SlideShare une entreprise Scribd logo

HTTP - The Other Face Of Domino

Gabriella Davis
Gabriella Davis

From Engage 2014 - Breda, NL Presentation on managing, performance tuning and configuration Domino's HTTP service

Technologie
1  sur  59
Télécharger pour lire hors ligne
#engageug The Other Face Of Domino, Configuring and Securing Gabriella Davis The Turtle Partnership gabriella@turtlepartnership.com !1
#engageug Domino HTTP • The HTTP Server • Securing your HTTP traffic • Configuring HTTP for different applications • Performance and Clustering • Logging and Monitoring • Vulnerabilities !2
#engageug The HTTP Server The HTTP Server !3
#engageug The HTTP Server • The Domino HTTP engine was introduced in 4.6 when the product was renamed “Domino” • Since then it has been modified for performance and features but only re-engineered significantly in 8.5 when XPages were introduced • The HTTP task is now responsible for other services such as iNotes, Traveler, XPages making its performance and stability critical • Running the latest version of Domino will always give an improved HTTP experience !4
#engageug HTTP Threads • Threads are assigned one per incoming HTTP request • Each thread utilises up to 40kb of memory • Configuring more threads doesn’t improve performance and will usually do the opposite • Configure the minimum number of threads you need • domino.threads.active.peak (NSF requests only) • http.currentconnections / http.peakconnections (all requests) • The default is 40, for most web only servers we would increase that !5
#engageug HTTP Threads and Memory • Too many threads will consume too much memory and cause server issues • Obviously with 64bit we have more memory, and therefore threads, to play with !6
#engageug HTTP Agents • Agents run via the HTTP tasks consume a HTTP thread and are run outside of the Agent Manager task that handles regular agents • This includes WebQueryOpen and WebQuerySave agents • A long running agent will not release a HTTP thread and consume too much memory • Xpages code needs an HTTP thread too and will consume JVM resources sometimes causes out of memory errors • HTTPJVMMaxHeapSize allows you to increase the memory allocated to the JVM related to HTTP only and not the server wide JVM activity !7
#engageug iNotes • Uses client side caching for performance in 8.5.1 and later • Minimised use of applets with the exception of Sametime • Replace stlinks with Sametime Proxy ajax code • Use a standard template for everyone • Enable OOO service rather than agents • Enable full text indexing or disable on the fly indexing !8
#engageug Traveler • Traveler requires enough concurrent threads to support concurrent device connections • A device configured for traveler is always consuming a thread when it’s active • Number of threads should be 1.2 x Number of active devices • In a load balanced cluster of Traveler that isn’t the same as the number of registered devices !9
#engageug The HTTP Server Securing Your HTTP Traffic !10
#engageug Server Security & HTTP Agents • Use SSL for all HTTP traffic • especially Traveler and iNotes • Disable Anonymous access on HTTP unless it’s a public facing server • In which case have the server in an isolated domain ! ! • Enable concurrent web agents for performance !11
#engageug Internet Site Documents • Opt-In Security • Without Internet Site Documents all services can run with no restrictions • connect to a web server on its ip address or any resolvable host name BAD • start a service you aren’t actually using such as LDAP exposing a security hole BAD • Using Internet Site documents ensures that a task may be started but it won’t respond if the wrong hostname is part of the request !12
#engageug Application Security • Catalog.Nsf -
 
