchronized).
13 0789729180 CH11 10/21/03 2:41 PM Page 288

288 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Password verification relies on the Administration Process to update docu-


ments in the Domino Directory. When you enable password verification for
a user, the Administration Process creates a “Set Password Information”
request in the Administration Requests database. This request enables pass-
word-checking by entering values in the Check Password, Required Change
Interval, and Grace Period fields in the Administration section of the user’s
Person document. The first time the user logs onto a server that requires
password verification, the Administration Process generates a “Change User
Password in Domino Directory” request in the Administration Requests
database. This request enters a corresponding password digest in the
Password Digest field in the Administration section of the Person document.
It also records the date the user provided the password in the Last Change
Date field in the Administration section of the Person document. To authen-
ticate with servers that are enabled for password verification, the user must
provide the password that corresponds to the digest.
From that point forward, when a user changes a password, the
Administration Process generates a new “Change User Password in Domino
Directory” request in the Administration Requests database. This request
updates the Password Digest and Last Change Date fields in the Person doc-
ument.
Administrators can enable password verification through the use of a
Security Policy Settings document, which allows them to enable this feature
for multiple users, or they can enable password verification for individuals
using the Domino Directory. Administrators also have the option of locking
out a user’s ID, which prevents the user from authenticating with the server.
To enable password verification for individual users, perform the following
steps:
1. Ensure that password verification is enabled on the servers with which
the users authenticate. This setting is enabled on the Server document,
Security tab, Security Settings section, Check Passwords on Notes IDs
field.
2. From the Domino Administrator, click People & Groups.

3. Select each Person document for which you want to enable password
checking.
4. Choose Actions, Set Password Fields, and then click Yes to continue.

5. In the Check Notes Password field, select Check Password.

6. Complete the following fields, and then click OK:


13 0789729180 CH11 10/21/03 2:41 PM Page 289

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
289
. . . .

➤ Required Change Interval—Enter the length of time, in days, that a


password can be in effect before it must be changed. The default is
zero.
➤ Allowed Grace Period—Enter the length of time, in days, that users
have to change an expired password before being locked out. The
default is zero.

Using the ICL and the CRL


Instead of managing ID files using the Domino Administrator client and tra-
ditional certifier ID files, administrators can set up a Domino certifier that
uses a server task, the CA process, to manage and process certificate requests.
The CA process runs as an automated process on Domino servers that are
used to issue certificates. When setting up a Notes or Internet certifier,
administrators can link it to the CA process on the server in order to take
advantage of CA process activities. Only one instance of the CA process can
run on a server; however, the process can be linked to multiple certifiers.
The CA process offers the following advantages:
➤ Provides a unified mechanism for issuing Notes and Internet certificates.

➤ Supports the registration authority (RA) role, which you use to delegate
the certificate approval/denial process to lower-echelon administrators
in the organization.
➤ Does not require access to the certifier ID and ID password. After you
enable certifiers for the CA process, you can assign the registration
authority role to administrators, who can then register users and manage
certificate requests without having to provide the certifier ID and pass-
word.
➤ Simplifies the Internet certificate request process through a Web-based
certificate request database.
➤ Issues certificate revocation lists, which contain information about
revoked or expired Internet certificates.
➤ Creates and maintains the Issued Certificate List (ICL), a database that
contains information about all certificates issued by the certifier.
➤ Is compliant with security industry standards for Internet certificates; for
example, X.509 and PKI.
13 0789729180 CH11 10/21/03 2:41 PM Page 290

290 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The Issued Certificate List (ICL)


Each certifier has an Issued Certificate List (ICL) that is created when the cer-
tifier is created or migrated to the CA process. The ICL is a database that
stores a copy of each unexpired certificate that it has issued, certificate revo-
cation lists, and CA Configuration documents. Configuration documents are
generated when you create the certifier and sign it with the certifier’s public
key. After you create these documents, you cannot edit them.
CA Configuration documents include the following:
➤ Certificate profiles, which contain information about certificates issued
by the certifier.
➤ CA Configuration document, which contains information about the cer-
tifier itself.
➤ RA/CA association documents, which contain information about the RAs
who are authorized to approve and deny certificate requests. There is
one document for each RA.
➤ ID file storage document, which contains information about the certifi-
er ID.

Another CA Configuration document, the Certifier document, is created in


the Domino Directory when you set up the certifier. This document can be
modified.

