Академический Документы
Профессиональный Документы
Культура Документы
Sure. These are questions I also get asked at interviews (i'm a notes
contractor)
From the Domino Administrator, click the Messaging - Mail tab, then select Mail
routing status. You can also check for undelivered mail in the mail routing events
view in the log file (LOG.NSF).
Data base replication errors can be common, but can also be very frustrating to correct. Suggestions
for troubleshooting replication problem include:
• Make sure the DB's are sharing the same replica ID's.
• Check the Domino Log database for possible errors that are occurring.
• Check for the DB replication history to find last successfully replicated and to determine when
the problem started.
• Make sure Replication task are enabled & also in the database properties.
• Check for the DB ACL's which allows replication between the DB's
• Make sure sever has sufficient disk space to allow the DB's to add the documents.
3. Tell me about Notes security.
User Authentication : This is a process in which Notes client and domino serveruse to
validate each other when a client tries to access the domino server
Server Security: This controls the access the domino server, server access is controlled by
a server access list on the domino server
Database Security: This controls the acess to the database on the domino server
• User Name
• Password
• Certifier Information
• Certifier Duration
• Public Key
• Private Key
• Secrete Key
administration server
The server that you assign to apply Administration Process updates to a primary replica.
Save conflicts
A save conflict occurs when two or more users open and edit the same document at the
same time on the same server, even if they're editing different fields. When this situation
occurs, the first document saved becomes the main document
Replication conflicts
A replication conflict occurs when two or more users edit the same document and save the
changes in different replicas between replications
• The Owner's name - A user ID File may also contain one alternative name
• A Permanent license number- This number indicates that the owner is legal and specifies
whether the owner has a North American or International license to run Domino or Notes.
• At least one Notes certificate from the certifier ID - which is a Digital signature added to a
user ID or Server ID. This generates from the private key of the certifier ID.
• A Private key- Notes uses private key to sign messages sent by the owner of the provate key
and to decrypt messages sent to its owner.
• Internet certificates (optional) - An Internet certificate is used to secure SSL connections and
encrypt and sign S/MIME mail messages.
• One or more secret encryption keys (optional) - Encryption keys are created and distributed by
users to allow other users to encrypt and decrypt fields in a document.
All Notes IDs contain two public/private key pairs. Prior to 5.0.4, key lengths were restricted for the
purposes of encrypting data, but not for authentication or signing. Anything over 512-bit RSA key and
56-bit symmetric key was considered strong encryption and was not allowed for export by the U.S.
Government. Customers were required to order and choose among kits of different cryptographic
strengths.
With the relaxation of US government regulations on the export of cryptography, the Domino server
and the Domino Administrator, Domino Designer, and Lotus Notes client products have consolidated all
previous encryption strengths -- North American, International, and France -- into one strong
encryption level resulting in a single "Global" release of the products. The Global release adopts the
encryption characteristics previously known as North American. Strong encryption in Global products
can be used worldwide, except in countries whose import laws prohibit it, or except in those countries
to which the export of goods and services is prohibited by the U.S. government. Customers are no
longer required to order Notes software according to cryptographic strength.
4. Global Domain Doc, Foreign domain doc, Foreign SMTP Domino Doc
Domains are defined by creating Domain documents. Multiple documents types are available based on
the requirements needed to route mail. The Following types of documents are available.
• Adjacent domain document- this document is used to route mail between servers that are not
in the same Notes named network.
• Foreign Domain Document-This document is used for connections between external applications.
A typical application used is a fax or pager gateway.
• Foreign SMTP Domain Document-This document is used to route Internet mail when the server
does not have explicit DNS access.
• Global Domain document- this document is used to route mail to Internet domains.
Configuration information regarding message conversion rules are defined in the document.
Setting up a Domino server as an SMTP server consists of enabling two separate tasks: a listener task
and a routing task. Enabling the SMTP Listener allows a server to receive mail over SMTP. Enabling
SMTP routing lets the Domino Router send mail to other servers using SMTP. You enable SMTP routing
to destinations within the local Internet domain separately from SMTP routing to external destinations.
It's also possible to enable SMTP routing on a server without enabling the Listener task, and vice-versa.
For example, to support POP3 and IMAP clients, which use SMTP to send mail, you must have at least
one internal server running the SMTP Listener task. However, the server does not have to use SMTP
when transferring messages it receives over SMTP to the next hop on the routing path. After the
server has accepted a message over SMTP, it can use Notes routing to transfer the message to other
servers.
Replication Type:
Four Different types of replication exist. The type you choose affects the direction of
replication as well as which of the servers performs the work of the replication.
Pull Pull: Replication is bidirectional, whereby the source server initiates replication and pulls
documents from the target server. The source server then signals the target server's Replica task to
pull documents in the opposite direction. Both servers are involved in the replication.
Pull Push (Default): Replication is bidirectional, whereby the source serves’s replica task performs all
of the work, pushing and pulling documents to and from the target server. The target server's Replica
task is never engaged.
Pull Only: Replication is one-way, whereby the source server pulls documents from the target.
Push Only: Replication is one-way, whereby the source server pushes documents to the target.
Router Type:
Pull: This type of router can route in one direction, pulls from source server.
Push: This type of router can route in one direction, Pushes from the source server.
Pull Push: This Type of router can trigger two-way routing; router on the originating server pushes mail
to the destination server and then triggers the destination server to route mail back again.
Push Wait: This Type of router can trigger two-way routing; the source server first pushes to the
target server and then waits to receive a connection from the target. This is usually used between
servers with dialup connections.
In partition server Environment, all Partitions share the same domino program directory and each
partition has its own Domino data directory & notes.ini
Using Domino server partitioning, you can run multiple instances of the Domino server on a single
computer. By doing so, you reduce hardware expenses and minimize the number of computers to
administer because, instead of purchasing multiple small computers to run Domino servers that might
not take advantage of the resources available to them, you can purchase a single, more powerful
computer and run multiple instances of the Domino server on that single machine.