 • DDM Database ACL
 • Server Security !13
#engageug File Protection Document • Secures access via the Domino server to file system files such as HTML, GIF, JPEG and CGI scripts • It doesn’t secure access to files the CGI scripts use • Directory security includes all files and subdirectories !14
#engageug Internet Passwords • Actions - Upgrade to more secure internet password • inetlockout.nsf - configured in the server configuration document • lockout the account temporarily or permanently due to failed logins • Fewer name variations with higher security !15
#engageug Secure HTTP (SSL) • SSL is a protocol (a subset of TLS) that encrypts traffic between a client request and the server running HTTP • SSL traffic can still be intercepted but can’t be decoded easily • The stronger the key used for encrypting the traffic, the harder it will be to decode • Keys are generated for each client session and discarded when the session ends • Using a SSL certificate also alerts the user if the server they are connecting to has a different hostname than the one they requested or if the certificate the server is using has expired !16
#engageug SSL Keyfiles • Enabling SSL requires the existence of a keyfile with a certificate in it on the server • The keyfile is created from the Server Certificate Admin database (certsrv.nsf) which is on every server • You can create a self certified certificate and that will work to encrypt traffic • users will be warned that the certificate isn’t recognised !17
#engageug SSL Keyfiles For Multiple Hosts • A single SSL keyfile will bind to a specific ip address, one that resolves from the hostname it is assigned to • If you’re using Internet Site documents you can enter different SSL keyfiles for different hostnames BUT each one will only work if it resolves to a unique ip address !18
#engageug Public Certificate Authorities • Buy a certificate from a public certificate authority • If you buy a strong certificate go ahead and remove the validation for 40 and 56 bit ciphers ! ! ! • Ensure you import the trusted root and all intermediate certificates into your keyfile • Once you have a keyfile you can use that to encrypt any port you want including HTTP and LDAP !19
#engageug Trusted Roots • When buying a certificate from a public CA you need to import the trusted roots for that certifier into your keyfile • Different certificates even from the same CA have different trusted roots • Browsers come pre-installed with common CA trusted roots so they can recognise and validate your certificate • Some older technologies don’t recognise the newer, stronger certificates !20
#engageug Tip • Android devices ship with limited built in trusted roots that aren’t easily updateable • If you’re using SSL for Traveler and Android devices, verify the devices will recgonise the certificate you’re buying before you buy it !21
#engageug Server Certificate Admin !22
#engageug Client Certificates • Allows you to issue certificates to clients so you can verify their identity not just with their login information but with a valid certificate • There is a large administrative overhead in maintaining and managing client side certificates for all connecting web users • Use the CA process to enable a Certificate Authority on your server for user requests !23
#engageug TLS via IHS • TLS is an encryption protocol that is more secure than SSL. It provides a higher level of encryption, validation and security • Domino 9 supports the use of TLS only by deploying an IBM HTTP Server in front of Domino • All Domino requests are routed through IHS to the Domino HTTP Task • IHS handles the TLS security • TLS is only supported with IHS and Domino installed on a Windows platform • You will still need to enable SSL and have a certificate on the Domino server !24
#engageug Java Permissions • /jvm/lib/security/java.policy • Controls what the JVM, and code that uses it, can do • Syntax for the permissions can be found here • http://download.oracle.com/javase/1.4.2/docs/guide/ security/PolicyFiles.html !25
#engageug Tip! • Java.Policy will often be overwritten during an upgrade • To prevent that happening make the file read only • My preference is simply to backup the file before upgrade then compare the new file to the old • Otherwise you might miss something that’s needed in a later version !26
#engageug The HTTP Server Configuring HTTP !27
#engageug Thread Management • Threads are configured for the overall HTTP task, not by internet site • So all hosts on the server will share the availability of threads • More threads means more memory consumption but not necessarily better performance • domino.threads.active.peak (NSF requests only) • http.currentconnections / http.peakconnections (all requests) !28
#engageug HTTP Agents • Enable concurrent web agents and agent timeouts ! ! ! ! • Monitor agent performance via DDM probes !29
#engageug Virtual Hosts • A single server can answer to multiple host names so long as they resolve to that server’s ip address • You can configure different home pages as well as different web server behaviour for each host • security, location of files, single sign-on, browser behaviour • When using Internet Site Documents, a client request will only be answered if there is a matching virtual host or a default web site document !30
#engageug Redirection • A Redirection rule repoints a URL request from the original location to a new one • If I had an application that I want users to browse to without typing in the full application name I could use redirection to change the URL from a short one to a full address • /sponsor to /ggc.nsf/info.xsp for instance • When a URL is redirected, the URL is actually rewritten in the browser’s address bar !31
#engageug • The Redirection rule is a response to a web site document that contains a virtual host so it will work for any valid hosts in that website document • Incoming URL is what appears after the virtual host eg • www.turtlehost.net/sponsor ! ! • Redirect is how you want the URL rewritten including hostname if you want • Send 301 redirect is optional and instructs the browser to remember this redirection and request that directly next Redirection !32
#engageug Substitution • Substitution rules are used to move a site from one location to another • There isn’t just one URL represented by a substitution rule but any URL that is part of a substitution hierarchy • For example if my blog were to change from blog.nsf to blognew.nsf I would use a substitution rule as follows !33
