Installing Domino Servers and Notes Clients

Lotus Domino
Version 8.0
Installing Domino Servers and Notes Clients
GI11-7965-00
ii
Contents
Chapter 1. Deploying Domino . . . . . 1
Installation . . . . . . . . . . . . . . . 1 Guidepost for deploying Domino . . . . . . 1 Building the Domino environment . . . . . . 11 To shut down the server . . . . . . . . . 109 Starting Domino as an application or a Windows service . . . . . . . . . . . 109 Using instant messaging in the Domino Directory 110
Chapter 2. Setting Up the Domino Network . . . . . . . . . . . . . . 13

Setting Up the Domino Network . . . . . Lotus Domino and networks . . . . . Network security . . . . . . . . . Planning the TCP/IP network . . . . . Planning the NetBIOS network . . . . . Setting up Domino servers on the network . Server setup tasks specific to TCP/IP . . . Server setup tasks specific to NetBIOS . . . . . . . . . . . . . . . . . . 13 13 16 20 39 41 49 59
Chapter 4. Setting Up and Using Domino Administration Tools . . . . 111

Installing the Domino Administrator . . . . . . The Domino Administrator . . . . . . . . . Setting up the Domino Administrator . . . . . Starting the Domino Administrator . . . . . . Navigating Domino Administrator . . . . . . Server pane . . . . . . . . . . . . . Task pane . . . . . . . . . . . . . Results pane . . . . . . . . . . . . . Tools pane . . . . . . . . . . . . . Window tabs . . . . . . . . . . . . Domains . . . . . . . . . . . . . . Bookmark bar . . . . . . . . . . . . Selecting a server to administer in the Domino Administrator . . . . . . . . . . . . . To update a server list . . . . . . . . . Setting Domino Administration preferences . . . Setting Basics preferences . . . . . . . . Setting Files preferences . . . . . . . . . Setting Monitoring preferences . . . . . . Setting Registration preferences . . . . . . Setting Statistics preferences . . . . . . . Tools and preferences for debugging in the Domino Administrator . . . . . . . . . Domino Administrator tabs. . . . . . . . . People and Groups tab in the Domino Administrator . . . . . . . . . . . . Files tab in the Domino Administrator . . . . Server tabs in the Domino Administrator . . . Messaging tabs in the Domino Administrator Replication tab in the Domino Administrator Configuration tab in the Domino Administrator Domino Administrator tools . . . . . . . . Web Administrator . . . . . . . . . . . Setting up the Web Administrator . . . . . . Web browser requirement . . . . . . . . Domino server tasks required . . . . . . . To set up the Web Administrator . . . . . . Setting up access to the Web Administrator database . . . . . . . . . . . . . . Giving additional administrators access to the Web Administrator . . . . . . . . . . Administrator roles in the Web Administrator Starting the Web Administrator . . . . . . . To start the Web Administrator . . . . . . Using the Web Administrator . . . . . . . . Accessing online help . . . . . . . . . Additional buttons . . . . . . . . . . 111 111 111 112 112 112 112 112 112 112 112 113 113 113 113 114 115 116 117 119 120 121 121 121 122 122 123 123 123 124 124 125 125 125 125 126 127 128 128 128 129 129
Chapter 3. Installing and Setting Up Domino Servers . . . . . . . . . . . 61

Installing and setting up Domino servers . . . . 61 Domino server evaluation software license . . . 61 To install and set up a server . . . . . . . 61 Entering system commands . . . . . . . . 62 Server installation . . . . . . . . . . . . 62 Installing Domino on Windows systems . . . . 63 Installing Domino on Linux on zSeries systems 66 Using the express install . . . . . . . . . 70 Disabling Concurrent I/O and Direct I/O on Domino servers on AIX . . . . . . . . . 70 The Domino Server Setup program . . . . . . 71 Using Domino Off-Line Services (DOLS) and Domino Web Access . . . . . . . . . . . 73 Setting up DOLS on a server . . . . . . . 73 Setting up Domino Web Access on a server . . . 75 Setting up Domino Web Access with IBM Lotus Sametime . . . . . . . . . . . . . . 75 Using the Domino Server Setup program . . . . 82 Indic language support in the Domino Server Setup program . . . . . . . . . . . . 82 Using the Domino Server Setup program locally 83 Using the Domino Server Setup program remotely . . . . . . . . . . . . . . 84 Creating a server setup profile . . . . . . . 86 Using a server setup profile . . . . . . . . 88 Using silent server setup . . . . . . . . . 90 Using automatic server setup on Linux on zSeries and on UNIX . . . . . . . . . . . . . 93 The Certification Log . . . . . . . . . . . 94 Server registration . . . . . . . . . . . . 95 Registering a server . . . . . . . . . . 96 Optional tasks to perform after server setup . . . 98 Creating an additional organization certifier ID 99 Creating an organizational unit certifier ID . . 100 Internet Site documents . . . . . . . . . 101 Starting and shutting down the Domino server . . 108 To start the server . . . . . . . . . . . 109
iii
Setting Files preferences for the Web Administrator . . . . . . . . . . . Registering users and servers with the Web Administrator . . . . . . . . . . . Managing policies with the Web Administrator Using the Web Administrator consoles . . . Message tracking in the Web Administrator . Editing the NOTES.INI file and cleanup script in the Web Administrator . . . . . . . Signing out of the Web Administrator . . . The Server Controller and the Domino Console . Starting and stopping the Server Controller . Starting and stopping the Domino Console .
. 129 . 130 130 . 131 . 131 . . . . . 132 132 132 132 133
Chapter 5. Planning for Notes client installation and upgrade. . . . . . . 135

Products to install and order of installation . . . Servers to install . . . . . . . . . . . Clients to install . . . . . . . . . . . Lotus Notes installation documentation roadmap . . . . . . . . . . . . . . Lotus Notes pre-installation checklist . . . . Considerations before installing Lotus Notes on Windows . . . . . . . . . . . . . . Considerations before installing Notes on Linux Installing the WebSphere Portal composite application support for Lotus Notes . . . . . Specifying the home portal account using policy Specifying the home portal account using preferences . . . . . . . . . . . . . Setting up client installation and installation methods . . . . . . . . . . . . . . . Before you install Lotus Notes clients . . . . Installation methods . . . . . . . . . . Customizing client installations using the tuner Creating a transform file . . . . . . . . Using installation options with the transform file . . . . . . . . . . . . . . . . Examples -- Applying scriptable setup using a transform file during Notes client installation . Using transform files for end-user installations Customizing Notes installation using the install manifest . . . . . . . . . . . . . . . Customizing the installer process . . . . . . Understanding the Eclipse update site . . . . Customizing Notes install using tuner capabilities . . . . . . . . . . . . . Customizing the Notes install manifest to add or modify access to Eclipse features . . . . . Customizing Notes installation for supplied Eclipse features . . . . . . . . . . . . Customizing Notes installation for new or third-party Eclipse features . . . . . . . . Adding new features to the Notes install kit using a command line tool . . . . . . . . . . . Considerations . . . . . . . . . . . . Command line options . . . . . . . . . Procedure . . . . . . . . . . . . . Installing and subscribing to preset feeds . . . . Controlling preset feeds prior to Notes install Adding preset feeds . . . . . . . . . . 135 135 135 136 137 138 140 141 144 144 145 146 146 147 147 148 150 151 153 154 154 155 155 155 157 159 159 160 160 161 161 161
Removing preset feeds . . . . . . . . . Subscribing to preset feeds after Notes install Changing feed subscription after subscribing to preset feeds . . . . . . . . . . . . . Customizing Notes using the plugin_customization.ini file . . . . . . . . Using Notes client single logon to synchronize Notes and OS passwords . . . . . . . . . Keeping a pre-Notes 8 version on Windows . . . Using Language Pack Installer with Domino . . . Instant messaging and client installation and setup Enabling Single Sign-On for instant messaging Scriptable setup and instant messaging . . . . Name awareness in view columns and names fields . . . . . . . . . . . . . . . Instant messaging and policies . . . . . . Installing Notes in a single user environment . . . Installing and upgrading to Notes on Windows for a single user . . . . . . . . . . . Installing Lotus Notes in a multi-user environment Installing Lotus Notes multi-user on a Windows client . . . . . . . . . . . . . . . Installing Lotus Notes multi-user on a Linux client . . . . . . . . . . . . . . . Multi-user install with multiple language Notes clients . . . . . . . . . . . . . . . Installing and upgrading to Notes on Windows for multi-user . . . . . . . . . . . . Installing Notes on Linux . . . . . . . . Using the Multi-user Interface pack . . . . . Updating, adding, and removing installed Notes features . . . . . . . . . . . . . . . Running the Notes client as a user after updating, adding, or removing Notes features . Automating client installation using a silent install Running a silent installation . . . . . . . Installing to a non-default directory . . . . . To use Notes silent installation on Windows . . To use Notes silent installation on Linux . . . Providing a batch file for installing the Notes client . . . . . . . . . . . . . . . Providing command line utilities for installation Setting up Notes with a scriptable setup . . . Installing the Domino clients in a shared network directory . . . . . . . . . . . . . . . Upgrading shared installations . . . . . . To set up the shared network installation . . . Enabling and using third-party feature installation and update in Notes . . . . . . . . . . . Creating custom or third-party features. . . . Signing custom or third-party features and plug-ins for install and update . . . . . . . . . . Signing and adding new features to the install kit . . . . . . . . . . . . . . . . Using the plugin_customization.ini file to verify trust . . . . . . . . . . . . . . . Using Domino policy to verify trust . . . . . Installing and updating custom and third-party features and plug-ins . . . . . . . . . . . Creating features and plug-ins . . . . . . . Signing features and plug-ins . . . . . . .
161 161 161 162 162 163 164 165 165 165 166 166 166 167 169 170 170 170 171 173 175 176 177 177 177 178 178 179 180 181 181 185 185 185 186 186 187 188 189 190 191 191 191
iv
Installing a new feature using the Notes install manifest . . . . . . . . . . . . . Enabling user-initiated update . . . . . . Creating and using a traditional third-party installer . . . . . . . . . . . . . Creating and using an NSF-based update site Configuring component update for composite applications . . . . . . . . . . . . . Domino Update Site NSFs . . . . . . . Creating and preparing the NSF-based update site . . . . . . . . . . . . . . . Editing a Composite Applications feature requirements update site URL . . . . . . Retrieving composite application definitions (CA XML) from Domino. . . . . . . . WebSphere Portal and Composite Applications Resources for learning more about composite applications . . . . . . . . . . . .
. 192 . 192 . 192 196 . 198 . 199 . 199 . 200 . 201 201 . 202
Cleaning a previous Notes 8 installation from your client . . . . . . . . . . . . . . . . System on which a Lotus Notes 8 Beta 2 or earlier beta version was installed . . . . . . Cleanup instructions for Windows -- Lotus Notes 8 Beta 2 or earlier . . . . . . . . . Cleanup instructions for Linux -- Lotus Notes 8 Beta 2 or earlier . . . . . . . . . . . System on which a Lotus Notes 8 Beta 3 version, or partially installed Lotus Notes 8 version, was installed: . . . . . . . . . Cleanup instructions for Windows -- Lotus Notes 8 Beta 3 or later: . . . . . . . . . Cleanup instructions for Linux -- Lotus Notes 8 Beta 3 or later: . . . . . . . . . . . .
226 226 226 227
227 228 228
Chapter 8. Setting up Domino and DB2 . . . . . . . . . . . . . . . 229

Domino and DB2 user accounts that are needed for Domino and DB2 . . . . . . . . . . . . Accounts required with Microsoft Windows . . Accounts required with AIX/UNIX/Linux . . Domino and DB2 supported platforms and configurations . . . . . . . . . . . . . Supported platforms and hardware and software requirements . . . . . . . . . Supported configurations in Domino and DB2 Installation and setup procedures. . . . . . . Installing Domino and DB2 on Microsoft Windows platforms . . . . . . . . . . Installing Domino and DB2 on IBM AIX and Linux platforms . . . . . . . . . . . Setting up the Domino server environment for use with Domino and DB2 . . . . . . . . Creating the DB2 installation account . . . . Installing and Setting up DB2 on Microsoft Windows . . . . . . . . . . . . . . Installing DB2 on IBM AIX and Linux platforms Creating the DB2 administrator and administration server account . . . . . . . Create the DB2 primary groups . . . . . . Creating the DB2 user accounts and adding the users to groups . . . . . . . . . . . . Determining whether you have a SYSCTRL group . . . . . . . . . . . . . . . Manually creating the Domino server user account and the DB2DOM group . . . . . . Designating the DB2DOM group a system control group and adding the Domino server user to the system control group . . . . . . Enabling the Domino server to communicate with the DB2 server . . . . . . . . . . Granting SETSESSIONUSER privilege to the Domino server user . . . . . . . . . . Using a remote DB2 server with server enablement . . . . . . . . . . . . . Creating a server ID for the DB2 Access server Installing the DB2 Access server on the DB2 server . . . . . . . . . . . . . . . Mapping the DB2 ID to a Notes ID in the Domino servers Domino Directory . . . . .
Contents
Chapter 6. Upgrading Notes clients
203
204 205 205 205 207 207 208 208 208 208 209 209 210 211 211 212 216 218 220 220 221 221 223
Before you upgrade the Notes client . . . . . . Using Upgrade-by-mail . . . . . . . . . . Before you use Upgrade-by-mail . . . . . . Backing up Notes client files . . . . . . . Creating the upgrade notification for Upgrade-by-mail . . . . . . . . . . . Installing the Lotus Notes software with Upgrade-by-mail . . . . . . . . . . . Upgrading the mail file template with Upgrade-by-mail . . . . . . . . . . . Using Notes Smart Upgrade . . . . . . . . Prerequisites . . . . . . . . . . . . . Procedure . . . . . . . . . . . . . Smart Upgrade server failover to another clustered server . . . . . . . . . . . Creating a Lotus Notes Smart Upgrade database Smart Upgrade Tracking Reports database. . . Controlling the number of concurrent Smart Upgrade downloads . . . . . . . . . . Creating a database link to the Smart Upgrade Database . . . . . . . . . . . . . . Adding update kits to the Lotus Notes Smart Upgrade database . . . . . . . . . . . Running a silent upgrade using optional arguments . . . . . . . . . . . . . Creating a Lotus Notes Smart Upgrade desktop policy settings document . . . . . . . . Using Smart Upgrade to run a series of client upgrades . . . . . . . . . . . . . . Notes users and Lotus Notes Smart Upgrade Maintaining Lotus Notes Smart Upgrade . . . Using the Smart Upgrade Run-As wizard . . . How Smart Upgrade performs an upgrade . .
229 229 229 230 230 231 235 235 236 237 238 238 239 240 241 241 241 242
242 243 248 249 251 253 255
Chapter 7. Uninstalling Notes . . . . 225

Uninstalling Notes from a Windows client . Uninstalling Notes from a Linux client . . Uninstalling Notes silently . . . . . . Microsoft Windows . . . . . . . Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 225 225 226 226
Setting and enabling a default DB2 user ID for use with query views. . . . . . . . . . 258 IBM AIX and Linux post-installation validation procedure . . . . . . . . . . . . . . 259
Index . . . . . . . . . . . . . . . 261
vi
Chapter 1. Deploying Domino

This chapter outlines the steps required to deploy IBM Lotus Domino(TM) successfully and introduces important concepts that you need to know before you install Domino servers.
Installation
v Planning to deploy Domino v Installing and setting up Domino servers
Guidepost for deploying Domino

Whether youre setting up IBM(R) Lotus(R) Domino(TM) and IBM(R) Lotus(R) Notes(R) for the first time or adding to an established Domino environment, planning is vital. Along with determining your companys needs, you need to plan how to integrate Domino into your existing network. After planning is complete, you can begin to install and set up Domino servers and the Domino Administrator and build the Domino environment. The following list describes, in order, the process to use to deploy Domino. 1. Determine your companys server needs. Decide where to locate each server physically, taking into consideration local and wide-area networks and the function of each server. 2. Develop a hierarchical name scheme that includes organization and organizational unit names. 3. Decide whether you need more than one Domino domain. 4. Understand how server name format affects network name-to-address resolution for servers. Ensure that the DNS records for your company are the correct type for the server names. 5. Determine which server services to enable. 6. Determine which certificate authority -- Domino server-based certification authority, Domino 5 certificate authority, third-party -- to use. 7. Install and set up the first Domino server. 8. Install and set up the Domino Administrator on the administrators machine. 9. Complete network-related server setup. 10. If the Domino server is offering Internet services, set up Internet site documents. There are some instances where Internet Site documents are required. 11. Specify Administration Preferences. 12. Create additional certifier IDs to support the hierarchical name scheme. 13. Set up recovery information for the certifier IDs. 14. Add the administrators ID to the recovery information for the certifier IDs and then distribute the certifier IDs, as necessary, to other administrators. 15. Register additional servers. 16. If you did not choose to do so during first server setup, Create a group in the Domino Directory for all administrators, and give this group Manager access to all databases on the first server. 17. Install and set up additional servers. 18. Complete network-related server setup for each additional server.
19. Build the Domino environment.
Functions of Domino servers

Before you install and set up the first IBM(R) Lotus(R) Domino(TM) server, consider the function and physical location of the servers that your company needs and determine how to connect the servers to each other. The current configuration of local and wide-area networks affects many of these decisions. Consider your companys need for: v Servers that provide IBM(R) Lotus(R) Notes(R) and/or browser users with access to applications v Hub servers that handle communication between servers that are geographically distant v Web servers that provide browser users with access to Web applications v Servers that manage messaging services v Directory servers that provide users and servers with information about how to communicate with other users and servers v Passthru servers that provide users and servers with access to a single server that provides access to other servers v Domain Search servers that provide users with the ability to perform searches across all servers in a Domino domain v Clustered servers that provide users with constant access to data and provide load-balancing and failover v Partitioned servers that run multiple instances of the Domino server on a single computer v Firewall servers that provide Notes users with access to internal Domino services and protect internal servers from outside users v xSP servers that provide users with Internet access to a specific set of Domino applications Your decisions help determine which types of Domino servers your require. When you install each server, you must select one of the following installation options: v Domino Utility Server -- Installs a Domino server that provides application services only, with support for Domino clusters. The Domino Utility Server is an installation type for Lotus Domino that removes client access license requirements. Note that it does NOT include support for messaging services. See full licensing text for details. v Domino Messaging Server -- Installs a Domino server that provides messaging services. Note that it does NOT include support for application services or Domino clusters. v Domino Enterprise Server -- Installs a Domino server that provides both messaging and application services, with support for Domino clusters. Note: All three types of installations support Domino partitioned servers. Only the Domino Enterprise Server supports a service provider (xSP) environment.
Hierarchical naming for servers and users

Hierarchical naming is the cornerstone of IBM(R) Lotus(R) Domino(TM) security; therefore planning it is a critical task. Hierarchical names provide unique identifiers for servers and users in a company. When you register new servers and users, the hierarchical names drive their certification, or their level of access to the system, and control whether users and servers in different organizations and organizational units can communicate with each another.
Before you install Domino servers, create a diagram of your company and use the diagram to plan a meaningful name scheme. Then create certifier IDs to implement the name scheme and ensure a secure system. A hierarchical name scheme uses a tree structure that reflects the actual structure of a company. At the top of the tree is the organization name, which is usually the company name. Below the organization name are organizational units, which you create to suit the structure of the company; you can organize the structure geographically, departmentally, or both. For example, the Acme company created this diagram for their servers and users:
Looking at Acmes diagram, you can see where they located their servers in the tree. Acme decided to split the company geographically at the first level and create certifier IDs for the East and West organizational units. At the next level down, Acme made its division according to department. For more information on certifier IDs, see the topic Certifier IDs and certificates in this chapter. Components of a hierarchical name: A hierarchical name reflects a users or servers place in the hierarchy and controls whether users and servers in different organizations and organizational units can communicate with each another. A hierarchical name may include these components: v Common name (CN) -- Corresponds to a users name or a servers name. All names must include a common name component. v Organizational unit (OU) -- Identifies the location of the user or server in the organization. Domino allows for a maximum of four organizational units in a hierarchical name. Organizational units are optional. v Organization (O) -- Identifies the organization to which a user or server belongs. Every name must include an organization component. v Country (C) --Identifies the country in which the organization exists. The country is optional. An example of a hierarchical name that uses all of the components is: Julia Herlihy/Sales/East/Acme/US Typically a name is entered and displayed in this abbreviated format, but it is stored internally in canonical format, which contains the name and its associated components, as shown below: CN=Julia Herlihy/OU=Sales/OU=East/O=Acme/C=US.
Note: You can use hierarchical naming with wildcards as a way to isolate a group of servers that need to connect to a given Domino server in order to route mail. For more information, see the chapter Setting Up Mail Routing.
Domino domains
A Domino domain is a group of IBM(R) Lotus(R) Domino(TM) servers that share the same Domino Directory. As the control and administration center for Domino servers in a domain, the Domino Directory contains, among other documents, a Server document for each server and a Person document for each Notes user. Planning for Domino domains: There are four basic scenarios for setting up Domino domains. The first scenario, which many small- and medium-size companies use, involves creating only one Domino domain and registering all servers and users in one Domino Directory. This scenario is the most common and the easiest to manage. The second scenario is common when a large company has multiple independent business units. In this case, one organization spread across multiple domains may be the best scenario. Then all servers and users are members of the same organization, and each business unit administers its own Domino Directory. For more information on administering multiple Domino directories, see the chapter Planning Directory Services. A third scenario is common when multiple companies work closely together yet want to retain individual corporate identities. Then one domain and multiple organizations may work best. Finally, the fourth scenario involves maintaining multiple domains and multiple organizations. This scenario often occurs when one company acquires another. Sometimes the decision to create multiple Domino domains is not based on organizational structure at all. For example, you may want to create multiple Domino domains if you have slow or unreliable network connections that prohibit frequent replication of a single, large directory. Keep in mind that working with multiple domains requires additional administrative work and requires you to set up a system for managing them. Domains can be used as a broad security measure. For example, you can grant or deny a user access to servers and databases, based on the domain in which the user is registered. Using an extended ACL is an alternative to creating multiple domains, because you can use the extended ACL to specify different levels of access to a single Domino Directory, based on organization name hierarchy. For more information on extended ACLs, see the chapter Setting Up Extended ACLs.
Partitioned servers
Using IBM(R) Lotus(R) Domino(TM) server partitioning, you can run multiple instances of the Domino server on a single computer. By doing so, you reduce hardware expenses and minimize the number of computers to administer because, instead of purchasing multiple small computers to run Domino servers that might not take advantage of the resources available to them, you can purchase a single, more powerful computer and run multiple instances of the Domino server on that single machine.
On a Domino partitioned server, all partitions share the same Domino program directory, and thus share one set of Domino executable files. However, each partition has its own Domino data directory and NOTES.INI file; thus each has its own copy of the Domino Directory and other administrative databases. If one partition shuts down, the others continue to run. If a partition encounters a fatal error, Dominos fault recovery feature restarts only that partition, not the entire computer. For information on setting up fault recovery, see the chapter Transaction Logging and Recovery. Partitioned servers can provide the scalability you need while also providing security. As your system grows, you can migrate users from a partition to a separate server. A partitioned server can also be a member of a cluster if you require high availability of databases. Security for a partitioned server is the same as for a single server. When you set up a partitioned server, you must run the same version of Domino on each partition. However, if the server runs on UNIX, there is an alternative means to run multiple instances of Domino on the server: on UNIX, you can run different versions of Domino on a single computer, each version with its own program directory. You can even run multiple instances of each version by installing it as a Domino partitioned server. For more information on installing Domino on UNIX, see the chapter Installing and Setting Up Domino Servers. Deciding whether to use partitioned servers: Whether or not to use partitioned servers depends, in part, on how you set up Domino domains. A partitioned server is most useful when the partitions are in different Domino domains. For example, using a partitioned server, you can dedicate different Domino domains to different customers or set up multiple Web sites. A partitioned server with partitions all in the same Domino domain often uses more computer resources and disk space than a single server that runs multiple services. When making the decision to use partitioned servers, remember that it is easier to administer a single server than it is to administer multiple partitions. However, if your goal is to isolate certain server functions on the network -- for example, to isolate the messaging hub from the replication hub or isolate work groups for resource and activity logging -- you might be willing to take on the additional administrative work. In addition, running a partitioned server on a multiprocessor computer may improve performance, even when the partitions are in the same domain, because the computer simultaneously runs certain processes. To give Notes users access to a Domino server where they can create and run Domino applications, use a partitioned server. However, to provide customers with Internet access to a specific set of Domino applications, set up an xSP server environment. For more information about using Domino in an xSP environment, see the chapter Planning the Service Provider Environment. Deciding how many partitions to have: How many partitions you can install without noticeably diminishing performance depends on the power of the computer and the operating system the computer uses. For optimal performance,
partition multiprocessor computers that have at least one, and preferably two, processors for each partition that you install on the computer.
Certifier IDs and certificates

Certifier IDs and certificates form the basis of IBM(R) Lotus(R) Domino(TM) security. To place servers and users correctly within your organizations hierarchical name scheme, you create a certifier ID for each branch on the name tree. You use the certifiers during server and user registration to stamp each server ID and user ID with a certificate that defines where each belongs in the organization. Servers and users who belong to the same name tree can communicate with each other; servers and users who belong to different name trees need a cross-certificate to communicate with each other. Note: You can register servers and users without stamping each server ID and user ID if you have migrated the certifier to a Domino server-based certification authority (CA). For more information about server-based CAs, see the chapter Setting Up a Domino Server-based Certification Authority. Each time you create a certifier ID, Domino creates a certifier ID file and a Certifier document. The ID file contains the ID that you use to register servers and users. The Certifier document serves as a record of the certifier ID and stores, among other things, its hierarchical name, the name of the certifier ID that issued it, and the names of certificates associated with it. Note: During server setup, you can use an existing certifier ID instead of creating a new one. The certifier ID that you specify cannot have multiple passwords assigned to it. Attempting to user a certifier ID with multiple passwords generates an error message and causes server setup to halt. There are two types of certifier IDs: organization and organizational unit. Organization certifier ID: The organization certifier appears at the top of the name tree and is usually the name of the company -- for example, Acme. During first server setup, the Server Setup program creates the organization certifier and stores the organization certifier ID file in the Domino data directory, giving it the name CERT.ID. During first server setup, this organization certifier ID automatically certifies the first Domino server ID and the administrators user ID. If your company is large and decentralized, you might want to use the Domino Administrator after server setup to create a second organization certifier ID to allow for further name differentiation -- for example, to differentiate between company subsidiaries. For more information on working with multiple organizations, see the topic Domino domains earlier in this chapter. Organizational unit certifier IDs: The organizational unit certifiers are at all the branches of the tree and usually represent geographical or departmental names -for example, East/Acme or Sales/East/Acme. If you choose to, you can create a first-level organizational unit certifier ID during server setup, with the result that the server ID and administrators user ID are stamped with the organizational unit certifier rather than with the organization certifier. If you choose not to create this
organizational unit certifier during server setup, you can always use the Domino Administrator to do it later -- just remember to recertify the server ID and administrators user ID. For information on recertifying user IDs, see the chapter Setting Up and Managing Notes Users. For information on recertifying server IDs, see the chapter Maintaining Domino Servers. You can create up to four levels of organizational unit certifiers. To create first-level organizational unit certifier IDs, you use the organization certifier ID. To create second-level organizational unit certifier IDs, you use the first-level organizational unit certifier IDs, and so on. Using organizational unit certifier IDs, you can decentralize certification by distributing individual certifier IDs to administrators who manage users and servers in specific branches of the company. For example, the Acme company has two administrators. One administers servers and users in West/Acme and has access to only the West/Acme certifier ID, and the other administers servers and users in East/Acme and has access to only the East/Acme certifier ID. Certifier security: By default, the Server Setup program stores the certifier ID file in the directory you specify as the Domino data directory. When you use the Domino Administrator to create an additional organization certifier ID or organizational unit certifier ID, you specify where you want the ID stored. To ensure security, store certifiers in a secure location -- such as a disk locked in a secure area. User ID recovery: To provide ID and password recovery for Notes users, you need to set up recovery information for each certifier ID. Before you can recover user ID files, you need access to the certifier ID file to specify the recovery information, and the user ID files themselves must be made recoverable. There are three ways to do this: v At user registration, create the ID file with a certifier ID that contains recovery information. v Export recovery information from the certifier ID file and have the user accept it. v (Only for servers using the server-based certification authority) Add recovery information to the certifier. Then, when existing users authenticate to their home server, their IDs are automatically updated. For more information, see the chapter Protecting and Managing Notes IDs. Example of how certifier IDs mirror the hierarchical name scheme: To implement their hierarchical name scheme, the Acme company created a certifier ID at each branch of the hierarchical name tree:
To register each server and user, Acme does the following: v Creates /Acme as the organization certifier ID during first server setup. v Uses the /Acme certifier ID to create the /East/Acme and /West/Acme certifier IDs. v Uses the /East/Acme certifier ID to register servers and users in the East coast offices and uses the /West/Acme certifier ID to register servers and users in the West coast offices. v Uses the /East/Acme certifier ID to create the /Sales/East/Acme, /Marketing/East/Acme, and /Development/East/Acme certifier IDs. v Uses the /West/Acme certifier ID to create the /HR/West/Acme, /Accounting/West/Acme, and IS/West/Acme certifier IDs. v Uses the /Sales/East/Acme, /Sales/Marketing/Acme, and Development/East/ Acme certifier IDs to register users and servers in the East coast division. v Uses the /HR/West/Acme, /Accounting/West/Acme, and IS/West/Acme certifier IDs to register users and servers in the West coast division. For more information on hierarchical name schemes, see the topic Hierarchical naming for users and servers earlier in this chapter.
Domino server services

Before you start the Server Setup program, decide which services and tasks to set up on the server. If you dont select the services during the setup program, you can later enable them by editing the ServerTasks setting in the NOTES.INI file or by starting the server task from the server console. Internet services: The IBM(R) Lotus(R) Domino(TM) Server Setup program presents these selections for Internet services: v Web Browsers (HTTP Web services) v Internet Mail Clients (SMTP, POP3, and IMAP mail services) v Directory services (LDAP)
Advanced Domino services: These Domino services, which are necessary for the proper operation of the Domino infrastructure, are enabled by default when you set up a Domino server: v Database Replicator v Mail Router v Agent Manager v Administration Process v Calendar Connector v Schedule Manager v DOLS (Domino Off-Line Services) These are optional advanced Domino server services that you can enable: v DIIOP CORBA Services v DECS (Domino Enterprise Connection Services) v Billing v HTTP Server v IMAP Server v ISpy v LDAP Server v POP3 Server v v v v Remote Debug Server SMTP Server Stats Statistic Collector
v Web Retriever Note: It is best to use activity logging instead of the billing service.
Table of Domino naming requirements

Consider these guidelines when naming parts of the IBM(R) Lotus(R) Domino(TM) system.
Name Domino domain Characters 31 maximum Tips v This is usually the same as the organization name. v Use a single word, made up of only alpha (A-Z) or numeric (0-9) characters. Notes named network 31 maximum v By default, the Server Setup program assigns names in the format port name network -- for example, TCP/IP network. v Edit Notes named network names to use an identifier such as the location of the IBM Lotus Notes named network and the network protocol -- for example, TCPIP-Boston. Organization 3-64 maximum* v This name is typically the same as the Domino domain name. v The organization name is the name of the certifier ID and is appended to all user and server names.
Name Organizational unit Server
Characters 32 maximum* 255 maximum
Tips v There can be up to four levels of organizational units. v Choose a name you want to keep. If you change a server name, you must recertify the server ID. v Choose a name that meets your networks requirements for unique naming. On TCP/IP, use only the characters 0 through 9, A through Z, and - (dash). On NetBIOS, the first 15 characters must be unique. On SPX, the first 47 characters must be unique. v Keep in mind that Domino performs replication and mail routing on servers named with numbers before it does those tasks on servers named with alphabetic characters.
User
79 maximum*
v Use a first and last name. A middle name is allowed, but usually not needed. User names may contain the (apostrophe). v Can have only one alternate name v Use any of these characters: A - Z, 0 - 9, & . _ / (ampersand, dash, period, space, underscore, apostrophe, forward slash). The only characters that are expressly prohibited are @ and //. Note: You can create groups with hierarchical distinguished names (DN). However, you must surround the forward slash (/) in a component value of a DN by surrounding it with double quotes. For example, 24/7 Support. Note: Do not create group names containing a / (slash) unless you are working in a hosted environment. Using the / in group names in a non-hosted environment causes confusion with hierarchical naming schemes. Hierarchical names are required in a hosted environment. v For mail routing, you can nest up to five levels of groups. For all other purposes, you can nest up to six levels of groups.
Alternate user Group
No minimum 62 maximum
Port Country code
No maximum 0 or 2
v Do not include spaces v Optional
* This name may include alpha characters (A - Z), numbers (0 - 9), and the ampersand (&), dash (-), period (.), space ( ) , and underscore (_). For more information on network name requirements and the effect that server name format has on network name-to-address resolution, see the chapter Setting Up the Domino Network.
10
Building the Domino environment

After installing the first IBM(R) Lotus(R) Domino(TM) server and any additional servers, you configure the servers and build the environment. This overview lists the features that you may want to include in your Domino environment. 1. Create Connection documents for server communication. 2. 3. 4. 5. If you have mobile users, set up modems, dialup support, and RAS. Set up mail routing Establish a replication schedule. Configure incoming and outgoing Internet mail (SMTP).
6. Customize the Administration Process for your organization. 7. Plan and create policies before you register users and groups. 8. Register users and groups. 9. Determine backup and maintenance plans and consider transaction logging. 10. Consider remote server administration from the Domino console or Web Administrator console. Also consider the use of an extended administration server. 11. Set up a mobile directory catalog on Notes clients to give Notes users local access to a corporate-wide directory. 12. Consider implementing clustering on servers.
11
12
Chapter 2. Setting Up the Domino Network

This chapter describes planning concepts and presents protocol-specific procedures required to run IBM(R) Lotus(R) Domino(TM) on a network. The chapter describes using network protocols from a Domino perspective and does not provide general network information.
Setting Up the Domino Network

This section presents the planning concepts and setup procedures necessary for a successful IBM(R) Lotus(R) Domino(TM) deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information. v Lotus Domino and networks v Network security v Planning the TCP/IP network v Planning the NetBIOS network v Setting up Domino servers on the network
Lotus Domino and networks

A variety of client systems can use wireless technology or modems to communicate with IBM(R) Lotus(R) Domino(TM) servers over local area networks (LANs), wide area networks (WANs), and metropolitan area networks (MANs). Computers use one or more protocols to govern how they share information over a network. For example, IBM(R) Lotus(R) Notes(R) workstations and Domino servers use the Notes remote procedure call (NRPC) protocol running over the LANs network protocol to communicate with other Domino servers. Other client systems, such as Web browsers, Internet mail clients, wireless application protocol (WAP) devices, and personal information management (PIM) devices, can also communicate with Domino servers. Isolated LANs can be connected by WANs. A WAN is either a continuous connection -- such as a frame-relay, leased telephone line, or digital subscriber line (DSL) -- or a dialup connection over a modem or Integrated Services Digital Network (ISDN) line. Dialup connections are either to an individual server or to a LAN (through a provider network or your companys own communications server). Buildings or sites that are geographically close to each other can use a MAN, which is a continuous, high-speed connection that can connect corporate LANs or connect a LAN to the WAN. Like a WAN, a MAN is usually shared by multiple organizations. Wireless technology that works with Domino ranges from localized transmission systems (802.11a or 802.11b) to national or international satellite transmission systems that are geostationary, mid-orbit, or tracked orbit. If you are planning a network for geographically dispersed locations, consider how to achieve a cost-effective infrastructure. Placing servers in one location requires that users in other locations access the Domino server across WAN connections, which can be slow and expensive. Placing servers in every location and replicating
13
databases to make the same information available on several LANs requires attention to administration at each location. One effective way to set up a network is to use a hub server at each location to handle communication with hub servers in other locations. Then, only the hub servers, not every server in the network, use WAN connections. The functionality of Notes workstations and Domino servers depends on the effectiveness and capacity of networks. To plan a Domino network with sufficient capacity, you must consider not only the traffic to and from Domino servers but also any other traffic on the network.
NRPC communication
IBM(R) Lotus(R) Domino(TM) servers offer many different services. The foundation for communication between IBM(R) Lotus(R) Notes(R) workstations and Domino servers or between two Domino servers is the Notes remote procedure call (NRPC) service. Network protocols for NRPC communication: To communicate, two computers must run the same network protocol and software driver. For dialup connections, Lotus Domino uses its own X.PC protocol natively; Notes and Domino also support PPP using either Microsoft Dialup Networking (DUN) or Remote Access Service (RAS) for network dialup. In addition, you can use any IETF-compliant PPP communications server to dial into the network on which the Domino server resides or though which the server can be accessed. For more information on dialup connections, see the chapter Setting Up Server-to-Server Connections. On LANs, Lotus Domino is compatible with the TCP/IP and NetBIOS over the lower transport IP For NetBIOS connections to work, both Notes workstations and Domino servers must use the same lower transport. For detailed information on which protocols are compatible with Lotus Domino for each supported operating system, see the Release Notes. Notes network ports: During the Server Setup program, Domino provides a list of Notes network ports based on the current operating system configuration. If these ports are not the ones you want to enable for use with the Domino server, you can edit the list during setup. Because each network protocol consumes memory and processing resources, you might want to exclude one or more ports and later remove the associated protocol software from the system. In TCP/IP and NetBIOS, you can install multiple network interface cards (NICs) and enable additional Notes network ports for each protocol, using the NOTES.INI file to bind each port to a separate IP address or NetBIOS LANA number. For more information, see the topic Adding a network port on a server later in this chapter. Notes named networks: Consider Notes named networks in your planning. A Notes named network (NNN) is a group of servers that can connect to each other directly through a common LAN protocol and network pathway -- for example,
14
servers running on TCP/IP in one location. Servers on the same NNN route mail to each another automatically, whereas you need a Connection document to route mail between servers on different NNNs. When you set up Server documents, be sure to assign each server to the correct NNN. Lotus Domino expects a continuous connection between servers that are in the same NNN, and serious delays in routing can occur if a server must dial up a remote LAN because the remote server is inadvertently placed within the NNN. Also bear in mind that the Notes Network field for each port can contain only one NNN name, and no two NNN names can be the same. NNNs affect Notes users when they use the Open Application dialog box. When a user selects Other to display a list of servers, the servers displayed are those on the NNN of the users home server for the port on which the Notes workstation communicates with the home server. Also, when users click on a database link or document link, if a server in their home servers NNN has a replica of that database, they can connect to the replica. Note: If a server is assigned to two NNNs in the same protocol, as in the case where the server has two Notes network ports for TCP/IP, a Notes workstation or Domino server connecting to that server uses the NNN for the port listed first in the Server document.
Resolving server names to network addresses in NRPC

Communications between IBM(R) Lotus(R) Notes(R) and IBM(R) Lotus(R) Domino(TM) run over the NRPC protocol on top of each supported LAN protocol. When a Notes workstation or Domino server attempts to connect to a Domino server over a LAN, it uses a combination of the built-in Notes Name Service and the network protocols name-resolver service to convert the name of the Domino server to a physical address on the network. The Notes Name Service resolves Domino common names to their respective protocol-specific names. Because the Notes Name Service resolves common names by making calls to the Domino Directory, the service becomes available to the Notes workstation only after the workstation has successfully connected to its home (messaging) server for the first time. (The protocol name-resolver service normally makes the first connection possible.) When the Notes workstation makes a subsequent attempt to connect to a Domino server, the Notes Name Service supplies it with the Domino servers protocol-specific name -- that is, the name that the server is known by in the protocols name service -- which is stored in the protocols Net Address field in the Server document. The protocols name-resolver service then resolves the protocol-specific name to its protocol-specific address, and the workstation is able to connect to the server. Note: When resolving names of Domino servers that offer Internet services, Lotus Notes uses the protocols name-resolver service directly. How name resolution works in NRPC: A Notes workstation or Domino server follows these steps to resolve the name of the Domino server to which it is trying to connect over NRPC. Note: If the Net Address field in the Server document contains a physical address -- a practice that is not recommended in a production environment-- the Notes Name Service performs the resolve directly, thus placing the burden of maintaining physical address changes on the Domino administrator.
15
1. If the workstation/server has a Connection document for the destination server that contains the protocol-specific name, the workstation/server passes the protocol-specific name to the protocols name-resolver service. If the Connection document contains a physical address, the Notes Name Service performs the resolve directly. Normal-priority Connection documents are checked first, and then low-priority Connection documents. Note: Unlike in Server documents, adding physical addresses in Connection documents is not discouraged, since only the local workstation/server uses the Connection document. 2. To determine if the destination servers protocol-specific name is cached, the workstation checks the Location document and the server checks its own Server document. If the name is cached, the workstation/server uses the last-used Notes network port to determine the protocol and passes this value to the protocols name-resolver service. 3. If the protocol-specific name is not cached, one of the following occurs, based on the list order of enabled Notes network ports: v For a Notes workstation connected to the home (messaging) server, Notes gives the common name of the destination Domino server to the home server, which looks in the Domino Directory for the Server document of the destination server. The home server locates the contents of the Net Address field for the Notes named network that the Notes workstation has in common with the destination server and passes this name to the protocols name-resolver service. If the workstation and the destination server are in the same Domino domain but not in the same Notes named network, the home server locates the names of each protocol that the workstation has in common with the destination server and passes each to the appropriate protocol until a resolve is made. If the Notes workstation cant access its home server, it connects to its secondary Notes name server, which carries out the same actions as the home server. v For a Domino server, Domino checks the Server document for the destination server, locates the contents of the Net Address field for the Notes named network that the Domino server has in common with the destination server, and passes this name to the protocols name-resolver service. If the destination server is in the same Domino domain as the Domino server, but not in the same Notes named network, the Domino server locates the protocol name of each protocol that it has in common with the destination server and passes each to the appropriate protocol until a resolve is made. 4. If Steps 1 through 3 do not produce the servers network address, the workstation/server offers the Domino common name of the destination server to the name-resolver service of each protocol, based on the order of the enabled network ports in the Server document.
Network security
Physical network security is beyond the scope of this book, but you must set it up before you set up connection security. Physical network security prevents unauthorized users from breaking through the network and using one of the operating systems native services -- for example, file sharing -- to access the server. Physical network security also comes into play when any data is exposed, as the potential exists for malicious or unauthorized users to eavesdrop both on the network where the IBM(R) Lotus(R) Domino(TM) system resides and on the system you are using to set up the server.
16
Network access is typically controlled using network hardware -- such as filtering routers, firewalls, and proxy servers. Be sure to enable rules and connection pathways for the services that you and others will access. Newer firewall systems offer virtual-private-network (VPN) services, which encapsulate the TCP/IP packet into another IP wrapper where the inner TCP/IP packet and its data are encrypted. This is a popular way to create virtual tunnels through the Internet between remote sites. If you want to have the Domino server access both a private VPN and the Internet for SMTP mail, make sure your solution is able to handle full TCP data packets and that it allows dual connections. If not, the Domino server system may require a second NIC to work around limitations of the VPN solution. For more information, see the chapter Controlling Access to Domino Servers.
NRPC and Internet connection security

To control connection access, you typically use a network hardware configuration, such as a firewall, reverse proxy, or IBM(R) Lotus(R) Domino(TM) passthru server, to which you can authorize connections and define access to network resources. In addition, you can encrypt all connections by service type. Encrypting connections protects data from access by malicious or unauthorized users. To prevent data from being compromised, encrypt all Domino and IBM(R) Lotus(R) Notes(R) services that connect to public networks or to networks over which you have no direct control. Encrypting the connection channel prevents unauthorized users from using a network protocol analyzer to read data. To encrypt NRPC network traffic, use the Notes port encryption feature. For traffic over Internet protocols, use SSL. For both NRPC and Internet protocols, you can enforce encryption at the server for all inbound and outbound connections. In the case of the Notes client, you can also enforce encryption on all outbound connections, even if the server to which you are connecting allows unencrypted connections. Because encryption adds additional load to the server, you may want to limit the services for which the server uses encryption. Other ways to minimize the load that encryption puts on the system include: v Using an additional Domino server acting as a passthru server for NRPC connections v Using a reverse proxy to manage authentication and encryption outside of Domino servers when using SSL v Removing unnecessary or unused protocols or services on the server system as well as Domino server services For more information, see the chapters Installing and Setting Up Domino Servers and Setting Up SSL on a Domino Server.
Using a Domino passthru server as a proxy

A proxy is a system that understands the type of information transmitted -- for example, NRPC or HTTP-format information -- and controls the information flow between trusted and untrusted clients and servers. A proxy communicates on behalf of the requester and also communicates information back to the requester. A proxy can provide detailed logging information about the client requesting the information and the information that was transmitted. It can also cache information so requesters can quickly retrieve information again.
17
A proxy stops direct access from an untrusted network to services on a trusted network. If an application proxy is in use, then application-specific heuristics can be applied to look at the connections from the untrusted networks and determine if what is being requested is legal or safe. An application proxy resides in the actual server application and acts as an intermediary that communicates on behalf of the requester. An application proxy works the same as a packet filter, except the application proxy delivers the packet to the destination. An application proxy can be used with any protocol, but it is designed to work with one application. For example, an SMTP proxy understands only SMTP. A circuit-level proxy is similar to an application proxy, except that it does not need to understand the type of information being transmitted. For example, a SOCKS server can act as a circuit-level proxy. You can use a circuit-level proxy to communicate using Internet protocols with TCP/IP -- that is, IMAP, LDAP, POP3, SMTP, IIOP, and HTTP, as well as Internet protocols secured with SSL. HTTP is a special case. In IBM(R) Lotus(R) Domino(TM), when the HTTP Connect method is used by an HTTP proxy, applications using other protocols can also use the HTTP proxy, but they use it as a circuit-level proxy, not as an application proxy. SSL uses the HTTP Connect method to get through an application proxy because the data is encrypted and the application proxy cannot read the data. HTTPS (HTTP and SSL) use both the HTTP proxy and the Connect method, which implies that the HTTP proxy is a circuit-level proxy for HTTPS. The same method is used to get NRPC, IMAP, and other protocols through the HTTP proxy. You can set up a Domino passthru server as an application proxy for NRPC. A passthru server provides all levels of IBM(R) Lotus(R) Notes(R) and Domino security while allowing clients who use dissimilar protocols to communicate through a single Domino server. The application proxy does not allow Internet protocols -- for example, HTTP, IMAP, and LDAP -- to use a Domino passthru server to communicate, however. For Internet protocols, you can use an HTTP proxy with the HTTP Connect method to act as a circuit-level proxy. A Notes client or Domino server can also be a proxy client and interoperate with either passthru (NRPC protocol only) or as a SOCKS or HTTP tunnel client (for NRPC, POP3, LDAP, IMAP, and SMTP protocols). You set this up in the Proxy setting in the client Location document. To set up a Domino passthru server as an application proxy: When you set up an application proxy, make sure the following Domain Name System (DNS) services are correctly configured: v The databases db.DOMAIN and db.ADDR, which DNS uses to map host names to IP addresses, must contain the correct host names and addresses. v Hosts files must contain the fully qualified domain name of the servers. If you are using the Network Information Service (NIS), you must use the fully qualified domain name and make sure NIS can coexist with DNS. For information on configuring these settings, see the documentation for your network operating system. You must first connect the server to the untrusted network -- for example, the Internet -- and then set up Notes workstations and Domino servers to use the passthru server as a proxy when accessing services outside the trusted network.
18
To set up a workstation or server to use the passthru server, you must specify the passthru server in the Location document for a workstation and in the Server document for a server. For more information on connecting a server to the Internet and passthru servers, see the chapter Setting Up Server-to-Server Connections.
TCP/IP security considerations

In a TCP/IP network, configure all IBM(R) Lotus(R) Domino(TM) servers to reject Telnet and FTP connections. Furthermore, do not allow file system access to the Domino server or the operating system on which it runs, unless you are sure you can properly maintain user access lists and passwords and you can guarantee a secure environment. If you use the Network File System (NFS) without maintaining the password file, users can breach security by accessing files through NFS instead of through the Domino server. If this back door access method is needed, isolate the network pathway on a LAN NIC and segment, and make sure that the ability to access files through NFS is exclusive to this isolated secure network.
Mapped directory links and Domino data security

To ensure data security, do not create a mapped directory link to a file server or shared Network Attached Storage (NAS) server for an IBM(R) Lotus(R) Domino(TM) server. These links can cause both database corruption and security problems. Database corruption: If the network connection fails while the Domino server is writing to a database on the file server or shared NAS server, the database can become corrupted. In addition, the interdependence of the file sharing protocols -Server Message Block (SMB), Common Internet File System (CIFS), and Network File System (NFS) -- and the remote file system can affect the Domino servers performance. Domino sometimes needs to open large numbers of remote files, and low latency for read/write operations to these files is desirable. To avoid these problems on Domino servers, consider doing one or more of the following: v Create an isolated network and use cut-through (non-buffering) layer-2 switches to interconnect the Domino server to the NAS system. v Limit access to the NAS system to the Domino server. v Reduce the number of hops and the distance between hops in the connection pathways between the Domino server and the storage system. v Use a block protocol instead of a file protocol. v Use a private storage area network (SAN) instead of a shared NAS system. v Avoid creating any file-access contention between Domino and other applications. To avoid problems with IBM(R) Lotus(R) Notes(R) workstations, consider doing the following: v Locate Notes workstations so that they are not accessing a remote file server or NAS system over a WAN. v To minimize the risk of database corruption because of server failure when a Notes clients Domino data directory is on a file server or NAS server, evaluate the reliability of the entire network pathway as well as the remote systems
19
ability to maintain uninterrupted sessions to the Notes client over the file sharing protocols it is using (SMB, CIFS, NFS, NetWare Core Protocol, or AppleShare). v If a Notes clients Domino data directory is on a file server or NAS server, remember that only one user (user session) can have the user data directory files open a time. Lotus Notes does not support concurrent access to the same local database by two clients. Security problems: When Encrypt network data is enabled, all Domino server and Notes workstation traffic is encrypted. However, the file I/O between the Domino server and the file server or shared NAS server is not encrypted, leaving it vulnerable to access by unauthorized users.
Planning the TCP/IP network

The default TCP/IP configuration for an IBM(R) Lotus(R) Domino(TM) server is one IP address that is globally bound, meaning that the server listens for connections at the IP addresses of all NICs on the computer. Global binding works as long as the computer does not have more than one IP address offering a service over the same assigned TCP port. For operating system requirements, see the Release Notes.
The default configuration

Use these topics to plan how to integrate Lotus Domino with the TCP/IP network when the Domino server has one IP address and is not partitioned: v NRPC name-to-address resolution over TCP/IP v Ensuring DNS resolves in TCP protocols
Advanced configurations
Use these topics to plan how to integrate Lotus Domino with the TCP/IP network when the Domino server has more than one IP address or is partitioned: v Advanced Domino TCP/IP configurations v Partitioned servers and IP addresses v Ensuring DNS resolves in advanced TCP/IP configurations
Changing a servers IP address

Use this topic to change a servers IP address: v Changing a servers IP address
Moving to IPv6
This topic provides the information you need if your company is migrating to the IPv6 standard: v IPv6 and Lotus Domino
NRPC name-to-address resolution over TCP/IP

In the TCP/IP protocol, the method most commonly used to resolve server names to network addresses is the Domain Name System (DNS), an Internet directory service developed both to allow local administrators to create and manage the records that resolve server names to IP addresses and to make those records available globally. While the POP3, IMAP, LDAP, and HTTP services use DNS directly, the NRPC service uses a combination of the Notes Name Service and DNS to resolve server names to network addresses.
20
For background information on how the Notes Name Service works with name-resolver services such DNS, see the topic Resolving server names to network addresses in NRPC earlier in this chapter. Within DNS, domain refers to a name space at a given level of the hierarchy. For example, the .com or .org in a Web URL represents a top-level domain. In a domain such as acme.com, a DNS server -- that is, a server running DNS software -- in the Acme company stores the records for all Acme servers, and an administrator at Acme maintains those records. When you set up an IBM(R) Lotus(R) Notes(R) workstation on the TCP/IP network, you normally rely on DNS to resolve the name of the workstations IBM(R) Lotus(R) Domino(TM) home server the first time the workstation tries to connect to it. As long as the Notes workstation and Domino home server are in the same DNS domain level, DNS can accomplish the resolve. When to edit the Net Address field in the Server document: The default format for a servers TCP/IP network address in Lotus Domino is its fully qualified domain name (FQDN) -- for example, app01.acme.com -- based on the DNS record and the IP address references in the systems TCP/IP stack. When a Notes workstation or Domino server requests this name, the TCP/IP resolver passes it to DNS, and DNS resolves the name directly to the IP address of the destination server, regardless of the DNS domain level of the requesting system. If you do not want to enter the FQDN in the Net Address field, you can change it to the simple IP host name -- for example, app01 -- either during server setup or later by editing the Server document. For example, you might use the simple IP host name if you are setting up multiple TCP ports for NRPC, a configuration in which using the FQDN for each network address can cause connection failures if the Notes Name Service returns the FQDN for the wrong TCP port. In this case, using the simple IP host name ensures that DNS does a lookup in all domain levels within the scope of the domains defined in the requesting systems TCP/IP stack settings. CAUTION: In a production environment, do not use IP addresses in Net Address fields. Doing so can result in serious administrative complications if IP addresses change or if Network Address Translation (NAT) connections are used, as the values returned by the Notes Name Service will not be correct. Secondary name servers: To ensure that the Notes Name Service is always available over TCP/IP, when you set up a Notes user, you can designate a Domino secondary name server that stands in for the home server in these situations: v The users home server is down. v The users home server is not running TCP/IP. v The users home server cannot be resolved over TCP/IP. Note: In companies using multiple DNS domains, a Domino secondary name server ensures that a Notes workstation can connect with its home server even when the home server is in a different DNS domain. You can use policies to automate the setup of secondary name servers. For more information, see the topic Ensuring DNS resolves in NRPC -- Best practices later in this chapter. For information on policies, see the chapter Using Policies.
21
Special case: The passthru server: By connecting to a passthru server, Notes users can access servers that do not share a network protocol with their systems. If both the Notes workstation and destination server are in a different Domino domain from the passthru server, it may not be possible for the passthru server to resolve the name of the destination server. In this case, do one of the following: v On the Notes workstation, create a Connection document that includes the IP address of the destination server. v On the passthru server, create a Connection document to the destination server. For more information on passthru servers, see the chapter Setting Up Server-to-Server Connections. Internal alternatives to DNS: If you dont use DNS at your site or if a Domino server is not registered with DNS (as is sometimes the case if the server offers Internet services), use one of these methods to enable each Notes workstation and Domino server to perform name resolution locally. Keep in mind that the upkeep required for both of these approaches is considerable. v Place a hosts file, which is a table that pairs each system name with its IP address, on every system that needs private access. Set up each system so that it accesses the hosts file before accessing DNS. v Create a Connection document that contains the destination servers IP address on every Notes workstation and Domino server that needs to access that server. Tip: Use policies to automate the setup of Connection documents for Notes users. Even if you use DNS, you should set up Connection documents for Notes users in locations from which they have difficulty accessing the DNS server. For more information on policies, see the chapter Using Policies. Alternative IP name services: Microsoft networking services offers four additional methods of IP address resolution. These methods are not as reliable as traditional DNS and hosts files and can cause name and address confusion. For best results, do not use these methods when also using the Notes network port for TCP/IP. v Direct NetBIOS broadcast -- The system sends out a name broadcast message so that all of the systems on the local network segment can register the name and IP address in their name cache. If you must use NetBIOS over IP and use Domino with both the NetBIOS and TCP/IP port drivers, avoid name-resolution problems by giving the Domino server and the system different names. Master Browser cache (for NT domains or SAMBA servers) -- Collects broadcasted names and IP addresses and publishes them across the NT domain to other Master Browser systems for Microsoft(R) Windows(R) systems to access in their name lookups. v Windows Internet Name Service (WINS) -- Uses NetBIOS broadcasts. Unlike DNS, which is static in nature, WINS is dynamic. Note that the TCP/IP stacks of Macintosh and UNIX(R) client systems may not be able to access the WINS server. v LAN Manager Hosts (LMHosts) -- A static hosts file method. CAUTION: On a Windows system, the combination of the systems native NetBIOS over IP name-resolver service and DNS can cause name resolution failure for the Domino server name.
22
For information on avoiding this problem, see the topic Server name-to-address resolution over NetBIOS later in this chapter.
Ensuring DNS resolves in TCP protocols

When you register a new IBM(R) Lotus(R) Domino(TM) server, you specify a common name for it. Within a Domino hierarchical name, the common name is the portion before the leftmost slash. For example, in the name App01/East/Acme, the common name is App01. The common name, not the hierarchical name, is the name that the Domino server is known by in DNS. Note: When you choose a common name for a Domino server that uses DNS, use only the characters 0 through 9, A through Z, and the dash (-). Do not use spaces or underscores. Note: The DNS names held in IBM(R) Lotus(R) Notes(R) and IBM Lotus Domino are not case sensitive; Notes workstations and Domino servers always pass DNS names to DNS in lowercase. You can avoid problems and extra work if you consider the DNS configuration, as well as the effect of other protocol name-resolver services, when you choose the format for the common name of the Domino server. To avoid name-resolution problems that affect all TCP services on Microsoft(R) Windows(R) systems, see the topic Ensuring DNS resolves on Windows systems -All TCP protocols. For procedures to help you avoid DNS problems in NRPC, see these topics: v Ensuring DNS resolves in NRPC -- Best Practices v Ensuring DNS resolves in NRPC -- Alternative practices v Ensuring DNS resolves in NRPC -- A practice to use with caution Note that these procedures apply only to servers handling communications between Lotus Notes and Lotus Domino (NRPC services). If you administer servers that provide Internet services such as HTTP, SMTP, POP3, or LDAP, you can skip these topics, as these services use DNS directly. For naming requirements when using Domino Off-Line Services (DOLs) or Domino Web Access, see the chapter Installing and Setting Up Domino Servers. Ensuring DNS resolves on Windows systems -- All TCP protocols: If an IBM(R) Lotus(R) Domino(TM) server is a Microsoft(R) Windows(R) system, often two name services exist on the system -- NetBIOS over IP and DNS. If you assign the same name to both the Domino server and the system, client applications that use either the Notes Name Service or DNS can encounter name-space ghosting between the two names. In other words, because the NetBIOS record for a systems host name has already been found, the name resolving process ends and the DNS record for the Domino server on that system is never found. Note: For a Domino server on Windows 2000, problems occur only if you enable name services for NetBIOS over IP in order to join an NT domain using Server Message Blocks (SMB). To prevent this problem: 1. Add a preface such as W2K- to the system name, using the Network Identification tab on the System Properties dialog box.
23
2. Create an A record (or, for IPv6, AAAA record) in DNS for the system name. The IP address is the same as the one for the Domino server. 3. Create a CNAME record in DNS for the Domino servers name, linking it to the system name. For example, for the Domino server BosMail02/Acme, the common name is BosMail02. You name the system NT-BosMail02. You create an A record in DNS for NT-BosMail02.acme.com and a CNAME record for BosMail02.acme.com, linking it with NT-BosMail02.acme.com. Ensuring DNS resolves in NRPC -- Best practices: The following procedures provide the best name-resolution practices for an IBM(R) Lotus(R) Domino(TM) server using the default NRPC configuration on a TCP/IP network (one IBM(R) Lotus(R) Notes(R) network port for TCP/IP). These procedures address the following DNS configurations: v One DNS domain v Multiple DNS domain levels If your TCP/IP configuration has multiple Notes network ports for TCP/IP, see the topic Ensuring DNS resolves in advanced TCP/IP configurations later in this chapter. When you have one DNS domain: If your company uses only one DNS domain, doing the following eliminates the need for CNAME records in DNS: 1. Assign the same name as both the Domino server common name and the simple IP host name registered with DNS. 2. Make sure the Net Address field on the Server document contains the servers FQDN. 3. Create an A record (or, for IPv6, AAAA record) in DNS. For example, you set up the Domino server App01/Engr/Acme. Thus, you register the server with DNS as app01, the servers common name. The Net Address field in the Server document contains app01.acme.com (the servers FQDN), and the A record is: app01.acme.com IN A 192.168.10.17. When you have multiple DNS domain levels: If your company uses multiple DNS domain levels -- for example, when each country in which a multinational company has offices is a subdomain in DNS -- doing the following eliminates the need for multiple CNAME records in DNS and ensures that DNS lookups always work, regardless of the DNS domain level of the users system: 1. Assign the same name as both the Domino server common name and the simple IP host name. 2. Make sure the Net Address field on the Server document contains the servers FQDN. 3. Create an A record (or, for IPv6, AAAA record) in DNS. 4. If users systems are in a different DNS domain than that of their home server or in a DNS subdomain of their home servers domain, set up a secondary name server. Place this secondary name server on the same physical network as the users systems or on a network that the users can access. Note: Register the secondary name server in the root of the companys DNS domain. 5. Set up all Notes users or a subset of users affected by Step 4, or set up an individual Notes user.
24
For more information on setting up groups of users, see the chapter Using Policies. For more information on setting up an individual Notes user, see the topic Setting up a secondary name server later in this chapter. For example, you register the Domino server ParisMail01/Sales/Acme with DNS as parismail01.france.acme.com. Parismail01 is the home server for some users in the DNS subdomain spain.acme.com. You set up a secondary name server, Nameserver/Acme, register it with DNS as nameserver.acme.com, and ensure that the Location documents of users who need a secondary name server point to this server. When a user in spain.acme.com attempts a first connection with the home server (parismail01.france.acme.com), the connection fails because the DNS subdomain for spain.acme.com has no records for the subdomain france.acme.com. Notes then connects successfully with the secondary name server (nameserver.acme.com), since the DNS subdomain for spain.acme.com does include the records for acme.com. When the secondary name server supplies the Notes workstation with the FQDN from the Net Address field in the Server document for ParisMail01, DNS resolves the FQDN to an IP address, and the user can access mail. As long as all Server documents in the Domino domain have the TCP/IP network address in FQDN format, this approach allows any Notes workstation or Domino server to locate any Domino server, regardless of its DNS domain level. Ensuring DNS resolves in NRPC -- Alternative practices: The following procedures provide alternative name-resolution practices for an IBM(R) Lotus(R) Domino(TM) server using the default NRPC configuration on a TCP/IP network (one Notes network port for TCP/IP). Domino server names that differ from their DNS names: When your name scheme for Domino servers is different than that for DNS, use one of the following methods to translate the Domino servers name to the host name: v Create a local Connection document on each IBM(R) Lotus(R) Notes(R) client and Domino server that needs to connect to the Domino server, and enter the FQDN for the system that hosts the Domino server in the Net Address field. For example, for the Domino server named App01/Sales/Acme on the system registered with DNS as redflier, enter redflier.acme.com in the Net Address fields of the Connection documents. v Use an alias (CNAME) record in DNS to link the Domino server common name to the simple IP host name. For example, for the Domino server App01/Sales/Acme on the system registered with DNS as redflier, use a CNAME record to link the name App01 to the name redflier. When a Notes workstation first accesses this server, it obtains the host name from the Net Address field of the Server document and caches it, thereby making future connections faster. IP addresses in Connection documents: In situations in which you dont want to use any name-resolver service -- such as bringing up a new server system that you dont want known yet, or having a server on the Internet that you want accessible but for which you cant use DNS -- create Connection documents that directly tell Notes workstations or Domino servers how to access this Domino server by using the servers IP address in the documents Net Address fields. Network Address Translation (NAT): NAT is a method of translating an IP address between two address spaces: a public space and a private space.
25
Public addresses are assigned to companies by the Internet Corporation of Assigned Names and Numbers (ICANN) or leased from the companys ISP/NSP. Public addresses are accessible through the Internet (routable) unless firewalls and isolated networks make them inaccessible. Private addresses are IP address spaces that have been reserved for internal use. These addresses are not accessible over the Internet (non-routable) because network routers within the Internet will not allow access to them. The following address spaces have been reserved for internal use. It is best to use these IP addresses and not make up your own. v Class A: 10.0.0.0 to 10.255.255.255 v Class B: 127.16.0.0 to 172.31.255.255 v Class C: 192.168.0.0 to 192.168.255.255 For example, users inside a company access the Domino server based on its assigned IP address, which is a private address (192.168.1.1). Internet users must access the Domino server through a NAT router, which converts the private address to one of its static public addresses (130.20.2.2). Therefore, a Notes client accessing the server from the Internet uses the public address. Ensuring DNS resolves in NRPC -- A practice to use with caution: The following practice, if followed precisely, should ensure good DNS resolves in NRPC for companies with multiple DNS domain levels, but might result in extra work if the infrastructure changes. Using this practice has the following disadvantages: v You can never assign more than one IP address in DNS to the IBM(R) Lotus(R) Domino(TM) server. v If the FQDN changes, the Domino server name will not match the FQDN, thus invalidating the DNS resolve. You will then need to create a new server and migrate users to it. v If you use network address translation (NAT), the servers FQDN must be identical in both instances of DNS (internal and external shadow DNS). v You cannot use other network protocols, as many of them use flat network name services, and those that use hierarchical name systems will not function unless the name hierarchy is exactly the same. v Diagnosing connectivity issues can be much harder. When you have multiple DNS domain levels: If your company uses multiple DNS domain levels -- for example, when each country in which a multinational company has offices is a subdomain in DNS -- do the following: 1. Use the servers FQDN as the Domino server common name. 2. Create an A record (or, for IPv6, AAAA record) in DNS. For example, if you register a server with DNS as app01.germany.acme.com, you can also assign the Domino servers common name as app01.germany.acme.com. In this case, the servers Domino hierarchical name might be app01.germany.acme.com/Sales/Acme.
Changing a servers IP address

Before changing a servers IP address, consider the following potential problems: v Problem 1: If the servers previous IP address is stored in any Server Connection documents or Server documents, when that servers IP address is changed in
26
DNS and on the server itself, these old Server Connection documents or Server documents will cause connection failures. Solution: Use the DNS fully-qualified domain name, not the IP address, as the network address stored in the Server Connection documents and Server documents. You can then change the servers IP address in DNS without having to change the Server Connection documents or Server documents. Changing the network address from the IP address to the DNS name can be done at any time. To modify the Server Connection document, open the Server Connection document. On the Basics tab, if Local Area Network is chosen in the Connection Type field, click the Advanced tab and check the entry in the Destination server address field. If the field contains the servers IP address, delete the IP address and enter the fully-qualified domain name. Remember, both the server-based Domino Directory and the client-based Address Book can have this problem. To modify the Server document, click the Ports tab for the Net Address for TCP ports. If the field contains the IP address, change the entry to the proper fully-qualified domain name. v Problem 2: The algorithm that all IBM(R) Lotus(R) Notes(R) clients and IBM(R) Lotus(R) Domino(TM) servers use to connect to a Domino server can cache the IP address that was used to successfully connect to a server. If this cache entry exists, when the servers IP address is changed, the old cached address may be used causing the connection to fail. It is important to understand why this caching is performed. Notes supports a wide range of networking technologies implemented as Notes ports. If Notes attempts to connect to a server that is down, and tries every possible technology (Notes port) using every possible Name to Address resolution tool until each one fails, the connection attempt takes a long time. To prevent the long delay that would occur in reporting the error when the server goes down, Notes has implemented two server connection algorithms. One algorithm is fast, using cached addresses, and the other is slower, using the complete algorithm which bypasses the cache when it fails. The following solutions can resolve this problem. Solutions are listed in the order in which they should be used. Solution 1: The fast connection algorithm is only used if the client or server had successfully connected to the same server earlier in the day. If a successful connection has not yet occurred today, the slower algorithm is used and the cache is bypassed. To avoid this problem, change a servers IP address late in the evening, but before midnight. This is the easiest solution because it is transparent to the user and involves no help desk calls or any action on the users part. Solution 2: The cache is rewritten following successful connection to the server. The cached address is the address entered by the user, not the resolved IP address. Therefore, if users have the habit of connecting to servera/acme by entering servera.acme.com, the cached address will be servera.acme.com, not 1.2.3.4 and the problem will not occur. Solution 3: The cache is rewritten following any successful connection to the server. If a user tries to connect to the server by its Notes name, for example, servera/acme, the stale cache entry is used. If the user tries to connect using the servers fully-qualified domain name, for example, servera.acme.com, then the cache will not be used, the new address will be fetched from DNS and the correct new address entered in the cache. To make this successful connection using the fully-qualified domain name of the server, use the File - Application Open menu command or the File - Preferences - User Preferences - Ports - Trace menu selections.
27
Solution 4: The cache is stored in the following Notes fields in the Location documents for the client and in the Server document for the server: $Saved Addresses $SavedDate $SavedPorts $SavedServers $SavedTriedDate If these fields are deleted from the Location or Server document, for example, using a formula agent, the old IP addresses in the cache cannot be used. This method can be confusing because the Notes items are rewritten when the client or server exists from an in-memory copy. Therefore, to use this method to clear the cache for the client, create the agent in the Local Address Book, and then switch to the Island Location document and exit the client. Restart the client, and then run the agent to clear the cache for all other locations. Switch to your normal location. Sample agent formula language code to clear the cache: FIELD $SavedAddresses:=@DeleteField; FIELD $SavedDate:=@DeleteField; FIELD $SavedPorts:=@DeleteField; FIELD $SavedTriedDate:=@DeleteField; FIELD $SavedServers:=@DeleteField; SELECT @All Solution 5: Disable the use of the cached addresses by using the following NOTES.INI setting: DONT_USE_REMEMBERED_ADDRESSES=1 If the client uses multiple or slow port technologies, we discourage the use of this technique because it can cause a long delay in reporting that a server is down.
IPv6 and Lotus Domino

