NRPC and Internet connection security

To control connection access, you typically use a network hardware configuration, such as a firewall, reverse proxy, or Domino® pass-through server, to which you can authorize connections and define access to network resources.

In addition, you can encrypt all connections by service type. Encrypting connections protects data from access by malicious or unauthorized users. To prevent data from being compromised, encrypt all Domino® and Notes® services that connect to public networks or to networks over which you have no direct control. Encrypting the connection channel prevents unauthorized users from using a network protocol analyzer to read data.

To encrypt NRPC network traffic, use the Notes® port encryption feature. For traffic over Internet protocols, use SSL. For both NRPC and Internet protocols, you can enforce encryption at the server for all inbound and outbound connections. In the case of the Notes® client, you can also enforce encryption on all outbound connections, even if the server to which you are connecting allows unencrypted connections.

Because encryption adds additional load to the server, you may want to limit the services for which the server uses encryption. Other ways to minimize the load that encryption puts on the system include:

  • Using an additional Domino® server acting as a pass-through server for NRPC connections
  • Using a reverse proxy to manage authentication and encryption outside of Domino® servers when using SSL
  • Removing unnecessary or unused protocols or services on the server system as well as Domino® server services