Home
Administering HCL Nomad
The following topics provide instructions on how to install, configure, and manage HCL Nomad.
SafeLinx as the Nomad server
An HCL SafeLinx 1.2 or later server configured as a HCL Nomad server is required to handle communications with Nomad clients.
Configuring the Nomad server
Configuring the Nomad server when SafeLinx is already set up
Complete the steps in the following topics to configure a Nomad server when SafeLinx is already set up.
Creating the authentication profile for Nomad server
The profile is used to authenticate users and to verify user access to target HCL Domino® servers.

Administering HCL Nomad
The following topics provide instructions on how to install, configure, and manage HCL Nomad.
- System architecture
  This topic describes the system architecture for HCL Nomad for web browsers, iOS, and Android.
- Nomad server on Domino
  The Nomad server on Domino services Nomad clients directly from your Domino server. It has been designed to simplify Nomad deployment.
- SafeLinx as the Nomad server
  An HCL SafeLinx 1.2 or later server configured as a HCL Nomad server is required to handle communications with Nomad clients.
  - Getting started with Nomad server wizard
  - Completing the prerequisites
    Before you begin configuring the HCL Nomad server, complete the following prerequisites:
  - Collecting required information
  - Installing and setting up SafeLinx
  - Configuring the Nomad server
    - Configuring the Nomad server when you configure SafeLinx
      Complete the following steps to configure the Nomad server while configuring SafeLinx.
    - Configuring the Nomad server when SafeLinx is already set up
      Complete the steps in the following topics to configure a Nomad server when SafeLinx is already set up.
      - Configuring the directory server for Nomad server
        Define how SafeLinx communicates with the Domino LDAP service.
      - Creating the authentication profile for Nomad server
        The profile is used to authenticate users and to verify user access to target HCL Domino® servers.
      - Adding a Nomad server resource
        Add a Nomad server resource for HCL Nomad.
    - Adjusting firewall rules for Nomad
      If you deploy SafeLinx in a DMZ as is typical, you may need to modify internal and external firewall rules.
    - Nomad security best practices
      Following these security best practices is recommended.
  - Logging in to verify the configuration
  - Configuring SafeLinx to accept LTPA cookies from other servers
    If there are other servers in the Nomad server network configured for single sign-on, you can configure SafeLinx to accept LTPA cookies from those servers.
- HCL Nomad and panagenda MarvelClient
  The HCL Nomad management solution MarvelClient from panagenda is now provided with all installations of HCL Nomad on iOS, Android, and HCL Nomad for web browsers. panagenda MarvelClient allows administrators to manage HCL Nomad clients by defining their own settings.
- Managing HCL Nomad via an MDM provider (mobile)
  Starting with version 1.0.4 for HCL Nomad for iOS, and version 1.0.13 for HCL Nomad for Android, managed configuration via most common Mobile Device Management (MDM) providers is supported. All MDM providers are slightly different in how they implement managed configurations for applications.
- Configuring Nomad federated login
  When you configure Nomad federated login, HCL Nomad for web browser users are not prompted for their HCL Notes ID passwords when they set up Nomad. Instead, they are prompted only for credentials from a SAML identity provider (IdP) that is accessed through the Nomad server.
- Setting notes.ini values
  This topic describes how to configure notes.ini settings.
- Configuring notes.ini customizations
  This topic describes notes.ini settings used to customize startup and runtime behavior.
- Configuring application switcher (Nomad for web browsers)
  Application (app) switcher is an optional, configurable dropdown menu displayed on the left of HCL Nomad for web browsers' navigation bar. Each app switcher menu entry shows an application icon followed by the application’s name. Clicking on an app switcher menu entry navigates to the corresponding application address in a new browser tab.
- Shared usage (Nomad for web browsers)
  Nomad for web browsers administrators can force local user data to clear on shutdown. This option is only recommended when the usage pattern will be a new user each time Nomad is loaded or reloaded.
- Troubleshooting (Nomad for web browsers)
  This topic describles troubleshooting for administrators.

Creating the authentication profile for Nomad server

The profile is used to authenticate users and to verify user access to target HCL Domino® servers.

About this task

Complete the following steps if you did not configure the Nomad server when running the initial SafeLinx configuration wizard.

When a user request to a server is found, SafeLinx uses the information in the authentication profile to query the requested Domino servers canonical name in the LDAP servers and use the fully-qualified domain name (FQDN) it found to establish a TCP connection.

If a server name can't be resolved, the connection terminates. To ensure a server name can be resolved, specify the server URL when you configure the HTTP access service.

Note: The name of the Nomad web proxy has changed to Nomad server.

Procedure

From the SafeLinx Administrator, in the Tasks tab, select Add Resource > Authentication Profile > LDAP-bind Authentication:
Define server information:
- "Request Windows credentials from GINA" has to be unchecked.
- "Common name" specifies the name of the authentication profile. Choose a descriptive name.
- "Description" can be left empty.
- Set "password policy" to "None" as we will use the LDAP server specified in the previous step to verify credentials.
- Leave "Challenge string" empty.
- Leave "Include realm in authentication request" unchecked
Specify directory servers:

Select the "Domino LDAP" entry defined in the previous step as the "Directory Server', leave all other fields to their default value.
LTPA configuration:

Leave the LTPA configuration disabled.
OU verification: