Home
Administering
This documentation provides information about the administration tools for managing and monitoring servers and databases.
Managing databases
Topics in this section describe how to set up and manage Domino® databases.
Attachment consolidation
The Domino® server employs the Domino Attachment and Object Service (DAOS) to save significant space at the file level by sharing data identified as identical between databases (applications) on the same server.
Encrypting DAOS attachment files
You can encrypt attachment files with a key that is shared by servers that participate in DAOS or with a private key that is used by a single server. You can also disable attachment file encryption, although doing so is not recommended.
Using a shared key to encrypt DAOS objects across servers
Beginning with HCL Domino 12®, you can create a shared key that multiple servers that are enabled for DAOS can use to encrypt objects.
Creating a shared key in a credential store
To share a key to be used to encrypt DAOS objects across servers, create a shared key in a credential store.

Administering
This documentation provides information about the administration tools for managing and monitoring servers and databases.
- Administration tools
  Topics in this section describe the tools you can use to administer a Domino® server.
- Managing users
  The Administration Process helps you manage users by automating many of the associated administrative tasks. For example, if you rename a user, the Administration Process automates changing the name throughout databases in the Notes® domain by generating and carrying out a series of requests, which are posted in the Administration Requests database.
- Monitoring servers
  This section describes how to use the tools and features that help you monitor a Domino® system.
- Managing servers
  Manage Domino® servers by performing any of these tasks.
- Managing databases
  Topics in this section describe how to set up and manage Domino® databases.
  - Database design, management, and administration
    The tasks involved with application design, database design, database management, and Domino® system administration may overlap, depending on the size of your organization and the structure of job responsibilities. In some organizations, an application developer may be responsible for both application and database design, while in others, a database manager may handle all database design and management tasks. In addition, database management overlaps with Domino system administration.
  - Domino on-disk structure (ODS)
    Domino on-disk structure (ODS) refers to the file format of a database. Each release of HCL Domino® and Notes has a default ODS version for databases. A new release may offer a new ODS version that provides database enhancements not available with earlier ODS versions.
  - Increase the document summary data limit to 16 MB
    Starting with Domino 9.0.1 FP8, you can increase the document summary data limit on databases to 16 MB. Databases must be at ODS 52 or higher.
  - Organizing databases on a server
    You can organize databases in folders.
  - Backup and restore
    As of Domino 12, functionality to back up and restore Notes databases and their associated transaction logs is provided with Domino servers.
  - Attachment consolidation
    The Domino® server employs the Domino Attachment and Object Service (DAOS) to save significant space at the file level by sharing data identified as identical between databases (applications) on the same server.
    - Marking a database for attachment consolidation
      Enable the setting Use Domino Attachment and Object Service on the Advanced tab of the database properties to reduce the total cost of ownership of maintaining any Notes® database by storing attached files in a separate data repository on the Domino® server. This setting reduces document overhead for all participating databases on a server by maintaining a single copy of any attachment that can then be used in multiple documents in any database on the server.
    - Specifying server settings for attachment consolidation
      Before setting up attachment consolidation on a Domino® server by enabling the Domino Attachment and Object Service, decide where to place files and how large files should be before consolidation. On each server that uses attachment consolidation, you specify the directory where you want to create the resulting repository of shared file attachments. If the number of DAOS (.NLO) files in the directory becomes too large for your operating system limit, Domino creates additional subdirectories as needed.
    - How attachment consolidation works
      The information in this topic describes what happens to an attachment during consolidation.
    - The Domino® Attachment and Object Service (DAOS)
      In the Domino® Server document, the value in the Store file attachments in DAOS field on the DAOS tab disables or enables the operation of the Domino Attachment and Object Service as soon as the Server document is saved.
    - DAOS tier 2 storage
      Starting in Domino 11, the Domino Attachment Object Service (DAOS) tier 2 storage feature enables you to use an S3-compatible storage service to store older attachment objects that haven't been accessed within a specified number of days. This feature allows you to reduce the amount of data stored on Domino® servers that use DAOS. It can also improve the performance of any incremental file backups that you do for DAOS.
    - About downgrading Domino servers that use DAOS
      This section provides information about downgrading HCL Domino® servers that use DAOS.
    - Managing the attachment storage repository
      On a Domino® server, as the Domino Attachment and Object Service (DAOS) repository grows to accommodate a greater number of attachments, multiple subdirectories are automatically created on the DAOS base path to balance the data load. You can move or store the repository and its data.
    - How using attachment consolidation affects a user's mail file quota
      When calculating the size of a mail file to determine whether it conforms to configured mail quota or warning threshold limits, Domino® treats attachments stored using the Domino Attachment and Object Service as though each user owned the entirety of the attachment file. Thus, the full size of every message delivered to a mail file that uses DAOS counts against the mail file quota.
    - Object copy optimization for DAOS
      The Notes® client recognizes that DAOS is enabled on the Domino® server, and DAOS is able to improve connection speed by refraining from transmitting unnecessary copies of attachments between clients and DAOS-enabled servers.