On a Domino partitioned server, all partitions share the same Domino program directory, and thus share
one set of Domino executable files. However, each partition has its own Domino data directory and
NOTES.INI file; thus each has its own copy of the Domino Directory and other administrative
databases.
If one partition shuts down, the others continue to run. If a partition encounters a fatal error,
Domino's fault recovery feature restarts only that partition, not the entire computer.
Partitioned servers can provide the scalability you need while also providing security. As your system
grows, you can migrate users from a partition to a separate server. A partitioned server can also be a
member of a cluster if you require high availability of databases. Security for a partitioned server is
the same as for a single server.
When you set up a partitioned server, you must run the same version of Domino on each partition.
However, if the server runs on UNIX®, there is an alternative means to run multiple instances of
Domino on the server: on UNIX, you can run different versions of Domino on a single computer, each
version with its own program directory. You can even run multiple instances of each version by installing
it as a Domino partitioned server.
8. Web server: Realm doc, Web site doc, Web agents, SSO, Gzip etc
Web Server: A Domino server is considered to be a web server when it is running the HTTP task. the
HTTP task can be started automatically by adding it to the Server Tasks= line in the server's Notes.ini
file, or by issuing the Load HTTP Command at the server console.
For all types of encryption except network port encryption, Domino uses public and private keys so that
data encrypted by one of the keys can be decrypted only by the other. The public and private keys are
mathematically related and uniquely identify the user. Both are stored in the ID file. Within the ID
file, the public key is stored in a certificate, but the private key is stored separately from the
certificate. The certificate containing the public key is also stored in the Domino Directory, where it is
available to other users.
Domino uses two types of public and private keys -- Notes and Internet. You use the Notes public key to
encrypt fields, documents, databases, and messages sent to other Notes users, while the Notes private
key is used for decryption. Similarly, you use the Internet public key for S/MIME encryption and the
Internet private key for S/MIME decryption. For both Notes and Internet key pairs, electronic
signatures are created with private keys and verified with public keys.
When you register a user, Domino automatically creates a Notes certificate, which contains the user's
public keys, and adds it to the ID file and the Domino Directory. The private key is created and stored
in the ID file. You can also create Internet public and private keys after user registration. Domino
stores Internet certificates, which contain public keys, in the ID file and also in the Domino Directory.
The Internet private key is stored in the ID file, separately from the certificate.
To create Notes public and private keys, Domino uses the dual-key RSA Cryptosystem and the RC2 and
RC4 algorithms for encryption. To create the Internet public key, Domino uses the x.509 certificate
format, which is an industry-standard format that many applications, including Domino, understand.
Both the Notes client and Domino server support 1024-bit RSA key and 128-bit symmetric key for
S/MIME and SSL. The Notes proprietary protocols use a 630-bit key for key exchange, and a 64-bit
symmetric key.
Only someone with Manager access can modify the ACL. The Designer and Manager of the database can
coordinate to create one or more roles to refine access to particular views, forms, sections, or fields of
a database. For details on using the Access Control List in databases that you manage or design, see
Lotus Domino Designer 6 Help.
ACLs apply only to databases stored on servers, not databases stored locally. If you make a change to a
local database and replicate the database up to the server, replication honors the level of access you
have in the ACL on the server. For example, if you have Reader access to a database on a server and you
add new documents to your local replica of the database, your new documents will not get added to the
database when you replicate the local replica up to the server again. Reader access does not allow you to
create new documents. However, it is possible for database designers to enforce a consistent ACL
across all replicas of a database, so even local databases would honor the ACL.
Note Whether or not a user can run agents depends on the access set
by the Domino administrator in the Agents Restrictions section of the
Server document in the Domino Directory. If you select "Create
LotusScript/Java agents" for a name in the ACL, the Server document
controls whether or not the user can run the agent on the server.
Create personal folders/views Personal folders and views created on a server are more secure than
those created locally, and they are available on multiple servers.
Administrative agents can operate only on folders and views stored on a
server.
Deselect this option to prevent users from creating folders and views on
a server, which saves disk space on the server. They can still create
folders and views locally.
Create shared folders/views Deselect this option to maintain tighter control over database design.
Otherwise, a user assigned this privilege can create folders and views
that are visible to others.
Create LotusScript/Java agents LotusScript and Java agents on server databases can take up significant
server processing time, so you may want to restrict which users can run
them.
Note Whether or not a user can run agents depends on the access set
by the Domino administrator in the Agents Restrictions section of the
Server document in the Domino Directory. If you select "Create
LotusScript/Java agents" for a name in the ACL, the Server document
controls whether or not the user can run the agent on the server.
Read public documents Select this option to allow users to read documents or see views and
folders designated as "Available to Public Access users," an option in the
Security tab of the Forms, Views, and Folders Properties dialog boxes.
This option lets you give users with No Access or Depositor access the
ability to view specific documents, forms, views, and folders without
giving them Reader access. In addition, documents that you want
available to public access users must contain a field called
$PublicAccess. The $PublicAccess field should be a text field, and its
value should be equal to one.
For information about how this privilege applies to mail templates and
for information on creating forms, views, and agents, see Lotus Domino
Designer 6 Help.
Write public documents Select this option to allow users to create and modify documents with
forms designated as "Available to Public Access users" in the Security
tab of the Form Properties dialog box. This option lets you give users
create and edit access to specific documents without giving them Author
access, or an equivalent role, and gives users access to create documents
from any form in a database.
Replicate or copy documents Select this privilege to allow users to replicate or copy the database, or
documents from the database, locally or to the clipboard.
