Home
Configuring
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
Configuring users and servers
Topics in this section describe how to set up users and servers.
Setting up a cluster
Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.
Clustering Domino® servers that run Internet protocols
You can configure and use the Internet Cluster Manager (ICM) to extend the benefits of HCL Domino® clusters to HTTP clients and Domino Web servers. You can also employ an alternative method of using failover with HTTP servers, as well as methods to use failover with POP3, IMAP, and LDAP servers.
Security in a cluster
The ICM supports TLS. The ICM can use the same TLS certificates that the Domino® Web server uses, or you can specify a different set of TLS certificates for the ICM. You configure this on the Server Tasks > Internet Cluster Manager tab of the Server document. The ICM uses settings on the Ports > Internet Ports tab of the Server document to determine the TLS protocol version and whether to accept expired certificates.

Configuring
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
- Configuring a network
  This section presents the planning concepts and setup procedures necessary for a successful HCL Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.
- Configuring users and servers
  Topics in this section describe how to set up users and servers.
  - Understanding the Server document
    The Server document is set up when you register a server. It contains many of the settings that define how your server operates.
  - Policies
    Use Domino® policy settings to control how users work with Notes®. A policy is a document that identifies a collection of individual policy settings. Policy settings documents define a set of defaults that apply to the users and groups to which the policy is assigned. You can change policy settings and they will be automatically applied to the assigned users and groups.
  - Defining default settings for Notes® user registration
    Before you register new Notes® users, you can specify default settings that apply to all users. Default settings simplify user registration and ensure user settings consistency. You can define many default settings, such as what mail server users have or what certifier ID to use for user registration. You can also specify a default workstation execution control list (ECL) to protect data from unauthorized workstation access.
  - Using groups
    Groups are lists of users, groups, and servers that have common traits. They are useful for mailing lists and access control lists. Using groups can simplify administration tasks.
  - Replicas
    You can make a database available to users in different locations, on different networks, or in different time zones, by creating replicas of the database.
  - Calendars and scheduling
    The calendar and scheduling features allow users to check the free time of other users, schedule meetings with them, and reserve resources, such as conference rooms and equipment.
  - Editing the notes.ini file
    The Domino and Notes notes.ini files contain the settings required for the server and client to operate correctly. If you modify or add settings in a notes.ini file, do so cautiously and never edit the file directly with a text editor.
  - Configuring directory services
    This section describes how to plan, set up, and use HCL Domino® directory services.
  - Configuring messaging
    This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
  - Configuring iNotes®
    HCL iNotes® provides HCL Notes® users with browser-based access to Notes mail and to Notes calendar and scheduling features. Administrators specify mail policy and security policy settings as well as notes.ini file settings to complete the full implementation of HCL iNotes.
  - Configuring Web servers
    This section describes how to set up the HCL Domino® Web server, and the Domino Web Navigator.
  - Setting up a cluster
    Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.
    - Creating a cluster
      A cluster is a group of application servers that you manage together as a way to balance workload. If possible, use the administration server when you create a cluster. This makes the creation process faster. The administration server does not have to be part of the cluster.
    - Verifying that the cluster was created correctly
      There are a number of ways you can check that the cluster was created correctly.
    - Managing user access to databases
      Users should have the same access rights in all replicas of a database in the cluster. Otherwise, if users fail over to a replica for which they have fewer access rights, they may be denied access, or they may not see the same documents or be able to perform the same functions as in the original database they were using.
    - Creating replicas in a cluster
      To create replicas in a cluster, you use the same Administration Process you would use to create replicas on any server.
    - Using symmetrical clusters
      A symmetrical cluster ensures that HCL Notes® databases remain identical across all servers in a cluster. A repair service repairs missing or damaged databases by replacing them with good copies from donor cluster members.
    - Setting up mail in a cluster
      Mail routing fails over if the recipient's mail server is not available when the router attempts to deliver the mail. As long as the mail server is in a cluster, the router delivers the mail to another cluster server that contains a replica of the recipient's mail database. Thus, the recipient continues to receive mail.
    - Using scheduled replication in a cluster
      You should run standard replication on a regular basis. The number of times per day you run standard replication depends on how important it is for you to keep all replicas synchronized. In most cases, once or twice per day is sufficient. If it is absolutely critical to keeps data synchronized at all times, you may want to replicate every hour or two.
    - Replicating with all servers in a cluster
      An additional benefit of creating a cluster is that it can simplify your replication topology and increase the reliability and performance of replication. This is because you can set up a server outside the cluster to replicate with all the servers inside the cluster. You do this by creating a single Connection document that specifies the server outside the cluster as the source of replication and the cluster name as the destination of replication. Then, every database on the source server that has a replica in the cluster replicates. If the cluster contains more than one replica of a database, the source server replicates with only one of those replicas, and cluster replication propagates the changes to the other replicas in the cluster.
    - Enabling the display of cluster replication status messages
      You can tell the Cluster Replicator to display status messages on the server console.
    - Obeying database size quotas during cluster replication
      To make sure that replicas will be identical when users fail over, cluster replication ignores database size quotas by default. This makes cluster replication consistent with the router, which also ignores quotas by default. If you want cluster replication to obey database size quotas, follow these steps.
    - Using directory assistance in a cluster