    - Encrypting DAOS attachment files
      You can encrypt attachment files with a key that is shared by servers that participate in DAOS or with a private key that is used by a single server. You can also disable attachment file encryption, although doing so is not recommended.
      - Using a shared key to encrypt DAOS objects across servers
        Beginning with HCL Domino 12®, you can create a shared key that multiple servers that are enabled for DAOS can use to encrypt objects.
        Creating a shared key in a credential store
        To share a key to be used to encrypt DAOS objects across servers, create a shared key in a credential store.
        Importing shared keys into another credential store
        Importing a shared key from one credential store into another allows servers associated with either credential store to encrypt DAOS objects with the shared key.
        Encrypting new attachment objects with a shared key
        After you've created a shared key in a credential store to use to encrypt DAOS attachment objects, enable each server that uses the credential store to encrypt attachment objects with the key.
        Verifying use of shared objects
        Here is an optional procedure to use to verify that sharing objects across servers is correctly configured.
      - Encrypting new attachment files with a private key
        If you do not specify a key that multiple servers share to encrypt attachment objects, objects are encrypted on each server with a private key, by default.
      - Making DAOS object encryption keys consistent
        Use the DAOS Encryption Manager task (daosencmgr) to make all DAOS objects on a server use the same encryption strength and encryption keys.
      - Disabling attachment object encryption
        By default, the attachment files (.NLO files) created and stored by DAOS are encrypted. While not recommended, you can disable the encryption.
    - Setting a time window for DAOS resynchronization
      The Domino® administrator can specify when Domino Attachment and Object Service (DAOS) resynchronization should run on a server, so that peak production hours can be avoided.
    - DAOS backup and restore
  - Full-text indexes for single databases
    You can create full-text indexes to allow users to quickly search for information in databases. To search in a database, users enter a word or phrase in the search bar of the database to locate all documents containing the word or phrase.
  - Controlling attachment indexing on servers
    Use the notes.ini setting FT_INDEX_ATTACHMENTS on a server to control full-text indexing of attachments for all databases on a server.
  - Database libraries
    You can create a database library that contains databases that pertain to a specific collection of users or to a specific topic. For example, a corporate database library might include all databases that deal with corporate policies and procedures, and a marketing database library might include databases that are useful to the marketing staff.
  - Database catalogs
    A database catalog provides a list of all databases on a server. You use the server Catalog task to create a database catalog. The Catalog task bases the catalog file (CATALOG.NSF) on the CATALOG.NTF template and adds the appropriate entries to the catalog's ACL.
  - The Files tab in the Domino® Administrator
    The Files tab in the Domino® Administrator provides an easy way for you to manage files in the Domino data folder.
  - Replicating unread marks
    Unread marks can be replicated for selected databases, most notably mail databases, by using the advanced database properties from the Domino® Administrator or from the database properties box. When you enable the replication of unread marks on mail databases, users can read their mail from a workstation on ServerA, and after replication, can read their mail from a workstation on ServerB, with unread mail clearly delineated from mail that has previously been read.
  - Using indirect files to run database maintenance tasks
    You can use indirect files to run the same maintenance task multiple times, resulting in significant time savings. The fixup, compact, updall, design, convert, and replicate tasks support using indirect files. You can also create batch files or scripts that run several maintenance tasks serially against different indirect files to help complete them quickly. If you have multiple CPUs, you can run the same maintenance tasks against multiple indirect files so they run concurrently. It is recommended you only run as many concurrent maintenance tasks as you have CPUs, otherwise they will start competing for CPU resources and can take longer to complete.
  - Updating database indexes and views
    A view index is an internal filing system that Notes® uses to build the list of documents to display in a database view or folder.
  - Synchronizing databases with master templates
    To use a consistent design for multiple databases, database designers can associate databases or elements within databases with a master template.
  - Fixing corrupted databases
    Corrupted databases don't occur frequently when you use transaction logging. When you use transaction logging to log changes to databases, a server automatically uses the transaction log to restore and recover databases after a system failure -- for example, after server failures or power failures. If a disk failure occurs, you use the transaction log along with a certified backup utility to restore and recover the databases.
  - Moving databases
    It may be necessary to move a database from one server to another -- for example, to distribute databases evenly among servers. If there are replicas of the database, the server to which you move the database should have the appropriate Connection documents to replicate the database to other servers that store replicas. If you're moving a database to a server in a cluster, replication between the server and other servers in the cluster that have replicas of the database occurs without Connection documents.
  - Using load convert to convert non-mail databases
    You can use the server's mail convert utility to convert non-mail databases to another type of non-mail database. Non-mail databases are all databases that do not have a $Inbox folder.
  - Redirecting client references to databases
    You can redirect Notes® client references from deleted or moved databases to a database replica that you specify.
  - Running a database analysis
    A database analysis reveals changes in documents, user activity, and other details such as replication data.

