-
IBM Redbooks: IBM Notes Traveler Hints and Tips for a Successful
Deployment
Note: This PDF document is the original text from the IBM Notes
Traveler Hints and Tips for a Successful Deployment guide hosted in
the online wiki. Always refer to the online wiki version for the
latest updates.
-
Contents
Chapter 1. IBM Lotus Notes Traveler overview . . . . . . . . . .
. . . . . . . . . . . 131.1 Lotus Notes Traveler architecture . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 141.2
Introducing Lotus Notes Traveler 8.5.3 Upgrade Pack 1 . . . . . . .
. . . . . . 15
1.2.1 Web administration . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 161.2.2 Administration features
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 171.2.3 Client manager . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 181.2.4 Traveler high
availability . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 181.2.5 Android enhancements . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 191.2.6 Miscellaneous
new features . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 19
Chapter 2. Planning. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 212.1 Supported hardware
and software . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 22
2.1.1 Domino Server support . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 222.1.2 Mail database support . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
222.1.3 Domino directory template support (names.nsf) . . . . . . .
. . . . . . . . . 232.1.4 Server hardware requirements . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 242.1.5 Enterprise
database requirements . . . . . . . . . . . . . . . . . . . . . . .
. . . 252.1.6 Server operating systems . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 252.1.7 Web browsers for
administration. . . . . . . . . . . . . . . . . . . . . . . . . . .
. 272.1.8 IP sprayer . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 272.1.9 Device hardware
requirements . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 282.1.10 Devices and operating systems . . . . . . . . . . . .
. . . . . . . . . . . . . . . 29
2.2 Choosing a stand-alone or high availability configuration
for Lotus Notes Traveler . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2.2.1 Number of devices . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 312.2.2 System availability
consideration . . . . . . . . . . . . . . . . . . . . . . . . . . .
322.2.3 Other considerations . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 322.2.4 What does IBM do
internally? . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 32
2.3 Planning your server and network topology . . . . . . . . .
. . . . . . . . . . . . . . 332.3.1 Choosing a Lotus Domino server
. . . . . . . . . . . . . . . . . . . . . . . . . . . 332.3.2 High
availability or stand-alone . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 332.3.3 Connectivity. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.4 Capacity planning . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 432.5 Catering for user
with multiple devices . . . . . . . . . . . . . . . . . . . . . . .
. . . . 43
2.5.1 What does IBM do internally? . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 442.6 Domino domain configuration . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
44
2.6.1 What does IBM do internally? . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 462.6.2 Further reading on supporting
multiple Lotus Domino . . . . . . . . . . . 46 Copyright IBM Corp.
2013. All rights reserved. 1
-
2.7 Security . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 462.7.1 Device
security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 462.7.2 Server security . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
522.7.3 Encrypting Lotus Notes Traveler network traffic . . . . . .
. . . . . . . . . . 532.7.4 Internet password lockout . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 53
2.8 Language support . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 552.9 Anti-virus
recommendations . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 572.10 Upgrading versions . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
2.10.1 Upgrading Lotus Domino version . . . . . . . . . . . . .
. . . . . . . . . . . . . 582.10.2 Upgrading Lotus Traveler
upgrading. . . . . . . . . . . . . . . . . . . . . . . . 59
2.11 Integrating Lotus Notes Traveler into a high availability
pool . . . . . . . . . 602.12 Enterprise database server
clustering. . . . . . . . . . . . . . . . . . . . . . . . . . .
612.13 Load balancer considerations . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 622.14 Mobile device management
integration. . . . . . . . . . . . . . . . . . . . . . . . . .
63
2.14.1 What is mobile device management? . . . . . . . . . . . .
. . . . . . . . . . . 632.14.2 Why use a mobile device management
solution in conjunction with
Lotus Notes Traveler? . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 632.14.3 Further reading on mobile
device management . . . . . . . . . . . . . . . 64
Chapter 3. Deploying a stand-alone Lotus Notes Traveler
environment . 653.1 Scenario description . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
3.1.1 Planning considerations . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 673.2 Lotus Notes Traveler
installation on Linux . . . . . . . . . . . . . . . . . . . . . . .
. 67
3.2.1 Installing Lotus Notes Traveler . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 673.2.2 Domino startup and
installation validation. . . . . . . . . . . . . . . . . . . . .
78
3.3 Lotus Notes Traveler installation on Windows . . . . . . . .
. . . . . . . . . . . . . 793.3.1 Installing Lotus Notes Traveler .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 793.3.2
Domino startup and installation validation. . . . . . . . . . . . .
. . . . . . . . 88
3.4 Configuration . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 893.4.1 Lotus
Domino configuration . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 893.4.2 Lotus Notes Traveler configuration . . . .
. . . . . . . . . . . . . . . . . . . . . . 913.4.3 Additional
configurations . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 97
Chapter 4. Deploying a high availability Lotus Notes Traveler
environment131
4.1 Scenario description . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 1324.1.1 Planning
considerations . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 132
4.2 Installation . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 1334.2.1 Lotus
Notes Traveler installation. . . . . . . . . . . . . . . . . . . .
. . . . . . . 1344.2.2 Database installation. . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 1384.2.3 Load
balancer installation . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 147
4.3 Configuration . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1474.3.1 Lotus Domino
configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 1472 IBM Notes Traveler Hints and Tips for a Successful
Deployment
-
4.3.2 Database configuration . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 1564.3.3 Lotus Notes Traveler
configuration for high availability. . . . . . . . . . 1634.3.4
Configuring the selected load balancer. . . . . . . . . . . . . . .
. . . . . . . 168
Chapter 5. User deployment. . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 1715.1 User provisioning. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 172
5.1.1 Access to the Lotus Notes Traveler server . . . . . . . .
. . . . . . . . . . . 1725.1.2 Access control list configuration .
. . . . . . . . . . . . . . . . . . . . . . . . . . 1745.1.3 User
authentication . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 175
5.2 Installation and configuration on an Apple device . . . . .
. . . . . . . . . . . . . 1775.2.1 Preparation . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1775.2.2 Installing Lotus Notes Traveler profile on an Apple mobile
device . 1785.2.3 Customize Sync data and schedule . . . . . . . .
. . . . . . . . . . . . . . . . 1865.2.4 Managing mail on Apple
devices . . . . . . . . . . . . . . . . . . . . . . . . . . 188
5.3 Installation on an Android device . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 1995.3.1 Preparation . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 199
5.4 Installation on a Windows mobile device. . . . . . . . . . .
. . . . . . . . . . . . . . 2235.4.1 Preparation . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2235.4.2 Installing the Lotus Notes Traveler application on a
Windows mobile
device . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 2235.4.3 Customize data
sychronization and schedule. . . . . . . . . . . . . . . . .
2395.4.4 Managing mail on Windows devices . . . . . . . . . . . . .
. . . . . . . . . . . 240
5.5 Installation on a Sybian or Nokia device . . . . . . . . . .
. . . . . . . . . . . . . . . 2505.5.1 Preparation . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 2505.5.2 Beginning installation . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 2515.5.3 Customize Sync data
and schedule . . . . . . . . . . . . . . . . . . . . . . . .
255
5.6 Unconventional deployment options . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 2565.6.1 Apple device . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2565.6.2 Android device . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 257
Chapter 6. Migration . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 2596.1 Moving to a 64-bit
architecture . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 260
6.1.1 How to move . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 2606.1.2 Tuning . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 263
6.2 Upgrading to 8.5.3 Upgrade Pack 1 from a previous version of
Lotus Notes Traveler . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 263
6.2.1 Announcing the upgrade schedule . . . . . . . . . . . . .
. . . . . . . . . . . . 2646.2.2 Stopping Lotus Domino server . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 2646.2.3 Backing
up files . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 2646.2.4 Updating Lotus Domino. . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 2646.2.5
Upgrading Lotus Notes Traveler . . . . . . . . . . . . . . . . . .
. . . . . . . . . 2656.2.6 Starting Lotus Domino and Lotus Notes
Traveler . . . . . . . . . . . . . . 2726.2.7 Validating the
upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 273 Contents 3
-
6.2.8 Additional configuration. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 2856.3 Moving from Lotus Notes
Traveler 8.5.3 Upgrade Pack 1 stand-alone to a
high availability environment . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 2856.3.1 Integrating an existing
Lotus Notes Traveler 8.5.3 Upgrade Pack 1
stand-alone servers into a Lotus Notes Traveler High
Availability pool 285
6.3.2 Integration strategies. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 2856.3.3 Setting up a new HA
pool and integrating an existing servers into the
pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 2866.4 Moving from a single
pool to a multi-pool high availability environment . 288
6.4.1 Moving from a single pool to a multi-pool high
availability environment288
6.4.2 Further reading on creating Lotus Notes Traveler high
availability pools290
Chapter 7. Enterprise integration . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 2917.1 LDAP integration . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 292
7.1.1 Configuring Directory Assistance to enable LDAP
authentication . 2947.1.2 Further reading on LDAP integration . . .
. . . . . . . . . . . . . . . . . . . . 297
7.2 Configuring single sign-on. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 297
Chapter 8. Administration and management . . . . . . . . . . . .
. . . . . . . . . . 2998.1 Server console commands . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 300
8.1.1 Tell command reference . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 3008.1.2 High availability commands.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
8.2 Web-based administration. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 3068.2.1 Device security . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 3078.2.2 Device settings . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 3098.2.3 Devices . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 3218.2.4 Users. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3238.2.5 Servers . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 3248.2.6 Client Software
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 325
8.3 Policy-based management . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 3278.4 Server document . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 330
8.4.1 Traveler tab . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 3318.4.2 Basic tab . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 3348.4.3 Security tab . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 3358.4.4 Port
tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 3368.4.5 Internet protocols tab . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
337
8.5 Customizing the Lotus Notes Traveler home page . . . . . . .
. . . . . . . . . . 3398.5.1 Notes.ini servlet display parameters .
. . . . . . . . . . . . . . . . . . . . . . . 339
8.6 Logging . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 3408.6.1 Log
setting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 3414 IBM Notes Traveler Hints and Tips
for a Successful Deployment
-
8.6.2 Log considerations in a stand-alone environment. . . . . .
. . . . . . . . 3498.6.3 Log considerations in a high availability
environment . . . . . . . . . . . 350
8.7 The travelerutil command . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 3518.7.1 travelerutil db set. .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 3528.7.2 travelerutil ssl set . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 353
8.8 Monitoring Lotus Notes Traveler . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 3548.8.1 Monitoring device and
server synchronization . . . . . . . . . . . . . . . . 3548.8.2
Monitoring server resource usage. . . . . . . . . . . . . . . . . .
. . . . . . . . 3578.8.3 Logging Lotus Notes Traveler status
information to log files on an
administrator defined interval . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 3608.8.4 Monitoring Traveler with Watchit .
. . . . . . . . . . . . . . . . . . . . . . . . . . 362
8.9 Backup and recovery. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 3708.9.1 All deployments of
Lotus Notes Traveler . . . . . . . . . . . . . . . . . . . .
3708.9.2 Stand-alone deployments of Lotus Notes Traveler . . . . .
. . . . . . . . 3708.9.3 High Availability deployments of Lotus
Notes Traveler . . . . . . . . . . 371
8.10 Recommended maintenance . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 3718.10.1 All environments . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3718.10.2 Stand-alone environment only . . . . . . . . . . . . . .
. . . . . . . . . . . . . 3728.10.3 High availability environment
only. . . . . . . . . . . . . . . . . . . . . . . . . 373
Chapter 9. Tuning and troubleshooting . . . . . . . . . . . . .
. . . . . . . . . . . . . 3759.1 Performance tuning . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
376
9.1.1 Lotus Notes Traveler high availability considerations . .
. . . . . . . . . 3769.1.2 Latest software version . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 3769.1.3 Data
filter settings . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 3769.1.4 Log level options . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3779.1.5 Enterprise database . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 3779.1.6 Network . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 3789.1.7 User authentication . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 3789.1.8 Transactional
logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 379
9.2 Problem determination guides. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 3799.3 Troubleshooting techniques
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
380
9.3.1 Server . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 3809.3.2 Common user
problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 388
Chapter 10. Appendix A . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 393 Contents 5
-
6 IBM Notes Traveler Hints and Tips for a Successful
Deployment
-
Preface
Meet the authorsThis wiki was produced by a team of technical
specialists from around the world.
Sreehari (Sree) Haridevara is a Field Support Engineer based in
Poughkeepsie, New York. He joined the Accelerated Value team in
April of 2008, and brings over 19 years of industry experience. In
this role, Sree has delivered numerous successful engagements on
various Lotus products including Domino servers, Notes clients,
Sametime, Websphere Portal, Quickr, and NotesTraveler. He is well
versed with multiple
Operating systems including Windows, AIX, Linux, zSeries (Linux
and z/OS). Currently, Sree delivers FSS offerings including Domino
performance and capacity planning workshop, NSD workshop, UNIX
administration for Domino administrators, and customized training
for various IBM collaboration solutions products. Previously, Sree
worked as a Domino Architect for 12 years responsible for IBM
internal Domino deployment and infrastructure for Mail and
Application domains for over 100,000 users.
Martin Hill is an IBM accredited Senior IT specialist working in
the IBM UK Mobile Enterprise Services (MES) team. He joined IBM in
1994 and spent over 12 years working with Lotus Notes/Domino and
associated products as an Email Messaging and Collaboration
specialist, before moving into his current MES role. He now works
with IBM's clients helping them to implement a wide range of
mobility related products &
services, of which Lotus Notes Traveler is one. He was also one
of the technical leads for the IBM internal deployment of Lotus
Notes Traveler in EMEA, which now serves 17,000+ IBMers in over
forty different countries.
Abhishek Jain is working with IBM India Software Labs since 2004
and has been in the industry for 10 years. He is currently working
as an IT Specialist with IBM Collaboration Services and is skilled
on various Lotus products. He is a Certified Lotus Professional,
Certified Lotus Administrator, and a Certified Lotus Instructor on
both Lotus Domino Administration and Development. Abhishek has been
a part of earlier RedWikis
Customizing Quickr 8.1 and Best Practices for Building Web
Applications for Copyright IBM Corp. 2013. All rights reserved.
7
-
Domino 8.5.1. He has also published developerWorks articles
Integrating IBM Lotus Forms with IBM Lotus Domino and Auto-zipping
Lotus Notes Attachments.
John J Johnson is a Field Support Engineer, specializing in
Lotus Notes Traveler and IBM Sametime, along with Domino. He has
been involved extensively with Lotus Notes Traveler for the last
two years, traveling to customers all across North America to
assist them with their Traveler deployments. John started with IBM
in 1999, working as a developer on internal IBM Lotus Domino
Applications. He joined the Field Support
Services (FSS) team in January of 2006. Maiko Miwa is working
for IBM Japan Systems Engineering Co., Ltd. which provides advanced
technical support as well as technology transfer to IBM
organizations and clients in Asia Pacific region. Being with
Collaboration and Mobile team for 4 years, she has served as
technical and consulting roles in some Lotus products (especially
in WebSphere Portal, IBM Connections and Lotus Notes Traveler) and
general mobile
solutions. As an expert in Lotus Notes Traveler, she has
involved in areas such as installation and configuration of Lotus
Notes Traveler and writing technical articles about it. She also
has advised many customers about designing and administering Lotus
Notes Traveler.
Matt S Munse is the technical lead for Lotus Notes Traveler
level 2 support. He has been supporting the Lotus Notes Traveler
product since version 8.5.2.1 of the product was released. Prior to
this, he spent 8 years supporting WebSphere portal. He has been
involved in both the support of IBM technologies as well as
development of the products that he has supported. Matt has written
a number of IBM published
documents including developerWorks articles for WebSphere Portal
and pages for the Official Info Center documentation for Lotus
Notes Traveler.
Jenny Tsai is a Software Engineer working in the IBM Taiwan
Mobility Team. Her area of expertises include Lotus Domino, Lotus
Notes Traveler architecture and other mobile solutions across
various platforms. She has worked with Lotus Notes Traveler product
since version 8.5.2.2 and specialising in reliability and
performance analysis. Jenny holds a master degree in Computer
Science from the University of Oxford.8 IBM Notes Traveler Hints
and Tips for a Successful Deployment
-
Peter Volkmar is a level 2 support engineer for Lotus Notes
Traveler and IBM Mobile Connect. He started his career as an IBM
customer before being seduced by the dark side 28 years ago. He has
been involved with IBM Mobile Connect as a developer, a services
provider, and a support engineer. When a scientific experiment from
the IBM lab in Heidelberg, ARTour, was first shown in Research
Triangle Park, he was involved in
setting up its demonstration in 1994; it took root in its new
home and grew to become IBM Mobile Connect.
Whei-Jen Chen is a Project Leader at the International Technical
Support Organization, San Jose Center. She has extensive experience
in application development, database design and modeling, and DB2
system administration. Whei-Jen is an IBM Certified Solutions
Expert in Data Management, and an IBM Certified IT Specialist
AcknowledgementsThe authors express their deep gratitude for the
content contributed from the following members: Jim Dewan is an
Advanced Value Leader in IBM for the last seven years. Jim
has developed a series of tools to assist customers in better
managing their deployments. He has in-depth experiences in Domino
Administration development, Sametime and Domino Integration, and
Domino Linux development. Jim shares his work in the Lotus
Greenhouse "Watchit Community" to provide customers a place to
access code, collaborate with the larger Watchit community, and
review documentation.
