Presents an overview of various design issues/decisions involved during Domino Infrastructure planning, including the factors/issues relating to the hardware infrastructure strategy in terms of server, standards, messaging, replication, security, Internet connection, etc.
DevoxxFR 2024 Reproducible Builds with Apache Maven
Lotus Admin Training Part II
1. Lotus Domino Admin Training
Planning Domino Infrastructure
Presents an overview of various design issues/decisions
involved during Domino Infrastructure planning, including the
factors/issues relating to the hardware infrastructure strategy in
terms of server, standards, messaging, replication, security,
Internet connection, etc.
Reference: Domino Admin Help (c) Sanjaya Kumar Saxena
2. Planning Scenarios
‣ New Installation
There are 2 possible scenarios viz. (a)
notes
deploying domino for the first time in
the organization, and (b) upgrading an
‣ Upgrade existing infrastructure to a higher
version. Both require different
approaches. This training will have a
higher focus on planning a new
Domino Infrastructure.
3. Considerations for New Infrastructure
‣ Domino Server Platform
These topics are discussed in detail in
notes
subsequent slides.
‣ Choice of Client
‣ Organization Structure
‣ Naming Standards
‣ Mail Routing
‣ Replication Strategy
‣ Availability
‣ Security
‣ Administration Strategy
‣ Third Party Applications
4. Domino Server Platform
‣ Domino 7 Choices
For exact details of the version being
notes
deployed, please refer to the detailed
systems requirements to select the
• Windows 2000 or 2003 on Pentium or better right platform along with service packs
and/or PTFs.
• AIX 5.2 or 5.3 on PowerPC The other key step, after selecting the
• Solaris 9 or 10 UltraSPARC server platform is server sizing. This is
explained in the next 2 slides.
• Red Hat RHEL 4 on Pentium or better
• i5 OS V5R3 or V5R4 on i5 model 520 or better
• Novell SLES 8 or 9 or 10 on Pentium or better
‣ Domino 8 Choices
• Windows 2003 on Pentium or better
• AIX 5.3 on PowerPC
• Solaris 10 UltraSPARC III or better
• Red Hat RHEL 5 on Pentium or better
• i5 OS V5R4 on i5 model 520-901 or better
• Novell SLES 10 on Pentium or better
5. Server Sizing
‣ Peak Load
Server sizing is an important activity
notes
wherein you determine the server
machine(s) specifications for a given
‣ Expected Growth application.
‣ Architecture One of the key objective of sizing is to
ensure that the hardware is able to
handle the peak load. The peak load
can occur due to several factors. For
example, seasonal changes in
Use benchmark numbers provided by the server hardware business or one machine going down
in a cluster operation.
vendors to get an idea of sizing.
Growth trends are very important to
consider so that an appropriate
Always consider a server that is scalable. capacity can be planned. These trends
can be determined from business
growth, expected application
deployments, mail traffic growth, etc.
Architecture in terms of various kind of
domino servers (mail, application, etc),
configurations (central, distributed,
clustered or partitioned) plays an
important role in sizing each machine.
6. Server Sizing
‣
Notes client reduces load on the
notes
Client(s) used server as it can do a lot of processing
locally; whereas DWA is server centric
• Notes Client and exerts more server load. In the
notes client environment, proper use
- Local replicas
of local replicas can reduce the server
load significantly. One of the key
parameter is “replication interval”.
• Domino Web Access (DWA) Larger Mail files require faster disks &
‣ Mail file size larger amount of RAM to deliver
required performance.
‣ Full text indexing
Full text indexing requires more server
‣ Port encryption/SSL capacity. It is important to know the
number of databases that will be
‣
indexed and the number of users that
Transaction Logging will use search function.
‣ Cluster Any encryption or decryption is highly
CPU intensive and must be used
carefully. It is always recommended to
use an external box for the same.
Transaction logging requires updates
to be written second time. This
increases the server load. It is
important to consider a separate
dedicated disk (array) for this purpose.
Cluster puts an extra load of cluster
replication on each participating
server. Special consideration is
required in event of one more more
member failing.
7. Choice of Client
‣
Notes Client offers standard
notes
Notes Client advantage of any standard client/
server configuration. It reduces overall
‣ Domino Web Access (DWA) server load and offers many
advantages like, local replication, rich
‣
text, However, it needs to be installed
SMTP/POP3 or IMAP Client & configured on every user machine.
DWA is like any other browser based
application and offers all the
advantage of any web based
application. No installation or
configuration is required. But DWA
requires more server resources,
especially CPU & memory.
Both Notes & DWA can run workflow
applications & support calendaring &
scheduling.