#engageug HTTP Response Headers • Add response headers to pages to customise the headers that Domino sends to the client’s browser • A custom response header can tell the browser when to expire a page and ask the server for a refreshed copy • Response headers need to match both a URL and a HTTP code that is being returned !34
#engageug Override Session Authentication • For specific URLs you may want to overwrite the session authentication that is used for the virtual host and use basic authentication instead !35
#engageug Custom Errors and Logins • Create a database called domcfg.nsf (never anything else) based on the template domcfg5.ntf ! ! ! ! ! • It will then appear on the configuration tab for the server in Domino Administrator !36
#engageug Custom Errors and Logins • Create a default mapping for login - it is more customisable and looks better than the standard session sign on !37
#engageug Custom Errors • Can come from any database and any form you choose, these are just the defaults !38
#engageug Httpd.cnf & Browser.cnf • Files are written to the Domino program directory during install and upgrades • Browser.cnf has the configuration of each browser’s supported features so Domino knows how to deliver content to the user’s specific browser • Httpd.cnf contains file types and associations so Domino knows how to handle file attachments and embedded content • You would usually not edit either one of these files but if you do you should mark them read only so they aren’t overwritten on upgrade • Or back them up and make them part of your upgrade process !39
#engageug The Browser Plug-In • Client side deployment • Not part of HTTP configuration • Uses a version of the Notes client on the user’s machine • No server configuration • Any application that works through the Notes basic client should work • IBM don’t support accessing your mail via the Browser Plug- In, but instead request you use iNotes !40
#engageug The HTTP Server Performance & Clustering !41
#engageug Why Cluster • Clustering is usually considered when you want to expand resources and provide multiple servers for users to access • that is load balanced clustering, all servers provide the same service and the users are assigned to whatever server is available • Clustering is also worthwhile deploying purely as a failover solution so if your primary server goes offline, your users can failover to a cluster mate • Failover clustering is much cheaper than load balanced clustering • The redirection of users to a new server is usually done via a manual DNS change so you don’t need a load balanced piece of hardware !42
#engageug Tip! • If the system is important to your business and you can’t have extended minutes or hours of downtime you are going to want to Cluster at some level, it’s just a case of deciding how much hardware and money you want to apply to the job !43
#engageug Clustering for HTTP • Internet Cluster Manager • A Domino based and Domino aware load balancer • Runs as a task of your Domino server • the ICM can be on the same server as the actual websites • but you would need two ips • and it would be a single point of failure !44
#engageug ICM Design • The client requests a hostname that points to the ICM • The ICM is assigned to a Domino cluster • Using the cldbdir.nsf on the servers it rewrites the URL to direct the client request to one of the Domino cluster servers • The ICM sends out probes to monitor the health of the Domino servers to ensure a user isn’t sent to a non responsive server !45
#engageug • Or you could use any standard load balancer instead of the ICM but the ICM is part of your Domino licensing ICM Design CLUSTER Domino Server A Runs ICM Not Part Of A Cluster Domino Server B WebCluster Domino Server C WebCluster Domino Server D WebCluster Client Client Client Client !46
#engageug ICM Configuration ! !47 The Domino Cluster that this ICM serves The URL users request which resolves to the ICM
#engageug Traveler Clustering • Requires enabling Traveler High Availability which moves the Traveler data from a local Derby database to an Enterprise SQL or DB2 database • The Traveler servers are added to a Traveler pool that share users and data • A load balancer must be placed in front of the Traveler servers to ensure clients can be connected to any of the servers !48
#engageug Traveler Clustering • For additional resilience the DB2 or SQL server can be configured for High Availability !49 Load Balancer Traveler Server A Domino DB2 or SQL Traveler Server B Domino iPhone Android Windows INTERNET INTERNAL DMZ
#engageug IBM Edge Load Balancer • The Edge Load Balancer is a software based Load Balancer • There are two versions an IPV4 and an IPV4 & IPV6 ULB (universal load balancer) • The IPV4 one is being deprecated so you want the newer IPV4 & IPV6 one • Supported on multiple platforms and very easy to configure it’s a good option if you’re considering clustering and don’t already have a hardware solution !50
#engageug The HTTP Server Logging & Monitoring !51
#engageug HTTP Logging • Logging is configured per server • HTTP activity can be logged to text files or a Domino database • If logging to a Domino database make sure you enable the purge agent or it will get very big and unusable very quickly !52
#engageug Debug HTTP • tell HTTP debug thread on (use only temporarily) • Websess_Trace_Verbose (SSO) • WebAuth_Truce_Verbose (group cache & memberships) !53
#engageug DDM Probes • Web Configuration Probe • Agents evaluated by CPU or Memory !54
#engageug The HTTP Server Vulnerabilities !55
#engageug Java Memory Issues • Java code needs to be well written with recycles and garbage collection or too much memory will be consumed • HTTPUseNotesMemory • JavaMaxHeapSize !56
#engageug Security • Password Strength • DDM Probe to monitor for Anonymous database access • DIIOP, LDAP, SMTP • SSL certificates !57
#engageug HTTP Threads • Monitor HTTP statistics to ensure the server can handle peak traffic • Review ddm.nsf reports to verify there are no issues relating to available threads • An HTTP server that slows down until it becomes unresponsive is often due to threads not being released / sessions not be closed properly • Do not over-assign threads as those consume memory you will need to run applications and code !58
#engageug Questions? • Gab Davis • The Turtle Partnership • gabriella@turtlepartnership.com • gabturtle on twitter !59