Check the article “Understanding Lotus Notes Security & Execution Control List (ECL) settings
A Domino cluster is a group of two or more servers that provides users with constant access to data,
balances the workload between servers, improves server performance, and maintains performance when
you increase the size of your enterprise. The servers in a cluster contain replicas of databases that you
want to be readily available to users at all times. If a user tries to access a database on a cluster server
that is not available, Domino opens a replica of that database on a different cluster server, if a replica
is available. Domino continuously synchronizes databases so that whichever replica a user opens, the
information is always the same.
IBM Lotus Notes® clients can access all Domino cluster servers. HTTP clients (Internet browsers) can
access only Domino Web servers in a Domino cluster.
Clustering requirements
Server requirements
• All servers in a cluster must run one of the following: the Lotus Domino 6 Enterprise server, the
Lotus Domino 6 Utility server, the Domino Release 5 or Domino Release 4.62 Enterprise server,
or the Domino Release 4.6 or Domino Release 4.5 Advanced Services server.
Note Earlier releases of Domino do not have access to features that are new in Domino 6.
• All servers in a cluster must be connected using a high-speed local area network (LAN) or a
high-speed wide area network (WAN). You can also set up a private LAN for cluster traffic.
• All servers in a cluster must use TCP/IP and be on the same Notes named network
• All servers in a cluster must be in the same Domino domain and share a common Domino
Directory.
• You must specify an administration server for the Domino Directory in the domain that contains
the cluster. If you do not specify an administration server, the Administration Process cannot
change cluster membership. The administration server does not have to be a member of a
cluster.
• Each server in the cluster must have a hierarchical server ID. If any servers have flat IDs, you
must convert them to hierarchical IDs to use them in a cluster.
• A server can be a member of only one cluster at a time.
• Each server must have adequate disk space to function as a cluster member. Because clusters
usually require more database replicas, servers in clusters require more disk space than UN
clustered servers.
• Each server must have adequate processing power and memory capacity. In general, clustered
servers require more computer power than un clustered servers
This section addresses some problem that may occur related to domino clusters. Problems that may
occur can be related to authentication, database replication, or failover in the event of a server outage.
1. Make sure that the Cluster Replicator task is running on all of the servers in the cluster.
2. Ensure that the database exits on all servers in the cluster and that the replica ID's are same.
3. Check the log files to see if errors are occurring related to the replication task. Check to see if
there is an excessive amount of replication requests queued that may hint at a server performance
issue.
4. Examine the cluster Database Directory and make sure that the databases are enabled for
replication.
5. Make sure there is only one copy of the database on each cluster.
6. Verify that the ACL's in the database are set correctly to allow servers to communicate. The User
Type for servers must be set to server or server group.
7. Check the server documents on all servers in the cluster and make sure that each server is assigned a
valid, unique IP address and that all IP addresses related to the cluster Manager are defined properly.
Typical problem that can appear when running Domino on a partitioned serer include partitions in use and
communication infrastructure/Setup issues.
• Only one server can be running per partition. If an error occurs stating that a partition is
already in use, verify that a server process is not already running on the server. A server reboot
may be requried to correct this issue.
• Verify that the server is running in the event that users are receiving an error that the server
is unreachable.
• If a port-mapping server is sharing the same network card as the destination server, make sure
that the server is running.
• Verify that information in the notes.ini file related to port-mapping is set up correctly.
• Verify that all the information related to the communications set up for the server is correct in
the Domino Directory.
Update
The Purpose of Update is to update a database's view indexes. Update runs automatically when the
server is started and continues to run while the server is up. Update waits about 15 minutes before
processing the database so that all changes in the database are finished processing. When the views are
updated, it then searches the domain for databases set for immediate or scheduled hourly index
update. When Update finds a corrupted view or Full-text index, it rebuilds the full-text index and tries
to solve the issue.
Update (a, b, c)
Where:
a -- Number of documents to be updated. If 'a' is not specified, one document is updated.
b -- New size of the summary item "Subject" (optional; default is ""). If 'b' is not specified,
the length of the summary data is a uniform random number between 1 and 100 bytes.
c -- Length of non-summary item "Body" (optional; defaults to ""). If 'c' is not specified, the
length of the non-summary data is a uniform random number between 100 and 300 bytes.
Updall
Updall is used to rebuild corrupted views and full-text index searches, as Update does, and has various
options that can be defined when launched by using a software switch. Updall is executed by default at
2:00 a.m. and, unlike Update, can be run manually. Deletion stubs are removed, and views that haven't
been used for 45 days are deleted unless they are protected by the database designer. Setting the
parameter Default_Index_Lifetime_Days in the Notes.ini file enables an administrator to determine
when Updall removed unused views.
Use this syntax when you use the Load updall console command:
Load updall databasepath options
For example:
Load updall SALES.NSF -F
Fixup
Fixup is used to repair database that were open when a server failure occurred. Fixup runs
automatically when the server starts, but it can also be run from the Domino Console, when necessary.
Databases are checked for data errors generated when a write command to the database was issued
and a failure occurred causing a corruption in the database. When Fixup is running on a database, user
access is denied until the job completes. Fixup should be run if Updall does not fix the database errors.
Fixup options in Fixup tool and Command-line equivalent Description
Task - Start tool
Fixup all databases databasepath "Fixup only this database or folder" runs
Fixup only this database or Fixup only on a specified database or all
folder databases in a specified folder. To run
Fixup on a database in the Domino data
folder, enter the file name, for example
SALES.NSF. To run Fixup on a database
or databases in folders within the data
folder, enter the path relative to the
data folder. For example, to run Fixup on
all databases in the DATA\SALES folder,
specify SALES.
Compact
Compact can be used to recover space in a database after documents are deleted. Deleting documents
from a Domino database does not actually decrease the size of the database. A deletion stub is created
and the document is removed permanently when compact is run, and the size of the DB is then reduced.
Three types of compacting are available.