Because support for IPv6 by hardware and operating system suppliers and the Internet is still in the early stages, moving to the IPv6 standard will be a gradual process for most organizations. In IBM(R) Lotus(R) Domino(TM), you can enable IPv6 support for SMTP, POP3, IMAP, LDAP, and HTTP services on IBM(R) AIX, Solaris, and Linux(R) systems. Domino supports both IPv6 and IPv4. Thus, if an IPv6-enabled Domino server encounters an IP address in IPv4 format, the Domino server can still make the connection to that address. When attempting to connect to a server, Domino tries to resolve all IP addresses for a server until one works. This allows a server to have both an IPv4 address and an IPv6 address. Domino caches the last successful address for a server and uses only the cached address to quickly search for a server. If you do not want to use only the cached address, enter the NOTES.INI setting DONT_USE_REMEMBERED_ADDRESSES=1. In DNS, records that store IPv6 addresses are called AAAA records. After you enable IPv6 on a Domino server and add the servers AAAA record to DNS, another IPv6-enabled Domino server can connect to it only over IPv6. Servers that dont support IPv6 can run Domino with IPv6 support disabled, which is the default. These servers can successfully connect to IPv6-enabled Domino servers only if the DNS for the IPv6 servers contain A records.
28
Using IPv6 in a Domino network: For best results when using IPv6 with Domino servers, set up network devices in the network pathway to connect directly with native IPv6, rather than tunnel through the IPv4 network. Enabling IPv6 on Notes and Domino, post relase 6: To enable IPv6 on IBM(R) Lotus(R) Notes(R) and Domino, add the setting TCP_ENABLEIPV6=1 to the NOTES.INI file on both the Notes client and the Domino server. How Lotus Domino decides whether to connect over IPv6 or IPv4: A Domino server evaluates the address format and then, based on that information, makes an IPv4 or an IPv6 connection.
Address format IPv4 IPv4 address mapped to IPv6 Server response Makes an IPv4 connection. Attempts to make an IPv6 connection and waits for the TCP/IP software to make either an IPv6 or IPv4 connection, depending on the remote systems TCP/IP stack. Makes an IPv6 connection. Uses DNS to resolve the name: v If only an A record is found, connects over IPv4. v If only an AAAA record is found, connects over IPv6 or waits for the TCP/IP software to make the connection. v If both an A record and AAAA record are found, uses the AAAA record.
IPv6 Server name
Using IPv6 address formats with Domino and Notes: You can use an IPv6 address as a string anywhere that an IPv4 address as a string can be used; however, IPv4 addresses with port numbers are supported by the IBM(R) Lotus(R) Notes(R) client and the Web server in the following format:
1.2.3.4:1352
IPv6 addresses contain a varying number of colons; therefore, the syntax shown above can not be used with IPv6 addresses. To be consistent with a proposed format for Web servers, if the port number is included with an IPv6 address, the address must be enclosed in square brackets. The following address formats can be used wherever address strings are supported, for example, in Server documents, in the Open Application dialog box, or in the Port Trace dialog box.
9.95.77.78 9.95.77.78:1352 [9.95.77.78] [9.95.77.78]:1352 fe80::290:27ff:fe43:16ac [fe80::290:27ff:fe43:16ac] [fe80::290:27ff:fe43:16ac]:1352
Installing the IPv6 stack: Install the IPv6 stack before IPv6 will work for any software. To install the IPv6 stack, follow the instructions provided for by your
29
platforms vendor. The instructions in this section contain general guidelines for many platforms, but you need to follow the instructions provided by the manufacturer of your platform. Prior to installing the IPv6 stack, check to see if IPv6 is configured on your system by using the following commands according to platform:
Platform Microsoft(R) Windows(R) platforms All other platforms Commands ipconfig /all ifconfig -a
After installing IPv6, use that same command to verify that IPv6 is available. Microsoft Windows 2003 server platform: To enable IPv6 on the Microsoft(R) Windows(R) 2003 server platform, use
netsh interface ipv6 install
Link local address automatically assigned Microsoft Windows XP client: To enable IPv6 on the Microsoft Windows XP client, use
netsh interface ipv6 install
Link local address automatically assigned AIX platform: To enable IPv6 on the IBM(R) AIX(R) platform, enter
ifconfig le0 inet6 plumb up
Link local address automatically assigned Solaris platform: To enable IPv6 on the Solaris platform, enter
ifconfig le0 inet6 plumb up
Link local address automatically assigned United Linux platform: IPv6 is enabled by default on the United Linux(R) platform. Zones: In the IPv6 standard, when link local address and site local address are used, an additional parameter is required to specify the interface on which the address is valid. In the API, this additional parameter is called the scope_id; in user documentation, the parameter is called the zone. In IBM(R) Lotus(R) Notes(R) and IBM(R) Lotus(R) Domino(TM), use the format address string followed by the percent sign (%) followed by the zone. On Microsoft Windows, the zone is an integer index into the interface list with the first interface being zone one. Note the following information regarding zones: v Zones are mandatory on Windows for link local addresses. v Zones are mandatory on Linux(R) for link local addresses. v Zones are not required on AIX and Solaris.
30
v A zone is NOT a characteristic of the target system, but rather a characteristic of the source system; therefore, never attempt to put a zone into DNS, in a hosts file, or in a global data store such as the Domino Directory. v If a computer has only a single network interface, you can use the NOTES.INI variable TCP_DEFAULTZONE to provide a default zone for all link local addresses. Receiving incoming connections on IPv6 sockets or IPv4 sockets: UNIX(R) platforms receive both IPv4 and IPv6 incoming connections on the same socket. Microsoft(R) Windows(R) is not capable of receiving both incoming IPv4 and IPv6 connections on the same socket. If IPv6 is disabled, Microsoft Windows only receives IPv4 connections. If IPv6 is enabled and the port is not bound to an address, only IPv6 connections are received. To receive both IPv4 and IPv6 connections, define two ports -- one bound to an IPv4 address and one bound to an IPv6 address. This is easily done for NRPC, but until now, Internet servers only provided support for a single IBM(R) Lotus(R) Notes(R) port. IBM(R) Lotus(R) Domino(TM) supports two IBM Lotus Notes ports for Internet servers. The user interface specifies two Notes port names in the NOTES.INI variable SMTPNotesPort. For example,
SMTPNotesPort=TCPIP,TCPIP6
There is one restriction. If either of the ports is shut down (stop port tcpip) the Internet servers momentarily shut down both ports and restart listening on the one remaining port. Also, outbound connections for any address will succeed on any TCP port. For outbound connections, IBM Lotus Domino creates the proper socket to handle the attempted target address. Making outbound connections with a TCP port bound to an IP address: When a client or a server making outbound connections has a TCP port bound to a specific IP address, using the NOTES.INI setting SMTPNotesPorts= <TCPIPAddress>, the bound port can only make outbound connections of the type of the bound IP Address. For example, if a server binds the Notes Port TCPIP to an IPV4 address and the Notes Port TCPIP6 to an IPV6 address, then port TCPIP can only make outbound connections to IPV4 addresses and port TCPIP6 can only make outbound connections to IPV6 addresses. In a configuration that includes IPV4 and IPV6 Notes ports bound to IP addresses, the ports listed in the Connection documents must include all TCP ports over which the connection can possibly be made. For example, if you create a Server Connection document from serverA to serverB, and serverBs DNS name can resolve to both an IPV4 address and an IPV6 address, and you want the connection to work over IPV4 or IPV6, you must include both ports in the Connection document. When an IPv4 or an IPv6 socket is created and used: Use the following set of rules to determine whether to use an IPv4 or IPv6 socket: v When connecting or listening, if IPv6 is not enabled, always create an IPv4 socket. v If connecting or listening with a bound address, use a socket that matches the address type. v If listening and no address is bound, and if IPv6 is enabled, use an IPv6 socket. v If listening and no address is bound, and if IPv6 is disabled, use an IPv4 socket.
31
Note: The address 0 indicates that a listener is willing to listen to any address. Applying the above set of rules, note the following: v To create an IPv6 socket that listens to any IPv6 address, do not bind to an address. v To create an IPv4 socket that listens to any IPv4 address, bind it to address ::ffff:0.0.0.0 On UNIX(R) servers, an IPv6 socket bound to any address accepts all incoming connections, but on Windows the same socket only listens to incoming IPv6 connections. On Linux(R), if one port binds to the any address and IPv6 is enabled, a second port cannot bind to a specific IPv4 or IPv6 address. If this is attempted, an Address is already in use error is returned. Examples of using NOTES.INI variables with IPv6: This section contains examples of how to set NOTES.INI variables to support various platforms and configurations when using IPv6. In these examples, support for NRPC and SMTP is configured. The other Internet servers are configured similarly to SMTP. Example 1-- No IPv6 support (Applies to all platforms): No change required. IPv6 is off by default. Example 2 -- UNIX platform supporting all valid IPv4 and IPv6 addresses: TCP_EnableIPv6=1 Example 2 assumes that no ports are bound to any addresses. By default, on UNIX(R), the single unbound listening socket is IPv6. The IPv6 socket can receive connections from any IPv4 or IPv6 address. Example 3 -- Microsoft Windows platform supporting all valid IPv4 and IPv6 addresses: TCP_EnableIPv6=1 TCPIP=TCP, 0, 15, 0 TCPIP6=TCP, 0, 15, 0 PORTS=TCPIP,TCPIP6 TCPIP_TCPIPADDRESS=0,[::ffff:0.0.0.0]:1352 SMTPNotesPort=TCPIP,TCPIP6 Example 3 assumes that no ports are bound to any addresses. On Microsoft(R) Windows(R), by default, the TCPIP6 port is an IPv6 socket because IPv6 is enabled. The TCPIP port is an IPv4 socket, because its bound address has the IPv4 format. Both listen to all addresses because the bound address is 0. The SMTPNotesPort variable is required to force the SMTP listener to listen on two sockets -- one for IPv4 and one for IPv6. Example 4 -- UNIX (but not Linux 2.4) partitioned servers. Each server listens to its assigned IPv4 and IPv6 addresses only: Each Server: TCP_EnableIPv6=1 TCPIP=TCP, 0, 15, 0
32
TCPIP6=TCP, 0, 15, 0 PORTS=TCPIP,TCPIP6 TCPIP_TCPIPADDRESS=0,9.33.162.84:1352 TCPIP6_TCPIPADDRESS=0,[fe80::209:6bff:fecd:5b93]:1352 SMTPNotesPort=TCPIP,TCPIP6 Example 5 -- Microsoft Windows (and Linux 2.4) partitioned servers. Each server listens to its assigned IPv4 and IPv6 addresses only: Each Server: TCP_EnableIPv6=1 TCPIP=TCP, 0, 15, 0 TCPIP6=TCP, 0, 15, 0 PORTS=TCPIP,TCPIP6 TCPIP_TCPIPADDRESS=0,9.33.162.84:1352 TCPIP6_TCPIPADDRESS=0,[fe80::209:6bff:fecd:5b93%4]:1352 SMTPNotesPort=TCPIP,TCPIP6 The difference here is that Microsoft Windows and Linux(R) 2.4 require the use of the zone in the address even for addresses bound to listeners if the address is a link local address. The same effect can also be achieved as shown in Example 5A. Examle 5A -- Microsoft Windows and Linux 2.4 partitioned servers. Each server listens to its assigned IPv4 and IPv6 addresses only: For each server: TCP_EnableIPv6=1 TCP_DefaultZone=4 TCPIP=TCP, 0, 15, 0 TCPIP6=TCP, 0, 15, 0 PORTS=TCPIP,TCPIP6 TCPIP_TCPIPADDRESS=0,9.33.162.84:1352 TCPIP6_TCPIPADDRESS=0,[fe80::209:6bff:fecd:5b93]:1352 SMTPNotesPort=TCPIP,TCPIP6 Example 6 -- Any client wants to make outbound IPv4 connections: No change required Example 6A -- A UNIX client (not Linux 2.4) wants to make an outbound IPv6 connection: TCP_EnableIPv6=1
33
Connect to an IPv6 address, or to a DNS or hosts file resident name that resolves to an IPv6 address. Example 7 -- Microsoft Windows/Linux 2.4 client wants to make outbound connection via IPv6: TCP_EnableIPv6=1 Connect to an IPv6 address, or to a DNS or hosts file resident name that resolves to an IPv6 address. If the address is a link local address, it must include the zone, such as fe80::209:6bff:fecd:5b93%4, or the local NOTES.INI file must contain a default zone, or the zone must be included in the local bound address. Such addresses must NEVER be stored in DNS, in Server documents, or Connection documents. If an IPv6-capable computer running Windows XP enables IPv6 and it is DHCP, it will automatically have its QUAD A record stored in DNS and it is stored without a zone, because the zone is a local construct. Therefore, the ONLY way to use such a DNS entry is to have a default zone in NOTES.INI. Example 7A -- Microsoft Windows / Linux 2.4 client wants to make outbound connection via IPv6: TCP_EnableIPv6=1 TCP_DefaultZone=4 Connect to an IPv6 address, or to a DNS or hosts file resident name that resolves to an IPv6 address. If the address is a link local address, it need not include the zone, such as fe80::209:6bff:fecd:5b93 because the zone is defaulted by the NOTES.INI variable. Example 7B -- Microsoft Windows / Linux 2.4 client wants to make outbound connection via IPv6: TCP_EnableIPV6=1 TCPIP=TCP, 0, 15, 0 PORTS=TCPIP TCPIP_TCPIPADDRESS=0,[fe80::209:6bff:fecd:5b93%4]:1352 Connect to an IPv6 address, or to a DNS or hosts file resident name that resolves to an IPv6 address. If the address is a link local address, it need not include the zone, such as fe80::209:6bff:fecd:5b93 because it is defaulted by the bound addresss zone. Enabling Internet protocols on both TCP/IP and TCP/IPV6 ports: Add the following settings to the file, NOTES.INI: v ldapnotesport=tcpip,tcpipv6 v imapnotesport=tcpip,tcpipv6 v smtpnotesport=tcpip,tcpipv6 v pop3notesport=tcpip,tcpipv6 Connecting a Notes client to a Domino server via IPv6: 1. Install the IBM(R) Lotus(R) Domino(TM) server and IBM(R) Lotus(R) Notes(R) client. 2. Enable IPv6 on both the client and the server by adding the NOTES.INI setting, TCP_ENABLEIP6=1, to the NOTES.INI files on the Notes client and Domino server: 3. Configure a zone on both the Notes client and the Domino server.
34
4. On the Domino server, configure the port for IPv4 and the port for IPv6. 5. Launch the Notes client. 6. Connect from the Notes client using IPv6 address-NRPC. Optionally, you can enter the zone if you want to. 7. A low priority Connection document is added to the local Domino Directory (NAMES.NSF). This Connection document and IPv6 are used during future connection attempts initiated with File -- Application -- Open.
Connecting from a Notes client using IPv6 address-NRPC: Use this procedure to connect from the Notes client to a server using an IPv6 address. 1. Choose File -- Application -- Open. 2. In the Server field, enter the IPv6 address. Optionally, you can enter a server name that resolves to an IPv6 address instead of entering the IPv6 address in the Server field. A low-priority Connection document is added to your local Domino Directory (NAMES.NSF).
Advanced Domino TCP/IP configurations

A single IBM(R) Lotus(R) Domino(TM) server can have multiple IP addresses if you use multiple NICs, each offering an address, or if one NIC offers multiple addresses. Having multiple IP addresses allows the server to listen for connections at more than one instance of the TCP port assigned to NRPC (1352) or at TCP ports that are assigned to other services such as LDAP or HTTP. Both individual Domino servers and partitioned Domino servers can have multiple NICs, each with its own IP address. Multiple IP addresses and NICs on a Domino server: Set up a Domino server with multiple IP addresses, each with its own NIC, if you want to: v Split the client load for better performance v Split client-to-server access from server-to-server communication v Set up mail routing, replication, or cluster replication on an alternate path (private network) v Partition a Domino server so that more than one partition offers the same Internet service (SMTP, POP3, IMAP, LDAP, or HTTP). v Allow access to the Domino server via a TCP/IP firewall system over a different network segment, a configuration known as a demilitarized zone (DMZ) v Use a Domino passthru server as an application proxy v Provide network/server failover, used in mission-critical resource access v Set up alternate window and/or maximum transmission unit (MTU) settings for satellite uplink and downlink connections isolated from local access connections For a configuration with multiple IP addresses, you must bind each listening port to the appropriate IP address to ensure that each TCP service receives the network connections intended for it. For more information, see the topics Binding an NRPC port to an IP address and Binding an Internet service to an IP address later in this chapter. For more information on private networks for cluster replication, see the book Administering Domino Clusters. Note: A configuration with multiple NICs does not increase the number of Domino sessions you can have on a server. In TCP/IP, machine capacity depends on processors and memory.
35
Multiple IP addresses with one NIC: Reasons to use one NIC to serve multiple IP addresses include: v Isolating local versus WAN Notes named networks so local users can see only local Domino servers v Preventing independent remote access dialup connections (ISDN dialup router) from being arbitrarily accessed v When setting up redundant WAN path connections for server to server access v When the use of a different TCP/IP port map is needed for firewall connections v When offering HTTP services to a different group than NRPC connections v As a service provider when offering Domino server access for either IBM Lotus Notes or Web clients to different groups/companies For a configuration with multiple addresses and one NIC, you must configure the TCP/IP stack and bind each listening port to an IP address. Partitioned servers and IP addresses: When you set up an IBM(R) Lotus(R) Domino(TM) partitioned server, it is usually best to assign a separate IP address to each partition and use a separate NIC for each. Using a separate NIC for each address can make the computers I/O much faster. Lotus Domino is designed to listen for TCP/IP connections on all NICs in a computer system. If more than one partition is hosting the same service (NRPC, SMTP, POP3, IMAP, LDAP, or HTTP), fine-tune which partitions listen for which connections by associating each services TCP port with a specific IP address. For more information on associating services with IP addresses, see the topics Binding an NRPC port to an IP address and Binding an Internet service to an IP address later in this chapter. As an alternative to using a separate NIC for each IP address, you can use a single NIC and still assign a separate IP address to each partition. For more information, see the topic Assigning separate IP addresses to partitions on a system with a single NIC later in this chapter. If you are unable to assign a separate IP address to each partition, you can use port mapping. For more information on port mapping, see the topic Configuring a partitioned server for one IP address and port mapping later in this chapter. Note: As an alternative to port mapping, you can use port address translation (PAT), in which a firewall redirects the TCP port connection to a different TCP port. Both port mapping and PAT require advanced skills to implement correctly. Ensuring DNS resolves in advanced TCP/IP configurations: When you have IBM(R) Lotus(R) Domino(TM) servers with multiple IBM(R) Lotus(R) Notes(R) network ports for TCP/IP, follow these procedures to ensure server name-to-address resolution by DNS. This topic covers the following configurations: v Users in different DNS subdomains accessing one Domino server v User-to-server access and server-to-server access via different DNS subdomains For information on servers accessing a private LAN in a Domino cluster, see the book Administering Domino Clusters.
36
Users in different DNS subdomains accessing one Domino server: If users are on two isolated networks and the Domino server has a NIC for each network, use DNS to direct the users to the NIC the server shares with them. 1. Assign an IP address to each NIC by creating A records (or, for IPv6, AAAA records) in DNS. Use the ping command and the IP address to test the responsiveness of the NIC. Note: If the Domino server is running Microsoft(R) Windows(R) and there is a route between the two networks, prevent the NetBIOS broadcasts from exiting from both adapters by using the Windows Control Panel to disable one instance of the WINS client. Use the Bindings tab of the Network dialog box, select All Adapters, and select the name of the NIC for which you want to disable WINS. 2. Create two CNAME records in DNS for the Domino server, linking the servers common name to each NIC name in the A records. (Using CNAME records for the Domino server provides diagnostic fidelity to test the network pathway independently of the servers name resolve.) 3. Add a second Notes network port for TCP/IP in Domino. For more information, see the topic Adding a network port on a server later in this chapter. 4. Bind each TCP/IP port to the IP address of the appropriate NIC. On the server console, verify that both TCP/IP ports are active and linked to the correct IP address. For more information on binding ports to IP addresses, see the topic Binding an NRPC port to an IP address later in this chapter. 5. In the Server documents Net Address field for each TCP/IP port, use the servers common name only, not its FQDN. 6. On each Notes workstation, set the users DNS name lookup scope to the correct DNS subdomain. Example: At the Acme company, some users connect to the Domino server Chicago/Sales/Acme over an Ethernet network, others over a Token Ring network. Register the Domino server with DNS as chicago.east.acme.com for the users on the Ethernet network and as chicago.west.acme.com for users on the Token Ring network. 1. Create start of authority (SOA) table entries in DNS for the subdomain east.acme.com, as follows:
chi-ethernet chicago A CNAME 10.20.20.2 chi-ethernet
2. Create SOA table entries in DNS for the subdomain west.acme.com, as follows:
chi-tokenring chicago A CNAME 10.10.10.1 chi-tokenring
3. Change the name of the original Notes network port for TCP/IP to TCPIP1, and name the second port TCPIP2. 4. Use the NOTES.INI file to bind TCPIP1 to the IP address for the Ethernet network and to bind TCPIP2 to the IP address for the Token Ring network. 5. In the Server documents Net Address field for each TCP/IP port, enter chicago.
37
6. On the Ethernet users workstations, set the DNS name lookup scope to east.acme.com, and on the Token Ring users workstations, set it to west.acme.com. User-to-server access and server-to-server access via different DNS subdomains: If users need to access a Domino server over the LAN and other Domino servers need to access the same server over the WAN, add a second NIC to the server. Then use DNS to direct the users to the NIC for the LAN and to direct other servers to the NIC for the WAN. 1. Assign an IP address to each NIC by creating an A record (or, for IPv6, AAAA record) in DNS. Use the ping command and the IP address to test the responsiveness of the NIC. Note: If the Domino server is running Microsoft(R) Windows(R) and there is a route between the two networks, prevent the NetBIOS broadcasts from exiting from both adapters by using the Windows Control Panel to disable one instance of the WINS client. Use the Bindings tab of the Network dialog box, select All Adapters, and select the name of the NIC for which you want to disable WINS. Create two CNAME records in DNS for the Domino server, linking the servers common name to each NIC name in the A records. (Using CNAME records for the Domino server provides diagnostic fidelity to test the network pathway independently of the servers name resolve.) Add a second Notes network port for TCP/IP in Domino. For more information, see the topic Adding a network port on a server later in this chapter. Bind each TCP/IP port to the IP address of the appropriate NIC. On the server console, verify that both TCP/IP ports are active and linked to the correct IP address. For more information on binding ports to IP addresses, see the topic Binding an NRPC port to an IP address later in this chapter. To direct the Domino servers first outbound connection to the server-to-server network, edit the PORT setting in the NOTES.INI file to read as follows:
PORT=serverportname, userportname
2.
3.
4.
5.
Where serverportname is the name of the Notes network port for TCP/IP that other Domino servers will use to connect to this server, and userportname is the name of the Notes network port for TCP/IP that users will use to connect to this server. 6. In the Server documents Net Address field for the first TCP/IP port (the port that users will use), enter the FQDN, using the servers common name and the users DNS subdomain. Note: Listing the port that users will use first is important, as the Notes Name Service cannot distinguish which NIC a user is accessing and makes the connection based on the content of the Net Address field for the first TCP/IP port listed in the Server document. 7. In the Server documents Net Address field for the second TCP/IP port (the port that servers will use), enter the FQDN, using the servers common name and the servers DNS subdomain. An initiating server uses its local Domino Directory to detect the Notes named network it has in common with this server. 8. Set each users DNS name lookup scope to the correct DNS subdomain.
38
9. In each servers TCP/IP stack, set the DNS name lookup scope to the correct DNS subdomain. Example: At the Acme company, users connect to the Domino server BostonApp04/Sales/Acme over the LAN, and other Domino servers access it privately over the WAN. You register the server with DNS as bostonapp04.boston.acme.com for the LAN users and as bostonapp04.domino.acme.com for the server-to-server network over the WAN. 1. Create the following SOA table entries in DNS for the subdomain boston.acme.com, as follows:
usr-bostonapp04 bostonapp04 A CNAME 103.210.20.2 usr-bostonapp04
2. Create the following SOA table entries in DNS for the subdomain domino.acme.com, as follows:
srv-bostonapp04 bostonapp04 A CNAME 103.210.41.1 srv-bostonapp04
3. Change the name of the original Notes network port for TCP/IP to TCPIP1, and name the second port TCPIP2. 4. Use the NOTES.INI file to bind TCPIP1 to the IP address for the user network, to bind TCPIP2 to the IP address for the server-to-server network, and to add the setting PORT=TCPIP2, TCPIP1. 5. In the Server documents Net Address field for port TCPIP1, enter bostonapp04.boston.acme.com. For port TCPIP2, enter bostonapp04.domino.acme.com. 6. On each users workstation, set the DNS name lookup scope to boston.acme.com. In the TCP/IP stacks of the servers that need to connect to this server, set the name lookup scope to domino.acme.com.
Planning the NetBIOS network

The IBM(R) Lotus(R) Domino(TM) network is compatible with NetBIOS, a set of IBM session-layer LAN services that has evolved into a standard interface that applications use to access transport-layer network protocols. Domino supports the NetBIOS interface on Microsoft(R) Windows(R) systems over the following transport protocols: TCP/IP (on systems running TCP/IP) and NetBEUI (supplied with all Microsoft network products). Note: Although you can add some NetBIOS services to Linux(R) and UNIX(R) systems, NRPC communication does not use them. For detailed system requirements for using NetBIOS with Lotus Domino, see the Release Notes.
Deciding whether to use NetBIOS services

Including NetBIOS in the Domino network has both benefits and risks. The benefits are as follows: v NetBIOS has low overhead relative to other protocol suites. NetBIOS over NetBEUI has the least overhead; and NetBIOS over TCP/IP has the most. v Because it is not directly routable, NetBIOS over NetBEUI can provide a secure means to access your server for administration within a flat network. To access
39
the server over a routed IP network, you can create a data-link switching (DLSw) tunnel to limit the administration access with NetBIOS over NetBEUI. v Because NetBIOS name-to-address resolution services offer dynamic registration by name broadcasts, you can use NetBIOS to build a mobile Domino network for temporary or emergency use. The risks of using NetBIOS involve the security of the file system on Domino servers. Depending on the access permissions of the operating system and on the transport protocol being used, NetBIOS name and file services might allow users to see or access the servers file system. When a server provides NRPC services, mitigate this risk by disabling the NetBIOS name and file services (SMB/CIFS) on the system so that the systems name cannot be seen over the network. Other IBM(R) Lotus(R) Notes(R) and Domino systems can still find the Domino server because Lotus Domino has its own NetBIOS name service to propagate and register the Domino servers NetBIOS name, but access is secure because it is controlled by the authentication and certification features in NRPC. If the system on which you run Domino requires NetBIOS name or authentication services, mitigate the security risk by isolating the NetBIOS services. Install an additional NIC on the system for NetBIOS over a private administration network, and disable NetBIOS on the NIC that the Domino server uses.
How to tell if NetBIOS is active on a system

The following are indications that NetBIOS is active: v On Windows systems, you can see or access another Windows systems file system through the Network Neighborhood (indicates Server Message Block/NetBIOS). v You can register with an NT domain (indicates Server Message Block/NetBIOS). v On Windows 2000 or XP systems, NetBIOS over IP is selected in the systems TCP/IP protocol settings. Note: On Linux(R) and UNIX systems, the SAMBA server service (Windows file server) can offer Server Message Block/NetBIOS or Common Internet File System/IP access, or both.
Server name-to-address resolution over NetBIOS

When an IBM(R) Lotus(R) Notes(R) workstation or IBM(R) Lotus(R) Domino(TM) server running NetBIOS tries to connect to a Domino server, the initiating system offers the destination servers common name to the NetBIOS name service, which then broadcasts that name and its associated network address over the NetBIOS network. For background information on how the Notes Name Service works with name-resolver services such as the NetBIOS name service, see the topic Resolving server names to network addresses in NRPC earlier in this chapter. When you use the Notes Name Service with the NetBIOS name service, only a Notes or Domino system using the same NetBIOS transport protocol as the destination Domino server can see the destination servers NetBIOS name. If the Notes or Domino system has more than one NIC for which the NetBIOS transport protocol is enabled, only the NetBIOS port with the same LANA binding as that of the destination server can see the destination servers name. Which physical address is registered for a Domino server depends on the transport protocol:
40
v For NetBIOS over NetBEUI, the NICs 32-bit MAC address is used. v For NetBIOS over TCP/IP, the systems IP address is used. Ways to ensure successful NetBIOS resolves: Because NetBIOS broadcasting has a limited range, you may need to create a Connection document that includes the physical address of the destination server. This process works as long as the network pathway can carry the given lower transport protocol. For NetBIOS over TCP/IP, you can also do one of the following: v Use a WINS server with a static entry. v In the initiating systems TCP/IP stack settings, enable NetBIOS name lookup by DNS. This works even if you are not using any NRPC services; however, the destination server must be registered with DNS. Note: NetBIOS name space is flat, even with TCP/IP. If the client is not within the same DNS domain level, access by name may not be possible. Naming Domino servers on NetBIOS: NetBIOS names are limited to 15 characters. If the common name of the Domino server is longer than 15 characters, NetBIOS truncates the name. CAUTION: The resolution of a Domino server name can be adversely affected if the server name is the same as the NetBIOS name for a Microsoft(R) Windows(R) system. To prevent this problem without making it difficult to manage system files remotely, do the following: v On Windows 2000, add a preface such as W2K- to the system name, using the Network Identification tab on the System Properties dialog box. For more information on the NetBIOS name service, see Microsofts resource kit documentation for the Windows 2000 operating systems.
Setting up Domino servers on the network

Before installing an IBM(R) Lotus(R) Domino(TM) server, make sure you have done the following: v Installed one or more NICs on the system. v Installed protocol software if necessary. v Installed all network drivers in the correct directories. v Installed any network software required for the protocols. For more information, see the vendors documentation. After you install the server, you use the Domino Server Setup program to accept network defaults or customize network settings. For more information, see the chapter Installing and Setting Up Domino Servers. After you run the setup program, you may need to complete one or more of these tasks to finish setting up Lotus Domino on the network: v Change the default names assigned to Notes named networks to make them consistent with actual network topography.
41
v Fine-tune network port setup by adding, enabling, renaming, reordering, disabling, or deleting ports or by enabling network encryption or compression on a port. v Complete tasks specific to the TCP/IP, or NetBIOS, protocol. For information on connecting IBM(R) Lotus(R) Notes(R) workstations to the network, see Lotus Notes Help.
Setting up Notes named networks

The IBM(R) Lotus(R) Domino(TM) Server Setup program automatically places all servers that are in a Domino domain and that run the same network protocol in the same IBM(R) Lotus(R) Notes(R) named network (NNN). In the Server document, the setup program assigns each NNN a default name in the format portname network. After you complete the Server Setup program, rename the NNN for each network port in the Server document. It is useful if the name reflects both the location of the network and its protocol. For example, if your company has a TCP/IP network and has LANs in Boston and San Francisco, change the name of the NNN in Boston to TCPIP Boston network, and change the name of the NNN in San Francisco to TCPIP SF network. CAUTION: Domino assumes that all servers in a NNN have a continuous LAN or WAN connection. If this is not the case, serious delays in mail routing between servers can occur. Be careful not to include servers with only dialup connections in an NNN. To 1. 2. 3. change the name of a Notes named network: From the Domino Administrator, select the server you just set up. Click the Configuration tab. Expand the Server section in the view pane.
4. Click Current Server Document. 5. Click Edit Server, and then click the Ports - Notes Network Ports tab. 6. In the Notes Network field for each port, enter a new name for the servers Notes named network. The name can include space characters. 7. Click Save and Close.
Fine-tuning network port setup on a server

After you install and set up an IBM(R) Lotus(R) Domino(TM) server, review the list of network ports that were enabled by the Server Setup program. Unless you customize network settings during setup, Domino enables ports based on the current operating system configuration. To conserve system resources, disable the ports for protocols that you dont need. For information on configuring a communication port for a dialup modem, see the chapter Setting Up Server-to-Server Connections. Use Domino Administrator to make these changes to a servers network port setup: v Disable a network port v Enable a network port v Add a network port v Rename a network port
42
v v v v
Reorder network ports Delete a network port Encrypt network data on a port Compress network data on a port
Note: On an IBM(R) Lotus(R) Notes(R) workstation, you use the User Preferences dialog box to change port setup. For more information on changing port preferences on a workstation, see Lotus Notes Help.
Disabling a network port on a server

Even after you disable a port, it still appears in the list of available ports so that you can later enable it. 1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, click the server on which you want to disable a port. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. 4. Select the port you want to disable, and then deselect Port enabled. 5. Click OK. 6. Click the Server - Status tab. 7. Do one of these so that the change takes effect: v From the Domino Administrators Tools pane, choose Restart Port. (If you cant see the Tools pane, make sure you are in the Server Tasks view.) v From the Web Administrators Ports tool, choose Restart. 8. In the Server document, on the Ports - Notes Network Ports tab, specify Disabled next to the name of the port you are disabling. 9. Save the Server document.
Enabling a network port on a server

If the server port you want to enable will be the IBM(R) Lotus(R) Notes(R) workstations only means of connecting with the server, do not use this procedure. Instead, use the Ports setting in the servers NOTES.INI file. For more information, see the appendix NOTES.INI File. For information on creating a Connection document on a Notes workstation, see Lotus Notes Help. To enable a network port: 1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, click the server on which you want to enable a port. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. 4. Select the port you want to enable, and then select Port enabled.
43
5. Click TCP/IP Options, LANx Options, or COMx Options, and specify information as appropriate. For more information on TCP/IP and LANx options, see the topics Changing the TCP/IP connection time-out interval, Defining a NetBIOS LANA number for a Notes network port, and Defining a servers NetWare name service in Lotus Domino later in this chapter. For more information on COMx options, see the chapter Setting Up Server-to-Server Connections. 6. Click OK. 7. Click the Server - Status tab. 8. Do one of these so that the change takes effect: v From the Domino Administrators Tools pane, choose Restart Port. (If you cant see the Tools pane, make sure you are in the Server Tasks view.) v From the Web Administrators Ports tool, choose Restart. 9. In the Server document, click the Ports - Notes Network Ports tab, and edit these fields as necessary:
Field Port Notes Network Action Enter the port name. Lotus Domino assigns a default port name to each network protocol detected on the system. Enter the name of the Notes named network for the group of Domino servers that are in this location and run on a particular protocol -- for example, Boston TCPIP. Space characters are allowed in a Notes network name. Enter the protocol-specific name of the server -- for example, sales.acme.com. The name you use depends on the convention of the network protocol. This field is used to determine the address that other servers use to access this server. Choose Enabled so that other servers will know the port is enabled.
Net Address
Disabled/ Enabled
10. Save the Server document. 11. Make sure that this server is set up to replicate its Domino Directory to other servers, or enter the preceding changes into the Server document on a server that is set up to do the replication, or other servers will not know that they can connect to this server over the newly enabled port.
Adding a network port on a server

If the server port you want to add will be the IBM(R) Lotus(R) Notes(R) workstations only means of connecting with the server, do not use this procedure. Instead, use the Ports setting in the servers NOTES.INI file. For more information, see the appendix NOTES.INI File. For information on creating a Connection document on a Notes workstation, see Lotus Notes Help. To add a network port: 1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, click the server on which you want to add a port. 2. Click the Configuration tab. 3. Do one of these:
44
4. 5. 6.
7. 8.
v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. Click New. Specify the port name and driver, and click OK. Click TCP/IP Options, LANx Options, or COMx Options, and specify information as appropriate. For more information on TCP/IP and LANx options, see the topics Changing the TCP/IP connection time-out interval, Defining a NetBIOS LANA number for a Notes network port, and Defining a servers NetWare name service in Lotus Domino later in this chapter. For more information on COMx options, see the chapter Setting Up Server-to-Server Connections. Click OK. Click the Server - Status tab.
9. Do one of these so that the change takes effect: v From the Domino Administrators Tools pane, choose Restart Port. (If you cant see the Tools pane, make sure you are in the Server Tasks view.) v From the Web Administrators Ports tool, choose Restart. 10. In the Server document, click the Ports - Notes Network Ports tab, and edit these fields as necessary:
Field Port Notes Network Action Enter the port name. Lotus Domino assigns a default port name to each network protocol detected on the system. Enter the name of the Notes named network for the group of Domino servers that are in this location and run on a particular protocol -- for example, Boston TCPIP. Space characters are allowed in a Notes network name. Enter the protocol-specific name of the server -- for example, sales.acme.com. The name you use depends on the convention of the network protocol. This field is used to determine the address that other servers use to access this server. Choose Enabled so that other servers will know the port is enabled.
Net Address
Disabled/ Enabled
11. Save the Server document. 12. Make sure that this server is set up to replicate its Domino Directory to other servers, or enter the preceding changes to the Server document on a server that is set up to do the replication, or other servers will not know that they can connect to this server over the newly enabled port. 13. If you are adding an additional TCP/IP port on a computer with multiple NICs, see these topics: v Binding an NRPC port to an IP address v Binding an Internet service to an IP address. 14. If you are adding an additional NetBIOS port on a computer with multiple NICs, see the topic Creating additional network ports for NetBIOS.
Renaming a network port on a server

You might want to rename a port to reflect its function. For example, suppose you add a second TCP/IP port named SRV-TCP so that clustered servers can
45
communicate over a private network. Then you might want to might want to rename the original TCP/IP port through which users will communicate with the server USR-TCP. 1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, click the server on which you want to rename a port. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. Select the port you want to rename. Click Rename, and then enter the new name. Do not use spaces in the port name. Click OK. Click the Server - Status tab. Do one of these so that the change takes effect: v From the Domino Administrators Tools pane, choose Restart Port. (If you cant see the Tools pane, make sure you are in the Server Tasks view.) v From the Web Administrators Ports tool, choose Restart. In the server document, on the Ports - Notes Network Ports tab, change the name of the port to the new name and save the document. If this server is the source server for any Connection documents in the Domino Directory, click Server - Connections. Select a Connection document and click Edit Connection. On the Basics tab, enter the new port name in the Use the port(s) field. Save and close the Connection document. Repeat steps 10 to 13 for each Connection document for which this server is the source.
4. 5. 6. 7. 8.
9. 10. 11. 12. 13. 14.
Reordering network ports on a server

Changing the order in which ports are listed in the Setup Ports dialog box also changes the Ports setting in the NOTES.INI file. List the ports in the order in which you want them to be used -- for example, list nearest or fastest connections first. Then when a server uses a Notes named network or a Connection document to locate another server, the port with a close or fast connection will be used as the preferred path. If the IBM(R) Lotus(R) Domino(TM) server has multiple TCP/IP ports, see the topic Reordering multiple server ports for TCP/IP later in this chapter. To reorder network ports: 1. From the Domino Administrator or Web Administrator, click the server on which you want to reorder ports. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. 4. Select the port that you want to relocate in the list. 5. Click the up and down arrows, as necessary to relocate the port. 6. Click OK.
46
7. Click the Server - Status tab. 8. Do one of these so that the change takes effect: v From the Domino Administrators Tools pane, choose Restart Port. (If you cant see the Tools pane, make sure you are in the Server Tasks view.) v From the Web Administrators Ports tool, choose Restart. 9. In the Server document, on the Ports - Notes Network Ports tab, change the port order to the new order by cutting and pasting all the necessary fields. 10. Save the Server document. Note: When you create a Connection document on a server, the Connection document takes the port order from the order in the Setup Ports dialog box. Then, whenever the server connects with the destination server, the server obtains the port order directly from the Connection document. If you change the port order after you create Connection documents, you must save each Connection document again. To have different Connection documents reflect different port orders, change the port order, save a Connection document, change the port order again, save another Connection document, and so on.
Deleting a network port on a server

If you delete a port, it no longer appears in the list of available ports in the Setup Ports dialog box. 1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, click the server on which you want to delete a port. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. 4. Select the port you want to delete. 5. Click Delete. 6. Click OK. 7. Click the Server - Status tab. 8. Do one of these so that the change takes effect: v From the Domino Administrators Tools pane, choose Restart Port. (If you cant see the Tools pane, make sure you are in the Server Tasks view.) v From the Web Administrators Ports tool, choose Restart. 9. In the Server document, on the Ports - Notes Network Ports tab, delete the contents of all the fields next to the name of the port you are deleting. 10. Save the Server document.
Encrypting NRPC communication on a server port

You can encrypt network data on a servers Notes network ports to prevent the network eavesdropping thats possible with a network protocol analyzer. Network encryption occurs at the application layer of a given protocol and is independent of other forms of encryption. Network data is encrypted only while it is in transit. After the data is received and stored, network encryption is no longer in effect. Network data encryption occurs if you enable network data encryption on either side of a network connection. For example, if you enable encryption on a servers IBM(R) Lotus(R) Notes(R) network port for TCP/IP, you dont need to enable encryption on the TCP/IP ports of workstations or servers that connect to the server.
47
If you want the server to have one TCP/IP port for Notes traffic over the Internet and another TCP/IP port for internal traffic over NRPC, you can encrypt the port for Internet traffic and leave the port for internal traffic unencrypted. Be aware that multiple high-speed encrypted connections to a server can affect server performance adversely. Encrypting network data has little effect on client performance. For protocols other than NRPC, you use SSL for encryption. For more information, see the chapter Setting Up SSL on a Domino Server. To encrypt NRPC communication: 1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, choose the server for which you want to encrypt network data. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. 4. Select the port you want to encrypt. 5. Select Encrypt network data. 6. Click OK. 7. Click the Server - Status tab. 8. Do one of these so that the change takes effect: v From the Domino Administrators Tools pane, choose Restart Port. (If you cant see the Tools pane, make sure you are in the Server Tasks view.) v From the Web Administrators Ports tool, choose Restart.
Compressing network data on a server port

To reduce the amount of data transmitted between an IBM(R) Lotus(R) Notes(R) workstation and IBM(R) Lotus(R) Domino(TM) server or between two Domino servers, enable network compression for each enabled network port. Whether you should enable compression on a network port depends on the type of network connection and the type of data being transmitted. For compression to work, enable it on both sides of a network connection. To enable compression for a network port on a server, use the Server tab in the Domino Administrator. To enable compression on network ports on Notes workstations, from the Domino Administrator, use a setup or desktop policy settings document or from a workstation, use the User Preferences dialog box. For information on policy settings, see the chapter Using Policies. WAN connections: Enabling network compression on X.PC ports can significantly reduce the time it takes to send and receive data over a remote connection between a Notes workstation and a Domino server or between two Domino servers. You benefit from using network compression only if the data being transmitted is not already compressed. In the case of a network dialup service such as Microsofts Remote Access Service (RAS) which includes built-in compression, enabling compression on Notes network ports does not provide any additional benefit. The same is true of tasks involving data that was compressed using the Lempel-Ziv algorithm (LZ1 compression) -- such as replicating a mail file with a large number of compressed attachments.
48
LAN connections: While compression decreases bandwidth use on a LAN, you must weigh this gain against increased memory and processor use, since network compression works by buffering data before compressing it. The cost of compression might be worth it only for a heavily loaded network. To compress data on a server port: 1. From the Domino Administrator or Web Administrator, click the server for which you want to turn on network compression. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. 4. Select the port for which you want to turn on compression. Note: Make sure Port enabled is selected for that port. Select Compress network data. Click OK. Click the Server - Status tab. Do one of these so that the change takes effect: v From the Domino Administrators Tools pane, choose Restart Port. (If you cant see the Tools pane, make sure you are in the Server Tasks view.) v From the Web Administrators Ports tool, choose Restart.
5. 6. 7. 8.
Server setup tasks specific to TCP/IP

After you run the IBM(R) Lotus(R) Domino(TM) Server Setup program, complete these procedures: 1. Set up a secondary name server for IBM(R) Lotus(R) Notes(R) clients. 2. Change the servers connection-time-out interval. 3. For servers that provide services to Internet clients, enable Domino support for IPv6. 4. For configurations involving multiple NICs on a server or partitioned server: v Reorder multiple Notes network ports for TCP/IP. v Bind an NRPC port to an IP address. v Bind an Internet service to an IP address. 5. For a partitioned server with a single NIC for the entire computer, assign an IP address to each server partition 6. Change a default TCP or SSL port number. 7. Confirm that TCP/IP is configured properly.
Setting up a secondary name server

To ensure that the Notes Name Service is always available to IBM(R) Lotus(R) Notes(R) workstations, assign a secondary name server in users Location documents. You can specify a different secondary name server for each LAN location defined. The secondary name server is used when: v The users home server is down. v The users home server is not running TCP/IP. v The name of the users home server cannot be resolved over TCP/IP.
49
For examples of situations in which the name of a home server cannot be resolved, see the topic Ensuring DNS resolves in advanced TCP/IP configurations earlier in this chapter. Note: You can use setup or desktop policy settings to assign secondary name servers to groups of users. For more information, see the chapter Using Policies. To set up a secondary name server: 1. On the Notes workstation, choose File - Mobile - Locations, and open the location for which you want to designate a secondary name server. 2. Click Edit Location. 3. Click the Advanced - Secondary Servers tab. (The Advanced tab appears only if you have a location defined as Local Area Network or Both Dialup and Local Area Network.) 4. In the Secondary TCP/IP Notes server name field, enter one of the following: v The common name of the IBM(R) Lotus(R) Domino(TM) server -- for example, Notesserver1 v The hierarchical name of the Domino server -- for example, Notesserver1/Acme 5. In the Secondary TCP/IP host name or address field, enter one of the following: v IP address -- for example, 197.114.33.22 v The fully qualified domain name -- for example, notesserver1.acme.com v The simple host name -- for example, notesserver1 If you specify only the host name in this field, the workstation must use the Domain Name System (DNS) or local hosts file to locate the secondary name server. When you specify the IP address in this field, Lotus Domino resolves the hosts IP address without having to perform a DNS or hosts file lookup. 6. Click Save and Close.
Changing the TCP/IP connection-time-out interval

You might want to increase the number of seconds that IBM(R) Lotus(R) Domino(TM) waits before terminating a connection attempt. For example, increasing the time-out interval is often necessary on a server that dials up other Domino servers. The default time-out interval is 5 seconds. 1. From the Domino Administrator or Web Administrator, click the server for which you want to change the time-out interval. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. 4. Select the TCP/IP port. 5. Click TCPIP Options, and enter a number. Note: Unless the connection is over a dial-on-demand ISDN modem, remote bridge, or router, it is best to enter a number no greater than 10, as the IBM(R) Lotus(R) Notes(R) client or Domino server wont retry the connection until the timer has expired. 6. Click OK.
50
Enabling support for IPv6 on a Domino server

You can enable support for IPv6 on an IBM(R) Lotus(R) Domino(TM) server that runs the IMAP, POP3, SMTP, LDAP, or HTTP service. To enable IPv6, add this NOTES.INI setting to the servers NOTES.INI file:
TCP_EnableIPV6=1
Reordering multiple server ports for TCP/IP

If an IBM(R) Lotus(R) Domino(TM) server has multiple IBM(R) Lotus(R) Notes(R) network ports for TCP/IP, the order in which these ports are listed in the NOTES.INI file and the Server document affects how other servers and workstations connect to this server. The Ports setting in the NOTES.INI file determines which port a workstation or server tries first. In the absence of other settings that bind an NRPC, POP3, IMAP, SMTP, or LDAP service to an IP address, all of these services will try to use the port listed first in the NOTES.INI file. Server-to-server communication: If you add a second Notes network port for TCP/IP in order to isolate server-to-server communication -- for example, a private network for cluster replication -- list this port first in the NOTES.INI file so that server-to-server traffic will tend to occur over this connection, thus decreasing the data flow on the port for the user network. To change the port order in the NOTES.INI file, use the Port Setup dialog box. For more information, see the topic Reordering network ports on a server earlier in this chapter. Note: If you are setting up a private cluster network and do not list the server port first, you must add the setting Server_Cluster_Default_Port to the NOTES.INI file. The disadvantage of adding this setting is that if the server encounters a problem connecting over this port, it will not try another port, and replication will not occur. Workstation-to-server communication: If a Domino server has a port for workstations to connect on -- for example, over a LAN -- and another port for servers to connect on -- for example, over a WAN -- list the workstation port first in the Server document so that users see only servers on the LAN when they choose File - Application - Open. To reorder the ports in the Server document, click the Ports - Notes Network Ports tab, and edit the fields in the table.
Binding an NRPC port to an IP address

By default, all TCP/IP-based services on an IBM(R) Lotus(R) Domino(TM) server listen for network connections on all NICs and on all configured IP addresses on the server. If you have enabled more than one Notes network port for TCP/IP (TCP port for NRPC) on either a single Domino server or a Domino partitioned server, you must associate the NRPC ports and IP addresses by binding each port to an address. For background information on Domino server setups with multiple IP addresses, see the topic Advanced Domino TCP/IP configurations earlier in this chapter.
51
To bind an NRPC port to an IP address: When setting the NOTES.INI variables for port mapping, do not include a zone in a port mapped address. The zone is only valid locally. 1. For each IP address, make sure you have added a Notes port for TCP/IP. Also make sure that each port has a unique name. For information on adding a Notes port, see the topic Adding a network port on a server earlier in this chapter. 2. In the NOTES.INI file, confirm that these lines appear for each port that you added:
Ports=TCPIPportname TCPIPportname=TCP, 0, 15, 0
Where TCPIPportname is the port name you defined. 3. For each port that you want to bind to an IP address, add this line to the NOTES.INI file:
TCPIPportname_TCPIPAddress=0,IPaddress
Where IPaddress is the IP address of the specific NIC. For example:

TCPIP_TCPIPAddress=0,130.123.45.1
Note: For IPv6, enclose the address in square brackets, as it contains colons. For example:
TCPIP_TCPIPAddress=0,[fe80::290:27ff:fe43:16ac]
4. (Optional) To help you later remember the function of each port, add the default TCP port number for NRPC to the end of the line you entered in Step 3, as follows:
:1352
CAUTION: Do not change the assigned TCP port number unless you have a way to redirect the inbound connection with Domino port mapping or a firewall that has port address translation (PAT). In a situation where you must change the default NRPC port number, see the topic Changing a TCP or SSL port number later in this chapter.
Binding an Internet service to an IP address

If the IBM(R) Lotus(R) Domino(TM) server has multiple Notes network ports for TCP/IP (NRPC ports) and the server is also hosting the SMTP, POP3, IMAP, LDAP, or Internet Cluster Manager (ICM) service, you must specify the NRPC port that you want the service to use in the NOTES.INI file. If you do not specify an NRPC port for an Internet service, by default the service will use the port listed first in the Ports setting in the NOTES.INI file. You can specify the same NRPC port for multiple Internet services. For the Domino Web server (HTTP service), you use the Server document to bind HTTP to a host name IP address. To bind the SMTP, POP3, IMAP, LDAP, or ICM service: 1. Bind each NRPC port to an IP address. 2. In the NOTES.INI file, specify the appropriate NRPC port for each Internet service as follows: Note: If you dont know the port name to enter for an NRPC port, open the Server document, click the Ports - Notes Network Ports tab, and look at the
52
ports associated with the TCP protocol.

Service POP3 IMAP SMTP LDAP ICM Action Enter POP3NotesPort=port namewhere port name is the name of the NRPC port that you want to link the service to. Enter IMAPNotesPort=port namewhere port name is the name of the NRPC port that you want to link the service to. Enter SMTPNotesPort=port namewhere port name is the name of the NRPC port that you want to link the service to. Enter LDAPNotesPort=port namewhere port name is the name of the NRPC port that you want to link the service to. Enter ICMNotesPort=port namewhere port name is the name of the NRPC port that you want to link the service to.
Example: The following example shows the lines (in bold) to add to the Ports section of the NOTES.INI file to bind two NRPC ports to their IP addresses and to specify the second NRPC port for the SMTP service.
Ports=TCPIP, TCP1P2 TCPIP=TCP, 0, 15, 0 TCPIP_TCPIPAddress=0,10.33.52.1 TCPIP2=TCP, 0, 15, 0 TCPIP2_TCPIPAddress=0, 209.98.76.10 SMTPNotesPort=TCPIP2
Note: Domino adds the lines that are not bold when you use either the Domino Server Setup program or the Domino Administrators Setup Ports dialog box to enable a port. To bind the HTTP service: 1. On the Internet Protocols - HTTP tab of the Server document, enter one or more IP addresses or FQDNs for the server in the Host name(s) field. 2. Select Enabled in the Bind to host name field. Note: If the server is a partitioned server and has Web sites configured with separate IP addresses, or has virtual servers (Domino 5) configured for one or more partitions, enter the partitions IP address, and each Web site or virtual servers IP address in the Host name(s) field, separated by semicolons. Alternatively, you can use FQDNs in this field. Do not list additional Web sites and virtual hosts that have IP addresses that are already listed in this field. Example 1 -- Server partition with Web sites: The partitions host name is app01 and there are two Web sites configured for it: sales.acme.com and accounting.acme.com. The Web site sales.acme.com uses the same IP address as the partition, and the Web site accounting.acme.com has its own IP address. Enter the following in the Host name(s) field:
9.88.43.113;9.88.46.110
where 9.88.43.113 is the IP address for both the partition and the Web site sales.acme.com and 9.88.46.110 is the IP address for the Web site accounting.acme.com.
53
Example 2 -- Server partition with virtual servers: The partitions host name is app01 and there are two virtual servers (9.88.46.114 and 9.88.46.115) and one virtual host configured for it. Enter the following in the Host name(s) field:
9.88.43.113;9.88.46.114;9.88.46.115
where 9.88.43.113 is the IP address for both the partition and the virtual host sales.acme.com, 9.88.46.114 is the IP address for virtual server 1 (accounting.acme.com), and 9.88.46.115 is the IP address for virtual server 2 (northeastsales.acme.com). For information on Web sites and Internet Site documents, see the chapter Installing and Setting Up Domino Servers.
Assigning separate IP addresses to partitions on a system with a single NIC

If you use a single NIC with multiple IP addresses, you must complete additional configuration instructions, which are based on your operating system, for each server partition. Note: Using separate IP addresses with a single NIC can have a negative impact on the computers I/O performance. For background information on partitioned servers and the TCP/IP network, see the topic Partitioned servers and IP addresses earlier in this chapter. IBM AIX or Linux: You must be logged on as root. To enable an IP address in IBM AIX: 1. Add one entry in the local host names file /etc/hosts for each server partition. The entry for the partition that uses the computer host name should already exist. 2. To enable an IP address, enter this command under the heading Part 2 -Traditional Configuration in the startup file (etc/rc.net). Do not enter this command for the partition that uses the computer host name.
/usr/sbin/ifconfig interface alias server_name
where interface is the name of the network interface, and server_name is the name of the partitioned server -- for example:
/usr/sbin/ifconfig en0 alias server2
3. Restart the system if necessary, and test the configuration. From another computer, use the ping command with the server names. To show the network status, use the netstat command. To disable an IP address in IBM AIX or Linux: Do not remove the IP address of a server partition that uses the computer host name as its server name. 1. Enter this command at the console:
/usr/sbin/ifconfig interface delete server_name
where interface is the name of the network interface, and server_name is the name of the partitioned server. 2. Remove the partitions name entry from the local host names /etc/hosts file. 3. Remove the corresponding ifconfig command from the system startup /etc/rc.net file. Sun Solaris: This procedure is for Sun Solaris 2.6. You must have superuser privileges to configure the NIC.
54
To enable an IP address in Sun Solaris: 1. Add one entry in the local host names /etc/hosts file for each server partition. The entry for the partition that uses the computer host name should already exist. 2. For each partition, create a file named:
/etc/hostname.device:n
where device is the device name of the NIC, and n is a number that increments for each file name. The /etc/hostname.hme0 file should already exist and contain the computer host name. For example, if /etc/hostname.hme0 contains the name Server1, create:
/etc/hostname.hme0:1
which contains the name Server2. and

/etc/hostname.hme0:2
which contains the name Server3. 3. Create the alias for each IP address that goes to the NIC which is hme0. At the console, enter:
/sbin/ifconfig hme0 plumb /sbin/ifconfig hme0: n IP_address
where n is the number you created in Step 2 for each file name, and IP_address is the address assigned to the corresponding server in Step 1. For example:
/sbin/ifconfig hme0 plumb /sbin/ifconfig hme0:1 111.123.11.96 /sbin/ifconfig hme0:2 111.123.11.22
4. To verify the IP addresses that you configured, enter:

/sbin/ifconfig -a
5. To enable each IP address that you configured in Step 3, enter:

/sbin/ifconfig hme0:n up
where n is the number assigned to the file that contains the server name. For example:
/sbin/ifconfig hme0:1 up /sbin/ifconfig hme0:2 up
To disable an IP address, enter:

/sbin/ifconfig hme0:n down
6. To configure the NIC to support multiple IP addresses at system startup, add this ifconfig command to the startup file (probably /etc/rc2.d/S30sysident):
/sbin/ifconfig hme0 plumb /sbin/ifconfig hme0:n IP_address /sbin/ifconfig hme0:n up
where n corresponds to the number you created in Step 2 for each file name, and IP_address is the address assigned to the corresponding server in Step 1. 7. Test the configuration. From another computer, use the ping command with the server names. To show the network status, use the netstat command. To disable an IP address in Sun Solaris: Do not remove the IP address of the server partition that uses the computer host name as its server name. 1. To disable the IP address, type:
/sbin/ifconfig hme0:n down
55
where n is the number assigned to the file that contains the server name. For example:
/sbin/ifconfig hme0:1 down
2. Remove the corresponding /etc/hostname.hme0:n file. For example, to remove Server2, remove the /etc/hostname.hme0:1 file, which contains the name Server2. 3. Remove the partitions server name entry from the local host names /etc/hosts file. Windows: To configure a single NIC for multiple IP addresses on Microsoft(R) Windows(R) systems, do the following: v For Windows 2000, use the Network and Dial-up Connections icon on the Control Panel, and then the Local Area Connection icon. Click the Properties button. For more information, see the Windows 2000 documentation.
Configuring a partitioned server for one IP address and port mapping

To configure server partitions to share the same IP address and the same NIC, you use port mapping. With port mapping, you assign a unique TCP port number to each server partition and designate one partition to perform port mapping. The port-mapping partition listens on port 1352 and redirects IBM(R) Lotus(R) Notes(R) and IBM(R) Lotus(R) Domino(TM) connection requests to the other partitions. If the port-mapping partition fails, existing sessions on the other partitions remain connected. In most cases, Notes clients will not be able to open new sessions on any of the partitions. However, because each Notes client maintains information in memory about recent connections, including those redirected by the port-mapping partition, a client may be able to connect to a partition even when the port-mapping partition is not running. A client or remote server that has a Connection document containing both the IP address and the assigned port can always access the port-mapping partition. Because the port-mapping partition requires extra system resources, consider dedicating the partition to this task only. To do this, remove all other server tasks, such as mail routing and replication, from the partitions NOTES.INI file. Port mapping works for NRPC communication only. However, you can use the Server document in the Domino Directory to configure IMAP, LDAP, and POP3 services and Domino Web servers to use unique ports for communication. When you do, you must make the port number available to users when they try to connect to the servers. Note: Because Internet protocols carry a large amount of data, you may encounter I/O bottlenecks if you use a single NIC with too many server partitions. Consider adding additional NICs and isolating the data by protocol. To configure for one IP address and port mapping: When you set up port mapping, the port-mapping partition automatically routes NRPC communication requests to the other server partitions. Note: When setting the NOTES.INI variables for port mapping, do not include a zone in a port mapped address. The zone is only valid locally. 1. Decide which server partition will perform port mapping.
56
2. Choose a unique TCP/IP port number for each server partition on the computer. The port-mapping partition uses the assigned port, 1352. It is best to use port numbers 13520, 13521, 13522, 13523, or 13524 for the additional server partitions. 3. In the NOTES.INI file of the port-mapping partition, include one line for the port-mapping partition and one line for each of the other partitions. For the port-mapping partition, enter:
TCPIP_TcpIpAddress=0,IPAddress:1352
where TCPIP is the port name, and IPAddress is the IP address of the port-mapping partition. For each of the other partitions, enter:
TCPIP_PortMappingNN=CN=server_name/O=org,IPaddress:TCP/IP port number
where TCPIP is the port name, NN is a number between 00 and 04 assigned in ascending sequence, server_name is the server name of the partition, org is the organization name, IPAddress is the shared IP address, and TCP/IP port number is the unique port number you chose for the partition. Note: You must assign the numbers for NN in ascending order beginning with 00 and ending with a maximum of 04. If there is a break in the sequence, Domino ignores the subsequent entries. 4. In the NOTES.INI file of each of the other partitions, include this line:
TCPIP_TcpIpAddress=0, IPAddress:IPport_number
5.
6. 7. 8.
where TCPIP is the port name, IPAddress is the shared IP address, and IPport_number is the unique port number you chose for the partitioned server. In the Net Address field on the Ports - Notes Network Ports tab in the Server document for each partition, enter the fully qualified domain name -- for example, sales.acme.com -- or enter the common server name -- for example, Sales. Create an IP address entry for the port-mapping partition in the DNS, NIS, or the local hosts file. Include each partition name as a separate CNAME entry in the DNS, NIS, or the local hosts file. If you also plan to set up the partitions for IMAP, LDAP, and POP3 services and Web server communication, assign to each protocol a unique port number in the TCP/IP port number field on the appropriate subtabs (Web, Directory, and Mail) on the Ports - Internet Ports tab of the Server document. Note: You must make these port numbers available to users when they try to connect to these servers. For example, if you assign port 12080 to the Web server acme.com, users must include acme.com:12080 in the URL in order to connect to the server, unless they have a means to redirect the connection to this port assignment.
Example: This example shows the lines you add to the NOTES.INI files of the server partitions to set up port mapping for six partitions. Partition 1 (the port-mapping partition):
TCPIP_TcpIpAddress=0,192.94.222.169:1352 TCPIP_PortMapping00=CN=Server2/O=Org2,192.94.222.169:13520 TCPIP_PortMapping01=CN=Server3/O=Org3,192.94.222.169:13521 TCPIP_PortMapping02=CN=Server4/O=Org4,192.94.222.169:13522 TCPIP_PortMapping03=CN=Server5/O=Org5,192.94.222.169:13523
57
TCPIP_PortMapping04=CN=Server6/O=Org6,192.94.222.169:13524
Partition 2:
TCPIP_TcpIpAddress=0,192.94.222.169:13520
Partition 3:
Partition 4:
Partition 5:
Partition 6:
Changing a TCP or SSL port number

The following sections describe the TCP ports that IBM(R) Lotus(R) Domino(TM) services use and provide guidelines should you ever need to change these ports. Default port for NRPC: By default, all NRPC connections use TCP port 1352. Because the Internet Assigned Number Authority (IANA) assigned Lotus Domino this port number, non-Domino applications do not usually compete for this port. Do not change the default NRPC port unless: v You can use a NAT or PAT firewall system to redirect a remote systems connection attempt. v You are using Domino port mapping. v You create a Connection document that contains the reassigned port number. To change the default NRPC port number, use the NOTES.INI setting TCPIPportname_TCPIPAddress and enter a value available on the system that runs the Domino server. TCP ports with numbers less than 5000 are reserved for application vendors. You may use any number from 1024 through 5000, as long as you dont install a new application that requires that number. Note: When setting the NOTES.INI variables for port mapping, do not include a zone in a port mapped address. The zone is only valid locally. Default ports for Internet services: You may occasionally need to change the number of the TCP or SSL port assigned to an Internet service. Lotus Domino uses these default ports for Internet services:
Service POP3 IMAP LDAP SMTP inbound SMTP outbound HTTP IIOP Default TCP port 110 143 389 25 25 80 63148 Default SSL port 995 993 636 465 465 443 63149
58
Service Server Controller
Default TCP port N/A
Default SSL port 2050
Server setup tasks specific to NetBIOS

After you run the IBM(R) Lotus(R) Domino(TM) Server Setup program, complete these procedures: 1. Use the Domino Administrator to define a NetBIOS LANA number for the NetBIOS port. 2. If you want the server to connect to different segments of a NetBIOS network, create one or more additional Notes network ports for NetBIOS.
Defining a NetBIOS LANA number for a Notes network port

To run NetBIOS on a server, after you complete the Server Setup program, you must determine the NetBIOS LANA number to which the Notes network port will be bound. The NetBIOS LANA number is a logical number that represents a NetBIOS transport protocol stack on a NIC. You must know which transport protocol IBM(R) Lotus(R) Notes(R) workstations and other IBM(R) Lotus(R) Domino(TM) servers are using for NetBIOS within your workgroup or company. If the computer running the Domino server has more than one NIC running the same protocol stack, you must define a different NetBIOS LANA number for each Notes network port for NetBIOS. NetBIOS systems using the same transport protocol should be in the same Notes named network. If you create Connection documents on the server, the LAN port you select must also be for the same transport protocol. To define a LANA number in Lotus Domino: 1. From the Domino Administrator or Web Administrator, click the server for which you want to define a LANA number. 2. Click the Configuration tab. 3. Do one of these: v From the Domino Administrators Tools pane, choose Server - Setup Ports. v From the Web Administrators Port tool, choose Setup. 4. Select the Portname port, where Portname is the name of the NetBIOS port for which you are defining a LANA number. 5. Click Portname Options, and choose Manual. 6. Enter the correct LANA number. 7. Click OK. To find the LANA number for a NetBIOS protocol on a Windows XP or 2000 system: A Microsoft(R) Windows(R) XP or 2000 system does not have a direct means to see the LANA associations. For Windows XP or 2000 systems you can either review the systems registry bindings or use a Microsoft tool called LANACFG to see and change the LANA number assignments. The following is an example of the tools output from a Windows 2000 server.
lanacfg [options] showlanapaths - Show bind paths and component descriptions for each exported lana setlananumber - Change the lana number of a bind path rewritelanainfo - Verify and write out lana info to the registry
59
showlanadiag - Show lana diagnostic info
From the DOS prompt, enter

C:\>lanacfg showlanapaths
You see the following:

Lana: Lana: Lana: Lana: 4 7 3 0 -->NetBEUI Protocol-->3Com EtherLink III ISA (3C509/3C509b) in Legacy mode -->NetBEUI Protocol-->WAN Miniport (NetBEUI, Dial Out) -->NWLink NetBIOS -->WINS Client(TCP/IP) Protocol-->Internet Protocol TCP/IP)-->3Com EtherLink III ISA (3C509/3C509b) in Legacy mode
Creating additional network ports for NetBIOS