Recommandé

60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin TipsGabriella Davis
 
HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview hemantnaik
 
Important tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingImportant tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingjayeshpar2006
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostChristoph Adler
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM DominoJared Roberts
 
RNUG - Dirty Secrets of the Notes Client
RNUG - Dirty Secrets of the Notes ClientRNUG - Dirty Secrets of the Notes Client
RNUG - Dirty Secrets of the Notes ClientChristoph Adler
 
Spnego configuration
Spnego configurationSpnego configuration
Spnego configurationGabriella Davis
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...Howard Greenberg
 

Recommandé

60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin TipsGabriella Davis
 
HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview hemantnaik
 
Important tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingImportant tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingjayeshpar2006
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostChristoph Adler
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM DominoJared Roberts
 
RNUG - Dirty Secrets of the Notes Client
RNUG - Dirty Secrets of the Notes ClientRNUG - Dirty Secrets of the Notes Client
RNUG - Dirty Secrets of the Notes ClientChristoph Adler
 
Spnego configuration
Spnego configurationSpnego configuration
Spnego configurationGabriella Davis
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...Howard Greenberg
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning Vladislav Tatarincev
 
Domino policies deep dive
Domino policies deep diveDomino policies deep dive
Domino policies deep diveMartijn de Jong
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratorenpanagenda
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
 
Domino Adminblast
Domino AdminblastDomino Adminblast
Domino AdminblastGabriella Davis
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsGabriella Davis
 
MES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesMES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesDylan Redfield
 
HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTPAles Lichtenberg
 
HCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsHCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsAles Lichtenberg
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and ManagingGabriella Davis
 
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...Christoph Adler
 
DNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First LookDNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First Lookdaniel_nashed
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...Ales Lichtenberg
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Christoph Adler
 
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...Christoph Adler
 
IBM Notes Traveler Best Practices
IBM Notes Traveler Best PracticesIBM Notes Traveler Best Practices
IBM Notes Traveler Best Practicesjayeshpar2006
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
 
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012BCC - Solutions for IBM Collaboration Software
 
DominoMigrationProposal
DominoMigrationProposalDominoMigrationProposal
DominoMigrationProposalLynn Levash
 
RESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkRESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkJohn Dalsgaard
 
ConnectED2015: IBM Domino Applications in Bluemix
ConnectED2015: IBM Domino Applications in BluemixConnectED2015: IBM Domino Applications in Bluemix
ConnectED2015: IBM Domino Applications in BluemixMartin Donnelly
 

Contenu connexe

Tendances

IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning Vladislav Tatarincev
 
Domino policies deep dive
Domino policies deep diveDomino policies deep dive
Domino policies deep diveMartijn de Jong
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratorenpanagenda
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsGabriella Davis
 
MES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesMES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesDylan Redfield
 
HCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsHCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsAles Lichtenberg
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and ManagingGabriella Davis
 
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...Christoph Adler
 
DNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First LookDNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First Lookdaniel_nashed
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...Ales Lichtenberg
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Christoph Adler
 
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...Christoph Adler
 
IBM Notes Traveler Best Practices
IBM Notes Traveler Best PracticesIBM Notes Traveler Best Practices
IBM Notes Traveler Best Practicesjayeshpar2006
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
 
DominoMigrationProposal
DominoMigrationProposalDominoMigrationProposal
DominoMigrationProposalLynn Levash
 

Tendances (20)

IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning
 
Domino policies deep dive
Domino policies deep diveDomino policies deep dive
Domino policies deep dive
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratoren
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
 
Domino Adminblast
Domino AdminblastDomino Adminblast
Domino Adminblast
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
 
MES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesMES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best Practices
 
HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTP
 
HCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsHCL Sametime V11 installation - tips
HCL Sametime V11 installation - tips
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
 
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
dachnug49 - panagenda Workshop - 100 new things in Notes, Nomad Web & MarvelC...
 
DNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First LookDNUG HCL Domino 11 First Look
DNUG HCL Domino 11 First Look
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
 
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
RNUG - Virtual, Faster, Better! How to deploy HCL Notes 11.0.1 FP2 for Citrix...
 
IBM Notes Traveler Best Practices
IBM Notes Traveler Best PracticesIBM Notes Traveler Best Practices
IBM Notes Traveler Best Practices
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
 
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
 
DominoMigrationProposal
DominoMigrationProposalDominoMigrationProposal
DominoMigrationProposal
 

En vedette

RESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkRESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkJohn Dalsgaard
 
ConnectED2015: IBM Domino Applications in Bluemix
ConnectED2015: IBM Domino Applications in BluemixConnectED2015: IBM Domino Applications in Bluemix
ConnectED2015: IBM Domino Applications in BluemixMartin Donnelly
 
BP204 - Take a REST and put your data to work with APIs!
BP204 - Take a REST and put your data to work with APIs!BP204 - Take a REST and put your data to work with APIs!
BP204 - Take a REST and put your data to work with APIs!Craig Schumann
 
Domino OSGi Development
Domino OSGi DevelopmentDomino OSGi Development
Domino OSGi DevelopmentPaul Fiore
 
Fun With SHA2 Certificates
Fun With SHA2 CertificatesFun With SHA2 Certificates
Fun With SHA2 CertificatesGabriella Davis
 
IBM Presents the IBM Notes and Domino Roadmap
IBM Presents the IBM Notes and Domino RoadmapIBM Presents the IBM Notes and Domino Roadmap
IBM Presents the IBM Notes and Domino RoadmapTeamstudio
 

En vedette (6)

RESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkRESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWork
 
ConnectED2015: IBM Domino Applications in Bluemix
ConnectED2015: IBM Domino Applications in BluemixConnectED2015: IBM Domino Applications in Bluemix
ConnectED2015: IBM Domino Applications in Bluemix
 
BP204 - Take a REST and put your data to work with APIs!
BP204 - Take a REST and put your data to work with APIs!BP204 - Take a REST and put your data to work with APIs!
BP204 - Take a REST and put your data to work with APIs!
 
Domino OSGi Development
Domino OSGi DevelopmentDomino OSGi Development
Domino OSGi Development
 
Fun With SHA2 Certificates
Fun With SHA2 CertificatesFun With SHA2 Certificates
Fun With SHA2 Certificates
 
IBM Presents the IBM Notes and Domino Roadmap
IBM Presents the IBM Notes and Domino RoadmapIBM Presents the IBM Notes and Domino Roadmap
IBM Presents the IBM Notes and Domino Roadmap
 

Similaire à HTTP - The Other Face Of Domino

CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
 
Fixing Domino Server Sickness
Fixing Domino Server SicknessFixing Domino Server Sickness
Fixing Domino Server SicknessGabriella Davis
 
be the captain of your connections deployment
be the captain of your connections deploymentbe the captain of your connections deployment
be the captain of your connections deploymentSharon James
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesSam Bowne
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesSam Bowne
 
Serverless: The future of application delivery
Serverless: The future of application deliveryServerless: The future of application delivery
Serverless: The future of application deliveryDoug Vanderweide
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸Amazon Web Services
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application TechnologiesSam Bowne
 
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/MinAdvanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/MinMasahiro Nagano
 
ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...
ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...
ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...Frank Lyaruu
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocolsFabMinds
 
Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best PracticesNagios
 
Maximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSLMaximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSLZoompf
 
Building Awesome APIs with Lumen
Building Awesome APIs with LumenBuilding Awesome APIs with Lumen
Building Awesome APIs with LumenKit Brennan
 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basicsJyoti Yadav
 
Proxy servers
Proxy serversProxy servers
Proxy serversKumar
 
SnapComms Technical overview
SnapComms Technical overviewSnapComms Technical overview
SnapComms Technical overviewSnapComms
 

Similaire à HTTP - The Other Face Of Domino (20)

CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
 
Fixing Domino Server Sickness
Fixing Domino Server SicknessFixing Domino Server Sickness
Fixing Domino Server Sickness
 
be the captain of your connections deployment
be the captain of your connections deploymentbe the captain of your connections deployment
be the captain of your connections deployment
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise Services
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise Services
 
Serverless: The future of application delivery
Serverless: The future of application deliveryServerless: The future of application delivery
Serverless: The future of application delivery
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application Technologies
 
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/MinAdvanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
 
Web technology
Web technologyWeb technology
Web technology
 
ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...
ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...
ApacheCon Core: Service Discovery in OSGi: Beyond the JVM using Docker and Co...
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
 
Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best Practices
 
Maximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSLMaximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSL
 
Building Awesome APIs with Lumen
Building Awesome APIs with LumenBuilding Awesome APIs with Lumen
Building Awesome APIs with Lumen
 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
 
Proxy servers
Proxy serversProxy servers
Proxy servers
 
SnapComms Technical overview
SnapComms Technical overviewSnapComms Technical overview
SnapComms Technical overview
 

Plus de Gabriella Davis

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience ProjectGabriella Davis
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesGabriella Davis
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Gabriella Davis
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerGabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...Gabriella Davis
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerGabriella Davis
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryGabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsGabriella Davis
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesGabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To DockerGabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To DockerGabriella Davis
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudGabriella Davis
 
Embracing iot in the enterprise
Embracing iot in the enterpriseEmbracing iot in the enterprise
Embracing iot in the enterpriseGabriella Davis
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Gabriella Davis
 

Plus de Gabriella Davis (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for Docker
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for Docker
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & Discovery
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Brand Yourself
Brand YourselfBrand Yourself
Brand Yourself
 
Home Working
Home WorkingHome Working
Home Working
 
A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration Solutions
 
The Imposter Syndrome
The Imposter SyndromeThe Imposter Syndrome
The Imposter Syndrome
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
 