Creating a shared key in a credential store

To share a key to be used to encrypt DAOS objects across servers, create a shared key in a credential store.

Before you begin

Make sure that the design of the Domino credential store database (credstore.nsf ) in the IBM_CredStore directory) has been refreshed with the websecuritystore.ntf template provided with Domino 12 or later.
A credential store is a required part of configuring DAOS tier 2 storage. If you do not use tier 2 storage and do not already use a credential store, create a credential store on the participating servers. For information, see Using a credential store to store credentials.
A credential store may be scoped to a single server or to a cluster. For the latter, ensure that the server on which the credential store is created is already part of a cluster when the credential store is created. Assuming that the credential store is clustered, if the scope of your DAOS object sharing is also within that cluster, you only need create the shared key in one replica of the credential store, and it will replicate across the cluster. If the scope of your DAOS object sharing is wider (e.g. across multiple clusters), you must create a shared key in one credential store then export shared keys and import them into another credential store.
If the credential store is used across a cluster, make sure to replicate the credstore.nsf to all servers in the cluster.

About this task

You can choose AES-128 or AES-256 encryption for the shared key. AES-128 provides strong security. AES-256 provides stronger security but may cause a small decrease in performance during object encryption and decryption.

Procedure

To create the shared key in credstore.nsf, enter one of the following commands from the console of any Domino server that uses the credential store:
To use AES-128 encryption:
```
keymgmt create sharedkey <keyname> 
```
To use AES-256 encryption:
```
keymgmt create sharedkey <keyname> 256
```
For example, to create a shared key called MyCluster_AES_128 that uses AES 128-bit encryption, enter:
```
keymgmt create sharedkey MyCluster_AES_128
```
The command output shows the hash of the shared key that uniquely identifies it within the DAOS code. Optionally, enter the following command to verify that the shared key is created:
```
keymgmt show sharedkey <keyname>
```
Or, enter this command to verify all the current shared keys:
```
keymgmt show sharedkey all
```

What to do next