Direct connection

Use either the virtual private network or the reverse proxy solution to ensure the best overall security. However, it is also possible to use SSL from the mobile device to connect directly to the IBM Traveler server or HA pool of servers inside the DMZ.

When using this configuration, take steps to ensure that the IBM® Domino® server has been secured and does not contain unnecessary data. For example, it is not recommended to host user mail files on the IBM® Domino® server in this configuration. Consider installing this IBM® Domino® server in a Domino® domain different from your production mail domain. This configuration has the advantage that no personal records for users are present in the local names.nsf, and directory assistance will be configured to remotely access the actual directory inside the production domain. For more information, see Supporting multiple IBM Domino domains.

The first diagram shows a direct connection to a stand alone IBM Traveler server within this topology.


Direct connection

The second diagram shows a direct connection to an HA pool of IBM Traveler servers. In this case, the IP sprayer and the IBM Traveler servers are in the DMZ and the DB Server and Mail servers are in the trusted domain.


Direct connection

The third diagram shows the network topology with the authentication proxy also providing the ability to spray the mobile requests to the HA pool of IBM Traveler servers.


Direct connection HA sprayer

The IBM Traveler server sits inside your DMZ and should not contain any user mail files. You must open port 443 on the Internet-facing firewall to the IBM Traveler server for data syncing. Then, on the intranet firewall, you must open up Notes® RPC port 1352 to each IBM® Domino® mail server that contains user mail files. For an HA pool, on the intranet firewall, open the JDBC port for the Data Base server that contains the IBM Traveler Data. The port will depend upon the database server used and the configuration (for example, port 50000 for the JDBC connection to a DB2® Server instance).

This configuration is shown using only HTTPS (SSL) connections between the device and the IBM Traveler server. While it is technically possible to connect the device to the server using HTTP (port 80), do not use this configuration.