Best Practices of IBM Notes Traveler

Deployment
Date: 27 Aug 2015
Open Mic Team
Sandip Singh - IBM ICS Support engineer
Presenter

Sukanya Yenneti - IBM ICS Support engineer

Presenter

Ranjit Rai - IBM ICS SWAT

Focussing on entire Notes/Domino

Jayavel Rajendran - IBM ICS SWAT

Focussing on entire Notes/Domino

Hansraj Mali - IBM ICS SWAT

Focussing on Notes/Domino

Narendra Nesarikar IBM ICS Support

Facilitator for Open Mics

2 | 2015 IBM Corporation

Agenda

Choosing the deployment

Reasons for migrations to new Hardware

Migrating Traveler Server to new Hardware

Best practices to upgrade Traveler Server

Common problems observed at time of Traveler upgrade

Moving a stand alone system to HA

Best practices to enable https on Traveler Server

What's new in Notes Traveler 9.0.1.3 and later releases

IBM Verse on Apple device

3 | 2015 IBM Corporation

Choosing the deployment:

Basic Stand-alone Traveler Architecture

4 | 2015 IBM Corporation

Choosing the deployment:

Basic Traveler HA Architecture

5 | 2015 IBM Corporation

Choosing the deployment (continued..)

Traveler and Mail servers in different Domino Domain

Keep the IBM Traveler server's directory separate from Mail server to prevent design
changes.

Minimize the amount of data from the mail servers that is accessible from the Notes
Traveler server.

Name look-up can still be done from Traveler server using the below notes.ini along
with DA.
NTS_TRAVELER_AS_LOOKUP_SERVER=true.

Note: With this deployment if you want to move to HA then all Traveler server in HA pool
should be from same DOMAIN. 6 | 2015 IBM Corporation
Choosing the deployment (continued..)

Network consideration

Mail server, IBM Traveler server and Enterprise database server should be located
in the same LAN.

Ping response not more than 50 m/s from Traveler server to mail servers.

Use HTTP or HTTPS to communicate with the Traveler server from the device.

Do not use form base authentication, use basic authentication (401).

Use basic Round Robin without session affinity for load balancers in HA setup.

Network equipment must not block or alter traffic between mobile device and server.

Disk Considerations

Windows 64/Domino 64 - 425 IOPs (I/O operations per second).

The disk I/O requirements for the enterprise database server are higher in order to
support multiple IBM Notes Traveler servers in HA.

7 | 2015 IBM Corporation

Choosing the deployment (Continued..)

Capacity Guidelines:

Maximum Devices Minimum OS Minimum Physical Minimum CPU Cores

Memory
100 Win32 4GB 2
300 Win32/Linux32 4GB 4
1000 Win64/Linux64 8GB 4
2000 Linux 64-bit 16GB 8
2000 Windows 64-bit 16GB 8

Note: While you are in HA maximum devices per server scale up to 2500.

Reference:
http://www-10.lotus.com/ldd/dominowiki.nsf/xpDocViewer.xsp?
lookupName=Administering+Lotus+Notes+Traveler+8.5.3#action=openDocument&res_ti
tle=Capacity_planning_guidelines_for_Lotus_Notes_Traveler_LNT853&content=pdconte
nt

8 | 2015 IBM Corporation

Reasons for migration to new Hardware:

New hardware for improved performance.

32-bit operating system to 64-bit operating system to host more users.

Unsupported operating system to a supported operating system.

Standalone IBM Notes Traveler to HA for fault tolerance.

9 | 2015 IBM Corporation

Migrating Traveler Server to new hardware:

Method 1 - Full data copy:

Copy the contents of the Domino data directory from Traveler old to Traveler new.

Change the hostname and IP address of the Traveler new server to match the
hostname and IP address of the Traveler old server.

Method 2 - Minimal data copy:

The Domino Server Name can be different.

Copy these files/directories from Traveler old to Traveler new:

data/traveler/ntsdb
data/LotusTraveler.nsf
data/ntsclcache.nsf

10 | 2015 IBM Corporation

Migrating Traveler Server to new hardware: (Continued..)

