Home
Administering HCL Traveler
Information on planning, installing, configuring, and administering HCL Traveler.
Configuring HCL Traveler server
The HCL Traveler configuration settings are part of the Domino® server document. The first time that the HCL Traveler server is started, it performs any necessary configurations. You might want to perform additional configurations beyond the basics. The following topics describe additional configuration options.
Configuring the HCL Traveler High Availability Pool
Configuring HCL Traveler to use a High Availability Pool requires special configuration steps.
Enable server to server secure communications (optional)
By default, HCL Traveler uses regular TCP sockets for communication between the HCL Traveler server and the HTTP server, as well as for communications between the HCL Traveler servers within an HA pool.

Administering HCL Traveler
Information on planning, installing, configuring, and administering HCL Traveler.
- Planning for installation and configuration
  There are many installation and configuration considerations you should review before installing the HCL Traveler server.
- Installing the HCL Traveler server
  The following topics describe options for installing and uninstalling the server:
- Configuring HCL Traveler server
  The HCL Traveler configuration settings are part of the Domino® server document. The first time that the HCL Traveler server is started, it performs any necessary configurations. You might want to perform additional configurations beyond the basics. The following topics describe additional configuration options.
  - Configuring HCL Traveler on Docker
    This topic describes Traveler specific configuration items for Docker.
  - HCL Traveler server settings
    You can configure a variety of HCL Traveler server settings, including server document settings and notes.ini settings.
  - HTTP
    For increased security, HTTP traffic to and from the HCL Traveler server should be secured by enabling SSL or using a VPN. For SSL, at least the component that is terminating SSL connections from the clients should have SSL enabled. The SSL termination can be done at the proxy, load balancer, or IP sprayer layer (common when configuring high availability mode but also possible for single HCL Traveler server configurations) or Domino HTTP layer. Other layers beyond the SSL termination of clients' requests do not need to have SSL enabled too (HTTP is normally sufficient), but it is possible to have the other layers have SSL enabled for even greater security.
  - Setting the external server URL
    There are times when a device needs to connect to a link sent by the server. For example, downloading client files, web page URLs, and Apple encrypted mail retrieval. To make sure that the server sends an appropriate link that the device can use, you must first set the External Server URL field on the HCL Traveler tab in the Server document.
  - Configuring the server for Certificate Based Authentication with Android devices
    There are several reasons why companies may wish their users to authenticate using a client certificate. Admins can easily issue and revoke certificates using MDM solutions. There is no need for users to remember or provide credentials. And there is additional security with two factor authentication using the certificate.
  - Mobile client support for SAML authentication
    HCL Verse mobile clients now support federated-identity authentication using Security Assertion Markup Language (SAML). This allows mobile users to authenticate to a customer’s identity provider prior to accessing the HCL Traveler services.
  - Mobile client support for TOTP authentication
    HCL Domino 12.0.0 introduces support for requiring a Time-based One-Time Password (TOTP), which is in addition to their user names and passwords for http authentication. For more information, see Time-based One-Time Password (TOTP) authentication. The HCL Verse Mobile clients, starting with the 12.0.0 versions, support the Traveler server endpoint configured for TOTP authentication.
  - Configuring the HCL Traveler High Availability Pool
    Configuring HCL Traveler to use a High Availability Pool requires special configuration steps.
    - Understanding the HCL Traveler schema
      Since the HCL Traveler server comes with two options for configuring the enterprise database, it is necessary to understand the basic differences in schema creation for each of the two options. This will help you choose the correct schema configuration for your environment, as well as how to customize it.
    - Database permissions
      For the enterprise database that HCL Traveler supports (DB2, MySQL, or SQL Server ), it is necessary to grant the appropriate level of permissions for running the HCL Traveler server with either automatic schema migration or DDL schema.
    - Schema migration requirements
      There are some ground rules you should consider during migration.
    - Frequently asked questions about the enterprise database
      There are several common questions concerning the deployment and configuration of the enterprise database.
    - Deploying and configuring the enterprise database
      This section contains instructions for deploying and configuring DB2, SQL, and MySQL enterprise databases for HCL Traveler.
    - Configuring HCL Traveler for enterprise database
      You can configure the HCL Traveler server to use the database created in deployandconfiguredb2fortraveler.html.
    - DB2 to MySQL Database Migration
      Beginning in 12.0.1, Traveler supports migrating data stored in DB2 databases to MySQL Databases.
    - Configuring the HCL Traveler High Availability pool on IBM® i
      This section describes how to configure the HCL Traveler server to use IBM® i DB2®. Use this section when creating a High Availability (HA) pool or adding a server to an existing HA pool.
    - Updating the enterprise database
      When upgrading the HCL Traveler servers in the HA Pool, it is necessary to upgrade the database schema level of the database used by the HA pool.
    - Deploy an IP sprayer or load balancer
      To support a pool of HCL Traveler Servers, you will need to provide a single URL entry point for the devices. This can be accomplished by employing an IP sprayer or load balancer, allowing a device to connect to one URL and have the request routed to any of the HCL Traveler servers in the pool.
    - Setup for common configuration (optional)
      In a HCL Traveler pool, it is critical that each server is configured identically.
    - Enable server to server secure communications (optional)
      By default, HCL Traveler uses regular TCP sockets for communication between the HCL Traveler server and the HTTP server, as well as for communications between the HCL Traveler servers within an HA pool.
    - Removing a server from a High Availability pool
      A HCL Traveler High Availability (HA) pool is a group of servers that are all configured to use the same enterprise database.
  - Configuring the HCL Traveler server for Microsoft Outlook
    For information on how to configure the Traveler server for Microsoft Outlook, see the steps in Configuring Traveler for use with Outlook in the HTMO documentation.
  - Setting auto sync options
    You can use auto sync options to maximize the battery life of mobile devices.
  - Tuning performance of the server
    This topic describes memory, thread, logging and other considerations for the performance of the HCL Traveler server.
  - Configuring ports for a partition
    HCL Traveler supports running on multiple Domino® partition servers on the same physical machine. The server must be configured to avoid port conflicts among the partition instances.
  - Converting Notes® document links to web links
    When a Rich Text document (for example, an email composed in the Notes client) is synced by HCL Traveler to a mobile device, its body is converted from Rich Text to HTML. If the document contains a link to an Application, View, or Document, the HTML reference created by the conversion process is a relative URL which is missing the protocol, hostname, and port number needed by the mobile device to access the linked object.
  - Customizing the device configuration process for Apple
    There is no additional client code that must be installed on an Apple device for it to connect to an HCL Traveler server. However, you must configure the Microsoft™ Exchange account on the device so that it can use Exchange ActiveSync to connect to the HCL Traveler server. Apple devices can be configured either manually or by using profiles. This topic also describes how to customize profiles (also known as .mobileconfig files) to work in your environment.
  - Name lookup
    For HCL Traveler to function properly, it must be able to lookup user information. Depending on the type of lookup, a variety factors can change, including where the lookup is performed, what parameters are used on the lookup, and how long the results are cached.
  - Configuring corporate look up for devices
    The corporate look up feature of HCL Traveler allows mobile users to search for and find information about other users in the Domino® directory. It also allows them to find information using remote directories if directory assistance is configured. This is useful when a user must contact another person in the organization who is not in the user's local contact store.
  - Configuring and using out of office replies
    The out of office service can be managed from your Apple, Android, BlackBerry 10, or Windows™ Phone device.
  - HCL Traveler Companion security settings
    There are security settings available that control how Companion connects to the HCL Traveler server and how attachments in encrypted mails can be used on the mobile device.
- Administering HCL Traveler
  The HCL Traveler server component functions as a Domino® server add-in task and responds to Domino server console commands. Topics in this section describe common administrative tasks for administering a HCL Traveler server.