After you run the IBM(R) Lotus(R) Domino(TM) Server Setup program, you can create network segments for multiple NetBIOS interfaces on the same computer by adding a IBM(R) Lotus(R) Notes(R) s network port for NetBIOS for each additional NIC. In addition to adding each port for NetBIOS, do the following: v Associate each Notes network port for NetBIOS with a specific NetBIOS interface by defining a LANA identifier for each port. v Make sure that all Domino servers that will access each other have an interface that uses a common transport protocol. It is best if they are also in the same IBM Lotus Notes named network. v Make sure that the network segments to which the server systems NICs are attached do not have a pathway in common. The NetBIOS name service (NetBIOS over IP) can fail if it detects the same system name or Domino name echoing back between the pathways. If you are using both the NetBIOS name service and DNS or a hosts file for name resolution, make sure that the server name in DNS or the hosts file is different from the system name.
60
Chapter 3. Installing and Setting Up Domino Servers

This chapter describes how to plan a hierarchical name tree and how to install, set up, and register IBM(R) Lotus(R) Domino(TM) servers.
Installing and setting up Domino servers

Before you install and set up the first IBM(R) Lotus(R) Domino(TM) server, you must plan server and organizational naming and security. In addition, you must understand your existing network configuration and know how Domino will fit into the network. If you are adding an additional server to an existing Domino infrastructure, you must have already registered the server and its server ID and password must be available. Note: If you plan to run multiple language versions of Domino with Web browsers, install the International English version of the Domino server as the base Domino installation. Next, install other language packs. Installing the Domino server in English first prevents error messages from displaying in other languages, even when you have selected English as the language preference in your Browser options. For information on system requirements, see the Release Notes.
Domino server evaluation software license

You also have the option of installing an evaluation copy of the Domino server instead of the traditional production copy. The evaluation copy can be used for a limited number of days. For more information about installing and using the Domino server evaluation software, see the topic Using the Domino server with a trial evaluation license.
To install and set up a server

Installing a Domino server -- that is, copying the server program files onto the designated machine -- is the first part of deploying a server. The second part is using the Domino Server Setup program to configure the server. Note: Do not unpack installation kit files to the same directory to which you install the installation files from the CD. Specify a unique directory path for each set of installation files. 1. Choose a name for the server. Refer to the hierarchical name scheme that you created based on your companys structure. 2. Identify the function of the server -- for example, will it be a mail server or an application server? The function of the server determines which tasks to enable during configuration. 3. Decide where to locate the server physically and decide who administers it. 4. Decide whether the server is part of an existing Domino domain or is the first server in a new Domino domain. For more information on Steps 1 through 4, see the chapter Deploying Domino. 5. If this is the first server in a Domino domain, do the following:
61
a. b. c. d. e. f. 6. If a. b. c.
Install the server program files. Use the Domino Server Setup program to set up the server. Complete network-related setup. Create organization certifier IDs and organizational unit certifier IDs, as required by the hierarchical name scheme. Distribute certifier IDs to administrators. Implement Domino security. this server is part of an existing Domino domain, do the following: Use the Domino Administrator to register the server. Install the server program files on each additional server. Use the Domino Server Setup program to set up each additional server.
For more information on Steps 5 and 6, see the procedures that follow and the chapters Setting Up the Domino Network and Planning Security. 7. Perform additional configuration procedures, based on the type of services, tasks, and programs that you want to run on this server.
Entering system commands

Some of the procedures that follow include instructions for entering commands at the system command prompt. The instructions tell you to enter the command from the Domino program directory or Notes program directory, depending on whether you are performing the procedure on an IBM(R) Lotus(R) Domino(TM) server or an IBM(R) Lotus(R) Notes(R) workstation. Before entering commands, make sure you understand the following definitions of these terms as they apply to your operating system.
Microsoft Windows operating systems

On a Domino server, the Domino program directory is c:\Program Files\IBM\Lotus\Domino, unless you installed the program files to a different location. On a Notes workstation, the Notes program directory is c:\Program Files\IBM\Lotus\notes, unless you installed the program files to a different location.
UNIX operating systems

For Domino on a UNIX server, the actual location of the server program files is different from the directory you use for entering commands. Always use the following path for entering commands:
lotus/bin/server
The server portion of the path is a script that initializes a UNIX shell so that Domino programs can run on UNIX. The default location of the lotus directory is /opt/ibm/lotus, but you can change it to any location, for example, /local/lotus or /usr/lotus.
Server installation
The first step in deploying an IBM(R) Lotus(R) Domino(TM) server is installation, or copying the program files to the systems hard drive. To install Domino, see the following procedures: v Installing Domino on Windows systems v Installing Domino on UNIX systems
62
v Using silent server installation to install Domino on Windows or UNIX systems v Installing Domino on Linux on zSeries systems v Using Silent Server Install on Linux on zSeries systems
Installing Domino on Windows systems

You can install IBM(R) Lotus(R) Domino(TM) on a Microsoft(R) Windows(R) system by following this procedure, or you can perform a silent installation of a local server. 1. Before you install the Domino server program files on a Windows system, do the following: v Make sure that the required hardware and software components are in place and working. v Read the Release Notes for operating system and network protocol requirements and for any last-minute changes or additions to the documentation. v Temporarily disable any screen savers and turn off any virus-detection software. v Before running any Domino setup command, be sure to complete any pending reboot actions you may have from installing other applications. v Make sure that all other applications are closed. Otherwise, you may corrupt any shared files, and the Install program may not run properly. v If you are upgrading to Domino from a previous release, see the upgrade information available at http://www.redbooks.ibm.com. 2. Run the install program (SETUP.EXE), which is on the installation CD. 3. Read the Welcome screen, and click Next. Then read the License Agreement and click I accept the terms in the license agreement, and then click Next. 4. Choose the program directory, and choose whether you are installing partitioned servers. Click Next. 5. Specify the data directory in which to copy the software. If you are installing a partitioned server, specify a data directory for each partition. Note: For partitions, use the Add button to add each of the data directories to the list. If they are not added to the list they will not be installed. 6. Select the server type you acquired: v Domino Utility Server -- Installs a Domino server that provides application services only, with support for Domino clusters. The Domino Utility Server removes client access license requirements. Note that it does NOT include support for messaging services. See full licensing text for details. v Domino Messaging Server -- Installs a Domino server that provides messaging services. Note that it does NOT include support for application services or Domino clusters. v Domino Enterprise Server -- Installs a Domino server that provides both messaging and application services, with support for Domino clusters. v Customize - Allows you to select the features you want to install. Note: All installation types support Domino partitioned servers. Only the Domino Enterprise Server supports a service provider (xSP) environment. 7. If you are installing partitioned servers, specify a data directory for each partition.
63
8. Review the summary information, and then select Next to begin installing files. 9. Click Finish to complete the install program. 10. Choose Start - Programs - Lotus Applications - Lotus Domino Server, or use the icons on your Desktop to start the Server Setup program.
Using silent server installation to install Domino on Windows or UNIX systems

Use IBM(R) Lotus(R) Dominos(TM) silent server installation to install servers without any intervention during the installation process. The silent server installation suppresses the wizard and the user interface. There is no need to monitor the installation or to provide additional input through the typical installation dialog boxes. Before running Dominos silent server install on a Microsoft(R) Windows(R) or UNIX(R) system, do the following: v Make sure that the required hardware and software components are in place and working. v Read the Lotus Domino Release Notes for operating system and network protocol requirements. Check the Release Notes for last-minute changes or additions that may impact the silent server install. v Temporarily disable screen savers and turn off virus-detection software. v Before running any Domino setup command, complete any pending reboot actions you may have from installing other applications. v Make sure that all other applications are closed; otherwise, you may corrupt shared files, and the Install program may not run properly. v If you are upgrading from a previous Domino release, see the upgrade information available at http://www.redbooks.ibm.com. Customized silent server install on Microsoft Windows and UNIX systems: There are three methods of customizing silent server installs. Create or record the response file, which contains the installation configuration information, or modify the sample response file provided in the install kits. Creating the response file for silent server installation: A typical (non-silent) install uses dialog boxes to receive input from you during installation. The silent (automated) server install does not prompt you for input. Instead, response files are used to provide the detail information for the install process. There are two methods of generating response files, the template and record methods. A response file created using the template method contains the literal values that are used during the install process. It is generated prior to the execution of the installation and contains all of the default installation options and paths. You can manually customize this file by editing options. The benefit of using a template file is that you do not need to install a server in order to create the file. A response file created using the record method is generated after the server install completes, at the time the wizard exits and stores the values of the applicable wizard properties in the file. The recorded response file is useful for saving a record of a specific wizard execution session which can later be reused in a silent or modified installation. When you install a server, your customizations are saved to the resulting response file, eliminating the need to edit the response file. This is the safer method because you do not create issues caused by typos or incorrect entries and values.
64
Creating a response file by modifying a sample response file: Use this procedure to create a response file by modifying one of the response file templates that are provided in the install kit. Response files contain installation configuration information. The sample response files, sample_response.txt or unix_response.dat., are located on the CD with the other installation files. 1. To modify the sample response file, do one of these: v Open the template file, modify the file as necessary, and then save the file to a new name. v Save the file to a new file name, modify the file, and then save the file again. 2. Run the silent install referencing the response file. Creating a new response file template: Use this procedure to create a new response file. It takes several minutes for the response file to be created. When the SETUP.EXE or ./install file and the JAVA.EXE file have finished running, the new response file is ready for use. To determine whether SETUP.EXE or ./install and JAVA.EXE have finished running, check the Task Manager on Microsoft(R) Windows(R), or the UNIX(R) system processes. 1. Do one of these: v On Microsoft Windows, run
setup.exe -options-tempate c:\temp\file.txt
v On UNIX, run
./install -options-template /local/response.dat
2. Modify the resulting response file with your specific install options. 3. Run the silent install referencing the response file. Creating a new response file template: Use this procedure to record a new response file. It takes several minutes for the response file to be created as you must complete the server installation on the system. 1. Do one of these: v On Microsoft Windows, run
setup.exe -options-record c:\temp\file.txt
v On UNIX, run
./install -options-record /local/response.dat
2. Run through the installation dialogs making the selections you want specified in you response file. Your response file will be complete at the end of the installation. 3. Run the silent install (on other systems) referencing the response file Using a response file: To use a response file, specify the -options parameter and the exact path to the response file on the command line. Enter the command in the format shown in the example according to platform: For Microsoft(R) Windows(R) platforms
setup.exe -silent -options c:\temp\file.txt
For UNIX(R) platforms

./install -silent -options /local/response.dat
65
For additional examples for Windows and UNIX platforms, see the table.
Installation activity Example
Running silent install with default selections On Windows: setup.exe - silent and options On UNIX: ./install - silent Creating a Response File: On Windows: setup -options-template c:\temp\file.txt On UNIX: ./install -options-template /local/response.dat Recording a response file On Windows: setup -options-record c:\temp\file.txt On UNIX: ./install -options-record /local/response.dat Running silent install using response files On Windows: setup.exe -silent -options c:\temp\file.txt On UNIX: ./install -silent -options /local/response.dat
Running the Silent Server Install on Microsoft Windows or UNIX Systems

You can run silent server install either with a response file or without a response file. When you run silent server install with a response file, custom install options are applied to the install while it is running. When you run silent server install without a response file, the install uses all of the default options. To create a response file for automating the IBM(R) Lotus(R) Domino(TM) installation, see the topic Using silent server installation to install Domino on Windows or UNIX systems. Complete these steps to run a silent server install for the Domino server: 1. Launch the server install with any of the command line parameters shown in the table below.
Parameter -silent Description and example Runs the basic silent server install using the default options. v On Microsoft(R) Windows(R), setup.exe -silent v On UNIX(R), ./install -silent Runs the silent server install with customized options. v On Windows, setup -silent -option C:\temp\file.txt v On UNIX, ./install -silent -option /local/response.dat
Installing Domino on Linux on zSeries systems

Before you install the IBM(R) Lotus(R) Domino(TM) program files on a Linux(R) on zSeries system, do the following: v Make sure that the required hardware and software components are in place and working. v Read the Release Notes for operating system and network protocol requirements and for any last-minute changes or additions to the documentation.
66
v Temporarily disable any screen savers and turn off any virus-detection software. v Make sure that all other applications are closed. Otherwise, you may corrupt any shared files, and the Install program may not run properly. v If you are upgrading to Domino from a previous release, see the upgrade information available at http://www.redbooks.ibm.com. v For Domino for Linux, you must install the sysstat package containing iostat in order to obtain platform statistics. v If you are using Linux on zSeries, do the following: 1. Copy the Domino installation tar file, ZLINUX.TAR.GZ, from the CD ROM at your workstation to a Linux(R) on zSeries file system where it can be expanded and utilized for the installation steps. Be sure to transfer the file using a binary method. For example, for FTP, set the transfer mode to binary. Neither the tar file nor its contents are required after installation has completed. 2. Expand the tar file by issuing the following shell command on Linux for zSeries:
tar -xzvf ZLINUX.TAR.GZ
Note: It could take a minute or two for this process to complete. Once complete, the subdirectories zlinux/domino should exist. 3. (Optional) Delete the tar file to save disk space. 4. Change to the directory containing the Domino install script:
cd zlinux/domino
When the installation is complete (interactive mode or script mode), both the tar file and the zlinux subdirectory created by its expansion can be deleted. You can install multiple instances of the Domino server on a single system. The instances can be the same release of Domino or different releases. If you install different releases, only one instance can be earlier than the current Domino release. If you want all instances to be the same release, it is best to install a Domino partitioned server because all Domino partitions then share one program directory and, by doing so, conserve system resources. If you install a single Domino server and later want to make it a partitioned server, you can do so without removing the initial installation. When you have multiple instances of the Domino server, each with a separate program directory, one or more of the instances may be a partitioned server. To install the Domino program files on a Linux on zSeries system, you can use either interactive mode or script mode.
To use interactive mode

You use interactive mode to install the Domino program and data files on the local machine or to use a Telnet connection to install the Domino program and data files on specified remote systems. During the interactive mode installation, you can use these keys at the UNIX(R) command prompt: v Type h for help v Type e to exit the Install program v Press ESC to return to the previous screen v Press the spacebar to change the setting until you get the one you want
67
v Press TAB to accept a setting and continue to the next screen 1. Make sure the Domino server kit is available from your network or CD ROM drive. Note: If you are using Linux on zSeries, be sure the Install files are located in your local file system. For information on transferring the files to your local file system, see the procedure at the beginning of this topic. 2. Log in to the root account for Domino Server installation. 3. Change to the directory containing the install script. 4. Enter the following at the root command prompt to run the script:
./install
5. Follow the on-screen instructions and specify these options:

Option Add data directories only Action Choose one: v Yes to change a single Domino server into a partitioned server or add data directories to an existing partitioned server v No to keep a single Domino server Domino Server installation type Install template files Choose the server type that you acquired. For an xSP server, you must have the Domino Enterprise Server. Choose one: v Yes to install new templates v No to retain templates from a previous release Install xSP server (for Domino Choose one: Enterprise Server only) v Yes if this is an xSP server v No if this is not an xSP server Program directory Create /opt/ibm/lotus soft link Specify the directory in which Domino will store program files. Choose one: v Yes if this system will have only one Domino installation (program directory) v No if this system will have multiple Domino installations (multiple program directories) Data directory Specify the directory in which Domino will store data files. If you are installing a partitioned server, indicate that and specify multiple data directories. Specify the person who will own the server configuration data. If you are installing a partitioned server, you may specify a different person for each data directory. Specify the group to which the UNIX User belongs. If you are installing a partitioned server, you may specify a different group for each data directory.
UNIX User name
UNIX Group name
To use script mode

Script mode installation provides silent install functionality for UNIX platforms and allows you to install saved installation settings to a local server or remote servers.
68
SCRIPT.DAT, the default sample script file, contains information you need to install the Domino server program files, including descriptions of each parameter and instructions for using the -script option to install partitioned servers. Note: Existing SCRIPT.DAT files from previous Domino versions cannot be used with the new ISMP installer. Modify a local copy of the file sample unix_response.dat provided with the install kits. More options are now available than in the previous installations script.dat file. 1. Change the directory to the kits install directory on either the CD-ROM or network drive. 2. Copy SCRIPT.DAT from the kits install directory to your local system as
filename.dat
Where filename is the name you want to give to the local script file that will contain the installation settings. 3. Open the local script file, filename.dat, and set the parameters as needed. It is usually best to use the default settings, as follows: v Install target host name -- parameter = target_hosts v v v v v v v Domino server installation type -- Choose the server type that you acquired. Install template files -- template_install_option = 1 Add data directories only -- add_data_directories_only = 0 Install xSP server -- asp_install_option = 0 Program directory -- Use the directory where Domino stores program files. Create /opt/ibm/lotus soft link -- opt_lotus_softlink = 0 Data directory -- Use the directory where Domino stores data files.
v UNIX User name -- Person who will own the server configuration data v UNIX Group name -- The group to which the UNIX User belongs 4. Save the local file, filename.dat. 5. Log in to the root account from your local system. 6. Switch back to the kits install directory (CD-ROM or network). 7. To install using the local script file, enter this command at the UNIX console prompt:
install -script filename.dat
Using Silent Server Install on Linux on zSeries systems

These instructions apply to Linux(R) on zSeries systems. Before running a silent server install, read all of the installation information in this chapter. Running a silent server install on Linus on zSeries: 1. Make a local copy of the file SCRIPT.DAT. The SCRIPT.DAT file is located in the install directory. 2. Edit the new copy of SCRIPT.DAT. The step-by-step instructions for editing the file are in the SCRIPT.DAT file. 3. Run the install program by entering this command:
./install -script /tmp/script.dat
Note: The command shown above uses the directory name tmp but you may name this directory according to your own naming conventions.
69
Using the express install

Note: Before running any IBM(R) Lotus(R) Domino(TM) setup command, be sure to complete any pending reboot actions you may have from installing other applications. Express install is similar to a regular server install except that you have the additional option of launching the server from the last window displayed during express install. During the express install, you are presented with various dialog boxes and informational messages, as you would be during the standard Domino server install; however, during express install, many of the options presented on the dialog boxes are selected for you, resulting in a faster install process. To run Dominos Express Install, from the Installer command line, enter the following command:
setup -express
Note: Run Domino express server install from the full installation kit. It is not available for installation from a Web kit.
Disabling Concurrent I/O and Direct I/O on Domino servers on AIX

Concurrent I/O (CIO) and Direct I/O (DIO) are not supported with IBM(R) Lotus(R) Domino(TM) servers. CIO is a file system feature introduced in IBM(R) AIX(R) 5.2.0.10, also known as maintenance level 01, in the Enhanced Journaling File system (JFS2). This feature improves performance for many environments, particularly for relational databases. Because the CIO feature is not supported for use with Domino servers, do not enable this option on file systems that Domino accesses. If this option is enabled, Domino data might become corrupted, which can cause server crashes or performance issues. Certain core file system items, such as file buffer cache, per-file lock or inode lock, and sync daemon, are managed differently by the operating system with the CIO option enabled. Domino is not coded to address these changes in behavior. The CIO option is typically enabled as a flag when a file system is mounted. Use these steps to disable the mount option: 1. Run this command for each file system mounted with CIO:
chfs -a options=rw /FS_NAME
Where /FS_NAME is the name of the mount point. 2. Unmount and remount each file system, or reboot, which has the same effect when done after running the chfs commands. 3. To verify that the change was applied, run mount and verify that you do not see cio in the mount options column, as shown in the examples.
Example of output with CIO disabled

/dev/test05lv /test05 jfs2 Oct 04 23:13 rw,log=INLINE
Example of output with CIO enabled:

/dev/test03lv /test03 jfs2 Sep 19 19:25 rw,cio,log=INLINE
70
For more information on the CIO feature, see the AIX whitepaper Improving Database Performance With AIX Concurrent I/O at http://www-1.ibm.com/ servers/aix/whitepapers/db_perf_aix.pdf
The Domino Server Setup program

The IBM(R) Lotus(R) Domino(TM) Server Setup program guides you through the choices you make to configure a Domino server. Setting up the first Domino server in a domain establishes a framework that consists of the Domino Directory, ID files, and documents. When you set up additional servers, you build upon this framework. Note: Domino first server setup creates IDs with a default public key width of 1024 bits. If a different key width is required, run SETUP.EXE to install the Domino files but before starting the server, open the servers NOTES.INI file, and then set SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH to the desired key width. For example, for Domino R5-compatible keys, install the files for the Domino server by running SETUP.EXE, but before starting the server, open the NOTES.INI file and then set SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH=630. The public key width can be set to either 630 or 1024 when using the NOTES.INI variable. Setting up the first Domino server does the following: v Creates a Domino domain. v Creates the certification log file, names it CERTLOG.NSF, and saves it in the Domino data directory. v Uses the PUBNAMES.NTF template to create the Domino Directory for the domain, names the directory NAMES.NSF, and places it in the Domino data directory. v Creates an organization certifier ID, names it CERT.ID, and saves it in the Domino data directory. v Optionally creates an organizational unit certifier ID, names it OUCERT.ID, and stores it in the Domino Directory. v Creates a Certifier document, which describes the organization certifier ID, in the Domino Directory. v Creates a server ID, names it SERVER.ID, and saves it in the Domino data directory. v Uses the organization certifier ID to certify the server ID. v Creates a Server document in the Domino Directory and includes in it information that you specified during the setup program. v Creates a Person document in the Domino Directory for the Domino Administrator that you specified during the setup program. v Creates a user ID and password for the Domino Administrator and attaches it as a file named USER.ID to the administrators Person document in the Domino Directory. v Uses the organization certifier ID to certify the administrators user ID. v Gives the administrator and the server Manager access in the ACL of the Domino Directory. v Adds the server name to the LocalDomainServers group in the Domino Directory. v Creates the log file, names it LOG.NSF, and saves it in the Domino data directory. v Enables the appropriate network and serial ports.
71
v Creates a mail directory in the Domino data directory and creates a mail file in that directory for the Domino Administrator. v Creates the Reports file, names it REPORTS.NSF, and saves it in the Domino data directory. v Updates network settings in the Server document of the Domino Directory. v Configures SMTP, if selected during the setup program. v If DOLS Domino Off Line Services was selected during the setup program, creates the Off-Line Services file, names it DOLADMIN.NSF, and saves it in the Domino data directory,. v Updates the Access Control List in all databases and templates in the Domino data directory tree to remove Anonymous access and/or add LocalDomainAdmin access, depending on the selections made during the setup program. v Configures xSP Service Provider information, if selected during the install program. Setting up an additional Domino server does the following: v Copies the Domino Directory, if a file location was specified during the setup program, names it NAMES.NSF, and saves it in the Domino data directory. v Dials the existing Domino server if the connection is made through a modem (possible only on Microsoft(R) Windows(R) systems). v Copies the servers ID from the location specified during the setup program, either from a file, a copy of the directory, or the existing Domino servers directory; names it SERVER.ID; and saves it in the Domino data directory. v Retrieves the Domain name and Administrator name from the Server document in the Domino Directory. v Creates the log file, names it LOG.NSF, and saves it in the Domino data directory. v Copies or replicates the Administration Requests file, names it ADMIN4.NSF, and saves it in the Domino data directory. v Copies or replicates the Monitoring Configuration file, names it EVENTS4.NSF, and saves it in the Domino data directory. v Replicates the Domino Directory, if it doesnt already exist, names it NAMES.NSF, and saves it in the Domino data directory. v Creates a Connection document to the existing Domino server in the Domino Directory. v Creates the Reports file, names it REPORTS.NSF, and saves it in the Domino data directory. v Updates network settings in the Server document of the Domino Directory. v Configures SMTP, if selected during the setup program. v If DOLS Domino Off-Line Services was selected during the setup program, creates the Off-Line Services file, names it DOLADMIN.NSF, and saves it in the Domino data directory. v Updates the Access Control List in all databases and templates in the Domino data directory tree to remove Anonymous access and/or add LocalDomainAdmin access, depending on the selections made during the setup program. v Configures xSP Service Provider information, if selected during the install program. v Replicates changes made to the Server document with the existing server, if any.
72
v Removes the SERVER.ID attachment from the Domino Directory, if applicable.
Using Domino Off-Line Services (DOLS) and Domino Web Access

To provide IBM(R) Lotus(R) Domino(TM) Web Access users with the ability to work off line, you must enable IBM Lotus Domino Off-Line Services (DOLS) when you set up the server. DOLS enables users to work off line, disconnected from the network, and provides many replication features that IBM Lotus Notes(R) users expect when working in the Notes client. Users require a Notes ID so that DOLS can synchronize the offline mail file with the server. The default DOLS configuration will prompt the user for a Notes ID the first time they go offline with Domino Web Access. If you rename a user, the user must reinstall the DOLS offline subscription in order for the offline mail file to synchronize with the server. After a name change, the user must wait for the old Notes ID and password to stop working, accept the name change using a Notes client, then log on to Domino Web Access with the new Notes ID and password.
Setting up DOLS on a server

IBM(R) Lotus(R) Domino(TM) Off-Line Services (DOLS) must be configured on the Domino server for users to be able to take applications off-line and use only a browser to work with them. You can enable any application for DOLS. The following templates are enabled for DOLS by default: v IBM(R) Lotus(R) Domino(TM) Web Access (MAIL8.NTF, DWA7.NTF, and iNOTES6.NTF) v Discussion - IBM(R) Lotus(R) Notes(R) and Web (R7) database (DISCSW7.NTF)
To configure DOLS during Domino Server Setup

1. Under Setup Internet services for, select Web Browsers (HTTP services), and then click Customize. 2. In the Domino tasks list, select DOLS Domino Off-Line Services. 3. At the end of setup, when you have the option to create an access control list entry, add the group LocalDomainAdmins to all databases and templates. 4. Accept the default option Prohibit Anonymous access to all databases and templates. If you deselect this option, you must open the ACL for each DOLS application and assign No Access to Anonymous. 5. Make sure the following names are identical: v The TCP/IP DNS host name -- In Microsoft(R) Windows(R), choose Start Programs - Windows Explorer. Then choose Network Neighborhood properties - TCP/IP properties. On the DNS Configuration tab, look at the Host field. v The server name -- Open the Server document and look at the Server name field. v The Internet host name -- Open the Server document and look at the Fully qualified Internet host name field. Note: DOLS runs on Domino servers configured to work through a Microsoft IIS server.
73
To configure DOLS manually

If you do not configure DOLS during Domino Server Setup, you can configure DOLS manually by editing the Server document. 1. Open the Server document. 2. Click Internet Protocols - HTTP. 3. In the DSAPI filter file names field, enter the DSAPI filter file name that corresponds to the operating system that the server is running, and then restart the server: v Microsoft Windows - ndolextn v Linux(R) - libdolextn v IBM(R) AIX(R) - libdolextn v Solaris/Sparc - libdolextn v S390(R) - libdolextn v iSeries(R) - libdolextn Note: On the iSeries platform, the Server document is updated when a new server is configured or an existing server is modified using the CFGDOMSVR or CHGDOMSVR CL command with DOLS(*YES) specified. For more information on configuring an iSeries server with DOLS, see the Lotus Domino for iSeries Release Notes. 4. Create a DOLADMIN.NSF database from the template DOLADMIN.NTF. 5. After the database is created, restart the Domino administrator and click the Configuration tab. The name of the DOLADMIN.NSF is an option in the Navigation pane.
To set up DOLS on clustered servers

Before using DOLS on a clustered Domino server, make sure that: v The Domino server is either a Domino Utility Server or Domino Enterprise Server. v All servers in the cluster run the same release of Domino with DOLS v Clustered server management is running to handle both failover of replication and HTTP v Internet Cluster Manager is running v Subscription directories must have the same name on every clustered server. For example, if a subscription is under \data\Webmail user\ 7CD5957CB669AE2285256BDF00567AD8\, this name cannot be different on a different server in the cluster.
To configure DOLS on a server that uses Web Site documents

If you create a Web Site Document (a type of Internet Site document) on the Domino server, you must add the appropriate DOLS DSAPI filter filename to the DSAPI field in the Web Site document for DOLS to be enabled. If there are several Web Site documents, you must add the DSAPI filter filename to each one. To add the DOLS DSAPI filter filename to a Web Site document: 1. Open the Web Site document. 2. Click the Configuration tab. 3. In the DSAPI filter field, enter the DSAPI filter file name that corresponds to the operating system that the server is running, and then restart the server: v Win32 - ndolextn v Linux - libdolextn
74
v v v v
IBM(R) AIX(R) - libdolextn Solaris/Sparc - libdolextn S390 - libdolextn iSeries - libdolextn
For more information on Internet Site documents, see the topic Configuring Internet sites with Web Site and Internet Site documents.
Setting up Domino Web Access on a server

IBM(R) Lotus(R) Domino(TM) Web Access provides IBM Lotus Notes(R) users with browser-based access to Notes mail, and Notes calendar and scheduling features. Using Domino Web Access, a user can send and receive mail, view the calendar, invite people to meetings, create to do lists, keep a notebook, and work off line. To set up Domino Web Access, choose Web Browsers (HTTP Web services) during Server Setup. If you want to give users the ability to work off line, also choose IBM(R) Lotus(R) Domino(TM) Off-Line Services (DOLS). DOLS is not required to run Domino Web Access. Note: When providing a Domino domain name, do not use a period. For example, use AcmeProduction as a domain name instead of Acme.Production. In the Domino Administrator, make sure that the Fully Qualified Domain name (FQDN) (such as acme.lotus.com) is specified on the Basics tab of the Server document.
Setting up Domino Web Access with IBM Lotus Sametime

IBM(R) Lotus(R) Domino(TM) Web Access (DWA) integrates an instant messaging (IM) capability so that users can chat with their co-workers online and maintain an instant messaging list that shows the online status of other users. The instant messaging awareness feature also displays online status next to the names of people in mail messages, views and folders. In addition, Web conferencing capabilities are available if your organization purchased IBM Lotus Sametime(R). Use these installation instructions to install and set up Sametime for Domino Web Access. For complete information on installing IBM Lotus Sametime, see the IBM Lotus Sametime 7.5 Installation Guide for your operating system, and the IBM Lotus Sametime 7.5 Administrators Guide. To view or download the Sametime documentation, go to http://www.lotus.com/LDD/doc. Note: New in Domino 8, Domino Web Access has its own Contact List client that replaces Sametime Connect for browsers, which was used in 7.x.
Configuration Notes
v For Mozilla, you must have at least Sametime 3.1 to run instant messaging integration. Previous versions of Lotus Sametime are not supported in Domino Web Access on Mozilla. v When you install Domino 8.0, the stlinks files that are installed in the stlinks directory (for example, C:\st\domino\Data\domino\html\sametime\stlinks), are overwritten. If you have modified stlinks files (for example, if the Sametime server is configured for tunneling) these files will be replaced. When you are upgrade to 8.0, these files are backed up in a file called stlinks.sav. For additional information, see the topic Customizing STLinks files for tunneling or reverse proxy servers.
75
v To access the Sametime server using a protocol that is different from the current Web pages protocol, use the NOTES.INI configuration setting iNotes_WA_SametimeProtocol. v Sametime integration with Domino Web Access is not supported with JRE 1.4.1.
Part 1 - Set up Domino Web Access on a Domino server

1. Set up Domino Web Access on a server by making the appropriate selections during server setup. 2. Register users with the Mail (R8) (MAIL8.NTF) mail template.
Part 2 - Set up the Sametime server

If possible, the Sametime server should be in the same Domino domain as the Domino Web Access server. Follow the instructions in the IBM Lotus Sametime 7.5 Installation Guide to install and configure instant messaging on a dedicated Domino server in the same Domino domain as the Domino Web Access server. If the Sametime server is in a different domain than your Domino Web Access server, follow the instructions in Setting up Sametime and Domino Web Access in different domains. Make sure the Sametime server is functioning properly before proceeding. If you have multiple Sametime servers in a single community, also make sure that Domino single sign-on (SSO) is functioning properly between the servers. For complete information on working with multiple Sametime servers, see the IBM Lotus Sametime 7.5 Administrators Guide, available on http:\\www.lotus.com/ldd/ doc.
Part 3 - Create Connection documents

You need Connection documents for the Domino Web Access and the Sametime server if the Sametime server is not in the same domain as the Domino Web Access server. Also, if the Sametime server is in the same domain as the Domino Web Access server, but is not clustered with the registration server, you need a Connection document in order to replicate the Domino Directory. Create Connection documents using the standard procedure, and include the information below: On the Domino Web Access server: v Enter the Sametime servers name in the Destination server field. For example: Sametime/Acme. v Enter the Domino Web Access servers name in the Source domain field. v Enter the Sametime servers name in the Destination domain field. On the Sametime server: v Enter the Domino Web Access servers name in the Destination server field. v Enter the Sametime servers name in the Source domain field. v Enter the Domino Web Access servers name in the Destination domain field.
Part 4 - Specify the Sametime server for Domino Web Access users
There are two ways to specify a Sametime server for Domino Web Access users. You can edit the Configuration Settings document for the Domino Web Access server, or you can edit the person document for each user who uses instant messaging.
76
Method 1 To enable instant messaging and set the Sametime server for all Domino Web Access users at one time, use the Instant Messaging settings in the Configuration Settings document, Domino Web Access tab. After you have done this, individual users can enable or disable instant messaging on their local Domino Web Access clients by setting a User Preference. Method 2 If you choose not to enable instant messaging for all users, then you must edit the person document for each user who will use instant messaging: 1. From the Domino Administrator, click the People & Groups tab. Select the Domino Web Access Domino directory, then click People. Double-click a name to open the users Person document. Click Edit. Enter the name of the Sametime server in the Sametime server field. For example, Sametime/Sales/Acme/UK. 6. Click Save & Close. 7. Repeat Steps 3 though 6 for each person. 2. 3. 4. 5.
Part 5 - Set up the Instant Contact List in Domino Web Access

Domino Web Access 8.0 has its own Contact List client that replaces Sametime Connect for browsers, which was used in 7.0. Follow the steps below to set up the new Domino Web Access Contact List. Configure Java servlet support 1. From the Domino Administrator client, open server document for the Domino Web Access server in edit mode. 2. Click the Internet Protocols - Domino Web Engine tab. 3. In the Java(TM) Servlets section, for the field Java servlet support, select Domino Servlet Manager from the list. 4. Save and close the document, and then restart the server. Edit the Sametime Configuration file 1. Open the Sametime Configuration application (stconfig.nsf) on the Sametime server. 2. From the By Form view, open the ComunityConnectivity document. 3. Add the IP address of the Domino Web Access server to Community Trusted IPs field. 4. Save and close the document, and then restart the Sametime server. Enable the Domino Web Access Contact List client for Mozilla Firefox 1. Add the NOTES.INI setting iNotes_WA_DisableFirefoxAwareness=0 to the NOTES.INI file on the Domino Web Access server. 2. Add the signed version of the stlinks.jar file into the stlinks directory wherever you have an stlinks directory (on the Sametime server and on the Domino Web Access server). 3. Create a text file in the data directory on the Domino Web Access server called servlets.properties that includes the following line:
servlet.DWABuddyList.code=com.lotus.dwa.stbuddy.DWABuddyList
77
Part 6 - (for mixed environments only) Install Sametime 7.0 Connect for browsers For users whose mail file is based on the DWA7.NTF template on a Domino 8.0 server, you can disable Domino Web Access Contact List and use the Sametime 7.0 Connect for browsers. Sametime 7.0 Connect for browsers is not installed by default when you install the Sametime 7.5.x server. Disable the Domino Web Access Contact List 1. From the Domino Administrator, click the Configuration tab. 2. Click the Configuration Settings document for the Domino Web Access server, and then click Edit Configuration. 3. Click the Domino Web Access tab. 4. In the Instant Messaging section, for the field Prefer DWA 8 Contact List, select Disabled. 5. Save and close the document, and then restart the server. Deploy Sametime 7.0 Connect for browsers on a Sametime 7.5 server Extract the file javaconnect.zip to the <server>\data\domino\html\sametime\ javaconnect directory on the Sametime 7.5 server. Enable the Sametime 7.0 Connect for browsers link for Sametime 7.5 1. Open the Sametime Configuration application (stconfig.nsf) on the Sametime server. 2. From the By Form view, open the ComunityClient document. 3. Set the Launch Connect link field to True. 4. Save and close the document, and then restart the Sametime server.
Part 7 - Set up Domino Web SSO authentication between the Domino Web Access server and IM server
Domino single sign-on (SSO) authentication allows Web users to log in once to a Domino or WebSphere server, and then access any other Domino or WebSphere server in the same DNS domain that is enabled for single sign-on (SSO) without having to log in again. In a multiple server environment, it is possible that one or more servers in your Domino domain are already configured for Domino SSO, and the Domino Directory already contains a Domino Web SSO configuration document. When you install Sametime, it creates a Web SSO configuration document called LtpaToken unless one already exists in the Domino directory. If an LtpaToken configuration document already exists, Sametime does not attempt to alter it. For more information about Domino Web SSO authentication, see the topic Multi-server session-based name-and-password authentication for Web users (single sign-on). Configure the Domino Web Access server for Web SSO Complete the steps in this section if your Domino Web Access server is not configured for Web SSO, and you want to use the Web SSO document that Sametime created to configure it. 1. Ensure that the Domino Directory has replicated throughout the Domino domain since you installed Sametime.
78
2. Update the Web SSO Configuration document that was created when you installed Sametime (LtpaToken): a. Open the Domino Directory and select the Configurations - Web - Web Configurations view. b. From within this view, expand the list of Web SSO Configurations. c. Open the Web SSO Configuration for LtpaToken document in edit mode. (If you are unable to edit the document, record the settings in the document, and then delete it and create a new one.) d. Update these fields if necessary: Domino Server Names -- make sure this field contains the name of all of the Domino Web Access servers and Sametime servers that should participate in Single Sign-on. DNS Domain -- make sure this is the fully-qualified domain name of the Domino Web Access and Sametime server. e. Click Save & Close. 3. Enable single sign-on and basic authentication in the Server document for the Domino Web Access server as described in Enabling single sign-on and basic authentication. When you update the Web SSO Configuration field, select LtpaToken from the list. 4. Ensure that the updates replicate to all of the servers in the domain. Update Domino Web Access server Web SSO configuration Complete the steps in this section if your Domino Web Access server is already configured for Domino Web SSO. You must add the Sametime server to your configuration: 1. Update your existing Domino Web SSO Configuration document. a. Open the Domino Directory and select the Configurations - Web - Web Configurations view. b. From within this view, expand the list of Web SSO Configurations. c. Open the Domino Web SSO document that you are using for your Domino Web Access server in edit mode. d. Update these fields if necessary: Domino Server Names -- make sure this field contains the name of all of the Domino Web Access servers and Sametime servers that should participate in Single Sign-on. DNS Domain -- make sure this is the fully-qualified domain name of the Sametime server. e. Click save & Close. 2. Update the Server document for the Sametime server. a. Open the server document. b. Click Internet Protocols - Domino Web Engine, and select the Web SSO Configuration field. c. From the drop-down list, select the Web SSO Configuration that you are using for the Domino Web Access server. d. Click Save & Close. 3. Ensure that the updates replicate to all of the servers in the domain. Although Domino SSO is the preferred authentication method, you can continue to use secrets and tokens authentication databases, if you are already using them. For
79
example, if any of the servers in your domain is configured for something other than multiple server SSO, (single server SSO for example) you must use secrets and tokens authentication. For information on setting up Secrets and Tokens authentication, see the topic Setting up Secrets and Tokens authentication for instant messaging in Domino Web Access.
Part 8 - Verify that instant messaging works with Domino Web Access
1. Make sure that replication is complete, the Person documents exist on the Sametime server, and that the updated Web SSO document exists on all of the servers that will participate in single sign-on.. 2. If you have not already done so, follow the instructions in the IBM Lotus Sametime 7.5 Installation Guide to verify that instant messaging is working properly before you test whether it is working with Domino Web Access clients. 3. Launch Domino Web Access in a browser. In any view or document in which online awareness appears, click the Active status icon of the person you want to chat with to test the instant messaging connection. Note: If the instant messaging status does not appear next to the Welcome username text in Domino Web Access, check the users Person document in the Domino directory. If you configured the Sametime server by populating this document, make sure the Sametime server field is correct (Basics tab, under Real-Time Collaboration).
Setting up Secrets and Tokens authentication for instant messaging in Domino Web Access
If you want to use Secrets and Tokens authentication databases for your instant messaging security instead of IBM(R) Lotus(R) Domino(TM) Single Sign-On (SSO) Authentication, you must Create a one-time replica of the Tokens database on the IBM(R) Lotus(R) Domino(TM) Web Access server. When you do this, remember that file names are case sensitive on UNIX(R), so the Secrets database name must be entered exactly as STAuthS.nsf. To replicate STAuthS.nsf from the IBM(R) Sametime(R) server to the Domino server directory: 1. Using an IBM(R) Lotus(R) Notes(R) client, choose File - Application - Open. Enter the name of the Sametime server (for example, Sametime/Acme). Enter the Secrets database filename: STAuthS.nsf Click Open. Choose File - Replication - New Replica. Enter the name of the IBM(R) Lotus(R) Domino(TM) Web Access server (for example, iNotes/Acme) 7. Ensure that the database is replicated to the data directory: ...\domino\data\stauths.nsf. 8. Click OK to create the replica. 2. 3. 4. 5. 6. Note: After you have replicated stauths.nsf from your Sametime server to your Domino server, open the Replication Settings dialog box for the database, click Other, and check the Temporarily disable replication for this replica box. This will prevent another version of the database from a Microsoft(R) Windows(R) system from overwriting your name change (using uppercase and lowercase letters) for the UNIX(R) server.
80
Setting up Sametime and Domino Web Access in different domains

If you prefer to use Web single sign on (SSO) authentication, see the topic Setting up the Web SSO Configuration document for more than one Domino Domain. To set up a cross-domain configuration when the IBM(R) Lotus(R) Sametime(R) server and the IBM(R) Lotus(R) Domino(TM) Web Access server are located in different domains: 1. Cross certify both domains with each other. This step may be necessary only if the Sametime server uses Domino authentication instead of LDAP. 2. Configure Directory Assistance on the Sametime server as needed: v If Sametime uses native Domino authentication, then Directory Assistance must point to the Domino Web Access server, using the Notes protocol instead of LDAP. v If Sametime was installed to use LDAP, then Directory Assistance is configured automatically, and nothing further is necessary. 3. If you have set up single sign on (SSO), go to Step 4. If you do not have SSO set up, replicate STAuthS.nsf to the Domino Web Access Server (file name is case sensitive on UNIX(R) servers). 4. Create a server document for the Sametime server in the Domino Directory of the Domino Web Access server, completing the fields below: v Server name v Domain name v Fully qualified Internet host name v Is this a Sametime server? Another way to do this is to edit Configuration Settings document, Domino Web Access tab, and enter the Sametime server name in the in the field Set an instant messaging server hostname for all Domino Web Access users. If you use this setting, you do not need to complete Step 5. 5. Enter the Sametime server name in the Sametime Server field of each Domino Web Access users Person document. Note: If the Sametime server is configured using a port other than the default port, then the Fully Qualified Hostname field must contain hostname:port. For complete information on working with multiple Sametime servers, see the IBM Lotus Sametime 7.5 Administrators Guide, available on http://www.lotus.com/LDD/ doc.
Troubleshooting Sametime in Domino Web Access

If instant messaging icons do not display in IBM(R) Lotus(R) Domino(TM) Web Access mail and the Contact List, check the following: v The IBM Lotus Sametime(R) server is up running. To make sure stlinks is running normally, you can check the Sametime server directory \trace\stlinks.txt log file. v All the ST**** services are up running. Check the control panel - services; all ST**** services should be running when the Sametime server has fully started. If there are ST**** services not running, start STCommunity server first. If this service cannot be started, check the network connections and the Sametime server log file. v Make sure the \stlinks directory and the files are on both the Sametime server and application server directories.
81
v When you update the level of Sametime by installing a newer release of Sametime or applying a fix pack, it is possible that you will also need to update the stlinks files on your Domino Web Access server. Make sure you check the documentation that accompanies the Sametime update. v If you had previously customized the STLinks files and have recently upgraded either your Sametime server or your Domino Web Access server to a new version of Domino, the customized files may have been replaced. See the topic Customizing STLinks files for tunneling or Reverse Proxy servers. v Make sure the user has enabled Instant Messaging in Preferences. v Make sure the users Person document has been set up with the Sametime server names. v Use the http:// protocol only for the Sametime server. To identify the current Sametime server version: 1. Type the following URL: http://<Sametime server hostname>/stcenter.nsf if the Sametime server is running on a Microsoft(R) Windows(R) platform. To avoid case sensitive issues on other platforms, search for the file under <Sametime server directory>/stcenter.nsf and use the file name case as it shown there. 2. At the bottom of the page, click Administer the Server. 3. Login to Instant Messaging, and then click Help - About Sametime. Browser Address: The instant messaging integration features rely on the ability of the browser to directly communicate with the Sametime server. This means that the fully-qualified Internet hostname of the Sametime server must be resolvable from the browser (for example, the fully qualified Internet hostname for a Domino server named IM/Acme might be im.acme.com). Therefore, either DNS must be able to resolve this address or it must be resolved to the proper IP address by some other mechanism (such as editing of the local operating systems hosts file).
Using the Domino Server Setup program

The following procedures describe the ways you can use the Server Setup program. v Use the Server Setup program on the server you are setting up v Use the Server Setup program from a client system or from another server v Create a setup profile by recording your choices during the Server Setup program v Use a setup profile to set up multiple servers with the same requirements v Use a setup profile without viewing the setup screens (silent setup) v Using automatic server setup on Linux on zSeries and on UNIX
Indic language support in the Domino Server Setup program

You can change both the font and the alphabet that displays when you enter text in a field on a Server Setup program screen. Normally, the alphabet that displays is that of the default language. The Domino Server Setup program supports the following alphabets: Bengali
82
Devanagari Gujarati Gurmukhi Kannada Malayalam Oriya Tamil Telugu
To change the font

Note: Changing the font is required for the Devanagari alphabet, as the default font does not work with it. 1. Start the setup program by starting the Domino server. 2. On the Welcome screen, click Font. 3. Select a font that will work with the alphabet you plan to use. 4. To select an alphabet different from that of the default language, see the following procedure.
To change the alphabet

Changing the alphabet is supported for the Microsoft(R) Windows(R), IBM(R) AIX(R), and Linux(R) operating systems only. 1. Start the setup program by starting the Domino server. 2. Right-mouse click on the title bar of the screen in which you want to enter text that uses an alphabet different than that of the default language. 3. Select Select Input Method. 4. Select the alphabet that you want to use. 5. Enter text in one or more fields on the screen. Note: Clicking Next to go to the next screen restores the alphabet to that of the default language. Repeat the preceding procedure for each screen on which you want to use a different alphabet.
Using the Domino Server Setup program locally

After installing the IBM(R) Lotus(R) Domino(TM) server program files on a server, you can run the Domino Server Setup program locally by starting the server. The Server Setup program asks a series of questions and guides you through the setup process. Online Help is available during the process. Note: During server setup, you can use an existing certifier ID instead of creating a new one. The certifier ID that you specify cannot have multiple passwords assigned to it. Attempting to use a certifier ID with multiple passwords generates an error message and causes server setup to halt. If you are using Linux(R) on zSeries, you cannot use the Domino Server Setup program locally. You must use the Domino Server Setup program remotely, as described in the next section.
83
Note: Before running any Domino setup command, be sure to complete any pending reboot actions you may have from installing other applications.
Using the Domino Server Setup program remotely

After you install the program files for an IBM(R) Lotus(R) Domino(TM) server on a system, you can use either a Microsoft(R) Windows(R) client system or another Domino server to run the Server Setup program remotely. Running the Server Setup program from a Windows client is easier if the client has Domino Administrator installed -- to run the program from a client without Domino Administrator, you need the Java(TM) runtime environment plus some files from the program directory of an installed Domino server. Note: During server setup, you can use an existing certifier ID instead of creating a new one. The certifier ID that you specify cannot have multiple passwords assigned to it. Attempting to user a certifier ID with multiple passwords generates an error message and causes server setup to halt. For more information, see the topic Entering system commands correctly earlier in this chapter.
To run the Server Setup program from a Windows client with Domino Administrator
Note: Before running any Domino setup command, be sure to complete any pending reboot actions you may have from installing other applications. 1. Make sure that you: v Selected Remote Server Setup when you installed Domino Administrator on the client system (on the Windows desktop, choose Start - Programs Lotus Applications and see if Remote Server Setup appears in the list) v Know the host name or network address of the remote system 2. Install the Domino server program files on a server system, but do not run the Domino Server Setup program. 3. At the command prompt on the server system, from the Domino program directory, do one of the following: v On a Microsoft(R) Windows(R) server, enter
nserver -listen
v On a UNIX(R) server, enter

server -listen
4. On the client system, choose Start - Programs - Lotus Applications - Remote Server Setup. 5. In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to the remote server. 6. Enter the host name or network address of the remote server. 7. Click OK to start the Domino Server Setup program.
To run the Server Setup program from a Windows client without Domino Administrator, or from a UNIX workstation
Note: Before running any Domino setup command, be sure to complete any pending reboot actions you may have from installing other applications. 1. Make sure that you know the host name or network address of the remote system.
84
2. Install the Domino server program files on a server system, but do not run the Domino Server Setup program. 3. At the command prompt on the server, from the Domino program directory, do one of the following: v On a UNIX server, enter
/lotus/bin/server -listen
v On a Windows server, enter

nserver -listen
4. On the client system, install the Java(TM) runtime environment. 5. Create a temporary directory on the client system. For example, enter the following at the command prompt: v On a Windows client:
mkdir c:\temp
v On a UNIX workstation:
mkdir /temp
6. Do one of the following: v From a Windows client, copy the remote setup files CFGDOMSERVER.JAR, JHALL.JAR, and REMOTESETUP.CMD from the server to the directory you created on the client system. These files are in C:\Domino program directory on the server. v From a UNIX workstation, copy the remote setup files CFGDOMSERVER.JAR, JHALL.JAR, and REMOTESETUP from the server to the directory you created on the workstation. These files are in /Domino program directory/lotus/notes/latest/ibmpow/ on an IBM(R) AIX(R) server, /Domino program directory/lotus/notes/latest/zlinux/ on a Linux(R) on zSeries server, /Domino program directory/lotus/notes/latest/linux/ on a Linux server, and /Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server. Note: Linux on zSeries and z/OS ship tar files on the cd which contain all the files needed for remote server setup. v On Linux on zSeries -- ZLINUX_CLIENT.TAR 7. v On z/OS -- ZOS_CLIENT.TAR At the command prompt on the client system, from the directory you created, do one of the following: v On a Windows client, enter remotesetup.cmd v On a UNIX workstation, enter remotesetup In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to the remote server. Enter the host name or network address of the remote server. Click OK to start the Domino Server Setup program.
8. 9. 10.
To run the Server Setup program from another server system

1. Install the IBM(R) Lotus(R) Domino(TM) server program files on both server systems, but do not run the Domino Server Setup program. 2. Make sure that you know the host name or network address of the remote system. 3. At the command prompt on the local server system, from the Domino program directory, do one of the following: v On a Microsoft(R) Windows(R) server, enter
85
nserver -listen

server -listen
4. Do one of the following: v On a Windows server, enter

nserver -remote
v On a UNIX server, enter

server -remote
Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so that the setup program is directed to a workstation supporting X-Window. Tip: Entering nserver -help or server -help displays all parameters available for working with remote server setups. 5. In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to the remote server. 6. Enter the host name or network address of the remote server. 7. Click OK to start the Domino Server Setup program.
Creating a server setup profile

A server setup profile is a file that you use to quickly configure servers. To create a server setup profile, you run the Server Setup program in record mode, either at the server you are setting up or from a Microsoft(R) Windows(R) client. Creating a server setup profile from a Windows client is easier if the client has the IBM(R) Lotus(R) Domino(TM) Administrator installed -- to create a profile from a client without Domino Administrator, you need the Jav(R)a runtime environment plus some files from the program directory of an installed Domino server. For more information, see the topic Entering system commands correctly earlier in this chapter.
To create a setup profile at a server

1. Install the Domino server program files on the server system, but do not run the Domino Server Setup program. 2. At the command prompt on the server, from the Domino program directory, do one of the following: v On a Microsoft Windows(R) server, enter
nserver -record

server -record
Note: For Linux(R) on zSeries and z/OS, set the DISPLAY environment variable so that the setup program is directed to a workstation supporting X-Window. Tip: Entering nserver -help or server -help displays the parameters available for working with server setup profiles. 3. Enter a name and description for the profile. 4. Continue through the setup program. Domino saves your selections in a file with the name you specified in Step 3. By default this file is created in the Domino program directory.
86
To create a setup profile from a Windows client with Domino Administrator

1. Make sure that you selected Remote Server Setup when you installed Domino Administrator on the client system. 2. Install the Domino server program files on the server system, but do not run the Domino Server Setup program. 3. At the command prompt on the client system, from the IBM(R) Lotus(R) Notes(R) program directory, enter
serversetup -record
4. Enter a name and description for the profile. 5. Continue through the setup program. Domino saves your selections in a file with the name you specified in Step 4 and stores the file in the Notes program directory on the client system.
To create a setup profile from a Windows client without Domino Administrator or from a UNIX workstation
1. Install the Domino server program files on the server system, but do not run the Domino Server Setup program. 2. On the client system, install the Java(TM) runtime environment. 3. Create a temporary directory on the client system. For example, enter the following at the command prompt: v On a Microsoft(R) Windows(R) client:
mkdir c:\temp
v On a UNIX(R) workstation:
mkdir /temp
4. Do one of the following: v From a Windows client, copy the remote setup files CFGDOMSERVER.JAR, JHALL.JAR, and REMOTESETUP.CMD from the server to the directory you created on the client system. These files are in C:\Domino program directory on the server. v From a UNIX workstation, copy the remote setup files CFGDOMSERVER.JAR, JHALL.JAR, and REMOTESETUP from the server to the directory you created on the workstation. These files are in /Domino program directory/lotus/notes/latest/ibmpow/ on an IBM(R) AIX(R) server, /Domino program directory/lotus/notes/latest/zlinux/ on a Linux on zSeries server, /Domino program directory/lotus/notes/latest/linux/ on a Linux server, and /Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server. Note: Linux on zSeries and z/OS ship tar files on the CD that contains the files needed for remote server setup. v On Linux on zSeries -- ZLINUX_CLIENT.TAR v On z/OS -- ZOS_CLIENT.TAR 5. At the command prompt on the client system, from the directory you created, enter:
remotesetup -record
Note: For Linux on zSeries and z/OS, Set the DISPLAY environment variable so that the setup program is directed to a workstation supporting X-Window. 6. Enter a name and description for the profile. 7. Continue through the setup program.
87
Domino saves your selections in a file with the name you specified in Step 6 and stores the file in the client-system directory that you created in Step 3.
Using a server setup profile

You can use a server setup profile at the server you are setting up or from a client system. Using a server setup profile from a Microsoft(R) Windows(R) client is easier if the client has the IBM(R) Lotus(R) Domino(TM) Administrator installed -to use a profile from a Windows or UNIX(R) client without Domino Administrator, you need the Java(TM) runtime environment plus some files from the program directory of an installed Domino server. When you use a setup profile, you choose whether or not to view the setup screens as you run the profile. Running a profile without viewing the screens is sometimes referred to as a silent setup. For more information, see the topic Entering system commands correctly earlier in this chapter.
To use a setup profile at the server

1. Install the Domino server program files on a server system, but do not run the Domino Server Setup program. 2. At the command prompt on the server, from the Domino program directory, do one of the following: v On a Microsoft(R) Windows(R) server, enter
nserver -playback

server -playback
Tip: Entering nserver -help or server -help displays the parameters available for working with server setup profiles. 3. Choose the profile to use. If you dont see the profile you want in the list, click Browse to locate the directory that contains the profile. 4. To change the existing profile, select Modify selected profile. Click OK to start the server setup.
To use a setup profile from a Windows client with Domino Administrator

1. Make sure that you selected Remote Server Setup when you installed Domino Administrator on the client system. 2. Install the Domino server program files on a server system, but do not run the Domino Server Setup program. 3. At the command prompt on the server system, from the Domino program directory, do one of the following: v On a Microsoft(R) Windows(R) server, enter
nserver -listen

server -listen
4. At the command prompt on the Windows client, from the Notes program directory, enter:
serversetup -playback
5. In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to the server.
88
6. Enter the host name or network address of the server. 7. Click OK. 8. Choose the profile to use. If you dont see the profile you want in the list, click Browse to locate the directory that contains the profile. 9. To change the existing profile instead of running it to set up a new server, select Modify selected profile. 10. Click OK to start the server setup.
To use a setup profile from a Windows client without Domino Administrator or from a UNIX workstation
1. Install the Domino server program files on a server system, but do not run the Domino Server Setup program. 2. At the command prompt on the server system, from the Domino program directory, do one of the following: v On a Windows server, enter
nserver -listen

server -listen
3. On the client system, install the Java runtime environment. 4. Create a temporary directory on the client system. For example, enter the following at the command prompt: v On a Windows client:
mkdir c:\temp
mkdir /temp
5. Do one of the following: v From a Windows client, copy the remote setup files CFGDOMSERVER.JAR, JHALL.JAR, and REMOTESETUP.CMD from the server to the directory you created on the client system. These files are in C:\Domino program directory on the server. v From a UNIX workstation, copy the remote setup files CFGDOMSERVER.JAR, JHALL.JAR, and REMOTESETUP from the server to the directory you created on the workstation. These files are in /Domino program directory/lotus/notes/latest/ibmpow/ on an IBM(R) AIX(R) server, /Domino program directory/lotus/notes/latest/zlinux/ on a Linux(R) on zSeries server, /Domino program directory/lotus/notes/latest/linux/ on a Linux server, and /Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server. Note: Linux on zSeries and z/OS ship tar files on the CD that contains the files needed for remote server setup. v On Linux on zSeries -- ZLINUX_CLIENT.TAR v On z/OS -- ZOS_CLIENT.TAR 6. At the command prompt on the client system, from the directory you created, enter:
remotesetup -playback
Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so that the setup program is directed to a workstation supporting X-Window. 7. In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to the server.
89
8. Enter the host name or network address of the server. 9. Click OK. 10. Choose the profile to use. If you dont see the profile you want in the list, click Browse to locate the directory that contains the profile. To change the existing profile, select Modify selected profile. 11. Click OK to start the server setup.
Using silent server setup

A silent setup is one in which you do not view the setup screens as you run the server setup profile. You can do a silent setup at the server you are setting up or from a client system. Doing a silent setup from a Microsoft(R) Windows(R) client is easier if the client has the IBM(R) Lotus(R) Domino(TM) Administrator installed -to do a silent setup from a Windows(R) or UNIX(R) client without Domino Administrator, you need the Java(TM) runtime environment plus some files from the program directory of an installed Domino server. Tip: When doing a silent setup, display a progress bar (Windows) or have percent-complete written to the command line (UNIX) by adding the -pb parameter to the end of the command. For more information, see the topic Entering system commands correctly earlier in this chapter.
To do a silent setup at the server

Note: Before running any Domino setup command, be sure to complete any pending reboot actions you may have from installing other applications. 1. Install the Domino server program files on a server system, but do not run the Domino Server Setup program. 2. At the command prompt on the server, from the Domino program directory, do one of the following: v On a Windows server, enter
nserver -silent c:\myprofile.pds

server -silent /myprofile.pds
where myprofile is the name you gave to the profile file. Note: If the profile file is not in the root directory, use the profiles full path in the command. Tip: Entering nserver -help or server -help displays the parameters available for working with server setup profiles. 3. If the profile uses existing server, certifier, or administrator IDs that require passwords, do the following: a. Create a text file that contains the passwords for the existing IDs. The keywords in this are: Server= AddServer= Certifier= OUCertifier= Administrator=
90
b. Add a parameter in the command line for the name of the password file. For example, on Windows enter:
nserver -silent c:\myprofile.pds c:\passwd.txt
4. If this is a partitioned server setup, add the = parameter to the command line to specify the NOTES.INI file in this partitions Domino data directory. For example, on Windows enter:
nserver -silent c:\myprofile.pds =c:\lotus\domino\data2\notes.ini
5. Check the ERRORLOG.TXT file in the Domino data directory to confirm that the setup is complete, or to view any error messages that were generated during setup.
To do a silent setup from a Windows client with Domino Administrator

1. Make sure that you selected Remote Server Setup when you installed Domino Administrator on the client system. 2. Install the Domino server program files on a server system, but do not run the Domino Server Setup program. 3. At the command prompt on the server system, from the Domino program directory, do one of the following: v On a Windows server, enter
nserver -listen

server -listen
4. At the command prompt on the client system, from the IBM Lotus Notes program directory, enter:
serversetup -silent c:\myprofile.pds -remote serveraddress
Where myprofile is the name you gave the setup profile and serveraddress is the host name or network address of the server you are setting up. Note: If the profile file is not in the root directory, use the profiles full path in the command. 5. If the profile uses existing server, certifier, or administrator IDs that require passwords, do the following: a. Create a text file that contains the passwords for the existing IDs. The keywords in this are: Server= AddServer= Certifier= OUCertifier= Administrator= b. Add a parameter in the command line for the name of the password file. For example, on Windows enter:
serversetup -silent c:\myprofile.pds c:\passwd.txt -remote serveraddress
6. If this is a partitioned server setup, add the = parameter to the command line to specify the NOTES.INI file in this partitions Domino data directory. For example, on Windows enter:
serversetup -silent c:\myprofile.pds -remote serveraddress =c:\lotus\domino\data2\notes.ini
91
7. Check the ERRORLOG.TXT file in the Notes data directory to confirm that the setup is complete, or to view any error messages that were generated during setup.
To do a silent setup from a Windows client without Domino Administrator or from a UNIX workstation
1. Install the IBM(R) Lotus(R) Domino(TM) server program files on a server system, but do not run the Domino Server Setup program. 2. At the command prompt on the server system, from the Domino program directory, do one of the following: v On a Windows server, enter
nserver -listen

server -listen
Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so that the setup program is directed to a workstation supporting X-Window. 3. On the client system, install the Java runtime environment. 4. Create a temporary directory on the client system. For example, enter the following at the command prompt: v On a Windows client:
mkdir c:\temp
mkdir /temp
5. Do one of the following: v From a Windows client, copy the remote setup files CFGDOMSERVER.JAR, JHALL.JAR, and REMOTESETUP.CMD from the server to the directory you created on the client system. These files are in C:\Domino program directory on the server. v From a UNIX workstation, copy the remote setup files CFGDOMSERVER.JAR, JHALL.JAR, and REMOTESETUP from the server to the directory you created on the workstation. These files are in /Domino program directory/lotus/notes/latest/ibmpow/ on an IBM(R) AIX(R) server, /Domino program directory/lotus/notes/latest/zlinux/ on a Linux on zSeries server, /Domino program directory/lotus/notes/latest/linux/ on a Linux server, and /Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server. Note: Linux on zSeries and z/OS ship tar files on the CD that contains the files needed for remote server setup. v On Linux on zSeries -- ZLINUX_CLIENT.TAR v On z/OS -- ZOS_CLIENT.TAR 6. At the command prompt on the client system, from the IBM Lotus Notes program directory, enter:
remotesetup -silent c:\myprofile.pds-remote serveraddress
Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so that the setup program is directed to a workstation supporting X-Window. Where myprofile is the name you gave the setup profile and serveraddress is the host name or network address of the server you are setting up. Note: If the profile file is not in the root directory, use the profiles full path in the command.
92
7. If the profile uses existing server, certifier, or administrator IDs that require passwords, do the following: a. Create a text file that contains the passwords for the existing IDs. The keywords in this are: Server= AddServer= Certifier= OUCertifier= Administrator= b. Add a parameter in the command line for the name of the password file. For example, on Windows enter: remotesetup -silent c:\myprofile.pds c:\passwd.txt -remote serveraddress 8. If this is a partitioned server setup, add the = parameter to the command line to specify the NOTES.INI file in this partitions Domino data directory. For example, on Windows enter:
remotesetup -silent c:\myprofile.pds -remote serveraddress =c:\lotus\domino\data2\notes.ini
9. Check the ERRORLOG.TXT file to confirm that the setup is complete, or to view any error messages that were generated during setup.
Using automatic server setup on Linux on zSeries and on UNIX

Automatic server setup is a UNIX(R) and Linux(R) on zSeries feature for single local IBM(R) Lotus(R) Domino(TM) servers. When automatic server setup is used for new server installations, server setup runs automatically after the server installation is complete. For server upgrades, the server is restarted automatically after the installation is complete. Automatic server setup does not apply to partitioned servers or to remote servers. By default, server setup is set to manual so that the server setup does not automatically run for new server installs, and server restart does not automatically run for server upgrades. You can enable this feature from the script file containing all of the user configuration parameters for UNIX script installation. In the UNIX kit directory, the sample script file is SCRIPT.DAT. Note: Before running any IBM(R) Lotus(R) Domino(TM) setup command, be sure to complete any pending reboot actions you may have from installing other applications.
Enabling automatic server setup from the script file

To enable the automatic server setup feature from the script file, complete the following steps. 1. Open your script file. 2. Locate the variable, start_server_setup = Note: The default is start_server_setup = 0, which is the manual setting. When the manual setting (0) is active, you must manually initiate the server setup or server restart. 3. Enter one of these values according to when you want automatic setup to run:
93
v 0 -- To disable automatic server setup and enable manual setup. You have to manually start the server after a new server installation or restart the server after an upgrade when you use this setting. v 1 -- To automatically launch server setup after installation or to automatically restart the server after a server upgrade. Note: For Linux(R) on zSeries and z/OS, set the DISPLAY environment variable so that the setup program is directed to a workstation supporting X-Window. When the Install program starts, it asks for the password of the ID that owns the Notes data directory. v 2 -- To automatically launch server setup in listen mode after installing a new server. You can then connect to the server using the Remote Server Setup tool. To automatically restart the server after installing a server upgrade. Note: When the Install program starts on a Linux on zSeries system, the program asks for the password of the ID that owns the Notes data directory.
Enabling automatic server setup from the user interface

To enable the automatic server setup feature from the UNIX or Linux on zSeries user interface, complete the following steps. 1. Locate the option Select server setup method. Note: The default is Manual Server Setup. When the manual setting (0) is active, you must manually initiate the server setup or server restart. 2. Press the Spacebar until you see the setting you want to use. You can use one of the following settings: v Local Server Setup -- To automatically launch server setup after installation or to automatically restart the server after a server upgrade. Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so that the setup program is directed to a workstation supporting X-Window. When the Install program starts, it asks for the password of the ID that owns the IBM Lotus Notes data directory. v Remote Server Setup -- To automatically launch server setup in listen mode after installing a new server. You can then connect to the server using the Remote Server Setup tool. To automatically restart the server after a server upgrade. Note: When the Install program starts on a Linux on zSeries system, the program asks for the password of the ID that owns the Notes data directory. v Manual Server Setup -- To disable automatic server setup and enable manual setup. You have to manually start the server after a new server installation or restart the server after an upgrade when you use this setting. 3. Press Tab to accept the setting.
The Certification Log