SMTP/POP3 or IMAP allows us to use
any standard internet mail client like
Outlook or Thunderbird. It requires
LDAP server for address searches.
Also it does not have native
calendering & scheduling support. The
load on server is less in this case also.
8. Organization Structure
‣
One organizaion-one domain is ideal
notes
Domino Domains for small and mid size organizations,
where one Domino domain is created
• Most common scenario: one organization, one domain and all resources and users belong to
one Domino Directory. This is
• Other possibilities are
considered as the most popular and
easy to manage setup. Other
scenarios are not discussed here.
- One organization, multiple domains Like any organization structure, Lotus
- Multiple organizations, one domain notes X.500/Organization Structure
must be stable and should not change
- Multiple organization, multiple domains frequently. It should ideally reflect
organization structure. Any change in
OUs can involve a lot of work within
Lotus Notes.
‣ X.500 Structure Unless it is absolutely necessary, it is
recommended to use only up to 2 or 3
• Create a structure around entities that are least likely to OU hierarchy levels. This way 1 or 2
OU levels are left to respond to any
change organization structure changes that
may occur in future.
• Don’t consume all 4 OU hierarchical levels, leave room A separate OU for servers helps in
for future expansion better management of servers.
• Consider a separate OU for servers
9. Naming Standards
‣
User naming standards should be
notes
Considerations for standards uniform and must define mechanisms
to handle name conflicts. It should
• User Names also take care of internet mail address
also. In Lotus Notes, First Name/
• Server Names
Middle Initials/Last name is a well
accepted standard. For internet there
are many possibilities. Common
• ACL Groups example is <first name>.<last
name>@domain.com.
• Ports Server names should not be very long.
• NNNs It is a good idea to limit the length to
say 15 characters. Meaningful server
name can be created by
concatenating its purpose, and OU it
serves.
While creating groups, their purpose is
required to be clearly defined and
logged in the group document.
Further, the appropriate group type is
always selected. Access level code
(M-Manager, D-Designer, E-Editor, A-
Author, R-Reader, and P-Depositor)
must be part of the group name as the
first letter of the name.
With TCP/IP as the network protocol,
the Domino default port, named
“TCPIP”, is used across the enterprise.
Only in special cases such as
clustering, additional port(s) may be
required. In such cases, the purpose
code is prefixed to TCPIP, e.g.
CLU_TCPIP.
10. Mail Routing
‣
There are 2 possible protocols for mail
notes
Internal Mail Routing routing - Notes Routing and SMTP.
Notes routing is usually preferred for
• Routing Protocol internal mail routing as it offers better
security including Notes PK security,
• Routing Topology
mail enabled workflow apps, and
various kind of links.
• Routing to users who are on different mail system Most popular mail routing topology is
hub & spoke topology. In this topology,
‣ Internet Mail Routing mail traffic passes between a central
hub server and multiple spoke servers;
no mail is exchanged directly among
the spokes. It is suitable for handling a
high volume of mail in an organization.
If there are more mail systems that are
in use, consider using smart host
server.
Internet mail is routed using SMTP.
Simplest arrangement for internet mail
routing is to designated one Domino
Server as SMTP server for inbound &
outbound mails. More then one server
can be set up for load balancing &
availability perspective.
Further details are discussed in
module on Lotus Domino Messaging.
11. Replication Strategy
‣
Like mailing for replication also the
notes
Replication Topology most popular routing topology is hub &
spoke topology. It is an efficient
‣ Replication Priorities topology as it minimizes the network
traffic. Peer to peer topology can be
‣
considered for small organization
Replication Schedule having few servers only.
Lotus replication allows 3 different
replication priorities viz. (a) High, (b)
Medium, and (c) Low. It is possible to
setup different replication schedules
for these priorities separately. This
setup is typically done in consultation
with application developers.
Further details are discussed in
module on Lotus Domino Replication.
12. Availability
‣
One of the most critical aspects of
notes
Backup & Recovery Mechanisms administrating a Lotus Notes/Domino
network is in the preparation for a
‣ Domino Cluster disaster that can lead to total and
irrecoverable loss of data. Therefore,
the backup of Domino servers is one
of the most crucial parts of an
administrator's job. Criticality of this
necessitates that the backup should
be performed daily. You can leverage
replication to set up a separate
backup server to maintain replicated
backup of critical databases. Or you
can chose from third party online
backup tools for Lotus Domino.
Any outage may occur due to
hardware, operating system, or
application failure. And typical figures
for hardware repair, application restart,
and operating system reboot times is
½ hour to few days, 2 to 30 minutes,
and 5 to 20 minutes respectively.