Tip Use this compacting method the most frequently -- it is the fastest method and causes the least
system impact.
This style of compacting reduces the file size of databases as well as recovers unused space in
databases. This style of compacting is somewhat slower than in-place compacting with space recovery
only. This style of compacting assigns new DBIIDs to databases, so if you use it on logged databases
and you use a certified backup utility, perform full backups of the databases shortly after compacting
is complete. This style of compacting allows users and servers to continue to access and edit databases
during compacting.
When you run Compact without specifying options, Domino uses this style of compacting on databases
that aren't enabled for transaction logging. Domino also uses this style of compacting when you use the
-B option. To optimize disk space, it's recommended that you run Compact using the -B option on all
databases once a week or once a month.
Copy-style compacting
A Copy is created, and when the compact is complete, the original database is deleted. Because of this,
there needs to be sufficient disk space available to make the copy of the database, or any error will
occur and the compact will not work. During this type of compacting, a new database is created and a
new DBIID is assigned. Because a new database is actually being created, this option locks out all users
and servers from editing the database. Access using this version of compact for read only can be
enabled if the -L switch is used at the time it is run.
Tip : Compact should be run on all databases at the least weekly, if possible, but it should be run at a
minium of once a month using the format compact -B to minimize the amount of disk space. If Fixup
does not correct a database problem, running compact with the switch of -c can attempt to correct the
problem.
Characteristics In place, space In place, space Copy-style
recovery recovery with file
size reduction
Databases that use it when Logged databases Unlogged databases Databases with pending
compact runs without with no pending with no pending structural changes
options structural changes structural changes
Databases you can use it on Current release Current release Current release (need -c)
Compact - Basics
Compact - Options
Compact - Style
Option Command-line equivalent Description
In-place (recommended) -b Uses in-place compacting and recovers
unused space without reducing the file
size, unless there's a pending structural
change to a database, in which case
copy-style compacting occurs. This is
the recommended method of
compacting.
In-place with file size -B Uses in-place compacting, recovers
reduction unused space and reduces file size,
unless there's a pending structural
change in which case copy-style
compacting occurs. If you use
transaction logging, do full database
backups after compacting completes.
Copy-style -c Uses copy-style compacting. Use this
option, for example, to solve database
corruption problems.
Copy-style: Allow access while -L Enables users to continue to access
compacting databases during compacting. If a user
edits a database during compacting,
compacting is canceled. This is useful
only when copy-style compacting is
done.
Copy-style: Ignore errors and -i Enables compacting to continue even if
proceed it encounters errors such as document
corruption. Only used for copy-style
compacting.
Compact - Advanced
The advanced compact options are not available through the Compact tool in the Files tab of the Domino
Administrator.
Option* Command-line equivalent Description
Document table bitmap -f Disables "Document table bitmap
optimization: Off optimization" database property. Does
copy-style compacting.
Document table bitmap -F Enables "Document table bitmap
optimization: On optimization" database property. Does
copy-style compacting.
Don't support specialized -h Disables "Don't support specialized
response hierarchy: Off response hierarchy" database property;
in other words, support specialized
response hierarchy. Does copy-style
compacting.
Don't support specialized -H Enables "Don't support specialized
response hierarchy: On response hierarchy" database property;
in other words, do not support
specialized response hierarchy. Does
copy-style compacting.
Enable transaction logging: -t Disables transaction logging.
Off
* Select "Set advanced properties" before you enable or disable any of these properties.
Compact - Archive
When you use the document archiving tool to archive and delete documents in a database, you can use
the following Compact options to archive documents if the database is located on a server and you've
chosen the advanced archiving option "Automatically on server."
Open a Notepad and type all the files which has to be processed in each line.
And save that file with extension as .ind
22. If we include the Server_Restricted =2 in the notes.ini file then only administrator can
Access the server not other users.
23. By default User.ID file Expires 2 years and Server.ID & Cert.ID Expires 100 Years
24. If we find Kit Type=2 in the notes.ini file then, that noets.ini file is for the server.
If we fine Kit Type=1, then notes.ini file for the client.
25. Limitation of the Organization Unit only 4 levels. But IBM recommended keeping only two
Organization Units.
26. If we Register one Origination Unit, then it will created one ID file for OU & a Certifier
Document in Domino Directory.
28. When we Register User, then Domino Atomically Cerate the one ID file for the User, User
Personal Document &Mail Database is created
29. If User is moving from one server to other Server in Different Domin, then AdminP not
involves the Process, Only if the User is moving form one Server to other Server with same
Domin then only AdminP Process the Request
30. Local Domino Server Group is created by default when we installed the Additional Server.
31. Server Console Security can implement thought the command Set Secure <password>
32. If Administrator is forgot the console password, then just remove set secure line in the
notes.ini file.
34. If User is include in the Server Access Group & Not Access server Group, then the
particular user not access the server.
35. In server Document “Create Database & Templates” , if this option is empty then Every body
can created the Database . This has to take care by administrator.
38. After Upgrading the server from R5 to R6 , give the Compact Command then ODS version
will change on every database.
39. If .NSF Database is changed to .NS5, then it will not convert to any other ODS versions .it’s
remains ODS version 41 only .that means R5 only.
44. By default all users having the Author access to the Domino Directory.
45. In the Readers filed controls that can see the Document & Authors filed promotes who
author to editor to specific Document.
46. Public Documents means even the no access users can see and edit the create the Document.
47. Lotus uses the Secrete key encryption for Filed level security.
49. Domino Support Native MIME. But R4, R5 not support MIME.
50. Mailer is lotus client software which deposits the mail to Mail. Box
52. Every User other then Administrator Depositor Access to Mail. Box
53. DNNDomino Named Network
56. If ID file is store in the Domino Directory the ID file should contained the Password. If ID
file not having password, then it will not store in the Domino Directory.