Embracing iot in the enterprise
Embracing iot in the enterpriseEmbracing iot in the enterprise
Embracing iot in the enterprise
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
 

Dernier

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Dernier (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

HTTP - The Other Face Of Domino

  • 1. #engageug The Other Face Of Domino, Configuring and Securing Gabriella Davis The Turtle Partnership gabriella@turtlepartnership.com !1
  • 2. #engageug Domino HTTP • The HTTP Server • Securing your HTTP traffic • Configuring HTTP for different applications • Performance and Clustering • Logging and Monitoring • Vulnerabilities !2
  • 4. #engageug The HTTP Server • The Domino HTTP engine was introduced in 4.6 when the product was renamed “Domino” • Since then it has been modified for performance and features but only re-engineered significantly in 8.5 when XPages were introduced • The HTTP task is now responsible for other services such as iNotes, Traveler, XPages making its performance and stability critical • Running the latest version of Domino will always give an improved HTTP experience !4
  • 5. #engageug HTTP Threads • Threads are assigned one per incoming HTTP request • Each thread utilises up to 40kb of memory • Configuring more threads doesn’t improve performance and will usually do the opposite • Configure the minimum number of threads you need • domino.threads.active.peak (NSF requests only) • http.currentconnections / http.peakconnections (all requests) • The default is 40, for most web only servers we would increase that !5
  • 6. #engageug HTTP Threads and Memory • Too many threads will consume too much memory and cause server issues • Obviously with 64bit we have more memory, and therefore threads, to play with !6
  • 7. #engageug HTTP Agents • Agents run via the HTTP tasks consume a HTTP thread and are run outside of the Agent Manager task that handles regular agents • This includes WebQueryOpen and WebQuerySave agents • A long running agent will not release a HTTP thread and consume too much memory • Xpages code needs an HTTP thread too and will consume JVM resources sometimes causes out of memory errors • HTTPJVMMaxHeapSize allows you to increase the memory allocated to the JVM related to HTTP only and not the server wide JVM activity !7
  • 8. #engageug iNotes • Uses client side caching for performance in 8.5.1 and later • Minimised use of applets with the exception of Sametime • Replace stlinks with Sametime Proxy ajax code • Use a standard template for everyone • Enable OOO service rather than agents • Enable full text indexing or disable on the fly indexing !8
  • 9. #engageug Traveler • Traveler requires enough concurrent threads to support concurrent device connections • A device configured for traveler is always consuming a thread when it’s active • Number of threads should be 1.2 x Number of active devices • In a load balanced cluster of Traveler that isn’t the same as the number of registered devices !9
  • 10. #engageug The HTTP Server Securing Your HTTP Traffic !10
  • 11. #engageug Server Security & HTTP Agents • Use SSL for all HTTP traffic • especially Traveler and iNotes • Disable Anonymous access on HTTP unless it’s a public facing server • In which case have the server in an isolated domain ! ! • Enable concurrent web agents for performance !11
  • 12. #engageug Internet Site Documents • Opt-In Security • Without Internet Site Documents all services can run with no restrictions • connect to a web server on its ip address or any resolvable host name BAD • start a service you aren’t actually using such as LDAP exposing a security hole BAD • Using Internet Site documents ensures that a task may be started but it won’t respond if the wrong hostname is part of the request !12
  • 13. #engageug Application Security • Catalog.Nsf -
 