Method 2 - Minimal data copy: (Continued..)

Change the hostname and IP address of the Traveler new server to match the hostname and IP address
of the Traveler old server.

Take TRAVELER and HTTP out of the ServerTasks list in the notes.ini file and then start the Domino
server.

Change host name used in the Domino server document.

11 | 2015 IBM Corporation

Migrating Traveler Server to new hardware: (Continued..)

Method 2 - Minimal data copy (Continued..)

Change host name in any Internet Site Documents, if specified.

Add TRAVELER and HTTP back to the ServerTasks list of notes.ini file.

References:
http://www-10.lotus.com/ldd/dominowiki.nsf/xpDocViewer.xsp?
lookupName=Administering+Lotus+Notes+Traveler+8.5.2#action=openDocument&res_title=
Moving_Lotus_Notes_Traveler_to_a_new_server_LNT8521&content=pdcontent

12 | 2015 IBM Corporation

 Best practices to upgrade Traveler server:

Announcing the upgrade schedule.

Backing up files.

Updating Lotus Domino, then upgrade Traveler server.

Upgrade the design of Domino directory.

All devices, except the iOS devices are required to upgrade the IBM Notes Traveler
application after the server is updated, to have the new features.

13 | 2015 IBM Corporation

Best practices to upgrade Traveler server: (Continued..)

After upgrading the server, you can use IBM Notes Traveler immediately.
Resynchronization between the server and devices does not occur.

Maximum cached users:

14 | 2015 IBM Corporation

Best practices to upgrade Traveler server: (Continued..)

Maximum memory size:

By default, the value of the maximum memory size is 1024 MB for 64-bit. Evaluate the
system load and adjust the memory size as necessary.

Use the tell traveler mem or tell traveler status command to determine if Java heap is
sufficient on your system.

15 | 2015 IBM Corporation

Best practices to upgrade Traveler server: (Continued..)

Ensure that number of devices that are accessing the traveler should have the proper number
of HTTP threads are allocated to the server.

Number of threads that are needed is 1.2 times of the number of devices.

16 | 2015 IBM Corporation

Common problem observed at time of Traveler upgrade

Upgrade traveler domino server to latest version before traveler upgrade.

Immediate backup of ntsdb is recommended.

Remove traveler task from traveler server notes.ini, while domino server
upgrade.

Verify no notes/domino and java task is running while upgrade.

17 | 2015 IBM Corporation

Moving a stand alone system to HA:

Moving stand alone IBM Notes Traveler servers into a high availability pool.

IBM Notes Traveler High Availability configuration provides for improved fault tolerance.

HA configuration enables additional capacity to be added as needed for future growth.

IBM Notes traveler server in a HA pool:

Maximum Devices per Server Minimum Operating System Minimum Physical Memory Minimum CPU Cores

2,500 Linux 64-bit 16GB 4

2,500 Windows 64-bit server 16GB 4

18 | 2015 IBM Corporation

Moving a stand alone system to HA: (Continued..)

Deploys multiple IBM Notes Traveler servers in a service pool.

The pool of IBM Notes Traveler servers is accessed through a single URL.

The internal database on each individual IBM Notes Traveler server is no longer used.

This enables any server in the HA pool to service requests from any user/device.

19 | 2015 IBM Corporation

Moving a stand alone system to HA: (Continued..)

Requirements specific to running an HA Pool:

- Must run on 64 bit Windows or Linux OS.

- DB2 Enterprise server 9.7 FP5 or later.

- MS SQL Enterprise Server 2008 or later.

- Enterprise Database Server for the HA Pool:

Maximum Devices in Service Minimum Physical Memory Minimum CPU Cores

pool
4,000 16GB 4
6,000 16GB 4
8,000 16GB 4
10,000 32GB 8
12,000 32GB 8

20 | 2015 IBM Corporation

Moving a stand alone system to HA: (Continued..)