By default, all NRPC connections use TCP port 1352. Because the Internet Assigned Number
Authority (IANA) assigned Lotus Domino this port number, non-Domino applications do not
usually compete for this port.
Do not change the default NRPC port unless:
You can use a NAT or PAT firewall system to redirect a remote system's connection
attempt.
You are using Domino port mapping.
You create a Connection document that contains the reassigned port number.
To change the default NRPC port number, use the NOTES.INI setting
TCPIPportname_TCPIPAddress and enter a value available on the system that runs the
Domino server. TCP ports with numbers less than 5000 are reserved for application vendors.
You may use any number from 1024 through 5000, as long as you don't install a new
application that requires that number.
61. When we installed the First Domino server the following are created atomically
3. In the User Activity interface, select the check box "Activity is confidential."
4. Click OK. Click X to close out of Properties.
• Every Domino server has a log file (LOG.NSF) that reports all server activity and provides
detailed information about databases and users on the server. The log file is created
automatically when you start a server for the first time.
• User Name
• Password
• Certifier Information
• Certifier Duration
• Public Key
• Private Key
• Secrete Key
67. Policie
Setup If a policy including setup policy settings is in place before you set up a new Notes
client, these settings are used during the initial Notes client setup to populate the user's
Location document. Setup settings include Internet browser and proxy settings, applet
security settings, and desktop and user preferences.
Desktop Use desktop policy settings control and update the user's desktop environment
or to reinforce setup policy settings. For example, if a change is made to any of the policy
settings, the next time users authenticate with their home server, the desktop policy
settings restore the default settings or distribute new settings specified in the desktop
policy settings document.
Mail archiving Use archive policy settings to control mail archiving. Archive settings
control where archiving is performed and specify archive criteria.
Security Use security settings to set up administration ECLs and define password-
management options, including the synchronization of Internet and Notes passwords.
“If user is Already register, then we can apply only Archive Policy & Security Policy & Setup
Policy”
“Policy are Introduced in the Domino R6 Version”
68. Groups
• Server Security
• Database Security
1. Multipurpose
2. Mail Only
3. ACL only
4. Server Group
3. System Administrator
4. Database Administrator
5. Administrator
6. Remote Administrator
70. Encryption
1. RSA Encryption
2. Dual Key Encryption
Encryption protects data from unauthorized access. For all types of encryption except
network port encryption, Domino uses public and private keys .so that data encrypted by
one of the keys can be decrypted only by the other. The public and private keys are
mathematically related and uniquely identify the user. Both are stored in the ID file.
Within the ID file, the public key is stored in a certificate, but the private key is stored
separately from the certificate. The certificate containing the public key is also stored in
the Domino Directory, where it is available to other users.
To create Notes public and private keys, Domino uses the dual-key RSA Cryptosystem and
the RC2 and RC4 algorithms for encryption. To create the Internet public key, Domino
uses the x.509 certificate format, which is an industry-standard format that many
applications, including Domino, understand.
Both the Notes client and Domino server support 1024-bit RSA key and 128-bit symmetric
key for S/MIME and SSL. The Notes proprietary protocols use a 630-bit key for key
exchange, and a 64-bit symmetric key.
All the servers in a Domino cluster continually communicate with each other to keep
updated on the status of each server and to keep database replicas synchronized. Each
server in the cluster contains cluster components that are installed when lotus domino
Enterprise Server or Lotus domino 6 Utility server. These components in the
Administrator process perform the Cluster Management & Monitor task to ensure that
the cluster running smoothly.
Clustering requirements:
1. All servers in a cluster use TCP/IP Protocol.
2. All servers in the Cluster uses the same Domain and servers must use the same Domino
Directory.
There are two major reasons to create a replica for a database in a cluster -- to provide
constant availability of the data and to distribute the workload between multiple servers.
If you create too many Replicas’ in the cluster then it is unnecessarily to the overhead of
maintaining a system and affect performance.
If you have only two servers in your cluster, you can set them up in one of two ways: You
can use one of the servers as the primary server for user access and use the second
server as a backup and failover server, or you can equally divide the workload between the
two servers and have them fail over to each other. Dividing the workload typically ensures
better performance when both servers are running. When one server is not available,
performance is the same in both scenarios because one server must process the entire
workload of both servers.
The following figure shows a cluster with two servers with the workload divided between
the servers.
Next, you'll be prompted to provide a name for your cluster. For this example we have
selected to name the cluster "MailCluster1".
We need to setup another Domino server on the same cluster in order for failover to function.
Select another Domino server and step through the same steps as shown above. The only
exception, is when prompted for the name of the cluster DO NOT select *Create New
Cluster, select the down arrow key and select the cluster which was created in the steps
above. (MailCluster1)
The Domino server will add a couple of services to both of the domino servers
A cluster's ability to redirect requests from one server to another is called failover. When a
user tries to access a database on a server that is unavailable or in heavy use, Domino directs
the user to a replica of the database on another server in the cluster.
To change the default mail routing failover setting, make the following change in the
Configuration Settings document for every server in the cluster and every server in the
domain that can route mail.
1. From the Domino Administrator or the Web Administrator, click the Configuration
tab.
2. In the Task pane, expand Messaging.
3. Click Configurations.
4. Do one of the following:
From the Domino Administrator, select the Configuration document for the server or
server group you want, and click Edit Configuration.
From the Web Administrator, open the Configuration document for the server or server
group you want, and click Edit Server Configuration.
If you do not have a Configuration document for the server or server group you want,
create one by clicking Add Configuration.
Disabled
Enabled for last hop only (the default)
Note This setting affects delivery to a client but does not affect sending a message from
a client when the mail server is unavailable. If a user sends a message when the mail server
is unavailable, the delivery fails over to another server in the cluster, and the router on that
server sends the message.
Fault recovery is the ability of a Domino server to clean up and restart itself after a failure.