 • DDM Database ACL
 • Server Security !13
  • 14. #engageug File Protection Document • Secures access via the Domino server to file system files such as HTML, GIF, JPEG and CGI scripts • It doesn’t secure access to files the CGI scripts use • Directory security includes all files and subdirectories !14
  • 15. #engageug Internet Passwords • Actions - Upgrade to more secure internet password • inetlockout.nsf - configured in the server configuration document • lockout the account temporarily or permanently due to failed logins • Fewer name variations with higher security !15
  • 16. #engageug Secure HTTP (SSL) • SSL is a protocol (a subset of TLS) that encrypts traffic between a client request and the server running HTTP • SSL traffic can still be intercepted but can’t be decoded easily • The stronger the key used for encrypting the traffic, the harder it will be to decode • Keys are generated for each client session and discarded when the session ends • Using a SSL certificate also alerts the user if the server they are connecting to has a different hostname than the one they requested or if the certificate the server is using has expired !16
  • 17. #engageug SSL Keyfiles • Enabling SSL requires the existence of a keyfile with a certificate in it on the server • The keyfile is created from the Server Certificate Admin database (certsrv.nsf) which is on every server • You can create a self certified certificate and that will work to encrypt traffic • users will be warned that the certificate isn’t recognised !17
  • 18. #engageug SSL Keyfiles For Multiple Hosts • A single SSL keyfile will bind to a specific ip address, one that resolves from the hostname it is assigned to • If you’re using Internet Site documents you can enter different SSL keyfiles for different hostnames BUT each one will only work if it resolves to a unique ip address !18
  • 19. #engageug Public Certificate Authorities • Buy a certificate from a public certificate authority • If you buy a strong certificate go ahead and remove the validation for 40 and 56 bit ciphers ! ! ! • Ensure you import the trusted root and all intermediate certificates into your keyfile • Once you have a keyfile you can use that to encrypt any port you want including HTTP and LDAP !19
  • 20. #engageug Trusted Roots • When buying a certificate from a public CA you need to import the trusted roots for that certifier into your keyfile • Different certificates even from the same CA have different trusted roots • Browsers come pre-installed with common CA trusted roots so they can recognise and validate your certificate • Some older technologies don’t recognise the newer, stronger certificates !20
  • 21. #engageug Tip • Android devices ship with limited built in trusted roots that aren’t easily updateable • If you’re using SSL for Traveler and Android devices, verify the devices will recgonise the certificate you’re buying before you buy it !21
  • 23. #engageug Client Certificates • Allows you to issue certificates to clients so you can verify their identity not just with their login information but with a valid certificate • There is a large administrative overhead in maintaining and managing client side certificates for all connecting web users • Use the CA process to enable a Certificate Authority on your server for user requests !23
  • 24. #engageug TLS via IHS • TLS is an encryption protocol that is more secure than SSL. It provides a higher level of encryption, validation and security • Domino 9 supports the use of TLS only by deploying an IBM HTTP Server in front of Domino • All Domino requests are routed through IHS to the Domino HTTP Task • IHS handles the TLS security • TLS is only supported with IHS and Domino installed on a Windows platform • You will still need to enable SSL and have a certificate on the Domino server !24
  • 25. #engageug Java Permissions • /jvm/lib/security/java.policy • Controls what the JVM, and code that uses it, can do • Syntax for the permissions can be found here • http://download.oracle.com/javase/1.4.2/docs/guide/ security/PolicyFiles.html !25
  • 26. #engageug Tip! • Java.Policy will often be overwritten during an upgrade • To prevent that happening make the file read only • My preference is simply to backup the file before upgrade then compare the new file to the old • Otherwise you might miss something that’s needed in a later version !26
  • 28. #engageug Thread Management • Threads are configured for the overall HTTP task, not by internet site • So all hosts on the server will share the availability of threads • More threads means more memory consumption but not necessarily better performance • domino.threads.active.peak (NSF requests only) • http.currentconnections / http.peakconnections (all requests) !28
  • 29. #engageug HTTP Agents • Enable concurrent web agents and agent timeouts ! ! ! ! • Monitor agent performance via DDM probes !29
  • 30. #engageug Virtual Hosts • A single server can answer to multiple host names so long as they resolve to that server’s ip address • You can configure different home pages as well as different web server behaviour for each host • security, location of files, single sign-on, browser behaviour • When using Internet Site Documents, a client request will only be answered if there is a matching virtual host or a default web site document !30
  • 31. #engageug Redirection • A Redirection rule repoints a URL request from the original location to a new one • If I had an application that I want users to browse to without typing in the full application name I could use redirection to change the URL from a short one to a full address • /sponsor to /ggc.nsf/info.xsp for instance • When a URL is redirected, the URL is actually rewritten in the browser’s address bar !31
  • 32. #engageug • The Redirection rule is a response to a web site document that contains a virtual host so it will work for any valid hosts in that website document • Incoming URL is what appears after the virtual host eg • www.turtlehost.net/sponsor ! ! • Redirect is how you want the URL rewritten including hostname if you want • Send 301 redirect is optional and instructs the browser to remember this redirection and request that directly next Redirection !32
  • 33. #engageug Substitution • Substitution rules are used to move a site from one location to another • There isn’t just one URL represented by a substitution rule but any URL that is part of a substitution hierarchy • For example if my blog were to change from blog.nsf to blognew.nsf I would use a substitution rule as follows !33