Vladislav Tatarincev is the Technical Director and co-owner of
CYONE. www.cyone.eu. He has a Master of Computer Science from
Latvian University. He has been working with Domino from release
4.5, for more than 10 years. He is also an IBM Certified Security
Professional. Vladislav is the author of many freeware tools for
Domino. His key areas of focus for Lotus Domino are: Performance,
Traveler, Security. His hobbies include: diving, shark diving,
wreck diving, underwater archeology, and motorbikes.
We wish to acknowledge a special thank you to the following
sponsors and key stakeholders from the Lotus Development, Product
Management, and Lotus IDC Teams: Amanada Bauman - Everyone Writes
and IDC Wikis Program Manager Bill Wimer - Lotus Notes Traveler
Chief Programmer Preface 9
-
Additionally, we wish to thank the following members for their
technical help and contributions to this wiki: J Smith Doss Curtis
Ebbs Bob Sielken Raji Akella Danny Levenson Corey quinn Yuhsuke
Murakami Zin Nyein Oo Mieko Kudoh Masaki Nakabayashi David
Kline
Become an authorJoin us for a two- to six-week residency
program! Share your knowledge with peers in the industry and learn
from others. Help create content about specific products or
solutions, while getting hands-on experience with leading-edge
technologies. You will have the opportunity to team with IBM
technical professionals, Business Partners, and Clients. Your
efforts will help increase product acceptance and customer
satisfaction. As a bonus, you will develop a network of contacts in
IBM development labs, and increase your productivity and
marketability.
Find out more about the residency program, browse the residency
index, and apply online at:
http://www.ibm.com/redbooks/residencies.html
Comments welcomeYour comments are important to us!
We want the content in this wiki and all our wikis to be as
helpful as possible. Provide us your comments in one of the
following ways: Use the commenting feature with in the wiki. Login
and add comments,
located at the bottom of each page. Provide feedback in the Web
form located at:
http://www-12.lotus.com/ldd/doc/cct/nextgen.nsf/feedback?OpenForm10
IBM Notes Traveler Hints and Tips for a Successful Deployment
-
Stay connected to IBM Redbooks Find us on Facebook:
http://www.facebook.com/IBMRedbooks
Follow us on Twitter: http://twitter.com/ibmredbooks
Look for us on LinkedIn:
http://www.linkedin.com/groups?home=&gid=2130806
Explore new Redbooks publications, residencies, and workshops
with the IBM Redbooks weekly
newsletter:https://www.redbooks.ibm.com/Redbooks.nsf/subscribe?OpenForm
Stay current on recent Redbooks publications with RSS
Feeds:http://www.redbooks.ibm.com/rss.html Preface 11
-
12 IBM Notes Traveler Hints and Tips for a Successful
Deployment
-
Chapter 1. IBM Lotus Notes Traveler overview
IBM Lotus Notes Traveler software is a push email product that
provides a full featured e-mail access for Lotus Notes users using
supported mobile devices which includes both smart phones and
tablets.
Lotus Notes Traveler wirelessly synchronizes email, calendar,
contacts, journal and to-do data with an IBM Lotus Domino server
without compromise the security aspects of an organization.
The eligible Lotus Domino customers can download the software
free of charge using their respective PartnerWorld and Passport
Advantage accounts or through IBM Sales representative.
Lotus Notes Traveler software provides following features:
Provides a full, cross-platform release that includes capabilities
for these supported
mobile device platforms: Apple iOS, Google Android, Nokia
Symbian, and Microsoft Windows Mobile.
Supports Lotus Notes mobile users, both through on-premises IBM
Lotus Domino or Lotus Domino Express deployments, and in the IBM
cloud with IBM SmartCloud Notes.
Reads and composes Lotus Domino encrypted email. Searches your
corporate directory to find individuals and groups by name that you
want to
email. Single point of control to monitor the Lotus Notes
Traveler user community. Scheduled synchronization and data
filtering policies, including the ability to wipe only the
Lotus Notes Traveler data. Supports for remote wipe for lost or
stolen devices. Enforceable Security policies to remotely secure
mobile devices. Automated client updates. Data in transit is
synchronized over secure HTTPS and SSL connection.
1 Copyright IBM Corp. 2013. All rights reserved. 13
-
Supports both Linux and Microsoft Windows servers. Works over
all wired and wireless connections (GPRS, GSM, WiFi, USB, and
ActiveSync)Starting with the version 8.5.3 Upgrade Pack 1, the
Lotus Traveler server can also be optionally configured as a server
pool to work in high availability mode.
1.1 Lotus Notes Traveler architectureLotus Notes Traveler is
installed on a Lotus Domino server and runs as a separate add-in
task. Having a dedicated Lotus Notes Traveler infrastructure is
preferable, so nothing else should be deployed on the Lotus Notes
Traveler servers to ensure adequate system resources are
available.
Each mobile device has a either Lotus Notes Traveler client
(Google Android, Symbian Nokia and Windows Mobile) or profile
(Apple iOS) installed which communicates with the Lotus Notes
Traveler server over http or https. All mobile devices have to
download the Lotus Traveler client, except for Apple devices which
download a configuration a profile to the device and use the native
iOS email client.
The following components are involved when a user accesses the
Lotus Notes Traveler server;
User mail file Mobile device Domino directory
The following figure shows the main components of a simple Lotus
Notes Traveler configuration and how they interact:
Figure 1-1 The main component of Lotus Notes Traveler14 IBM
Notes Traveler Hints and Tips for a Successful Deployment
-
New mail messages arriving in your Inbox on the Domino server
arrive on the device without you needing to do anything (that is,
are automatically pushed) and can trigger a notification event,
such as a tone or a device vibration. Updates made on the device
such as sending a new mail message or changing a calendar entry are
synchronized with the server as soon as a network connection is
available, and are reflected in the user's mail file and Notes
client.
The Lotus Notes Traveler client provides a simple, easy-to-use
interface with a minimal number of configuration settings. You can
customize how much data is synchronized with the device to optimize
the use of device memory and server resources.
The Lotus Traveler server checks the Domino Directory for the
user home server and mail file information and subsequently
connects to it. The Lotus Traveler server does not store any data,
only the user's designated mail server has the user mail file. The
figure below shows how the three components work together:
In a stand-alone implementation (that is non high availability)
of Lotus NotesTraveler server, there is a local Derby database
where information about the user's subscribed folders, devices, and
sync status is stored. This derby database also stores any security
information about the devices on the system if the administrator of
the server has implemented specific settings in regards to devices
security. In a high availability implementation of the Lotus Notes
Traveler server, this information is kept in a central database on
a separate enterprise database server (IBM DB2 for Linux, UNIX, and
Windows or Microsoft SQL Sever) and shared amongst all the Lotus
Notes Traveler servers in the same high availability pool.
There is a friendly way to see the majority of information
stored in the Lotus Notes Traveler database referenced above. This
is the LotusTraveler.nsf file which is located in the root folder
of the Lotus Traveler server for stand-alone implementations or a
web interface found at
http(s)://server_name.domain.com/LotusTraveler.nsf for a high
availability implementation. In this view, you can see all devices,
and users. You can use this interface to administer these devices
and users. In essence, this is the graphical user interface the
administrator can use to view and administer the Lotus Notes
Traveler's database information.
1.2 Introducing Lotus Notes Traveler 8.5.3 Upgrade Pack 1The
Lotus Notes Traveler 8.5.3 Upgrade Pack 1 introduces the much
desired high availability (HA) feature as an option for the Lotus
Notes Traveler deployments.It is still possible to use Lotus Notes
Traveler on a single server without high availability (referred to
as 'stand alone' in Upgrade Pack 1 terminology) and this is
supported by the IBM, but many enterprise customers are expected to
move to the HA version of the Lotus Notes Traveler.
The Lotus Notes Traveler in HA mode includes the following
components:Chapter 1. IBM Lotus Notes Traveler overview 15
-
The IP Sprayer (a load balancer) that directs the incoming the
Lotus Traveler client connection to one of the available configured
servers.
The Lotus Notes Traveler server pool that receives a connection
from the load balancer. In HA mode, a shared relational database
replaces the locally stored 'Derby' database that
is used in stand alone mode. Lotus Notes Traveler 8.5.3 Upgrade
Pack 1 supports using both IBM DB2 for Linux, UNIX, and Windows and
Microsoft SQL Server to host the relation database. You can use the
high availability features provided in both relational database
servers in your Lotus Notes Traveler environment to make the end to
end Lotus Notes Traveler highly available. IBM provides a free DB2
entitlement with the Louts Notes Traveler.
All other components of mail servers, mail files, the Domino
Directory are the same.