When you set up the first IBM(R) Lotus(R) Domino(TM) server in a domain, the Server Setup program creates the Certification Log. If you delete the log, you can recreate it, but be aware that the new log will not contain the information it previously stored.
94
The Certification log records information related to recertification and name changes. When you add servers and users to Domino, the Certification Log maintains a record of how you registered them. For each registered server and user, the Certification Log stores a document containing the following information: v Name and license type v Date of certification and expiration v Name, license type, and ID number of the certifier ID used to create or recertify the ID Create a replica of the Certification Log on every server that is a registration server and on every server that stores a Domino Directory that is used for user management -- for example, renaming and recertifying users. If the server whose Domino Directory replica you are using does not have a Certification Log, user-management actions will fail.
Server registration
Before you install and set up additional servers, you must register them. In effect, registering a server adds the server to the system. The server registration process creates a Server document for the server in the IBM(R) Lotus(R) Domino(TM) Directory and creates a server ID. After registering and installing a server, you use the Server Setup program to obtain a copy of the Domino Directory for the new server and to set up the server to run particular services and tasks -- for example, the HTTP service, the Mail Router, and so on. The server registration user interface automatically removes leading spaces and trailing spaces from passwords. Passwords cannot begin or end with a space. This also applies to certifier registration and user registration. Note: When setting up an additional server, obtaining the Domino Directory from the registration server via dialup over a modem is possible for Microsoft(R) Windows(R) systems only. For other operating systems, the additional server must be on the network in order to communicate with the registration server. Before you register servers, plan and understand your companys hierarchical name scheme. The name scheme defines which certifier ID to use when you register each new server. In addition, make sure that you have access to each certifier ID, know its password, and have created ID recovery information for it. If you have decided to use the IBM(R) Lotus(R) Domino(TM) server-based certification authority (CA), you can register servers without access to the certifier ID file and its password. For more information on the hierarchical name scheme, see the chapter Deploying Domino. For information on ID recovery, see the chapter Protecting and Managing Notes IDs. For more information on using the Domino server-based CA, see the chapter Setting Up a Domino Server-based Certification Authority. The registration server, which is the server that initially stores changes to documents in the Domino Directory until the Domino Directory replicates with other servers, must be up and running on the network. To register servers from your workstation, you must have access to the registration server and have at least Author access with the Server Creator and Group Modifier roles in the ACL of the Domino Directory.
95
When you register a server, Domino does the following: v Creates a server ID for the new server and certifies it with the certifier ID v Creates a Server document for the new server in the Domino Directory v Encrypts and attaches the server ID to the Server document and saves the ID on a disk or in a file on the server v Adds the server name to the LocalDomainServers group in the Domino Directory v Creates an entry for the new server in the Certification Log (CERTLOG.NSF) If you have a Domino server-based CA for issuing Internet certificates, you can choose to configure the new server to support SSL connections by providing a server key ring password and the servers host name. Then, Domino does the following: v The registration process creates a certificate request in the Administration Requests database (ADMIN4.NSF) to be processed by the servers Internet CA v The registration process creates a create SSL key ring request in ADMIN4.NSF v Once you set up and start the new server and the create SSL keying request has replicated to it, the create SSL key ring request creates the server key ring file and an enable SSL ports request for the administration server of the Domino Directory v The enable SSL ports request enables all the SSL ports on the new server and creates a monitor SSL status request for the new server v The monitor SSL status request restarts all of the Internet tasks currently running on the new server so that the tasks will accept SSL connections Note: You must use the Domino Administrator if you want to use this server registration process to configure a new server for SSL. For more information on these requests, see the appendix Administration Process Requests.
Registering a server
Note: If you have not specified a registration server in Administration Preferences, this server is by default: v The server specified in the NewUserServer setting in the NOTES.INI file v The Administration server 1. If you are supplying the certifier ID, make sure that you have access to it and that you know its password. 2. If you are using the IBM(R) Lotus(R) Domino(TM) Administrator and would like the new server to support SSL, make sure that you have an Internet CA configured. 3. From the Domino Administrator or Web Administrator, click the Configuration tab. 4. From the Tools pane, click Registration - Server. 5. If you are using the Domino Administrator, do the following: a. If you are using the CA process, click Server and select a server that includes the Domino Directory that contains the Certificate Authority records, and the copy of the Administration Requests database
96
(ADMIN4.NSF) that will be updated with the request for the new certificate. Then click Use the CA Process, select a CA-configured certifier from the list, and click OK. b. If you are supplying the certifier ID, select the registration server. Then click Certifier ID and locate the certifier ID file. Click OK, enter the password for the certifier ID, and click OK. c. In the Register Servers dialog box, click Continue if you want to apply the current settings to all servers registered in this registration session; otherwise, complete these fields:
Field Registration Server Certifier Action Click Registration to specify the registration server. If the certifier ID displayed is NOT the one you want to use for all servers registered in this session, or if you want to use the Domino server-based CA instead of a certifier ID, click Certifier and you return to Step 4. The public key specification that you use impacts when key rollover is triggered. Key rollover is the process used to update the set of Notes public and private keys that is stored in user and server ID files. Choose one: v Compatible with all releases (630 bits) v Compatible with Release 6 and later (1024 bits) Note: For information about the significance of the public key specification and key rollover, see the topic User and server key rollover. License type Choose either North American (default) or International. In practice, there is no difference between a North American and an International ID type. (Optional) To change the expiration date of the Server Certificate, enter the date in mm-dd-yyyy format in the Certificate Expiration Date box. The default date is 100 years from the current date, minus allowances for leap years.
Public key specification
Expiration date
Certificate Authority If you want the server to support SSL, select an Internet CA from the list.
d. Click Continue. 6. If you are using the Web Administrator, do the following: a. Select a registration server that includes the Domino Directory that contains the Certificate Authority records, and the copy of the Administration Requests database (ADMIN4.NSF) that will be updated with the request for the new certificate. b. Select a CA-configured certifier from the list, and click OK. 7. In the Register New Server(s) dialog box, complete these fields for each server that you want to register:
Field Server name Server title Action Enter the name of the new server. Enter the server title, which appears on the Configuration tab in the All Server Documents view and in the Server Title field of the Server document.
97
Field Domino domain name
Action The default domain name is usually the same as the name of the organization certifier ID.
Server administrator Enter the name of the person who administers the server. name ID file password Required if you are going to store the server ID in the Domino Directory. Optional if you store the server ID in a file. The password is case-sensitive and characters you use will depend on the level you set in the Password quality scale. Password Options Click Password Options. Specify a password quality scale by choosing the level of complexity for the password. By default, the level is 0, where 16 is the highest. Click OK. v Select In Domino Directory to store the server ID in the Domino Directory. v Select In File to store the server ID file in a file. Then click Set ID File, select the name and path for the file, and click Save. Note: You dont see this field from the Web Administrator, as the server ID is stored in the Domino Directory.
Location for storing server ID
8. (Domino Administrator only) If you chose an Internet CA in the Register Servers dialog box and you want the server to support SSL connections, click Advanced, select Enable SSL ports, and complete the following fields: v Server key ring password -- Enter a password for the server key ring v Server host name -- Enter the fully qualified domain name of the server, for example, app01.acme.com 9. Do one: v Click the green check box to add the server to the registration queue. v Click the red X to clear the fields. 10. The server registration queue displays the servers ready to be registered. To display the settings for a server, select the server name in the queue. 11. Click one: v New Server -- To clear fields in the Register New Server(s) dialog box v Register All -- To register all servers in the registration queue v Register -- To register the highlighted server in the registration queue v Remove -- To remove the highlighted server from the registration queue v Done -- To close the Register Server(s) dialog box. Any servers remaining in the registration queue will not be registered. 12. After you register a server, install it and then run the Server Setup program to configure it.
Optional tasks to perform after server setup

After running the Server Setup program, you may want to perform one or more of the following tasks, depending on the needs of your company: v Create an additional organization certifier ID. v Create an organizational unit certifier ID. v Use Internet Site documents to configure Internet protocol server tasks:
98
Enable the Internet Sites view Create an Internet Site document Set up security for Internet Site documents
Creating an additional organization certifier ID

When you set up the first server in a domain, you create an organization certifier. If your hierarchical name scheme calls for having multiple organizations but only one Domino Directory, you must create an additional organization certifier ID. For more information on organization certifier IDs, see the chapter Deploying Domino. 1. From the IBM(R) Lotus(R) Domino(TM) Administrator, click the Configuration tab. 2. From the Tools pane, choose Registration - Organization. 3. (Optional) To change the registration server, which is the server that initially stores the Certifier document until the Domino Directory replicates, click Registration Server, select the correct server, and then click OK. If you have not specified a registration server in Administration Preferences, the registration server is by default: v The local server, if there is one and it contains a Domino Directory v The server specified in the NewUserServer setting in the NOTES.INI file v The Administration server 4. (Optional) Click Set ID file to change the location where Domino stores the certifier ID. Be sure to keep the certifier ID file in a secure place so that it is readily accessible to register new servers and users, but safe from misuse. By default, the certifier ID is stored in C:\. 5. Complete these fields:
Field Organization name Action Enter the name of the organization. Enter a name different from the one used on the organization certifier ID created when you set up the first Domino server. (Optional) Adding an organizational country or region code for the country or region where the organizations corporate headquarters are located minimizes the chance that another organization has the same organization name as yours. Enter the country or region code only if you have registered your organization name with a national or international standards body. For multinational companies, you can enter a country or region in which the company has offices, as long as the organization name is registered there. Enter a case-sensitive password for the certifier. The characters you use for this password depend on the level set in the Password quality scale field. Choose the level of complexity for the password. By default, the level is 8, where 16 is the highest. Choose either North American (default) or International. In practice, there is no difference between a North American and an International ID type. Enter the name of the administrator who handles recertification requests. The name specified here appears in the Certifier document in the Domino Directory. If you are creating a certifier ID for an off-site administrator, enter that administrators name in this field.
Country code
Certifier password
Password quality scale Security type
Mail certification requests to (Administrator)
99
Field Location Comment
Action (Optional) Enter text that appears in the Location field of the Certifier document. (Optional ) Enter text that appears in the Comment field of the Certifier document.
6. Click Register.
Creating an organizational unit certifier ID

You can create up to four levels of organizational unit (OU) certifiers. To create first-level OU certifier IDs, you use the organization certifier ID. To create second-level OU certifier IDs, you use the first-level OU certifier IDs, and so on. For background information on OU certifier IDs, see the chapter Deploying Domino. For background information on OU certifier IDs, see the topic Certifier IDs and certificates. Note: The registration server is the server that initially stores the Certifier document until the Domino Directory replicates. If you have not specified a registration server in Administration Preferences, the registration server is by default: v The local server if there is one and it contains a Domino Directory v The server specified in NewUserServer setting of NOTES.INI v The Administration server
To create an organizational unit certifier ID

1. From the IBM(R) Lotus(R) Domino(TM) Administrator, click the Configuration tab. 2. From the Tools pane, select Registration - Organizational Unit. 3. (Optional) To change the registration server, click Registration Server, select the correct server, and then click OK. 4. Do one: v Select Supply certifier ID and password. Click Certifier ID, select the certifier ID, click Open, and click OK. Enter the ID password, and click OK. v Select Use the CA Process and then choose a CA certifier from the list. 5. Click OK. If you are supplying the certifier ID, enter its password and click OK. 6. (Optional) To change the registration server, click Registration Server, select the correct server, and then click OK. 7. (Optional) To change which certifier ID to use to register the new certifier ID: a. Click Certifier ID. b. Select the certifier ID, click Open, and click OK. c. Enter the ID password and click OK. 8. (Optional) Click Set ID File if you want to change the location where Domino stores the certifier ID. Be sure to keep the certifier ID file in a secure place so that it is readily accessible to register new servers and users, but safe from misuse. By default the ID is stored in C:\.
100
9. Complete these fields:

Field Organizational Unit Certifier password Action Enter a name for the new organizational unit. Enter a case-sensitive password for the certifier. The characters you use for this password depend on the level set in the Password quality scale field. Choose the level of complexity for the password. By default, the level is 8, where 16 is the highest. Choose either North American (default) or International. In practice, there is no difference between a North American and an International ID type. Enter the name of the administrator who handles recertification requests. The name specified here appears in the Certifier document in the Domino Directory. If you are creating a certifier ID for an off-site administrator, enter that administrators name in this field. (Optional) Enter text that appears in the Location field of the Certifier document. (Optional) Enter text that appears in the Comment field of the Certifier document.
Password quality scale Security type
Mail certification requests to (Administrator) Location Comment
10. Click Register.
Internet Site documents

Internet Site documents are used to configure the Internet protocols supported by IBM(R) Lotus(R) Domino(TM) servers. A separate Internet Site document is created for each protocol -- Web (HTTP), IMAP, POP3, SMTP Inbound, LDAP, and IIOP -which is then used to provide protocol configuration information for a single server, or for multiple servers in a Domino organization. Specifically, you can create: v Web Site documents. You create a Web site document for each Web site hosted on the Domino server. v LDAP Site documents. You create an LDAP site document for LDAP protocol access to an organization in a directory. v IMAP, POP3, and SMTP Site documents. You create an individual Internet Site document for each mail protocol for which you enter an IP address. v IIOP Site documents. You create an IIOP Site document to enable the Domino IIOP (DIIOP) task on the server. This task allows Domino and the browser client to use the Domino Object Request Broker (ORB) server program. Internet Site documents make it easier for administrators to configure and manage Internet protocols in their organizations. For example, prior to Domino 6, if you wanted to set up a Web site in your organization, it was necessary to configure each Domino server in the domain with Mapping documents, Web realms, and File Protection documents. If you had virtual servers and virtual hosts, you had to do the same thing for them. In Domino 6, you can configure a Web Site document so that all servers and hosts use it to get configuration information for a Web site, including mapping information, file protection information, and Web realm authentication information. You must use Internet Site documents if you: v Want to use Web-based Distributed Authoring and Versioning (WebDAV) on a Domino Web server.
101
v Have enabled SSL on your server and want to use Certificate Revocation Lists to check the validity of Internet certificates used to authenticate with the server. v Are using a service provider configuration on your server (see For service providers only below). The Domino server is configured to use Internet Site documents if the option Load Internet configurations from Server\Internet Sites documents is enabled on the Basics tab on Server document. If the option is not enabled, the server defaults to Server document settings to obtain configuration information for Internet protocols. Internet Site documents are designed to be used as follows: v For any incoming connection, Internet Site documents, Certifier documents and Global Domain documents are used to determine which organization (certifier) is associated with the target IP address. In a Domino configuration, all incoming IP addresses usually map to the top level certifier. v For a specific organization and a specific protocol and a specific server, the Internet Site document is used to determine which authentication controls are to be applied. When you enter a Host name or IP address in an Internet Site document, you do not gain control over which authentication controls are applied according to the IP address the user connects to. Instead, the first Internet Site document located for the server and the organization is used. As a result, except for Web Site documents, you should have only one Internet Site document for each organization, protocol, and server combination. For example, do not do the following: Server A has two IP addresses and you create the following two Internet Site documents for POP3: v One Internet Site document for one IP address with no SSL allowed v One Internet Site document for another IP address, with SSL allowed. The IP address is used to determine the organization and both Internet Site documents apply to the same organization. The first Internet Site document that matches the server and the organization is used, in this case, the Internet Site document that does not allow SSL. Modifications to Internet Site documents (including the creation of new Site documents) are dynamic. The server or protocol does not need to be restarted after you create a new Site document, or after you modify or delete an existing one. Changes generally take effect minutes after the change is made. Internet Site documents are created in the Internet Sites view, which is used to help manage Internet protocol configuration information by listing the configured Internet Site documents for each organization in the domain. CAUTION: If you use an Internet site document to configure one Internet protocol on a server, you must also use Internet site documents for all Internet protocols on that server. For example, you cannot set up an LDAP Internet Site document and, on the same server, use the Server document to configure HTTP.
102
While most protocol settings are configured in Internet Site documents, there are some settings that need to be configured in the Server document to support Internet protocol configurations. These include settings for: v Enabling and configuring the TCP/IP port. v Enabling and configuring the SSL port (including redirecting TCP to SSL). v Accessing the server -- such as who can access the server and how. For more information on server access settings, see the chapter Controlling Access to Domino Servers.
Setting up Internet Site documents on a Domino server

Do the following to set up basic Internet Site functionality on a Domino server. 1. Create Internet Sites document for the Internet protocols you want to use. 2. Set up security for each Internet Site document. 3. Enable Internet Site documents on the server.
For service providers only

Internet Site documents are required for hosted organizations. These documents control each hosted organizations use of Internet protocols. A hosted organization can only use an Internet protocol if the hosted organization has an Internet site document for that protocol. A shared IP address may be used for all hosted organizations, or unique IP addresses may be set up for each hosted organization. Internet Site documents link IP addresses to the individual hosted organizations for each Internet protocol. When registering hosted organizations, you have the option to create Internet Site documents during hosted organization registration, or you can choose to create them later. Service providers need to consider the following when using Internet Site documents: v Each hosted organization has one Web Site document that can be created during hosted organization registration. You must create this initial Web Site document to activate the HTTP protocol. If you have multiple Web sites, you need one individual Web Site document for each additional Web site for each organization. If the hosted organization supports DOLS, the Web Site document must contain the name of the DSAPI filter file name. For more information, see the topic To configure DOLS on a server that uses Web Site documents in this chapter. v You must create one mail protocol Site document (IMAP, POP3, or SMTP) for each protocol used by each organization. v In a hosted environment, Domino IIOP (DIIOP) can use the information in the IIOP Internet site document to define the scope of the Domino Directory used to validate users. With DIIOP, you can use any Java(TM) code running on any server on the network. v If your configuration has one IP address that is shared by multiple hosted organizations, HTTP, IMAP, LDAP, POP3, and SMTP are the available protocols. For IMAP, LDAP, POP3, and SMTP users, the name provided during authentication must be the users Internet e-mail address, so that the server knows the organization of which each user is a member. Anonymous access to LDAP is not supported in this configuration.
103
v To enable SSL for a hosted organization, you must enter the server IP address in the field Host names or addresses mapped to this site on the Basics tab of the Internet Site document.
Creating an Internet Site document

You can create Internet Site documents for Web, IMAP, POP3, LDAP, SMTP Inbound, and IIOP Internet protocols. You create one document at a time. To create an Internet Site document: 1. From the IBM(R) Lotus(R) Domino(TM) Administrator, click Configuration Web - Internet Sites. 2. Click Add Internet Site, and select the type of Internet Site document to create. 3. Click the Basics tab, and complete these fields:
Field Action
Descriptive name for this site (Optional) Enter a name that differentiates this site from all others that you create. This name appears in the Internet Sites view in this format: the type of Internet Site, the descriptive name, and the host name or address. For example: Web Site: MyWebSite (www.acme.com) If you do not enter a name, the default name is the type of Internet Site document with the host name or address appended. For example: POP3 Site: (www.acme.com) For hosted environments -- The default descriptive name is a combination of the hosted organization name with the type of site document appended. For example, a Domino IIOP site with a hosted organization name of Acme would Acme IIOP Site. Organization (Required for all Internet Site documents) Enter the name of the registered organization that hosts the Internet Site document. The name must correspond to the organizations certifier. Note: For Web Sites set up in a non-service provider configuration, this name can be any suitable word or phrase. (Web Site documents only) Choose one: v Yes -- This Web site processes incoming HTTP requests if Domino cannot locate the Web sites that were entered in the Host names or addresses mapped to this site field. v No (default) -- This Web site does not process incoming HTTP requests for which Domino cannot locate a Web site.
Use this Web site to handle requests which cannot be mapped to any other Web sites
104
Field Host names or addresses mapped to this site
Action (Required for all Internet Site documents) Enter the target host names or IP addresses that trigger a connections use of this Internet Site document. If the site is set up for SSL, you must specify IP addresses. For hosted environments -- When creating Domino IIOP Site documents, the first host name IP address that is on this list will be used to advertise DIIOPs service creating diiop_ior.txt. Therefore, it is recommended that each Domino server have its own Internet Site document.
Domino servers that host this (Required for all Internet Site documents) Enter the name of site one or more Domino servers that host this site. You can use any variation of distinguished name (for example, Server1/Sales/Acme) as well as wildcards (for example, */Acme). The default is (*), which means that all servers in the domain can host this site. If you leave the field blank, the Internet Site will not be loaded on any Domino server.
4. For all Internet Site documents, complete the settings on the Security tab. 5. Some Internet Sites require additional configuration. The table below indicates the Internet Site documents that require additional configuration, and the locations for settings in those documents for enabling additional configuration information unique to those protocols.
Document Web Site Complete v Configuration tab v Domino Web Engine tab IMAP Site IIOP Site v Public Folder tab v Configuration tab
6. Save and close the document.
Setting up security for Internet Site documents

To set up security for Internet Site documents, you can enable SSL server and client authentication, name-and-password authentication, or anonymous access for Internet and intranet clients. In order to enable SSL for Internet Sites, you must configure the SSL port on the Server document and set up SSL on the server by obtaining a server certificate and key ring from an Internet certificate authority. To set up SSL authentication, you must create a server key ring file for each Internet Site document. However, if the Internet site documents are for the same organization, but are created for different protocols, a single server key ring file can be used. Be sure to enter the server key ring file name in the appropriate field on the Security tab of each site document.
105
If you want to use Certificate Revocation Lists (CRL) for Internet certificate authentication, the server must be using a IBM(R) Lotus(R) Domino(TM) server-based certification authority for issuing Internet certificates. Note: For Web sites, the common name on the server key ring must match the DNS name to which the IP address in the Web Site document is mapped. The IP address must be stored in the field Host name or addresses to map to this site, which is located on the Web Site document. If you enable Redirect TCP to SSL in a Web Site document, both the host name and the IP address must be stored in this field. You should be familiar with SSL authentication, name and password authentication, and anonymous access before completing these steps. For more information about SSL authentication, see the chapter Setting Up SSL on a Domino Server. For more information about name-and-password authentication and anonymous access, see the chapter Setting Up Name-and-Password Authentication and Anonymous Access on a Domino Server. To set up security for Internet Site documents: Note: In IBM(R) Lotus(R) Domino(TM), it is possible to effectively prohibit access to an Internet Site by selecting no for all authentication options in an Internet Site Document. These options include TCP authentication, SSL authentication, and TCP anonymous access. 1. From the Domino Administrator, click Configuration - Web - Internet Sites. 2. Choose the Internet Site document to modify, and click Edit Document. 3. Click Security, and complete these fields:
Field TCP Authentication Anonymous (Applies to all Internet sites, except IMAP and POP3) Choose one: v Yes -- To allow anonymous access to this site v No -- To prohibit anonymous access Name & password Choose one: v Yes -- To require a user to authenticate with the users name and Internet password to access the site v No -- To not require name and password authentication Redirect TCP to SSL (Applies to Web Site only) Choose one: v Yes -- To require clients and servers to use the SSL protocol to access the Web site v No -- To allow clients and servers to use SSL or TCP/IP to access the Web site SSL Authentication Enter
106
Field Anonymous
Enter (Applies to all Internet sites, except IMAP and POP3) Choose one: v Yes -- To allow users access over the SSL port without authenticating with a name and password v No -- To deny users anonymous access
Name & password
Choose one: v Yes -- To require a user to authenticate with user name and Internet password in order to access this site using SSL v No --To not require a name and password
Client certificate
(Applies to Web Site, IMAP, POP3, and LDAP) Choose one: v Yes -- To require a client certificate for access to this site v No -- To not require a client certificate
SSL Options Key file name Protocol version Enter the name of the server key ring file. Choose one: v V2.0 only -- Allows only SSL 2.0 connections. v V3.0 handshake -- Attempts an SSL 3.0 connection. If this fails and the requester detects SSL 2.0, attempts to connect using SSL 2.0. v V3.0 only -- Allows only SSL 3.0 connections. v V3.0 with V2.0 handshake -- Attempts an SSL handshake, which displays relevant error messages. Makes an SSL 3.0 connection if possible. v Negotiated (default) -- Attempts an SSL 3.0 connection. If this fails, attempts to use SSL 2.0. Use this setting unless you are having connection problems caused by incompatible protocol versions. Accept SSL site certificates Choose one: v Yes -- To accept the certificate and use SSL , even if the server does not have a certificate in common with the protocol server v No (default) -- To prohibit the acceptance of SSL site certificates for access Accept expired SSL certificates Choose one: v Yes -- To allow clients access, even if the client certificate is expired v No -- To prohibit client access using expired SSL certificates Check for CRLs Choose one: v Yes -- To check the certifiers Certificate Revocation List (CRL) for the user certificate you are attempting to validate. If a valid CRL is found and the user certificate is on the list, the user certificate is rejected. v No -- To not use Certificate Revocation Lists Trust expired CRLs Choose one: v Yes -- To use expired but otherwise valid Certificate Revocation Lists when attempting to validate user certificates v No -- To reject expired Certificate Revocation Lists
107
Field
Enter v Yes -- If the attempt to locate a valid Certificate Revocation List fails, proceed as if Check for CRLs is set to No. v No -- If a valid Certificate Revocation List for the user certificate is not found, reject the certificate. If Trust expired CRLs is set to Yes, an expired CRL is valid. If Trust expired CRLs is set to No, the authentication will fail for every user certificate for which a matching valid CRL is not located.
Allow CRL search to fail Choose one:
SSL Security SSL ciphers Click Modify to change the SSL cipher settings for this site document. These settings apply only to SSL v3. SSL v2 ciphers cannot be changed. Choose Yes to enable SSL v2 for this site document.
Enable SSL V2
4. Save the document.
Enabling Internet Sites on a server

If you enable the use of Internet Sites on an IBM(R) Lotus(R) Domino(TM) server, the server obtains Internet protocol configuration information from site documents. Comparable configuration settings in the Server document are not used. If the use of Internet Sites is not enabled, comparable Server document settings are used to obtain protocol configuration information. You can only use the Internet Sites view for Domino servers. Note: Each time you start or restart HTTP, a console message indicates whether the HTTP task is using Internet Sites or the Server document (Web Server Configurations view) to obtain Internet protocol configuration information. To 1. 2. 3. enable Internet Sites on a server:
Open the Server document you want to edit, and click Edit Server. Click the Basics tab. In the Basics section, enable Loads Internet configurations from Server/Internet Sites documents. 4. Save the document. 5. Restart the server.
Note: The HTTP task is backward-compatible with the Web Server Configurations view.
Starting and shutting down the Domino server

Start the IBM(R) Lotus(R) Domino(TM) server so users can access shared databases and obtain other server services. Do not enter keystrokes or click the mouse while the Domino server is starting or shutting down. Note: If the server program is running, do not use CTRL+S to stop scrolling the console, because no server services take place until you press a key to continue.
108
To start the server

Operating system Microsoft(R) Windows(R) UNIX(R) Action Choose Start - Programs - Lotus Applications - Lotus Domino Server. Enter the path for the Domino program directory. For example, if you installed Domino in the /opt directory, enter: /opt/ibm/lotus/bin/server
To shut down the server

Enter either exit or quit at the console. It may take ten seconds or more for the server to shut down.
Starting Domino as an application or a Windows service

If you have installed IBM(R) Lotus(R) Domino(TM) as a Microsoft(R) Windows(R) service, when you start the Domino server, a dialog box appears prompting you to specify whether to start Domino as an application or a Windows service. 1. On the Lotus Domino Server dialog box, choose one: v Start Domino as a Windows service -- Starts the Domino server as a Windows service. Domino then runs like any Windows service. If you choose this option without selecting either of the check boxes, the next time you start Domino, this message displays Lotus Domino is installed as a Windows service. The dialog box does not display again. If you choose this option and you select the Always start Domino as a service at system startup, Domino always starts as a Windows service and this dialog box no longer appears at start up. The Dont ask me again check box does not apply to the Start Domino as a Windows service due to the way that Windows services work. v Start Domino as a regular application -- Starts the Domino server as any application would be started. This is the traditional method for starting and running the Domino server. If you choose this option without selecting either of the check boxes on the dialog box, the next time Domino starts, you are prompted with this dialog box again. If you choose this option and you select the Dont ask me again check box, you are not prompted with this dialog box again and Domino always starts as an application. If you choose this option and select the check box Always start Domino as a service at system startup Domino runs as an application during the current session. The next time you start the server, Domino runs as a Windows service. 2. Optionally, you can also choose neither of the following, one of the following, or both: v Always start Domino as a service at system startup -- Select this check box if you want Domino to always start as a Windows service. Once you select this option and click OK, you can not change your selection using this dialog box.
109
v Dont ask me again -- Select this check box if you do not want to be prompted again when the Domino server starts. After you select this check box and click OK, you will not be able to reset your selections using this dialog box. 3. Click OK. When run as a Windows service, Domino runs as any other Windows services runs. Some of the benefits associated with running Domino as a Windows service are listed below. v If you select Automatic for starting services, Windows services are started when the system starts. v Windows services can be controlled via the Windows service manager. The Windows service manager can be used remotely. v Services continue to run even when you log off the system.
Using instant messaging in the Domino Directory

The IBM(R) Lotus(R) Domino(TM) Directory is now enabled for instant messaging, meaning that you can conduct an online chat directly from the Domino Directory. The instant messaging Chat feature is available only if you have a Sametime server, and only for Microsoft(R) Windows(R) versions of IBM(R) Lotus(R) Domino(TM)/Notes. Chats are interactive, real-time text conversations. From the People document, Group document, and from the Domino Directory itself there is a Chat option in the menu bar. You can perform these instant messaging activities: v Click Chat and you can choose from the following options: v Chat with -- Open a chat with the person whose name is currently selected in the open document or directory. v Add to Instant Contact List -- Add the selected persons name to an instant messaging contact list that you choose. v Show/Hide Contact List -- Toggles between displaying the names in the contact list and hiding the list.
110
Chapter 4. Setting Up and Using Domino Administration Tools

This chapter explains how to install and navigate the IBM(R) Lotus(R) Domino(TM) Administrator. It also includes information on setting up and using the IBM(R) Lotus(R) Domino(TM) Web Administrator, which allows you to administer a Domino server using a browser.
Installing the Domino Administrator

When you install and set up an IBM(R) Lotus(R) Domino(TM) server, the Server Setup program does not install the Domino Administrator, which is the administration client. You must run the Domino Administrator client setup to install the Domino Administrator client. There are many ways to set up your Administrator client installation. Do not install the Domino Administrator on the same system on which you installed the Domino server. Doing so compromises Dominos security and impairs server performance. For more information on installing the Domino clients, including the Domino Administrator, see the chapter, Setting Up and Managing Notes Users.
The Domino Administrator

The IBM(R) Lotus(R) Domino(TM) Administrator is the administration client for IBM(R) Lotus(R) Notes(R) and Domino. You can use the Domino Administrator to perform most administration tasks. You can administer the Domino system using the local Domino Administrator or using the IBM(R) Lotus(R) Domino(TM) Web Administrator. Information about the Domino Administrator in this section includes: v v v v v v Domino Administrator installation Setting up and starting the Domino Administrator Selecting a server to administer in the Domino Administrator Setting Domino Administrator preferences Navigating Domino Administrator How administrative tasks are organized on the Domino Administrator tabs
Note: The Domino Administrator client also offers Domino domain monitoring (DDM) which you can use to view the overall status of multiple servers across one or more domains, and then use the information provided by DDM to quickly resolve problems. For more information about Domino domain monitoring, see the chapter Domino Domain Monitoring.
Setting up the Domino Administrator

1. Make sure the IBM(R) Lotus(R) Domino(TM) server is running. 2. Start the Domino Administrator.
111
3. The first time you start the Domino Administrator, a setup wizard starts. After you answer the questions displayed by the setup wizard, the Domino Administrator client opens automatically.
Starting the Domino Administrator

There are several ways to start the IBM(R) Lotus(R) Domino(TM) Administrator. 1. Make sure the Domino server is running. 2. Do one: v From the Microsoft(R) Windows control panel, click Start - Programs - Lotus Applications - Lotus Domino Administrator. v Click the Domino Administrator icon on the desktop. v From the IBM(R) Lotus(R) Notes(R) client, click the Domino Administrator bookmark button or choose File - Tools - Server Administration.
Navigating Domino Administrator

The user interface for the IBM(R) Lotus(R) Domino(TM) Administrator is divided into four panes. Clicking in one pane dynamically updates information in other panes.
Server pane
The server pane displays the servers in the domain, grouped in different views. For example, you can view all servers in the domain or view them by clusters or networks. To pin the server pane open, click the pin icon at the top of the server pane.
Task pane
The tasks pane provides a logical grouping of administration tasks organized by tabs. Each tab includes all the tasks associated with a specific area of administration. For example, to manage the files located on a particular server, select a server and click the Files tab.
Results pane
The appearance of the results pane changes, based on the task you are performing. For example, the results pane may display a list of files, as on the Files tab, or an active display of real-time processes and statistics, as on the Server - Monitoring tab.
Tools pane
The tools pane provides additional functions associated with a selected tab. For example, from the Files tab you can check disk space and perform tasks associated with files.
Window tabs
Use window tabs to switch from one open window to another in the Domino Administrator. Every time you open a database or a document, a new window tab appears beneath the main menu bar.
Domains
You can access the servers in each domain that you administer. Click a domain to open the server pane.
112
Bookmark bar
The Bookmark bar organizes bookmarks. Each icon on the Bookmark bar (running down the left edge of the Domino Administrator window) opens a bookmark or a list of bookmarks, which can include Web browser bookmarks.
Selecting a server to administer in the Domino Administrator

To administer a server, you select the server from a server list. You can have multiple server lists, each of which is represented by a button. After you select a server, information about that server appears in all the tabs.
Button Favorites Description Lists your favorite servers -- that is, those you administer most frequently. To add a server to Favorites, choose Administration - Add Server to Favorites, and then specify the name of the server to add. Lists all servers in a domain. You can also view servers by hierarchy or by network.
Domain
For more information on adding domains, see the topic Setting Basics Preferences, later in this chapter.
To update a server list

The first time you start the IBM(R) Lotus(R) Domino(TM) Administrator, the system automatically creates a server list, based on the domains listed in Administration Preferences. If you add new servers to the list, choose Administration - Refresh Server List.
Setting Domino Administration preferences

To customize the IBM(R) Lotus(R) Domino(TM) Administrator work environment, set any of these administration preferences.
Preference Basics Description v Select domains to administer v Add, edit, or delete domains v Set domain location setting v Select domain directory server v Specify Domino Administrator startup settings v Show Administrator home page v Refresh Server Bookmarks Files v Customize which columns appear on the Files tab v Change the order in which columns appear v Limit the types of files that the Domino Administrator retrieves Monitoring v Configure global settings used to monitor the server v Enable server health statistics and reports Registration Statistics v Select global settings to use to register users, servers, and certifiers v Select global settings for statistic reporting and charting v Enable statistic alarms while monitoring statistics
113
Setting Basics preferences

To manage IBM(R) Lotus(R) Domino(TM) domains, set Basics preferences. 1. From the Domino Administrator, choose File - Preferences - Administration Preferences. 2. In the Basics section, under Manage these Domino Domains do one: v Click New to add a domain, and then continue with Step 3. v Click Edit to edit an existing domain, and then continue with Step 3. v Click Delete to delete an existing domain 3. Complete these fields:
Field Domain name Domino directory servers for this domain Action Enter the name of the domain to add, or edit an existing name. Enter one or more directory servers, separated by commas, or edit the list. For example: Mail-E/East/Acme Mail-W/West/Acme What location settings do you want to use for this domain? Choose one: v Do not change location v Change to this location. Specify the location from which you want to manage this domain.
4. Under Domino Administrator Startup Settings, complete these fields:

Field On startup Action Do one: v Choose Dont connect to any server. v Choose Connect to last used server. v Choose Connect to specific server and then specify the startup domain and startup server. Automatically run in live console mode: Choose this option to open the Domino Administrator client with a live server console window. Enter Domino commands from this live console. Click to open databases that you specify on a server you specify when the Domino Administrator client is started, and then complete these fields: v Database(s): -- By default, this field contains the database file name for the Domino Domain Monitoring database (DDM.NSF). To add additional databases, enter the database file names, separated by commas. v Server -- Specify the name of the server on which the specified databases are stored.
Open specific database(s):
114
Field Show Administrator Welcome Page
Action Do one: v Check this box to see the Welcome page each time you start the Domino Administrator. v Uncheck this box if you do not want to see the Welcome page.
Refresh Server Bookmarks on Startup
Do one: v Check this box to update the servers bookmarks each time you start the Domino Administrator. If you are using Domino and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition, you check this box because server bookmarks must be up-to-date to allow all of the Domino and DB2 features to work correctly. v Uncheck this box if you do not want to refresh the servers bookmarks each time you start the Domino Administrator.
5. Click OK, or click Files to continue setting Administration Preferences.
Setting Files preferences

Setting Files preferences, you can customize which columns appear on the Files tab, change the order in which columns display, and limit the types files the IBM(R) Lotus(R) Domino(TM) Administrator retrieves. By default, the Files tab displays columns in this order: v Title v File Name v Physical Path v v v v Files Format Size Out of Office Max Size
v Quota v Warning v Created v Last Fixup v Is Logged v Template v Out of Office v Space Used
To set Files preferences

1. From the Domino Administrator, choose File - Preferences - Administration Preferences. 2. Click the Files section. 3. Do one:
115
v To add a column, select a column from the Available Columns list and click the right arrow to add it to the Use these Columns list. v To remove a column, select a column from the Use these Columns list and click the left arrow to remove it from the list. 4. Click the up or down arrows to change the order of the columns in the Use these Columns list. 5. Check Retrieve only (NSF, NTF, BOX) Domino file types (faster) to limit the types of files retrieved. Uncheck this box to retrieve all file types. 6. Click OK or click Monitoring to continue setting Administration Preferences. For more information on setting Files preferences in the Web Administrator, see the topic Setting Files Preferences for the Web Administrator later in this chapter.
Setting Monitoring preferences

You can use the default Monitoring preferences or customize them. 1. Choose File - Preferences - Administration Preferences. 2. Click Monitoring, and then complete the Global settings for Monitoring:
Field Do not keep more than <n> MB of monitoring data in memory (4 - 99MB) Not responding status displayed after <n> minutes of inactivity Generate server health statistics and reporting Action Enter the maximum amount of virtual memory, in MB, used to store monitoring data. Default is 4. Enter the amount of time after which the not responding status displays. The default is 10 minutes. Select this option to include health statistics in charts and reports. Note: You must enable this option to use the Server Health Monitor.
3. In the Location section, complete these fields:

Field When using this location Monitor servers Action Choose the Location document. Do one: v Choose From this computer to monitor servers from the local IBM(R) Lotus(R) Domino(TM) administration client. v Choose From server and then click Collection Server. Select the Domino server running the Collector task for the servers being monitored by the location you selected. Poll server every <n> minutes (1-60 minutes) Enter the servers polling interval, in minutes. v If From this computer is selected, the default is 1 minute. v If From server is selected, the default is 5 minutes. Automatically monitor servers at startup Select this option to start the Domino Server Monitor when you start the Domino Administrator.
116
Setting Registration preferences

Within the IBM(R) Lotus(R) Domino(TM) Administrator, you can set default registration preferences that apply whenever you register new certifiers, servers, and users. 1. From the Domino Administrator, choose File - Preferences - Administration Preferences. 2. Click Registration. 3. Complete any of these fields:
Field Action
Registration Domain Select a domain from the list. The registration domain is the domain into which users and servers are registered. Create Notes IDs for Click to create a Notes ID for each new user during the registration new users process. Certifier name list Choose a certifier ID to use when creating the user name during user registration when a Notes user ID is not being created for the user. This field appears if the check box Create a Notes ID for this person is not selected. If you are working in a hosted environment and are registering a user to a hosted organization, be sure to register that user with a certifier created for that hosted organization. Certifier ID Do one: v Choose Certifier ID to use the certifier ID and password. Then click Certifier ID, select the certifier ID file, and click OK to select the certifier ID used to register new certifiers, servers, and users. v Choose Use CA Process to use the Domino server-based certification authority. Registration Server Click Registration Server to change the registration server, which is the server that initially stores the Person document until the Domino Directory replicates. Select the server that registers all new users, and then click OK. If you do not explicitly define a registration server, it is, by default: v The local server if it contains a Domino Directory v The server specified in NewUserServer setting in the NOTES.INI file v The administration server Explicit policy If you already created explicit policies, select the policy from the list. If you have not created explicit policies, this field displays None Available. Select a profile. The default is none. You can assign either a policy or a user setup profile, but you cannot assign both to the same users.
User Setup Profile
117
Field Mail Options
Action Click Mail Options to display the Mail Registration Options dialog box. Choose one of the following and complete any required associated fields: v Lotus Notes (default) -- The Internet address is automatically generated. v Other Internet -- The Internet password is set by default during registration. Enter a forwarding e-mail address. v POP -- The Internet address is automatically generated during registration, and the Internet password is set by default during registration. v IMAP -- The Internet address is automatically generated during registration, and the Internet password is set by default during registration. v Domino Web Access -- When you choose this option, you are prompted as to whether you want to set additional Domino Web Access settings. v Other -- Enter a forwarding e-mail address. v None Note: If you select Other or Other Internet, you will need to enter a forwarding address for the user during user registration. The forwarding address is the e-mail address to which the user wants their mail sent.
User ID/Password Options
Click User ID/Password Options Settings to open the Person ID File Settings dialog box. Do any of these: v Person ID folder -- Choose a folder or enter a directory path in which to store the ID files generated for this user during registration. v Person password quality -- Set a new password quality for the ID files that are generated for this user during registration. The default for a user ID is 8. v Public key specification -- The public key specification that you use impacts when key rollover is triggered. Key rollover is the process used to update the set of Notes public and private keys that is stored in user and server ID files. Choose one: Compatible with all releases (630 bits), Compatible with Release 6 and later (1024 bits). Note: For information about the significance of the public key specification and key rollover, see the topic User and server key rollover. v License type -- Choose either North American (default) or International. In practice, there is no difference between a North American and an International ID type.
Advanced Options
Click Advanced Options to open the Advanced Person Registration Options dialog box on which you can specify the following: v Whether to keep registered users in the registration queue v Whether to attempt to register users with an error status from a previous registration attempt v Whether to prompt for duplicate files v Whether to search all directories for duplicate names v Other registration settings
118
Field Server/Certifier Registration
Action Click to open the Server Certifier ID File Settings dialog box on which you can define the directories in which to store certifier IDs and server IDs and specify the default password quality setting for each.
4. Click OK. For more information about explicit policies, see the topic Organizational and explicit policies and for more information on Advanced Options, see the topic Using Advanced Notes user registration with the Domino Administrator.
Setting Statistics preferences

You set statistics preferences to enable statistics reporting and statistics charting. The Statistics section in Administration preferences is also where you specify the polling and reporting time interval used for gathering and reporting statistics. You also enable statistic alarms for use with statistic event generators. If you create statistics event generators to report alarms, you must enable statistics alarms.
To set statistics preferences

1. From the IBM(R) Lotus(R) Domino(TM) Administrator, choose File - Preferences - Administration Preferences. 2. Click Statistics. 3. Complete these fields:
Field Generate statistic reports while monitoring or charting statistics Action Do one: v Enable the field and then specify, in minutes, how often to create statistics reports in the Monitoring Results database (STATREP.NSF). Default is 45 minutes. The value must be greater than the monitoring poll interval specified in the Monitoring preferences. v Disable the field if you do not want to create statistics reports or charts. Check statistic alarms while monitoring or charting statistics Do one: v Enable the field to report an alarm when a statistic exceeds a threshold. You must enable this field to generate a statistic events. Alarms are reported to the Monitoring Results database (STATREP.NSF). v Disable the field if you do not want to generate alarms. Chart statistic using same poll interval as monitoring Do one: v Enable the field to use the poll interval specified in the Monitoring preferences. v Disable the field to set a charting interval that is different than the poll interval. Then specify a time interval in which to chart statistics. The default is 20 seconds.
4. Click OK.
119
Tools and preferences for debugging in the Domino Administrator

The IBM(R) Lotus(R) Domino(TM) Administrator client offers several tools and one set of preferences for debugging errors. From the Domino Administrator, choose Files - Tools and then choose one of these: v Debug LotusScript -- Enables LotusScript(R) debugging. When a check mark appears to the left of the Debug LotusScript option, LotusScript debugging is enabled. For more information about LotusScript debugging, see the IBM(R) Lotus(R) Domino(TM) Designer documentation, topic Using the LotusScript Debugger. v Remote LotusScript Debugger -- Opens the Domino Debugger. The remote debugger allows debugging of LotusScript agents running on remote servers. For more information about remote debugging, see the Domino Designer documentation, topic Using the Remote Debugger. v Show Java Debug Console -- Opens the Java(TM) Debug Console window. For information about the Java Debug Console, see the Domino Designer documentation, topics Writing Java in an agent, Running a Java program, and other related topics. v Java Debugging Preferences -- Opens the Java Debugging Preferences dialog box. For information, see the topic Enabling Java Debugging.
Enabling Java Debugging

The Domino Administrator supports Java debugging in the following contexts. Each context has its own JVM. Only one user can debug at a time in each context. v Foreground -- Java code that runs in the Domino Administrator client interactively, for example, an agent triggered from the Actions menu. v Background -- Java code that runs in the Domino Administrator client under control of the task loader, for example, a locally scheduled agent. v Web preview -- Java code being previewed in a browser through Domino Designer, for example, an applet on a form. Java code from a script library runs in the context of the calling code.
To enable and disable Java debugging on the Domino Administrator

Java debugging is disabled by default. 1. From the Domino Administrator, choose Files - Tools - Java Debugging Preferences. The Java Debugging Preferences dialog box appears. 2. Do one or more of these: v To enable foreground debugging, click Client Agents/Applets, and then specify a port number to connect the IBM(R) Lotus(R) Notes(R) and debugger computers. Deselect to disable. v To enable background debugging, click Locally Scheduled Agents, and then specify a port number to connect the Notes and debugger computers. Deselect to disable. v To enable Web preview debugging, click HTTP Preview, and then specify a port number to connect the Domino Administrator client and debugger computers. Deselect to disable. Note: Specifying a port number may require several attempts before you locate a free port.
120
If you change the foreground or background preference, the Domino Administrator must be restarted. If you change the Web preview preference, the preview must be restarted.
Domino Administrator tabs

General administration tasks are organized by the tabs described in the following table. Click a tab to display its contents, or use the Administration menu to navigate among the tabs. For example, to move from the Files tab to the Replication tab, choose Administration - Replication.
Tab People & Groups Files Server tabs Messaging Replication Configuration Use to administer People-related IBM(R) Lotus(R) Domino(TM) Directory items -such as, Person documents, groups, mail-in databases, and policies Databases, templates, database links, and all other files in the servers data directory Current server activity and tasks. This tab has five sub-tabs: Status, Analysis, Monitoring, Statistics, and Performance. Mail-related information. This tab has two sub-tabs: Mail and Tracking Center. Replication schedule, topology, and events All server configuration documents -- such as, the Server, Messaging Settings, Configuration Settings, and Server Connections documents.
People and Groups tab in the Domino Administrator

From the People and Groups tab, you perform these tasks to manage the IBM(R) Lotus(R) Domino(TM) Directory: v Register new users and groups v v v v Manage existing users, groups, mail-in databases, and other resources Assign policies to users and groups Assign roaming options and Internet settings to users Access the Tools panel from which you can access numerous features for managing users and groups
Files tab in the Domino Administrator

From the Files tab, you perform these tasks to manage database folders and links: v Access a folder and one or more files inside the folder v Select the type of files to display -- for example, display only databases or only templates v Move or copy a database by dragging it onto an IBM(R) Lotus(R) Domino(TM) server on the bookmark bar v View out of office status, that is, who is using the out of office service and is currently out of the office. the Out of Office column contains a Yes for those users. v Manage databases -- for example, compact databases and manage ACLs v View disk size and free space on the C drive
121
Server tabs in the Domino Administrator

There are five Server tabs: Status, Analysis, Monitoring, Statistics, and Performance.
Status
From the Status tab, you can: v See which server tasks are running, stop or restart them, or start new tasks v See who is connected to the server, including IBM(R) Lotus(R) Notes(R) users, browser and e-mail clients v v v v See which Notes databases are currently in use Access the live remote console of the server Monitor the schedule of programs, agents, mail routing and replication Access the Tools panel from which you can access server status related tools.
Analysis
From the Analysis tab, you can: v View, search, and analyze the log file (LOG.NSF) v Access the database catalog on the server v Access the Monitoring Results database (STATREP.NSF) v Manage Administration Process requests v Access the Tools panel from which you can find a specific server, review activity data and access other server analysis related tools.
Monitoring
From the Monitoring tab, you can: v Check the status of IBM(R) Lotus(R) Domino(TM) servers v Check server availability and sort servers by state or timeline v View the current status of tasks running on each server and view selected statistics v Monitor server health status and access server health reports
Statistics
From the Statistics tab, you can see the real-time statistics for the current status of the Domino system.
Performance
From the Performance tab, you can: v View statistic charts for server performance in real time v Chart historical server performance over a selected period of time v Manage server activity trends v Perform resource load-balancing among servers
Messaging tabs in the Domino Administrator

There are two messaging tabs.
Mail
From the Mail tab, you can: v Manage the mailboxes on the server v Check mail v Manage shared mail
122
v v v v
View mail routing status Monitor the log file for routing-related events Run reports on messaging use Access the Tools panel from which you can access additional Messaging features such as stopping and starting the router
Tracking Center
From the Tracking Center tab, you can issue tracking requests to track messages. You must enable the Tracking Center tab in the IBM(R) Lotus(R) Domino(TM) Web Administrator. For more information on enabling the Tracking Center for the Web Administration, see the topic Message-tracking in the Web Administrator later in this chapter.
Replication tab in the Domino Administrator

From the Replication tab, you can: v View the server replication schedule v Check the log file for replication events v View replication topology maps related to the server
Configuration tab in the Domino Administrator

From the Configuration tab, you can configure all server options, settings, and configurations for various subsystems including: v v v v Security Monitoring Messaging Policies
v Replication v Directory services v Off-line services You can also access a Tools panel from which you can access numerous server-related features such as server registration, setting up ports, secuting the console and numerous other features.
Domino Administrator tools

Most tabs on the IBM(R) Lotus(R) Domino(TM) Administrator include a set of tools that change based on the selected tab. For example, the People and Groups tab includes two tools: one for managing people and one for managing groups. To hide or show the Tools panel, click the triangle. To choose a specific tool, click the triangle to expand or collapse the tools options. Hiding tools on one tab does not hide tools on other tabs. You can also access tools using: v Right click -- Select an object that has an associated tool and right click. For example, on the People & Groups tab, right-click a Person document to access the People tools. v Menus -- For each tab that has tools, the appropriate tools menu appears in the menu bar. For example, when you click the Files tab, the Files menu appears.
123
The following table describes the tools that are on each tab.
Tab People & Groups Tools v People v Groups Files v Disk Space v Folder v Database v DB2 Groups Server - Status v Task v User v Ports v Server Server - Analysis Messaging Configuration v Analyze v Messaging v Certification v Registration v Policies v Hosted Org v Server v DB2 Server
Web Administrator
If you have a browser and want to manage and view settings for an IBM(R) Lotus(R) Domino(TM) server, you can use the IBM(R) Lotus(R) Domino(TM) Web Administrator to perform most of the tasks that are available through the Domino Administrator. This section includes the following information about the Domino Web Administrator: v Setting up the Web Administrator v Setting up access to the Web Administrator database (WEBADMIN.NSF) v Giving additional administrators access to the Web Administrator and assigning roles v Managing policies with the Web Administrator v Registering users and servers with the Web Administrator v Setting Files preferences for the Web Administrator v Starting the Web Administrator v Using the Web Administrator with service providers v Using the Web Administrator
Setting up the Web Administrator

The IBM(R) Lotus(R) Domino(TM) Web Administrator uses the Web Administrator database (WEBADMIN.NSF). The first time the HTTP task starts on a Web server, IBM(R) Lotus(R) Domino(TM) automatically creates this database in the Domino data directory. However, you need to make sure that the Web browser and server meet these requirements for the Web Administrator to run.
124
Web browser requirement

The IBM Lotus Domino 8 Web Administrator works with the following browsers: v Microsoft Internet Explorer 6.x and 7.x (on Microsoft(R) Windows(R) platforms only) v Mozilla Navigator 1.4x and higher v Mozilla Firefox 1.0x, 1.5x and 2.0x For the most current information about supported browsers, see the Release Notes.
Domino server tasks required

You must have the following Domino server tasks running: v The Administration Process (AdminP) server task must be running on the Web Administrator server. v The Certificate Authority (CA) process must be running on the Domino server that has the Issued Certificate List database on it to register users or servers. v The HTTP task must be running on the Web server so that you can use a browser to access it.
To set up the Web Administrator

1. Make sure that the server you want to administer is set up as a Domino Web server and that it is running the HTTP task. The Domino Web server does not have to be a dedicated server, you can use it for other server tasks, such as mail routing and directory services. You can administer only the servers you set up as Domino Web servers. 2. Set up administrator access to the Web Administrator database (WEBADMIN.NSF). For more information on setting up the Domino Web server, see the chapter Setting Up the Domino Web Server.
Setting up access to the Web Administrator database

IBM(R) Lotus(R) Domino(TM) automatically sets up default database security when the IBM(R) Lotus(R) Domino(TM) Web Administrator database (WEBADMIN.NSF) is created for the first time. At that time, all names listed in either the Full Access Administrators or Administrators fields of the Server document are given Manager access with all roles to the Web Administrator database. In addition, the HTTP server task periodically (about every 20 minutes) updates the Web Administrator database ACL with names that have been added to the Server document in either the Full Access Administrators or Administrators fields, but only if the names are not already on the ACL list. For more information on how the HTTP server task synchronizes names in the Server document with those on the Web Administrator database ACL, see Giving additional administrators access to the Web Administrator, later in this chapter.
Default database security

The default ACL settings for the Web Administrator database are listed below. You do not need to change these settings if the administrators name appears in the Administrators field of the Server document.
125
Access control list

Default name User and group names listed in either of these fields on the Server document: v Full Access Administrators v Administrators The name of the server -DefaultAnonymous OtherDomainServers Manager No access No access No access Access level Manager with all roles
Authenticating administrators
You can use either an Internet password or an SSL client certificate to access the Web Administrator. The Web Administrator uses either name-and-password or SSL authentication to verify your identity. The method the Web Administrator uses depends on whether you set up the server or the Domino Web Administrator database (WEBADMIN.NSF), or both to require name-and-password or SSL authentication. To access the Web Administrator database, you must have name-and-password authentication or SSL client authentication set up on the server. Name-and-password authentication is enabled for the HTTP protocol by default. To use name-and-password authentication, you must have an Internet password in your Person document. To use SSL client authentication, you must have a client certificate, and SSL must be set up on the server. For more information, see the chapters Setting up Name-and-Password and Anonymous Access to Domino Servers, Setting up Clients for S/MIME and SSL, and Setting up SSL on a Domino Server.
Giving additional administrators access to the Web Administrator

You can use the Server document as a convenient way to give additional administrators access to the IBM(R) Lotus(R) Domino(TM) Web Administrator. To add an administrator to the Web Administrator database (WEBADMIN.NSF) ACL, simply add the name to either the Full Access Administrators or Administrators field of the Server document. The HTTP server task routinely synchronizes the names listed in those fields of the Web Server document with those listed on the Web Administration database ACL. Names that are not already listed in the ACL are added with Manager access and all roles. Names that are already listed in the ACL, keep the access granted to them in the ACL. This preserves custom ACL settings, such as limiting the ACL roles of a particular administrator, from being overwritten. It also allows you to restrict administrators from using the Web Administrator, even though they are listed as administrator in the server document. If you delete an administrators name from the Server document, the name is also deleted from the Web Administrator database ACL automatically at the next synchronization. You can also give administrators access to the Web Administrator manually by adding them directly to the Domino Web Administrator database ACL. You can give an administrator full or partial access by restricting the roles assigned. The
126
role assigned to an administrator determines which commands are available to the administrator, and which tabs appear in the Web Administrator client. You cannot restrict roles when you add administrator access to the Web Administrator using the Server document. If you add a name using the server document, you must manually restrict access to the web Administrator through the Domino Web Administrator database ACL. To prevent an administrator from access, assign No access in the ACL. For more information on Web Administrator roles, see the topic Administrator Roles in the Web Administrator later in this chapter.
To update access to the Web Administrator database automatically

1. From the IBM(R) Lotus(R) Domino(TM) Administrator, click the Configuration tab. 2. Select the Server view, and open the Current Server Document for the Web Administration server. 3. Select the Security tab. 4. In one of these fields, enter the name of the administrator to whom you want to give access to the Web Administrator: v Full Access Administrators v Administrators 5. Click Save & Close
To update the Web Administrator database ACL list manually

You can manually add an administrator to the Web Administrator database ACL list. 1. From the browser using the Web Administrator, click the Files tab. 2. Select the Web Administrator database (WEBADMIN.NSF). 3. From the Tools menu, select Database - Manage ACL. 4. Click Add and add the administrator or group name to the ACL of the Web Administrator database. 5. In the Access field, select Manager. 6. Assign the roles. Assigned roles determine which commands and tabs appear in the Web Administrator. Tip: To select more than one role, hold down the Shift or Control key while selecting roles. Selected roles appear highlighted. 7. Do one of the following: v If the server requires name-and-password authentication, edit each administrators Person document and enter an Internet password. v If the server requires SSL client authentication, set up the browser for SSL. For more information on Managing ACL roles, see the chapter Controlling User Access to Domino Databases. For more information on SSL authentication, see the chapter Setting Up Clients for S/MIME and SSL.
Administrator roles in the Web Administrator

By default, the ACL gives Manager access and all roles to users named in the Administrators and Full Access Administrators fields on the Server document. However, you can restrict a Web administrators access to parts of the IBM(R) Lotus(R) Domino(TM) Administrator by limiting the assigned roles. Each role has a
127
corresponding tab and associated commands. When you restrict access, you also restrict which tabs appear in the IBM(R) Lotus(R) Domino(TM) Web Administrator. For example, if you assign only the People&Groups role to a Web Administrator, the People & Groups tab is the only tab that appears when that administrator uses the Web Administrator. The following table shows the roles that have been predefined for the Domino Web Administrator.
Role Files People&Groups Replication Configuration Mail MsgTracking ServerStatus ServerAnalysis ServerStatistic Tab Files People & Groups Replication Configuration Messaging - Mail Messaging - Tracking Center Server - Status Server - Analysis Server - Statistic
To restrict a Web administrators access, use the Manage ACL tool on the Files tab. For more information on managing ACL roles, see the chapter Controlling User Access to Domino Databases.
Starting the Web Administrator

When you start the IBM(R) Lotus(R) Domino(TM) Web Administrator, it displays the servers administration homepage (information about the server and the administrator using the server). It does not automatically open to a tab, you must choose a tab to begin using the Web Administrator. To return to the server administration homepage at any time, click the top left server icon in the Web Administrator bookmark bar.
To start the Web Administrator

1. Start the HTTP task on the server if it is not already running. 2. From the browser, enter the URL for the Web Administrator database on the server you want to administer. For example, enter:
http://yourserver.domain.com/webadmin.nsf
Or for SSL, enter:

https://yourserver.domain.com/webadmin.nsf
3. Enter your hierarchical, common name, or short name and your Internet password. 4. Click one of the tabs to being using the Web Administrator.
Using the Web Administrator

The IBM(R) Lotus(R) Domino(TM) Web Administrator is almost identical to the IBM(R) Lotus(R) Domino(TM) Administrator with very few exceptions. The user interface looks the same, and most menu options, dialog and information boxes are identical, although the Web Administrator may occasionally display additional information. For example, the Mail tab in the Web Administrator offers additional
128
mail specific statistics -- for example, Mail Routing Schedule, Mail Routing Statistics, and Mail Retrieval Statistics. This information is available in the Domino Administrator; however, it is not displayed the same way. In addition, there is a new Task tool on the Replication and Mail - Messaging tabs. You can use this tool to issue Tell commands, and to stop, start, and restart replication, router, and messaging tasks. The Web Administrator includes most of the Domino Administrator functionality. However, the Domino Server Monitor and performance charting are not available in the Web Administrator. And you can restrict further which commands and tabs are available by restricting the roles assigned to an administrator. Information on the availability of specific Web Administrator features and minor changes to how you access a feature are documented throughout the Domino Administrator help documentation.
Accessing online help

To access online documentation, use the Help button.
Additional buttons
The Domino Web Administrator includes these buttons that appear at to the right of the tabs. These do not appear in the Domino Administrator: v Sign out -- Use this to log out when you cannot or do not want to close the browser. v Preferences -- Use this to set Administration preferences. v Help -- Use this to access on-line help documents for the Domino Administrator. The mail bookmark displays in the bookmark area only if you have browsed to your home mail server.
Setting Files preferences for the Web Administrator

You can use the IBM(R) Lotus(R) Domino(TM) Web Administrator to set Files preferences.
Files preferences
By default, the Files tab in the IBM(R) Lotus(R) Domino(TM) Administrator displays information about database files in the following order; however, you can customize which columns display in the Web Administrator. The fewer columns you display, the faster the Files panel performs. v Title v v v v v v v v File Name Physical Path File Format Size Space Used Max Size Quota Warning
v Created v Last Fixup v Is Logged

129
v v v v v
Template Name Inherit From Type Replica ID Out of Office
To set Files preferences

By default, the Web Administrator displays all columns. You can add or delete columns from the display. Select a column name from the Use these Columns list and then click Add or Remove.
Registering users and servers with the Web Administrator

To use the IBM(R) Lotus(R) Domino(TM) Web Administrator to register new IBM(R) Lotus(R) Notes(R) users, you must use the IBM(R) Lotus(R) Domino(TM) server-based certification authority. Any request or task that requires a certifier ID file -- for example, migrate or modify ID -- is not available. To use the Web Administrator to register users or servers, you must have Registration Authority (RA) access in the server-based certification authority (CA). The server that is running the Web Administrator should also be listed as an RA but that role is not required for the server. If, however, the server is not listed as an RA, the administrator that is an RA must open the Administration Requests database and approve the administration request to register the user. You must assign the RA role in the Domino Administrator, not in the Web Administrator. To assign the RA role, use the Modify Certifier tool on the Configuration panel. You cannot set registration preferences in the Web Administrator. You must use the registration settings in the CA and in the Registration policy settings document. In the Web Administrator, you cannot configure a server for SSL during the server registration process. For more information about modifying certifiers, see the chapter Setting up a Domino Server-Based Certification Authority. For more information about user registration in the Web Administrator, and about creating and modifying groups, see the chapter Setting Up and Managing Notes Users. For more information about registering a server, see the chapter Installing and Setting Up Domino Servers.
Managing policies with the Web Administrator

The Policy tools on the Configuration and People & Groups tabs in the IBM(R) Lotus(R) Domino(TM) Administrator are not available in the IBM(R) Lotus(R) Domino(TM) Web Administrator. Therefore, from the Web Administrator, you cannot use the Policy Assign tool or the Policy Synopsis tool. If you create policies before you register users, you can assign them to users and groups during user registration. You can also edit a IBM(R) Lotus(R) Notes(R) users Person document and manually assign an explicit policy by specifying the name of the policy.
Working with policy documents

From the Web Administrator, you can use the Policies view in either the People & Groups or the Configuration tab to add, edit, or delete policy documents. To add or delete policy documents, use the buttons that display in the Results pane. In
130
this view, the names of policy documents are links. To edit one of these documents, click the link for the document you want to edit. Using the Web Administrator to delete policy documents is not recommended because doing so does not initiate the Administration Process requests required to remove all references to the deleted document from other policy documents. If you use the Web Administrator to create a desktop policy settings document, you cannot add the database links used to set up bookmarks or custom Welcome pages. For more information about managing policies and policy documents, see the chapter Using Policies.
Using the Web Administrator consoles

The IBM(R) Lotus(R) Domino(TM) Web Administrator includes two consoles, the Quick Console and the Live Console, which you access from the Server - Status tab. These consoles mirror the server console on the Server Status tab of the IBM(R) Lotus(R) Domino(TM) Administrator. Use the Live Console to send commands to a Web server running under a Server Controller. You can send Controller and shell commands, as well as Domino server commands. To use the Live Console, you must install Java(TM) Plug-in 1.4 or higher and enable it in your Web browser. Use the Quick Console to send commands to a Web server that does not run under a Server Controller. Or use it if you are unable to install or use the Java(TM) Plug-in in your browser. For more information on using the console in the Web Administrator to send commands, see the topic The Server Controller and the Domino Console, later in this chapter and the appendix Server Commands.
Message tracking in the Web Administrator

To use the IBM(R) Lotus(R) Domino(TM) Web Administrator to trace messages, you must first enable message tracking.
To enable message tracking

From the Web Administrator, click the Configuration tab. Open the Messaging view, and select Settings. Click Edit Message Settings. Select the Message Tracking tab. Under Basics, in the Message tracking field, select Enabled. The default is Disabled. 6. Under Access Settings, complete these fields: 1. 2. 3. 4. 5.
Field Allowed to track messages Action Select both of these: v Your name v LocalDomainServers Allowed to track subjects Select your name from the list
7. Click Save & Close.