Fault recovery works well in a Domino cluster. If there is no Domino server to fail over to,
fault recovery still ensures that users will have constant access to their data. Even if users
fail over to another cluster server, fault recovery increases availability because the failed
server becomes available again. In addition, depending on the workload balancing parameters
you've set, some users will fail back to the original server when they open new databases.
If you are using an operating system cluster in conjunction with a Domino cluster, the
decision about whether or not to use fault recovery depends on how you configured the
operating system cluster. If you configured the operating system cluster to fail over on a
hardware failure only, fault recovery works well. Fault recovery restarts Domino on its
current server, and no operating system fail over occurs.
If you configured your operating system cluster to fail over on both hardware and software
failures, you don't need fault recovery because the operating system cluster will restart
Domino on another server in the cluster. In fact, you should disable fault recovery so you
won't have Domino restarting itself while the operating system cluster is also restarting it.
This can lead to problems.
By default, fault recovery is disabled. You enable it in the Server document.
1. From the Domino Administrator or the Web Administrator, click the Configuration tab.
2. In the Task pane, expand Server, and click All Server Documents.
3. In the Results pane, select the Server document you want, click Edit Server, and then click
the Basics tab.
75. Creating mail database replicas in a cluster during user registration from the Domino
Administrator
3. In the "Choose a Certifier" dialog box, choose a certifier and click OK.
4. In the Register Person -- New Entry dialog box, select Advanced, and then click the Mail tab.
8. Select "Create mail database replica(s)." A list is displayed of servers in the same cluster as
the Mail server.
To change the list of servers to receive a replica, use the Remove Server(s) button and the Add
Server(s) button.
12. (Optional) If you want to set up the user for roaming in a cluster, follow the procedure in the
topic "Setting up roaming in a cluster."
13. Complete the rest of the user registration the way you normally would.
There are 7 types of Access levels are their in the ACL to access the Database.
• Manager
• Designer
• Editor
• Author
• Reader
• Depositor
• No Access
Managerwho can create the Database is Manager to that database.
Only manager can encrypt the Database.
Only Manger can Change the ACL setting.
Only Manager can compact the Database.
Only Manager can delete the Database
DesignerDesigner can Access the all Design Elements like Views, form...etc.
Designer can create FT Index to the database (Full text Index).
Designer can delete the Document if Manager give the permission.
Editor By Default Editor can Create, Read & Modified the Document.
Editor can delete the Document if manager give the permission.
AuthorAuthor can Read the document if manager gives the permission.
Author can delete the Document, if author is owner of that document.
Author can always read Documents.
ReadersBy default readers can read the document.
Readers can’t Create & can’t Update the Documents.
DepositorDepositor can create the Document, but they can’t read the Document
This procedure creates single sign-on cookies for your server that can be used successfully
on other participating servers.
2. Open the Web Site document for which you want to enable single sign-on.
3. Click Domino Web Engine.
load HTTP
If the HTTP process is already running, type:
Use this procedure to enable single sign-on for Domino Release 5.0x servers, or for Domino
6 servers not configured with Web Site documents.
4. In the Web SSO Configuration field, select the Web SSO Configuration for this server
from the drop-down list.
Lotus Domino 7.0 has been enhanced to include the following administration Tools
Domino Domain Monitoring (DDM) provides a single location in the Domino Administrator client
that you can use to view the status of multiple servers across one or more domains. To do this,
DDM uses configurable probes to gather information across multiple servers. These probes
check for issues involving the Directory, SMTP, routing, replication, ACL, security, and agents.
DDM then consolidates and reports that information on specially-designated collection servers
in a Notes output database called the Domino Domain Monitor (DDM.NSF).
Lotus Domino 7.0 includes a number of enhancements to Lotus Notes Smart Upgrade. For
example, Smart Upgrade now detaches kits in the background to prevent lost time due to a
non-working client. Smart Upgrade also provides failover from a shared (network) upgrade kit
to another server's attached kit. In addition:
• Administrators are notified via a mail-in database of the Smart Upgrade status (success,
failed, or delayed) by user/machine.
• In clustered environments, Smart Upgrade can switch to another member of the cluster if the
first server is unavailable.
• Provisioning is available for the Smart Upgrade Tracking database.
• Smart Upgrade governor limits the number of downloads from a single server to avoid
excessive server load.
You can run the Domino 7.0 Web Administration client from a Mozilla Web browser on a Linux
system, enabling an end-to-end Linux deployment of Lotus Domino and Domino Web Access
with no need for Windows in the environment.
Lotus Domino 7.0 also offers the following features to make administration easier:
Lotus Domino 7.0 now features private blacklist/whitelist filters for SMTP connections and
DNS whitelist filters for SMTP connections. Most spam filtering involves blacklists in which
email from addresses on the list is rejected or filtered.
Create a TCP server event generator to verify the availability of the services on Internet
ports on one or more servers. A TCP server event generator uses the ISpy task to send a
probe to test whether the server is responding on a port
By default, the ISpy task monitors all enabled Internet ports (TCP services) on the server on
which it is running.
You must start the ISpy task before you can create server and mail routing event generators.
The ISpy task does not start automatically. Use any of these methods to start and stop the
ISpy task. Because the ISpy task is case-sensitive, you must enter it exactly as shown in this
table.
To do this Perform this task
Start the ISpy task Edit the ServerTasks setting in the
automatically when the server NOTES.INI file to include runjava
starts ISpy.
Start the ISpy task manually Enter the command load runjava ISpy
at the console.
Stop the ISpy task Enter either the command tell runjava
ISpy unload or tell runjava quit at the
console.