Enable server to server secure communications (optional)

By default, HCL Traveler uses regular TCP sockets for communication between the HCL Traveler server and the HTTP server, as well as for communications between the HCL Traveler servers within an HA pool.

It may be desirable to use secure sockets for this communication if the networking between the HCL Traveler servers is not isolated or secure. Note that requiring secure server to server communications will impact overall performance.

To enable the use of SSL sockets between the HCL Traveler servers, the following steps can be used:

To generate a self-signed certificate with an expiration date far in the future, use the following example:
```
<domino>\jvm\bin\keytool -genkey -v 
   -alias "Traveler" 
   -validity 9999 
   -keystore traveler.jks
   -storepass <password>
   -keypass <password>
```
Note: For IBM® i, the keytool is located at: /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin or /QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/bin
It is recommended you use the same password for the storepass and the keypass. If the password parameters are omitted, the keytool will prompt for them.
Copy the traveler.jks that was just created to each server. A suggested location is <domino data>\traveler\cfg. It is important for the servers to use the same certificate file, so the keytool command should not be run on each server.
Open a command prompt.
Change the directory to <domino data>\traveler\util.
Run travelerUtil to configure HCL Traveler to use SSL:
```
travelerUtil ssl set keystore=<domino data>\traveler\cfg\traveler.jks key=<password>
```
Specify the same password that was used for the storepass and keypass parameters with the keytool command.

After making these changes, both the Traveler task and the HTTP task must be restarted on the HCL Traveler Server. When the HCL Traveler server restarts, it will use SSL sockets to communicate with other HCL Traveler servers.

Repeat these steps for each HCL Traveler server in the pool. All the HCL Traveler servers in the pool must be configured the same way; otherwise, they will not be able to communicate with each other.