131
Editing the NOTES.INI file and cleanup script in the Web Administrator
You must be a Full Access Administrator to edit the NOTES.INI file. You must have Administrator access or higher to view the NOTES.INI file, or to edit or view the cleanup script. For more information on editing the NOTES.INI file, see the appendix NOTES.INI File.
Signing out of the Web Administrator

When you finish using the IBM(R) Lotus(R) Domino(TM) Web Administrator, close the browser to end the session or click Sign out to end the session and clear your user name and password credentials so that unauthorized users cannot access the browser while the Web Administrator is still running.
The Server Controller and the Domino Console

The Server Controller is a Java(TM) based program that controls an IBM(R) Lotus(R) Domino(TM) server. Starting the Server Controller starts the Domino server it controls. When a server runs under a Server Controller, you can send operating system commands (shell commands), Controller commands, and Domino server commands to the Server Controller. For example, from a remote console, you can use Controller commands to kill Domino processes on a server that is hung or to start a Domino server that is down. You can use the Domino Console, a Java-based console, to communicate with a Server Controller. You can run the Domino Console on any platform except Apple Macintosh. Using the Domino Console, you can send commands to multiple servers. The Domino Console doesnt require a Notes ID, only a Domino Internet name and password, so you can connect to servers certified by different certifiers without having multiple Notes IDs or cross-certificates. You can customize output to the Domino Console -- for example, use local event filters to specify the types of events the Console displays. You can also log server output to log files and customize the appearance of the Console. The Domino Console functions strictly as a server console. Consequently, the Domino Console doesnt include the full set of Domino administration features that are available through the Domino Administrator and the IBM(R) Lotus(R) Domino(TM) Web Administrator, and you cant use it to open and manage IBM(R) Lotus(R) Notes(R) databases. The files needed to run the Server Controller and to run the Domino Console are provided with Domino and Notes. You can also use remote consoles in the Domino Administrator and Web Administrator to communicate with a Server Controller. For information on the available Controller commands and on using the Domino Administrator or Web Administrator to communicate with a Controller, see the appendix Server Commands.
Starting and stopping the Server Controller

Do the following to start the Server Controller, the IBM(R) Lotus(R) Domino(TM) server, and the Domino Console:
132
1. Shut down the Domino server, if it is running. 2. Start the Server Controller using the same command you normally use to start the Domino server but append the argument -jc. For example, if you run a server on Microsoft(R) Windows(R) XP from the directory c:\lotus\domino using a shortcut icon on the Desktop, use the following target for the shortcut:
c:\lotus\domin\nserver.exe -jc
The Server Controller runs in its own window. You can minimize a Server Controller window, but do not close or kill the window to stop the Server Controller. Instead, use the Controller Quit command from a console to stop a Server Controller and the server it controls. When you run a Server Controller, you no longer have access to the traditional console at the server. You can communicate only through the Domino Console or a console in the Domino Administrator or Web Administrator.
Optional arguments to use when running the Server Controller

Starting the Server Controller using only the argument -jc starts the Domino Server and the Domino Console along with the Server Controller. There are two optional arguments you can specify to change this default behavior: -c and -s. Use -c to prevent the Domino Console from running when you start the Server Controller. You might prevent the Console from running on a slow machine or a machine that is low on memory. If you use this argument and the Domino server ID requires a password, the Domino server starts without running its server tasks. To run the server tasks, you must connect to the Server Controller from a console and specify the server password when prompted. Use -s to prevent the server from running when you start the Server Controller. Use this argument along with -c so that someone who is directly at the server can start only the Server Controller, and then a remote administrator can start the server and specify a required server password remotely from a console.
Example nserver -jc nserver -jc -c nserver -jc -s nserver -jc -c -s Result Runs the Server Controller, the server, and the Domino Console Runs the Server Controller and the server Runs the Server Controller and the Domino Console Runs only the Server Controller
Starting and stopping the Domino Console

You can run the IBM(R) Lotus(R) Domino(TM) Console from any machine on which a Domino server or the Domino Administrator is installed. To use the Domino Console to communicate with a Domino server, the server must be running under a Server Controller.
To start the Domino Console

1. Make sure that the Domino server or the Domino Administrator is installed on the machine. 2. Run the following command directly from the program directory, or from a directory path that points to the program directory:
jconsole
133
Note: The Domino Console also starts by default when you start a Server Controller. For information on using the Domino Console, choose Help - Help Topics from the Domino Console menu.
To stop the Domino Console

1. From the Domino Console, choose File - Exit. 2. If the Console is currently connected to a Server Controller, when you see the prompt Exiting the Console by disconnecting all active connections. Do you want to continue? do the following: a. (Optional) To also stop a Domino server and Domino Server Controller running locally, select the option Also, bring down Domino (if running) and quit the local Server Controller - local server name. b. Click Yes.
134
Chapter 5. Planning for Notes client installation and upgrade

This section describes how to plan for, install, upgrade to, and configure the IBM(R) Lotus(R) Notes(R) client, including the Lotus Notes pre-installation checklist and installation documentation roadmap.
Products to install and order of installation

The following information lists the servers and products you need to install to use IBM(R) Lotus(R) Notes(R).
Servers to install
1. IBM(R) Lotus(R) Domino(TM) server. 2. (Optional) IBM(R) DB2(R) running with a Domino 8 server. Required if you want to create and use DB2 enabled Lotus Notes databases. 3. (Optional) IBM(R) Lotus(R) Sametime(R) server. Required if you want awareness and chat in the Lotus Notes client. 4. (Optional) Lotus Connections Server. Required if you want to use Activities from within the Lotus Notes client. For information, see the Lotus Connections documentation. 5. (Optional) IBM(R) WebSphere(R) Portal server. Required if you want to use composite applications that contain portlets. (Optional configuration) To use the Portal administrative user interface on the Portal server to administer both Domino and WebSphere Portal, configure Domino and Portal server federated administration. For information, see the topics Running the Domino-Portal integration wizard and Configuring Domino and Portal Server federated administration. Note: (Optional) Install WebSphere Portal composite application support for Lotus Notes, previously named Notes server client installer on the WebSphere Portal server. This is required in order to work with composite applications that contain portlets or to edit portlets using the Composite Application Editor.
Clients to install
1. Lotus Notes 8. This provides Mail, Calendar, Contacts, and options including IBM(R) Lotus(R) Productivity Tools, Composite Application Editor, Activities, and IBM(R) Lotus(R) Sametime(R) (integrated). Note: For Microsoft(R) Windows(R) users, if Lotus Notes version 6.5.x or 7.x is detected on the client, the installation program will upgrade it to Lotus Notes 8. Note: For Linux(R) users, upgrade from Lotus Notes version 7.x is not supported. Linux users should uninstall their existing Lotus Notes version and then install Lotus Notes 8. For Windows multi-user installation, the Lotus Notes client-only is available in the Notes.msi.w32 installation media kit. For Windows single user installation, the Lotus Notes, IBM(R) Lotus(R) Domino(TM) Administrator and IBM(R) Lotus(R) Domino(TM) Designer clients are available in the AllClient.msi.w32 installation media kit.
135
For Linux, the Lotus Notes client-only is available in the Notes.ismp.linux installation media kit. 2. (Optional) Domino Administrator and Domino Designer. For Windows single user installation, the Domino Administrator client and Domino Designer client are available, along with the Lotus Notes client, in the AllClient.msi.w32 installation media kit.
Lotus Notes installation documentation roadmap

You can find information and instructions for IBM(R) Lotus(R) Notes(R) administration, installation, and configuration using the following pointers. v For suggested hardware and software requirements, see the self-titled sections of the current release notes. v For IBM(R) Lotus(R) Domino(TM) server installation and setup, see this Domino Administrator help. Note: This Domino Administrator documentation contains information regarding setting up and using Domino and IBM(R) DB2(R). Information about the DB2 server is located in the DB2 Information Center at http:// publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp. v For IBM(R) Lotus(R) Domino(TM) Designer and LotusScript requirements, especially relative to composite applications, see the Lotus Domino Designer help at http://www.lotus.com/doc. In addition, see the following information on developing application components on supported platforms: Lotus Notes component and application development -- See the Application Design section of the Domino Designer help. Eclipse component and application development -- See the Eclipse Integrated Developer Environment (IDE) help system as well as documentation supplied with IBM(R) WebSphere(R) Portal and the Lotus Expeditor toolkit. Composite applications developed and used with WebSphere Portal -- See the Composite applications section of the documentation supplied with IBM WebSphere Portal. Composite applications developed with IBM Lotus Component Designer -See the Composite applications section in the Lotus Component Designer User Guide, available in the product help. Composite Application Editor -- See the help supplied with the Composite Application Editor. The Composite Applications Editor can be installed during Lotus Notes installation. Portal Application Template Editor -- See the documentation supplied with WebSphere Portal. Wiring Properties Editor -- This composite applications wiring properties editor is installed with Domino Designer and is documented in the Domino Designer help. It is also available in IBM(R) Lotus(R) Component Designer help. v For information about the IBM(R) Lotus(R) Expeditor runtime environment, as well as feature install and upgrade, see the Lotus Expeditor information center at http://publib.boulder.ibm.com/infocenter/ledoc/v6r1/topic/ com.ibm.help.ic.doc/wed_welcome_ic.html. Look for updates to this content as future Expeditor information centers become available.
136
v For IBM WebSphere Portal server and IBM WebSphere Application server installation and setup, see the information center at http:// publib.boulder.ibm.com/infocenter/wpdoc/v6r0/topic/com.ibm.wp.ent.doc/ wpf/welcome.html. Look for updates to this content as future Expeditor information centers become available. v For Sametime server setup, see the Sametime server installation documentation. v For information about installing the WebSphere Portal composite application support for Lotus Notes in support of composite applications that contain portlets, and other Portal-based elements, see the topic Installing the WebSphere Portal composite application support for Lotus Notes. Also see Specifying the home portal account using preferences and Specifying the home portal account using policy . v For information about installing and upgrading Lotus Notes clients, see the topic Lotus Notes pre-installation checklist. v For information about installing or upgrading to Lotus Notes, see the topic Setting up client installation and installation methods. v For information about uninstalling Lotus Notes, see the topic Uninstalling Notes . v For enabling and using third-party features, including customizing the installation, see the topic Enabling and using third-party feature installation and update in Notes v For deployment information about HTTP and NRPC provisioning of Eclipse components and composite applications, see the topic Configuring component update for composite applications and Enabling user-initiated update for Notes.
Lotus Notes pre-installation checklist

This IBM(R) Lotus(R) Notes(R) release includes both new and familiar functionality for mail, calendar, and contacts, with a new user interface capable of operating within a combination IBM(R) Lotus(R) Domino(TM) server and IBM(R) WebSphere(R) Portal server deployment. It includes the optional installation of the Composite Applications Editor, IBM(R) Lotus(R) Productivity Tools, Activities, IBM(R) Lotus(R) Sametime(R) (integrated), and any custom or third-party Eclipse features that you choose to add. This checklist lists the main steps you need to complete, or at least consider, before installing or upgrading to this Lotus Notes release. 1. Check the recommended software and hardware specifications for the systems on which you or your users will be installing. See the hardware and software requirements section of the release notes for details. 2. Read the topic Products to install and order of installation. 3. Read the topic Considerations before installing Notes on Windows or Considerations before installing Notes on Linux. 4. Determine how you want to install. For example, will users install the client themselves using an installation kit or a Smart Upgrade procedure, will you install a multi-user or single user environment, and if installing on Microsoft(R) Windows(R), will you use the Notes-only installer or the Allclient (Lotus Notes, Domino Administrator and Domino Designer clients) installer. 5. Familiarize yourself with installation and upgrade basics as presented in the Notes client installation and Smart Upgrade section of this guide. 6. Install or upgrade your Lotus Domino server.
137
7. (Optional) If you are installing IBM(R) DB2, see the release notes Domino and DB2 supported platforms and hardware and software requirements, Installing Domino and DB2 on Microsoft Windows platforms and Installing Domino and DB2 on IBM(R) AIX(R) and Linux(R) platforms. 8. Set Domino administrator settings for your users. 9. (Optional) Install or upgrade your Activities server if you will be enabling users to create, edit, or view activity documents from Lotus Notes. For Activities server setup, see the IBM(R) Lotus(R) Connections documentation. 10. (Optional) Install or upgrade your IBM WebSphere Portal server if you will be enabling users to create, edit, or view composite applications that contain portlets. See the WebSphere Portal information center http:// publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp. 11. (Optional) Create a Home Portal account for your Lotus Notes users that specifies information such as their default WebSphere Portal server name, port, and authentication information. 12. (Optional) Install the WebSphere Portal composite application support for Lotus Notes on the WebSphere Portal server if you will be enabling users to create, edit, or view composite applications that contain portlets. 13. (Optional) Use policy settings, NOTES.INI file settings, and the Lotus Notes tuner to specify available user settings. 14. (Optional) Modify the Lotus Notes install media kits install manifest (deploy\install.xml) and zipped update site (deploy\updateSite.zip, including the site index file SITE.XML) to specify which Lotus Notes features users can install and optionally how and if those features will appear on the Lotus Notes feature installation panel. 15. (Optional) If you have custom or third-party Eclipse components to install with Lotus Notes, modify the Lotus Notes install media kits install manifest (deploy\install.xml) and zipped update site (deploy\updateSite.zip, including the site index file SITE.XML) to add these features to the install kit. 16. Determine how you will make HTTP (Eclipse, non-Domino) and NRPC (Domino server-based) component and application updates available to Lotus Notes client systems. 17. Place the Lotus Notes installation media kit in an accessible location. 18. Uninstall any existing instance of Notes 8 Beta 1 or Beta 2 from the systems on which you will install this Lotus Notes 8 release. Note: You should not need to uninstall Lotus Notes 8 Beta 3 prior to installing/upgrading to this Lotus Notes 8 release. 19. Shut down all applications before installing or upgrading to this release of Lotus Notes. 20. Install Lotus Notes on the user client systems or communicate to users how they are to install (or upgrade) Lotus Notes.
Considerations before installing Lotus Notes on Windows

Before installing IBM(R) Lotus(R) Notes(R) on a Microsoft(R) Windows(R) client, you should be familiar with the following information. Mail, calendar, and contact features are installed with Lotus Notes, including traditional Lotus Notes functionality. Additional features such as the IBM(R) Lotus(R) Productivity Tools, Activities, IBM(R) Lotus(R) Sametime(R) (integrated), and the Composite Application Editor can also be installed.
138
You can install Lotus Notes using the Notes-only kit or the Allclient kit. The Allclient kit includes IBM(R) Lotus(R) Domino(TM) Designer and IBM(R) Lotus(R) Domino(TM) Administrator and is available for single user installations. Lotus Notes is available as an install media kit. You can install Lotus Notes in graphical mode, silent mode, and by using Smart Upgrade. The install media kit consists of the following items: v Installation program executable file (SETUP.EXE) v Zipped update site directory UPDATESITE.ZIP (contains Eclipse features folder, plugins folder and SITE.XML file) v Deploy directory (contains the Eclipse install manifest INSTALL.XML and PLUGIN_CUSTOMIZATION.INI) v SETUP.INI v Lotus Notes 8.0.msi If a Lotus Notes release 6.5.x or 7.x is detected on the client, the installation program will upgrade it to the current Lotus Notes release. If you are running a version of Lotus Notes that was released prior to Notes 6.5, upgrade to at least Lotus Notes 6.5 before installing and upgrading to this Lotus Notes release. If an existing version of IBM Lotus Domino Designer or IBM Lotus Domino Administrator is resident, you can choose to upgrade them using the Allclient installation media kit. Note that multi-user does not support the Allclient installation program. The following information is useful when installing or upgrading to Lotus Notes on a Windows client. Note: See the requirements section of the release notes for the latest information on supported hardware and software. v You must be logged in as an administrative user or user with elevated privileges when you install Lotus Notes multi-user. After the product is installed, users can open and use Lotus Notes. v Lotus Notes 8 installation on Windows supports Microsoft(R) Windows(R) XP and Microsoft(R) Windows(R) Vista. v You can install Lotus Notes on Windows in a single or multi-user environment. v When installing Lotus Notes using the Windows Allclient kit, feature panel installation options are available for installing or upgrading the Domino Designer and Domino Administrator clients. v While a minimum of 512MB of memory is required, 1GB or more of memory is recommended. See the Software requirements section of the release notes for details. A summary panel displays the disk space footprint for what is being installed. Install also needs additional temporary disk space. The temporary disk space required is almost as large as the footprint. If you do not have enough space for the footprint and temporary space, the installer will stop you from continuing. v Shut down all applications before installing Lotus Notes. No applications should be running when you install Lotus Notes. v If you have installed a Beta 1 or Beta 2 version of Lotus Notes 8, uninstall it before installing this release of Lotus Notes 8. Upgrade from a Beta 1 or Beta 2 version is not supported. You should not need to uninstall Lotus Notes 8 Beta 3 prior to installing and upgrading to this Lotus Notes 8 release.
139
v Shared network install is not supported in Lotus Notes 8. Shared network install of Lotus Notes 8 basic configuration remains available. v Roaming user is not supported in Lotus Notes 8. Roaming user in Lotus Notes 8 basic configuration remains available. v Lotus Notes 8 supports the English US OS locale only. v IBM Lotus Productivity Tools support the English US OS locale only. v The installation path cannot contain special characters such as # or $. v Only one instance of Lotus Notes 8 should be installed on a client workstation at any given time. v Once you click Install on the Lotus Notes 8 installation panel, allow the installation to complete. Ending the Notes installation process prematurely can leave files in an unstable state, and may also leave empty folders and miscellaneous files on your system. If you experience problems installing Lotus Notes 8 after exiting out of Notes 8 installation prior to its completion, see the release note and help topic entitled Cleaning a previous Notes 8 installation from the client as below. v If installation does not complete successfully, uninstall the program using the instructions in the Uninstalling Notes and reference the information in Cleaning a previous Notes installation from your client.
Considerations before installing Notes on Linux

Before installing IBM(R) Lotus(R) Notes(R) on a Linux(R) client, you should be familiar with the following information. Mail, calendar, and contact features are installed with Lotus Notes, including traditional Lotus Notes functionality. Additional features such as the IBM(R) Lotus(R) Productivity Tools, Activities, IBM(R) Lotus(R) Sametime(R) (integrated), and the Composite Application Editor can also be installed. Upgrading an existing Lotus Notes 7.x installation to this Lotus Notes release is not supported for Linux. Instead, uninstall the existing Lotus Notes version prior to installing this Lotus Notes release on Linux. Lotus Notes is available as an install media kit. You can install Lotus Notes in graphical mode, silent mode, and by using Smart Upgrade. The install media kit consists of the following items: v installation program executable file (setup.sh) v deploy directory (contains the Eclipse install manifest INSTALL.XML and PLUGIN_CUSTOMIZATION.INI files) v UPDATESITE.ZIP zipped update site directory (contains Eclipse features folder, plugins folder and SITE.XML file) v media.inf file The following information is helpful when installing Lotus Notes on a Linux client: Note: See the requirements section of the release notes for the latest information on supported hardware and software. v You must be logged in as a root user or switch user to root before installing Lotus Notes. After the product is installed, non-root users can open and use Lotus Notes.
140
v Lotus Notes 8 installation on Linux supports RHEL 5 (AIGLX and SELinux disabled) and SLED 10 (XGL enabled or disabled). v Before installing Lotus Notes on a Linux client, you must have Mozilla Firefox, version 1.5+ GTK2 build, Mozilla Seamonkey, or the Mozilla Runtime Environment, version 1.8+ GTK2 build, installed on your system. Note: The Notes client does not support the earlier Beta requirement of Mozilla 1.7.12. See the Linux: Mozilla-based browser required release note for details. You can install Lotus Notes on Linux in a multi-user environment. Single user install is not supported. While a minimum of 512MB of memory is required, 1GB or more of memory is recommended. See the Software requirements section of the release notes for details. When running Lotus Notes 8 on a RHEL 5 Linux client, increase the shared memory size setting to 64MB before starting Lotus Notes 8. The default RHEL 5 shared memory segment is 32MB; Lotus Notes 8 requires more than that. A summary panel displays the disk space footprint for what is being installed. Install also needs additional temporary disk space. The temporary disk space required is almost as large as the footprint. If you do not have enough space for the footprint and temporary space, the installer will stop you from continuing. If you have installed a Beta 1 or Beta 2 version of Lotus Notes 8, uninstall it before installing this release of Lotus Notes 8. Upgrade from a Beta 1 or Beta 2 version is not supported. You should not need to uninstall Lotus Notes 8 Beta 3 prior to installing and upgrading to this Lotus Notes 8 release. Shared network install is not supported in Lotus Notes 8. Shared network install of Lotus Notes 8 basic configuration remains available. Roaming user is not supported in Lotus Notes 8. Roaming user in Lotus Notes 8 basic configuration remains available. Lotus Notes 8 supports the English US OS locale only. IBM Lotus Productivity Tools support the English US OS locale only. The installation path cannot contain special characters such as # or $. Only one instance of Lotus Notes 8 should be installed on a client workstation at any given time.
v v
v v v v v v
v Once you click Install on the Lotus Notes 8 installation panel, allow the installation to complete. Ending the Notes installation process prematurely can leave files in an unstable state, and may also leave empty folders and miscellaneous files on your system. If you experience problems installing Lotus Notes 8 after exiting out of Notes 8 installation prior to its completion, see the release note and help topic entitled Cleaning a previous Notes 8 installation from the client as below. v If installation does not complete successfully, uninstall the program using the instructions in Uninstalling Notes and reference the information in Cleaning a previous Notes 8 installation from your client.
Installing the WebSphere Portal composite application support for Lotus Notes
You can install IBM(R) WebSphere(R) Portal composite application support for IBM(R) Lotus(R) Notes(R) on an IBM WebSphere server. This is required for Lotus Notes users who will be using composite applications that contain portlets. It is available with Lotus Notes and as a Web download.
141
The WebSphere Portal composite application support for Lotus Notes is required to install portlets on the server and for Lotus Notes client communication with the WebSphere Portal server. For example, if you want users to be able to edit a portal-based composite application using the Composite Application Editor, you must first run the WebSphere Portal composite application support for Lotus Notes installation program on the WebSphere Portal server. This installation program also installs the .war files that are required by the Composite Applications Editor when it works with the WebSphere Portal server. If your users create composite applications that include portlets, you must install the WebSphere Portal server. To use some of the functions enabled by WebSphere Portal in Lotus Notes, you must also install the WebSphere Portal composite application support for Lotus Notes on the portal server. You can then create a Home Portal Account for Lotus Notes users allowing them to create, edit, and view composite applications that contain portlets. Users can obtain help about creating or modifying a Home Portal Account using the preferences panel in their Lotus Notes online Help system. Perform the following steps to install WebSphere Portal composite application support for Lotus Notes on your WebSphere Portal server. Note: Direct upgrade from a previous version of WebSphere Portal composite application support for Lotus Notes (previously called Notes server client installer), such as a Beta version, is not supported. To install the latest version of WebSphere Portal composite application support for Lotus Notes, uninstall your previous version prior to installing the new version. See the release notes for related information. 1. Obtain the WebSphere Portal composite application support for Lotus Notes installer kit and place it in a temporary folder such as /temp. 2. Navigate to and unzip the installer kit. 3. Open the unzipped folder and note its contents, which include the setup installation executable file and a portal folder in which various portlets and scripts reside. 4. Run the setup executable file (for example, setupwin32.exe) or binary. 5. If a language selection panel appears, make your selection and then click OK. 6. Read the Welcome screen. If you want to read related information, click Information Center. Click Next to continue. 7. Read and accept the license agreement terms. Click Next to continue. 8. Accept the default installation directory or specify a new one. Click Next to continue. 9. Accept the default WebSphere Portal server or specify a new one. Enter your WebSphere user name and password. Click Next to continue. For details about specifying the WebSphere Portal server value, see the WebSphere Portal Information Center. 10. Read the preview screen for the installation directory path and size, and theb click Install. The installation process takes several minutes. 11. Read the installation summary screen, and then click Finish to exit the installation wizard.
Additional step if Web server or Portal server use Secure Sockets Layer (SSL)
If you have configured your Web server or Portal server to use Secure Sockets Layer (SSL) and are using a self-signed test certificate, you must perform
142
additional steps before running the WebSphere Portal composite application support for Lotus Notes to ensure that SSL communications occur properly between the WebSphere Portal composite application support for Lotus Notes program and the Web server or Portal server. These instructions are detailed in the Installing the Network Client Installer when using SSL with a self-signed test certificate in the IBM(R) Lotus(R) Expeditor(R) Information Center at http://publib.boulder.ibm.com/infocenter/ledoc/v6r1/topic/ com.ibm.rcp.tools.doc.admin/networkclientinstallSSL.html. See the Expeditor release 6.1.1 Help as it becomes available. You do not need to additionally install the Expeditor network client installer.
Installing the WebSphere Portal composite application support for Lotus Notes using command line parameters
You can also install WebSphere Portal composite application support for Lotus Notes on the portal server using the silent or console install methods.
Silent mode
Use the following command line to install the WebSphere Portal composite application support for Lotus Notes in silent mode:
setup.exe -silent -V licenseAccepted=true -P installLocation="c:\notes8\"
Run the installer in silent mode:

-silent
Set the variable to accept the license agreement panel:

-V LicenseAccepted=true
Set the Product bean in the installer to install the client in the entered location:
-P installLocation="<install_location>"
Console mode
Use the following command line to install the WebSphere Portal composite application support for Lotus Notes in console mode and mask the user interface panels:
setup.exe -console
The following flags are available: Set a product beans value:

-P <product bean>.<property>="<value>"
Set a wizard beans value:

-W <wizard bean>.<property>="<value>"
Set a global wizard variable:

-G <property>=<value>
Set a control variable, such as a panels radio button:

-V <property>=<value>
Log all events to a log file, for example, setup.exe -log !C:\log.txt @ALL:
-log #!<filepath/name> @ALL
143
Note: The # flag is optional and is used to echo the logged events to standard output.
Specifying the home portal account using policy

To specify an IBM(R) WebSphere(R) Portal server as the Home Portal account server for IBM(R) Lotus(R) Notes(R), you can set the following values using the IBM(R) Lotus(R) Domino(TM) Administrator client. These settings affect fields on the Lotus Notes Home Portal Account preference page. Administrators can use the Domino Administrator client to complete the following fields on the Portal Server Basics tab for users who may, for example, need to access and use composite applications that contain portlets: v Home Portal Server -- Type the name of the Portal server that hosts Lotus Notes user accounts. v Authentication URL -- Type the URL that Lotus Notes users need to access in order to authenticate with the Portal server. v Authentication type -- Choose either J2EE-Form or HTTP for Web-based authentication. These Domino policy settings override Lotus Notes account preferences and will create the account if it does not already exist.
Specifying the home portal account using preferences

To use features that require an IBM(R) WebSphere(R) Portal server, such as composite applications that contain portlets, IBM(R) Lotus(R) Notes(R) users need a Home Portal account. The Home Portal account is a unique account that specifies which WebSphere Portal server to connect to for features and composite applications that require a WebSphere Portal server. You can set up a Home Portal account for users, and Lotus Notes users can create and edit the account using a preference panel. After Lotus Notes is installed and prior to using composite applications that contain portlets, or other features that require a WebSphere Portal server, users need a Home Portal account. Home Portal account information is stored in the Contacts database. Note: The standard portal URL format is http://host:port/wps/myportal, where /wps is a standard portal context and /myportal is a standard personalized Home. 1. Click File - Preferences. 2. Click Home Portal Account. 3. In the Name field, note the preset Home Portal Account value or type a new one. 4. In the Description field, type a descriptor, for example Home Portal Account. 5. In the Server Type field, note the preset value or type a new one. 6. In the Server field, type the Web address of your WebSphere Portal server, for example http://abx8.ibm.com/wps. Include the Portal context, for example /wps, when specifying the server URL, as shown below: v http://abx8.lotus.com:10038/wps is a valid server URL. v http://abx8.lotus.com:10038/ is not a valid server URL.
144
7. In the User name and Password fields, type your WebSphere Portal user name and password. 8. In the Home Portal URL field, type the WebSphere Portal server URL, for example http://abx8.lotus.com:10038/wps/myportal. Note: By default, this field is based on the value specified in the Server field above. For example, if you specify a Server value of http://abx:10038/wps, the Home Portal URL field is automatically set to http:// abx8.lotus.com:10038/wps/myportal. If your WebSphere Portal server is installed with a personalized Home other than the default myportal, you must override the default value in the Home Portal URL field, for example http://abx8.lotus.com:10038/wps/myPortalSrv1. In this case, the Personalized Home of your portal is myPortalSrv1. 9. In the Authentication type field, choose a type, such as the recommended PORTAL_FORM type. 10. In the Authentication URL field, type the authenticating server URL, for example http://abx8.ibm.com/wps/j_security_check. The format for the authentication value is protocol://host/WpsContextRoot /j_security_check. Note: The default authentication URL is http://abx8.ibm.com/wps/portal/ cxml/04_SD9ePMtCP1I800I_KydQvyHFUBADPmuQy. If the default home of your port is not portal, modify the authentication URL accordingly, for example, for default home bos, the authentication URL would be http://abx8.ibm.com/red/bos/cxml/ 04_SD9ePMtCP1I800I_KydQvyHFUBADPmuQy. 11. Click OK. Note: There is a similar preference page available in the IBM(R) Lotus(R) Expeditor(R) client, described in the Expeditor help at the following Web address: http://publib.boulder.ibm.com/infocenter/ledoc/v6r1/topic/ com.ibm.pvc.runtime.doc.user/tasks/user_specifyingahomeportalpage.html
Setting up client installation and installation methods

Depending on the size of your enterprise, you may need to provide an installation method for only a few users or for thousands of users. In addition, you may need to customize the installation process so that users install only the features they need. After you register users, decide how to deploy client installations for users. On Microsoft(R) Windows(R), single users can install all three clients -- the IBM(R) Lotus(R) Notes(R) client, IBM(R) Lotus(R) Domino(TM) Administrator client, and IBM(R) Lotus(R) Domino(TM) Designer. For multi-user install on Windows and Linux(R), Notes-only installation is available. As an administrator, you can customize the installation process for your users so that they install the features that they need. The installation information in this section ranges from installing the IBM(R) Lotus(R) Domino(TM) clients using the installation media kit to creating transform files to customize the installation process. Note: You can customize installation of traditional Notes components using tuner capabilities. In addition, you can customize Installation of Eclipse-based features using the install manifest resident in the Lotus Notes install media kit.
145
Before you install Lotus Notes clients

Before you begin installing Lotus Notes clients, make sure that you or your users do the following: v Read the release notes for information about software and hardware requirements. v Read the considerations section of the installation topics in this guide. v To successfully install, upgrade, and use Lotus Notes, users must be allowed both Write and Modify permissions to the Program directory, Data directory, and all associated subdirectories. Assign appropriate access rights to your Notes client users. v You must be logged in as an administrative or root user with administrative rights to the system. v Windows users should log onto their computers with administrative rights to install or upgrade Lotus Notes. For cases in which administrative rights are not available, enable the setting Always install with elevated privileges. The setting Always install with elevated privileges is a Microsoft Windows setting that is part of Microsoft Windows User Policies. Refer to your Microsoft Windows documentation for details. v Options for installing the Lotus Notes client on Restricted or Standard/Power user computers are described in the Microsoft Windows Installer documentation. Review the Microsoft Windows Installer documentation as necessary. v If you are upgrading Lotus Notes on a Macintosh OS X client, turn off all options in the Application Sharing tab of the Shared System Preferences panel to avoid any errors.
Installation methods
There are several ways to enable Lotus Notes installation for Notes client users. In addition, there are considerations to plan for when installing this Lotus Notes release based on the features users will have access to and the environment in which they are working. Domino offers the following methods or types of installation that you can make available to the users in your enterprise. v Installing Notes in a single user environment -- This is usually done from the installation media kit on the CD or from files placed on the network. v Installing Notes in a multi-user environment -- This enables you to install the Notes client for use by multiple users on the same machine and is available only for Notes client installation. Multi-user installation is not available for installing the Domino Administrator client or Domino Designer client. v Automating client installation and using silent installation -- This can be used with or without a transform file depending on whether you want to customize the silent installation. v Customizing client installations using the tuner -- This uses the transform file to customize the installation process. v Customizing Notes installation using the install manifest -- This enables you to control what is installed and what appears on the feature installation panel. v Providing a batch file for installing the clients -- This enables users to install the clients by running a batch file that you create for them. v Providing command line utilities for installation -- This allows users to install the clients using a command line utility that you provide for them.
146
v Setting up Notes with a scriptable setup -- This option uses a setting in the NOTES.INI file to provide information to the client setup wizard. v Installing and running IBM Lotus Notes client on a USB drive -- Install the IBM Lotus Notes client on a USB 2.0 drive. Lotus Notes client end-users can then log on to that USB drive and run the Notes client without having to install it on their computer. Note: Installation of Lotus Notes 8 from a USB drive is not supported in Lotus Notes 8. Installation of Lotus Notes 8 basic configuration from a USB drive remains available . v Installing the Domino clients in a shared network directory -- This option installs all program files to a file server while the users data files reside on their local workstations. Note: Shared network install is not supported in Lotus Notes 8. Shared network install of Lotus Notes 8 basic configuration remains available.
Customizing client installations using the tuner

Client installs can be customized to allow you to control the options that are installed and/or available to users. Use transform files to deselect options that you dont want to install by default. You also use transform files to hide the options that you do not want users to change, regardless of whether you choose to install a particular option. Modify the Visible and Initial State settings for each installation option that you want to designate as hidden or not hidden. After you customize installation of traditional IBM(R) Lotus(R) Notes(R) features using tuner and transform capabilities, you can customize Eclipse feature installation using the install manifest and Eclipse update site contents.
Creating a transform file

Creating a transform file requires a third-party tool such as InstallShield Tuner OEM Edition. IBM(R) Lotus(R) Domino(TM) contains an InstallShield Tuner for IBM(R) Lotus(R) Notes(R), that you can use with Domino to create a transform file for customizing the installation process to add resources, change defaults, or hide features. Note: The version of InstallShield Tuner for Lotus Notes that is included with Domino works only with Lotus Domino, not with other products. You can use transform files to set up shared and customized installations. Access this Web site http://www.installshield.com for further information.
How to install the InstallShield Tuner for Lotus Notes

From the Lotus Domino installation CD, in the Apps/InstallShield Tuner for Lotus Notes directory, run the setup file, SETUP.EXE.
How to create a transform file

Use this procedure to create a transform file with InstallShield Tuner for Lotus Notes. Users can then apply the transform file when installing clients. For more information on shared installations, see the topic Installing the Domino clients in a shared network directory in this chapter. 1. Invoke the InstallShield Tuner program and browse to locate the configuration file that has a .itw file name extension. The .itw configuration file is located in the same directory with the Notes installation that you want to configure.
147
2. Click Create a new transform file. 3. In the Select an MSI file field for the Microsoft(R) Windows(R) Installer Package option, select the msi file (Lotus Notes 8.0.msi). 4. In the New project name and location field for the Microsoft Windows Installer Transform option, enter the custom transform name. Save the file to the same path on which the install kit resides. 5. Click Create. 6. Make any other desired modifications to the default settings provided. 7. Click Save. For more information on transform files, see the topics Installation options available using the transform file and Using transform files for end-user installations in this chapter. After creating the transform file, you apply the transform file to the installation process. The installation process then uses the values that you set in the transform file in place of default values.
Using installation options with the transform file

Using a transform file, you can customize traditional aspects of IBM(R) Lotus(R) Notes(R) installation for the users in your enterprise.
Customizing the location of the install directories

Use this procedure to specify a location other than the default location in which to store the installation directories. When specifying directory names, use names that contain eight or fewer characters. 1. From Application Configuration, select Setup Properties. 2. Click Add/Remove Program Settings. 3. Change the PROGDIR property to the location in which you are storing the program files. 4. Change the DATADIR property to the location in which you are storing the data files. This is the new default data directory.
Setting the installation to multi-user by default

In a multi-user installation, the administrator installs the IBM(R) Lotus(R) Domino(TM) program files to a central location on the local system. Each user has their own data directory located in the systems application data directory for the current user. Note: End-users must have Administrator rights to choose a multi-user installation and must only install the Lotus Notes client. End-users must also have Administrator rights to upgrade an existing multi-user installation. 1. From Application Configuration, select Setup Properties. 2. Change the value in the ApplicationUsers property to AllUsers. By default the installation is now a multi-user installation. For more information on multi-user installation, see the topic Multi-user installations in this chapter.
Adding custom files to a client installation

To add custom files to a client installation, create a transform file. Note: This customization option replaces the COPYFILE.TXT feature that was available in previous releases of Lotus Domino.
148
1. Copy the custom files to the install directory or place them in a directory within the install directory -- for example, <PathToInstallKit>\AllClient\ CopyFiles\custom.mdm. 2. Click Target System Configuration - Files. 3. In the top pane, click Browse and locate the source directory, which is the directory from which you are copying the custom files. 4. In the bottom pane, select the destination directory, for example, ProgramFiles\Lotus\notes\Data\modems. 5. Drag and drop the custom file from the source directory to the destination directory.
Adding third-party Eclipse features and plug-ins to a Notes installation

You can add new and third-party features to the IBM(R) Lotus(R) Notes(R) client installation by editing the install manifest INSTALL.XML, update site directory contents (UPDATESITE.ZIP features and plug-ins subdirectories) and SITE.XML registry.
Applying NOTES.INI settings during Notes client installation

1. Open the InstallShield Tuner for Lotus Notes. 2. From the System Configuration section, click the IniFiles item in the System Configuration section. 3. In the center pane, right click Destination Computer and then choose Show Folder - Program Files Folder. 4. Expand the Program Files Folder directory to access the Lotus\Notes folder 5. Right click the Notes folder and then choose the option, New Inifile. 6. Locate the default notes.ini file, INIFILE1.INI, that was created in the Notes folder. Rename this file with the name NOTES.INI. 7. Locate the default section, NewSection1, that was created for the NOTES.INI file. Rename the default section with the name Notes. 8. Select the Notes section and then modify these values that are located in the right-most pane of the tuner: v In the column titled Key, locate New Key and modify the name using an appropriate value such as ConfigFile. v In the column titled Value, locate New Value and modify the name using an appropriate value such as n:\config\setup.txt. v Verify that the Action value is set to the default value, Add Line. 9. Locate the Additional Tools section, and then click the Direct Editor item in the Additional Tools section. 10. In the center pane, select the Component table, and then scroll down the component list until you locate CST_COMPONENT. 11. Change the value in the Directory_ column from NOTES to the new value VDIR_INI. 12. In the center pane, select the table, IniFile, and then scroll down the component list until you locate CST_INIFILE. 13. Change the value in the DirProperty column from NOTES to the new value VDIR_INI. 14. Make other modifications if necessary. 15. Click Save.
149
Examples -- Applying scriptable setup using a transform file during Notes client installation
You can apply NOTES.INI settings during a client install by using a transform file. You can use this example when setting up a transform file that applies NOTES.INI settings during IBM(R) Lotus(R) Notes(R) client installations.
Example 1 -- Including instant messaging parameters in a scriptable setup

You can include instant messaging information during a scriptable setup of Notes client. The scriptable setup includes a setting that provides information to the Notes client setup wizard. In this example, add the NOTES.INI setting, CONFIGFILE=, to point to a text (.txt) file that contains the parameters for the Notes client setup wizard. The SETUP.TXT file can be placed on shared network resource or distributed to individual workstations. Note: If you decide that you want to distribute new or modified NOTES.INI settings using a transform file, use the same method and steps that are explained in this example. In this example, you need to complete these procedures: 1. Create a SETUP.TXT file. 2. To allow the new SETUP.TXT file to be referenced, open the file, NOTES.INI, and add this setting:
ConfigFile=\\PathToFile\Setup.txt
3. Use the InstallShield Tuner for Lotus Notes to set up a transform file to distribute the new ConfigFile= setting in the NOTES.INI file. 4. After completing Steps 1, 2 and 3 above, proceed to the subtopic Using transform files for end-user installations .
Creating the SETUP.TXT file

Create a SETUP.TXT file using the parameters shown below. Save your file using the filename SETUP.TXT. v IM.server=ServerName1.domain.com v IM.port=1533 v IM.ConnectWhen=0 v IM.Protocol=0 For information about the scriptable setup parameters that you can use in a SETUP.TXT file, see the topic Setting up Notes with a scriptable setup in this chapter. To distribute the CONFIGFILE= parameter to the NOTES.INI file, use the InstallShield Tuner for Lotus Notes application to create a transform file (.MST). The tuner is located in the \Apps directory on the Lotus Notes installation CD.
Setting up the transform file to apply the modified NOTES.INI file

To set up the transform file to distribute the NOTES.INI settings, use the procedure in the topic Installation options available using the transform file.
150
Example 2 -- Disabling instant messaging using a scriptable setup

You can disable instant messaging during a scriptable install of the Notes client. To do so, you need to complete these steps 1. Create a file, SETUP.TXT, that contains the following parameters and values: v IM.Server=fakeservername v IM.Port=80 v IM.Protocol=1 2. Store the file SETUP.TXT, on a shared network resource or distribute the file to individual workstations 3. Add this setting to NOTES.INI file, ConfigFile=\\PathtoFile\SETUP.TXT, indicating the file is on a shared network drive. 4. To protect against a user clicking the instant messaging buttons in the Notes client, implement a desktop policy that sets the Sametime Server field to empty (no server name entered). In the desktop policy settings document, be sure the Sametime Server field on the Basics tab is empty. This policy will overwrite the fake server name in the SETUP.TXT file; therefore, Notes does not attempt to connect to a Sametime server. 5. To ease distribution of this new setting in the NOTES.INI file, use the InstallShield Tuner for Lotus Notes application to create a transform file. The application is in the directory \apps on the Notes/Domino install CD. For more information about using the InstallShield Tuner for Lotus Notes application to create transform files, see the topic Customizing client installations in this chapter.
Parameter and value IM.Server=fakeservername Explanation If you do not enter a value for the IM.Server, the user will be prompted to do so during the install process. Specifying a fake server name prevents the user from being forced to enter a server name or cancel the install. The IM port number. This can be any positive number. Defines whether you connect directly to IM server. IM.Protocol=1 connects directory to the IM server.
IM.Port=80 IM.Protocol=1
For more information about the parameters in the table, see the topic Setting up Notes with a scriptable setup in this chapter.
Using transform files for end-user installations

After creating a transform file, you can use that file for end-user client installations.
To apply a transform
This section contains two sets of instructions. The first set explains how to apply a transform file for a user interface (UI) installation -- that is, an installation that presents a user interface. The second set explains how to apply a transform file for a silent install -- that is, an installation that does not present a user interface and therefore does not require any user interaction. There is also a section on using a batch file to launch the command.
151
For installations using the transform file (and for silent installations) using the msiexec commands, the network installation should not be the first installation of IBM(R) Lotus(R) Notes(R) that you perform unless you are certain that all of the client workstations contain the Microsoft(R) Windows(R) Installer Service. Note: The command line path is the default installation path or the path for the transform file. User interface (UI) installation In this example, the progdir parameter and the datadir parameter are used to overwrite the default settings designated by the transform file. 1. Change to the install directory that contains both the Lotus Notes 8.0.msi and the transform, *.mst, files. 2. Do one of these: v To install to the default Program and Data directories, enter this command from the command line:
msiexec /i "Lotus Notes 8.0.msi" TRANSFORMS="custom.mst"
v To overwrite the default Program and Data directories with the ones you specify, enter this command from the command line:
msiexec /i "Lotus Notes 8.0.msi" PROGDIR=C:\Test DATADIR=C:\Test\Data TRANSFORMS="custom.mst"
Applying a transform to a silent installation 1. Change directory to the install directory that contains both the Lotus Notes 8.0.msi and the transform, *.mst, files. 2. Do one of these: v If you want to install to the default Program and Data directories, enter this command from the command line:
msiexec /i "Lotus Notes 8.0.msi" /qn TRANSFORMS="custom.mst"
v If you want to overwrite the default Program and Data directories with the ones you specify, enter this command from the command line:
msiexec /i "Lotus Notes 8.0.msi" /qn PROGDIR=C:\Test DATADIR=C:\Test\Data TRANSFORMS="custom.mst"
For more information on silent installations, see the topic Automating client installation in this chapter. Using a batch file to deploy command line options when applying a transform file You can also create a batch file that the user launches to start the command. A sample batch file is shown below: Sample batch file
Using the SETUP.INI file setting to apply one transform file to all client installs
Use a setting in the SETUP.INI file in the install directory to apply one transform file to all installs. Using this method prevents the end user from having to enter a command line parameter or from using a batch file.
152
Modify the command line in the SETUP.INI to read as follows:

CmdLine+/l*v %TEMP%\notes8.log TRANSFORMS=custom.mst
The transform file is applied when SETUP.EXE is launched.
Customizing Notes installation using the install manifest

As an IBM(R) Lotus(R) Notes(R) administrator you continue to have the ability to customize Lotus Notes installation using tuner capabilities. However, with the addition of Eclipse features and plug-ins, Lotus Notes installation capabilities have broadened. Standard Eclipse features such as the IBM(R) Lotus(R) Productivity Tools and the Composite Applications Editor, as well as custom or third-party features, can be requested for install from the features installation panel during Lotus Notes installation. This document describes the process for customizing Lotus Notes installation of supplied or third-party Eclipse features. When customizing Lotus Notes installation using the install manifest, you work primarily in two directories -- deploy and updateSite. These reside in the supplied Lotus Notes installation media kit. The updateSite directory is supplied in zipped form. The Lotus Notes installation program determines which Eclipse features will appear on the features installation panel, and which features will be installed, based on the following main items. v deploy directory INSTALL.XML -- install manifest that lists the Eclipse features to install. You can customize the install manifest to specify which features to install. You can use the install manifest to allow the user to choose installation of a given feature. You can also specify features to install, update, or remove after the initial Lotus Notes installation. The install manifest resides in the deploy directory (deploy\install.xml). The install manifest uses Eclipse standards, but it is a file unique to Lotus Notes install. An installfeature attribute reflects the feature name users see on the Notes feature installation panel. Lower level feature statements are grouped together as a feature block subordinate to a top level install feature. PLUGIN_CUSTOMIZATION.INI -- use this file to set some Eclipse preferences. The PLUGIN_CUSTOMIZATION.INI file resides in the deploy directory (deploy\plugin_customization.ini). v UPDATESITE.ZIP (Eclipse updateSite directory zip file) SITE.XML -- registry of the features that you want to expose for install. This standard IBM(R) Lotus(R) Expeditor site registry lists the Eclipse features available for install. It uses a unique Document Type Definition (DTD) or set of XML file conventions, which are documented in the Expeditor help. General information about the SITE.XML registry is also available at the eclipse.org Web site. features subdirectory -- contains the feature JAR files. Features are used to organize plug-ins. plugins subdirectory -- contains the plug-in JAR files. Plug-ins hold runtime code.
153
Eclipse features are specified for installation in the supplied install manifest. The install manifest, in conjunction with the UPDATESITE.ZIPfile contents, determine which features are available for Lotus Notes install, update, and remove functions. By default, the following features appear on the Lotus Notes features installation panel. You can suppress that display using the install manifest. v Composite Applications Editor v IBM Lotus Productivity Tools v Activities v Sametime(integrated) Note: In the install manifest supplied in the Lotus Notes install media kit, do not modify features whose required attribute is set to true.
Customizing the installer process

Use the following process to customize IBM(R) Lotus(R) Notes(R) installation. 1. Customize traditional Lotus Notes capabilities for install using a transform file. This procedure is identical to the tuner tasks used in earlier releases of Lotus Notes. 2. Customize the Lotus Notes installation media kit content. This task involves editing the install manifest (deploy\install.xml). If you are adding new features, it also involves adding any custom or third-party feature and plug-in JAR files to the correct features and plugins subdirectories in a customized update site and ensuring that the update site manifest (SITE.XML) correctly lists the contents of those subdirectories. If you are adding custom or third-party features and plug-ins, sign them and also establish signing preferences in the deploy\plugin_customization.ini file). 3. (Optional) If you added new features in step 2, run the addToKit command line tool to copy the contents of a customized update site (features subdirectory, plugins subdirectory and SITE.XML file) to the update site in the Lotus Notes install kit structure (UPDATESITE.ZIP). 4. Distribute the customized Lotus Notes installation media kit.
Understanding the Eclipse update site

An Eclipse update site is a repository for features and plug-ins and it follows a standard format. The IBM(R) Lotus(R) Notes(R) installer uses the update site directory zip file UPDATESITE.ZIP, which contains a features subdirectory and plugins subdirectory, as well as a SITE.XML registry. The SITE.XML registry lists all features that are published from the update site. For Lotus Notes install, Eclipse update site content must adhere to these conventions: v All features must be packaged in JAR files (one per feature) and placed in the features subdirectory (updateSite.zip\features). v All plug-ins must be packaged in JAR files (one per plug-in) and placed in the plugins subdirectory (updateSite.zip\plugins). v Published feature IDs must reside in the SITE.XML registry (updateSite.zip\site.xml).
154
Customizing Notes install using tuner capabilities

This procedure is identical to the IBM(R) Lotus(R) Notes(R) tuner tasks used in earlier releases of Lotus Notes.
Customizing the Notes install manifest to add or modify access to Eclipse features
You can edit the install manifest INSTALL.XML to specify how features, such as IBM(R) Lotus(R) Productivity Tools, will appear on the IBM(R) Lotus(R) Notes(R) feature installation panel. For example, a feature can appear selected for install by default or not. You can also edit the install manifest to remove specific features from the installation panel, either to force installation or prevent that feature from being selected during install. You can also optionally remove a feature from the installation kit itself. Finally, you can customize installation to add custom or third-party features by editing the install manifest to add features for Lotus Notes install, adding related feature and plug-in JAR files to the correct features and plugins subdirectories in a customized update site, and updating the site manifest to correctly list the features in a customized update site.
Customizing Notes installation for supplied Eclipse features

You can edit the IBM(R) Lotus(R) Notes(R) install manifest INSTALL.XML to control which features are available for installation and what the user sees on the feature installation panel. For Lotus Notes installation of supplied Eclipse features, you can do any of the following: v Display a feature name and enable the user to select or deselect the option. The feature name appears on the feature installation panel as selected, and the user can select or deselect it. v Display a feature name and force its installation. The feature name appears on the feature installation panel and user cannot deselect it. v Prevent a feature name from appearing on the features installation panel. Depending on how attributes are set in the install manifest this can either force the feature to be installed or prevent the feature from being installed. v Remove a feature from install consideration. You can comment or even delete a feature block. When customizing the INSTALL.XML file for supplied features, focus only on the installfeature element, not the sub-level feature element. When you open the Lotus Notes INSTALL.XML file in a Web browser or XML editor, it opens in expanded form and the hierarchy is apparent. To simplify display, collapse the feature block hierarchy so that only the installfeature elements are visible. Each installfeature element represents an installable feature. You can edit the install manifest using an XML editor or text editor but be sure to validate the XML before moving to the next step in the customization process. A sample of INSTALL.XML text is shown below. For supplied features such as the Composite Application Editor and IBM(R) Lotus(R) Productivity Tools, the attributes you can edit are default, required, and show.
<installfeature default="false" id="Editors" name="IBM Productivity Tools" required="false" show="true" version=".20070312.0245">
155
Note: Do not edit any installfeature element whose required attribute is set to true. v default -- Specifies whether the installfeature name is shown selected for installation. If set to true, the installfeature name is selected on the feature installation panel. If set to false, the installfeature name is not selected on the feature installation panel. Note: The default attribute is ignored when re-running the installer and is ignored on upgrade unless the installfeature did not exist in the previously installed offering. This allows the installer to display the state (installed or not installed) of the installfeature that was available in the previously installer offering. v required -- Specifies whether the installfeature must be installed. If set to true, the installfeature is installed. If set to false, and show is set to true, the installfeature name appears on the Lotus Notes feature installation panel and the user can select the option. The required attribute overrides the default attribute. v show -- Specifies whether the installfeature appears on the Lotus Notes feature installation panel. If set to true, the installfeature name is visible. If set to false, the installfeature name is not visible. For other information about the install manifest, see the Install manifest section of Customizing provisioned components in IBM(R) Lotus(R) Expeditor help at http://publib.boulder.ibm.com/infocenter/ledoc/v6r1/topic/ com.ibm.rcp.tools.doc.admin/optionalfeatures.html. See the Expeditor release 6.1.1 help as it becomes available.
Example: Display a feature on the features installation panel and enable the user to select or deselect the feature
To display an installfeature name and enable the user to select or deselect it during Lotus Notes install, set the following values: v default -- false v required -- false v show -- true
Example: Display a feature on the features installation panel and force its installation
To display an installfeature name and force its installation, set the following values: v default -- true v required -- true v show -- true
Example: Prevent a feature from appearing on the features installation panel and install
To prevent an installfeature name from appearing on the features installation panel and force its installation, set the following values: v default -- true v required -- true v show -- false
156
Example: Prevent a feature from appearing on the features installation panel and do not install
To prevent an installfeature name from appearing on the features installation panel and prevent its installation, either delete that feature block, comment its installfeature element in the INSTALL.XML file, or set the following values: v default -- false v required -- false v show -- false Note: If you delete an unwanted installfeature block in the install manifest, you can also use a supplied script to delete the associated feature and plug-in JAR entries in the zipped updateSite.zip\features and updateSite.zip\plugins directories to minimize install media kit size.
Removing a feature from the installer

You can remove an installfeature block by deleting it from the install manifest and then running a tool to generate a update site zip file consisting of only the features and associated plug-ins represented in the install manifest. This helps minimize the size of the Lotus Notes install media kit and conserves disk space on the target Lotus Notes client.
Customizing Notes installation for new or third-party Eclipse features

If you have created a custom Eclipse feature or are adding in a third-party feature to the IBM(R) Lotus(R) Notes(R) installation, you need to create a feature block in an INSTALL.XML file using the same convention as the other Eclipse features in the Lotus Notes install manifest. Note: The Lotus Notes install manifest DTD differs somewhat from the standard Eclipse or IBM(R) Lotus(R) Expeditor install or provisioning manifest DTD described in the Eclipse and Expeditor documentation. Open and reference the Lotus Notes-supplied INSTALL.XML for correct file formatting and content information. For example, the Lotus Notes install manifest allows you to do partial installs; the Expeditor manifest does not. The Notes install manifest contains at least four unique attributes that the Expeditor manifest does not. They are required, default, show, and description. The Lotus Notes install manifest uses a unique DTD that adheres to Eclipse conventions but is non-standard. The Expeditor install manifest adheres to the DTD conventions described in the Assembling and Deploying Lotus Expeditor Applications help in Provisioning manifest DTD and the Install manifest section of Customizing provisioned components in Lotus Expeditor help below: v http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/manifestDTD.htm v http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/optionalfeatures.html
installfeature element
The attributes that determine if the installfeature name appears on the Lotus Notes feature installation panel are default, required, and show. The required attributes for each installfeature element are described below:
157
v default -- Specifies whether the installfeature name is shown selected for installation. If set to true, the installfeature name is selected on the feature installation panel. If set to false, the installfeature name is not selected on the feature installation panel. Note: The default attribute is ignored when re-running the installer and is ignored on upgrade unless the installfeature did not exist in the previously installed offering. This allows the installer to display the state (installed or not installed) of the installfeature that was available in the previously installer offering. v id -- Specifies a unique ID for the feature to be installed. There is currently no validation check for ID field uniqueness; therefore, the developer must specify a unique value. v name -- Specifies the installfeature name as it will appear on the Lotus Notes feature installation panel. v required -- Specifies whether the installfeature must be installed. If set to true, the feature is installed. If set to false, and show is set to true, the feature name appears on the Lotus Notes feature installation panel and the user can select the option. v show -- Specifies whether the installfeature name appears on the Lotus Notes feature installation panel. If set to true, the installfeature name is visible. If set to false, the installfeature name is not visible. v version -- Specifies a numeric value suffix to the install version installfeature.
feature element
The required attributes for each feature element are described below: v download size -- Specifies the temporary disk space required to install this feature. v id -- Specifies the unique ID that identifies this specific feature and that matches the ID naming convention used in features.xml for that feature. v match -- Specifies a feature action dependency on the version attribute value and is used to specify a desired match rule. Note: A version value can consist of four parts -- major.minor.service.qualifier. v The options are: GreaterOrEqual -- All parts of the version must be greater or equal. The dependent version must be at least at the version specified, or at a higher service, minor or major level. compatible -- Major must match and others must be greater or equal. The dependent plug-in version must be at least at the version specified, or at a higher service level or minor level (major version level must equal the specified version). equivalent -- Major and minor must match and the last parts, for example, service.qualifier, must be greater or equal. The dependent version must be at least at the version specified, or at a higher service level (major and minor version levels must equal the specified version). perfect -- All parts of the version must match. The dependent version must exactly match the specified version. For example, the following attributes allow installation only if the version value in the update site and SITE.XML file is 3.0.0. version=version=3.0.0 match=perfect v size -- Specifies the disk space needed for the installed feature.
158
v url -- Specifies the location from which to obtain the installfeature during install and initial provisioning. v version -- Specifies the version of the feature to be installed and provisioned. This is a three or four part value associated with the feature to be installed. It has dependency with the match value in determining whether to install the feature. It also has future dependency on the match value when determining whether to update the installed feature. The version attribute holds these main values -- major.minor.service release.qualifier. The following example shows version 3.0.0 with the 20070309-1700 qualifier representing a named build or other qualifier value:
version="3.0.0.20070300-1700"
Sample feature block of custom or third-party features

A sample custom feature block is shown below.
<installfeature default="false" id="ISVExample1" name="YourToolA" required="false" show="true" version "3.0.0.20070309-1700"> <requirements> <feature download-size="72457" id="com.abx.yourtoolabxz.tools.feature" match="perfect" size="227855" url="${installer.root}/updateSite.zip" version="3.0.0.20070309-1700"/>
Adding new features to the Notes install kit using a command line tool
If you added new features and plug-ins, you can run a command line tool to copy the contents of a customized, zipped update site (features subdirectory, plugins subdirectory and SITE.XML file) and updated INSTALL.XML file to the IBM(R) Lotus(R) Notes(R) install kit structure. The addToKit tool is available as both a Microsoft(R) Windows(R) executable (ADDTOKIT.EXE) and Linux(R) perl script (addToKit.pl). After you update the content of the zipped update site directory and the deploy directory, place them at the same level as the Lotus Notes install kit structure and use the addToKit tool to copy your source files into the install kits structure. Before using this tool, perform the following tasks: v Create and sign any new Eclipse features that you want to add to the Lotus Notes install media kit. v Place the new features and plug-ins JAR files in the features and plugins update site subdirectories (updateSite.zip\features and updateSite.zip\plugins). v Create and validate the new SITE.XML site manifest file (updateSite.zip\ site.xml). v Create and validate the new INSTALL.XML install manifest in the deploy directory (deploy\install.xml).
Considerations
The following information is helpful when using this tool: v There is no validation capability with the addToKit tool so be sure that your XML is validated and your installfeature ID attribute values are unique. v You can run the addToKit tool with or without arguments.
159
v The <addTokitPath> must contain a deploy directory and zipped updateSite directory that matches the format of the Lotus Notes install media kit. v The updatesSite.zip\site.xml and deploy\install.xml information is merged from the <addTokitPath> to the <destKit> path and the plug-ins and features are copied over. The files in <addTokitPath> are added to the existing kit; they are appended to the destination SITE.XML and INSTALL.XML files. v Running the tool with no arguments copies files into a temporary directory. If you do not specify a source path <.\addTokitPath> in the command line, the default source path is .\addToKit. If you do not specify a destination path <destKit>, the default destination path is the current working directory. The .\addToKit value should be the default source path. v Before running this tool, place your signed features and plug-ins correctly in the update site directory and update the SITE.XML and INSTALL.XML files in their correct directories. Zip the update site directory.
Command line options

Command line arguments are available. For example, when you run the following command, information from <kitPath> is merged into the kit that is in the same directory as the ADDTOKIT.EXE file.
addToKit.exe [-dhnV] <kitPath>
In the following example, the contents of C:\addToKit are copied into the temp\notes8abx.w32 directory.
addToKit.exe c:\addToKit c:\temp\notes8abx.w32
When using addToKit.exe -h, tool usage is displayed as below: <kitPath> defaults to addToKit/. -d Turn debugging on. -h Print command line option usage. -n Run the utility as a dry run. -V Print version information.
Procedure
1. Extract the ADDTOKIT.ZIP file into the temporary directory in which your files reside, for example, c:\temp\notes8abx.w32. This zip file contains the directory addToKit, which contains your zipped update site directory (UPDATESITE.ZIP), and your deploy (deploy) directory. 2. Copy the ADDTOKIT.EXE into the same temporary directory. 3. Open a command window, change to the directory in which the addToKit tool resides, and run the tool, preferably with the source path and target path arguments, using the following format:
addToKit.exe [<addTokitPath>] [<destkit>]
In this format, <addTokitPath> is the source path containing the source UPDATESITE.ZIP file and deploy directory and <destkit> is the target directory in which your Lotus Notes installation resides. The source update site is an update site directory containing the features subdirectory, plugins subdirectory, and SITE.XML file. The deploy directory contains the updated INSTALL.XML file. The format of the source update site
160
directory zip file and deploy directory must match the format of the target update site directory zip file and deploy directory.
Installing and subscribing to preset feeds

The deploy\extras folder in the IBM(R) Lotus(R) Notes(R) install media kit contains a PRESETFEEDS.OPML XML file in which preset feed subscriptions are supplied. Check the install media kits PRESETFEEDS.OPML file for the latest default preset feed subscriptions.
Controlling preset feeds prior to Notes install

To control which preset feeds are available to Notes users, you can modify the supplied deploy\extras\presetfeeds.opml file prior to installing Lotus Notes. You can also export feeds from an existing feed reader into PRESETFEEDS.OPML.
Adding preset feeds

You can add preset feeds to the PRESETFEEDS.OPML file by either exporting from another reader to an .opml file and copying that content into PRESETFEEDS.OPML or by editing PRESETFEEDS.OPML using a text or XML editor. Alternatively, you can overwrite PRESETFEEDS.OPML content with the OUTPUT.OPML file from another reader.
Removing preset feeds

You can remove or comment out any supplied preset feeds from the PRESETFEEDS.OPML file. If you do not want any preset feeds, you can remove or rename the PRESETFEEDS.OPML file.
Subscribing to preset feeds after Notes install

The Subscribe to preset feeds icon is available in Notes from the Feeds user interface. After subscribing, or after toggling the icon off using the File Preferences user interface sequence, you can redisplay the Subscribe to preset feeds icon using the following procedure: Click File - Preferences. Click Feeds. Enable Show Subscribe to preset feeds button on the toolbar and click OK. Click the Feeds icon in the Notes side shelf to open the Feeds user interface. The Subscribe to preset feeds icon contains the round feeds graphic. 5. Click the Subscribe to preset feeds icon to subscribe to the feeds obtained from the Notes installers deploy\extras\presetfeeds.opml file. 1. 2. 3. 4. Note: The Subscribe to preset feeds icon is removed when the Subscribe to preset feeds process conpletes. Note: If a feed cannot be read, a log file entry is created during the Subscribe to preset feeds process.
Changing feed subscription after subscribing to preset feeds

You can subscribe to new feeds or unsubscribe from existing feeds by using the Feeds user interface as described in Lotus Notes help.
161
Customizing Notes using the plugin_customization.ini file

You can use the PLUGIN_CUSTOMIZATION.INI file to control various aspects of IBM(R) Lotus(R) Notes(R) 8 installation and usage. It is supplied in the Lotus Notes installation media kit in the deploy directory (deploy\ plugin_customization.ini). Once installed, the file is located at <install_dir>\framework\rcp\plugin_customization.ini.
Using Notes client single logon to synchronize Notes and OS passwords

If your IBM(R) Lotus(R) Notes(R) users Microsoft(R) Windows(R) passwords are synchronized with their Notes passwords, allowing them to use the same password for both Notes and their operating system you (or they) must have selected the custom feature Client Single Logon while installing Notes. The users computers name cannot be the same as the operating system (OS) login name when using Client single logon. The IBM(R) Lotus(R) Domino(TM)/Notes Client Single Logon feature does not work when the OS login name is identical to the computer name, and the user logs in with the OS name. If Client Single Logon is not working properly on a users system, change the OS login user name or the users computers name. When users install Lotus Notes they can choose the Notes option Client Single Logon Feature. When installation is complete, users must restart the client to allow single logon to take effect. When the user restarts Notes: v a Notes Single Logon Password Synchronization panel appears; v the user should click Yes and, as prompted, enter their Notes password and click OK; v a Change Password panel then appears, prompting the user to enter the new password and re-enter the new password for confirmation. In both password entry fields, the user should enter their Windows system password, and then click OK. The single logon feature is then fully operational. Note: To disable the Notes single login feature, click File - Security - User Security and disable the Login to Notes using your operating system login setting in the Your Login and Password Settings area of the Security panel. After disabling single sign-on, use your Windows password to log in to Notes. OS and Domino password policies must be aligned as closely as possible to allow password synchronization to work. During OS password changes, the Notes Network Provider must be able to change the Notes ID to the new password provided by the OS. Notes is notified of the new OS password only after the OS password has been changed. If the new OS password does not meet the Notes password quality and history requirements, the Notes password change will fail. During Notes password changes, the Notes client must be able to change the OS password to the new Notes password. If the new Notes password does not meet the OS password quality and history requirements, the OS password change will fail.
162
For bidirectional password synchronization, the Notes Network Provider must be able to access a users NOTES.INI file and Notes ID file. The table below shows the required location for the NOTES.INI file according to type of installation:
Install Type Single User Multi User Location The NOTES.INI file must exist in the Notes directory as specified in the HKEY_LOCAL_MACHINE registry key. The NOTES.INI file must be specified in the HKEY_USERS registry key: (<sid>\SOFTWARE\Lotus\ Notes\8.0\NotesIniPath)
Operating system (OS) password changes, that is, password changes that are initiated outside of Lotus Notes, occur in the system access control environment; therefore, the NOTES.INI file and the Notes ID file must reside on a local drive. To check whether the single logon feature is already installed, choose File Security - User Security - Security Basics. If the client single logon feature is installed, the option Login to Notes using your operating system login is enabled.
Keeping a pre-Notes 8 version on Windows

On Microsoft(R) Windows(R), you can make a copy of your IBM(R) Lotus(R) Notes(R) 6.5.x or 7.x installation and then install Lotus Notes 8. These instructions apply to single user installation only. You must have local administrator privileges to complete this procedure. 1. Shut down the Notes client and all Notes-related tools, utilities and add-ins running on your computer. 2. Make a backup copy of your NOTES.ID and NOTES.INI file. 3. Rename the Notes 6.5.x or 7.x install directory. For example, rename the directory notes7. 4. Rename the entire Notes registry key HKEY_LOCAL_MACHINE\Software\ Lotus\Notes. For example, rename it HKEY_LOCAL_MACHINE\Software\ Lotus\Notes7. 5. Rename the entire Installer registry key HKEY_CURRENT_USER\Software\ Lotus\Notes\Installer. For example, rename it HKEY_CURRENT_USER\ Software\Lotus\Notes\Installer7. 6. Create a new desktop shortcut to run the Notes 6.5.x or 7.x version. Create a copy of your existing Notes desktop shortcut icon, then right click on it, click Properties and change the following settings: a. Change the Shortcut tab - Target value to \notes7x\notes.exe =\notes\notes.ini. b. Change the Start in value to \notes7x. c. Change the Title (General tab) to Notes 7. d. Click OK to close the properties dialog. 7. Install Lotus Notes 8. 8. When installation is complete, rename the 6.5.x or 7.x install directory back to its original name.
163
Using Language Pack Installer with Domino

If you plan to install Language Pack Installer (LPI) to run with IBM(R) Lotus(R) Domino(TM), you need to be aware of the following information before installing and setting up Domino and LPI. You also need to read the Language Pack Installer file, README.TXT, that was provided with your copy of the LPI software. To present a non-English language email interface to Domino users, the Domino environment is required, as well as the following: v The appropriate non-English version of Microsoft(R) Windows(R) for the end user so that users can open file attachments that contain non-English (multiple-byte) characters in the file name. Providing the non-English version of Microsoft Windows, also ensures that non-English fonts are present on the system. Users can then read email subject lines and body text that are comprised of non-English characters. v The appropriate non-English mail template that enables folder names, button labels, field labels and column headers to display in the non-English language. This is not required for users running a POP or IMAP client. v A non-English IBM(R) Lotus(R) Notes(R) client to enable menu options and dialog boxes to display in the non-English language. This is not required for users running a POP, IMAP, or browser client. v Non-English fonts for Lotus Notes to allow a users workstation to display text encoded in the non-English character set in case the user does not have the non-English version of Microsoft Windows. To allow users to work in some languages other than English, you need to enable the setting Enable Unicode display in Lotus Notes. Complete these steps: 1. From the Lotus Notes client, click File - Preferences - User Preferences. 2. On the Basics panel, in the Additional Options list, check the option, Enable Unicode display. 3. Click OK. Install the non-English Lotus Notes client and the non-English fonts for Lotus Notes on each workstation. You can download both from the Passport Advantage site or the Business Partner Zone. Note: The non-English mail template is installed when you the install the Language Pack Installer. You can also obtain the non-English mail template from Passport Advantage site or the Business Partner Zone. Prior to installing and setting up LPI in your Domino environment, review the following information: v Review the LPI file, README.TXT, to be aware of limitations and restrictions. v Extract the language pack on a workstation and then run the appropriate SETUP.EXE file. Running the file, SETUP.EXE, initiates a Java wizard on the workstation which pushes the language pack to the server. v While installing Language Pack Installer, choose the templates to which you are adding the non-English design element. (Use IBM(R) Lotus(R) Domino(TM) Designer to view the language of each design element.) After installing the language pack, the selected templates have English and non-English design elements. If you manually replace a mail files design using File - Application Replace Design, you can specify English, or a non-English language for the mail file when prompted to do so in the dialog box.
164
v Before replacing the design of any mail files that contain custom folders, assign Manager access to the mail file to LocalDomainAdmins (or to a comparable group of which you are a member). v After assigning Manager access to the appropriate group, manually run the agent, Update Folder Design, from the Actions menu in each mail file. When that is complete, run Fixup, Updall, and Compact -c on each mail file and then replace the mail files design. Replacing the design before upgrading the folders causes the design replace to fail and results in errors stating unable to find referenced note. v Do not remove the flag, Prohibit design replace, from folder design elements. Deleting the flag causes the causes the folders to be deleted. v If you modify the selected Multilingual options in the database properties design tab, the database will open extremely slowly. Always leave the Multilingual database property unchecked. (Access the database properties design tab in the Domino Administrator client by clicking the Files tab, selecting a database, then choosing File - Application - Properties. Click the tab that has an icon of a hammer.) v Add non-English languages to the IBM(R) Lotus(R) Domino(TM) Web Access template. Other templates are optional.
Instant messaging and client installation and setup

Instant messaging (IM) allows users to see their co-workers online and to send them instant messages. Users can also start instant online meetings among three or more co-workers. Instant messaging is included in the IBM(R) Lotus(R) Notes(R) client installation, and is installed when you install the Notes client. During the Notes client configuration, the Lotus Notes Client Configuration dialog box displays the check box Setup Instant Messaging that allows you to specify whether to set up IM during Notes client setup. By default, the check box is selected to enable the setup of IM. You can deselect that check box to prevent IM from being set up for users.
Enabling Single Sign-On for instant messaging

As an administrator, you can include IM in single sign-on with Lotus Notes and push this feature down to users through dynamic configuration. To enable IM with single sign-on for users, use the NOTES.INI variable, IM_ENABLE_SSO=1. If this variable is set to 1, IM with single sign-on is enabled; if this variable is set to 0 (zero), IM with single sign-on is disabled and the user must enter their instant messaging password. There is also a setting on the User Preferences dialog box that users can set to designate whether they want to use the single sign-on feature, allowing then to log on once and still connect to multiple applications and servers.
Scriptable setup and instant messaging

If you are using scriptable setup to configure newly installed clients, IM can be included in the scriptable setup. There are several variables that you use to define the IM settings for users. For more information about using scriptable setup with IM, see the topic Setting up Notes with a scriptable setup in this chapter.
165
Name awareness in view columns and names fields