      A server can use directory assistance to look up information in a directory other than its local primary Domino® Directory. The directory can be a remote LDAP directory or a local or remote replica of any of the following types of Domino directories: a secondary Domino Directory, an Extended Directory Catalog, or a primary Domino Directory. To configure directory assistance, you create a directory assistance database. This database contains information about directories on other servers and how to connect to them.
    - Setting up roaming servers in a cluster
      Configure a cluster of servers to support Notes® roaming users. Make sure that replicas of each user's roaming files are on at least two roaming servers in the cluster. When a user tries to access roaming files on a server that is not available, Domino® fails over to a different cluster server that has replicas of the user's roaming files.
    - Setting up cluster access for remote users
      You can give remote users the benefits of a cluster by setting them up to access the cluster through a pass-through server. The pass-through server can redirect the users to a different server in the cluster if the original server is busy or not available. Unless you use a pass-through server, users will have to dial each cluster server individually and will not fail over if the server they call is not available.
    - Using the Server Web Navigator in a cluster
      If you plan to use the Server Web Navigator in a cluster, be sure that the Web databases (WEB.NSF) on the cluster servers are replicas. Since the Web database is generated automatically when you start the Server Web Navigator, it is a common error for the clustered servers to contain Web databases that are not replicas of each other. Therefore, these databases do not fail over to each other.
    - Setting up a private LAN for a cluster
      Setting up a private LAN for your cluster separates the server probes and cluster replication from the rest of your network traffic. This prevents the cluster traffic from slowing down your primary network.
    - Clustering Domino® servers that run Internet protocols
      You can configure and use the Internet Cluster Manager (ICM) to extend the benefits of HCL Domino® clusters to HTTP clients and Domino Web servers. You can also employ an alternative method of using failover with HTTP servers, as well as methods to use failover with POP3, IMAP, and LDAP servers.
      - How the Internet Cluster Manager works
        The Internet Cluster Manager (ICM) lets you use Domino® clusters to provide failover and workload balancing to HTTP clients (Internet browsers) when they access Domino Web servers. This makes your Web servers and databases highly available to clients. You can run the ICM on a Domino Enterprise server or on a Domino Utility server. You install and configure Domino clusters as you normally would, and then you configure the ICM. The ICM supports the HTTP and HTTPS protocols.
      - Generating URLs that refer to the Internet Cluster Manager (ICM)
        The Domino® Web server in a cluster reads the Server document to find the host name of the ICM. The Web server then generates URLs that refer to the ICM. The ICM accepts and processes all URLs supported by the Domino Web server.
      - Configuring the Internet Cluster Manager (ICM)
        You configure the ICM by making entries in the Internet Cluster Manager section of the Server document. You can also set up a separate IP address for the ICM. You can then start the ICM.
      - Starting the Internet Cluster Manager (ICM)
        You can run the ICM on a single server or on multiple servers to ensure that an ICM is running at all times, even when one ICM is out of service.
      - Failover and workload balancing
        When using the ICM, failover and workload balancing work the same as in standard Domino® clusters. Domino computes the server availability index based on all open sessions, whether they are from Notes® clients, HTTP clients, or other Domino services.
      - Security in a cluster
        The ICM supports TLS. The ICM can use the same TLS certificates that the Domino® Web server uses, or you can specify a different set of TLS certificates for the ICM. You configure this on the Server Tasks > Internet Cluster Manager tab of the Server document. The ICM uses settings on the Ports > Internet Ports tab of the Server document to determine the TLS protocol version and whether to accept expired certificates.
      - Managing and monitoring the Internet Cluster Manager (ICM)
        The ICM records significant events, such as not being able to find a database, in the Miscellaneous Events view in the log file. You can also view ICM statistics from the Domino® Administrator or the server console. You can use these events and statistics, in conjunction with the Cluster Manager and Cluster Replicator events and statistics, to determine which servers in the cluster are the busiest so you can better balance the workload in the cluster.
      - Using an IP sprayer with Domino® for HTTP and POP3 failover
        Instead of using the ICM, you can use an IP sprayer to let HTTP clients access Domino® Web servers in a cluster. The client requests go through the IP sprayer, which distributes the requests to available cluster servers that have replicas of the requested databases. If a cluster server is unavailable, the IP sprayer directs the client request to a different cluster server that contains a replica of the requested database.
      - Setting up cluster failover for IMAP
        You can use a NOTES.INI setting to allow the IMAP server to support the ability for clients to fail over from one Domino® server to another when the user's primary mail server is unavailable.
      - Using an IP sprayer with Domino® for LDAP failover
        You can cluster LDAP servers to increase the availability of data. One way to do that is to create a Domino® cluster of LDAP servers, and then use an IP sprayer to direct client requests.
  - Configuring Widgets and Live Text
    Widgets and Live Text enables end users to see and act on Live Text in supported documents, including HCL Notes® mail, using XML extensions (widgets) created specifically for their use.
  - Domain Search
    Notes® client and Web users can use Domain Search to search an entire Domino® domain for database documents, files, and attachments that match a search query.

Security in a cluster

The ICM supports TLS. The ICM can use the same TLS certificates that the Domino® Web server uses, or you can specify a different set of TLS certificates for the ICM. You configure this on the Server Tasks > Internet Cluster Manager tab of the Server document. The ICM uses settings on the Ports > Internet Ports tab of the Server document to determine the TLS protocol version and whether to accept expired certificates.

In addition, normal Domino® server and database security are in effect when using the ICM. The ICM, however, does not participate in the security process. When an HTTP client wants to access a database, it sends an anonymous request to the ICM. The ICM responds by telling the client which server to access. The client then redirects its request to the appropriate server. The server then establishes a dialog with the client and uses whatever security measures are in effect on that server to authenticate the user. If you want to protect the ICM itself from unauthorized access, you can secure your network with a firewall or another hardware security system.