The minimum configuration for IBM Notes Traveler HA Pool is as follows:

- Two Domino servers running IBM Notes Traveler.

- One DB2 server or Microsoft SQL server.

- One server running the IP sprayer/load balancer.

21 | 2015 IBM Corporation

Moving a stand alone system to HA: (Continued..)

Process for Derby to Enterprise DB Migration is as follows:

- Only add one server to the pool at a time. First server creates the service pool.

- On startup will migrate user data to enterprise db.

- Allow data migration to complete before adding another server.

- Use DNS or Proxy for single access URL.

22 | 2015 IBM Corporation

Best practices to enable https on Traveler server:

Change the External Server URL of Traveler on the Server Document from

http://<servername>/traveler To https://<servername>/traveler

After updating the External Server URL from http to https, all users must reconfigure
their devices to the new server URL which is using https.

There are currently no solutions available that will automatically update or

reconfigure the devices. Enhancement Request JEDP-9V5QEG has been
created.

23 | 2015 IBM Corporation

Best practices to enable https on Traveler server: (Continued..)

If can't reconfigure all devices at that time then you should keep TCP/IP port status to "Enabled"
under TCP section in server document.

24 | 2015 IBM Corporation

Best practices to enable https on Traveler server: (Continued..)

What is Poodle?

POODLE - Padding Oracle On Downgraded Legacy Encryption.

This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using

a padding oracle side-channel attack.

POODLE affects older standards of encryption, specifically Secure Socket Layer

(SSL) version 3.

It does not affect the newer encryption mechanism known as Transport Layer
Security (TLS).

DISABLE_SSLV3=1 allows Domino server to disable SSLv3.

25 | 2015 IBM Corporation

Best practices to enable https on Traveler server: (Continued..)

Points to remember to avoid Poodle on Traveler server:

A Notes Traveler solution may or may not be impacted by the POODLE attack depending upon the
deployment configuration together with the technical responses or updates offered by the various platform
vendors.

1. Consult the mobile device vendors for details on their product responses to this attack.

2. Mobile devices connecting via SSLv3 directly to a Notes Traveler (Domino) server.

3. Mobile devices connecting via Mobile Device Management (MDM) servers.

NTS_SSL=true to encrypt the server to server communications.

The Notes Traveler server has been updated to use TLS as default encryption protocol for
server to server communication.

26 | 2015 IBM Corporation

Best practices to enable https on Traveler server: (Continued..)

IBM has released APAR patch LO82423 to prevent the use of SSLv3 in Notes Traveler secure server-to-
server communication. This patch has been included in Interim Fix updates for the following Notes Traveler
server releases and in all future releases:

9.0.1 IF7
9.0.0.1 IF8
8.5.3 Upgrade Pack 2 IF8

References:
https://www-304.ibm.com/support/docview.wss?uid=swg1LO82423
http://www.ibm.com/support/docview.wss?uid=swg21688179

IBM has released Domino server Interim Fixes that implement TLS 1.0 to protect against the POODLE
attack.

References:
http://www.ibm.com/support/docview.wss?uid=swg21687167

27 | 2015 IBM Corporation

 Whats new in Notes Traveler 9.0.1.3:

IBM Traveler 9.0.1.3 requires Domino 8.5.3.x, 9.0.0.x, or 9.0.1.0.x (or later).
We recommend running Domino 9.0.1 to take advantage of all latest fixes and features.
If installing on a Domino 8.5.3 server it is required to also install Domino 8.5.3 Upgrade Pack 1 if
not already installed.
Can be installed on any previous release of Traveler, stand alone or HA.
Same Enterprise DB support as 8.5.3 UP2.
BlackBerry devices latest firmware 10.3.1 support syncing the Trash Folder.
IBM Verse for iOS devices is supported but it is not supported if running on a Domino 8.5.3 server.
Upgrade Domino to a 9.0.x or later version for support.

28 | 2015 IBM Corporation

What is IBM Verse?

It is a powerful email hosting solution that enables users to access their business communications
from a laptop or desktop browser or from a mobile device.