For the purposes of the exam, it’s important to remember that the CA process is an
alternative way to manage ID files. Learn what the acronyms ICL and CRL mean, and
don’t confuse them with other Domino terms such as ICM, which stands for Internet
Cluster Manager, and has nothing to do with the CA process. We could create an
entire chapter on how the CA process works; instead, this exam simply requires you
to have an understanding that the process exists as an alternative to the traditional
certifier ID management system, and assumes that you understand the basic terms
and concepts involved in the CA process.

Certificate Revocation List (CRL)


A Certificate Revocation List (CRL) is a time-stamped list identifying revoked
Internet certificates; for example, certificates belonging to terminated
employees. The CA process issues and maintains CRLs for each Internet cer-
tifier. A CRL is associated with a certifier, is signed by that certifier, and
resides in the certifier’s ICL database. A copy of the CRL is also stored in the
Domino Directory, where it is used to assert certificate validity by entities
that require certificate authentication.
13 0789729180 CH11 10/21/03 2:41 PM Page 291

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
291
. . . .

You configure the CRL when you create a new Internet certifier. You can
specify the length of time for which a CRL is valid and the interval between
publication of new CRLs. After CRLs are configured, the certifier issues
them on a regular basis and they operate unattended.
Using CRLs, you can manage the certificates issued in your organization.
You can easily revoke a certificate if the subject of the certificate leaves the
organization or if the key has been compromised. HTTP servers and Web
browsers check the CRLs to determine whether a given certificate has been
revoked, and is, therefore, no longer trusted by the certifier. When you use
Internet Site documents to configure Internet protocols on Domino, you can
also enable CRL-checking for each protocol.
There are two kinds of CRLs: regular and nonregular. For regular CRLs, you
configure a duration interval—the time period for which the CRL is valid—
and the interval at which new CRLs are issued. Each certifier issues a CRL
at the specified time, even if no certificates have been revoked since the last
CRL was issued. This means that if an administrator revokes a certificate, it
appears in the next scheduled CRL issued by the certifier. The CRL duration
period should be greater than the time period between each CRL issuance.
This ensures that the CRL remains valid. Otherwise, the CRL could expire
before a new one is issued.

Setting Up and Configuring Server


Access
This particular topic was covered extensively in Chapter 6. We take the time
here to offer a condensed version of the points made in that chapter, to
refresh your memory. For a complete description of each point, you may
want to read through this section of Chapter 6 again.
An administrator can configure the following settings to control access to the
Domino server:
➤ Secure the Server Console—The administrator can password-protect the
server console to force administrators to know the console password to
enter console commands. After the console has been password-protect-
ed, administrators can’t use the Load, Tell, Exit, Quit, and Set
Configuration server commands until they enter the password. Console
security remains in effect until the password is cleared by entering a sec-
ond Set Secure command with the same password.
13 0789729180 CH11 10/21/03 2:41 PM Page 292

292 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

➤ Restrict Administrator Access to the Server—You can specify various access


levels for different types of administrators in your organization. For
example, you might want to give only a few people high administrative
access, whereas all of the administrators on your team are designated as
database administrators. Administrators are listed either as individuals or
as members of groups in the different administrator fields on the
Security tab of the Server document located in the Domino Directory.
The different types of administrators are as follows: full-access adminis-
trators, administrators, database administrators, full remote console
administrators, view-only administrators, and system administrators.
➤ Allow and Deny Access to the Server Through Fields on the Server
Document—To control user and server access to other servers, Domino
uses the settings specified on the Security tab in the Server document.
The following fields control access to the server:
➤ Access Server—Lists groups and individuals who are authorized to
access the server. If the Access Server field is left blank, all users and
servers that can authenticate can access the server.
➤ Not Access Server—Lists users, servers, and groups who are denied
access to the server. The default value for this field is blank, which
means that all names entered in the Access Server field can access
the server.

Remember that names entered in the Not Access Server field take precedence over
names entered in the Access Server field. For example, if you enter a group name in
the Access Server field and enter the name of an individual member of this group in
the Not Access Server field, the user will not be able to access the server.
Typically, the Domino administrator lists a Deny Access group in this field to deny
access to servers within the company for people who have left the company. See the
discussion about groups and group types later in this chapter.