Apart from the new high availability mode, there are other new
feature introduced in Lotus Notes Traveler 8.5.3 Upgrade Pack 1
including: Web administration Administration features Client
manager Android enhancements Miscellaneous new features
1.2.1 Web administration
Lotus Notes Traveler 8.5.3 Upgrade Pack 1 provides a new web
administration tool that is based on XPages and uses the IBM oneUI
framework. You can use this web interface to perform all the
activities previously supported by the Lotus Notes Traveler
administration application, including remote wipe, setting up
security policies, and comprehensive search capabilities. The
following figure shows the new administration interface which is
available in both stand alone and HA mode:16 IBM Notes Traveler
Hints and Tips for a Successful Deployment
-
1.2.2 Administration features
The Lotus Notes Traveler server provides an administrator with
different options to manage the server: Administration
Lotus Domino server console Administration application
(LotusTraveler.nsf) Lotus Domino server policies Lotus Domino
server security settings
Filter limitsIn Lotus Notes Traveler 8.5.2.3, administrative
settings could be added to NTSConfig.xml that would enforce a
maximum filter window for all users. The Lotus Notes Traveler
administration application now includes the ability to configure
the maximum filter window settings as part of the default settings.
A separate filter limit setting is provided for mail, past events,
future events, and notes.
Scheduled synchronization settingsThe Lotus Notes Traveler
administration application now includes the ability to configure
the scheduled synchronization settings as part of the default
settings which were earlier configured using the Lotus Notes
Traveler clients. The SMS part of the scheduled sync settings
continue to be a client only configuration option.
Locking of individual default settingsThe Lotus Notes Traveler
administration application default settings configuration now
includes the ability to 'Lock' individual settings. This support
previously was only available by using Lotus Domino server
policies. Locking a setting prevents the user from modifying that
setting from their device. The following figure shows how you can
lock a particular setting:Chapter 1. IBM Lotus Notes Traveler
overview 17
-
1.2.3 Client managerThis newly released subsystem manages Lotus
Notes Traveler clients that are available for download using the
Lotus Notes Traveler server. An administrator can now access views
in the web based administration application that display exactly
which client levels are installed on the Lotus Notes Traveler
server. The Client manager allows the administrator to assign
specific client levels to individual users or groups of users.
1.2.4 Traveler high availabilityThe ability to run multiple
Lotus Notes Traveler servers in a high availability service pool is
provided in Lotus Notes 8.3.5 Upgrade Pack 1. This feature allows
devices to connect to any server in the pool at any given time.
Requests are received at any Lotus Notes Traveler server and a
decision is made whether to service the request locally or to route
the request to another server in the pool based on which server is
currently monitoring mail for the user and server loads. If a
server in the pool is stopped or unavailable, device requests can
be handled by the other servers in the pool without requiring a
recovery synchronization.
Support for Enterprise Database Servers has been introduced to
enable Lotus Notes Traveler high availability. In this release, DB2
for Linux, UNIX, and Windows and Microsoft SQL Server are supported
for storing Lotus Notes Traveler Notes administration data and
device synchronization data. An enterprise database is not required
when running Lotus Notes Traveler on a single server (i.e. in stand
alone mode).Lotus Notes Traveler also supports the transfer of
existing administration and user synchronization data from the
stand-alone Derby database to the enterprise database. This allows
the migration and/or consolidation of existing Lotus Notes Traveler
servers into a Lotus Notes Traveler HA pool.18 IBM Notes Traveler
Hints and Tips for a Successful Deployment
-
High availability pool-aware console commandsThe association of
a device to a server is easy and transient. To avoid requiring an
administrator to understand where a particular device or user is
being processed, the management commands have been updated to
communicate across servers and run the request on the appropriate
server. New console commands are also added to ease the management
and serviceability of the pool.
Additional contributors to status conditionAdditional factors in
determining the status condition (red/yellow/green) of a server are
added. The new conditions include: Low disk space on server
Expiration pending of the SSL certificate used to secure Lotus
Notes Traveler server to
server communication
1.2.5 Android enhancements
The enhancements for Android mobile devices include both client
and server areas: Enhancements for Android Client
Monthly view for Calendar Mail and Calendar UI now use larger
screen size in tablets
Enhancements for Server managed security policy Enforce the
complex password type (OS 3.0 or higher) Disable local password
storage Prohibit copy to clipboard Prohibit export attachments to
file system Prohibit camera (OS 4.0 or higher) Application password
support Password expiration period (OS 3.0 or higher) Password
history count (OS 3.0 or higher) Prohibit unencrypted devices (OS
3.0 or higher)
1.2.6 Miscellaneous new features
Some general enhancements that are applicable for all mobile
devices are as listed below.
Improved handling of Lotus Notes documentsNotes links that are
contained in mail messages and viewed on Lotus Notes Traveler
clients now include an additional URL hotspot which points to the
web address of the application server. You can open the linked
application using a browser on the mobile device, similar to how
applications can be opened using iNotes. However, there are a
number of restrictions to consider with this functionality: The
link can only be accessed if a connection can be made from the
mobile device to the
user's Domino mail server and/or the Domino application server
specified in the link. The application must be web enabled. This
means that the Domino HTTP service must be
running on the Domino application server and the application
design must have enabled Chapter 1. IBM Lotus Notes Traveler
overview 19
access from web clients.
-
Sent folder save optionsLotus Notes Traveler now synchronizes
with the user preference for handling the saving of mail in the
Sent Mail folder. In the previous releases, sent mail was always
saved in the Sent Mail folder. Additionally, the Lotus Notes
Traveler Administrator can override this behavior using the
NTS_SENDMAIL_SAVE_OPTIONS notes.ini parameter. Supported values
are: user - Honor the user's Notes and iNotes client mail save
preferences (default). never - Lotus Notes Traveler never saves
sent mail in the Sent Mail folder. always - Mail sent from a Lotus
Notes Traveler client is always saved in the Sent folder,
regardless of the user's Notes and iNotes client mail save
preferences. noatt - Attachments in the outgoing mail will not be
saved in the Sent Mail folder.
Draft mail attachment optionsLotus Notes Traveler now gives
administrators the option for all users who do not to save
attachments when creating a draft document on the device. When the
administrator sets the notes.ini parameter
NTS_DRAFT_DO_NOT_SAVE_ATTACHMENTS=true, all attachments are
stripped from the document being saved on a Domino server. 20 IBM
Notes Traveler Hints and Tips for a Successful Deployment
-
Chapter 2. Planning
In this chapter, we describe the tasks and the areas you need to
consider when planning an IBM Lotus Notes Traveler deployment.
2 Copyright IBM Corp. 2013. All rights reserved. 21
-
2.1 Supported hardware and softwareIn this section, we provide
the base supported hardware and software for IBM Lotus Notes
Traveler. For the complete and the most current Lotus Notes
Traveler 8.5.3 Upgrade Pack 1 system requirements, see the
following website:
http://www.ibm.com/support/docview.wss?uid=swg27027499
2.1.1 Domino Server supportAll versions of IBM Lotus Notes
Traveler must be installed and run on a base Lotus Domino server.
You can use either of these two versions of Lotus Domino for a
stand-alone Lotus Notes Traveler server: Lotus Domino 8.5.3
Enterprise Server Lotus Domino 8.5.3 Messaging Server
To implement a high availability Lotus Notes Traveler server,
you must use Domino 8.5.3 Enterprise Server.
The code version of both Lotus Domino and Lotus Notes Traveler
must be matched to the first three digits of the version number.
For example, version 8.5.3.x of Lotus Notes Traveler has to be
installed with version 8.5.3.x of Lotus Domino. It is not possible
to install a lower version of Lotus Notes Traveler on a higher
version of Domino (for example, Lotus Notes Traveler version
8.5.2.x on Domino version 8.5.3.x). This is because the libraries
that are used by the Lotus Notes Traveler task are associated with
the libraries that the Lotus Domino server implements and the
Libraries that the Lotus Domino server uses can change in different
releases of the product. This is why the only supported
environments are the environments that match the base versions.
Note that during the installation process of Lotus Notes
Traveler 8.5.3 Upgrade Pack 1, Domino will automatically be
upgraded to the Upgrade Pack 1 of Lotus Domino version 8.5.3 if
this is not already in place. This upgrade to Lotus Domino is
included in the Lotus Notes Traveler installation package of 8.5.3
Upgrade Pack 1. This is because there are certain aspects that are
included in this Lotus Domino upgrade pack that are needed for
Lotus Notes Traveler new functionality such as XPages for the web
administration of the server.