Impact due to non-availability is
summarized below:
Availability Downtime/Day
98.0% 28 minutes
99.0% 14 minutes
99.9% 1.5 minutes
Domino clusters offer high availability
& load balancing and must be
considered for any high availability
requirements. It is an application level
clustering and does not require any
special hardware or OS software.
13. Security
‣
Operating System security typically
notes
Operating System involves applying latest patches,
hardening of OS and shutting all the
‣ Domino services that are not required. Please
consult your OS security guidelines for
• Servers
the same.
• Databases As a bare minimum step for Domino
security, you need to focus on Server,
Database, workstation and ID files
• Workstations security. Some of the essential steps
are prohibiting anonymous access, to
• ID Files servers & databases; enforcing
consistent ACL across; storing all ID
‣
files securely; and leveraging
Internet workstation ECLs.
Internet security involves planning
firewalls, SMTP security and
application level security for web
enabled applications.
A very comprehensive material titled
“Building Rock Solid Domino Security”
is separately available.
14. Administration Strategy
‣
DIstributed administration may be
notes
Centralized v/s Distributed required in big organizations where
servers are spread over a large
‣ User Management geography. In such case, the authority
levels delegated to regional/local
‣
administration must be carefully
Server Management planned.
‣ Monitoring User management involves creating,
moving, disabling (or deleting) users.
Developing appropriate policies for
users (e.g. for desktop, security, and
mail archiving etc.) is critical along with
their proper enforcement. It may also
be important from security perspective
to log all failed login attempts.
Server management involves tasks like
Change the server administrator,
setting and managing passwords for
the server console, commissioning/
decommission a server, re-certify a
server ID, or moving a Domino server
from one computer to another, etc.
Continuous monitoring of Domino
infrastructure is essential for its perfect
running state. The critical elements
that require monitoring include
databases/applications, messaging,
replication, security, directory, host OS
and web services. Domino Domain
Monitoring (DDM) provides pre-
configured monitoring capabilities. It
delivers a single feature-oriented view
that allows administrators to view the
status of multiple servers across a
domain. DDM was introduced in the
Release 7 of Lotus Domino.
15. New Administration Features in Release 8
‣
Notes Mail Template has undergone a
notes
Out of Office Service major enhancement in Release 8. Now
it supports dual architecture for out of
‣ Message Recall office functionality. It can be
configured as either a mail router level
‣
service or as an agent.
Inbox Maintenance
‣ New On Disk Structure ODS48 The message recall feature provides
users with the ability to recall mail
messages after they are sent. This
‣ Database Redirects feature is useful when a Lotus Notes
client user has accidentally clicked
‣ Streaming Cluster Replication Send and then needs to retract the
message in order to complete or
modify the message content
Inbox maintenance feature offers
improved server performance by
reducing the size of users' Inboxes in
mail files.
The new ODS provides potential
improvements for I/O & folder
optimization, Database names list for
user renames, and Design
compression.
Database redirect feature allows
automatic redirection of Notes client
references from deleted or moved
databases to a database replica that
you specify. It is a very useful features
for database management.
Streaming cluster replication
significantly enhances the
performance & I/O in clusters.
16. Third Party Applications
‣
Backup, Anti Virus & Anti SPAM are
notes
Backup few essential third party applications
that must be carefully evaluated &
‣ Anti Virus deployed. Some of them are available
in form of appliances e.g. Anti SPAM.
‣ Anti SPAM While evaluating, it is important to look
at any dependencies, degree of
integration, and the specific Lotus
Domino version support.
17. Upgrade Considerations
‣
notes
Existing Domino Release
‣ Hardware age & its capacity
• Usage profile of each server
‣ Any existing template customizations
‣ Domain & Directory Configuration
‣ Mail Routing
‣ Replication
18. Upgrade Methodology
‣
During planning develop an upgrade
notes
Plan policy & strategy including
coexistence, transition plan for
‣ Prepare servers, clients, mailing and
applications. It is important to have a
‣
rollback plan in place. This is a critical
Pilot piece for any disaster during upgrade.
‣ Go Live! Preparation is all about setting a test
environment, and having a SOP &
check list ready for the upgrade
process.
Pilot involves creating a simulated
upgrade in the test environment using
the SOPs & checklists. It is important
to document any problems faced
during pilot and accordingly correct
the SOPs and checklists.
Once the pilot is successful, you are
ready to rollout the upgrade process
and go live!
Note: Consider using Smart Upgrade
tool upgrade client software as it saves the
effort to visit each & every workstation.