➤ Create Databases and Templates—Lists specific servers, users, and


groups who are allowed to create databases with the File, Database,
New command. Typically, this capability is restricted to administra-
tors or designers. The default value for this field is blank, which
means that all users can create new databases.
➤ Create New Replicas—Lists specific servers, users, and groups who
are allowed to create replicas using the File, Replication, New
Replica command. The default value for this field is blank, which
means that no one can create new replicas.
13 0789729180 CH11 10/21/03 2:41 PM Page 293

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
293
. . . .

➤ Create Master Templates—Lists specific servers, users, and groups


who are allowed to create Master Design templates. Servers, users,
and groups who cannot create new databases or replicas on the serv-
er cannot create or update templates. The default for this field is
blank, which means that no one can create Master Design templates
on the server.
➤ Control Access to a Specific Network Port—Administrators can use a port
access list to allow or deny Notes user and Domino server access to a
specific network port. If the administrator uses both a port access list
and a server access list, users and servers must be listed on both to gain
access to the server. Access to a specific port is controlled using server
NOTES.INI settings:
Allow_Access_portname = names
Deny_Access_portname = names

Troubleshooting Common Server


Access Problems
This section is worth repeating from Chapter 6, to remind you of the differ-
ent scenarios that illustrate situations in which users and servers can have dif-
ficulty accessing Domino servers. The following sections illustrate these
potential problems. Each section lists a common error resulting in a server
access problem and documents the solutions to those problems.

The Administrator Can’t Enter Commands at


the Server
If an administrator can’t run the workstation program on the server, run
standalone server programs, or use the Load, Tell, or Set Configuration com-
mands, the console has likely been password-protected. The administrator
needs to use the Set Secure command at the console or use the Domino
Administrator client to clear the password. The administrator must know the
password to clear it.
An administrator might also fail to enter commands at the console because
he isn’t listed as an administrator in the Administrator fields in the Server
document, or he might be listed as a view-only administrator, with limited
access to enter console commands.
13 0789729180 CH11 10/21/03 2:41 PM Page 294

294 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Users Can’t See a New Server in the List of


Servers
If users can’t see a new server when they try to add, create, copy, or replicate
a database, the administrator should make sure that the Domino Directory
contains a Server document for the new server and that the information in
the document is accurate and correctly spelled. If no Server document exists,
the administrator should register the new server and ensure that the Server
document gets added to the Directory and then replicated to other servers in
the domain. If a Server document exists and contains accurate information
for the new server, the administrator can check the log file on both the user’s
home server and the inaccessible server to see if there are network problems.

The Server Is Not Responding


The message “Server not responding” might appear when you install a client
or try to open any database on a particular server. Here are some strategies
for resolving this problem, listed in the order in which they should be
attempted:
1. Check that the Domino server and the network are running.

2. Check whether the server has been renamed or recertified. When a


user tries to open a database on a server that has been recertified or
renamed, the message “Server not responding” might appear.
3. If the client and server are using NetBIOS, make sure that the protocol
is configured properly and that it’s running on the workstation and
server. The workstation and the server must use the same version of
NetBIOS, and the server must be enabled for sufficient NetBIOS ses-
sions.

Adding Security to an Application


This section describes the many security features that can be used to secure
an application. Some of these features are actually implemented by designers
as opposed to administrators; however, in order for administrators to support
and troubleshoot application access, they must have a basic understanding of
most database security features. The exam tests your ability to remember
which element is controlled by each security feature. Pay special attention to
the features that involve design elements, such as agents, view access, and
form access.
13 0789729180 CH11 10/21/03 2:41 PM Page 295

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
295
. . . .

Designing a Secure Application—Security


Versus Deterrence
An application developer can further restrict access to design elements with-
in an application using the Domino Designer. Application design security
takes effect once users gain access to an application. Some of these design
features provide true security to the application by restricting access to data.
Other features conveniently manipulate the user interface to “hide” certain
parts of the interface, without actually restricting access to that element. The
first technique provides true security, whereas the second technique deters
the user from finding the information easily.
The following is a list of true security features, with a brief explanation of
what each feature does and how it is configured. Some of these features are
explored in more depth later in the chapter.
➤ Read Access Lists for Forms—On the Security tab of the Form Properties
box, designers can specify which Notes and Internet/intranet users can
read documents created with a specific form. When this property is
enabled, a $Readers field is created on the document, storing the name
of the creator or editor of the document. The $Readers field acts in the
same way as the Readers field—it controls read access to the document.
If a user, group, or role is listed in the $Readers field, only that user,
group, or role can read the document. Figure 11.2 shows the Security
tab of the Form Properties box.

Figure 11.2 The Form Read Access List on the Form Properties box.