When Notes displays the online status for a name, it passes that name as displayed, to the IBM(R) Lotus(R) Sametime(R) server for lookup in the Sametime servers directory. Usually this is the Notes abbreviated format (for example, John Smith/Austin/Acme), although exceptions can be found in email because email names can be received from the Internet. In order for the name to be found in the directory that the Sametime server uses, the directory needs to support a lookup of a Notes abbreviated name. If the directory that the Sametime server uses is an IBM(R) Lotus(R) Domino(TM) directory, this occurs by default. However, if the directory that the Sametime server uses is an LDAP directory, you may need to configure how the server performs a name lookup with the LDAP server. You may also need to ensure that the LDAP directory has a Notes abbreviated name attribute for each of its entries. For more information about using LDAP with a Sametime server, see the topic Configuring the LDAP Searching Setting in the Lotus Sametime Administrators Guide. You can download or view the Lotus Sametime Administrators Guide from the Documentation Library of the Lotus Developer Domain at http://www.lotus.com/ ldd/doc.
Instant messaging and policies

Use the desktop policy settings document to specify a Sametime server for users. Enter the server name in the Sametime server field. When pushed down to the users, this setting populates the field Sametime server in the users Location documents. The user can, however, enter a different server name in that field on the Location document to override the setting from the policy document. The server specified in the Sametime server field is the server that the user will access for instant messaging. If no server name is entered in this field, the user is unable to log on to IM. The user would then have to review the settings on the Instant Messaging tab of their Location document, and make the necessary corrections. For more information about using policies and the desktop policy settings document, see the chapter Using Policies.
Installing Notes in a single user environment

You can install IBM(R) Lotus(R) Notes(R) on Microsoft(R) Windows(R) in a single user environment. You can use the Lotus Notes allclient installer to install Lotus Notes, IBM(R) Lotus(R) Domino(TM) Designer and IBM(R) Lotus(R) Domino(TM) Administrator clients. Note: You can install Lotus Notes on Windows as a single or multi-user installation. However, Lotus Notes installation on Linux(R) supports multi-user only. 1. Before you install the client program files, do the following: v Read the release notes for software and hardware requirements and for any last-minute changes or additions to the documentation. v Read the considerations section of the installation instructions in this guide. v Temporarily disable any screen savers and turn off any virus-detection software.
166
v Make sure that all other applications are closed. Otherwise you may corrupt shared files and the install program may not run properly. v Uninstall any same-release Beta versions before installing. For example, if you are installing Lotus Notes 8, uninstall any Lotus Notes 8 Beta versions before installing. Note: If you have installed a Beta 1 or Beta 2 version of Lotus Notes 8, uninstall it before installing this release of Lotus Notes 8. Upgrade from a Beta 1 or Beta 2 version is not supported. You should not need to uninstall Lotus Notes 8 Beta 3 prior to installing and upgrading to this Lotus Notes 8 release. 2. If you are installing or upgrading a single Notes user on Windows, see Considerations before installing Lotus Notes on Windows and Installing and upgrading to Notes on Windows -- single user.
Installing and upgrading to Notes on Windows for a single user

IBM(R) Lotus(R) Notes(R) 8 is available as an install media kit. Lotus Notes 8 can be installed in graphical mode, silent mode, and by using Smart Upgrade. Installation of Notes on Microsoft(R) Windows(R) is supported for single user or multi-user. For Windows, the Lotus Notes client-only is available in the Notes.msi.w32 installation media kit. The Lotus Notes, IBM(R) Lotus(R) Domino(TM) Administrator, and IBM(R) Lotus(R) Domino(TM) Designer clients are available in the AllClient.msi.w32 installation media kit. When installing Notes in a single user environment using the Windows Allclient kit, you can install or upgrade the Domino Designer and Domino Administrator clients. 1. Shut down all applications. 2. If you have installed a Beta 1 or Beta 2 version of Lotus Notes 8, uninstall it before continuing. You should not need to uninstall Lotus Notes 8 Beta 3 prior to installing/upgrading to this Lotus Notes 8 release. 3. Obtain the Lotus Notes installation media kit. For example, obtain the installation media kit CD or open a browser and navigate to the Lotus Notes/Domino Web site at which the installation media kit resides. 4. Save the installation media kit to a local folder, for example to your C:\temp folder. 5. Navigate to the folder in which you saved the installation media kit. 6. Locate and run the SETUP.EXE installation executable. Note: If a user has the environment variables USERPROFILE, HOMEDRIVE, or HOMEPATH set to a network share, you must use special command line parameters to ensure that all data directories are installed locally, thus eliminating issues with network shares. You can check for these environment variables by typing SET at a command prompt. If HOMEDRIVE is not set to C:, you must review this instruction carefully. For example, if HOMEDRIVE=H: (where H may be a mapped network drive). 7. Read the Welcome screen and click Next. 8. Read and accept the license agreement terms and click Next. 9. Enter your user name and organization, choose the Single-user Install setting, and click Next.
167
10. Accept the default install directory or specify a different installation directory and click Next. The default installation directories for a new single user install on Windows are as below: v Lotus Notes 8 product and binary files installation directory -- C:\Program Files\IBM\Lotus\Notes v Data directory -- C:\Program Files\IBM\Lotus\Notes\data v Workspace directory -- C:\Program Files\IBM\Lotus\Notes\data\ workspace v Lotus Notes 8 Java code installation directory -- C:\Program Files\IBM\Lotus\Notes\framework If a Lotus Notes version is currently installed, the default path is the current Lotus Notes installation path. When you install Lotus Notes single user on a system on which Lotus Notes 6.5 or 7.x is already installed, the traditional Lotus Notes portion of the product is upgraded and installed to the same directory in which the existing Lotus Notes install binaries currently reside, for example C:\Lotus\Notes. The Lotus Notes data directory is assumed to be the directory where the existing Lotus Notes install data files exist, for example C:\Lotus\Notes\data. Additional IBM(R) Lotus(R) Expeditor framework files are installed to a \framework subdirectory, for example C:\Lotus\Notes\framework. 11. Select the features and sub-features to install and click Next. These options include the following: Notes client -- The Lotus Notes client is installed automatically but you can control which individual sub-features to install. v Domino Administrator -- Select this to install or upgrade the Domino Administrator client and specify which subfeatures to install. v Domino Designer -- Select this to install or upgrade the Domino Designer client and specify which subfeatures to install. Note that the Property Broker Editor is installed automatically with Domino Designer. v Activities --Select this to install the Activities feature. An activities server is required to use this feature. v Composite Applications Editor -- Select this to install the Composite Applications Editor for use with composite applications. v IBM Lotus Productivity Tools -- Select this to install IBM(R) Lotus(R) Productivity Tools including IBM Lotus Documents, IBM Lotus Presentations, and IBM Lotus Spreadsheets. v Sametime (integrated) -- Select this to install basic IBM(R) Lotus(R) Sametime(R) capabilities such as chat and live names. A Sametime server is required to use this feature. 12. Optionally specify Notes as your default email program and click Install. 13. Read the preview screen and click Install to continue or click Back to revise your feature selections. Note: If errors occur and you are installing Lotus Notes 8 on a system in which an existing Beta version of Lotus Notes 8 was installed, the existing version may not have been properly uninstalled. 14. When installation is complete, read the summary screen and click Finish to exit the installation wizard.
168
The installation program creates new shortcut icons on your desktop, including those for the Lotus Notes client itself and the productivity tools, Domino administrator client, and Domino Designer client, if you chose to install those features. 15. Use the new desktop icon to start Lotus Notes or click Start - Lotus Applications - Lotus Notes 8. If this is a new install, respond to the configuration wizard prompts. Your administrator can supply the Domino server and configuration information to you. 16. If this is the first time that you have installed or upgraded to this Lotus Notes release, you should update your Lotus Notes mail template and Contacts list now. Replace the design of your Mail and Contacts templates and make sure that your location document points to the correct server. For mail, use the Mail (R8) (MAIL8.NTF) template. For contacts, use the Personal Address Book (PERNAMES.NTF) template. a. Click Open - Mail or the Mail tab. b. Click File - Application - Replace Design. c. Select the Mail (R8) (MAIL8.NTF) template from the list. d. Disable the Inherit future design option. e. Click Replace, and then click OK or Yes in response to any prompts. f. Close the Mail tab. The new design will appear when you open Mail after client restart. g. Click Open - Contacts or the Contacts tab. h. Click File - Application - Replace Design. i. Select the Personal Address Book (PERNAMES.NTF) template from the list. j. Disable the Inherit future design option. k. Click Replace and then click OK or Yes in response to any prompts. l. Close the Contacts tab. The new design will appear when you open Contacts after restarting the Lotus Notes client. 17. Close and then restart Lotus Notes. You must restart Lotus Notes after replacing the mail and contacts template designs.
Installing Lotus Notes in a multi-user environment

You can install IBM(R) Lotus(R) Notes(R) in a multi-user user environment. This enables multiple users to sequentially log in to the same machine and use the same Lotus Notes install directory with their own Lotus Notes data directory. You must be logged in as an administrative user when you install Lotus Notes multi-user. Note: Multi-user installation is supported for Notes client-only install; it is not supported for installing the IBM(R) Lotus(R) Domino(TM) Administrator or IBM(R) Lotus(R) Domino(TM) Designer clients. The Notes Allclient installation kit is available for Microsoft(R) Windows(R) single user installation only. Use the multi-user installation if your enterprise has multiple users who share a single workstation. Then when users log onto the system, they run the Lotus Notes client setup and their own personal data files, that is, BOOKMARK.NSF, NAMES.NSF, and other files are created. In a multi-user installation, the installer installs the Notes program files to a central location on the local system. Each user has their own data directory located in the
169
systems application data directory for the current user. Each users data files are created when that user logs in to the workstation, starts the Lotus Notes client, and completes the client setup. Note: With multi-user installation, the data path is based on the Documents and Settings for each user. There is no need to specify the data directory for a multi-user installation because it would not be used by the installer; therefore, you are no longer prompted for that information. The multi-user installation differs from a shared installation in that program files are located on the local system in a multi-user install, which can be an advantage. This allows for access to the Notes client regardless of which network drives are available. In a shared installation, users are dependent on the availability of shared network drives. Note: Shared network install is not supported in Lotus Notes 8. Shared network install of Lotus Notes 8 basic configuration remains available.
Installing Lotus Notes multi-user on a Windows client

To install IBM(R) Lotus(R) Notes(R) in a multi-user environment on a Windows client, see Considerations before installing Lotus Notes on Windows and Installing and upgrading to Notes on Windows -- multi-user . For information about Smart Upgrade, see Using IBM Lotus Notes Smart Upgrade. For information about automated install, see Automating client installation.
Installing Lotus Notes multi-user on a Linux client

To install Lotus Notes in a multi-user environment on a Linux(R) client, see Considerations before installing Notes on Linux and Installing Notes on Linux. For Smart Upgrade, see Using IBM Lotus Notes Smart Upgrade. For automated install, see Automating client installation.
Multi-user install with multiple language Notes clients

You can install multiple copies of the Notes client in multiple languages on one operating system. The language files are installed in each Multi-user install\language directory. For example, in a multi-user installation, if you first install a French Notes client and then install a Japanese Notes client, the user interface (UI) files are installed in individual directories such as these:
\Program Files\IBM\Lotus\Notes\MUI\fr \Program Files\IBM\Lotus\Notes\MUI\ja
The templates and help files are installed in the next directory, as shown
\Document Setting\All Users\Application Data\Lotus\Data\Shared\mui\fr \Document Setting\All Users\Application Data\Lotus\Data\Shared\mui\ja
When a user starts the Notes client the first time, the UI and database language are determined by the users locale setting. If the locale language is not found in the directory \mui, the English user interface is used and English databases are created to set up the Notes client.
170
Installing and upgrading to Notes on Windows for multi-user

The IBM(R) Lotus(R) Notes(R) 8 is available as an install media kit. Lotus Notes 8 can be installed in graphical mode, silent mode, and by using Smart Upgrade. Installation of Notes on Microsoft(R) Windows(R) is supported for single user or multi-user. For Windows, the Lotus Notes client-only is available in the Notes.msi.w32 installation media kit. The Allclient kit is not available for multi-user installation. For installation considerations, see Considerations before installing Lotus Notes on Windows. 1. Shut down all applications. 2. If you have installed a Beta 1 or Beta 2 version of Lotus Notes 8, uninstall it before continuing. You should not need to uninstall Lotus Notes 8 Beta 3 prior to installing/upgrading to this Lotus Notes 8 release. 3. Obtain the Lotus Notes installation media kit. For example, obtain the installation media kit CD or open a browser and navigate to the Lotus Notes/Domino Web site at which the installation media kit resides. 4. Save the installation media kit to a local folder, for example to your C:\temp folder. 5. Navigate to the folder in which you saved the installation media kit. 6. Locate and run the SETUP.EXE installation executable. Note: If a user has the environment variables USERPROFILE, HOMEDRIVE, or HOMEPATH set to a network share, you must use special command line parameters to ensure that all data directories are installed locally, thus eliminating issues with network shares. You can check for these environment variables by typing SET at a command prompt. If HOMEDRIVE is not set to C:, you must review this instruction carefully. For example, if HOMEDRIVE=H: (where H may be a mapped network drive). 7. Read the Welcome screen, and then click Next. 8. Read and accept the license agreement terms, and then click Next. 9. Enter your user name and organization, choose the Multi-user Install setting, and then click Next. 10. Accept the default install directory or specify a different installation directory and click Next. Note: You must install to a directory that is readable but not writeable by all users. The default installation directories for a new multi-user install on Windows are listed below: v Lotus Notes 8 product and binary files installation directory -- C:\Program Files\IBM\Lotus\Notes v Data directory for each user -- C:\Documents and Settings\<user>\Local Settings\Application Data\Lotus\Notes\data v Workspace directory for each user -- C:\Documents and Settings\<user>\Local Settings\Application Data\Lotus\Notes\data\ workspace v Lotus Notes 8 Java code installation directory -- C:\Program Files\IBM\Lotus\Notes\framework
171
11. Select the features and subfeatures to install and click Next. These options include the following: v Activities -- Select this to install the Activities feature. An activities server is required to use this feature. v Sametime (integrated) -- Select this to install basic IBM(R) Lotus(R) Sametime(R) capabilities such as chat and live names. A Sametime server is required to use this feature. v IBM Lotus Productivity Tools -- Select this to install IBM(R) Lotus(R) Productivity Tools including IBM Lotus Documents, IBM Lotus Presentations, and IBM Lotus Spreadsheets. v Composite Application Editor -- Select this to install the Composite Application Editor for use with composite applications. 12. Optionally specify Notes as your default email program, and then click Install. 13. Read the preview screen and click Install to continue or click Back to revise your feature selections. The installation process takes several minutes. A security acceptance screen from any firewalls you have installed may appear asking for confirmation. Note: If errors occur and you are installing Lotus Notes 8 on a system in which an existing Beta version of Lotus Notes 8 was installed, the existing version may not have been properly uninstalled. 14. When installation is complete, read the summary screen and click Finish to exit the installation wizard. Note: If installation is unsuccessful, this screen points you to the install log file. You can see application icons on the desktop or by clicking Start - All Programs - Lotus Applications. Applications reside in C:\Documents and Settings\All Users\Start Menu\Programs\Lotus Applications. If you installed the IBM Lotus Productivity Tools, you can see application icons on the desktop and by clicking Start - All Programs. Applications reside in: C:\Documents and Settings\All Users\Start Menu\Programs.
Understanding what was installed

v After install, the Lotus Notes icon is visible by clicking Start - All Programs Lotus Applications. v After install, the IBM Lotus Productivity Tool icons, if installed, are visible by clicking Start - All Programs. v Desktop shortcuts are created for all users in C:\Documents and Settings\All Users\Desktop. v A shared data directory is created in the following location: Microsoft(R) Windows(R) XP: C:\Documents and Settings\All Users\Local Settings\Application Data\Lotus\Notes\data Microsoft(R) Windows(R) Vista: C:\Windows\system32\config\ systemprofile\AppData\Local\Lotus\Notes\data v A data directory and workspace directory is created for each user in the following location: Microsoft(R) Windows(R) XP: C:\Documents and Settings\<user>\Local Settings\Application Data\Lotus\Notes\data C:\Documents and Settings\<user>\Local Settings\Application Data\Lotus\Notes\data\workspace
172
Microsoft(R) Windows(R) Vista: c:\users\<user>\AppData\Local\Lotus\ Notes\data C:\users\<user>\AppData\Local\Lotus\Notes\data\workspace v Notes classic files are installed in <install_dir>. v Core IBM(R) Lotus(R) Expeditor files are installed in <install_dir>\framework\ rcp. v Core Eclipse files are installed in <install_dir>\framework\eclipse.
Running the Notes client on Windows as a user after administrative install

After you install the Notes client, users can log in and run Notes. 1. Log in as a non-administrative user. 2. Start Lotus Notes using the new desktop shortcut or click Start - Lotus Applications - Lotus Notes 8. 3. Respond to Notes setup prompts as they appear. 4. If this is the first time that you have installed or updated to this Lotus Notes release, you should update your Lotus Notes mail template and contacts list now. This step is only necessary when you first update to this Lotus Notes release. If you uninstall and reinstall Lotus Notes you will not need to repeat this step. Replace the design of your Mail and Contacts templates and make sure that your location document points to the correct server. For mail, use the Mail (R8) (MAIL8.NTF) template. For contacts, use the Personal Address Book (PERNAMES.NTF) template. a. Click Open - Mail or the Mail tab. b. Click File - Application - Replace Design. c. Select the Mail (R8) (MAIL8.NTF) template from the list. d. Disable the Inherit future design option. e. Click Replace and then click OK or Yes in response to any prompts. f. Close the Mail tab. The new design will appear when you open Mail after restarting the client. g. Click Open - Contacts or the Contacts tab. h. Click File - Application - Replace Design. Select the Personal Address Book (PERNAMES.NTF) template from the list. Disable the Inherit future design option. Click Replace and then click OK or Yes in response to any prompts. Close the Contacts tab. The new design will appear when you open Contacts after restarting the Lotus Notes client. 5. Close and then restart Lotus Notes. You must restart Lotus Notes after replacing the mail and contacts template designs. i. j. k. l.
Installing Notes on Linux

IBM(R) Lotus(R) Notes(R) is available as an install media kit. You can install Lotus Notes in graphical mode, silent mode, and by using Smart Upgrade. Installation of Notes on Linux(R) is supported for multi-user only. For Linux, the Lotus Notes client-only is available in the Notes.ismp.linux installation media kit. For installation considerations, see Considerations before installing Notes on Linux. 1. Shut down all applications.
173
Exit out of any existing versions of IBM(R) Workplace Managed Client(TM), IBM(R) Lotus(R) Sametime(R), and Lotus Notes. Make sure that all processes are terminated, including eclipse/javaw, eclipse/notes2w, sametime, notes, taskldr, and nsdexec. From a command prompt, change to the Lotus Notes data directory and type the following command:
/opt/ibm/lotus/notes/nsd.sh -kill
2. If you have installed a previous Beta version of this Lotus Notes release, uninstall it before continuing. 3. As the root user, open a new terminal window or File Browser. 4. If you are obtaining the installation kit from a Web downloads page, open your Mozilla GTK2 browser and navigate to the Web page from which to obtain the download. For current information about browser requirements, see the release notes. 5. Locate the Lotus Notes installation media kit and save it to your /root folder. For example, obtain the installation media kit CD or open a browser and navigate to the Lotus Notes/Domino Web site at which the installation media kit resides. 6. Navigate to the folder in which you saved the installation kit and unpack the tar file. 7. Navigate to the directory that contains the unpacked setup.sh installation executable file. Note: Verify that the directory also contains the deploy directory, setup.sh, and updateSite.zip. These contain the needed install manifest and feature and plug-in JAR files. 8. Run the setup.sh installation executable by double-clicking on setup.sh or by running ./setup.sh in a shell. Note: To install, you must switch to the root user or be logged in as a root user. 9. Read the Welcome screen, and then click Next. 10. Read and accept the license agreement terms, and then click Next. 11. Accept the default install directory or choose a different install directory. You must install to a directory that is readable, but not writeable, by all users. The default installation directories for a new multi-user install on Linux are listed below: v Lotus Notes 8 product and binary files installation directory -/opt/ibm/lotus/notes v Data directory for each user -- /{$HOME}/lotus/notes/data v Workspace directory for each user -- /{$HOME}/lotus/notes/data/ workspace v Lotus Notes 8 Java code installation directory -- /opt/ibm/lotus/notes/ framework Note: Upgrading from Notes 7.x to Notes 8 is not supported; install to a different directory or uninstall Notes 7.x before installing Notes 8. 12. Select the features to install, and then click Next. These options include the following: v Activities -- Select this to install the Activities feature. An activities server is required to use this feature.
174
v Sametime (integrated) -- Select this to install basic IBM(R) Lotus(R) Sametime(R) capabilities such as chat and live names. A Sametime server is required to use this feature. v IBM Lotus Productivity Tools -- Select this to install IBM(R) Lotus(R) Productivity Tools including IBM Lotus Documents, IBM Lotus Presentations, and IBM Lotus Spreadsheets. v Composite Application Editor -- Select this to install the Composite Applications Editor for use with composite applications. 13. Read the preview screen for installation directory, features, and size and click Install. This process may take several minutes. A security acceptance screen from any firewalls you have installed may appear asking for confirmation, even if the installation is being done locally. Note: If errors occur and you are installing Lotus Notes on a system on which an existing version of this Lotus Notes release, such as a Beta version, may not have been properly uninstalled. 14. Read the installation summary screen and click Finish to exit the installation wizard. Note: If installation is unsuccessful, you can open the install log file at <install_dir>/framework/rcp/installer_logs/framework_install.log.
Understanding what was installed

The following information describes what was installed: v After install, application icons are visible for all users by clicking Computer More Application - Office. They reside in /usr/share/applications. v The Notes installer does not create desktop shortcut icons. v v v v A new data directory is created for this user in /root/lotus/notes/data. A new workspace is created for this user in /root/lotus/notes/data/workspace. The Notes classic binaries are installed in <install_dir>. A shared data directory is created in /etc/lotus/notes/data.
Running the Notes client on Linux as a user after root user install
After you install the Notes client, users can log in and run Notes. 1. Log in as a non-root user. 2. Start Lotus Notes by clicking the Computer option - More Applications... - New Applications - Lotus Notes 8. 3. Respond to Notes setup prompts as they appear. Update your mail template for this release. Your contacts are automatically updated.
Using the Multi-user Interface pack

Use the Multi-user Interface Pack to install multiple languages according to the installation type of your IBM(R) Lotus(R) Notes(R) client. You can use the Multi-user Interface Pack with multi-user installs and single user installs.
Notes multi-user installation with the Multi-user Interface Pack

If you have installed a Notes client as a Notes Multi-user installation, the Multi-user Interface Pack adds language files in a subdirectory of the Multi-user Interface directoryFor example, the UI files are installed in the directory (*): .
C:\Program Files\IBM\Lotus\Notes\MUI\language-iso (*)
175
Note: The template, modem, and help files are installed in the directory (*) as shown in this example:
C:\Document Setting\All Users\Application Data\Lotus\Data\Shared\mui\language-iso (*)
(*) language-iso is a language identifier. e.g. German is de, French is fr In a Notes Multi-user install, when a user starts the Notes client for the first time, the UI and database language are determined by the users OS locale setting. If the locale language files of the Notes client have not been installed, the UI language of the Notes setup and local databases defaults to English.
Notes single-user installation with the Multi-user Interface Pack

If you have installed a Notes client as a Notes Single-user installation, the Multi-user Interface Pack adds language files in the directory (*). The UI files are installed in (*) as shown in this example:
C:\Program Files\IBM\Lotus\Notes\MUI\language-iso (*)
Note: (*) language-iso is a language identifier. For example, German is de, French is fr The template, modem, and help files for the language are NOT installed. In a Notes Single-user install, the UI language of the Notes setup and local databases is the language of the Notes client you have installed. For more information about IBM Lotus Multi-user Interface Pack installer, see the IBM Lotus Multi-user Interface Pack Readme file.
Updating, adding, and removing installed Notes features

You can update, add, or remove existing installed IBM(R) Lotus(R) Notes(R) features using a Lotus Notes install kit within the same Notes release, for example within Lotus Notes 8.0. You can also use silent installation to perform this task. Note: The procedure shown below is the default Lotus Notes installation process. You can customize what appears on the Notes feature installation screen using the install manifest. You can also use a silent install and specify options on the command line to control install, update, and remove functions. 1. Start the Notes installation program. 2. When prompted, enter your name and company, and then click Next. If this is a multi-user install, Multi-user Install is shown selected and inactive. If it is a single user install, Single user Install is shown selected and inactive. 3. Choose the features you want to add, upgrade, or remove and click Next. v Add/Install -- Any feature that was not previously installed is shown selected. You can leave these features as selected in order to install them. v Update -- Any feature that was installed previously is shown selected. You can leave these features as selected in order to upgrade them. Note: For multi-user, the features being upgraded are not removed from disk; they remain but are not used. For single user, the features being upgraded are removed from disk. v Remove -- Any feature that was installed previously is shown selected. You can deselect these features in order to remove them. Note: For multi-user on Linux(R), features that are selected for removal are disabled, not actually removed from disk.
176
4. Optionally specify Notes as your default email program and then click Install. 5. Read the installation summary screen and then click Finish.
Running the Notes client as a user after updating, adding, or removing Notes features
The system processes the new install manifest, for example, <install_dir>\ framework\rcp\deploy\install.xml, for this user upon first launch. 1. Log in as a user. 2. Start Lotus Notes. Starting Lotus Notes now enables the features that were selected for install or update and also removes or disables the features that were selected for removal.
Automating client installation using a silent install

Automated client installation, otherwise referred to as silent install, is available for installing IBM (Lotus(R) Notes(R) on a Microsoft(R) Windows(R) or Linux(R) client. For single user installs on a Windows client, silent install also supports the three IBM(R) Lotus(R) Domino(TM) clients -- (IBM(R) Lotus(R) Notes, IBM(R) Lotus(R) Domino(TM) Designer, and Domino Administrator(R) -- Allclient installation kit. Silent install simplifies end-user installation because it presents few or no installation options. Read the considerations section of the installation instructions in this guide before installing Lotus Notes. Silent installation uses a tuner program to create a transform file based on installation options that you specify when you run the tuner. When a user subsequently runs the silent install, the specified installation options are applied automatically. For information about using the tuner and creating transform files, see the following topics: v Customizing client installations using the tuner v Creating a transform file v Installation options available using the transform file
Running a silent installation

Silent install is useful for installing Lotus Notes, and optionally the Domino Administrator client and/or Domino Designer client, without user intervention. The user can execute a script or batch file to perform a complete installation without having to answer any questions or prompts. Command line options are available and are described below. Running a silent install provides users with default install options. To customize the silent install, you can use, individually or in combination, install manifest customization and a tuner transform file. Lotus Notes installation requires use of an install manifest file INSTALL.XML, supplied in the Lotus Notes installation media kit as deploy\install.xml. This file and its contents can be customized to control which features are installed automatically, which features appear in the feature installation panel for user selection, and whether features are presented as enabled or disabled by default.
177
Using a silent install, you can define which features in the install manifest are installed automatically, by setting the required attribute to true for each installfeature ID you want installed. Features in the install manifest that have their required attribute set to true are automatically installed. Note: Also, when installing Lotus Notes using the single user Allclient installation kit on Windows, Domino Designer and Domino Administrator follow the settings in the Lotus Notes 8 MSI file. The settings in the MSI file (which affect the feature installation panel) override the settings in the Lotus Notes install manifest file (deploy\install.xml). To install Domino Designer and/or Domino Administrator, you must either select them for install using the feature installation panel or specify them for silent install using the tuner. They will not be installed, even if specified in the SELECTINSTALLFEATURES property, if they are not selected for install as part of the MSI installation. Before you begin the silent installation process, perform the following tasks: v Optionally use the tuner to create a transform file. v Determine which features you want installed, open the install manifest INSTALL.XML, locate the installfeature ID, and set the required attribute to true. Alternatively, you can specify features for install using command line arguments. v Determine the desired installation directory and Notes data directory. v Determine if the install will be for single or multi-user. v Ensure that the required hardware and software components are in place and working. v Read the Release Notes for disk-space requirements and for last-minute changes or additions to the documentation. v Temporarily disable any screen savers and turn off any virus-detection software. v Ensure that all other applications are closed. Otherwise, you may corrupt shared files, and the Install program may not run properly. v There is currently no Windows command line option for specifying a single user or multi-user installation. Default installation occurs for a single user.
Installing to a non-default directory

You can specify a non-default installation directory and Notes data directory using PROGDIR and DATADIR properties on the command line. For example, for a new user on Windows, Lotus Notes is installed to C:\Program Files\IBM\Lotus\Notes by default. To select the desired destination directory, specify each property on the command line. For example, if you want to install to C:\IBM\Lotus\Notes, use the following command line syntax:
setup /S /V"SELECTINSTALLFEATURES=Activities,Editors PROGDIR=C:\IBM\Lotus\Notes DATADIR=C:\IBM\Lotus\Notes\ Data /qn"
To use Notes silent installation on Windows

You can specify command line options during silent Notes install on Windows. You must be logged in as an administrative user or user with elevated privileges. The Allclient installation method, which enables installation of Lotus Notes, Domino Designer, and the Domno Administrator clients, is not available for multi-user install; it is only available for single user installation.
178
1. Open a command window. 2. Change to the directory in which the Lotus Notes installation media kits SETUP.EXE file is resident. 3. Type the silent installation command. Example commands are provided below. Note that these examples do not illustrate use of a transform file. v Use this format to run the install in silent mode, using default values, without a progress bar:
setup.exe /s /v"/qn"
Note: For example, this command installs Notes to the single user default C:\Program Files\IBM\Lotus\Notes directory and Notes data folders and files to the C:\Program Files\IBM\Lotus\Notes\data directory. When installation is complete, the shortcut icon(s) appears on the desktop. v Use this format to display a message when the installation is complete or it has failed. Use the + parameter as follows:
setup.exe /s /v"/qn+"
v Use this format to display a progress bar during the installation, in addition to displaying the message indicating that the installation is complete or it has failed:
setup.exe /s /v"/qb+"
v Use this format to specify the install manifest features to install using the command line. Obtain the installfeature ID syntax from the Lotus Notes install manifest (deploy\install.xml). To install any of these features, include the feature ID value in the SELECTINSTALLFEATURES property on the command line as shown below. Specify comma-separated feature names in quotes as follows. Note the placement of the quote, equal sign, and space characters.
setup /s /v"SELECTINSTALLFEATURES=Activities,Sametime, Editors,CAE /qn"
Note: Each feature in the Lotus Notes install manifest whose required attribute is set to true will be installed, regardless of whether it is specified in the command line in the SELECTINSTALLFEATURES statement. To pass a parameter that contains intervening spaces, such as a directory path, enclose the parameter in quotes using a backslash quote sequence as follows:
setup /s /V"SELECTINSTALLFEATURES=Activities,Editors PROGDIR=\"C:\Program Files\Lotus\Notes\" DATADIR=\"C:\Program Files\Lotus\Notes\Data\" /qn"
Specify as few or as many feature IDs on the command line as desired.
To use Notes silent installation on Linux

You can specify these command line options when running a Lotus Notes silent install on Linux(R). You must be logged in as a root user. 1. Open a command window or shell. 2. Change to the directory in which the Lotus Notes install kits setup.sh file is resident. 3. Type the silent installation command as shown in this example: The following entry specifies that the command will run in silent mode.
- silent
179
The following entry sets the variable to accept the license agreement panel.
-V licenseAccepted="true|false"
The following entry sets the install location for Notes client. The value must not contain an ending slash symbol (\).
-P installLocation="<location>"
The following entry sets the list of optional install features that can be installed.
-V selectInstallFeatures="<list of comma separated install feature ids>"
This argument overrides all install feature default attributes in the install manifest. If you use this argument, only the install features listed in the argument and the required install features are installed/selected.
-V removeInstallFeatures="<list of comma separated install feature ids>"
This sets the list of optional install features that can be removed on upgrade. In the following example, the Lotus Notes installer is run silently so that all installfeature IDs in the install manifest whose required attributes are set to true are installed and the license agreement is accepted without prompting. You must minimally use these command line parameters to run Notes silent install on Linux.
setup.sh -silent -V licenseAccepted="true"
Providing a batch file for installing the Notes client

Creating and then providing a batch file that executes the command to perform a silent install is convenient for users. Users can easily install the IBM(R) Lotus(R) Notes(R) client by running the batch file.
Create a batch file

To create a batch file, perform the following steps: 1. Open a text editor. 2. Type the desired silent install command syntax in the edit window: An example is shown below.
setup /S /V"/qn"
3. Save the file using a .bat file extension in the name, for example BATCHINSTALL.BAT. Save the file in the same directory that contains the installation image (the directory in which the Lotus Notes install setup.exe or setup.sh resides). For information about command line syntax options, see Automating client installation.
Run the Notes silent install using a batch file

To run a Lotus Notes silent install using the batch file, perform the following steps. 1. Navigate to the installation image directory (the directory in which the Lotus Notes setup.exe or setup.sh resides). 2. Locate the batch file, for example BATCHINSTALL.BAT. 3. Run the batch file by double-clicking on the .bat file name, for example BATCHINSTALL.BAT.
Sample batch file content containing a transform file

180
Providing command line utilities for installation

Provide command line utilities so that users can install one or more clients on their workstations. This table presents sample command line utilities that you can modify to suit your needs.
Type of install Transform install Transform silent install Silent install with fail/success prompt Silent install Verbose logging Sample command line utility msiexec /i Lotus Notes 8.0.msi TRANSFORMS=custom.mst msiexec /i Lotus Notes 8.0.msi /qn TRANSFORMS=custom.mst msiexec /i Lotus Notes 8.0.msi /qn+ setup.exe /s /v/qn setup.exe /v/L*v c:\temp\install.log
Setting up Notes with a scriptable setup

The scriptable setup option uses a setting in the NOTES.INI file to provide information to the client setup wizard. During installation, the wizard displays only those panels that users need to set up the IBM(R) Lotus(R) Notes(R) client. The NOTES.INI setting ConfigFile= points to a text (.TXT) file that contains the parameters that the wizard needs. The wizard reads the text file and completes the setup. The user is able to bypass the wizard screens for which parameters have been provided by the text file. The settings and parameters that you can use in the text file are listed in this table:
Setting Username KeyfileName Description Users hierarchical name -- for example, John Smith/Acme Directory path to the users ID file name --for example, c:\program files\lotus\notes\data\jsmith.id Domino server in the same domain as the user name. You do not need to enter a hierarchical name. An address for the IBM Lotus Domino server, such as the IP address of the server, if needed, to connect to the server. For example, server.acme.com or 123.124.xxx.xxx Port type, such as TCPIP 1 to connect to the Domino server, 0 for no connection 1 forces display of the Additional Services panel even if sufficient information is provided for these services; the Additional Services panel lists Internet, proxy, and replication settings. To configure a network dialup connection to Internet accounts created via Additional Services dialog box Incoming mail account name, a friendly name used to refer to these settings
Domino.Name
Domino.Address
Domino.Port Domino.Server AdditionalServices
AdditionalServices.NetworkDial
Mail.Incoming.Name
181
Setting Mail.Incoming.Server Mail.Incoming.Protocol Mail.Incoming.Username Mail.Incoming.Password Mail.Incoming.SSL Mail.Outgoing.Name Mail.Outgoing.Server Mail.Outgoing.Address Mail.InternetDomain Directory.Name Directory.Server News.Name News.Server NetworkDial.EntryName NetworkDial.Phonenumber NetworkDial.Username NetworkDial.Password NetworkDial.Domain DirectDial.Phonenumber DirectDial.Prefix DirectDial.Port DirectDial.Modem Proxy.HTTP Proxy.FTP Proxy.Gopher Proxy.SSL Proxy.HTTPTunnel Proxy.SOCKS Proxy.None Proxy.UseHTTP Proxy.Username
Description Incoming mail (POP or IMAP) server name 1 for POP; 2 for IMAP Mail account user name or login name Mail account password 0 to disable; 1 to enable the SSL protocol for incoming Internet mail Outgoing mail account name, a friendly name used to refer to these settings Outgoing mail (SMTP) server name Users Internet mail address, such as user@isp.com Internet Mail domain name such as isp.com Directory account name, a friendly name used to refer to these settings Directory (LDAP) server name News account name, a friendly name used to refer to these settings News (NNTP) server name Name of remote network dialup phone book entry Dial-in number Remote network user name Remote network password Remote network domain Phone number of Domino server Dialup prefix, if required. For example, 9 to access an outside line. COM port to which the modem is connected File specification of modem file HTTP proxy server and port -- for example, proxy.isp.com:8080 FTP proxy server and port -- for example, proxy.isp.com:8080 Gopher proxy server and port -- for example, proxy.isp.com:8080 SSL proxy server and port -- for example, proxy.isp.com:8080 HTTP tunnel proxy server and port -- for example, proxy.isp.com:8080 Socks proxy server and port -- for example, proxy.isp.com:8080 No proxy for these hosts or domains Use the HTTP proxy server for FTP, Gopher, and SSL security proxies User name if logon is required
182
Setting Proxy.Password Replication.Threshold Replication.Schedule IM.Server
Description User password Transfer outgoing mail if this number of messages held in local mailbox Enable replication schedule IBM Lotus Instant Messaging server name required unless you have set the NOTES.INI variable IM_NO_SETUP= 1. To use this NOTES.INI variable, you must also use InstallShield Tuner which is included on the Notes/Domino CD. When this variable is set to 1, the IM Configuration dialog box does not display during new client setup or client upgrade, and all IM variables in a scriptable client setup are ignored. If the user wants to configure IM, they can leave the NOTES.INI variable out of their NOTES.INI file or set it to 0 (IM_NO_SETUP=0).
IM.Port IM.ConnectWhen
IBM Lotus Instant Messaging server port (any positive number) (Optional setting) Defines when to connect to IBM Lotus Instant Messaging: v 0 -- At Notes login (default) v 2 -- Manually
IM.Protocol
Use one of these: v 0 -- Directly to IBM Lotus Instant Messaging server v 1 -- Directly to IBM Lotus Instant Messaging server using HTTP protocol v 2 -- Directly to IBM Lotus Instant Messaging server using IE HTTP settings v 3 -- Use a proxy
IM.ProxyType
Required if IM.Protocol is set to 3. Use one of these: v 0 -- SOCKS4 Proxy v 1 -- SOCKS5 Proxy v 2 -- HTTPS Proxy v 3 -- HTTP Proxy
IM.ProxyServer IM.ProxyPort
Required if IM.Protocol is set to 3. Name of IBM Lotus Instant Messaging proxy server Required if IM.Protocol is set to 3. Port of IBM Lotus Instant Messaging proxy server (any positive number) Only used if IM.ProxyType is 1 (SOCKS5) but it is not required. Use one of these values: v 0 -- Disable IM.ServerNameResolve v 1 -- Enable IM.ServerNameResolve
IM.ServerNameResolve
IM.ProxyUsername
Required if IM.Protocol is set to 3 and IM.ProxyType is not SOCKS4

183
Sample scriptable setup file

This is a sample scriptable setup file for a LAN connection. All options are used in this sample file. Username = Joe Employee
KeyFileName=G:\shareddrive\userid\jemployee.id Domino.Server=1 Domino.Name=servername/domain (For example, server1/sales/enterprise) Domino.Port=TCP/IP IM.Server=servername.misc.domain.com IM.Port=12345 IM.ConnectWhen=2 IM.Protocol=3 IM.ProxyType=2 IM.ProxyServer=sametimeproxy.domain.com IM.ProxyPort=789 IM.ServerNameResolve=0 IM.ProxyUsername=joeemployee AdditionalServices=0 Mail.Incoming.Protocol=2 Mail.Incoming.Name=INCOMING INET MAIL Mail.Incoming.Server=servername.misc.domain.com Mail.Incoming.Username=jemployee Mail.Incoming.Password=xyz123 Mail.Incoming.SSL=0 Mail.Outgoing.Name=OUTGOING INET MAIL Mail.Outgoing.Server=servername.misc.domain.com Mail.Outgoing.Address=joeemployee@domain.com Mail.InternetDomain=misc.domain.com AdditionalServices.NetworkDial=1 NetworkDial.EntryName=TEST 1 Dial-up Connection NetworkDial.Username=jemployee NetworkDial.Password=xyz123 NetworkDial.Phonenumber=area code-phone-number (For example, 508-123-4567) NetworkDial.Domain=domainname News.Name=NEWS SERVER ACCOUNT News.Server=server.domain.com Directory.Name=LDAP DIRECTORY SERVER ACCOUNT Directory.Server=name.misc.domain.com Proxy.UseHTTP=0 Proxy.HTTP=proxy.domain.com:8080 Proxy.FTP=proxy.fake.com:8080 Proxy.Gopher=proxy.fake.com:8080 Proxy.SSL=proxy.fake.com:8080 Proxy.SOCKS=proxy.domain.com:1080 Proxy.HTTPTunnel=proxy.domain.com:8080 Proxy.None=domain.com Replication.Threshold=3 Replication.Schedule=1
184
Installing the Domino clients in a shared network directory

As an administrator, you can offer a shared network installation to your users. In a shared network installation, all program files are installed on a file server and the users data files reside on their local workstations. Note: Shared network install is not supported in IBM(R) Lotus(R) Notes(R) 8. Shared network install of Lotus Notes 8 basic configuration remains available. During the installation of the network image, all program files for IBM(R) Lotus(R) Notes(R), IBM(R) Lotus(R) Domino(TM) Administrator, and IBM(R) Lotus(R) Domino(TM) Designer are installed. To run Lotus Notes, Domino Administrator and Domino Designer client installs from one set of program files on a file server, create multiple transform files. Note: To perform a shared installation and run the transform file, end-users must have the Microsoft(R) Windows(R) Installer service on their workstations. After you install the program files to a directory on a server, users can run a shared version of the software, thereby saving on disk space usage. However, if the server is unavailable, users cannot run Notes. When users install Notes from this directory, only the data files (DESKTOP.DSK, BOOKMARK.NTF, and all local databases) are copied to their workstations. The program files remain on the server, where they are shared among all users. As users run Notes, the program files are read into memory on their workstations. Assign to those users who install Notes client software from the file server Read access to the directory containing the files. Note: Set the access to the administrator image on the network to Read Access -that is the only supported access. Multi-user installation is neither supported in a shared file configuration nor available for use on Macintosh computers.
Upgrading shared installations

Do not attempt to upgrade over existing network image files. To upgrade an existing network image, delete all files in the existing network image and install the new network image files to the same location.
To set up the shared network installation

1. Before you begin this installation process, do the following: Note: Shared network install is not supported in Lotus Notes 8. Shared network install of Lotus Notes 8 basic configuration remains available. v Make sure that the required hardware and software components are in place and working. v Read the Release Notes for disk-space requirements and for any last-minute changes or additions to the documentation. v Temporarily disable any screen savers and turn off any virus-detection software. v Make sure that all other applications are closed. Otherwise, you may corrupt shared files, and the Install program may not run properly.
185
2. Log on as administrator on the drive on which you are installing the program files. 3. From the command line, use this syntax to run setup and create the administrator image on the network:
E:\path to install kit\setup /A
In this example, drive E represents the drive on which the client installation files are located, which is usually the drive letter of the CDROM drive containing the Domino CD. The /A creates the administrator image on the network. 4. Enter the name of the directory that will store the installed files. By default, this directory is the first network drive accessible from your workstation. To specify a network drive and directory other than the default, click Change. 5. Click Install. Every client option is installed. A directory structure that is useable and understandable by the operating system is created. Users can run the install program directly from this directory structure that you provide using the Lotus Notes 8.0.msi file created in the root of the directory structure. 6. Create a transform file for the installation of the end users local data files. After successfully installing all client files to a shared directory on the network, you can instruct users to use the transform file to install the client on their own workstations. For information about creating a transform file, see the topic Creating a transform file in this chapter.
Enabling and using third-party feature installation and update in Notes

This release of IBM(R) Lotus(R) Notes(R) enables you to extend the Notes experience using custom or third-party Eclipse features and plug-ins and composite applications. This section contains the following topics: v Creating custom or third-party features v Signing custom or third-party features and plug-ins for install and update v Installing and updating custom and third-party features and plug-ins Installing a new feature using the Notes install manifest Enabling user-initiated update Creating and using a traditional third-party installer Creating and using an NSF-based update site v Configuring component update for composite applications
Creating custom or third-party features

You can learn to create custom or third-party features for use with IBM(R) Lotus(R) Notes(R) using these and other resources. For information about using the IBM(R) Lotus(R) Expeditor to create applications and start Notes from the Expeditor integrated development environment (IDE), see the following resources at http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/ index.jsp: v Welcome to Developing Applications for Lotus Expeditor at: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.help.ic.doc/wed_welcome_ic.html v Using the Lotus Expeditor Toolkit environment with Lotus Notes 8 at:
186
http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/intro_xpdtkenvlotusnotes.html For additional information and examples, see the IBM developerWorks site at http://www.ibm.com/developerworks/lotus/community/. For general information about Eclipse features and plugin-ins, see http://www.eclipse.org.
Signing custom or third-party features and plug-ins for install and update
Eclipse plug-ins can be created and used to extend IBM(R) Lotus(R) Notes(R) client functionality. Plug-ins are provisioned with the client software. They are ordinarily signed with a certificate that is trusted by Notes clients and which verifies that they contain secure data. Plug-ins are typically signed by the developer or the build room depending on how the plug-ins are built. JAR signing is a standard process and many tools exist to do this. You can sign features and plug-ins either by using the JarSigner tool included in the Java(TM) Development Kit (JDK) or by using a third-party tool, such as the Plugin Development Environment (PDE) in Eclipse. Certificates used in jar signing can be obtained from many of the well known certificate authorities (CA). When you install and deploy new custom or third-party features and plug-ins for Notes installation, you can add your own certificates to a keystore so that the signed features are trusted during install and update from the media kit. Features are checked for trust during initial and update provisioning. If Lotus Notes is already installed, features are checked during runtime provisioning -either during traditional third-party install or user-initiated update. v Install time provisioning - The Notes installer installs and initially provisions new or updated features from the install kits update site UPDATESITE.ZIP. During this initial provisioning, trust is based on the Java keystore file in the Lotus Notes install media kits deploy directory. This keystore contains the IBM code signing certificate. By default, only features and plug-ins that are signed with this certificate will be installed. v Runtime provisioning - Notes is running and provisioning is initiated manually by the end user or programmatically based on a scheduled criteria. During runtime provisioning, the Notes keystore determines trust for the features being downloaded. This keystore contains the IBM code signing certificate, and by default only plug-ins that are signed with this certificate are installed. The items in the Notes install media kits update site zip file must be signed, including custom or third-party feature and plug-in JAR files. The provisioning process seeks to verify the signature. This allows administrators and users to control and validate the signed code being downloaded to the client. If you have digitally signed the features to install or update, the provisioning system does the following: v Displays errors about untrusted content as a post-install summary v Provides a consistent user interface for handling trusted and untrusted content during runtime provisioning based on policy settings
187
Note: There is no user interface for prompting during initial Notes install. v Makes trust decisions based on managed policy settings so that you can override default settings and manage policy settings from a server
Signing and adding new features to the install kit

If you create new Eclipse features, you can sign them in preparation for install and update using a code signing certificate obtained from a certification authority. When signed and properly resident in the install media kit, the features can be installed if the code signing certificate is included in the media kit keystore. If the code signing certificate is not a trusted file, you can modify the install signature verification policy to allow for installing signed but untrusted content. Signing your custom or third-party Eclipse features accomplishes the following: v Allows you to dictate the policy settings to determine what kind of signed/unsigned content can be downloaded from an allowed Eclipse update site v Allows you to modify the default policy used by the signature verification code at install and update time by using IBM(R) Lotus(R) Domino(TM) policy or by setting preferences in the PLUGIN_CUSTOMIZATION.INI file in the install media kit v Based on administrator settings, allows users to make trust decisions based on the certificate details that were used to sign a feature on the update site v Prevents corrupted signed content from being installed and provisioned After you have created and signed new Eclipse features and plug-ins, you can control the response to untrusted content during feature install and update. To add new features to the Lotus Notes installer do the following: 1. Build and create JAR files for new custom or third-party features and plug-ins for use in an Eclipse update site. Use the JREs JarSigner tool, Eclipse, or other third-party tool. 2. Sign the new custom or third-party feature and plug-in JAR files. 3. Add the certificate to the Notes install media kits deploy\ .keystore.JCEKS.IBM_J9_VM.install file using the KeyTool program included with the JVM or other third-party tool. Note: Add the certificate(s) used to sign the JAR files to the file(s) beginning with .KEYSTORE in the deploy directory of the Lotus Notes install media kit. Note: The Notes Keystore, which is used for manual update, does not currently include a cross certificate for the IBM code signing certificate. Only the .KEYSTORE file contains this certificate, and it is only used for install and upgrade. 4. Add the signed features and plug-ins JAR files to the Notes install kits update site (updateSite.zip\features and updateSite.zip\plugins). 5. Modify the Notes install kit install manifest (deploy\install.xml) and the update site registry (updateSite.zip\site.xml) to include the new feature(s). 6. Use the Domino Administrator to set the default signature verification policies to be used by the Notes client using the Security Settings - Signed Plugin page.
188
Note: If you are updating using the install media kit, Domino policy takes precedent over settings that reside in the Notes install media kit deploy\plugincustomization.ini file. Domino policy does not affect the initial install. 7. Test the installer by running the Lotus Notes installer setup.exe (Microsoft(R) Windows(R)) or setup.sh (Linux(R)). 8. Deploy or make available to users, the install kit, including the keystore that you updated in the install kits deploy directory. Note: If you are adding the new features to an update site, place the update site content and deploy folder content wherever the update is to be made available. When performing a runtime update, the Notes keystore is used for determining trust. This requires an Internet cross-certificate for the code signing certificate to exist in the personal address book. Based on the policy settings set by the administrator, the user can be prompted if the code signing certificate is not trusted by the Notes trust store. Look for updates to this content as future Expeditor releases become available.
Using the plugin_customization.ini file to verify trust

You can use the IBM(R) Lotus(R) Notes(R) install media kits deploy\ plugin_customization.ini file to call a named keystore and instruct the installer how to respond to features and plug-ins that are expired or not yet valid, unsigned, or signed by an unrecognized certificate authority. You can modify the following settings in the Notes install media kit deploy\plugincustomization.ini file to establish responses during install and update:
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=PROMPT com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=PROMPT com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=PROMPT
Note: If you are updating using the install media kit, IBM(R) Lotus(R) Domino(TM) policy takes precedent over settings that reside in the Notes install media kit deploy\plugincustomization.ini file. Domino policy does not affect the initial install. By default the Lotus Notes installer uses only the keystore in the deploy directory to make trust decisions. If you want to trust any certificate issued by a well known certification authority, add the following statement to the install media kits deploy\plugin_customization.ini file as below. Note: This instructs the media kit installer to verify trust in code signing certificates using the JRE CACERTS file, which contains the certificates for all well known roots. Using this setting will compromise the security of the installer, since anyone with a valid certificate can modify the code.
com.ibm.rcp.security.update/TRUST_CERTIFICATE_AUTHORITIES=true #(default is false)
The three settings that govern how the result of signature verification is interpreted are as below: v ALLOW -- Install the feature. v PROMPT -- Prompt the user and let them decide what to do. In the case of untrusted, the user can choose to start trusting the certificate by adding it to the keystore. Note that during Lotus Notes installation, PROMPT = DENY, because e installation program does not prompt the user for this information.
189
v DENY -- Dont ask the user and dont install the feature.
EXPIRED_SIGNATURE_POLICY
The EXPIRED_SIGNATURE_POLICY setting defines the default behavior when provisioning encounters a JAR file that is signed but the certificate used to sign the jar file has expired. The available values are PROMPT, ALLOW, and DENY. For the initial install, PROMPT=DENY because there is no user interface for this function. The PROMPT function is recognized by Notes upgrade. Note: For any install or upgrade performed using an install media kit, PROMPT=DENY. The following example allows JAR files with expired signatures to be installed or updated:
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=ALLOW
UNSIGNED_PLUGIN_POLICY
The UNSIGNED_PLUGIN_POLICY setting defines the default behavior when provisioning encounters an unsigned JAR file. The available values are PROMPT, ALLOW, and DENY. For the initial install, PROMPT=DENY because there is no user interface for this function. The PROMPT function is recognized by Notes install and upgrade. The following example allows unsigned JAR files to be installed or updated:
com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=ALLOW
UNTRUSTED_SIGNATURE_POLICY
The UNTRUSTED_SIGNATURE_POLICY setting defines default behavior when provisioning encounters a JAR file that has been properly signed, but no matching certificate exists in the keystore. The available values are PROMPT, ALLOW, and DENY. For media kit install and upgrade, PROMPT=DENY because there is no user interface for this function. The following example does not allow untrusted JAR files to be installed or updated. If the Notes installer encounters an untrusted signature during initial Notes install, it exits the install with an error.
com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=DENY
Using Domino policy to verify trust

Occasionally, during IBM(R) Lotus(R) Notes(R) install or update, a security problem is encountered for a feature or plug-in. Either a JAR file is unsigned, not signed with a trusted certificate, or the certificate has either expired or is not yet valid. You can establish a policy for never installing these plug-ins, always installing them, or asking users to decide at the time the plug-in is installed on their workstations. Note: If you are updating using the install media kit, IBM(R) Lotus(R) Domino(TM) policy takes precedent over settings that reside in the Notes install media kit deploy\plugincustomization.ini file. Domino policy does not affect the initial install. To configure a policy for signed Eclipse plug-ins, complete the following fields on the Domino Administrator client Signed Plugins tab. The options for each of the following fields are to ask the user, never install, or always install.
190
v Installation of plug-ins that are expired or not yet valid v Installation of unsigned plug-ins v Installation of plug-ins signed by an unrecognized entity
Installing and updating custom and third-party features and plug-ins

After you have created or obtained a new third-party or custom Eclipse-based feature and set of plug-ins, you have four ways to install it for your IBM(R) Lotus(R) Notes(R) users. v Using the supplied install manifest and update site during Notes installation and update You can customize the supplied Lotus Notes install media kit to add your own features and plug-ins to the install manifest and update site folder. This is ideal if the new feature is available when you are ready to install a Lotus Notes release and you want to install it when you install or upgrade to Lotus Notes. This applies to installation only. v Using a traditional third-party installer after Notes installation You create an install manifest and update site folder containing the feature and plug-in JAR files for the new feature. You can distribute the installer to deployers or users so that they can perform their own installation, or you can install Notes for them. This is ideal if you want to make a new feature available to users who already have Lotus Notes installed. v Enabling user-initiated update after Notes installation You can enable user-initiated update of certain features or composite applications. This is ideal if you want to make a new or updated feature available at an update site and allow users to fetch the feature from that site. This can be used in conjunction with an Eclipse update site or NSF-based update site. v Using a composite application and/or Notes update site database after Notes installation You can use composite applications alone or with an NSF-based update site to install or update custom or third-party features.
Creating features and plug-ins

Regardless of how you make third-party or custom Eclipse-based features and plug-ins available for Notes installation or update, you must first create or obtain the feature, create an install manifest to describe what is to be installed and place the new features and plug-in JAR files correctly in an update site directory along with a site index. Tools such as the IBM(R) Lotus(R) Expeditor integrated development environment (IDE) help automate the Eclipse feature development process for you. You should also specify feature and plug-in security settings for signing, and can specify additional information such as a list of valid sites from which to obtain install and update information, and some security settings, using a PLUGIN_CUSTOMIZATION.INI file.
Signing features and plug-ins

Prior to making a new third-party or custom Eclipse-based feature available for Lotus Notes installation or update, you must correctly sign the feature. Once signed, you must also include signing information in the PLUGIN_CUSTOMIZATION.INI file that accompanies the install manifest.
191
Installing a new feature using the Notes install manifest Enabling user-initiated update
To allow users to install or update custom or third-party Eclipse features and plug-ins into an existing IBM(R) Lotus(R) Notes(R) installation, you can enable display of the Eclipse update manager user interface. By default, the Eclipse update manager is not displayed. You can enable this user interface option using either an IBM(R) Lotus(R) Domino(TM) desktop policy or a PLUGIN_CUSTOMIZATION.INI file setting.
Enabling user-initiated update using a Domino desktop policy

You can enable users to manually install or update custom or third-party features from an update site by setting a Domino desktop policy, as described below. 1. Using the IBM(R) Lotus(R) Domino(TM) Administrator client, open the Desktop policy settings document. 2. On the Basics tab, locate the Provisioning section at the bottom of the document. 3. In the Allow user to do user initiated updates field, click Enable to allow user-initiated updates or Disable to prevent user-initiated updates. Once this setting is resident, users can access the Eclipse update manager from within Lotus Notes by clicking File - Application - Install. Information about using the update manager is available in the Notes help. This setting overrides the user-initiated update setting that may reside in the PLUGIN_CUSTOMIZATION.INI file.
Enabling user-initiated update using a plugin_customization.ini setting

You can enable user-initiated update in the plugin_customization file either before or after Notes install. To expose the Eclipse update manager in Lotus Notes, add the following line to the users PLUGIN_CUSTOMIZATION.INI file (<install_dir>/framework/rcp/ plugin_customization.ini) and then restart Notes.
com.ibm.notes.branding/enable.update.ui=true
Once this statement is resident, users can access the Update Manager from within Lotus Notes by clicking File - Application - Install. Information about using the update manager is available in the Notes help. This setting is overridden by Domino desktop policy. Note that if this setting is resident in the PLUGIN_CUSTOMIZATION.INI file in the Lotus Notes install media kit (deploy\plugin_customization.ini) when Lotus Notes is installed, the preference will be available automatically to the Lotus Notes user.
Creating and using a traditional third-party installer

Using the underlying Lotus(R) Expeditor platform, developers, assemblers, and deployers can create, assemble, and then deploy custom and third-party features to the IBM(R) Lotus(R) Notes(R) runtime to add new features after Lotus Notes has been installed.
192
While this process describes how to customize the install manifest and update site to prepare to install Lotus Notes, the information can be useful as you create the third-party installer and install custom or third-party features into an existing Notes runtime.
Assumptions and prerequisites

Assumptions and prerequisites are as follows: v A team consisting of a developer, assembler, and deployer has created a new Eclipse feature or feature set. The team is preparing to create a third-party installer that will deploy that feature or feature set into an existing Notes 8 runtime. v You have a working knowledge of Eclipse feature development and deployment practices, including file and format conventions. v You have a general knowledge of Lotus Expeditor development and deployment practices. v Lotus Notes 8 is already installed on the platform-supported clients to be provisioned. v The feature or feature set to be installed adheres to the standard Eclipse file and directory structures for the deploy directory which contains the install manifest INSTALL.XML and PLUGIN_CUSTOMIZATION.INI files. v The feature or feature set to be installed adheres to the standard Eclipse file and directory structures for the update site directory containing the features and plugins subdirectories and the site index SITE.XML file. v You have signed all JAR files in the Eclipse update site. v The choice of single user or multi-user install has been decided.
Process overview
This procedure uses a combination of existing Lotus Expeditor and Lotus Notes documentation to describe the process for creating a third-party installer. Each step may contain one or more links to topics in which you will find information about how to complete the step. The overview steps for creating and deploying a traditional third-party installer within the context of Lotus Expeditor and Lotus Notes 8 are: 1. Create the new feature using the Expeditor integrate development environment (IDE). This tool creates the Eclipse update site, including the updateSite\features subdirectory contents, updateSite\plugins subdirectory contents, and updateSite\site.xml index file. Although you can create the feature or feature set using any Eclipse tools, the Expeditor IDE helps prepare the update site for you. 2. Sign the JAR files in the update site. 3. Create the install manifest file in the deploy directory, deploy\install.xml. 4. Determine where the Notes 8 <install_dir> \framework is located on the target system. For example, the Notes 8 <install_dir>framework directory may be Programs and Files\IBM\Lotus\Notes\data\framework. 5. Create a new PLUGIN_CUSTOMIZATION.INI file in the deploy directory, deploy\plugin_customization.ini. Read the existing PLUGIN_CUSTOMIZATION.INI on the target system to help determine what preferences to add to your new installers PLUGIN_CUSTOMIZATION.INI file.
193
6. Merge your new PLUGIN_CUSTOMIZATION.INI file with the installed PLUGIN_CUSTOMIZATION.INI on the target client. 7. Start Lotus Notes 8. 8. Process your install manifest, deploy\install.xml, to install the new feature or feature set to the existing Notes 8 runtime on the target system. You can do this using the rcplauncher tool or you can bundle the new installer in a media kit. The steps above are explained below and, where possible, contain links to explanatory help. 1. Create the feature, for example, using the Lotus(R) Expeditor integrated development environment (IDE). For more information, see the following resources: v Developing applications: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.appdev/designingapps_main.html v Using the Lotus Expeditor Toolkit environment with Lotus Notes 8: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.appdev/intro_xpdtkenvlotusnotes.html v Packaging applications for deployment: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/Deployingapplications.html 2. Create or confirm the features and plug-ins content in the update site. If you used the Expeditor IDE, the features and plugins subdirectories and their JAR file contents should already exist. 3. Create or confirm the SITE.XML index in the update site. If you used the Expeditor IDE, the SITE.XML index should already exist. 4. Sign the feature and plug-in JAR files in the update site. 5. Create a PLUGIN_CUSTOMIZATION.INI file and add any additional settings that you need. For example, you might specify the name of a default update server. Ensure that this file resides in your deploy directory, deploy\plugin_customization.ini. Note: Your third-party installer should merge its PLUGIN_CUSTOMIZATION.INI file with the PLUGIN_CUSTOMIZATION.INI file resident on the target client (<install_dir\framework\plugin_customization.ini). You can use the site registry to determine where Lotus Notes 8 is installed on the target client. To do so, click Start - Run - regedit and then click Software - Lotus - Notes - 8.0. The DataPath value states where Lotus Notes 8 is installed. 6. Create and validate the install manifest INSTALL.XML to be used during third-party install. Ensure that this file resides in your deploy directory, deploy\install.xml. The install manifest describes what to install, update, or remove. For more information, see the following resources: v Assembling and Deploying Lotus Expeditor Applications: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/cutlassassemblinganddeploying.html v Using the provisioning manifest: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/provisioningmanifest_using.html v Provisioning manifest DTD:
194
http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/manifestDTD.html 7. Perform a Merge Manifest operation. For more information, see the following resources: v Deploying features to the platform: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/Deployingfeaturestotheplatform.html v Understanding the merge processing for the provisioning manifest: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/ provisioningmanifest_understandingmerging.html Note: Scenario 5 and 6 are the most applicable for Lotus Notes 8. 8. Determine where the Lotus Notes 8 runtime is located on the target system and start Lotus Notes 8. Note: Before you can install, you must know where the Lotus Notes 8 platform resides on the target system. Use the site registry to determine where Lotus Notes 8 is installed on the target client. Click Start - Run - regedit and then click Software - Lotus - Notes - 8.0. The DataPath value states where Lotus Notes 8 is installed. 9. Deploy the new features to the Lotus Notes 8 runtime and launch provisioning. You can use the rcplauncher command to process the install manifest and initiate install. You can also optionally package the third-party installer in an installation media kit and initiate installation from that media kit. For more information, see the following resources: v Using the Provisioning application: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/provisioningappsyntax.html Note: Lotus Expeditor does not currently display a progress bar during install. v Managing using another management system: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/ managingusinganothermanagementsystem.html v Using the Provisioning application when the platform is already running: http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/provisioningappwithDCommands.html 10. Test and distribute the third-party installer as needed.
Lotus Expeditor documentation references

You may find the following Expeditor topics helpful as you begin to create third-party installers. v Using the provisioning manifest This describes how to find the Expeditor installation in the registry/etc directory or home directory property files. http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/provisioningmanifest_using.html v Understanding the merge process for the provisioning manifest and provisioning manifest DTD
195
These describe how to create the appropriate manifests to install/remove/ update features. http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/provisioningmanifest_understandingmerging.html and http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/manifestDTD.html v Using the provisioning application This describes how to install and uninstall features in Expeditor. http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/provisioningappsyntax.html v Using the provisioning application with Dcommands This describes how to launch the platform provisioning application using Dcommands regardless of whether the platform is currently running. http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/ com.ibm.rcp.tools.doc.admin/ provisioningappusingProvisioninginterfaces_usingProappD.html
Creating and using an NSF-based update site

You can use an NSF-based update site to install and update custom or third-party Eclipse features into an existing IBM(R) Lotus(R) Notes(R) 8 installation. The UPDATESITE.NTF template is part of the Lotus Notes 8 and IBM(R) Lotus(R) Domino(TM) 8 installation. Use this template to create an NSF-based update site to act as an Eclipse update site hosted in a Lotus Notes application. The NSF-based update site dynamically provides the SITE.XML, features, and plug-ins. You can use the UPDATESITE.NTF template as the basis for your own NSF-based update site by creating an update site application, for example UPDATESITE.NSF, as seen in the following menu sequence: 1. Click File - Application - New menu. 2. Click Show advanced Templates and specify the Eclipse Update Site (8) template (UPDATESITE.NTF) as the template. Note: You can name the NSF-based update site any name you choose; however, you must use Eclipse Update Site (8) (UPDATESITE.NTF) as the template. When you first open the NSF-based update site, for example, UPDATESITE.NSF, there are three main action buttons available. These import actions are not mutually exclusive. For example, an administrator might initially import an entire Eclipse update site and later choose to import specific additional or updated features. In the same manner, the administrator may later choose to import an additional NSF-based update site. Note that once the NSF-based update site contains content, a fourth button is also available, enabling you to specify the NSF-based update site as the location from which to obtain feature updates.
196
Action Buttons Import Local Update Site
Description Use this action to import the contents of a local Eclipse update site, containing a complete features subdirectory, plugins subdirectory, and SITE.XML file into the active NSF-based update site. You can import one or more Eclipse update sites into a single, consolidated NSF-based update site. For example, if you have three separate Eclipse update sites, you do not need to create three individual NSF-based update sites. While that is an option, organizationally it might be easier to simply consolidate them into a single one. Use this action to import individual features into the NSF-based update site instead of importing a complete Eclipse update site. There are two typical scenarios for using this action: v A developer creates new features. Instead of exporting an entire update site, the developer exports only the particular feature hes working on and imports those features into the NSF-based update site. In this scenario case, the NSF-based update site would only contain that particular feature (and whatever plug-ins are associated with that particular feature). v An administrator who previously imported a complete Eclipse update site (using the Import Local Update Site action), later receives updated features. The administrator can then import these individual features into his existing, and already populated, NSF-based update site. If the features he imports already exist, the features are either updated in the database (if the feature name and version is the same) or added as a new feature (if the feature name and version is different or doesnt yet exist).
Import Features
Import Database
Use this action to import an existing NSF-based update site into the active NSF-based update site. This is similar to importing Eclipse update sites, except that the contents are imported from an existing NSF-based update site. For example, an administrator may have an existing NSF-based update site (for example, UPDATESITE.NSF). A developer may provide him with another (probably smaller) NSF-based update site (for example, UPDATESITEABX.NSF). The administrator can import the entire NSF-based update site into his active NSF-based update site, effectively merging the content of both into a single NSF-based update site.
197
Action Buttons Update URL references
Description Note: This action is available in NSF-based update sites that contain features and plug-ins. Use this action to specify that Eclipse features and plug-ins are updated from the active NSF-based update site. Imported features and plug-ins may contain a specified update site URL, from which updates are to be obtained. As an administrator, you can determine that updates come from your NSF-based update site, rather than a source URL that may, for example, be outside your organizations control. You can specify an NSF-based update site as the site from which to obtain updates. Specify the URL of the Domino server hosting the active NSF-based update site. Example syntax is provided in the dialog box.
For additional information about NSF-based update sites, see the composite applications blog at IBM developerWorks, for example, the NSF-based update site posting at http://www-03.ibm.com/developerworks/blogs/page/ CompApps?entry=nsf_based_update_sites and the site index at http://www.ibm.com/developerworks/blogs/page/ CompApps?entry=blog_sitemap.
Configuring component update for composite applications