For optimal performance, Lotus Notes Traveler should be
installed on a dedicated server, including using a dedicated Lotus
Domino server that doesn't perform any other Lotus Domino functions
(for example, mail server or replication hub). In a small scale
proof of concept or pilot, you could consider installing Lotus
Domino mail server, Lotus Notes Traveler, and even other tasks such
as Sametime on the same host machine, however the production system
should be designed with the capacity carefully planned and have a
dedicated server just for Lotus Notes Traveler. We describe the
capacity planning in 2.4, Capacity planning on page 43.
2.1.2 Mail database supportLotus Notes Traveler can use and
synchronize with remote mail databases hosted on Lotus Domino
version 7.0.2 and later, running on any operating system that Lotus
Domino supports. Lotus Notes Traveler supports Lotus Notes standard
and iNotes mail file templates based on version 6.5 and higher. So
this means that although the Lotus Notes Traveler server itself has
to be at a very specific version, it can synchronize email from any
Lotus Domino server 22 IBM Notes Traveler Hints and Tips for a
Successful Deployment
running on any platform as long as it is at version 7.0.2 or
greater, and using mail file
-
templates of version 6.5 and above. It is possible to have your
Lotus Notes Traveler server running at a newer version of Lotus
Domino than the rest of the Lotus Domino servers in your domain.
However if doing so, you need to give careful consideration to
preventing the newer database design elements replicating out from
your Lotus Notes Traveler server to the rest of the older Lotus
Domino servers in your Lotus Domino domain. More details on Lotus
Domino domain planning can be found in 2.6, Domino domain
configuration on page 44.
2.1.3 Domino directory template support (names.nsf)You must
ensure that you use the same Domino directory template for the
names.nsf database (pubnames.ntf) version for the Lotus Domino
server that you run Lotus Notes Traveler on. Ensure the Domino
directory template that is supplied with the version of Lotus
Domino that matches your Lotus Notes Traveler version. So for
example, if using Lotus Notes Traveler 8.5.3 Upgrade Pack 1, the
Domino directory template used on the Lotus Domino server running
Lotus Notes Traveler must also be at version 8.5.3 Upgrade Pack 1.
This is because there are new fields introduced in each version of
Lotus Notes Traveler and only the matching version of Domino
directory mail template includes the new fields. If the Domino
directory template on the Lotus Domino server and Lotus Notes
Traveler server do not match, certain fields won't show all of the
data. For example, there was no "External Server URL" field in the
8.5.1.x version of Lotus Notes Traveler. If you upgraded the Lotus
Notes Traveler server to 8.5.2.x or later and did not upgrade the
Domino directory template, the field for the "External Server URL"
would not appear even though this was a valid data field according
to the server.
You can check the version of the Domino directory template on
any Lotus Domino server using the following steps:1. Open the
Domino administration console and navigating to the "Files" tab.2.
Right-click the Domino directory for the server (names.nsf
filename). Select Properties.3. From the pop-up window, select the
design tab. The template version is shown in the
Inheritance section.
The template version should be 8.5.3 for a Lotus Domino Server
running version 8.5.3, and that is the required version for Lotus
Notes Traveler 8.5.3 upgrade pack 1.
When planning your Lotus Notes Traveler infrastructure if you
opt to place your Lotus Notes Traveler servers in the same Lotus
Domino domain as the rest of your Lotus Domino servers, you need to
decide how to manage the Domino directory template. You have three
options: Upgrade all your Lotus Domino servers in the Domino domain
to use the same version of
Lotus Domino as used on your Lotus Notes Traveler Server. This
means all your Lotus Domino servers will be at the same level and
will use the same version the Domino directory template, but this
may be difficult to achieve if you have a large Lotus Domino
environment.
Just upgrade your Lotus Notes Traveler servers to use the latest
version of Lotus Domino and allow the updated Domino directory
template replicate to the other, older, Lotus Domino servers in
your Lotus Domino domain. This should work and is supported as the
updated versions of the Domino directory template are designed to
be backwards compatible with previous versions of Lotus Domino
(albeit only to a certain number of previous versions) but it would
be good practice to test this first in your own environment.
Especially to ensure that the latest version of the Domino
directory template is backwards compatible with all the older
versions of Lotus Domino you have.
Just upgrade your Lotus Notes Traveler servers to use the latest
version of Lotus Domino and prevent the new design elements of
updated Domino directory template replicating Chapter 2. Planning
23
out to the other, older, Lotus Domino servers in your Lotus
Domino domain.
-
If you place your Lotus Notes Traveler servers in their own
dedicated Lotus Domino domain instead then you can upgrade them to
the latest version of Lotus Domino without having to worry about
the design of the Domino directory replicating to any other/older
Lotus Domino servers. More details on Lotus Domino domain planning
can be found in 2.6, Domino domain configuration on page 44.
2.1.4 Server hardware requirementsThe operating system that is
used for the Lotus Notes Traveler server should be a 64-bit
version. The Lotus Notes Traveler server does not copy the user
mail files from the Lotus Domino mail server to the Lotus Notes
Traveler server, but moves the data through the server as required
during synchronization. The Lotus Notes Traveler server must
maintain the memory needs for the data transferring from the Lotus
Domino mail server to all the end user devices, and this can be
thought of as a "pipeline" from the mail server to the device
through the memory of the Lotus Notes Traveler server. The number
of data connections that are in use can also be extensive. To
better manage the connections, Lotus Notes Traveler requires
resources from the operating system to maintain the amount of
information needed to oversee the connections. Therefore, it is
recommended to run Notes Traveler on a 64-bit operating system.
Capacity will be severely limited if running Notes Traveler on a 32
bit OS.
The following table shows the hardware requirements for Lotus
Notes Traveler:
Feature Requirement
Disk space Although you can run Notes Traveler with as little as
500MB of free disk space, for production environments it is
recommended to maintain at least 5 GB of free disk space. Certain
log actions can suddenly use a lot of disk space, such as a memory
dump. Running low on disk space will cause file fragmentation and
performance issues. Running out of disk space will cause a server
crash and possibly loss of data.
A stand-alone server implementation of Lotus Notes Traveler
requires database space. Running a defragmentation on the database
on a regular interval might keep the size of this database small.
In 8.5.3 Upgrade Pack 1, the database management code is improved
and defragmentation should not be as necessary as it was in the
previous versions of the product.
To help with managing the space that if used by logging, you can
put in plan to use the command tell traveler log clear to clear the
logs on the server and reinitialize the logging. Note that running
the tell traveler log clear command will remove all previous
runtime logs on the server in regards to Lotus Notes Traveler
directory /traveler/logs (NTSUsage*, NTSActivity*, and NTSError*
logs). If you decide to do this as part of your maintenance you can
plan appropriately for your needed disk space.
Memory The minimum amount of free memory required to run Lotus
Notes Traveler is 512 MB. This is in addition to the memory needed
for the operating system, and Lotus Domino itself.For production
systems a minimum of 8 GB of system memory is recommended. More may
be required depending on how many concurrent users / devices you
wish to host. See 2.4, Capacity planning on page 43 for more detail
on memory concerns.24 IBM Notes Traveler Hints and Tips for a
Successful Deployment
-
2.1.5 Enterprise database requirementsLotus Notes Traveler High
Availability mode requires an enterprise database that is accessed
by all Lotus Notes Traveler servers in a common service pool. The
following table shows the enterprise databases that are supported.
See the database product documentation for information on their
hardware and software requirements:
2.1.6 Server operating systemsThe following table shows the
supported operating systems (OS) for Lotus Notes Traveler:
Network protocols Lotus Notes Traveler supports any network
supported by a device that provides an HTTP/TCP or HTTPS/TCP
connection between the device and the Lotus Notes Traveler server.
Examples include GSM, GPRS, 802.11x, and WiFi. In addition, Lotus
Notes Traveler can utilize Short Messaging Service (SMS) for push
notifications instead of HTTP/HTTPS (for selected mobile device
platforms). The SMS is only used for notifications and HTTP/HTTPS
is still required for data transfer. For communication between the
Lotus Notes Traveler server and the Louts Domino mail servers,
Notes RPC is used (port 1352 by default).
Feature Requirement
Product Notes
DB2 for Linux, UNIX, and Windows Enterprise Server Edition 9.7,
Fixpack 5 or higher
64-bit version recommended.
DB2 for Linux, UNIX, and Windows Workgroup Server Edition 9.7,
Fixpack 5 or higher
64-bit version recommended.A limited use license to IBM DB2 for
Linux, UNIX, and Windows 9.7.0.4 Server Edition is included with
the Lotus Notes Traveler 8.5.3 Upgrade Pack 1 release. This limited
use license is provided for customers who want to deploy a Lotus
Notes Traveler High Availability server and elect to use this
entitled DB2 version as their RDBMS solution. The DB2 license
should not be used for any purpose other than the support of Lotus
Notes Traveler.
Microsoft SQL Server Enterprise Edition 2008 SP1 CU1 or
higher
64-bit version recommended.