➤ Readers fields—Designers can add a field of type Readers to control read


access to the document. If a user, group, or role is listed in the Readers
13 0789729180 CH11 10/21/03 2:41 PM Page 296

296 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

field, only that user, group, or role can read the document. If the
Readers field is empty, then everyone can read the document.
➤ Authors fields—Designers can add a field of type Authors to control edit
access to the document. If a user, group, or role has Author access in the
ACL and is listed in the Authors field, only that user, group, or role can
edit the document. If the Authors field is empty, then only someone
with Editor access or higher in the ACL can edit the document. Users
with Editor access and above can always edit documents, and are not
affected by the Authors field.
➤ Signed fields—Designers can enable signing on a field to verify that the
Notes user who originated the data is the author and that no one has
tampered with the data. When the document is saved, a digital signature
is generated from the ID file of the user saving the document, and
stamped in the Signed field.
➤ Encrypted fields—Designers can control read access at the field level with
encrypted fields. For a field value to be encrypted, the designer must
enable encryption for that field, and must apply an encryption key to it.
He must then distribute the key to every user who must encrypt and
decrypt the data in the encrypted field(s).
➤ Edit Access Lists for Sections—Designers can use controlled-access sections
to control a section of fields on a document for editing. To edit the
fields in a section, a user must be in the authorized editors list for that
section.

The following settings serve to conveniently manipulate the user interface to


deter the user from finding information, but the techniques do not secure the
information from the user:
➤ Read Access Lists for Views—Designers can control who has access to a
view using a View Read Access List, located on the Security tab of the
View Properties box. The view access list restricts access to the view
itself, not to the documents in the view. If a user can’t find the docu-
ments in the view, he can build himself a private view to see the docu-
ments. A view access list conveniently hides certain views from some
users.
➤ Hidden fields—Designers can control which Notes and Internet/intranet
users can view data in a document or page. Hiding is used extensively by
designers to selectively show and hide text, buttons, actions, and so
forth. This convenient manipulation of the user interface allows design-
ers to present data for different clients based on different conditions, but
13 0789729180 CH11 10/21/03 2:41 PM Page 297

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
297
. . . .

hiding does not secure the data. If a user can read a document, he can
view the contents of any field on that document using the Document
Properties box.
➤ Create Access Lists for Forms—Using the Form Properties box, the design-
er has the option of choosing who can use the form to create docu-
ments. This list of creators conveniently prevents unauthorized users
from using the form to enter document data; however, if the user has at
least Author access to the database, he can add or edit documents in the
database by copying and pasting or by importing, which circumvents the
use of the form.

Setting Up and Configuring Agent Access


Agents are design elements that automate processing within an application.
Administrators generally don’t create or write agent code, but they are
responsible for ensuring that agents run properly within databases on
servers. The administrator controls the settings for the following:
➤ Who Can Create Agents Within a Database—The administrator can con-
trol which users get to create agents using the privileges within the
Access Control List for the application. The following access levels and
privileges are required to create different types of agents:
➤ Private Agents—Users need Reader access or higher and must have
the Create Private Agents privilege.
➤ Private Agents Using LotusScript and Java—Users need Reader access
or higher and must have the Create Private Agents and Create
LotusScript/Java Agents privileges.
➤ Shared Agents Using Simple Actions and Formulas—Users must have
Designer access or higher.
➤ Shared Agents Using LotusScript or Java Agents—Users must have
Designer access or higher and must have the Create
LotusScript/Java Agents privilege.
➤ Who Can Run Agents on the Server—To control the types of agents users
can run on a server, administrators must set up restrictions for server
agents. Agent restrictions are controlled through fields on the Server
document.

To set up agent restrictions from the Domino Administrator, click the


Configuration tab, and open the Server document. Click the Security tab,
13 0789729180 CH11 10/21/03 2:41 PM Page 298