Mail journaling enables administrators to capture a copy of specified messages that the
Router processes by the Domino system. Journaling can capture all messages handled by the
Router or only messages that meet specific defined criteria. When mail journaling is enabled,
Domino examines messages as they pass through MAIL.BOX and saves copies of selected
messages to a Domino Mail Journaling database (MAILJRN.NSF) for later retrieval and
review. Mail journaling works in conjunction with mail rules, so that you create a journaling rule
to specify the criteria for which messages to journal. For example, you can journal messages
sent to or from specific people, groups, or domains. Before depositing messages in the Mail
Journaling database, the Router encrypts them to ensure that only authorized persons can
examine them. Journaling does not disrupt the normal routing of a message. After the Router
copies a message to the Mail Journaling database, it continues to dispatch the message to its
intended recipient.
Domino mail journaling differs from message archiving. Journaling works dynamically, making a
copy of each message as it passes through MAIL.BOX to its destination and placing the copy
in the Mail Journaling database. A copy of the message is retained, even if the recipient, or an
agent acting on the recipient's mail file, deletes it immediately upon delivery. Archiving is used
to reduce the size of an active mail file database by deleting messages from one location and
moving them to an offline database, usually in another location, for long-term storage.
Archiving acts on messages that have already been delivered. Journaling is performed
automatically by the server; while archiving is a manual operation, performed by end users on
their own mail files. End users can search for and retrieve messages from a mail file archive,
but only an authorized administrator can examine a Mail Journaling database.
By default, mail journaling is not enabled. You enable journaling from the Configuration
Settings document. To set up the Mail Journaling database, you specify where to store
journaled messages and then set options for managing the security and size of the database.
After you enable journaling, Domino automatically creates the Mail Journaling database in the
specified location.
1. Make sure you already have a Configuration Settings document for the server(s) to be
configured.
2. From the Domino Administrator, click the Configuration tab and expand the Messaging
section.
3. Click Configurations.
4. Select the Configuration Settings document for the mail server or servers where you want to
journal mail, and click Edit Configuration.
5. Click the Router/SMTP - Advanced - Journaling tab.
6. Complete the following fields, and then click Save & Close:
On servers running the ISpy task, this task sends mail probes in the form of trace messages
to test mail connectivity approximately every five minutes. Under normal use, the ISpy task
automatically deletes these probes from the ISpy mail-in database and the only trace of them
are entries in the Routing events view of the server log file and on the server console.
However, if you enable a journaling rule on these servers and specify the condition "All
documents," the Mail Journaling database will capture each trace message that the ISpy task
sends. To prevent the Mail Journaling database from filling up with these entries, configure a
rule exception for messages where the sender includes "ISpy."
Field Description
Journaling Specifies whether the server supports mail journaling. Choose
one:
1. If you have recovery information set up for your user ID, contact your administrator to obtain
the password(s) needed to recover your ID. The recovery password is randomly generated and
unique to each recoverable ID file and administrator.
Note If you do not have access to your user ID file, contact your administrator, who can provide
you with an encrypted backup of your user ID. Once you have the backup user ID, continue with
the following steps.
2. When you first log in to Notes and the Password dialog box appears, do not enter your password.
Just click OK.
5. Enter the password(s) given to you by your administrator(s) in the "Enter Passwords" dialog box,
and repeat until you have entered all of the passwords, and you are prompted to enter a new
password for your user ID.
6. Enter a new password for your user ID, and confirm the password when prompted. Note that if
you do not enter a new password, you will need to recover your user ID again.
7. Replace all backups and copies of your user ID file with the newly recovered user ID file.
For security reasons, the administrators must complete these steps from their own
workstations, rather than from the same workstation. Using separate workstations prevents
an unauthorized user from using a program to capture the keystrokes that the administrators
enter on the same workstation. If an unauthorized user obtains an administrator's ID file and
password, the unauthorized user can obtain the administrator's recovery password for all ID
files. Therefore, you must protect the administrator's ID file and require that multiple
administrators work together to recover any given user ID file.
1. Detach the encrypted backup of the user's ID file from the mail or mail-in database to the
local hard drive.
2. If the user's ID file is damaged, send a copy of the ID file from the centralized mail or mail-
in database to the user.
3. From the Domino Administrator, click the Configuration tab, and choose Certification -
Extract Recovery Password.
The Web Site Rules document is created from within the corresponding Web Site
document. The four types of Web Site Rules documents are:
Directory -- Use the Directory type to direct incoming URLs to a specific directory,
and to assign an access level.
Redirection -- Use the Redirection type to specify that designated incoming URL
patterns be redirected to a specified URL.
Substitution -- Use the Substitution type to replace a specified URL pattern with
another specified URL pattern.
HTTP response header -- Use the HTTP response header type to specify HTTP
headers that are added to all responses from requests that match the specified
URL pattern.
Web Site rules allow you to relocate or reorganize sites without breaking existing links or
browser bookmarks. Web Site rules appear as response documents to Web Site
documents
Ans: Web Site rules are documents that help you maintain the organization of a Web site. They have
two main uses:
Web Site rules are created as response documents to Web Site documents, and apply only to that
particular Web Site document. If you want to apply a rule to more than one Web Site document, copy
and paste the rule document from one Web Site document to the other.
Before Web Site rules can be applied to an incoming URL, the URL is normalized according to a
predefined set of filtering and validation rules and procedures. These procedures reduce the URL to a
safe form before it is passed to an application for processing. Once the URL is normalized, the HTTP
task uses the rules defined for the Web Site to determine if the URL is to be modified in any way.
Note Only the URL path is used for pattern matching. The query string is saved for use by the
application. Any patterns you specify for a rule's Incoming URL pattern field should not include a host
name or query string.
There are four types of Web Site rules. If more than one type of Web Site rule has been created for a
Web Site document, the rules documents are evaluated in this order:
• Substitution
• Redirection
• Directory
• HTTP response header
Substitution rules
A substitution rule replaces one or more parts of the incoming URL with new strings. Substitution rules
should be used when you want to reorganize your Web site, and you don't want to have to rewrite all the
links in the site, or when you want to provide user-friendly aliases for complex URLs.