Microsoft SQL Server Enterprise Edition 2008 R2 SP1 CU1 or
higher
64-bit version recommended.
Operating system Notes
Red Hat Enterprise Linux (RHEL) 5 Server for x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Red Hat Enterprise Linux (RHEL) 5 Server for x86 (64-bit)
Supports Domino server running in 32-bit application mode. This
operating system is supported for Lotus Notes Traveler Standalone
mode and High Availability mode.Chapter 2. Planning 25
-
Red Hat Enterprise Linux (RHEL) 5 Advanced Platform for x86
(32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Red Hat Enterprise Linux (RHEL) 5 Advanced Platform for x86
(64-bit)
Supports Domino server running in 32-bit application mode. This
OS is supported for Lotus Notes Traveler Standalone mode and High
Availability mode.
Red Hat Enterprise Linux (RHEL) 6 Server for x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Red Hat Enterprise Linux (RHEL) 6 Server for x86 (64-bit)
Supports Domino server running in 32-bit application mode. This
OS is supported for Lotus Notes Traveler Standalone mode and High
Availability mode.
SUSE Linux Enterprise Server (SLES) 10 for x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
SUSE Linux Enterprise Server (SLES) 10 for x86 (64-bit)
Supports Domino server running in 32-bit application mode. This
OS is supported for Lotus Notes Traveler Standalone mode and High
Availability mode.
SUSE Linux Enterprise Server (SLES) 11 for x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
SUSE Linux Enterprise Server (SLES) 11 for x86 (64-bit)
Supports Domino server running in 32-bit application mode. This
OS is supported for Lotus Notes Traveler Standalone mode and High
Availability mode.
Windows Server 2003 Enterprise Edition x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Windows Server 2003 R2 Enterprise Edition x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Windows Server 2003 Enterprise Edition x86 (64-bit)
This OS is supported for Lotus Notes Traveler Standalone mode
and High Availability mode.
Windows Server 2003 R2 Enterprise Edition x86 (64-bit)
This OS is supported for Lotus Notes Traveler Standalone mode
and High Availability mode.
Windows Server 2003 Standard Edition x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Windows Server 2003 R2 Standard Edition x86 (32-bit)
32-bit operating systems are supported but, 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Operating system Notes26 IBM Notes Traveler Hints and Tips for a
Successful Deployment
-
2.1.7 Web browsers for administration
Lotus Notes Traveler supports web based administration through
XPages. You can use this administration tool in place of the
lotustraveler.nsf that was previously used in the Lotus Notes
Traveler servers. For the high availability implementation of the
server, the web administration is required as it is no longer
possible to administrate the Lotus Notes Traveler environment using
the lotustraveler.nsf database after the move to HA mode has been
completed. The following web browsers are supported in this
capacity: Apple Safari 5.0 and higher Mozilla Firefox 3.6 and
higher Microsoft Internet Explorer 7 and higher Google Chrome 5 and
higher
2.1.8 IP sprayerLotus Notes Traveler, running in High
Availability mode, requires an IP sprayer located in front of the
Lotus Notes Traveler server pool to provide a single URL entry
point and to route requests evenly among the members of the pool.
IP sprayer support has been tested with, but not limited to, the
following: Apache HTTP Server v2.2.22 WebSphere Edge Server
v7.0.0.18
Windows Server 2003 Standard Edition x86 (64-bit)
This OS is supported for Lotus Notes Traveler Standalone mode
and High Availability mode.
Windows Server 2003 R2 Standard Edition x86 (64-bit)
This OS is supported for Lotus Notes Traveler Standalone mode
and High Availability mode.
Windows Server 2008 Enterprise Edition x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Windows Server 2008 Enterprise Edition x86 (64-bit)
This OS is supported for Lotus Notes Traveler Standalone mode
and High Availability mode.
Windows Server 2008 R2 Enterprise Edition x86 (64-bit)
This OS is supported for Lotus Notes Traveler Standalone mode
and High Availability mode.
Windows Server 2008 Standard Edition x86 (32-bit)
32-bit operating systems are supported, but 64-bit operating
systems are strongly recommended for all deployments with a
significant number of users. This OS is supported for Lotus Notes
Traveler Standalone mode only.
Windows Server 2008 Standard Edition x86 (64-bit)
This OS is supported for Lotus Notes Traveler Standalone mode
and High Availability mode.
Windows Server 2008 R2 Standard Edition x86 (64-bit)
This OS is supported for Lotus Notes Traveler Standalone mode
and High Availability mode.
Operating system Notes
Important: JavaScript and cookie support must be enabled in the
web browser for the Lotus Notes Traveler web administration
application to function properly. Chapter 2. Planning 27
-
Lotus Mobile Connect (LMC) v6.1.5
2.1.9 Device hardware requirementsThe following table shows the
hardware requirements for the mobile devices that are supported by
Lotus Notes Traveler:
Feature Applicable OS Notes
Device memory Nokia Series 60 3rd and 5th edition
Nokia Symbian^3
Lotus Notes Traveler for Nokia S60 client requires approximately
4 MB of free program file storage on the device to install Lotus
Notes Traveler.
File storage required for PIM and mail is not included in these
estimates, varies widely, and depends on how much data is
synchronized to the device.
If it is necessary to collect traces or logs, up to 2 MB of
additional program file storage may be needed.
If the installation file (SISX file) is manually downloaded to
program file storage, it requires an additional 1 MB. This file can
be deleted after installation.
If mobile device security policies are in place or support for
remote device wipe is needed, and you are using a Nokia S60 device,
it may be necessary to install the Nokia security enablement
library on the device. This library can be obtained from
download.fds-ncom.nokia.com/supportFiles/phones/files/pdf_guides/services/IBM_TTPA_Allow_New_App/IBMTTPAAllowNewApp.SIS
Device memory Windows Mobile 6.0, 6.1, and 6.5
Lotus Notes Traveler for Windows Mobile client requires
approximately 4 MB of free program file storage on the device to
install Lotus Notes Traveler.
File storage required for PIM and mail is not included in these
estimates, varies widely, and depends on how much data is
synchronized to the device.
If it is necessary to collect traces or logs, up to 2 MB of
additional program file storage may be needed.
If the cabinet install file (CAB file) is manually downloaded to
program file storage, it requires an additional 2 MB. This CAB file
can be deleted after installation.
Device memory Android Lotus Notes Traveler for Android client
requires approximately 2 MB of free storage on the device to
install Lotus Notes Traveler.
File storage required for PIM and mail is not included in these
estimates, varies widely, and depends on how much data is
synchronized to the device. Note that during initial setup, you can
choose to have some of the data stored on external storage.
Trace and log storage required is dependent upon the
configuration setting. The default value is 2 MB.28 IBM Notes
Traveler Hints and Tips for a Successful Deployment
-
2.1.10 Devices and operating systemsThe following table shows
the mobile device operating systems that are supported by Lotus
Notes Traveler:
Device/Operating System
Notes
Apple iPhone OS 2 Not supported. For reliable operation with
Lotus Notes Traveler, upgrading to version 3.1 firmware or higher
is required.
Apple iPhone OS 3 IBM strongly encourages upgrading to version
3.1 firmware or higher for use with Lotus Notes Traveler.
Apple iOS 4 IBM strongly encourages upgrading to version 4.0.1
firmware or higher for use with Lotus Notes Traveler.
Apple iOS 5 IBM Lotus Notes Traveler supports the same mail,
calendar and contact features in iOS5 that are supported in iOS4.
New capabilities in iOS5 (e.g. Reminders) are not supported by
Lotus Notes Traveler, but will be considered for utilization and
support in a future release.
Apple iOS 6 IBM Lotus Notes Traveler supports the same mail,
calendar and contact features in iOS6 that are supported in
iOS5.
iPhone, iPhone 3G, iPod Touch (2nd generation)
Supported. Note that these devices do not include on-device
encryption.
iPhone 3GS, iPhone 4, iPhone 4S, iPad, iPad2, iPad3, iPod Touch
(3rd generation and higher)
Supported.
Nokia Series 60 3rd Edition
Lotus Notes Traveler supports all Nokia Series 60 3rd and 5th
edition devices.
For a list of Nokia devices that support the Nokia security
enablement library for remote security features see
download.fds-ncom.nokia.com/supportFiles/phones/files/pdf_guides/services/IBM_TTPA_Allow_New_App/IBMTTPAAllowNewApp.SIS
Nokia Series 60 3rd Edition Feature Pack 1
Nokia Series 60 3rd Edition Feature Pack 2
Nokia Series 60 5th Edition
Nokia Symbian^3 Edition
Device encryption is only supported by Symbian^3 devices and
they must be running an operating system level of Symbian Anna
release or higher.
Nokia Symbian^3 devices do not require a separate download of
the Nokia security library required for S60 devices. This support
is built into the device.Chapter 2. Planning 29
-
What does IBM do internally?