298 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

and in the Programmability Restrictions section, complete one or more of


these fields, and then save the document:
➤ Run Unrestricted Methods and Operations—Enter the names of users and
groups who are allowed to select, on a per agent basis, one of three lev-
els of access for agents signed with their ID. Users with this privilege
select one of these access levels when they are using Domino Designer 6
to build an agent: restricted mode, unrestricted mode, or unrestricted
mode with full administration rights.
➤ Sign Agents to Run on Behalf of Someone Else—Enter the names of users
and groups who are allowed to sign agents that will be executed on any-
one else’s behalf. The default is blank, which means that no one can sign
agents in this manner.
➤ Sign Agents to Run on Behalf of the Invoker of the Agent—Enter the names
of users and groups who are allowed to sign agents that will be executed
on behalf of the invoker, when the invoker is different from the agent
signer. This setting is ignored if the agent signer and the invoker are the
same. This is used currently only for Web agents. The default is blank,
which means that everyone can sign agents invoked in this manner.
➤ Run Restricted LotusScript/Java Agents—Enter the names of users and
groups who are allowed to run agents created with LotusScript and Java
code, but excluding privileged methods and operations, such as reading
and writing to the file system. Leave the field blank to deny access to all
users and groups.
➤ Run Simple and Formula Agents—Enter the names of users and groups
who are allowed to run simple and formula agents, both private and
shared. Leave the field blank to allow all users and groups to run simple
and formula agents, both private and shared.
➤ Sign Script Libraries to Run on Behalf of Someone Else—Enter the names of
users and groups who are allowed to sign script libraries in agents exe-
cuted by someone else. For the purposes of backward compatibility, the
default value is to leave the field empty, to allow all.

Unrestricted Java and LotusScript agents can potentially violate security because of
the potential for the code to access the file system. Only a limited number of trusted
users should have unrestricted rights.

It’s important to understand how agent restrictions are applied as well as


whose access rights are checked when the agent is run in the system. For
13 0789729180 CH11 10/21/03 2:41 PM Page 299

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
299
. . . .

exam purposes, read these next few paragraphs carefully, as this topic is often
misunderstood because it crosses over into the realm of Domino design.
Domino checks the server security restrictions in the Server document dif-
ferently depending on whether the agent is
➤ Running locally or on the server

➤ Started from the Web or the Notes client

Local Agents
An agent runs locally during the following conditions:
➤ It runs within a Notes client database.

➤ You choose “Local” from the “Run on” list for a scheduled agent.

➤ A user starts the agent from the Actions menu in the Notes client, from
the Agent, Run menu in Designer, from the “When Documents Have
Been Pasted” trigger, or from calling the agent by agent.run.

When an agent runs locally, Notes does not check security restrictions,
unless you have set the Enforce ACL option. To enforce a consistent ACL,
refer to the topic “Securing Applications with Consistent ACLs” later in this
chapter.

Server-based Agents
An agent runs on the server when it is running in a database stored on a serv-
er and it is started by one of the following agent triggers:
➤ Before new mail arrives

➤ After new mail arrives

➤ If documents have been created or updated

➤ On any schedule

➤ Called by an agent via agent.runonserver (the agent being called must


reside on the server)

If the agent is running on a server, Domino checks all security restrictions.

Agents Running from the Notes Client or the Web Client


Agents run in the Notes client or on the Web based on the rights of the
effective user. The effective user’s rights determine what the agent can
accomplish within the database.
13 0789729180 CH11 10/21/03 2:41 PM Page 300

300 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The effective user depends on the environment in which the agent runs.
When a user runs an agent from the Notes client, the agent runs with the
rights of the effective user, which is the current user ID. For example, Joe
Smith/Acme runs an agent in a database POLICIES.NSF. Joe has Reader
access to the database. The agent code calls a method that edits all of the
documents in the database. When Joe invokes the agent, his access rights are
checked within the database ACL, and because he has only Reader access, no
documents will be changed by the agent.
A scheduled agent runs with the access rights of the person who last saved the
agent, also known as the signer. The designer has the option to override the
agents signer by specifying that the agent should run on behalf of someone
else, as per the name listed on the Security tab of the Agent Properties box.
When a Web user runs an agent, the agent also runs using the rights of the
effective user. However, you can set up the agent so that Domino checks the
invoker’s rights to access the database instead of the effective user’s rights.
Checking the invoker’s rights can provide more security. To have Domino
verify the invoker’s access to the database, click on the Security tab of the
Agent Properties box and enable the Run as Web User check box. When
Run as Web User is checked, Domino prompts Web users for their name and
password when they attempt to run the agent. Domino uses the login infor-
mation to check for the invoker’s rights in the database ACL.

The exam will likely test your ability to recognize when an agent is run using the
rights of the invoker, as opposed to the rights of the signer of the agent. Watch for
questions that outline a scenario whereby the signer of the agent doesn’t have
enough access to execute the agent code in the system, either in the database ACL
or in the agent restrictions in the Server document.