This email and business messaging experience is based on an innovative user-centric design,
including social analytics and advanced search capabilities.

IBM Verse helps users quickly find and focus on what content is most important, empowering them to
build stronger working relationships while optimizing business results.

29 | 2015 IBM Corporation

IBM Verse for Apple devices

Requirements for Apple:

iOS 8.1 or later.
The app can only be used by Verse-licensed users in Connections Cloud or against on-premise IBM
Traveler servers at 9.0.1.4 or higher.
Domino must be 9.0 or later version.
IBM Traveler servers must support SSL/TLS and have a valid certificate (Not self-signed one).
The same IBM Verse for Apple devices client is used in either the cloud or on premise versions,
however some Verse capabilities are only available in the cloud. Those are:-
'Important People' features
People photos obtained from Connections Profiles

30 | 2015 IBM Corporation

 IBM Verse for Apple devices On-Prem

IBM Verse can be installed from the Apple iOS App Store.
To configure IBM Verse for the first time, you'll need to know the address of your IBM Traveler server.

31 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)

You may be required to set an application passcode for whenever you use IBM Verse.

32 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)

If the configuration is successful and pascode setting is done then IBM Verse will open the mail Inbox
and start syncing with the server.
From the Settings page, you can also choose whether to sync new data to your device automatically
(if your server supports it) or manually.

33 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)
Need Action:
When you receive a mail message that contains an action item, you can add it to a list of things that
need to be completed.
From the inbox, left swipe the message to display the option menu, then press the Needs Action
icon (Or ) From the message itself, press the same icon to open the options menu, then choose
Mark Needs Action.

34 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)

Need Action (Continued..) :

You can add notes to the message by tapping the Capture you notes here...

35 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)

Waiting for a response:

IBM Verse lets you track responses from mail messages you've sent. You do this by marking the
message as Waiting For.
Tap Waiting For icon from swipe menu from in Sent or Draft folder mails.
Tap Mark as Needs action button from compose view.

36 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)
Calendar entries:
IBM Verse for Apple devices lets you see and access all your upcoming calendar entries in a quick
and visual way.

37 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)
Mail View:
Inline Images, Attachments And Domino Encrypted.

Mail Actions:
Trash, Move to Folder, Reply, Reply All, Forward and Quick Reply.

Mail Settings:

38 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)
Mail Thread:
IBM Verse adds a graphical conversation style to mail messages that lets you keep all your mail
threads organized and easily viewable within your inbox.

39 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)

Draft, sent and folders:

Form your Inbox, just select the Mailbox button to display your folders. From there, choose either the
Drafts or Sent folder to show the contents.
You'll see all your preexisting IBM Notes and SmartCloud Notes folders, and you can interact with
them just as you would in those environments.

40 | 2015 IBM Corporation

 IBM Verse for Apple devices On-Prem (Continued..)
Important to Me feature and Search Messages in contacts:
The Important to Me feature is only available for Connections Cloud users.
Message can be searched from specific contacts:-

1. Contact's business card.

2. Can see all the messages from

your Important people contacts

41 | 2015 IBM Corporation

IBM Verse for Apple devices On-Prem (Continued..)
Today widget:
The Today widget for IBM Verse provides a whole range of information about your day in the iOS
Today view.

42 | 2015 IBM Corporation

 How to stay informed of available maintenance
Recommended Maintenance Technote:

http://www.ibm.com/support/docview.wss?uid=swg24019529
Notes Traveler APAR Listing by release:

http://www.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_APAR_listing
Registering for Notes Traveler notifications:

http://www.lotus.com/ldd/dominowiki.nsf/dx/How_to_subscribe_to_Notes_Traveler
_product_notifications
Notes Traveler Part Number Index:

http://www.lotus.com/ldd/dominowiki.nsf/dx/Notes_Traveler_Part_Number_List_for_Fast_Search_o
n_Passport_Advantage

43 | 2015 IBM Corporation

Questions

Q&A

44 | 2015 IBM Corporation