The IBM internal implementation of Lotus Notes Traveler is
currently based on a mixture of Windows and Linux based servers,
but a project is underway to migrate to using Linux only. All of
servers are run as virtual 'guests' on a VMware 4.5.1 Enterprise
environment. The specifications of the virtual guests are as
follows:
Windows VMware guest specifications: 4 vCPUs 8GB - 12GB of
memory (the most heavily utilized servers were upgraded from 8 GB
to 12
GB) Windows 2008 R2 64-bit
Windows Mobile 6.0 Classic
Lotus Notes Traveler supports all Windows Mobile 6.0, 6.1, and
6.5 devices.
Windows Mobile 6.0 Professional
Windows Mobile 6.0 Standard
Windows Mobile 6.1 Classic
Windows Mobile 6.1 Professional
Windows Mobile 6.1 Standard
Windows Mobile 6.5 Professional
Windows Mobile 6.5 Standard
Android OS 2.0.1+ Lotus Notes Traveler supports all devices,
including tablets, running Android OS 2.0.1 to 2.x. Note that if
you wish to use enterprise security features, such as complete
device wipe or device password policies, you must be running
Android OS 2.2 or higher.
Android OS 3.0+ Lotus Notes Traveler supports all devices,
including tablets, running Android OS 3.0 or higher. This version
is required for enablement of some Android security features,
including: Complex character device password support, device
password expiration, device password history count and whole device
encryption.
Android OS 4.0+ Lotus Notes Traveler supports all devices,
including tablets, running Android OS 4.0 or higher. This version
supports all Android security features from previous Android
releases and adds support for Prohibit Camera.
Important: IBM recommends upgrading the firmware of all Android,
Apple, Nokia, and Windows Mobile devices to the latest levels. The
specific delivery technique varies widely and depends on the
device, the carrier, and many other factors.
Device/Operating System
Notes30 IBM Notes Traveler Hints and Tips for a Successful
Deployment
-
SAN hosted disks with separate volumes for the operating system
(C:), program binaries (D:) and log files (E:).
Linux VMware Guest Specifications: 4 vCPUs 8GB memory Redhat 6
Enterprise Server SAN hosted disks with separate file systems and
mount points for the operating system,
program binaries and log files.
For details of how many users IBM host on Lotus Notes Traveler
servers of this specification, see 2.4, Capacity planning on page
43.
2.2 Choosing a stand-alone or high availability configuration
for Lotus Notes Traveler
When deciding to deploy IBM Lotus Notes Traveler version 8.5.3
Upgrade Pack 1, a number of questions should be asked in regards to
using the high availability (HA) option or the stand-alone option.
By default, the installation of 8.5.3 Upgrade Pack 1 is a
stand-alone server. It is not until you want to configure Lotus
Notes Traveler for HA that an enterprise database and a 'front-end'
IP sprayer are required.
The two main influencing factors to choosing a stand-alone
server versus an HA Lotus Notes Traveler implementation are: The
number of devices Lotus Notes Traveler is to service The need for
continuous availability or fail-over capability if a Lotus Notes
Traveler server
instance becomes unavailable.
Other factors are also discussed after we address these main two
concerns.
2.2.1 Number of devices
Lotus Notes Traveler 8.5.3 Upgrade Pack 1 has improved the
server capability to manage memory and data in the servers. With
this improvement, the server performs faster and maintains better
data organization in the Lotus Notes Traveler databases. These are
either the local derby databases that are used by Lotus Notes
Traveler in stand-alone mode, or the enterprise databases that are
used in the HA mode. The improvement was largely due to the
improvement, and refactoring of many of the SQL queries that are
used, and adjustments to the tables that are contained in the Lotus
Notes Traveler databases. Because of these important factors, if
your current implementation of Lotus Notes Traveler is providing
service for 2,000 devices or less, then a stand-alone server with
8.5.3 Upgrade Pack 1 (of the correct specification) would be
sufficient if you do not need your Lotus Notes Traveler server to
be highly available.
Important: If using a Virtual System environment, a dedicated
storage such as SAN hosted disks used by IBM is important. Running
Notes Traveler in stand alone mode is very disk IO heavy. Often
times Virtual Machines are not given sufficient disk priority to
perform at maximum capacity. In HA mode much of the disk processing
is moved to the database server, and it is this server that disk IO
speed will be critical.Chapter 2. Planning 31
-
If you plan to support more than 2,000 devices, using the HA
environment is your best option. A single Lotus Notes Traveler
8.5.3 Upgrade Pack 1 server in an HA configuration can service up
to approximately 2,500 devices on a single server. For any
additional devices above this number, another server is required to
handle the load. A single HA server pool (consisting of multiple
Lotus Notes Traveler servers, all configured in HA mode) can
support approximately 10,000 devices. The basic rule of thumb is
that the number of servers required in a Lotus Notes Traveler HA
server pool is 1 + the number of servers needed to serve the load.
For example, if you were to implement an environment that was
intended to serve 5,000 users, you would need 3 Lotus Notes
Traveler servers. The additional server is required so that if one
of the servers in the pool failed, all of the devices can still be
serviced by the remaining servers in the pool without degrading the
quality of the service. Note that all of the servers in a HA pool
are always used in normal circumstances so the additional server is
utilized all of the time.
2.2.2 System availability considerationIf you wish to ensure
that the Lotus Notes Traveler solution has continuous availability,
then the HA option is the solution that must be used.
If you are implementing a HA solution you need to ensure that
all of the components that make up the end to end Lotus Notes
Traveler server are also high availably. As such the other aspects
of the solution that need to be considered and have a high
availability solution of their own include: A HTTP/IP Sprayer or
load balancer server A Lotus Domino mail server (for example, use
Lotus Domino clustering) A high availability solution for the
enterprise database
2.2.3 Other considerationsThe other considerations of using an
HA solution include: Server resource constraint:
If your servers has a maximum of 8 GB memory only, the HA
solution allows you to have multiple severs. With multiple servers
you can handle a higher load with fewer devices on each server.
Thus, you are able to service more devices with more machines when
the machines are restricted on the resources they are allotted.
This is more common in a VM environment.
Network constraint:If the internal network speed is not fast, or
bandwidth is a limitation, consider the stand-alone solution if you
do not need a HA solution according to the first two points
described in this section. In a stand-alone configuration, all the
resources are local and there is no traffic from the HTTP/IP
Sprayer to the Lotus Notes Traveler server to the enterprise
database server and back within the network.
2.2.4 What does IBM do internally?At the time of writing, the
IBM internal implementation of Lotus Notes Traveler is comprised
entirely of stand alone Lotus Notes Traveler servers.32 IBM Notes
Traveler Hints and Tips for a Successful Deployment
-
2.3 Planning your server and network topologyWhen planning the
server and network topology for a Lotus Notes Traveler environment,
there are a number of key points that you should consider: On which
Lotus Domino servers should you install Lotus Notes Traveler? Does
your Lotus Notes Traveler environment need to be highly available?
How will the user mobile devices, which are typically on an
external mobile data network,
connect to your Lotus Notes Traveler server? How will your Lotus
Notes Traveler server connect to the Lotus Domino servers
hosting
the users mail files?
2.3.1 Choosing a Lotus Domino serverIt is advisable to use a
dedicated Lotus Domino server for hosting Lotus Notes Traveler that
is not used for performing any other role (for example, mail
server, routing hub, and so on). This configuration not only
maximizes the number of users that the Lotus Notes Traveler server
can host, but also has other advantages such as being able to apply
Lotus Notes Traveler specific configuration and tuning settings,
enabling the server to be upgraded easier, and giving you more
flexibility as to where you place your Lotus Notes Traveler servers
in your network topology.
2.3.2 High availability or stand-aloneImplementing high
availability for your Lotus Notes Traveler environment is a
decision you have to make based on how critical the service is to
your business. A high availability solution means that your users
can continue to use the Lotus Notes Traveler service even in the
event of an outage. However, it does increase the complexity of the
overall Lotus Notes Traveler environment, so, if the availability
of the Lotus Traveler service is not considered to be business
critical, you have the choice of implementing a simpler stand-alone
solution instead.
2.3.3 ConnectivityThere are three different approaches to
providing the necessary connectivity between Lotus Notes Traveler,
the users, and their respective mail servers. However, the
implementation of each varies slightly depending on if you also
want to enable High Availability (HA). All three variants work in a
HA configuration, so the decision on whether to use HA does not
restrict which of the three approaches you can use. The three
approaches are described in more detail in the following sections,
including details of the pros and cons of each to help you choose
which is best suited to your own environment.
Option one: A direct connection solutionIn a direct connection
topology, the Lotus Notes Traveler server is placed in a network
de-militarized zone (DMZ) that enables the Notes Traveler to
connect directly to internet using the "front" firewall of the DMZ.
