Home
Administering
This documentation provides information about the administration tools for managing and monitoring servers and databases.
Monitoring servers
This section describes how to use the tools and features that help you monitor a Domino® system.
Domino® domain monitoring (DDM)
Domino® domain monitoring (DDM) provides one location in the Domino Administrator client that you can use to view the overall status of multiple servers across one or more domains, and then use the information provided by DDM to quickly resolve problems.
DDM probes
Domino® has a default set of DDM Probe documents that are shipped with the product.
Security probes
Create a security probe to assess the overall security of servers and databases in a domain. When a security probe finds a problematic database or server configuration, it generates an event.
Creating Security probes
You can create a Security probe.

Administering
This documentation provides information about the administration tools for managing and monitoring servers and databases.
- Administration tools
  Topics in this section describe the tools you can use to administer a Domino® server.
- Managing users
  The Administration Process helps you manage users by automating many of the associated administrative tasks. For example, if you rename a user, the Administration Process automates changing the name throughout databases in the Notes® domain by generating and carrying out a series of requests, which are posted in the Administration Requests database.
- Monitoring servers
  This section describes how to use the tools and features that help you monitor a Domino® system.
  - Monitoring the Domino® system
    You can monitor system activity and platform use using the Domino® Administrator or the server console.
  - Server Health Monitor
    You can monitor and troubleshoot performance issues using a number of different tools.
  - Entitlement tracking
    As of Domino 12.0, a new internal mechanism is provided for collecting the highest entitlement that individual users have across a Domino domain. When a user appears in the ACL of a database with Reader access or above and that person has the right to access the server, the user is said to be an entitled user.
  - Domino® domain monitoring (DDM)
    Domino® domain monitoring (DDM) provides one location in the Domino Administrator client that you can use to view the overall status of multiple servers across one or more domains, and then use the information provided by DDM to quickly resolve problems.
    - DDM probes
      Domino® has a default set of DDM Probe documents that are shipped with the product.
      - Scheduling DDM probes
        DDM scheduled probes have a one hour scheduling window. For example, if a probe is scheduled to run at 1:00, it is actually scheduled to run between 1:00 and 2:00. The probe is not considered to be a missed probe until after that one hour expires. This applies to all missed probe options: run on startup, ignore, and run in next time period. The missed probe option only takes affect after the one hour scheduling window expires.
      - Administration probe
        There is one administration probe subtype -- Automatic Report Closing. Use the Automatic Report Closing probe to close Event reports that have been open for a specified amount of time, and that are inactive during that time.
      - Application Code probes
        An application code probe monitors agent schedules and the resources that agents use. For example, using an application code probe, you can identify agents that use excessive resources, that run longer than they should, and that fall behind schedule. In addition, probes can suggest solutions to resolve problems.
      - Database probes
        A database probe opens one or more databases, performs database operations, and then closes the database.
      - Directory Probes
        A directory probe monitors whether LDAP is configured and running correctly on Domino® servers, and reports on the use and overall health of the domain's directories.
      - Messaging probes
        The messaging probes collect data about messaging configuration, the messaging infrastructure, and message routing.
      - Operating System probes
        Use an operating system probe to monitor system resources, CPU usage, disk activity, physical memory use, and network traffic.
      - Replication probes
        The replication probe checks server replication. To configure the replication probe, specify the target servers to be probed.
      - Security probes
        Create a security probe to assess the overall security of servers and databases in a domain. When a security probe finds a problematic database or server configuration, it generates an event.
        Creating Security probes
        You can create a Security probe.
      - Server probes
        There is one server probe subtype -- Administration. Use the Administration probe subtype to monitor whether selected administration requests run and to report on any requests that fail.
      - Web probes
        There are two Web probes, the Web - Configuration probe and the Web - Best Practices probe. Both probes provide results in the form of a Domino® Event document in the DDM database. Use this document to verify the accuracy of the Web server configuration and to compare other servers' configurations against that of a known good server.