Monitoring and Maintaining Agents


Whenever an agent won’t run, administrators can check the Agent log to see
when the agent last ran and whether it completed. For additional informa-
tion, they can check the server console or the Miscellaneous events in the log
file (LOG.NSF) for messages from the Agent manager.

Logging for Agents in LOG.NSF


To enable agent logging in the log file (LOG.NSF), edit the NOTES.INI
file to include the Log_AgentManager setting, which specifies whether or
not the start of agent execution is recorded in the log file and displayed on
the server console. It’s important to monitor the server console or log for
information from the Agent manager because error and warning messages
are generated by the Agent manager on behalf of the agent.
13 0789729180 CH11 10/21/03 2:41 PM Page 301

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
301
. . . .

Using Agent Server Console Commands


Administrators can use the following server commands to troubleshoot
agents:
Tell amgr schedule

This command shows the schedule for all agents scheduled to run for the
current day. In addition, the command shows the agent trigger type, the time
the agent is scheduled to run, the name of the agent, and the name of the
database on which the database runs.
Tell amgr status

This command shows a snapshot of the Agent manager queues and displays
the Agent manager settings in the Server document.
Tell amgr debug

This command displays either the current debug settings for the Agent man-
ager or lets you set new ones. When using this command to set debug val-
ues, you can use the same flags used by the Debug_AMgr command in the
NOTES.INI file.

Reviewing the Agent Log


The Agent log is a view in a database that shows the last time an agent ran and
describes if the agent completed or not. To review the Agent log, follow
these steps:
1. In the database, choose View, Agents.

2. In the Design view that lists all the agents, choose the agent.

3. Choose Agent, Log.

Activity Logging
Administrators can monitor agent activity using activity logging. Agent activ-
ity logging generates a record for each Domino server-based agent that runs
successfully. The record shows the name of the agent, the name of the data-
base that contains the agent, the amount of time it took to run the agent, and
the name of the person who last saved the agent. The record does not show
the types of activities the agent performed.
Domino does not generate activity logging records for agents that run on a
Web server, for agents that you run manually from a client, or for agents that
are scheduled to run locally on a client.
13 0789729180 CH11 10/21/03 2:41 PM Page 302

302 Chapter 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Activity logging is configured by editing the Configuration Settings docu-


ment. To edit the document, follow these steps:
1. From the Domino Administrator, click the Configuration tab; then
expand Server and click Configurations.
2. In the Results pane, select the Configuration Settings document you
want, and click Edit Configuration.
3. On the Configuration Settings document, click the Activity Logging
tab.
4. Select Activity Logging Is Enabled.

5. In the Enabled Logging Types field, select the types of activity you
want to log and click Save & Close.

Setting Up and Configuring Database


Access Using the ACL
Every database has an Access Control List (ACL) that specifies the level of
access that users and servers have to that database. Only someone with
Manager access can create or modify the ACL.

Although the names of access levels are the same for users and servers, those levels
assigned to users determine the tasks that they can perform in a database. Those
assigned to servers determine which information within the database the servers can
replicate.

To control the access rights of Notes users, select the access level, user type,
and access-level privileges for each user or group in a database within the
ACL by choosing File, Database, ACL. Access levels assigned to users in a
database ACL control which tasks users can perform in the database. Access-
level privileges enhance or restrict the access level assigned to each name in
the ACL. For each user, group, or server added in the ACL, you select the
user type and access level in the User Type and Access drop-down lists. To
further refine the access, you select a series of access privileges by selecting
or deselecting the various check boxes located on the right side of the Basics
tab of the ACL. If the application designer created roles, assign them to the
appropriate users, groups, or servers listed within the ACL.
Here is a listing of the seven access levels in the ACL, from lowest to high-
est, along with a brief description of what each level means:
13 0789729180 CH11 10/21/03 2:41 PM Page 303

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Security
303
. . . .

➤ No Access—Denies access to the database. The error message that


appears to the user is “You are not allowed to access this database.”

The exception to the No Access level is the Public Access level. If the designer of the
database creates Public Access forms and documents are created with these forms,
the documents are marked as Public. Anyone in the ACL with Public Access can read
or write Public documents. The Public Access level is granted by checking the Read
or Write Public Documents check box in the ACL. This technology is used in the mail
database where Calendar documents get marked as Public documents so that access
to those documents can be controlled separately from access to mail messages. Be
careful when selecting the Public access option—you should check with the data-
base designer to see i