The Lotus Notes Traveler is able to access to the Lotus Domino mail
server through the "back" firewall of the DMZ.
This topology is shown in the following figure:Chapter 2.
Planning 33
-
Why use a direct connect solution?As a direct connect based
solution is the quickest and easiest to implement, it is often used
in an initial pilot or proof of concept of Lotus Notes Traveler.
However, even in these circumstances, you still have to ensure the
servers are sufficiently secured before exposing them to internet,
especially if they will be synchronizing data from your production
environment.
Implementing High Availability in a direct connect solutionWhen
implementing high availability (HA) in a direct connect solution,
the pool of HA Lotus Notes Traveler servers is placed in the DMZ so
that all of the servers in that pool can be accessed from the
internet. This pool of servers is then addressed using either a
simple round robin DNS entry that contains an entry for all the
servers in the pool or using a separate IP sprayer server,
depending on how you implement the load balancing part of the HA
solution (2.14, Mobile device management integration on page 63 for
more details on load balancer considerations). Because the HA
solution for Lotus Notes Traveler also requires an enterprise
database server (either IBM DB2 for Linux, UNIX, or Windows or
Microsoft SQL Server) that is hosted on the internal network, an
additional rule on the "back" firewall of the DMZ is required to
enable connectivity between the Lotus Notes Traveler server and the
database server.
The following figures show the topology for a direct connect
solution with HA using both round robin DNS and an IP sprayer:34
IBM Notes Traveler Hints and Tips for a Successful Deployment
-
Lotus Notes Traveler direct connection with high availability
via round robin DNS:Chapter 2. Planning 35
-
Lotus Notes Traveler direct connection with high availability
using an IP sprayer:
Advantages of a direct connect solutionThe main advantage of the
direct connection solution is that it is the simplest and quickest
to implement. All that is required is a network DMZ and a new
server upon which to host Lotus Notes Traveler.
Disadvantages of a direct connect solutionThe main disadvantage
of the direct connection solution is that it is the least secure
because it exposes the Lotus Notes Traveler server (and the Lotus
Domino server hosting it) to the internet.
The front firewall of the DMZ only requires the HTTPS port to be
opened (443) but this allows all external web browser traffic to
connect to the Lotus Notes Traveler server. This means the
operating system, the Lotus Domino server, and the Lotus Notes
Traveler server all must be properly hardened to make sure they are
secure. These servers also must be patched regularly to ensure they
remain secure.
If using a direct connect solution, consider deploying your
Lotus Notes Traveler server in a separate Lotus Domino domain to
the Lotus Domino mail servers to increase the level of security at
the Domino layer. This implementation prevents the servers on your
main Domino domain (and the data they host, such as the Domino
directory etc) from being exposed directly to the internet. For
more details on implementing Lotus Notes Traveler in a separate
Lotus Domino domain, see 2.6, Domino domain configuration on page
44.
Another disadvantage of the direct connect solution is that
Lotus Notes document links will not work in Lotus Notes Traveler
unless additional configuration is implemented to support it (e.g.
opening more firewall rules between the Lotus Notes Traveler
servers and the Lotus 36 IBM Notes Traveler Hints and Tips for a
Successful Deployment
-
Domino Mail servers). So if a user receives an email that
contains a link to another document hosted somewhere in the Lotus
Notes environment, they cannot use that link. This is because,
although Lotus Notes Traveler does support Lotus Notes document
links, the Lotus Domino server hosting the document that the link
points to must be both HTTP enabled and accessible on the network
to the user device through HTTP. In a direct connection solution,
by default only the Lotus Notes Traveler server itself is
accessible to the user device. So if being able to use Lotus Notes
document links via Lotus Notes Traveler is required, it would also
be necessary to implement the network layer configuration changes
to provide the connectivity between the Lotus Notes Traveler server
and the Lotus Domino mail servers for it to work.
Option two: A reverse proxy solutionIn a reverse proxy based
solution, the Lotus Notes Traveler server is placed in your
internal network and a reverse proxy server is placed in a network
de-militarized zone (DMZ). The connectivity between the user device
and the Lotus Notes Traveler server is handled by proxy server, so
the device only ever connects directly to the proxy server and then
the proxy server (transparently) provides the connectivity to the
Lotus Notes Traveler server. As the Lotus Notes Traveler server is
on the internal network, there are no connectivity restrictions
between it and the Lotus Domino mail servers.
The following figure shows this topology:
Why use a reverse proxy solution?A reverse proxy based solution
negates some of the security risks associated with the direct
connect solution, but is generally easier and cheaper to implement
than a Virtual Private Network (VPN) based solution. As such, it is
a good choice if you want to implement a Chapter 2. Planning 37
solution with strong security but do not want the complexity and
cost associated with
-
implementing a separate VPN infrastructure. If implementing a HA
solution, you also have the option to use a combined proxy and IP
sprayer server to provide the required functionality with the
minimum number of servers.
Implementing high availability in a reverse proxy solutionWhen
implementing high availability (HA) in a reverse proxy solution,
rather than connecting to the Lotus Notes Traveler server, the
proxy server connects to an IP Sprayer located on the internal
network instead. That IP Sprayer then passes the connection from
the user device on to one of the Lotus Notes Traveler servers in
the HA pool. Alternatively, if you use a proxy server that supports
a load balancing/IP spraying capability (such as IBM Mobile
Connect), it is also possible to combine the IP spraying function
with the reverse proxy meaning that the reverse proxy performs both
of these roles, reducing the number of server instances required to
provide the Lotus Notes Traveler infrastructure.
As the Lotus Notes Traveler servers are located on the internal
network, they can connect directly to the enterprise database
server that is also required in a HA configuration.
The following figures are examples of reverse proxy topology
using both a separate IP sprayer and a combined IP sprayer and
proxy:
Lotus Notes Traveler reverse proxy connection with high
availability using a separate IP sprayer:38 IBM Notes Traveler
Hints and Tips for a Successful Deployment
-
Lotus Notes Traveler reverse proxy connection with high
availability using combined proxy and IP sprayer:
Advantages of a reverse proxy solutionThe main advantage of the
reverse proxy solution is that the Lotus Domino server running
Lotus Notes Traveler is no longer directly connected to the
external internet, reducing the security risks associated of
exposing the data hosted on these servers and thus making the
overall solution more secure.
Another advantage of this solution is that if you configure
Single Sign On (SSO) authentication between the proxy server and
the Lotus Notes Traveler server, you can off load much of the user
authentication processing to the proxy server. This can potentially
improve the performance of your Lotus Traveler server as it will
only process users who have already authenticated successfully with
the proxy server. Configuring SSO is described in more detail in
7.2, Configuring single sign-on on page 297.
Disadvantages of a reverse proxy solutionThe main disadvantage
of the reverse proxy solution is that it increases the number of
server instances that make up the Lotus Notes Traveler environment.
This topology also increases the complexity as a separate proxy
server is required, requiring additional skills to support the
reverse proxy server and additional configuration to integrate the
reverse proxy server with Lotus Notes Traveler. However, the
benefit of the additional security a reverse proxy solution offers
will generally outweigh this disadvantage in the majority of
circumstances.Another disadvantage is that the reverse proxy
solution only provides connectivity to the Chapter 2. Planning
39
Lotus Notes Traveler servers themselves and not to anything else
on the internal network.
-
This means that the users cannot access other applications or
data on the internal network, such a browsing intranet web pages or
using Sametime.
A further disadvantage is that, just like the direct connect
solution, Lotus Notes document links will not work in Lotus Notes
Traveler unless additional configuration is implemented to support
it (e.g. opening more firewall rules between the Lotus Notes
Traveler servers and the Lotus Domino Mail servers). This is
because, although Lotus Notes Traveler does support Lotus Notes
document links, the Lotus Domino server hosting the document that
the link points to must be both HTTP enabled and accessible on the
network to the users device via HTTP. In a reverse proxy solution
typically only the Lotus Notes Traveler server itself is accessible
to the users device, via the connectivity provided by the proxy
server. So if being able to use Lotus Notes document links via
Lotus Notes Traveler is required, it would also be necessary to
implement the network layer configuration changes to provide the
connectivity between the Lotus Notes Traveler server and the Lotus
Domino mail servers for it to work.
Option three: A virtual private network solutionIn a virtual
private network (VPN) based solution, a VPN connection (tunnel) is
established between the users mobile device and the internal
network, through a VPN server located in the network de-militarized
zone (DMZ). Once this VPN connection is established, the users
mobile device is effectively connected the internal network and has
direct connectivity to all of the servers located on it. All of the
network traffic between the mobile device and the internal network
is sent through the VPN connection, which is normally encrypted as
well. This means that all of the Lotus Notes Servers