For example, a substitution rule would be useful if you moved a number of files on your Web site from
one directory to another. Instead of fixing all the links that refer to the old directory, your
substitution rule would map the old directory to the new directory.
The incoming and replacement patterns in substitution rules must each specify at least one wildcard. If
you do not explicitly include a wildcard somewhere in a pattern, the HTTP task automatically appends
"/*" to the pattern when it stores the rule in its internal table.
Redirection rules
Redirection rules redirect incoming URLs to other URLs. There are two types of redirection rules:
external redirection and internal redirection. An external redirection rule causes the server to inform
the browser that a file or other resource requested by the browser is located at another URL. If the
incoming URL path matches an external redirection rule, the HTTP task generates a new URL based on
the redirection pattern and immediately returns that URL to the browser. Using external redirection
rules allows existing links and bookmarks to keep working, but insures that new bookmarks point to the
new location.
An internal redirection rule acts like a substitution rule, as the HTTP task generates a new URL and
then re-normalizes it. There are two differences, however. First, the redirection table is searched
recursively, so you can create and nest multiple redirection rules. Second, an internal redirection rule
does not require the use of a wildcard character. Thus, you can choose to use an internal redirection
rule instead of a substitution rule if you want to force an exact match on the URL path.
If the incoming URL path matches an internal redirection rule, the HTTP task generates a new path,
normalizes the path, and searches the redirection rule table again. Because the HTTP task does a
recursive search through the redirection rule table, you can write broad redirection rules that capture
URLs no matter what substitution or redirection has been applied.
Note Having a recursive search means that there is the potential for getting into an infinite loop if you
write redirection rules that match each other. To eliminate this possibility, the HTTP task has a built-in
recursion limit of ten.
Directory rules
A directory rule maps a file-system directory to a URL pattern. When the Web server receives a URL
that matches the pattern, the server assumes that the URL is requesting a resource from that
directory.
When you install a Domino 6 Web server, several file-resource directories are created automatically.
These default directories are mapped by directory rules that are defined on the Configuration tab of
the Web Site document. When the Web server starts up, it automatically creates internal rules to map
these directories to URL patterns. The three default directories are:
Directory rules can only be used to map the location of files that are to be read directly (such as HTML
files and graphic files) and executable programs to be loaded and run by the operating system (such as
CGI programs). Directory rules cannot be used to map the location of other types of resources, such as
Domino databases or Java servlets.
When you create a Directory Web Site rule, you specify read or execute access to a file-system
directory. It is critically important to choose the right access. Only directories that contain CGI
programs should be enabled for Execute access. All other directories should have Read access. If you
specify the wrong access level, unexpected results will occur. For example, if you mark a CGI directory
for Read access, when a browser user sends a URL for a CGI program, the server will return the source
code of the program instead of executing it, which could be a serious security breach.
Directory rules cannot override file-access permissions enforced by the operating system.
Note Access level is inherited by all subdirectories under the specified directory.
Every HTTP browser request and server response begins with a set of headers that describe the data
that is being transmitted. An HTTP response header rule allows an application designer to customize the
headers that Domino sends -- such as an Expires header or custom headers to HTTP responses -- with
responses to requests that match the specified URL pattern.
The most important use of response rules is to improve the performance of browser caching. An
application designer can add headers that provide the browser with important information about the
volatility of the material being cached.
The caching headers include the Last-Modified header, Expires header, and Cache-Control header. The
Last-Modified header indicates when the resource or resources used to generate a response were last
changed. The Expires header tells the browser when resources are expected to change. A designer can
define a rule to add Expires headers to responses based on when the designer expects resources to
change. The Cache-Control header provides explicit instructions to browser and proxy server caches,
such as "no-cache" for responses that should not be cached, or "private" for responses that are
cacheable but are specific to a particular browser configuration.
You can also use response rules to customize headers. For example, you can create response rules for
custom headers that display specific error messages -- for example, when a user is not authorized to
access an application.
Unlike other Web site rules, response rules are applied to the outgoing response, just before the HTTP
task transmits the response to the browser. For response header rules, the pattern is matched against
the final form of a URL, after substitution and redirection rules have been applied to it. For example, if
you have a substitution rule that transforms /help/* to /support.nsf/helpview/* and you want to create
a response rule to match the response, the pattern for the response rule should be
/support.nsf/helpview/*.
The pattern can include one or more asterisks as wildcard characters. For example, the pattern
/*/catalog/*.htm will match the URLs /petstore/catalog/food.htm, /clothing/catalog/thumbnails.htm,
and so on. A wildcard is not required in a response rule. This allows you to create a rule that matches a
specific resource, for example, /cgi-bin/account.pl. Also, as with all rules, the incoming pattern cannot
contain a query string.
Response header rules are different from other rules in that not only do they have to match a URL
pattern, they also have to match the HTTP response status code. You need to specify one or more
status codes in the HTTP response codes field.
Global Web Settings enable you to apply Web rules to multiple Web sites. You define a name for the
Global Web settings document, and specify the servers to which the Global Web settings apply. You
then create Web Rules documents for a Global Web Settings document. The Web rules then apply to all
Web sites hosted by the servers specified in the Global Web settings document.
Global Web Settings document and associated Web Site rule documents are not automatically created.
If you want to use the Global Web Settings document and Web Site rules in your Web environment, you
need to manually create them.
2. What are “DSAPI filter file names” While configuring DOLS manually?
Ans: DSAPI filter file name differs on the OS on which the Lotus Domino server is hosted.
Win32 - ndolextn
Linux - libdolextn
AIX® - libdolextn
Solaris/Sparc - libdolextn
S390® - libdolextn
iSeries® - libdolextn