    - Maintaining DDM Probes
      Use the procedures in this section to view, modify, and delete Probe documents, and to enable and disable probes.
    - DDM server collection hierarchy
      DDM probes run on a server and report events to the Domino® Domain Monitor database (DDM.NSF) that is on that server. Rather than visit every Domino Domain Monitor database on every server to review the probe results, create a DDM server collection hierarchy and have the data aggregated to a few servers.
    - Managing the DDM server collection hierarchy
      You use the Monitoring Configuration database (EVENTS4.NSF) to manage a DDM server collection hierarchy.
    - Domino® Domain Monitor database
      The Domino® Domain Monitor database (DDM.NSF) contains event information that is reported by DDM probes as well as event information reported by other checks that are built into Domino for DDM. Those checks include event generators; new checks that run as part of specific server tasks, such as the router or replicator; and checks that generate events in previous Domino releases and that have now been modified to report into DDM with additional information.
    - Specifying ACL settings and roles in the DDM database
      Several of the actions that you can perform while you maintain the Domino® Domain Monitor database (DDM.NSF) require that an administrator have a specific minimum level of access assigned in the ACL for DDM.NSF. Additionally, some activities require that a specific minimum level of access and a specific role be assigned.
    - Viewing events in the Domino® Domain Monitor database
      Use the Domino® Domain Monitor database (DDM.NSF) to view events sorted by severity, type, server, date or assignment. You can also view open events, recent events or all events simply by clicking a tab in these views.
    - Event-related documents
      When an event occurs, an Event Report is generated. Information in the Event Report is obtained from other sources or documents.
    - Maintaining the Domino® Domain Monitor database
      You can manage events from the Domino® Domain Monitor database. See the related topics for procedures for managing events from DDM.
    - Using HCL Sametime® in the Domino® domain monitor database
      You can initiate an HCL Sametime® chat with another DDM administrator from the Domino® Domain Monitor (DDM) user interface.
    - Filtering events in DDM
      Create and use DDM filters to control which events are collected and then stored in DDM.
  - The Domino® SNMP Agent
    The Domino® SNMP Agent enhances the monitoring and control features of Domino by enabling third-party management stations, which use industry standard SNMP, to manage aspects of the Domino server.
  - Overview of server maintenance
    As a Domino® administrator, a major part of your job is maintaining each server that you administer.
  - Tools for mail monitoring
    Domino® provides three tools that you can use to monitor mail. Message tracking allows you to track specific mail messages to determine if the intended recipients received them. Mail usage reports provide the information you need to resolve mail problems and improve the efficiency of your mail network. Mail probes test and gather statistics on mail routes.
  - Monitoring directory assistance
    You can monitor directory assistance by using Show Xdir command to display information about all the directories a server uses for directory services. You can also view directory assistance statistics.
  - Monitoring databases
    You can monitor database activity, replication, and document deletions.
  - Monitoring a cluster
    Domino® provides several ways to find out what is happening in a cluster and make adjustments to keep the cluster running smoothly and efficiently, so that no server is overloaded. You can monitor failover, workload balancing, and cluster replication to see how efficiently the cluster is running.
  - Monitoring slow or unresponsive servers with the Domino® Diagnostic Probe
    Use the Domino® Diagnostic Probe (DDP), a Java™ utility provided by Support, to monitor servers that have been intermittently slow or unresponsive. The probe is a Java process (dbopen.jar) that runs in the background. The utility probes a specific Domino server over time by invoking database open transactions. If the probe detects a slow response, it will invoke Notes® System Diagnostic (NSD) to gather diagnostic data. This data is used by Support to troubleshoot and determine the cause or causes of the performance degradation.
  - Monitoring quality of service
    Quality of Service, or QoS, is designed to react to the general operation of a Domino® server in order to keep that server functioning reliably and always available. If QoS detects that a server is not responding or hung, QoS probing can be configured to email an administrator about the problem and/or automatically terminate the server and restart it. QoS log information can also be useful for analysis by Support.
  - Understanding Quality of Service (QoS) behavior and logging
    This topic covers details of QoS including server and server controller behavior during kill events, failover trigger, and log file content.
- Managing servers
  Manage Domino® servers by performing any of these tasks.
- Managing databases
  Topics in this section describe how to set up and manage Domino® databases.