Composite application update, supported by IBM(R) Lotus(R) Notes(R), IBM(R) Lotus(R) Domino(TM) and IBM(R) WebSphere(R) Portal, is available in this Lotus Notes release. Composite applications and associated Eclipse-based features can be updated when a user opens an application. Composite applications can update composite application definitions. Certain Eclipse features can be updated by provisioning. A composite application definition can reference one or more Eclipse features as application requirements. Each requirement can specify a particular update site from which it will be provisioned. You can use composite applications to install or update custom or third-party features in Notes, as described here. You can also use the Eclipse update manager, if exposed in Notes, to install or update custom or third-party features in Notes. When a user opens a composite application or when a composite application update operation occurs, if the application definition has changed, an update operation is run to provision both newly specified features as well as existing features that have newer available versions. The feature requirement update site setting can specify a Domino server (or local NSF replica) or a Portal server (or any HTTP server). Update site URL examples for each server are as follows: v The Domino server supports feature provisioning over the NRPC protocol. Domino server NRPC://<server-hint-or-host>/<replica-id>/site.xml -> NRPC:// updates.ibm.com/__85257258006000A1/site.xml Local replica ID
198
NRPC:///__85257258006000A1/site.xml Note: Note the use of the double underscore and replica ID in the NRPC protocol. v The Domino server optionally supports feature provisioning over the HTTP/HTTPS protocols.
http://updates.ibm.com/updatesite.nsf/site.xml
Eclipse update sites in conjunction with Domino NSFs allow for such usage scenarios as the following: Host the NSF-based update site, for example UPDATESITE.NSF, on a Domino Web server. Supply an NSF-based update site, for example UPDATESITE.NSF, to others, in which others can merge this NSF-based update site into their own. Supply individual features and plug-ins to others for their own use in their own composite applications. Create custom features and plug-ins with the additional capability to create a new NSF-based update site, for example UPDATESITE.NSF, and import these features and plug-ins. v The Eclipse update site server (HTTP server) supports feature provisioning over the HTTP/HTTPS protocols.
http://updates.ibm.com/updatesite/site.xml
Domino Update Site NSFs

Domino provides the capability to put an Eclipse update site inside an NSF database. An update site is typically a separate database that doesnt contain composite applications. However, since any Lotus Notes application NSF can contain a composite application, an update site NSF may contain a composite application. For example, a third-party could deliver a composite application and an update site, with the former pointing to the latter. Or an administrator could put the composite application in an update site NSF and make it available to users that way. You can import Eclipse update sites into an NF-based update site application as described below.
Creating and preparing the NSF-based update site

1. Create an NSF-based update site, for example UPDATESITE.NSF, using the File - Application - New menu sequence and the Eclipse Update Site (8) template (UPDATESITE.NTF) installed with the Domino server. Note: To see the Eclipse Update Site (8) template (UPDATESITE.NTF), click Show Advanced Properties in the new Application dialog box. The NSF-based update site acts as an Eclipse update site hosted in a Lotus Notes application on a Domino server. It dynamically provides the SITE.XML, features, and plug-ins. 2. Open the NSF-based update site. 3. Click the Import Local Update Site... action button. 4. From the resultant explanatory panel, use the Browse button to navigate to the Eclipse update site. 5. Select the SITE.XML file. 6. Click Open.
199
An Importing update site progress bar appears.
Editing a Composite Applications feature requirements update site URL

There are two methods you can use to edit a composite applications feature requirements update site URL: A. Recommended method: Using the Composite Applications Editor to specify an update site for feature requirements The preferred way to edit the update site URL for a feature requirement is through the use of the Composite Application Editor (CAE) as described in the following steps: 1. In Lotus Notes, open the composite application. 2. Click Actions > Edit Application... . The Composite Applications Editor (CAE) opens in a new window. 3. From the resultant component list, right-click the desired component and select Edit Component Properties. 4. Click Advanced. A list of properties appears. 5. Select the property for the desired feature, for example url.Feature_NN, and click Edit. Alternatively, click Add and enter the name and the value. 6. Click OK to exit Advanced. 7. Click OK to exit the Properties pane. 8. Click Done to close and save the changes. 9. The modified CA XML is re-read and processed. B. Alternate method: Configuring a composite application to specify an update site Use this process to define update sites for the contents of a particular composite application NSF. 1. The administrator obtains a composite application NSF, for example MyCompAppabx.nsf. 2. Accompanying the composite application NSF, the administrator obtains an update site folder, which contains a \features and \plugins subdirectory, as well as a SITE.XML file. The SITE.XML file lists features contained within the update site folder. 3. The administrator modifies the composite applications XML to point to a specific Domino update site. a. Open a composite application, for example MyCompAppabx.nsf, in Domino Designer on the Domino server. As the application is opening, do not click Cancel. Accept any security screen prompts. b. Click Composite Application - Application in the left pane navigator. c. Click the composite application name in the list and then click the Export tab. This action outputs to an xml file of the same name, for example MyCompAppabx.xml. Leave the composite application open.
200
d. Open the XML file created in the previous step. e. Modify each url.feature value to point to the needed Domino update site. For example, for each <preference name=url.feature> entry, where url.feature is the placeholder for the update site URL and the specific feature name, point to the needed Domino update site. The following format uses an NRPC protocol: NRPC://<server>/__<replicationID>/site.xml The following format uses an HTTP protocol: http://<server>/updatesite.nsf/site.xml 4. Save and close the XML file. 5. In Domino Designer and within the open composite application, click the composite application name in the list, click the Refresh tab, and select the modified composite application XML file. 6. Open the NSF-based update site application, for example UPDATESITE.NSF, and import the SITE.XML file from the local update site folder that accompanies this composite application. Note: A user can open the composite application using a Lotus Notes database link, bookmark, or File - Application - Open (or Ctrl-O) on the server to initiate update.
Retrieving composite application definitions (CA XML) from Domino

The NRPC URL format for retrieving composite application updates is as below:
NRPC://<Server-hint-or-host>/<replica-id>/composite.xml?<param>=<value>
Where: Server-hint-or-host = DNS host name, IP address, or server name replica-id of the database on the target server param = <name|unid> Name = String to be used to lookup CA design element in view -- Look up first as a name and if not found, then as an alias. UNID = UNID of the composite application design note For example:
NRPC://abx_tc.upcdev.ibm.com/__8525634000734621/composite.xml?name=Hannover
WebSphere Portal and Composite Applications

WebSphere Portal composite application update is made available to the Lotus Notes user through the Home Portal Account setting in Lotus Notes, as determined by the Domino administrator. In addition, the administrator must also have installed the WebSphere Portal composite application support for Lotus Notes on the same WebSphere Portal server to which the users Home Portal Account points. WebSphere Portal composite application update pertains most applicably to the Lotus Notes user who is working with composite applications that contain Web projections.
201
Resources for learning more about composite applications

The following reference information is available for learning more about configuring and using composite applications. v For information and examples describing how to create and deploy composite applications in the Notes context, such as composite applications tutorials, see IBM developerWorks at http://www.ibm.com/developerworks, including the composite applications blog at http://www.ibm.com/developerworks/blogs/ page/CompApps. You can use the following site map to find information about a specific topic: http://www.ibm.com/developerworks/blogs/page/ CompApps?entry=blog_sitemap v For overview information about composite applications, see About composite applications. v For information about developing and deploying NSF-based composite applications, see Domino Designer 8 Help at http://www.lotus.com/doc and the IBM developerWorks composite applications blog at http://www.ibm.com/ developerworks/blogs/page/CompApps . v For information about creating a composite application to run in the IBM(R) Websphere(R) Portal environment, see the IBM WebSphere Portal Information Center at http://www.ibm.com/developerworks/websphere/zones/portal/ proddoc.html. v For information about NSF-based update sites, see Creating and using an NSF-based update site and the NSF based Update Sites blog entry at http://www-03.ibm.com/developerworks/blogs/page/ CompApps?entry=nsf_based_update_sites. v For information about using composite applications, see the Notes help for these Help categories: Portal Applications Catalog Composite Applications Editor Portal Template Library Domino Designer Property Broker v For information about the WebSphere Portal composite application support for Lotus Notes, see Installing the WebSphere Portal composite application support for Lotus Notes. v For information about configuring the home portal account to enable users to open and use composite applications that contain portlets, see Specifying the home portal account using policy and Specifying the home portal account using preferences.
202

For the most up-to-date information about upgrading IBM(R) Lotus(R) Notes(R) clients, see the installation guide available with this release, the upgrade information available at http://www.redbooks.ibm.com and the Release Notes, for topics pertaining to installing and upgrading the Notes client. Lotus Notes supports the following options for upgrading Notes clients: v Upgrade-by-mail v Lotus Notes Smart Upgrade Run-As Wizard v Lotus Notes Smart Upgrade v Administrative installation You also have the option of using third-party tools for upgrading the Notes client. Upgrade-by-mail is an e-mail notification system that notifies users to upgrade their Notes clients and mail file templates to the Notes/Domino design. Upgrade-by-mail requires that you copy all installation files to a network file server or a shared directory that users can access. In the upgrade notification, you specify the path to SETUP.EXE. The notification message includes buttons that users click to launch the Lotus Notes installation program and to replace the design of their Notes mail file. For Microsoft(R) Windows(R) users, you can also upgrade an Lotus Notes 6.5.x and 7.x installation to Lotus Notes using the Lotus Notes installation program in the install media kit. If the IBM(R) Lotus(R) Domino(TM) Administrator client and/or IBM(R) Lotus(R) Domino(TM) Designer client are resident, they can also be upgraded using the Lotus Notes Allclient installation media kit. Note: Upgrade-by-mail is not available for IBM(R) Lotus(R) Domino(TM) Web Access (iNotes Web Access) users. Upgrade-by-mail applies only to Notes client users. (http://www.lotus.com/ldd/smartupgrade). The Smart Upgrade Run-As wizard (SUSETRUNASWIZARD.EXE) creates an executable file (SURUNAS.EXE) that Notes client users can then run to upgrade their Notes clients. Notes client users can use the Smart Upgrade Run-As (SURunas) feature to upgrade to a newer Notes client release. Smart Upgrade Run-As is designed for Notes client users who do not have administrator privileges but who still need to periodically update their Notes client software. Notes client users with administrator privileges on their local computer can still use Smart Upgrade. Like Upgrade-by-mail, Lotus Notes Smart Upgrade sends a notification to users to upgrade their Notes clients. Lotus Notes Smart Upgrade lets you set a grace period during which users must upgrade their clients. When you upgrade from Lotus Notes 6 to later releases, use Lotus Notes Smart Upgrade. Lotus Notes Smart Upgrade works with the Lotus Notes update kits or incremental installers that you download from the Lotus Developer Domain.
203
Administrative installation is a feature of the Microsoft Windows Installer that copies the installation kit to a file server that users access through a network connection. Users launch the installation program from the file server to install Lotus Notes locally on their client machines. You can use administrative installation to copy the installation files to a network file server, then use Upgrade-by-mail or Lotus Notes Smart Upgrade to notify users. The following table compares the Upgrade-by-mail, Lotus Smart Upgrade Run-As wizard, Lotus Notes Smart Upgrade, and administrative installation.
Option Upgrade-by-mail Advantages v Upgrades Notes 6 and Notes 7 clients and mail file templates Disadvantages v Administrator cannot determine when upgrades occur
IBM Lotus Smart Upgrade Run-As Wizard Lotus Notes Smart Upgrade v Establishes a grace period in which users must upgrade their clients v Can be used only with Lotus Notes 6 and later releases
Administrative installation
v Uses the command line v Requires the Microsoft(R) option /A to create an Windows(R) Installer administrative image of the service, which is part of Lotus Notes installation on the Windows operating a network file server systems. v Can be customized with transforms to create a silent, automated installation, a shared installation, and so on
All the upgrade options require users to have a network connection. For mobile users, users with low bandwidth connection or no connection, these options may not apply. To upgrade these users, you could send Lotus Notes CDs to them.
Before you upgrade the Notes client

Before you begin upgrading IBM(R) Lotus(R) Notes(R) clients, make sure that you or your users do the following: v If the computer on which you are upgrading runs anti-virus software, close the application. v To successfully install, upgrade, and use Lotus Notes, users must be allowed both Write and Modify permissions to the Program directory, Data directory, and all associated subdirectories. v If you are upgrading Lotus Notes on a Microsoft(R) Windows(R) system, you must have administrator rights to the system. Log in as an administrator or set administrator-level privileges for All Users. This can be done from the command line. v You need administrative or root access rights to install Lotus Notes. For cases in which administrative rights are not available, enable the setting Always install with elevated privileges. The setting Always install with elevated privileges is a Windows setting that is part of Windows User Policies.
204
Refer to your Microsoft Windows documentation for details. Refer to the Release Notes for the most current information on permissions required when installing as a non-administrator. v Options for installing the Lotus Notes client on Restricted or Standard/Power User computers are described in the Microsoft Windows Installer documentation. v Review options for customizing the Notes client installation and set up. v (Optional) Use the People - by Client Version view in the Domino Directory to quickly determine the Notes client version in use in your domains.
Using Upgrade-by-mail
Upgrade-by-mail is a feature that sends an e-mail notification to specified users to upgrade their IBM(R) Lotus(R) Notes(R) clients and optionally, their mail file templates. You can also use Upgrade-by-mail to notify users that their mail files have been migrated to Notes mail. Note: Upgrade-by-mail is not available for IBM(R) Lotus(R) Domino(TM) Web Access (iNotes Web Access) users. Upgrade-by-mail applies only to Notes client users. The upgrade notification contains two buttons that users click to upgrade their clients and mail files. The Install Notes button launches a Notes client installation program from a directory on a network drive to which users have access. The Upgrade Mail File button replaces the users current mail template with a locally stored Notes/Domino mail template or another specified template, such as a customized mail template. Users must upgrade their Notes clients to install the Notes/Domino mail file template locally, before they upgrade their mail files. Using the Upgrade Mail File button is optional. You must complete the Mail Template Information section in the upgrade-by-mail notification to enable the Upgrade Mail File button. If you do not complete this section, Upgrade-by-mail does not display the button on the e-mail notification.
Before you use Upgrade-by-mail

Before you begin, complete the following tasks: v Back up Notes client files. v Create an installation directory on an IBM(R) Lotus(R) Domino(TM) server or a file server to which all users have network access, then copy all Notes installation directories and files to this folder. Note: To use Upgrade-by-mail to upgrade mail file templates, users must have at least Designer access to their mail databases. If users do not have this level of access, use the mail conversion utility to update mail file templates.
Backing up Notes client files

Back up important IBM(R) Lotus(R) Notes(R) client files in case an error occurs during the upgrade process. If you experience problems, you can restore these files with the backed-up versions. Back up the Notes data directory on your server (for example, the data directory may be C:\Program Files\IBM\Lotus\Notes\data). This directory includes ID files, LOG.NSF, NAMES.NSF, MAIL.BOX, and any other Public Address Books or Domino Directories located on the server. Back up the following files for each Notes client.
205
Note: Depending on how Lotus Notes was installed, the default directories will vary and are thus not listed in the following table. For the Notes version of these listed files, search the Notes <install directory> hierarchy for the file names.
File NOTES.INI Default Location For Notes 5 users, Notes data directory. c:\notes\data. For Notes 6 and 7 users, C:\Program Files\lotus\notes\data. Notes data directory. Contains saved bookmark and Welcome page information. In Notes 5, c:\notes\data\bookmark.nsf. In Notes 6 and 7, C:\Program Files\lotus\notes\data\bookmark.nsf. Notes data directory. Contains local free time information. In Notes 5, c:\notes\data\busytime.nsf. In Notes 6 and 7, C:\Program Files\lotus\notes\data\ busytime.nsf. Notes data directory. Contains database subscriptions information. In Notes 5, c:\notes\data\headline.nsf. In Notes 6 and 7, C:\Program Files\lotus\notes\data\ busytime.nsf. Notes Program directory Users MyDocuments folder, for example, C:\Documents and Settings\ User\MyDocuments\LotusInstall.Log. Notes data directory. In Notes 5, c:\notes\data. In Notes 6 and 7, C:\Program Files\lotus\notes\data. Notes data directory. In Notes 5, c:\notes\data. In Notes 6 and 7, C:\Program Files\lotus\notes\data. Notes data directory. Personal Web Navigator database that contains the users Web browser information, for example, c:\notes\data\perweb.nsf Notes data directory. In Notes 5 c:\notes\data. In Notes 6 and 7, C:\Program Files\lotus\notes\data. Notes data directory. In Notes 5, c:\notes\data. In Notes 6 and 7, C:\Program Files\lotus\notes\data. Notes data directory. c:\notes\data. In Notes 6 and 7, C:\Program Files\lotus\notes\data. Notes data directory. In Notes 5, c:\notes\data. In Notes 6 and 7, C:\Program Files\lotus\notes\data. Notes data directory. In Notes 5, c:\notes\data. In Notes 6 and 7, C:\Program Files\lotus\notes\data.
BOOKMARK.NSF
BUSYTIME.NSF
HEADLINE.NSF
INSTALL.LOG LOTUSINSTALL.LOG
DESKTOP5.DSK (Notes 5) DESKTOP6.NDK (Notes 6) Personal Address Book (NAMES.NSF by default) PERWEB.NSF
User ID files (for example, JSMITH.ID)
Local databases (NSF)
Local database directory links (DIR) Any customized Notes database templates (NTF) USER.DIC (Personal dictionary entries for spelling checker)
206
Creating the upgrade notification for Upgrade-by-mail

The following procedure describes how to upgrade IBM(R) Lotus(R) Notes(R). 1. In the IBM(R) Lotus(R) Domino(TM) Administrator, select the server bookmarks, then select the server on which your users mail files reside. 2. Click the Messaging tab. 3. Open the Mail users view, select the users whom you want to upgrade, and then click Send Upgrade Notifications. 4. On the Basics tab, select the Upgrade Notes Client & Mail Template to Notes 6 or higher option. 5. On the Client Versions tab, enter a build number to prevent upgrades of Notes clients running the specified build or a later build. By default, the build number is determined by the @Version function. 6. On the Software Distributions tab, in the Notes Install Kit Paths section, enter the directory path in the Root path for Install kits field using the following format:
\\server_name\shared_drive_name\installation_folder_name
7. In the Path for Windows and Path for Macintosh PPC fields, enter the file path to the installation file following the format above, but include SETUP.EXE in the path. 8. If you want users to upgrade their mail file templates, complete the Mail Template Information section. Enter the template name of the existing mail files. The default field value is a wild card character (*). Note: Complete the Mail Template Information section to include an Upgrade Mail button in the upgrade notification sent to users. By default the new mail template name appears in the New Mail template file name field. If you renamed the template or used a custom mail template, enter the new name. Note that the new template must exist in your users Notes data directory. By default the Ignore 200 category limit check box is selected. This option overrides a default that limits the creation of folders in a database to 200 folders. If you want no more than 200 folders created, deselect the check box. If you are upgrading IMAP clients, select the Mail file to be used by IMAP mail clients check box. (Optional) If you want to automatically upgrade custom folders to the Inbox design, select the Upgrade custom folders check box. (Optional) To prompt the user before upgrading custom folders, select the Prompt before upgrading custom folders check box. (Optional) If you want to provide additional information to your users, complete the Additional Information field.
9.
10.
11. 12. 13. 14.
15. (Optional) Select whether or not to be notified after users have upgraded their mail file templates. 16. Click Send when done.
Installing the Lotus Notes software with Upgrade-by-mail

The upgrade notification includes two buttons. The Install Notes button runs the IBM(R) Lotus(R) Notes(R) client installation program. The following procedure is intended for Notes client users. 1. Click the Install Notes button. 2. Follow the prompts on the Setup screens to properly install the software.
207
3. Start Notes. Notes sets up and upgrades the software automatically if you install Lotus Notes in the same directory as the previous release of Lotus Notes. If you install the Lotus Notes software in a different directory, Lotus Notes prompts you to complete the configuration process. If you install Lotus Notes in a different directory, be aware that the Setup installation program places the NOTES.INI file in the Notes program directory.
Upgrading the mail file template with Upgrade-by-mail

After users install IBM(R) Lotus(R) Notes(R), they must return to the upgrade notification to upgrade the mail file template. 1. Click Upgrade Mail File. 2. When prompted for a password, enter your Notes password. 3. Lotus Notes upgrades the template automatically.
Using Notes Smart Upgrade

IBM(R) Lotus(R) Notes(R) Smart Upgrade notifies users to update their Notes 6 and later clients to later releases. Lotus Notes Smart Upgrade uses policy and settings documents to help manage updates. You create policy documents in the IBM(R) Lotus(R) Domino(TM) Directory to distribute standard settings and configurations across groups, departments, or entire organizations. Microsoft(R) Windows(R) users can upgrade Lotus Notes 6.5.x and 7.x to Lotus Notes 8 during install.
Prerequisites
To use Smart Upgrade as a means of upgrading Notes clients, you must meet the following prerequisites: v Notes Client already installed. v Connectivity to a Domino server. v Smart Upgrade database created, configured, deployed and enabled. v The users Location documents must specify the correct home server on the Servers tab of the document. If the wrong home server is specified, then Smart Upgrade does not begin the upgrade process.
Procedure
To use Lotus Notes Smart Upgrade, follow this procedure: 1. Create a database using the Smart Upgrade Kits template to host Notes client update kits. 2. Update the Configurations Settings document in the Domino Directory with a link to the Lotus Notes Smart Upgrade database. Dominos intelligent locator uses the replica ID of the Smart Upgrade database in the database link and does the following in this order 1.) looks for a local replica of that database, and if found, uses it. 2.) Looks for a replica of that database on any cluster mates if the server is in a cluster, and if found, uses it. 3) uses the database on the server specified in the database link in the Server Configuration document. 3. Download an update kit, also known as an incremental installer, from the Lotus Developer Domain Web site (http://www.lotus.com/ldd/smartupgrade).
208
4. Create a Kit document in the Lotus Notes Smart Upgrade database and attach a Notes client kit or an All Client kit to the Kit document, or designate a shared network drive in the Kit document. 5. Create or modify a desktop policy settings document where you specify the updated release to deploy and the date on which the grace period for updating a Notes client ends. 6. Create or modify a master policy to assign users or groups to the desktop policy settings document. 7. Depending on the master policy created, edit Person documents to assign users to the master policy and/or set the Lotus Notes Smart Upgrade desktop policy settings document for one or more groups. Note: In IBM Lotus Notes Domino 7.0 and later, the Smart Upgrade kits are available in English and other languages (for language packs).
Smart Upgrade server failover to another clustered server

Smart Upgrade server failover is available with clustered servers. To use this feature, paste the database link for the Smart Upgrade database into a Configuration Settings document on a clustered server. When the IBM(R) Lotus(R) Notes(R) client user logs on, the users home servers Configuration Settings document is checked to access the link to the Smart Upgrade database. Smart Upgrade then checks that server for the database link to the Smart Upgrade database. If the server containing the Smart Upgrade database is available, it uses that Smart Upgrade database. If the server containing the Smart Upgrade database is not available, Smart Upgrade searches, by database replica ID and database name, for a replica server within the cluster and tries to open the database on a replica server. If it locates and opens the database, that Smart Upgrade database on that replica server is used. When a Notes client user receives the Smart Upgrade prompt and clicks OK to initiate the upgrade, the name of the server containing the Smart Upgrade database and its Replica ID are written to the NOTES.INI settings SmartUpgradeDBpath={server name}!!{database file name} and SmartUpgradeReplicID=xxxxxxx. Smart Upgrade looks for the users home mail server. If the users home mail server is not accessible, Smart Upgrade uses the previously-saved NOTES.INI variable SmartUpgradeReplicID= and path to search for the replicated Smart Upgrade database within the clustered servers. If the users home mail server is accessible, the Smart Upgrade database on that server is used. If all attempts to run the Smart Upgrade fail, the user receives a message indicating that no Smart Upgrade database is available.
Creating a Lotus Notes Smart Upgrade database

Use the Smart Upgrade Kits template (SMUPGRADE.NTF) to create the IBM(R) Lotus(R) Notes(R) Smart Upgrade database that will store the upgrade kits. The database must reside on at least one server in the domain. After the Smart Upgrade database is added to the database catalog, other servers can locate the database. If you replicate the Smart Upgrade database to other servers in the domain, users will have more choices in the database catalog and possibly fewer network problems accessing the update kits. 1. In the IBM(R) Lotus(R) Domino(TM) Administrator client, choose File Application - New. 2. In the New Application dialog box, enter the server name and database title.
209
3. Enter a file name in the File Name field. 4. Click Template Server, and then choose the server on which the database will reside. 5. Select the Show advanced templates check box. 6. Select Smart Upgrade Kits from the box of template names, then click OK. 7. After you create the Smart Upgrade database, create a database link in your Configuration Settings document in the Domino Directory.
Smart Upgrade Tracking Reports database

The Smart Upgrade Tracking Reports database is a repository for storing Smart Upgrade Tracking Reports that contain detail information about the status of all attempts to run Smart Upgrade on IBM(R) Lotus(R) Notes(R) clients in a domain. Use the Smart Upgrade Tracking Reports database to determine whether the Notes clients are upgrading successfully when using Smart Upgrade, or to determine which users are experiencing problems. If there are instances where Smart Upgrade fails, use the information in the report to assist in determining the problem without having to visit the users desktop. You can also use the reports to determine whether there is a repeating problem on multiple clients which could be related to the configuration of the Smart Upgrade database containing the kit information. During the server setup of a domains first server, IBM(R) Lotus(R) Domino(TM) creates a mail-in database named Lotus Notes/Domino Smart Upgrade Tracking Reports database (LNDSUTR.NSF) using the database template LNDSUTR.NTF. Domino also creates the corresponding mail-in database document for the Smart Upgrade Tracking Reports database. Notes automatically creates Smart Upgrade Tracking reports each time Smart Upgrade runs on a client in your domain. Reports of successful upgrades are sent to the Smart Upgrade Tracking Reports database the first time the Notes client is started after the successful upgrade. Reports of unsuccessful upgrades are sent immediately after the upgrade fails or cancels. If you prefer, you can manually set up the Smart Upgrade Tracking Reports database by using LNDSUTR.NTF, and you can then create the corresponding mail-in database document. Enable Smart Upgrade Tracking on the desktop policy settings documents Smart Upgrade tab. The Notes client then uses the information that you enter there to mail a Smart Upgrade Tracking Report each time Smart Upgrade is run on Notes clients in your domain. You can view reported information by Status, that is, sorted according to whether the Smart Upgrade succeeded, failed, or was canceled. You can also view reports by date, by Notes/Domino version, by operating system version, or by user.
Using Smart Upgrade Tracking after upgrading to this Domino release

If you upgrade to this Domino release and you have not set up or used Smart Upgrade Tracking in the past, you need to manually create the Smart Upgrade Tracking Reports database and the mail-in database document. You then need to modify the desktop policy settings document to enable Smart Upgrade Tracking for the users whose upgrades you want to track. For instructions about creating the mail-in database document, see the topic Creating a Mail-In Database document for a new database in the Domino Administrator documentation.
210
Creating a Smart Upgrade Tracking Reports database

Use this procedure to manually create the Smart Upgrade Tracking Reports database. 1. From the IBM(R) Lotus(R) Domino(TM) Administrator client, choose File Application - New. 2. In the New Application dialog box, specify the server name and database title. 3. Enter a file name in the File Name field. 4. Click Template Server, and then choose the server on which the database will reside. 5. Select the Show advanced templates check box. 6. Select Lotus Notes/Domino Smart Upgrade Tracking Reports (LNDSUTR.NTF) from the list of template names, and then click OK.
Controlling the number of concurrent Smart Upgrade downloads

Use this procedure to enable or disable the Smart Upgrade Governor and to control the number of concurrent Smart Upgrade attempts, that is, to control the number of times Smart Upgrade can be run while the Smart Upgrade Governor is enabled. When Smart Upgrade Governor is enabled, specify the maximum number of Smart Upgrade attempts by specifying a value in the field Maximum Concurrent Downloads on the Server Configuration document. 1. From the IBM(R) Lotus(RM) Domino(TM) Administrator, click Configuration Server - Configurations. 2. Select the Server Configuration document you want to open, and then click Edit Configuration. 3. Click the Smart Upgrade tab. In the field Limit Concurrent Smart Upgrade, enable the Smart Upgrade Governor. 4. In the field Maximum Concurrent Downloads, enter a value for the maximum concurrent number of Smart Upgrade attempts that can be made while the Smart Upgrade Governor is enabled. The default is 100. 5. Save and close the Configuration Settings document.
Creating a database link to the Smart Upgrade Database

In the Domino Directory, the Configuration Settings document contains a Smart Upgrade Database Link field in which you paste the database link to the Smart Upgrade database. The IBM(R) Lotus(R) Domino(TM) intelligent locator uses the replica ID of the Smart Upgrade database in the database link and does the following in this order: 1) Looks for a local replica of that database, and if found, uses it. 2) Looks for a replica of that database on any cluster mates if the server is in a cluster, and if found, uses it. 3) Uses the database on the server specified in the database link in the Server Configuration document. During this procedure, you enable the Smart Upgrade Governor feature that allows you to limit the number of concurrent Smart Upgrade attempts. 1. In the Domino Administrator, open the Smart Upgrade database that you created. 2. Choose Edit - Copy as link - Application link. 3. From the Domino Administrator, click Configuration - Server - Configurations. 4. Select the server, and then click Edit Configuration to edit an existing Configuration Settings document.
211
5. Click the Smart Upgrade tab. Note: Lotus Notes Smart Upgrade first checks for the Smart Upgrade database link in the Configuration Settings document of the home server specified in the IBM(R) Lotus(R) Notes(R) client Location document. If that Configuration Settings document does not contain a Lotus Notes Smart Upgrade database link, Lotus Notes Smart Upgrade next checks the * - [All Servers] Configuration Settings document for the database link. 6. On the Smart Upgrade tab of the document, paste the database link in the Smart Upgrade Database link field. 7. (Optional) In the field Limit Concurrent Smart Upgrade, enable the Smart Upgrade Governor. When Smart Upgrade Governor is enabled, you can limit the number of times that Smart Upgrade attempts are made by specifying a value in the field Maximum Concurrent Downloads. Note: Smart Upgrade Governor requires Notes client and Domino server Release 6.0.5/6.5.4 or greater. Use this feature to prevent an excessive load on the server if Smart Upgrade is invoked numerous times on the same server. 8. In the field Maximum Concurrent Downloads, enter a value for the maximum concurrent number of Smart Upgrade attempts that can be made while the Smart Upgrade Governor is enabled. 9. Save and close the Configuration Settings document. 10. With the Lotus Notes Smart Upgrade database set up, you can begin adding update kits to the database.
Adding update kits to the Lotus Notes Smart Upgrade database

You can download update kits as they become available from IBM(R) Lotus(R) developerWorks http://www.lotus.com/ldd/smartupgrade. After downloading a kit, make the kit available to users by creating a Kit document in the Smart Upgrade database and then either attaching the kit to the Kit document or storing the kit in a directory on a shared network drive that users can access. You specify the location of the kit in the Smart Upgrade Kit document when setting up Smart Upgrade for users. You can provide upgrade kits for upgrading just the IBM(R) Lotus(R) Notes(R) client or for upgrading all clients. When you attach kits to a Smart Upgrade Kit document, attach only one kit per document.
Smart Upgrade kit recognition

Smart Upgrade contains the Smart Upgrade kit recognition feature. Smart Upgrade can determine whether to install a Notes client-only kit or an Allclients kit for each user. The installer sets the value of the InstallType= setting in the NOTES.INI file each time a Notes client or All client installation or upgrade is performed. Smart Upgrade compares the Install Type value in the Smart Upgrade Kit document to the InstallType field in the NOTES.INI file and installs the update kit that matches the Install Type specified in the NOTES.INI file. Smart Upgrade recognition makes it easy to upgrade users who have more than one computer with different client install types, that is, a user can have one computer running Notes client only and another computer running All clients. You can use Smart Upgrade to upgrade both computers for this user. Note: IBM(R) Lotus(R) Domino(TM) 6.5.5 clients and earlier can have only one Smart Upgrade kit per user, per source version. If you attempt to configure
212
multiple source kits, that is Notes client only and All clients for a release of Domino that is pre-Domino 6.5.5, an error message appears indicating that duplicate kits have been found for that user in the Smart Upgrade database and Smart Upgrade will fail. Smart Upgrade recognition upgrades one install type, for example, Notes client only to a newer release of the same install type. You cannot use Smart Upgrade to install a Notes client only install and then use it later to perform an All clients install for the same user on the same computer. If you want to change install types, you must manually upgrade the client to the desired install type. If you are using a Macintosh operating system, the Install Type field is not modifiable and is set to Notes client only. The following values can be used with the NOTES.INI InstallType= setting: v InstallType=2 -- All client install v InstallType=6 -- Notes client only install Note: In Domino 7.0 and later, the Smart Upgrade kits are available in English and other languages (for language packs).
Adding the update kit

1. In the Domino Administrator client, open the Lotus Notes Smart Upgrade database that you created. 2. Click New Kit to create a Kit document. 3. On the Basics tab, complete the following fields:
In this field Kit description Do this Enter a brief description of the kit. After completing this document, this kit description is used to identify the Smart Upgrade Kit document. Select the Enabled check box to make the kit available to authorized users. Choose one: v Notes Standard -- You are running the standard configuration of Lotus Notes-- this means that you can access applications on both Domino servers and IBM(R) WebSphere(R) Portal servers. v Notes Basic -- You are running the basic configuration of Lotus Notes -- this means that all the server-based applications you can access reside on a Domino server. Source versions Enter your current Notes client release, or you can enter a series of Notes clients releases. See the topic Expression rules for use with the Smart Upgrade Kit document for information on acceptable formats for entering the source version. Note: To find the current Notes client release number, check the About Notes document. To open the document, choose Help - About Notes. Operating system Localization Enter or select the operating system for which the kit is intended. Enter or select the language of the Notes Client.
Enable this kit for use Configuration
213
In this field
Do this
Release 6.5.4/6.0.5 or previous This field displays only if you are using Microsoft(R) Windows(R). If you are using Notes Domino release 6.5.4, 6.0.5, or previous, click this check box. Smart Upgrade does not recognize whether All client install or Notes client install applies for these releases. Install Type field only appears if this box is not selected. Install Type Choose one: v Notes client only -- Smart Upgrade will install only the Notes client kit. v All client (Notes client, Administrator client, Designer) -Smart Upgrade will install the All Client kit. Destination version Enter the release number of the update kit. The value of this field must match the value in the Deploy Versions field of the desktop policy settings document. Restart Notes after update Location Click the Restart check box to restart the users updated Notes client when the upgrade is complete. Choose one of these to specify the location of the upgrade kit: v Attached to this note -- Choose this option and then, in the Attach update kit here field, attach the update kit or full installation kit. v On a shared network drive -- Choose this option and then, in the Full path to update kit field, enter the file path to the file SETUP.EXE. When you use the shared network drive option, decompress the file, then copy all files in the installation kit to the directory specified. Follow this convention: \\networkfileservername\ shareddirectoryname\setup.exe v Shared network drive and attached kit with failover -Choose this option and then select the file to attach that contains the Smart Upgrade Kit and enter the full file path name to the file, SETUP.EXE. The Shared network drive and attached kit with failover option provides both fields of information to users. The Smart Upgrade process checks whether a Full Path Kit is available. If the Full Path Kit is available, it is used; if it is not available, the attachment kit is used. Attach Update Kits here Attach the update kit or a full installation kit. Attach the EXE file that you downloaded to the document without decompressing the file. If you are using Domino 6.5.5 or later, you can attach either a Notes client only kit or an All clients kit. Enter optional arguments if you are specifying a shared network kit. For information regarding optional arguments, see the subtopic Using optional arguments when running Smart Upgrade. Enter the message that will appear when Lotus Notes Smart Upgrade prompts users to upgrade their Notes clients.
Optional arguments for shared network drive kit
Message text
214
In this field Optional arguments for attached kit
Do this Enter optional arguments if you are using an attached kit. For information regarding optional arguments, see the subtopic Using optional arguments when running Smart Upgrade.
4. Complete these fields on the Administration tab:

In this field Allowed Users & Servers Do this Enter or select the users or servers allowed to upgrade their Notes clients. To include all users in your organization, enter a value using the following format: */OrgUnit/Organization/CountryCode Note: When you enter a value in this field, also add LocalDomainServers to this field because this is a Readers field. If LocalDomainServers is not included in the entries in this field, the kit will not replicate to other Domino servers in the domain. Owners Administrators Comments Enter or select the persons who own this document. Enter or select the persons who administer the document. (Optional) Enter comments such as the update history for this document.
5. Click Save and Close. 6. Create a desktop policy to deploy the update.
Expression rules for use with the Smart Upgrade Kit document
Domino compares the release number of the users Notes client to the release number specified in the Source Version field of the Kit document in the Lotus Notes Smart Upgrade database. You can use any of the expression rules shown in the table below, when entering the release number in the Source Version field of the Kit document. Note: Use the expression rules in this table only in the Source version field of the Smart Upgrade Kit document.
Character Any character, for example, C \C ? {ABN} {!ABN} {A-FH-K} +C * ! | & Description Matches any single non-special character. In this example, it matches C Matches the single character even if it is a special character. In this example, it matches C Matches any single character Matches any character in the set (A,B,N) Matches any character not in the set (A,B,N) Matches any character in the set (A...F,H...K) Matches any number of occurrences of the pattern C Matches any string (shorthand for ?) Complements logical meaning of this template Performs logical or of two templates Performs logical and of two templates
215
Examples
Domino compares the release number of the users Notes client to the release number specified in the Source Version field of the Kit document in the Lotus Notes Smart Upgrade database. You can use any of the expression rules shown in the table below when entering the release number in the Source version field of the Kit document. Each matching pattern in the following string matches the source version string: Build V604_10072003NP
Pattern Build V604_10072003NP * Build V604_1+072+03NP ??????V604??????????? +? V604_10072003NP Build V604_+{0-9N}NP *V604_+{0-7}NP *V604_10072003+{N-P} +{A-Za-z} V604_+{0-7}NP Build V604_+{0-7}NP Build V604_10072003+{!0-9 } Build V604_+{!A-Z}NP Explanation of match Build V604_10072003NP wild card match +0 matches 00 ? matches any character +? matches Build +{0-9N} matches tail 10072003NP _+{0-7} matches string 10072003 {N-P} matches NP +{A-Za-z} matches Build 0-7 matches 10072003 +{!0-9 } matches any string not containing a digit _+{!A-Z} matches any string that does not contain any letters A through Z, inclusive.
Running a silent upgrade using optional arguments

You can use optional arguments when launching Smart Upgrade. Smart Upgrade can launch any type of executable; therefore, the command line arguments in the Smart Upgrade Kit document are specific to the executable file referenced in the document, not to the Smart Upgrade itself. Use optional arguments with Smart Upgrade Kits on a shared network drive or with a Smart Upgrade Kit attached to a Kit document. Optional arguments are commonly used to run a silent Smart Upgrade requiring no user input during the upgrade, or to launch an upgrade that is almost silent requiring almost no input from users. See the examples that follow. Samples of the optional command line arguments and their descriptions are shown in the table below.
216
Optional command line arguments -a
Description and use Passes all arguments to the file that is being launched. Note: For a Web kit, the -a parameter passes all command line arguments to the embedded install kit. For a CD kit (setup.exe or setup.sh), the -a parameter creates an admin image. Administrative installation.
Attached kit example -a /v/qb+
Shared network drive example Does not apply
/a /s Note: Always place a blank space immediately after the /s.
-a /a
/a /s
For attached kit, does not -a /s display the dialog box that prompts the user to input the location to which the files are to be installed. By default, the files are placed in the users <TempDir>\ LotusNotesInstall For shared network drive, does not display the Install Shield initialization box.
/v
Passes arguments to MSIexec. All arguments entered to the right of the argument /v apply to MSIexec. Sets the interface level. For example, /qn indicates no user interface displays during the upgrade. Displays the basic user interface and a message box at the end of the upgrade. Web Kit installations. Sets a path to the default program directory and the default data directory. Hides the Location to Save Files dialog box and the Remove Installation Files dialog box. Displays a message box at the end of the upgrade. Specifies that files are extracted to a temporary directory, from which they are deleted when the update is complete. The argument -d must be the first argument in the series of arguments.
-a /vxxxx
/vxxxx
Where xxxx = any Where xxxx = any optional optional argument. argument. -a /vqn /v/qn
/q
/qb+
-a /vqb+
/vqb+
/px
Web Kit installation -px -a /s /v/qb+
-d
-d -a /s /v/qn
Does not apply.
217
Example of a silent install when using a Smart Upgrade Kit on a shared network drive
Shared network kits use arguments to initiate a silent install that bypasses the IBM(R) Lotus(R) Notes(R) Install dialog boxes and uses installation options selected during the previous install. Enter the arguments in the field Optional arguments for shared network drive kit. v Use this format to display a progress bar during the upgrade, in addition to displaying the message indicating that the upgrade is complete or it has failed. Use the b parameter as follows:
/s /v"/qb+"
Note the following about this example: /s initiates a silent install. Always enter a space after the /s. /v indicates that the /qb+ parameters are passed to MsiExec. The /qb+ instructs MsiExec to run in silent mode but to display a progress bar during the upgrade, and then to display a message when the install is complete.
Example of a silent install when referencing Web kits in the Smart Upgrade Kit document
This example applies to silent installs where you are referencing Web kits in the Smart Upgrade Kit document. Enter the arguments in the field Optional arguments for attached kit. v Use this format to run a silent upgrade from a Web kit:
-s -a /s /v"/qn"
Note the following about this example: Attached kits use the -s argument to make the unpackaging of the detached kit on the users computer silent. Attached kits use the -a argument to indicate that additional arguments are to be passed to the Lotus Notes installer after the unpackaging is complete. A silent install requires no user input because it bypasses the Lotus Notes Install windows. Silent install use installation options selected during the previous install. Always enter a space after the /s.
Creating a Lotus Notes Smart Upgrade desktop policy settings document

Use desktop policy settings document to enable IBM(R) Lotus(R) Notes(R) Smart Upgrade to function automatically, to deploy different releases of the Notes client to different groups of users, to upgrade Notes clients through several updates at one time, to automatically create and use a Smart Upgrade Tracking Reports database, and to control when updates occur in order to preserve server performance. The desktop policy settings document is applied continually during authentication and is enforced by dynamic configuration. The policy settings document is applied to the users client configuration whenever a change to the document occurs. For more information about the desktop policy settings document, see the topic Creating a desktop policy settings document in the IBM(R) Lotus(R) Domino(TM) Administrator documentation. If you have not already done so, create a master policy document.
218
Creating a master policy document for Lotus Notes Smart Upgrade

You create or modify a master policy document to determine which users and groups will be assigned the IBM(R) Lotus(R) Notes(R) Smart Upgrade desktop policy settings document. There are two types of master policies: organizational and explicit. Organizational policies are based on your organizational hierarchy and are assigned automatically to the users within an organization. If you want all users in your organization to upgrade their Notes clients, create an organizational policy. Explicit policies are assigned to specific users and groups. If you want only specific users and groups to upgrade their Notes clients, create an explicit policy. A user who is not assigned to the Lotus Notes Smart Upgrade desktop policy settings document may still update the Notes client because Smart Upgrade works as described here. When the Notes client Smart Upgrade timer expires, the next time the users Notes client authenticates with their home server or cluster mate of their home server, the server compares the Notes client release information with the available update kit release information it has cached. If the server finds a match, it signals to the Notes client that a possible match exists. The Notes Client then directly checks the Smart Upgrade database for an available kit. If a user is assigned a master policy where a specific Notes client version is specified, the Notes client only proceeds with Smart Upgrade if a kit exists that will upgrade this particular Notes client to the version specified in the policy. If no master policy exists and the Notes client finds a matching upgrade kit(s) for their current version of Notes, Smart Upgrade also proceeds. Note: You can limit which kits specific users can see by populating the Allowed Users and Servers field on the Smart Upgrade Kit document. A server can signal to a Notes client that a kit is potentially available, but the Notes client may not locate an available kit because the users name has not been entered in the Allowed Users and Servers field. In this scenario, the Smart Upgrade timer on the Notes client is incremented by one day. 1. For more information about policies, see the Using Policies topic. 2. On the People and Groups tab of the IBM(R) Lotus(R) Domino(TM) Directory, open the Policies view. 3. If you are creating a master policy, click Add Policy. If you are modifying an existing master policy, select the policy to modify, and then click Edit Policy. 4. If you are modifying an existing policy, modify as many of the following fields as necessary. If you are creating a master policy, do the following: v On the Basics tab, enter the policy name, then choose either Explicit or Organizational as the policy type. v Provide a description for the policy. 5. In the Desktop field, select the desktop policy settings document to associate with master policy you are creating or modifying. 6. Click Save and Close. 7. If you created an explicit policy, you can assign the master policy to users and groups. If you created an organizational policy, then the process is complete.
Assigning the Lotus Notes Smart Upgrade master policy to users and groups
If you created an explicit master policy, then you must assign the policy to users and/or groups. To assign a master policy to a user, edit the Person document. To assign a master policy to a group, use the Set Policy Options dialog box.
219
To assign a master policy to a user: 1. In the IBM(R) Lotus(R) Domino(TM) Administrator, open the Persons view on the People and Groups tab. 2. Select the person to whom you want to assign the IBM(R) Lotus(R) Notes(R) Smart Upgrade master policy. 3. Click Edit Person. 4. In the Person document, click the Administration tab. 5. In the Policy field, select the name of the Lotus Notes Smart Upgrade master policy. 6. Click Save and Close. To assign a master policy to a group: 1. In the Domino Administrator, open the Groups view on the People and Groups tab. 2. Select the group to which you want to assign the Lotus Notes Smart Upgrade master policy. 3. On the Tools pane, select Groups - Set Policy. 4. In the Set Policy Options dialog box, select the Lotus Notes Smart Upgrade master policy, and then click OK. Note: You can assign only one master policy per group; however, you can assign several policy settings documents to a master policy.
Using Smart Upgrade to run a series of client upgrades

You can use Smart Upgrade to chain upgrade kits, that is, to install them in a series from the earliest release in the Kit document to the most recent IBM(R) Lotus(R) Notes(R) and IBM(R) Lotus(R) Domino(TM) release listed in a Kit document. For example, you can create a Kit document to upgrade the Notes client 6.5.5 to the Notes client 7.0. You can also create a second Kit document to upgrade the Notes client 7.0 to the Notes client 7.0.2. When Smart Upgrade runs, it will recognize the sequence and upgrade the Notes client 6.5.5 to Notes client 7.0, and will then upgrade the Notes client to 7.0.2. When all of the upgrades are complete, the Notes client is restarted. This sequence is followed regardless of whether Smart Upgrade is deployed manually or by a policy. When you chain upgrade kits, be sure to use one method of installation, for example, install all kits from a shared network drive, or perform all upgrades using attached kits. If you attempt to combine upgrade methods, your upgrade may contain errors or fail completely.
Notes users and Lotus Notes Smart Upgrade

The following is general information about IBM(R) Lotus(R) Notes(R) users and Smart Upgrade. v Location documents must specify the correct home server on the Servers tab of the Location document. If the wrong home server is specified, Smart Upgrade will not begin the upgrade process. v The Microsoft(R) Windows(R) Installer allows you to specify administrator-level privileges for Lotus Notes. This allows single Windows users to install Lotus Notes without administrator access. v At any time during the grace period, users can choose File - Tools - Notes Smart Upgrade to begin the upgrade process.
220
Maintaining Lotus Notes Smart Upgrade

After you have completed the procedure for setting up the IBM(R) Lotus(R) Notes(R) Smart Upgrade database and Smart Upgrade policies, perform the following tasks to maintain Smart Upgrade: v Download new update kits as they become available at IBM(R) developerWorks http://www.lotus.com/ldd/smartupgrade and add the new kits to the Smart Upgrade database. v Disable the previous update kits and enable the latest update kit. To disable a kit, clear the Enable check box on the Basics tab of the Smart Upgrade document. v Edit the Smart Upgrade desktop policy settings document with the new release number and grace period.
Using the Smart Upgrade Run-As wizard

Run the Smart Upgrade Run-As wizard (SUSETRUNASWIZARD.EXE) to create an executable file (SURUNAS.EXE) that Notes client users can then run to upgrade their IBM(R) Lotus(R) Notes(R) clients. Lotus Notes users can use the Smart Upgrade Run-As (SURunas) feature to upgrade to a newer Notes client release. Smart Upgrade Run-As is designed for Notes client users who do not have administrator privileges but who still need to periodically update their Notes client software. Notes client users with administrator privileges on their local computer can still use Smart Upgrade. As previously mentioned, you run SUSETRUNASWIZARD.EXE to create an executable file, SURUNAS.EXE, that Notes client users can run to upgrade their Notes clients. This new executable file runs within the standard Smart Upgrade program on the local workstation, as a user with administrator privileges. You specify the administrator user name and password while completing the Smart Upgrade Run-As wizard. While the wizard is running, you specify the file, usually a SETUP.EXE or similar file, that is to be run when the user runs SURUNAS.EXE. The SETUP.EXE file that you specify is either stored in SURUNAS.EXE or you can specify a Universal Naming Convention (UNC) path to a shared network drive from which that setup file can be accessed. In addition to specifying the setup file to be used, you also specify any other files to be included in the install kit. The Smart Upgrade Run-As wizard creates the install kit that the Notes client end users run to upgrade their Notes clients. Note: If you have multiple domains, and if you do not have a user name and password that can be used across multiple domains, run the Smart Upgrade Run-As wizard for each individual domain.
Running the Smart Upgrade Run-As wizard

While the running the wizard, you have the option to store the new executable in a self-contained package in the SURUNAS.EXE file or as a file reference to a network share. Instructions for both procedures are included here. Running SUSETRUNASWIZARD.EXE and storing the executable in a self-contained package in the SURunAs executable file 1. Run the file, SUSETRUNASWIZARD.EXE. 2. Choose to save the new executable in a self-contained package in the SURunAs executable file, and then click Next.
221
3. Choose the files to be stored in the SURUNAS.EXE file. If the files you need are not listed, click Add Files, and then browse to and select the files. When you have selected the files you need, click Next. 4. Specify any command line options that you are using, and then click Next. Note: For information about command line parameters, see the topic Running a silent upgrade using optional arguments in the Domino Administrator help, as well as the installation guide and upgrade guide for this release. 5. Specify the path where SURUNAS.EXE is to be stored, and then click Next. 6. Review the summary information that displays. Optionally, you can save the settings you entered, by clicking Save all settings on exit, and then click Next. 7. Click Finish, and then click Done. Running SUSETRUNASWIZARD.EXE and storing the executable as a file reference on a network share 1. Run the file, SUSETRUNASWIZARD.EXE. 2. Choose to save the new executable as a file reference on a network share, and then click Next. 3. Enter the Universal Naming Convention (UNC) path to the executable file that SURUNAS.EXE will launch, and then click Next. 4. Specify any command line options that you are using, and then click Next. Note: Be sure to use the /w command line argument whenever you use Smart Upgrade Run-As. For more information, see the table below. 5. Specify the path where SURUNAS.EXE is to be stored, and then click Next. 6. Review the summary information that displays. Optionally, you can save the settings you entered, by clicking Save all settings on exit. Click Next. 7. Click Finish, and then click Done.
Optional command line arguments Description and use /w Use with Smart Upgrade Run-As Yes
Attached kit example
Shared network drive example /s /w+ /vALLUSERS=1 /qb+
Use with Smart Upgrade -a /s /w / Run-As. Allows vALLUSERS=1 SURUNAS.EXE to wait /qb+ because the Notes client should not be restarted until all processing is complete. Note: You should always use the /w parameter when using Smart Upgrade Run-As. Passes all arguments to the file that is being launched. Administrative installation. -a /v/qb+ -a /a
-a /a
Does not apply /a
No No
222
Optional command line arguments Description and use /s For attached kit, does not Note: Always display the dialog box that place a prompts the user to input blank the location to which the space files are to be installed. By immediately default, the files are placed after the in the users /s. <TempDir>\ LotusNotesInstall For shared network drive, does not display the Install Shield initialization box. /v Passes arguments to MSIexec. All arguments entered to the right of the argument /v apply to MSIexec. Sets the interface level. For example, /qn indicates no user interface displays during the upgrade.
Attached kit example -a /s
Shared network drive example /s
Use with Smart Upgrade Run-As Yes
-a /vxxxx Where xxxx = any optional argument. -a /vqn
/vxxxx Where xxxx = any optional argument. /v/qn
Yes
/q
Yes
/qb+
Displays the basic user -a /vqb+ interface and a message box at the end of the upgrade. Web Kit installations. Sets a path to the default program directory and the default data directory. Hides the Location to Save Files dialog box and the Remove Installation Files dialog box. Displays a message box at the end of the upgrade. Specifies that files are extracted to a temporary directory, from which they are deleted when the update is complete. The argument -d must be the first argument in the series of arguments.
/vqb+
Yes
/px
Web Kit installation -px -a /s /v/qb+
Yes
-d
-d -a /s /v/qn Does not apply.
Yes
How Smart Upgrade performs an upgrade

If the Smart Upgrade Timer on the IBM(R) Lotus(R) Notes(R) client expires, the next time that users log in to their IBM(R) Lotus(R) Domino(TM) home server or its cluster mate, Smart Upgrade does the following: 1. Compares the release number of the users Notes client to the release number specified in the Source version field of the Kit document in the Lotus Notes Smart Upgrade database. The Notes client sends a match pattern to the server
223
including the Notes clients current version, the platform and the localization. With Domino/Notes release 6.5.5 and later, the Install Type is also sent. The server then looks for a matching kit. 2. If the server finds a match, it sends a flag back to the Notes client indicating an upgrade kit may exist. 3. The Notes client searches the Smart Upgrade database for a match for its current Notes client version, platform and localization. With Domino/Notes release 6.5.5 or later, the Notes client also checks the Install Type. Note: Smart Upgrade kits utilize a Readers field; therefore, the Notes client only sees kits for the user specified in the Allowed Users and Servers field. 4. If the users Deploy version field on the desktop policy settings document is populated with a version number, Notes compares that version number to the version number specified in the Destination version field of the Kit document. Note: Specifying the upgrade kit release number in the Deploy version field of the desktop policy settings document is optional. If that field is blank, but an update kit is available, Lotus Notes Smart Upgrade skips Step 4 and uses the release number of the update kit to continue the upgrade process. 5. If a match is found, and users are specified or are members of a specified group, Lotus Notes Smart Upgrade displays a Smart Upgrade dialog box that prompts the users to upgrade their Notes client. 6. Users can update their clients when prompted or delay the upgrade for a specified period of time. If the user has a policy that specifies an Upgrade deadline and that date has expired, the Smart Upgrade dialog box displays an Update Now button that forces users to update their Notes client with no options for further delay. If the setting Remind me every hour after upgrade deadline has passed is set in the policy settings document, users can delay the Smart Upgrade in one hour increments before being prompted again.
224
Chapter 7. Uninstalling Notes

To uninstall IBM(R) Lotus(R) Notes(R), use any of the following procedures: v Uninstall from Windows using Add Remove v Uninstall from Linux using command line v Cleaning a previous Notes 8 Beta from your client v Uninstalling Notes silently
Uninstalling Notes from a Windows client

Use the following procedure to uninstall IBM(R) Lotus(R) Notes(R) from the Microsoft(R) Windows(R) client. Note: If you installed Lotus Notes using multi-user, you must log in as an administrative user to uninstall. When uninstalling a multi-user install, each users Notes data directory and workspace are left intact to preserve data. 1. Exit Lotus Notes before uninstalling the product. 2. Click Add/Remove Programs from the Windows Control Panel. 3. Locate and select IBM Lotus Notes 8 in the application list. For example, if you are uninstalling a Beta version, the listed application might be IBM Lotus Notes 8 Beta 3. 4. Click Remove. 5. Respond to all prompts. Uninstall may take several minutes to complete.
Uninstalling Notes from a Linux client

Use this procedure to uninstall IBM(R) Lotus(R) Notes(R) from a Linux(R) client. Each users Notes data directory and workspace are left intact to preserve data. 1. Exit Lotus Notes before uninstalling the product. 2. Log in as an administrative user. 3. Navigate to <install path>//uninstaller.bin using File Browser or a shell terminal. 4. Run the uninstaller.bin file by either double-clicking on the icon in File Browser or executing ./uninstaller.bin in a shell. Uninstall may take several minutes to complete.
Uninstalling Notes silently

You can uninstall IBM(R) Lotus(R) Notes(R) silently. Each users data directory and workspace will be left to preserve data. If you are uninstalling a multi-user install, log in as an administrator or root user. Note: Shut down the Lotus Notes application before starting the uninstall procedure.
225
Microsoft Windows
You can uninstall Lotus Notes silently from Microsoft(R) Windows(R). 1. Ensure that Lotus Notes is not running. 2. Open a command prompt window. 3. Change to the directory in which the installation package uninstaller resides or specify the full path to the MSI file. 4. Run the uninstall command. A sample syntax is shown below:
msiexec /x "Lotus Notes 8.0.msi" /qn
Linux
You can uninstall Lotus Notes silently from Linux(R). 1. Ensure that Lotus Notes is not running. 2. Open a Linux shell. 3. Change to the directory in which the uninstaller resides or specify the full path to the uninstaller. 4. As the root user, run the following command to silently uninstall Lotus Notes.
<install_dir>/uninstaller.bin -silent
Cleaning a previous Notes 8 installation from your client

If you experience a problem installing Lotus Notes 8 on a system on which a previous beta has been installed, or if you exited out of the Notes installation process prior to its completion, review the troubleshooting suggestions provided below. Uninstall instructions are provided in the release notes supplied with each beta. If, after uninstalling your Lotus Notes 8 beta or partial release, you continue to experience problems installing Lotus Notes 8, use the manual cleanup instruction provided below. Note: You should be able to upgrade from Lotus Notes 8 Beta 3 to the release version Lotus Notes 8. Upgrade to Lotus Notes 8 from a Beta 2 or earlier version is not supported. If you experience trouble installing Lotus Notes 8, first use the cleanup instructions for Beta 3 or later, and then use the cleanup instructions for Beta 2 or earlier (if applicable). Both sets of instructions are detailed below.
System on which a Lotus Notes 8 Beta 2 or earlier beta version was installed
If after uninstalling a Beta 2 or earlier beta version of Lotus Notes 8, you experience an issue installing this Beta 3 version, review the troubleshooting suggestions provided below.
Cleanup instructions for Windows -- Lotus Notes 8 Beta 2 or earlier

To clean a Lotus Notes 8 Beta 2 or earlier beta version from your Microsoft(R) Windows(R) client, complete the following procedure: 1. Delete the Lotus Notes 8 Beta <install path>\framework folder. 2. Remove C:\Program Files\Common Files\InstallShield\Universal\ibm\notes8. Note: Subsequent installation may fail if you uninstalled the Lotus Notes 8 Beta, but temporary files were left in Program Files\Common Files\InstallShield\Universal\ibm\notes8. Symptoms are a relatively quick
226
install, or a null error in the installation panels. To prevent this problem, be sure to uninstall Lotus Notes 8 and manually remove any files left in Program Files\Common Files\Universal\ibm\notes8. 3. Remove the user workspace located in Documents and Settings\<user name>\IBM\RCP\<timestamp> if present. Note: If multiple workspace folders are present, delete the most-recently created folder. You can determine which folder was created most recently by clicking View - Details. 4. Delete the following two registry keys, if they exist, using the Start - Programs - Run - regedit command sequence: v HKEY_LOCAL_MACHINE\SOFTWARE\Lotus\Notes v HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Lotus\Expeditor Note: If the only folder inside HKEY_LOCAL_MACHINE\SOFTWARE\ IBM\Lotus is Expeditor, delete the Lotus folder.
Cleanup instructions for Linux -- Lotus Notes 8 Beta 2 or earlier

To clean a Lotus Notes 8 Beta 2 or earlier beta version from your Linux(R) client, complete the following procedure: 1. Remove the Lotus Notes 8 Beta<install path>/framework folder. 2. Remove /home/<user name>/InstallShield unless you have installed other programs on your system with Macrovision InstallShield. 3. Remove /home/<user name>/IBM. 4. Remove /home/<user name>/install.log if present. 5. 6. 7. 8. 9. Remove the contents of /tmp that are owned by <user name>. Remove /home/<user name>/install.xml if present. Remove /home/<user name>/tmp_notes_args.properties if present. Remove /home/<user name>/notes. Update the following hidden files: Note: To view these hidden files in File Browser, click View - Show Hidden Files and scroll down the list. v Remove /home/<user name>/.notesrc. v Restore /home/<user name>/.profile by removing Notes references from any variables. v Restore /home/<user name>/.bash_profile by removing Notes references from any variables.
System on which a Lotus Notes 8 Beta 3 version, or partially installed Lotus Notes 8 version, was installed:
If after uninstalling a Beta 3 version of Lotus Notes 8, or exiting out of Lotus Notes 8 installation before installation was complete, before you experience an issue re-installing, review the troubleshooting suggestions provided below.
Chapter 7. Uninstalling Notes
227
Cleanup instructions for Windows -- Lotus Notes 8 Beta 3 or later:

To clean a Lotus Notes 8 Beta 3 or later Lotus Notes 8 version from your Windows client, complete the following procedure: 1. Delete the Lotus Notes <install path>\framework folder. 2. Delete the following two registry keys, if they exist, using the Start - Programs - Run - regedit command sequence: v HKEY_LOCAL_MACHINE\SOFTWARE\Lotus\Notes v HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Lotus\Expeditor Note: If the only folder inside HKEY_LOCAL_MACHINE\SOFTWARE\ IBM\Lotus is Expeditor, delete the Lotus folder. 3. If Notes appears in your Add/Remove Program panel, run the Windows installer cleanup utility located at http://support.microsoft.com/ default.aspx?scid=kb;en-us;290301.
Cleanup instructions for Linux -- Lotus Notes 8 Beta 3 or later:

To clean a Lotus Notes 8 Beta 3 or later Lotus Notes 8 version from your Linux client, complete the following procedure: As root user: 1. Remove <install path>/install.log and any other log files left over in that directory. 2. Remove<install path>/framework. 3. Remove /root/InstallShield (unless you have installed other programs on your system with InstallShield). 4. Remove /root/lotus. 5. Remove /root/install.log if present. 6. Remove /root/install.xml if present. 7. Remove /etc/lotus/notes if present. As non-root user: 1. Remove /home/<install path>/lotus. 2. Remove /home/<install path>/InternalProvisioning.log. 3. Remove the contents of /tmp owned by <install path>.
228
Chapter 8. Setting up Domino and DB2

This chapter contains overview information about IBM(R) Lotus(R) Domino(TM) and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition, and describes how to install and set up the Domino and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition environment.
Domino and DB2 user accounts that are needed for Domino and DB2
To install the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition software on Microsoft(R) Windows(R) or on IBM(R) AIX(R) or UNIX(R), you need an installation account. v An installation account is an OS user account created in Microsoft Windows or AIX/UNIX. You use this account to install the IBM(R) DB2(R) DB2 Universal Database(TM) software.
Accounts required with Microsoft Windows

Each account is fully explained later in the documentation, but here is a list of the user accounts that you will need: 1. A DB2 administrators account which is an OS user account. This OS user account starts the DB2 services. 2. A DB2 user account that the IBM(R) Lotus(R) Domino(TM) server uses to authenticate with the DB2 server. This DB2 user account is created during DB2 server enablement and is called the Domino server user account. Note: The DB2 server enablement tool enables a Domino server to communicate with a DB2 server. 3. An IBM(R) Lotus(R) Notes(R) user account with Domino server access rights. 4. A DB2 account name which is an OS user account that you will map to the IBM(R) Lotus(R) Notes(R) user account. This mapped account is needed for accessing the DB2 Access Views and Query Views.
Accounts required with AIX/UNIX/Linux

Each account is fully explained later in the documentation, but here is a list of the user accounts that you will need: 1. A DB2 user account name that Domino uses to authenticate with the DB2 server. This account can be the DB2 instance owner, in which case, it is created when the DB2 instance is created during DB2 server installation and configuration. If you are not using the DB2 instance account, this DB2 account is created during the DB2 server enablement process and is called the Domino server user account. 2. A Notes user account with Domino server access rights. 3. A DB2 account name which is an OS user account that you will map to the Notes user account. This mapped account is needed for accessing the DB2 Access Views and Query views.
229
Domino and DB2 supported platforms and configurations

Use the information in these topics to verify which platforms and configurations are supported. v Supported platforms and hardware and software requirements v Supported configurations in Domino and DB2
Supported platforms and hardware and software requirements

IBM(R) Lotus(R) Domino(TM) can use Query Views, as well as some IBM(R) Lotus(R) Domino(TM) Designer features for DB2 Access Views. Any version of the IBM(R) Lotus(R) Notes(R) C-API program that can access the DB2 enabled Domino server can also access IBM Lotus Notes databases stored in IBM(R) DB2 Universal Database(TM) Enterprise Server Edition.
Supported platforms
Domino 8.0, 32-bit application is supported on the following platforms: v Microsoft(R) Windows(R) 32-bit and MS Windows 64-bit v IBM(R) AIX(R) 5.3, 64-bit v Linux(R) (SLES10) 64-bit DB2 9.1, 32-bit is certified on Microsoft Windows; DB2 9.1, 64-bit is certified on IBM AIX and Linux. DB2 9.1 can be installed on the following platforms: v MS Windows 32-bit and MS Windows 64-bit v IBM AIX 5.3, 64-bit v Linux (SLES10) 64-bit Note: Shared mail is not supported for a DB2 server. The recommended method of installation is to create a new DB2-enabled Domino server and replicate to DB2. If an existing server is upgraded to a DB2-enabled Domino server, the shared mail linked mail files need be unlinked prior to the upgrade.
Prerequisites for IBM AIX

v 64-bit kernel v POWER4 or more recent hardware
Software requirements
v IBM(R) Lotus(R) Domino(TM) server 8.0 v IBM Lotus Domino Administrator 8.0 v IBM(R) DB2 Universal Database(TM) Enterprise Server Edition, version 9.1. Note: If your configuration includes DB2 on the Domino server and DB2 on a DB2 server, both servers must be running DB2 9.1. v DB2(R) Run-Time Client is required for remote configurations CAUTION: Do not confuse the DB2 Run-Time Client with the DB2 Run Time Client Lite (RTCL). The DB2 Run Time Client Lite is NOT supported. v IBM DB2 Access for Lotus Domino 8.0 v IBM Lotus Notes Client 8.0
230
Memory requirements for a DB2 enabled Domino server, Microsoft Windows or IBM AIX and Linux Microsoft Windows platform
v Computers require a minimum 1 GB RAM, 2GHz Processor. v On a local configuration, that is, the IBM(R) Lotus(R) Domino(TM) server and the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server are installed and running on the same Microsoft(R) Windows(R) computer, the computer should be dedicated to Domino and have no more than one DB2 instance and one DB2 database for the Domino server. v On a remote configuration, that is, the Domino server and the DB2 server are installed on and are running on separate computers, the DB2 server must have one DB2 instance and one DB2 database for the Domino server.
IBM AIX and Linux platform

v The DB2 Server can be configured with multiple DB2 instances but can only have one DB2 instance and one DB2 database per Domino Server. v A minimum of 1GB memory per DB2 instance v The Input Output Completion Protocol (IOCP) must be installed on IBM(R) AIX(R) systems on which the DB2 Access server is installed. If Domino has not been installed on the computer where the DB2 Access server is to be installed, you must manually verify that IOCP is installed and enabled prior to installing the DB2 Access server.
Other requirements
v Transaction logging must be enabled to run the DB2 enabled Domino server. When you enable transaction logging on the Server document, set the log file size to at least 192 MB. v UTF-8 is supported for Domino and DB2. New databases are created as UTF-8 databases. No other database encoding is supported.
Whats not supported in this release of Domino and DB2?

Domino and DB2 does not support the use of the following: v IMAP4 v v v v ODS version 41 Dominos extended ACLs are not supported with DB2 enabled Notes databases. SCOS (shared mail) System databases are not supported as DB2 enabled Notes databases (NAMES.NSF, LOG.NSF, etc.)
Memory and hardware requirements

v 2 GHz processor v 1 GB RAM
Supported configurations in Domino and DB2

The following IBM(R) Lotus(R) Domino(TM) and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition configurations are supported: v Local Configuration -- Domino 8 and DB2 9.1 installed and running on one computer. (See Figure 1) v Remote Configurations -- See Remote Configuration, Figure 2 and Figure 3.
231
DB2 Run-Time Client is installed on the same servers as Domino, and the Domino server is pointing to one instance of DB2 9.1 installed on another computer. The DB2 Run-Time Client must be installed on the Domino server. (See Figure 2) CAUTION: Do not confuse the DB2 Run-Time Client with the DB2 Run Time Client Lite (RTCL). We do not support the DB2 Run Time Client Lite. Multiple Domino servers are reinstalled on one partitioned server. DB2 is installed on another server. (See Figure 3) To use a DB2 server remotely, the computer on which the Domino server resides must also have one of the following DB2 components installed: v DB2 Run-Time Client -- Must be installed on the Domino server in all configurations where DB2 is installed on one computer and Domino is installed on another computer. v DB2 Universal Database(TM) Enterprise Server Edition -- Includes all components of a DB2 server and connects to a remote DB2 server. v DB2 Workgroup Edition -- We do not provide this but if a customer has purchased and is using this, we will support it. Each Domino server manages its own database on the DB2 server. A DB2 server can support multiple Domino servers, each connected to its own database. These can be separate databases in the same DB2 instance or separate DB2 instances -- each supporting a single database / Domino server (recommended). For information about DB2, go to the DB2 Information Center at http://publib.boulder.ibm.com/infocenter/db2help/index.jsp.
Example of a local Domino and DB2 configuration

In this configuration, the IBM(R) Lotus(R) Domino(TM) server and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server are installed and running on the same computer.
You can configure DB2 to support one or more Domino servers.
Example of a remote Domino and DB2 configuration that uses separate servers
In a remote configuration, IBM(R) Lotus(R) Domino(TM) runs on one or more servers and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition runs on
232
one or more servers. This example applies to DB2 on IBM(R) AIX(R) because the DB2 server contains multiple DB2 Instances. You can configure DB2 to support multiple Domino servers. In this configuration, the DB2 Run-Time Client is installed on the Domino servers. CAUTION: Do not confuse the DB2 Run-Time Client with the DB2 Run Time Client Lite (RTCL). We do not support the DB2 Run Time Client Lite.
Each Domino server must point to its own unique DB2 database.
Example of a remote Domino and DB2 configuration that uses partitions

In this remote configuration, multiple IBM(R) Lotus(R) Domino(TM) servers reside on one partitioned server that communicates with IBM(R) DB2 Universal Database(TM) Enterprise Server Edition, which is installed on a separate computer.
233
Mixed platforms are supported for Domino and DB2. For example, you can run a Domino server on Microsoft(R) Windows(R) and also have a remote DB2 server running on IBM(R) AIX(R).
234
Installation and setup procedures

Complete the installation procedures for Microsoft(R) Windows(R) or IBM(R) AIX(R) according to the platform you are using, whether you are installing a DB2 Access server, and whether you are setting up a local or remote configuration. You only need to install the DB2 Access server on an IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server if you want to make IBM(R) Lotus(R) Domino(TM) data available in DB2. If you only host NSF databases in DB2, you do not need to install the DB2 Access server. The DB2 Access server facilitates your use of the IBM(R) Lotus(R) Domino(TM) Designer view functions for DB2 by enabling Dominos user security. v Installing Domino and DB2 on Microsoft Windows platforms v Installing Domino and DB2 on IBM AIX and Linux platforms v Upgrading Domino and DB2
Installing Domino and DB2 on Microsoft Windows platforms

Complete this procedure to set up a new IBM(R) Lotus(R) Domino(TM) and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition environment on Microsoft(R) Windows(R). This is not a procedure for upgrading an existing Domino and DB2 configuration.
Setting up the Domino server environment for use with DB2

1. (Domino administrator) Install and set up the Domino server and the Domino Administrator.
Installing and Setting up DB2

1. (MS Windows administrator) Create an installation user account. 2. ( DB2 Administrator logged on with Installation user account) Install DB2 on Microsoft Windows. 3. Restart the Domino server.
Setting up the DB2 server environment

1. (MS Windows administrator) Create a DB2 administrator account. 2. Determine whether you have a SYSCTRL group 3. If your DB2 configuration has a SYSCTRL_GROUP, you can omit this step. If your DB2 does not have a SYSCTRL_GROUP, designate the DB2DOM group a system control group and add the Domino super user to the system control group
Enabling the Domino server to communicate with the DB2 server

1. (Domino administrator) Enable the Domino server to communicate with the DB2 server. 2. Grant the SETSESSIONUSER privilege to the Domino server user. 3. If you are using a remote DB2 server, complete the steps in the topic Using a remote DB2 server with server enablement.
(Optional) Setting up the DB2 Access server

Installing the DB2 Access server is optional. Determine whether you need to install it. The DB2 Access server is required for SQL access to Domino data which includes Query Views of Domino data, as well as any DB2-based application access to Domino data. Query Views of non-Domino data do NOT require the DB2 Access server. 1. Create a server ID for the DB2 Access server.
235
2. (Domino administrator) Install the DB2 Access server on the server running DB2. 3. (Domino administrator) Enable the DB2 Access server. 4. (Domino administrator) To verify that the DB2 Access server is installed and configured properly, use the Test DB2 Access feature from the Domino Administrator client. 5. (Domino administrator) Restart the Domino server and the Domino Administrator. 6. (Domino administrator) Map the DB2 user name to a Notes user name. As a final validation, create a database, and then verify that the database exists in DB2.
Installing Domino and DB2 on IBM AIX and Linux platforms

Installing and setting up the DB2 server
1. (IBM(R) AIX(R) or Linux(R) Admin) Create the DB2 installation user account. 2. (DB2 or IBM AIX or Linux admin logged on using installation user account) Install DB2 on IBM AIX.
Setting up the DB2 server environment

1. Create a DB2 administrator account. 2. (AIX or Linux Admin) From AIX or Linux OS or from the AIX or Linux administrator tool, create three primary groups. 3. (DB2 administrator) Determine whether your DB2 configuration already has a SYSCTRL_GROUP. 4. On the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server, log in using the Instance owner user account name and password. In a remote configuration, the IBM(R) Lotus(R) Domino(TM) user account can be the same ID as the Instance owners user ID. 5. Add the Domino server user account to the DB2DOM group or to whatever group you have designated as the SYSCTRL_GROUP. 6. (Instance owner)Update the DB2 configuration by entering these commands from the CLP window:
DB2STOP DB2START
7. From AIX or Linux OS or from the AIX or Linux administrator tool, create three user accounts and add them to groups you created in step 2. 8. (DB2 Administrator) If your configuration includes a DB2 Run-Time Client, install the DB2 Run-Time Client on the computer on which you installed the Domino server. 9. Restart the Domino server. 10. DB2 administrator) Install IOCP on the same server on which you will install the DB2 Access server. 11. (Domino administrator) Restart the Domino server and the administrator client.
Setting up the Domino server environment

1. (Domino administrator) Install and set up the Domino server.
236

1. (Domino administrator)From the Domino Administrator, run the DB2 Server Enablement Tool to enable the Domino server to communicate with DB2. 2. Grant the SETSESSIONUSER privilege to the Domino server user 3. If you are using a remote DB2 server, complete the steps in the topic Using a remote DB2 server with server enablement.
(Optional) Installing the DB2 Access server

Installing the DB2 Access server is optional. Determine whether you need to install it. The DB2 Access server is required for SQL access to Domino data which includes Query Views of Domino data, as well as any DB2-based application access to Domino data. Query Views of non-Domino data do NOT require the DB2 Access server. 1. (Domino administrator)Create a server ID for the DB2 Access server . 2. (Domino administrator)Install the DB2 Access server on the server running DB2 3. (Domino administrator) Enable the DB2 Access server. 4. (Domino administrator) To verify that the DB2 Access server is installed and configured properly, use the Test DB2 Access feature from the Domino Administrator client. 5. (DB2 administrator) Map the DB2 user name to a Notes user name
Verify your installation

Complete the AIX or Linux post-installation validation procedure. As a final validation, create a database, and then verify that the database exists in DB2.
Setting up the Domino server environment for use with Domino and DB2
1. (Domino administrator) Install and set up the IBM(R) Lotus(R) Domino(TM) server and the Domino Administrator. For instructions, see Chapters 1 - 3 of Administering the Domino System, or see the Domino Administrator Help. 2. Start the Domino server. When you start the Domino server, you are prompted to specify whether to run Domino as an application or a Microsoft(R) Windows(R) service. Choose application. 3. (Domino administrator)On the Domino server, permanently enable transaction logging. (Domino administrator) Note: Enabling IBM(R) DB2 Universal Database(TM) Enterprise Server Edition functionality on the Domino server requires that Domino transaction logging be enabled first. Linear, circular or archival transaction logging can be used. Domino transaction log space will be used to store only data from NSF databases that have logging enabled. All DB2 enabled IBM(R) Lotus(R) Notes(R) databases will have logging enabled, but the DB2 transaction log will be used to store data from DB2 enabled Notes databases. Because DB2 is handling this logging, if you are only using DB2 enabled Notes databases, the Domino transaction log can safely be set to minimum size. 4. Stop the Domino server. 5. (Domino admin) If the DB2 server is not installed on the same computer with the Domino server, install the DB2 Run Time Client on the computer with the Domino server. The DB2 server install includes DB2 client libraries which
237
Domino requires access to. If the DB2 server is on the same computer with the Domino server, Domino can use those libraries. 6. (Domino administrator)Start the Domino server.
Creating the DB2 installation account

You must have a DB2 installation account and use that user account to log on to a local computer to install the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server. The DB2 Server Enablement tool uses this user account during the DB2 server setup. The DB2 installation account can be a local or domain user account that you create at the OS level in Microsoft(R) Windows(R) or IBM(R) AIX(R) and it must belong to the Administrators group on the computer on which you are performing the DB2 installation. On IBM AIX platforms, the DB2 installation account is typically the root account. For details about creating user or domain accounts and assigning Administrator rights, see your Microsoft Windows or IBM AIX documentation. For example, in Microsoft Windows, create the account from the Control Panel - Administrative Tools, and then assign the Administrator rights listed below to the account from Control Panel - Local Security Policy. The installation account must be granted the following rights: v v v v Act as part of the operating system Create a token object Increase quotas Replace a process level token
If the Administrators group already has the administrator rights, there is no need to specifically add the DB2 installation account because these rights will be inherited. Note: If you want the DB2 Setup wizard to create a new DB2 administration server user account, which is a domain user account, the installation account that you use to perform the DB2 installation must also be assigned the right to create domain user accounts and it must belong to the Administrators group on the computer on which you are performing the DB2 installation. For more information about the DB2 installation account, go to the DB2 Information Center http://publib.boulder.ibm.com/infocenter/db2help/index.jsp. After you create the DB2 installation account and assign the necessary rights, log in using the DB2 installation account to begin installing DB2. If you are using an IBM AIX platform, return to the roadmap topic Installing and setting up the DB2 server.
Installing and Setting up DB2 on Microsoft Windows

Before you run the DB2 Setup wizard, set up one user account at the operating system level that you will use to install IBM(R) DB2 Universal Database(TM) Enterprise Server Edition. This DB2 installation user account must have Administrator rights and must adhere to the DB2 naming rules.
238
For information about the DB2 installation account, see Creating the DB2 installation account. When you install or reinstall DB2, be sure to establish or reestablish DB2 environment variables and tuning parameters by setting the parameter DB2_USE_ALTERNATE_PAGE_CLEANING=. For information about setting the environment variables and tuning parameters, see the topic Improving Domino and DB2 Performance.
Transaction Logging
As previously mentioned, transaction logging must be enabled on the IBM(R) Lotus(R) Domino(TM) server before you install DB2. Ensure that you have enabled transaction logging. On the Server document on which you enable transaction logging, set the Log file size to at least 192 MB.
Setting up DB2 on Microsoft Windows

Follow these steps to set up DB2 on Microsoft(R) Windows(R) systems. 1. Run SETUP.EXE. 2. Click Install Product. 3. Choose DB2 UDB Enterprise Server Edition. 4. Click Next. The DB2 Setup wizard runs. 5. Make these selections: v Select the Typical installation option unless you wish to add additional DB2 features. v Select the default DB2 administrator name unless you are using other naming standards. v Set up an Administration Contact List. Create a Local contact list on the system unless you are using remote notification. v Enter the host name of your Domino server in the Notification SMTP Server field unless you have another SMTP server that you are using. This assumes that your Domino server is running SMTP. v Accept the default settings to configure DB2 instances. Keep a record of the instance name, as it is required to configure Domino to work with DB2. v You do not need to prepare the DB2 Tools Catalog. v You are not required to specify a contact for Health Monitor Notification, but you may choose to enter the name and Internet e-mail address of your DB2 Administrator. v Do not enable operating system security. Return to the topic Setting up the Domino server environment for use with Domino and DB2.
Installing DB2 on IBM AIX and Linux platforms

Note: Only 64-bit Instances are supported on IBM(R) AIX(R) and on Linux(R).
Installing DB2
1. Locate the file ese.dbcs.tar.Z. 2. Uncompress ese.dbcs.tar.Z, and then tar -xvf ese.dbcs.tar. 3. Log in as root. 4. From the ese.dbcs directory, run db2setup. 5. Install these options:
239
6.
7. 8. 9. 10.
v DB2 UDB Enterprise Server Edition v DB2 Application Development Client v DB2 Administration Client Enter the name of the DAS user that you created. (You created a DAS user account when you created users and groups when installing IBM(R) Lotus(R) Domino(TM) and DB2 on IBM AIX.) Create a DB2 instance on a 64-bit single partition server. Make the DB2 instance owner account the owner of the DB2 instance. Enter the DB2 Fenced user account name. When you have completed entering the requested information, click Finish. From the DB2 CLP, assign the proper privileges to the DB2DOM group by entering:
Db2 update dbm cfg using SYSCTRL_GROUP db2dom
Verify that your DB2 setup on IBM AIX or Linux is correct

1. Log in as db2inst1. 2. Enter DB2. 3. At the command line processor (CLP), type this command to create a test database:
Db2 create db test
4. Type these commands to display a list of DB2 databases:

Db2 list db directory Db2 connect to test Db2 connect reset
Return to the roadmap topic Installing and setting up the DB2 server.
Creating the DB2 administrator and administration server account

You create the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition administrator account during the DB2 installation process. The DB2 administrator account is also called the DB2 Administration server (DAS) user account. DAS is a DB2 administration service that supports the GUI tools and assists with administration tasks on local and remote DB2 servers. The DAS user account logs the DAS service on to the computer when the DAS service is started. It can be a local user account or a domain user account. It is recommended that the DAS user account have SYSADM authority on each DB2 system in your environment so that it can start or stop other instances as necessary. Note: By default, any user that is part of the Administrator group has SYSADM authority. The DB2 administrator account starts the DB2 services, such as DB2 DAS, DB2 Remote Command server, DB2 Governor, and other DB2 services. You can create the DAS account before you install DB2 or you can use the DB2 Setup wizard to create it. The DAS account must be granted these rights: v Act as part of the operating system v Create a token object v Log on as a service v Increase quotas
240
v Replace a process level token The DB2 administrator account must belong to the Administrators group on the machine on which you perform the DB2 installation. If you are using an IBM(R) AIX(R) or Linux(R) platform,return to the roadmap topic Setting up the DB2 server environment.
Create the DB2 primary groups

1. (IBM(R) AIX(R) or Linux(R) admin) From the AIX or Linux OS or from the AIX or Linux administrator tool, create these three primary groups: Note: You are creating a group for each of the three users listed in Step 10. v DAS user group. For example, use group name db2asgrp. v Fenced user group for the user who owns the DB2 Access server. For example, use the group name db2fadm1. v Instance owner account group. For example, use the group name db2iadm1. Return to the roadmap topic Setting up the DB2 server environment.
Creating the DB2 user accounts and adding the users to groups
1. (IBM(R) AIX(R) or Linux(R) admin) From the IBM(R) AIX(R) or Linux OS or from the AIX or Linux administrator tool, create these three user accounts and then add the user to the corresponding group you created in Step 6. v DB2 instance owner -- When you create this account, it is automatically created in the home directory. v Fenced -- DB2 Fenced User runs user-defined functions (DB2 Access) and stores procedures outside of the address space used by the DB2 database. v DAS account -- DAS account runs the DB2 server on your system.
Required user Instance owner Fenced user DB2 administration server user Example user name db2inst1 db2fenc1 db2as Example primary group name db2iadm1 db2fadm1 db2asgrp
User name db2inst1 db2fenc1 db2as
Primary group db2iadm1 db2fadm1 db2asgrp
Secondary groups Db2asgrp, db2dom db2dom Db2iadm1, db2dom
Return to the roadmap topic Setting up the DB2 server environment.
Determining whether you have a SYSCTRL group

1. ( DB2 Administrator)Determine whether your IBM(R) DB2 Universal Database(TM) Enterprise Server Edition configuration has a SYSCTRL group by entering this command from the DB2 Command Line Processor (CLP):
241
GET DBM CFG
2. ( DB2 Administrator) If your DB2 configuration has a SYSCTRL_GROUP, you can omit this step. If your DB2 configuration does not have a SYSCTRL_GROUP, set up DB2DOM as the SYSCTRL_GROUP in DB2 by entering this command from the DB2 CLP:
Update dbm cfg using SYSCTRL_GROUP DB2DOM
3. ( DB2 Administrator)Update the DB2 configuration by entering these commands from the CLP window:
DB2STOP DB2START
If you are working with a Microsoft(R) Windows(R) platform, return to the roadmap topic Setting up the DB2 server environment. If you are working on an IBM(R) AIX(R) platform, return to the roadmap topic Setting up the DB2 server environment.
Manually creating the Domino server user account and the DB2DOM group
1. Use the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition naming conventions to create a Microsoft(R) Windows(R) user account. 2. Specify a password for the new user account, and then click Create to save the user name and password. Exit that dialog box. 3. Create a new Windows group and name it DB2DOM. 4. Add the new user to the DB2DOM group. When you click Create, the DB2DOM group is added to the group list. If you are using a Microsoft Windows platform, return to the roadmap topic Setting up the DB2 server environment. If you are using an IBM(R) AIX(R) or Linux platform, return to the roadmap topic Setting up the DB2 server environment.
Designating the DB2DOM group a system control group and adding the Domino server user to the system control group
If you already have a SYSCTRL group that you want to use, you can add the IBM(R) Lotus(R) Domino(TM) server user to the existing group instead of creating a new group. 1. From the Microsoft(R) Windows(R) desktop, choose Start - Programs - IBM DB2 - Command Line Tools - Command Line Processor. 2. From the command line processor (CLP), enter this command to define DB2DOM as a system control group:
Update dbm cfg using SYSCTRL_GROUP DB2DOM
This message appears: Completed Successfully. 3. From the CLP, enter this command to stop the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server:
db2stop
4. From the CLP, enter this command to restart the DB2 server:
db2start
5. Enter this command to exit the CLP:
242
Quit
6. Enter this command to close the command window:

Exit
If you are working with a Microsoft(R) Windows(R) platform, return to the roadmap topic Setting up the DB2 server environment. If you are working on an IBM(R) AIX(R) or Linux(R) platform, return to the roadmap topic Setting up the DB2 server environment.

Use the DB2 Server Enablement Tool, available from the IBM(R) Lotus(R) Domino(TM) Administrator client, to automatically enable Domino to access an IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server. Or, you can manually enable Domino to access a DB2 server. When you enable a Domino server for DB2, Domino stores its IBM(R) Lotus(R) Notes(R) data in DB2. When a Notes database is enabled for DB2, Domino creates a DB2 database schema for it, as well as a set of tables in that schema to hold the Notes database data. The schema name is based on the NSF file name. The DB2 Server Enablement Tool is the recommended method of enabling Domino access to a DB2 server. The DB2 Server Enablement Tool does the following: v Checks for a valid DB2 library path and does one of these: On Microsoft(R) Windows(R) -- If a valid DB2 library path is located, the Enable Server for DB2 Based Data dialog box displays with the focus in the field, DB2 Library Path. If a valid DB2 library path is not located, Domino posts a message stating you must install DB2 prior to enabling the Domino server. On IBM(R) AIX(R) -- A dialog box displays in which you can enter the default DB2 install path. If you have not installed DB2, you must do so before proceeding. v Inserts the DB2 user name and password in the Domino server ID. v Checks the accuracy of the DB2 information that you entered. (If any DB2 information is incorrect, the Enable Server for DB2-Based Data dialog box displays with the focus in the field containing the incorrect information.) If the DB2 information is accurate, Domino does the following: Writes the configuration information to the NOTES.INI file. Populates the fields on the DB2 tab of the Server document on the administration server and replicates the Server document back to the originating server. To allow the Server document to be updated, the administration process must by running on all of your servers and a replication schedule must be enabled between the administration server and the server you are enabling. v Enables DB2 as a data store for Domino, which enables Domino to use DB2. The fact that DB2 is used as a data store is transparent to Notes client users. Only administrators are aware of this. Notes users use Domino Notes as usual; Domino uses DB2. v The DB2 database is created when the Domino server starts up after the DB2-enablement process. Domino uses the administration process to create that database, and the administration process requires that the administration server is running. After the database is created, the default schemas, domino.catalog, and other objects are created.
243
The administration process posts an administration request in the local copy of the Administration Requests database (ADMIN4.NSF). The replicator then replicates ADMIN4.NSF to the administration server. The administration process on the administration server processes the administration request and updates the Server document with the new information. The replicator then replicates the changes to the Server document on the originating server.
The Domino server user

The Domino server user name and password are stored in the Domino servers ID file. The Domino server user account enables Domino to access a DB2 server. Create one Domino server user account for each Domino server. Note: If you are using Microsoft Windows and you have already created a system control group to which you want to add the Domino server user, add the Domino server user to that group. After creating the Domino server user account, create a Domino server user group named DB2DOM and add the Domino server user to that group. You must then manually define DB2DOM as a system control group in DB2. The system control group parameter assigns system control (SYSCTRL) authority to the group name. The Domino server user account is a member of the DB2DOM group that has SYSCTRL authority; and as such, the Domino server user account has the right to allow Domino to access the DB2 server. The Domino server user has complete authorization over the DB2 database and its contents. This server user acts on behalf of all Notes users. Note: If you have a Windows user account that you want to use as the Domino server user, begin this process with Step 3 of the procedure in the topic Manually creating the Domino server user account and the DB2DOM group.
Activating the SYSCTRL_GROUP setting

This information applies regardless of whether you use the Server Enablement Tool or you manually create the Domino server user and DB2DOM group. If the SYSCTRL_GROUP is set up for the first time in DB2, stop and start the DB2 server by issuing the following commands from the DB2 Command Line Processor (CLP):
DB2STOP DB2START
To successfully create the original DB2 database during the server enablement process, you must be logged on to the Domino server with a user name that meets this criteria: v You must be logged on to the Domino server with the user name of the owner of the Domino server v The user name must be in the SYSADM group v The user name must meet DB2 naming conventions for the platform on which you are running the Domino server. For information about the DB2 naming conventions, go to the DB2 Information Center http://publib.boulder.ibm.com/ infocenter/db2help/index.jsp. In this procedure, all of the steps apply to all supported platforms unless there is a notation at the beginning of the step that indicates it is for IBM(R) AIX(R) only or Microsoft Windows only. If a step does not apply to your configuration, just omit that step and proceed to the next step.
244
Prerequisites
1. From the Domino Administrator, point to the server you are enabling. 2. Have this information available before you begin the procedure: v The name of the DB2 instance that you created when you installed DB2. If you are using Microsoft Windows, the default instance name is DB2; on AIX, it is whatever you named it. v The Domino server account name and password. This is a user name created at the OS level that will be used by the Domino server to access the DB2 server. This user account must have at least SYSCTRL_GROUP access in DB2 or it must be a member of the group, DB2DOM. v The server ID that you created for the DB2 Access server. v The location where you installed the DB2 Access server. This path is used in the DB2 Access Path field of the Server document and in the DB2 Server Enablement tool.
Procedure
1. From the Domino Administrator, click Configuration. 2. Click DB2 Server -- Enable Server for DB2. Note: If the feature Enable Server for DB2 is not active, the Domino server is already enabled for DB2, or you are using a pre-Domino 7 version of the Lotus Domino and Notes software, or you are using a platform other than Microsoft(R) Windows(R) or IBM AIX.
Field Action
DB2 and Domino are on different systems or If any of these conditions are true, click this DB2 is 64-bit on AIX server check box: v DB2 and Domino are installed on different computers. v 64-bit DB2 instance is used on the DB2 AIX server. v You are using the DB2 Run-Time Client on the Domino server. DB2 Instance Name Enter the DB2 instance name that you created when you installed the DB2 server. Note: This field only applies to local configurations.
245
Field DB2 Datastore Directory
Action (Optional) Enter the full path and name of the directory where the DB2 group data will be stored relative to the Domino server. For example, v In Microsoft Windows(R), a sample path is: c:\db2db\srvr\ v In IBM AIX, a sample path is: /local1/db2inst1/db2dir/ Users must have appropriate access rights for the directory that you enter. Note: If multiple Domino servers are connected to different instances of the same DB2 server, the directory that you specify must be unique for each Domino server, or the Directory field must be blank for each Domino server. This is an advanced setting and in most cases, the default can be used.
DB2 Database Name
Enter a database name, or accept DOMINO as the default DB2 database. The DB2 database name is stored in the NOTES.INI variable DB2DATABASE. If you later delete or modify this value, Dominos DB2 capabilities are effectively disabled. The DB2 database name is used as the basis for the names of the database, buffer pool, tablespaces, and schema. Enter the name of the remote server that will store data. This field applies only to remote configurations. Enter the port number or service name for the remote instance of DB2. This field applies only to remote configurations. Open the DB2 Control Center to obtain this information, and then right click the instance to which you are connecting. Select Setup Communications. Review the TCP/IP properties. An example of a service name is db2c_DB2. An example of a port number is 50000. You can use either in this field.
Host Name
Port Number/Service Name
OS account name to be used by Domino to access DB2
This user name is an operating system user account name that Domino uses to access the DB2 server. This is a Microsoft Windows(R) or IBM(R) AIX(R) account. If you are using IBM AIX, you can only enter an existing user account name; you cannot create one from this dialog box. Do one: v Enter a new name to create the new user account. This option applies only to Microsoft Windows. v Enter an existing user account name if you have created one that you want to use. It must be an OS user account name.
246
Field DB2 Password
Action Enter the password for the new or existing user account name that you entered in the field OS account name to be used by Domino to access DB2. that The Domino server uses this password to access the DB2 server. Reenter the password. Number of days after which the DB2 password expires. This is the OS account password that Domino uses to access the DB2 server. Click this check box to update the OS system account password that Domino uses to access the DB2 server. When the check box is not checked, the password is stored but the OS server account password is not updated. This field applies if you have a remote configuration or if you are using a 64-bit DB2 instance on a DB2 AIX server. Enter the DB2 node name, that is, the name assigned to the DB2 server in the DB2 Node Directory. The node name acts as a pointer to the DB2 database, allowing you to access the DB2 server. The node name you enter cannot be a name that is assigned to another entity in the DB2 configuration. For example, the node name cannot be identical to the DB2 instance name nor the Domino server name. The DB2 server enablement tool uses the DB2 node name to create the DB2 node. Choose one: v DB2 (default) -- Creates DB2 databases. v NSF -- Creates Domino NSF databases.
Verify DB2 Password DB2 Password Expiration
Update system account password
DB2 Node Name
By default, create databases as
Immediately update the servers Domino Directory with DB2 information
Click this check box to update the Domino Directory immediately instead of waiting for the administration process to initiate the update. Click this check box to restart the server after the DB2 Server Enablement Tool runs and the DB2 information is added to the Domino Directory.
Automatically restart the Domino server upon successful enablement
3. Click Enable. 4. One of these occurs, according to platform: v Microsoft(R) Windows(R) -- A status box displays. If there are no errors, click OK. v IBM(R) AIX(R) or Linux(R) -- A series of messages appears. Review the messages, and then click Stop or Continue according to what you want to do. If you are using a remote DB2 server, see the topic Using a remote DB2 server with server enablement.
247
If you are using a Microsoft Windows platform, return to the roadmap topic Enabling the Domino server to communicate with the DB2 server If you are using an IBM AIX or Linux platform, return to the roadmap topic Enabling the Domino server to communicate with the DB2 server.
Granting SETSESSIONUSER privilege to the Domino server user

Complete this procedure after you successfully complete the procedure to enable the IBM(R) Lotus(R) Domino(TM) server to communicate with the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server. You must grant SETSESSIONUSER privilege to the Domino server user in order to execute Query views. For information about creating DB2 user accounts and granting privileges in DB2, go to the DB2 Information Center http://publib.boulder.ibm.com/infocenter/ db2help/index.jsp. 1. Ensure that the Domino server user is a member of the group DB2DOM (SYSCTRL_GROUP). 2. Ensure that you have at least one other DB2 user account that has SYSADM authority. 3. 4. 5. 6. Connect to the DB2 database using the User ID that has SYSADM authority. Grant SECADM authority to the Domino server ID. Connect to the DB2 database using the Domino server ID. Grant SETSESSIONUSER privilege to the group, DB2DOM.
Example
Make the following assumptions: v The local DB2 Instance, DB2, runs as the OS User ID db2admin. v db2admin has SYSADM authority because either db2admin is in the group specified by SYSADM_GROUP=xxx in the DB2 Instance configuration, or SYSADM_GROUP= is blank and db2admin is in the local Administrators group. v The DB2 database is named DOMINO. v The Domino server connects to the DB2 database as the OS User ID, DominoServerUserID. v The DB2 Instance configuration specifies SYSCTRL_GROUP=DB2DOM. v DominoServerUserID is a member of the OS group, DB2DOM. You can perform these steps to set up the correct privileges: 1. Type this command:
db2 connect to DOMINO user db2admin
2. When prompted, specify the password. db2admin now has SYSADM authority. 3. Type this command:
db2 grant secadm on database to user DominoServerUserID
4. Type this command:

db2 connect to DOMINO user DominoServerUserID
5. When prompted, specify the password. DominoServerUserID now has SECADM authority. 6. Type this command:
db2 grant SETSESSIONUSER on public to group DB2DOM
248
Domino now has the SETSESSIONUSER privilege when needed. If you are using a Microsoft(R) Windows(R) platform, return to the roadmap topic Enabling the Domino server to communicate with the DB2 server. If you are using an IBM(R) AIX(R) or Linux(R) platform, return to the roadmap topic Enabling the Domino server to communicate with the DB2 server.
Using a remote DB2 server with server enablement

A new database is created in IBM(R) Lotus(R) Domino(TM) and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition configurations that include a remote DB2 server. The new database has this format:
A<database name>
In keeping with the above format, an example of such a database name is ADOMINO. If the DB2 server is remote, the computer on which the Domino server is installed must have at least the DB2 Run-Time Client installed on it. Note: It could also have ESE installed.
Example of a remote configuration

In this example there are two computers: v Computer A -- IBM(R) AIX(R) with the Domino server and the DB2 Run-Time Client installed. ls05.notesdev.ibm.com On computer A we are using a db2instance named: db2inst2 v Computer B -- IBM AIX with the DB2 server ESE the remote machine installed on it. p5viper.notesdev.ibm.com On computer B we are using a db2instance named: db2inst5 (port 50003 ) The environment of the user who starts the Domino server must contain the setting DB2INSTANCE=db2inst2. The Domino server is started with transaction logging enabled. During server enablement, the Domino Administrator client creates a DB2 node on computer A, using the information supplied to the Domino Administrator client.
v DB2 nodename: v Host name: v Port number/ service name: nodeaa p5viper.notesdev.ibm.com 50003.00
At server startup, using the information supplied to the Domino Administrator client, the following occurs: v The DB2 database is created on computer B as database: ADOMINO v The DB2 database is catalogued on computer A as database: DOMINO v DB2 database name is assigned: Domino The name of the DB2 database created on the DB2 server is the database name the user entered pre-pended with the letter A. Using the same example as above, the database name would be ADOMINO.
249
Manually cataloging the DB2 database that the Domino server will use
Complete these steps to ensure that the Domino server uses a db2node to get to the db2database. 1. To catalog a node, enter the following:
db2 catalog TCPIP node <node name> remote <machine name> server <port number> db2 catalog tcpip node nodename remote machine.notesdev.ibm.com server 50003
Note: This <node name> is in the Domino servers NOTES.INI setting DB2INSTANCE=nodename. 2. (Domino Administrator client ) Before restarting the DB2-enabled Domino server, run the DB2 command:
db2 list node directory
In the DB2INSTANCE db2inst2 on computer A, you will see the following information indicating that the DB2 node has been created:
$ id uid=5102(db2inst2) ... $ db2 list node directory Node Directory Number of entries in the directory = 1 Node 1 entry: Node name Comment Directory entry type Protocol Hostname Service name = NODEAA = nodeAA = LOCAL = TCPIP = p5viper.notesdev.ibm.com = 50003
3. To catalog a database, where the <database name> is in the Domino servers NOTES.INI setting DB2DATABASE=databasename, enter the following:
db2 catalog database <database name> at node <loop back node name> db2 catalog database authentication server adomino as <loop back db alias name> authentication server as Domino at node nodename
The first time that you start the DB2-enabled Domino server, the following occurs: v The database that is created on the remote DB2 server B is named: ADOMINO v The Domino startup process prepends the character A to the DB2 database name supplied to the Domino Administrator client. v The database is cataloged as DOMINO. 1. To verify that the DB2 database ADOMINO was created, enter the following command:
db2 list database directory
In the DB2INSTANCE db2inst5 on computer B, that is, the DB2 server, you will see this output indicating that the DB2 database ADOMINO was created:
$ id uid=5105(db2inst5) ... $ db2 list database directory System Database Directory Number of entries in the directory = 1
250
Database 1 entry: Database alias Database name Local database directory Database release level Comment Directory entry type Catalog database partition number Alternate server hostname Alternate server port number = ADOMINO = ADOMINO = /local1/db2inst5 = b.00 = = Indirect = 0 = =
To verify that the DB2 database DOMINO was cataloged in the DB2INSTANCE db2inst2 on computer A, that is, the Domino server , enter this command:
db2 list database directory
You will see the following output:

$ id uid=5102(db2inst2) ... $ db2 list database directory System Database Directory Number of entries in the directory = 1 Database 1 entry: Database alias Database name Node name Database release level Comment Directory entry type Authentication Catalog database partition number Alternate server hostname Alternate server port number = DOMINO = ADOMINO = NODEAA = b.00 = = Remote = SERVER = -1 = =
Creating a server ID for the DB2 Access server

Note: You only need to register a server and create a new server ID if you will be using the DB2 Access server. If you will be using DB2 Access Views (DAVs) and enabling the IBM(R) Lotus(R) Domino(TM) server to communicate with IBM(R) DB2 Universal Database(TM) Enterprise Server Edition, you need to perform this procedure and you also need to install and use the DB2 Access server. Before installing a DB2 Access server on the DB2 server, you need a server ID saved to a file. Use this server ID when you install the DB2 Access server. When you are registering a new server, be sure to select the DB2 Server access check box to create a server ID specifically for the DB2 Access server. Be sure to make note of the server ID path and file name, because you are required to enter this information when installing the DB2 Access server. 1. From the Domino Administrator, click the Configuration tab. 2. From the Tools pane, click Registration - Server. 3. From the Domino Administrator, do one of the following:
251
a. To use the CA process, click Server, and then select a server that has the Domino Directory that contains the Certificate Authority records and the copy of the Administration Requests database (ADMIN4.NSF) that will be updated with the request for the new certificate. Then click Use the CA Process, select a CA-configured certifier from the list, and click OK. b. To provide the certifier ID, select the registration server. Then click Certifier ID and locate the certifier ID file. Click OK, enter the password for the certifier ID, and click OK.
Field Registration Server Certifier Action Click Registration to specify the registration server, and then click OK. If the certifier ID displayed is NOT the one you want to use for all servers registered in this session, or if you want to use the Domino server-based CA instead of a certifier ID, click Certifier and return to Step 4.
Certificate Authority Not applicable for DB2 Access server. Public key specification Choose one: v Compatible with all releases (630 bits) v Compatible with Release 6 and later (1024 bits) License type Choose North American (default) or International. In practice, there is no difference between a North American and an International ID type. (Optional) Enter a date in mm-dd-yyyy format in the Certificate Expiration Date box. The default expiration date is 100 years after the current date, minus allowances for leap years.
Expiration date
Certificate Authority Accept the default of None Available.
4. On the Basics tab of the Register New Server(s) dialog box, complete these fields:
Field Server name Server title Action Enter the name of the new server. Enter the server title. The Configuration tab in the All Server Documents view and the Server Title field of the Server document display this title. The default domain name is usually the same as the name of the organization certifier ID.
Domino domain name
Server administrator Enter the name of the person who administers the server. name ID file password Password Options Location for storing server ID Do not assign a password. Password quality scale. Not applicable for DB2 Access server. Deselect the default setting In Domino Directory. Select In File, and then click Set ID File. Select the name and path for the file, and click Save. Make note of the full path because you will be required to enter it later. Note: You can also save the server ID to the default path, Notes client\ data\ids\servers directory.
5. Click Advanced, and select the check box This server is a DB2 Access server only.
252
6. Click the green check box to add the server to the registration queue. Note: The server registration queue displays the names of the servers that are ready to be registered. To display the settings for a specific server, select the servers name. 7. Click Register All. 8. Click Done. If you are using a Microsoft(R) Windows(R) platform, return to the roadmap topic Setting up the DB2 Access Server. If you are using an IBM(R) AIX(R) or Linux(R) platform, return to the topic Installing the DB2 Access server.
Installing the DB2 Access server on the DB2 server

Install the DB2 Access server if you want to make IBM(R) Lotus(R) Domino(TM) data available in IBM IBM(R) DB2 Universal Database(TM) Enterprise Server Edition. If you only host NSF databases in DB2, you do not need to install the DB2 Access server. The DB2 Access server facilitates your use of the IBM(R) Lotus(R) Domino(TM) Designer view functions for DB2 by enabling Dominos user security. Install the DB2 Access server on the DB2 server that hosts IBM(R) Lotus(R) Notes(R) data. This can be the same computer on which Domino is installed for a local configuration, or it may be a different computer in a remote configuration. The DB2 Access server enforces Domino database security, such as ACLs and reader lists for DB2-enabled data. If the DB2 Access server is not installed properly, the DB2 Designer functions will not be available and you will not be able to access DB2 data. Install and enable the DB2 Access server to allow DB2 to access Domino data. The DB2 Access server requires a server ID. Copy the server ID file that you are using for the DB2 Access server to the server on which you are installing the DB2 Access server. If you have not completed the procedure Creating a server ID for the DB2 Access server, do so before installing the DB2 Access server on the DB2 server. Note: The DB2 Access server cannot cross-certify Domino servers from domains other than its own domain. When you install the DB2 Access server, a DB2 Access Server Connection document is created when the Domino server is started. This DB2 Access Server Connection document connects the DB2 Access server and a Domino server that you designate using the Domino Administrator. The DB2 Access Server Connection document contains a configuration-only Domino Directory. We recommend that you perform the DB2 Access server installation prior to running the DB2 Server Enablement Tool from the Domino Administrator. If you perform the DB2 Access server installation after running the DB2 Server Enablement Tool, you must complete Step 3 of this procedure. After you install the DB2 Access server, Domino changes the name of the server ID file to USER.ID and stores the file in the data directory for the DB2 Access server. Note: If your configuration includes the DB2 Access Server, TCPIP is the only supported port setting. Any other configured port settings are disabled.
253
Performing the DB2 Access server install

On Microsoft(R) Windows(R) systems, install the DB2 Access Server to the DB2 function directory, for example, C:\program files\ibm\sqllib\function. There is an alternative that is not recommended. The alternative is to install the DB2 Access server to any location, and then enter the full path for that location in the Path environment variable. Note: If you have un-installed the DB2 Access server and you are installing it to a different directory, you must restart the DB2 server to allow the new path for the DB2 Access server to take effect.
Prerequisites
1. Gather the following information before running the setup program. While the InstallShield Wizard is running, you will be prompted to enter: v The location where the local DB2 server is installed. The subdirectory is always SQLLIB, but you need the complete path. v The name of the DB2 Access server ID file and the location where the server ID file is stored. Enter the complete server ID path with filename. v For IBM(R) AIX(R) configurations, you must be logged on as the root user to perform the installation. The root user must be a member of the group SYSADMIN_GROUP. v For AIX configuration, you need to know the DB2 Instance name. v For AIX configurations, you need a temporary directory of approximately 150 megabytes. 2. Before beginning the installation process, you must have already created (registered) a new server and retained the server ID.
Procedure
1. Run the Domino DB2 Access setup file. The InstallShield Wizard for IBM DB2 Access for Lotus Domino runs. 2. If you are using Microsoft Windows, skip this step. On AIX only, review the log file, DB2SETSTDOUT.LOG, to determine whether the install was successful. The log file is in the directory that contains the DB2 Access server files. For example, in AIX the log file is in this directory: /opt/IBM/DALD/ DB2SETSTDOUT.LOG. 3. When the InstallShield Wizard completes the installation, do one of these: v If you installed the DB2 Access server prior to running the DB2 Server Enablement tool, you are done installing the DB2 Access server. You may now proceed to run the DB2 Server Enablement Tool. After running the DB2 Server Enablement tool, run the Enable DB2 Access tool. OR v If you installed the DB2 Access server after running the DB2 Server Enablement tool, run the Enable DB2 Access tool. For information about the information that is returned by the DB2 INFO command, see the topic DB2 INFO. If you are using a Microsoft Windows(R) platform, return to the roadmap topic Setting up the DB2 Access server. If you are using an IBM AIX or Linux(R) platform, return to the roadmap topic Installing the DB2 Access server.
254
Enabling the DB2 Access Server

1. From the IBM(R) Lotus(R) Domino(TM) Administrator client, click Configuration - Tools - Enable DB2 Access. 2. Specify the DB2 Access Server name on the DB2 Access Enable dialog box, and then click OK. Note: The DB2 Access Server name was the ID created in Creating a server id for DB2 Access Server and you specify the actual server name, not the file name, for example, udfserver/domain 3. Review the DB2 Access Enable Results information box that displays, and then click OK. If you are using a Microsoft(R) Windows(R) platform, return to the roadmap topic Setting up the DB2 Access Server. If you are using an IBM(R) AIX(R) or Linux(R) platform, return to the topic Installing the DB2 Access server.
Testing the DB2 Access server configuration

Use the DB2 Access Test tool to test the configuration of the DB2 Access server. The DB2 Access Test tool tests all DB2 Access servers field parameters from the Server document and all DB2 Access server settings from the NOTES.INI file. If all fields and settings are correct, it tests the connection between the DB2 Access server and the selected IBM(R) Lotus(R) Domino(TM) server, verifies whether the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition functions and properties exist, determines whether the DB2 Access server Connection document is valid, and attempts to open the Domino Directory on the DB2 Access Server. If the DB2 Access Test tool locates any problems, the information is returned to the Domino server console or to the Domino Administrator client. 1. From the Domino Administrator, click the Configuration tab. 2. From the Tools panel, click DB2 Server - Test DB2 Access. If you are using a Microsoft(R) Windows(R) platform, return to the roadmap topic Setting up the DB2 Access server. If you are using an IBM(R) AIX(R) or Linux(R) platform, return to the roadmap topic Installing the DB2 Access server.
Mapping the DB2 ID to a Notes ID in the Domino servers Domino Directory

IBM(R) Lotus(R) Domino(TM) and DB2 enables IBM(R) Lotus(R) Notes(R) applications to use query views to access IBM(R) DB2 Universal Database(TM) Enterprise Server Edition data and enables DB2 users to view and manipulate Notes data using Structured Query Language (SQL). Domino manages access to Notes data when the data is stored in an NSF file or in DB2, and also manages SQL access to Notes data. DB2 manages access to all other DB2 objects (tables). Lotus Notes client users need a Notes ID and, if they require access to DB2 databases on a DB2 server, they also need a DB2 user ID. This DB2 ID, or user name, is an OS user name. Domino and DB2 use different methods for administering user accounts; therefore, users sometimes need to be explicitly mapped from one system to the other. User mappings are required for executing query views and for SQL access to Notes data stored in a Domino Access View (DAV). In the case of a DAV, the user connects to DB2 using a DB2 user ID and the
255
mapping is used to associate a Notes user ID with the DB2 user for the purpose of checking server and Notes database permissions. No explicit user mapping or default user mapping is required for normal use of the Domino server, including access to DB2 enabled Notes databases. Use the Domino Administrator to map an individual Notes user to a specific DB2 user name. If an explicit mapping of a DB2 user to a Notes user does not exist, you can set up a default DB2 user name that can be used in place of an explicit DB2 user mapping. This default DB2 user mapping is sufficient when working with most query views, but cannot be used with Domino Access Views. When querying a DAV, you must use an explicit user mapping. When Domino executes a query view, Domino attempts to find a matching DB2 user name. If an explicit mapping is present, that mapping is used. If an explicit mapping does not exist, and a default DB2 user name is defined, Domino executes the query as the default DB2 user. If you are using Notes query views to query DB2 data which is not managed by the Domino server (that is, data not in Notes databases), use explicit user mappings to associate a DB2 user ID with a Notes user ID for the purpose of checking DB2 privileges for these DB2 objects. If you are using Notes query views to view Notes databases stored in DB2, you can create and use a default user mapping. Notes security, that is ACLs and reader lists, is enforced in both cases. When SQL is issued against DB2 tables, two security processes are used. First, standard DB2 security is used to check for access at the table level. The DB2 user ID is compared to the permissions granted to that user ID, and the request is approved or denied based on those permissions. Second, Domino ACL security is enforced when the SQL statement references data in a DAV -- data that originated in Notes Domino.
Applications using query views

If you have applications that use query views, create a default DB2 user for the query views. Query views are run using the userss Notes ID. Notes security with ACLs and reader lists is enforced.
Query views and DB2 federated data

DB2 federated data is the data that DB2 obtains from other relational databases such as Oracle. Create explicit user mappings or use a default user mapping. When you define a federated data wrapper in DB2, DB2 creates a local nickname for the foreign table. Access to this proxy object from a Notes query view is controlled by DB2 and the mapped DB2 user name is used. The connection to the federated database is accomplished using a special connection between Domino and the federated database. There is no user level grant and deny capability in the foreign datasource. Access to the foreign data is managed in the Domino database by controlling access to the nickname. For more information about how to map user names, see the topic Mapping DB2 user names to Notes user names. For more information about setting up and enabling a default DB2 user, see the topic Changing or deleting the default DB2 user name for use with query views.
Mapping DB2 user names to Notes user names

Use this procedure to map DB2 uses names to Notes user names. 1. From the Domino Administrator, click People and Groups.
256
2. Click People. Select the person for whom you are mapping a DB2 account user name to a Notes user name. 3. Click Tools - People - Set DB2 User Name.
Field Copy from shortname field, if available Action Click this check box if there is an existing network account name in the Person document and you want to use the shortname. Choose a default name format. For example, LastName FirstName. If Enter Discrete Name is chosen here, the Discrete Name field displays. Separator Choose a separator to separate the name components. For example, an underscore character separates the first name from the last name. If Enter Custom pattern is selected in the Default format field, the Separator field does not display. Format pattern This field appears only if Enter Custom pattern is selected in the Default format field. Enter the custom pattern you want to use. For example, you could use FirstInitialLastName. To view a list of the valid characters you can use to create a custom pattern, see the topic Using formulas to create custom patterns in user names. Discrete name This field displays if Enter Discrete Name is selected in the Default Format field. Enter the users discrete name, that is, a name you enter individually -- not a name generated by specifying a pattern. Make resulting name uppercase Choose this option if you want to display the DB2 user name in uppercase characters.
Default format
Using formulas to create custom patterns in user names

When defining a custom pattern for creating user names, you can use the characters and symbols shown in the table below to create the custom patterns. Enter the custom patters in the Format Pattern field of the Set DB2 User Name dialog box. Example For example, you can create a formula for the custom pattern of LastName followed by the underscore character followed by the OrganizationName: L_O
Character or Symbol F Represents First name
257
Character or Symbol L M T G O I C D V S _ . = %
Represents Last name Middle name Title Generation Organization name ID Location Department Server Short name Underscore Dot Equal Percent
If you are using a Microsoft(R) Windows(R) platform, return to the roadmap topic Setting up the DB2 Access server. If you are using an IBM(R) AIX(R) platform, return to the roadmap topic Installing the DB2 Access server.
Setting and enabling a default DB2 user ID for use with query views
You can set up a common default DB2 user name and use it in place of an explicit DB2 user mapping. This default DB2 user mapping is sufficient when working with most query views. IBM(R) Lotus(R) Domino(TM) uses this DB2 user ID to access query views in IBM(R) DB2 Universal Database(TM) Enterprise Server Edition databases. When you specify a default DB2 user name, IBM(R) Lotus(R) Domino(TM) verifies that the default DB2 user name is not the same as the Domino server user name. If the name is the same, an error is generated on server start up and the default method of explicit DB2 user mappings is required. If you explicitly map more that one Notes user to a single DB2 user name, an error is generated when you try to access the DAV using either a query view or SQL. For more information about mapping Notes user IDs to DB2 IDs, see the topic Mapping the DB2 ID to a Notes ID in the Domino servers Domino Directory. For information about IBM(R) DB2 Universal Database(TM) Enterprise Server Edition, see the DB2 Information Center http://publib.boulder.ibm.com/ infocenter/db2help/index.jsp.
Enabling the default DB2 user for query views

After creating the DB2 user account, you must enable it. This tool updates the Default user for query views field on the Server document - DB2 Tab.
258
Prerequisite
Create the DB2 user ID that will be used as the default by creating an OS account, and assigning at least connect-only privileges in DB2. Complete these steps to enable the default DB2 user ID. 1. From the Domino Administration, click Configuration - Server - All Server Documents. 2. From the Tools panel, click DB2 Server - Edit DB2 Default User. 3. Enter the DB2 user name to be used as the default DB2 user. 4. Click to enable the check box Use default query view user on this server. 5. Click OK. 6. To allow the default DB2 user name to take effect, restart the Domino server or wait for the administration process to run.
IBM AIX and Linux post-installation validation procedure

After you install and set up IBM(R) Lotus(R) Domino(TM) and IBM(R) DB2 Universal Database(TM) Enterprise Server Edition on IBM(R) AIX(R) or on Linux(R), complete this procedure from the ksh or csh command line interface. 1. Log in as the Domino user, and then change to the data directory. Start the Domino server by typing:
server
At server startup, this message displays indicating that a number of connections are pre-allocated. The lowest possible number of connections is four, but the value may be greater depending on what is necessary. DB2 Connection pre-allocation complete, Available Count =<number> 2. Logged in as the Domino user, stop the Domino server by entering this command from the Domino server console:
exit
3. Logged in as the Domino user, start the Domino server. Return to the roadmap procedure Installing Domino and DB2 on IBM AIX or Linux platforms.
259
260
Index A
ACL Web administrator and 126 Activities 135, 153 addToKit 154, 159 Administration preferences setting 113, 114, 115, 116, 117, 119, 129 Administration Process setting up 137 Administrators allowing access to Web Administrator 126 AIX configuring partitioned servers 54 Aliases in DNS 25 Anonymous access virtual servers 105 Automatic server setup 93 Composite applications (continued) update 137, 191, 198 update site 137, 198 WebSphere Portal composite application support for Lotus Notes 141, 171 Compressing network data 48 Connection documents port order and 46 Contacts template 167, 171 Controller described 132 starting and stopping 132 DNS (continued) name resolution in NRPC and 20, 23, 24, 25, 26, 36 DOLS. See Domino Off-Line Services 73 Domains DNS 20 multiple DNS 24, 26, 36 planning 4 Domino Administrator Configuration tab 123 Domino Console, Domino Controller and 132 Files tab 121 installing 111, 138, 166, 169, 185 Messaging tabs 122 overview 111 People and Groups tab 121 Replication tab 123 running Server Setup program with 84 server list 113 Server tabs 122 setting preferences 113, 114, 115, 116, 117, 119 setting up 111 starting 112 tabs 121 tools 123 user interface 112, 121 Web Administrator and 128 Domino and DB2 installing and setting up on Windows 237 supported configurations 231 SYSADM authority 240 Domino Console starting and stopping 133 Web Administrator and 132 Domino Controller default TCP port 58 Domino Designer 136 installing 138, 166, 169, 185 Domino Directory server registration and 95 Domino domains planning 4 Domino environment building 11 Domino Off-Line Services setting up the server for 73 Domino server Indic language support 82 installing 61, 62 planning services and tasks 8 Setup program 71, 82, 83, 84, 98 starting and shutting down 108 Domino server setup express 70 Domino Web Access Sametime and 75, 80, 81 setting up a server for 75
D
Data directory certifier IDs and 6 DB2 Access for Lotus Domino installing on the DB2 server 235, 253 DB2 Access Test tool 255 DB2 administrator account 240 DB2 installation user account 238 DB2 server enablement 136 with a remote DB2 server 249 DB2 Server Enablement Tool 243 DB2DOM system control group 243 DDM.NSF Open at Domino Administrator client startup 114 Debug LotusScript Domino Administrator client 120 Debugging Preferences for Java in Domino Administrator client 120 Default database security Web Administrator 125 Deployment certifier IDs 6 Domino domains 4 Domino environment 11 guidepost 1 naming conventions 9 server functions 2 server names 2 server services 8 Designer Wiring Properties Editor 136 Designer access 136 Directories Domino server 62 Directory links database corruption and 19 network security and 19 DNS defined 20 domains 20 multiple domains 24, 26, 36
B
Backing up files on Notes client before upgrading 205 Binding port-to-IP address 51, 52 Browsers using for administration 124
C
Certificate Authority creating 187 Certificates certifier IDs and 6 Certification Log described 94 Certifier IDs organization 99 organizational unit 100 overview 6 Client installation 145, 155 setting up for users 145, 153, 154, 155, 157, 159 single user 166 Clusters and Sametime 81 Domino Off-Line Services on 73 Command line installation 181 Common names server IP name and 24, 36 Composite Application Editor 135, 136, 153, 198 Composite applications 136, 186, 198 Home Portal Account 137, 144, 186 Notes server client installer 137, 141, 171, 186 references 198
261
E
Eclipse features and plug-ins 136, 137, 153, 154, 155, 157, 159, 176, 186, 187, 189, 191, 192, 196, 198 update manager 192 update site 137, 153, 154, 155, 159, 187, 191, 192, 196 Encryption network data 17, 47 End-user installations Notes customized install manifest 137, 153, 154, 155, 157, 159, 176 with Transform files 151, 154, 155 Expeditor custom and third-party features 136, 186, 187, 191, 192 Network client installer 141 Express server setup 70
F
Feeds preset feeds at install 161 Files backing up on Notes client before upgrading 205 preferences 115 FQDN as servers common name 26 specifying in Connection document 25 specifying in Server document 24, 36
H
Hierarchical names creating scheme for 2 server registration and 95 Home pages for virtual servers 105 Home Portal Account 137, 144, 198 Host names specifying in Server document 24, 36 Hosts files system settings for 20 HTTP service 137, 198 binding to an IP address 52
I
IBM Lotus Notes Smart Upgrade See Smart Upgrade 208 IBM Lotus Productivity Tools 135, 138, 140, 153 IDs, certifier 6, 99, 100 IMAP service binding to an IP address 52 Indic languages support for 82 Install add Notes features 176 addToKit 154, 159
Install (continued) Domino Administrator client 135, 137, 138, 166, 167, 169, 177, 185, 203 Domino Designer client 135, 137, 138, 166, 167, 169, 177, 185, 203 Eclipse update site 138, 140, 154, 155, 159, 186, 187, 191, 196 install.xml 138, 140, 148, 153, 154, 155, 157, 159, 176, 177, 187, 191, 192, 196 media kit 137, 138, 140, 145, 148, 153, 154, 155, 157, 159, 162, 167, 171, 173, 176, 177, 203 Notes client 135, 137, 138, 166, 167, 169, 171, 176, 177, 185, 203 Notes server client installer 141 plugin_customization.ini 138, 140, 153, 154, 162, 187, 189, 190, 191, 192 preset feeds 161 presetfeeds.opml 161 remove Notes features 176 server 135, 137 setup.sh 173 site index site.xml 138, 140, 153, 154, 159, 176, 187, 191, 192, 196 update site 153, 154, 159, 176, 191, 192 WebSphere Portal composite application support for Lotus Notes 141 Install directories 148, 167, 171, 173, 192, 225 cusomizing location of 148 Install manifest 137, 138, 140, 148, 153, 154, 155, 157, 159, 177, 187, 191, 192, 196 atributes 155 attributes 148, 153, 155, 157, 159, 177 default attribute 155, 157 installfeature 153, 155, 157, 177 installfeature sample 155, 157 required attribute 153, 155, 157 show attribute 155, 157 Install type for Smart Upgrade 212 Installation by scriptable setup 145, 181 client 135, 137, 145, 153, 154, 155, 159, 167, 171, 173 command line 181 End-user with install manifest 137, 145, 147, 148, 153, 154, 155, 157, 176, 177, 187, 191 End-user with Transform files 137, 145, 147, 148, 150, 151, 154, 157, 177, 180, 185 interactive mode 66, 145 multi-user 135, 137, 138, 140, 145, 148, 169, 171, 173, 175, 176, 177 on Linuz on zSeries 66 on UNIX systems 66, 135 on Windows systems 63, 135 script mode 66 setting to multi-user by default 148 setting up 135, 137, 145, 153, 154, 155, 177, 180 silent 66, 138, 145, 167, 173, 177
Installation (continued) single user 135, 137, 138, 145, 163, 166, 167, 169, 175, 176, 177 Installation options 137, 145, 155, 161, 162, 171 using a third-party installer 153, 186, 191, 192 using install manifest 137, 148, 153, 154, 155, 157, 159, 177, 186, 191, 192 using Transform files 137, 147, 148, 150, 151, 154, 155, 177, 180, 185 InstallShield Tuner for Lotus Notes 137, 145, 147, 148, 150, 151, 154, 155, 177, 180, 185 Instant Messaging and LDAP 165 and policies 165 enabling with single sign-on 165 setting up with client installation 165 setting up with Secrets and Tokens 80 Intelligent locator 208, 211 Internet passwords Web Administrator 125 Internet services binding to IP addresses 52 default TCP ports 58 proxies for 17 Internet Site documents creating 104 overview 101 IP address changing 26 IP addresses binding ports to 51, 52 for partitioned servers 36 multiple 35, 36 partitioned servers and 54 using in Connection documents 25 using in Server documents 20 IP names specifying in Server document 24, 36 IPv6 standard described 28 enabling support for 51 IPX/SPX Notes port for 43, 44, 45, 46, 47, 48
J
Java Debug Console Domino Administrator client Java debugging Domino Administrator client Java Debugging Preferences Domino Administrator client 120 120 120
K
Keys 187
L
LANA numbers NetBIOS ports and 59
262
LANs integrating Domino with 13 network compression and 48 setting up servers on 41 LDAP using with Instant Messaging 165 using with Sametime 165 LDAP service binding to an IP address 52 Linux configuring partitioned servers 54 Notes client 135 Linux for zSeries installing Domino on 66 Linux on zSeries automatic server setup 84, 93 server setup 84, 86, 88 Live console Web Administrator and 131 Location documents Smart Upgrade and 220 Locator intelligent 208, 211 LotusScript debugging Domino Administrator client 120
M
Mail template 167 Mail templates 171 Message tracking in Web Administrator 131 Monitoring setting preferences 116 Multi-user installation 138, 140, 171, 173 Notes client 135, 138, 140, 169, 171, 173 with Multi-user Interface Pack 164, 175 Multi-user Interface Pack 164, 175 Multilingual applications 169
N
Name resolution in NRPC described 15 ensuring DNS resolves 24, 25, 26, 36 over NetBIOS 40 over TCP/IP 20, 23, 49 Name services Microsoft 20 Notes 15 Name-and-password authentication virtual servers 105 Names for servers 23, 24, 25, 26, 36 Naming conventions Domino system 9 hierarchical 2 Notes named networks 42 ports 45 servers 23, 40 NAT using 25
NetBIOS integrating Domino with 39 name resolution in 40 Notes port for 43, 44, 45, 46, 47, 48, 59, 60 setting up servers for 41, 59 Network Address Translation. See NAT 25 Network ports adding 44, 60 binding to IP addresses 51, 52 compressing data on 48 configuring 43, 59 deleting 47 disabling 43 encrypting 47 fine-tuning 42 renaming 45 reordering 46, 51 Server Setup program and 14 TCP/IP 20, 36 Network protocols compatible with Domino 14 defined 13 Networks integrating Domino with 13, 20, 39 name resolution 15, 20 security 16, 17 Notes client backing up files 205 backing up files before upgrading 205 installing 135, 207 upgrading 204 Notes Name Service described 15 Notes named networks defined 14 setting up 42 Notes network ports. See Network ports 42 Notes Remote Procedure Call service. See NRPC service 14 Notes RPC. See NRPC service 14 Notes single logon setting up for Notes client users 162 NOTES.INI file 137, 163 editing 132 NRPC service 137, 198 binding to an IP address 51 default TCP port 58 described 14 encrypting 47 name resolution in 15, 20, 23, 24, 25, 26, 36, 40
P
Partitioned servers described 4 IP addresses and 36, 54, 56 multiple Web sites and 52 port mapping 56 Passthru connections troubleshooting 20 Passthru servers as application proxies for NRPC 17 Password synchronization Notes single logon 162 Performance networks 48 Policies and Instant Messaging 165 and Sametime 165 deploying client settings 137 Policy documents creating 137 Policy settings in Web Administrator 130 security 189, 190 POP3 service binding to an IP address 52 Port mapping on partitioned servers 56 Ports adding 44, 60 binding to IP addresses 51, 52 compressing data on 48 configuring 43, 59 deleting 47 disabling 43 encrypting 47 names 45 renaming 45 reordering 46, 51 Server Setup program and 14 SSL 58 TCP 58 Preferences Domino Administrator 113, 114, 115, 116, 117, 119 Web Administrator 129 Provisioning 157, 198 Proxies defined 17 Domino passthru servers as 17 HTTP 17
Q
Quick console Web Administrator and 131
O
Organization certifier IDs 6 creating 99 Organizational unit certifier IDs creating 100 6
R
Registration setting preferences 117 Remote configuration DB2 server enablement 249 Remote console Web Administrator and 131 Remote LotusScript Debugger Domino Administrator client 120 Index
263
Response file created from template 64 created with sample response 64 for server install 64 using 64 Response file template creating 64 Roaming user 138, 140 Roaming users 138, 140 Roles Web Administrator and 126, 127
S
Sametime and LDAP 165 and policies 165 and scriptable setup 165 enabling with single sign-on 165 setting up for iNotes Web Access 75 setting up with client installation 165 Sametime (integrated) 135, 153 Script file automatic server setup 93 SCRIPT.DAT file UNIX installation 66 Scriptable setup and Instant Messaging 165 and Sametime 165 setting up Notes with 181 Secondary name servers adding in Notes 49 Security certificates 187 certifier IDs and 6 encryption 17 network 16, 17, 19 planning 16 signatures and 192 virtual Web servers 105 Web Administrator 125 Security policy settings 187 Server Activities 135 Notes client installer 135 Sametime 135 WebSphere Portal 171 WebSphere Portal composite application support for Lotus Notes 135 Server Certificate changing expiration date 96, 251 Server documents DNS resolves in NRPC and 20 network settings in 43 Server install 135 express 70 Server installation silent 64 Server monitor changing default settings 116 Server names IP names and 23, 36 Server registration for DB2 Access 251 Server setup automatic 93
Server setup (continued) express 70 Server setup profiles creating 86 silent 90 using 88 Server topology planning 2 Servers Activities 171 administering 113 configuring for LANs 35, 41, 49, 59 functions 2 naming 2, 23, 24, 25, 26, 40 partitioned 4, 36, 54, 56 passthru 17 proxy 17 registering 95, 96 secondary name 49 Setup profiles creating 86 silent 90 using 88 Setup program. See Domino server 71 Shared installation 138, 140, 145, 169 upgrading 185 Windows Installer and 138, 185 Shared network directory installing clients 169, 185 Signing databases and templates 187 Silent install UNIX 66 Silent server install on UNIX systems 69 Silent server installation on Windows and UNIX systems 64 Single sign-on with Instant Messaging 165 with Sametime 165 Single-user installation 138, 163 with Multi-user Interface Pack 175 Size client installation requirements 136, 138, 140 Smart Upgrade 137 assigning policies to users and groups 219 concurrent attemtps to run 211 desktop policy settings document 218 explicit policy 219 kit recognition 212 linking to Configuration Settings document 211 location documents and 220 Lotus Notes Smart Upgrade Kits template 209 maintaining 221 organizational policy 219 overview 167, 208 Smart Upgrade database 209 update kits 212 Windows Installer and 220 Smart Upgrade Governor enabling and disabling 211 Smart Upgrade Run As wizard 221
SMTP binding to an IP address 52 Solaris configuring partitioned servers 54 SSL virtual servers and 105 Statistics setting preferences 119 SUSETRUNASWIZARD.EXE Smart Upgrade Run As wizard 221 Synchronizing passwords Notes single logon 162 SYSADM authority 240 System client requirements 136, 137
T
TCP/IP Domino Internet services and 52 importance of Notes port order 51 IPv6 standard 28, 51 multiple IP addresses for servers 20, 35, 36 name resolution in 23 name resolution in NRPC 20, 24, 25, 26, 36 Notes port for 43, 44, 45, 46, 47, 48, 51 partitioned servers and 36 planning server configurations 20 port mapping 56 port numbers 58 Secondary name servers 49 security 19 setting up servers on 35, 41, 49 time-out setting 50 Telnet and UNIX installation 66 Templates Domino Off-Line Services 73 NSF-based update site 196 Test DB2 Access 255 Time-out settings TCP/IP 50 Tools administration 123, 124 Transaction logging with Domino and DB2 237 Transform file creating 147 Transform files applying 151 for end-user installations 151 installation options with 148 Troubleshooting client install or uninstall 226 Domino Web Access 81
U
Uninstall Notes client 137, 138, 140, 166, 167, 173, 225, 226 Unit numbers NetBIOS ports and 59
264
UNIX directory for entering commands 62 installation on 66 silent server install 69 Update kits and Smart Upgrade 212 Update site Eclipse 137, 153, 154, 155, 159, 186, 187, 191, 196, 198 NSF-based 137, 186, 191, 196, 198 updatesite.ntf 137, 186, 196 user-initiated update 186, 191, 192 updatesite.ntf 137, 186, 191, 196, 198 Upgrade clients 138 Upgrade-by-mail installing the Lotus Notes client 207 overview 205 preparation for using 205 upgrade notification 207 upgrading mail file template 208 Upgrading from earlier Notes/Domino releases 135 Notes client 135 preparing for 204 Users configuring for TCP/IP 49 registering 130
V
Virtual Web servers partitioned servers and security 105 52
W
WANs integrating Domino with 13 network compression and 48 Web Administrator access 125, 126 configuring 124 Domino Console, Domino Controller and 132 managing policies 130 message tracking 131 registering users 130 remote console 131 roles 126, 127 setting preferences 129 signing out 132 starting 128 using 124, 128 Web Site documents DOLS and 73 Web sites multiple, on a server partition 52 WEBADMIN.NSF configuring 124 securing 125
WebSphere Portal 136, 141, 144, 171 Home Portal Account 137 portal application template editor 136 WebSphere portal composite application support for Lotus Notes 141 WebSphere Portal composite application support for Lotus Notes 144 using with SSL 141 Wide-area networks. See WANs 13 Windows directory for entering commands 62 installation on 63 running Server Setup program on 84 Windows 2000 configuring partitioned servers 54 ensuring name resolves on 40 name resolution 23, 36 Windows Installer Smart Upgrade and 220 Windows NT configuring partitioned servers 54 ensuring name resolves on 40 name resolution 23, 36 Wiring properties editor 136
X
X.PC network compression and 48
Index
265

Installing Domino Servers and Notes Clients

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Installing Domino Servers and Notes Clients

Transféré par

Droits d'auteur :

Formats disponibles

Lotus Domino