  • 34. #engageug HTTP Response Headers • Add response headers to pages to customise the headers that Domino sends to the client’s browser • A custom response header can tell the browser when to expire a page and ask the server for a refreshed copy • Response headers need to match both a URL and a HTTP code that is being returned !34
  • 35. #engageug Override Session Authentication • For specific URLs you may want to overwrite the session authentication that is used for the virtual host and use basic authentication instead !35
  • 36. #engageug Custom Errors and Logins • Create a database called domcfg.nsf (never anything else) based on the template domcfg5.ntf ! ! ! ! ! • It will then appear on the configuration tab for the server in Domino Administrator !36
  • 37. #engageug Custom Errors and Logins • Create a default mapping for login - it is more customisable and looks better than the standard session sign on !37
  • 38. #engageug Custom Errors • Can come from any database and any form you choose, these are just the defaults !38
  • 39. #engageug Httpd.cnf & Browser.cnf • Files are written to the Domino program directory during install and upgrades • Browser.cnf has the configuration of each browser’s supported features so Domino knows how to deliver content to the user’s specific browser • Httpd.cnf contains file types and associations so Domino knows how to handle file attachments and embedded content • You would usually not edit either one of these files but if you do you should mark them read only so they aren’t overwritten on upgrade • Or back them up and make them part of your upgrade process !39
  • 40. #engageug The Browser Plug-In • Client side deployment • Not part of HTTP configuration • Uses a version of the Notes client on the user’s machine • No server configuration • Any application that works through the Notes basic client should work • IBM don’t support accessing your mail via the Browser Plug- In, but instead request you use iNotes !40
  • 42. #engageug Why Cluster • Clustering is usually considered when you want to expand resources and provide multiple servers for users to access • that is load balanced clustering, all servers provide the same service and the users are assigned to whatever server is available • Clustering is also worthwhile deploying purely as a failover solution so if your primary server goes offline, your users can failover to a cluster mate • Failover clustering is much cheaper than load balanced clustering • The redirection of users to a new server is usually done via a manual DNS change so you don’t need a load balanced piece of hardware !42
  • 43. #engageug Tip! • If the system is important to your business and you can’t have extended minutes or hours of downtime you are going to want to Cluster at some level, it’s just a case of deciding how much hardware and money you want to apply to the job !43
  • 44. #engageug Clustering for HTTP • Internet Cluster Manager • A Domino based and Domino aware load balancer • Runs as a task of your Domino server • the ICM can be on the same server as the actual websites • but you would need two ips • and it would be a single point of failure !44
  • 45. #engageug ICM Design • The client requests a hostname that points to the ICM • The ICM is assigned to a Domino cluster • Using the cldbdir.nsf on the servers it rewrites the URL to direct the client request to one of the Domino cluster servers • The ICM sends out probes to monitor the health of the Domino servers to ensure a user isn’t sent to a non responsive server !45
  • 46. #engageug • Or you could use any standard load balancer instead of the ICM but the ICM is part of your Domino licensing ICM Design CLUSTER Domino Server A Runs ICM Not Part Of A Cluster Domino Server B WebCluster Domino Server C WebCluster Domino Server D WebCluster Client Client Client Client !46
  • 47. #engageug ICM Configuration ! !47 The Domino Cluster that this ICM serves The URL users request which resolves to the ICM
  • 48. #engageug Traveler Clustering • Requires enabling Traveler High Availability which moves the Traveler data from a local Derby database to an Enterprise SQL or DB2 database • The Traveler servers are added to a Traveler pool that share users and data • A load balancer must be placed in front of the Traveler servers to ensure clients can be connected to any of the servers !48
  • 49. #engageug Traveler Clustering • For additional resilience the DB2 or SQL server can be configured for High Availability !49 Load Balancer Traveler Server A Domino DB2 or SQL Traveler Server B Domino iPhone Android Windows INTERNET INTERNAL DMZ
  • 50. #engageug IBM Edge Load Balancer • The Edge Load Balancer is a software based Load Balancer • There are two versions an IPV4 and an IPV4 & IPV6 ULB (universal load balancer) • The IPV4 one is being deprecated so you want the newer IPV4 & IPV6 one • Supported on multiple platforms and very easy to configure it’s a good option if you’re considering clustering and don’t already have a hardware solution !50
  • 52. #engageug HTTP Logging • Logging is configured per server • HTTP activity can be logged to text files or a Domino database • If logging to a Domino database make sure you enable the purge agent or it will get very big and unusable very quickly !52
  • 53. #engageug Debug HTTP • tell HTTP debug thread on (use only temporarily) • Websess_Trace_Verbose (SSO) • WebAuth_Truce_Verbose (group cache & memberships) !53
  • 54. #engageug DDM Probes • Web Configuration Probe • Agents evaluated by CPU or Memory !54
  • 56. #engageug Java Memory Issues • Java code needs to be well written with recycles and garbage collection or too much memory will be consumed • HTTPUseNotesMemory • JavaMaxHeapSize !56
  • 57. #engageug Security • Password Strength • DDM Probe to monitor for Anonymous database access • DIIOP, LDAP, SMTP • SSL certificates !57
  • 58. #engageug HTTP Threads • Monitor HTTP statistics to ensure the server can handle peak traffic • Review ddm.nsf reports to verify there are no issues relating to available threads • An HTTP server that slows down until it becomes unresponsive is often due to threads not being released / sessions not be closed properly • Do not over-assign threads as those consume memory you will need to run applications and code !58
  • 59. #engageug Questions? • Gab Davis • The Turtle Partnership • gabriella@turtlepartnership.com • gabturtle on twitter !59