Creating Security probes

You can create a Security probe.

Procedure

From the Domino® Administrator, click the Files tab.
Open the Monitoring Configuration database (EVENTS4.NSF).
Choose DDM Configuration.
Choose any DDM probe view, and then click New DDM Probe.

Choose Security.

Table 1. Probe selection
Field	Action
Probe Subtype	Choose one: Best Practices Configuration Database ACL Database Review Review
Probe Description	Type a description of the new probe.

Table 2. Probe options
Field	Action
Which server should run this probe?	Specify the server that will run this probe.
Which servers should run this probe?	Choose one: All servers in the domain -- Runs the probe on all servers in the domain. Special target servers -- Specify the type of servers to run the probe, such as POP3 servers or the administration server for the Domino® Directory. Only the following servers -- Specify the servers on which the Security probe will run.
Which servers should be probed?	Choose one: All servers in the domain -- Probes all servers in the domain. Only the following servers: -- Probes the servers that you specify.
Which servers' security configuration should be probed?	Choose one: All servers in the domain -- The security probe runs against the security configuration for all servers in the domain. Only the following servers -- Security configurations are probed for the servers you specify.
Select one or more databases to probe	Specify the names of the databases to probe. The default is NAMES.NSF.
Which servers should not be probed?	Specify the names of servers that are not to be probed.

Table 3. Specific options
Field	Action
Which server should be used as the guideline server?	Specify the name of the server to use as the "good" server against which other Server documents are verified.
Which server settings should be compared to the guideline server settings?	Choose the settings you want to compare to those in the Server document for the server being probed. Check as many settings as apply.
Generate an event when any of the entries listed have access greater than "access level."	Complete this field for as many access levels as necessary. Specify the people, groups, and servers that apply to each specific access level.
Which server settings should be validated?	Specify the individual server settings to validate against a set of "good" settings.
Review all ACL members whose privileges are equal to or greater than	Specify the ACL privilege level from which the probe should begin checking ACL member privileges. Beginning with the ACL privilege you select, all member privileges at that level and higher are reviewed by the security probe.
Review the following database properties	Specify the database properties to be reviewed by the security probe.
Review agents defined as	Specify one or both of these agents to be reviewed by the security probe: Restricted Unrestricted
Which server settings should be reported?	Specify the individual settings from the Server document that are to be reported. Select Directory Profile Note and Security settings in my configuration document if you want the settings in those documents reviewed by the probe.

Table 4. Schedule options
Field	Action
How often should this probe run?	Choose one: Run multiple times per day -- If you choose this option, complete the field Defined schedule. Daily -- If you choose this option, complete the field On which days should this probe run . Weekly -- If you choose this option, complete the field On which day of the week should this probe run. Monthly -- If you choose this option, complete the field On which day of the month should this probe run.
Defined schedule	Specify the number of minutes between each run of the probe.
Should this probe run twenty-four hours per day, seven days per week?	Choose one: Yes -- Run the probe continuously. No -- The probe runs on the days and at the times that you specify. After you choose this option, create a schedule in the On which days should this probe run? field.
On which days should this probe run?	Choose the days on which to run the probe.
On which day of the week should this probe run?	Specify the day of the week on which to run this probe.
On which day of the month should this probe run?	Enter the day of the month on which to run this probe. For example, enter 15 to run the probe on the 15th day of the month.
During which hours of the day should this probe run?	Specify the start time in the From field, and the end time in the To field. The probe will run during those hours.
At what time should this probe run	Specify the time that you want the probe to run.
How should missed probes be handled?	Choose one: Ignore missed probe -- The missed probe is not run or rescheduled. Run missed probe at startup -- The next time that the server starts, the missed probe runs. Run missed probe at next time range -- The missed probe reschedules itself once. For example, if a probe scheduled to run every Tuesday at 5:00 AM fails to run, the probe reschedules itself to run on Wednesday at 5:00 AM. After that, the probe returns to its regular schedule.