sync957p
asked on
Controlling local replicas usage
Hi all
New problem :
We have remote users (LANs without a domino server) using local replicas
so we can manage those remote locations with short bandwidth. They have a
replica of their mailfile and a replica of the public address book.
The replicas are scheduled to run every 30 minutes wich provides good velocity to all applications (Lotus Notes, Client Access, our intranet, and our Document Management app).
How do I prevent the users from forcing replications (on demand) ?
New problem :
We have remote users (LANs without a domino server) using local replicas
so we can manage those remote locations with short bandwidth. They have a
replica of their mailfile and a replica of the public address book.
The replicas are scheduled to run every 30 minutes wich provides good velocity to all applications (Lotus Notes, Client Access, our intranet, and our Document Management app).
How do I prevent the users from forcing replications (on demand) ?
Lotus Domino strong point is replication and it could be on demand. Why do you want to restrict them replicating what they want ??
~Hemanth
~Hemanth
Probably because if all the remote users (over the same remote connection) all start to replicate 'on demand' at once, your network connection gets saturated ...
Tom
Tom
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all answers.
Bozzie4 : what is a network traffic shaper? you mean something like a Peribit?
HemanthaKumar : We have all remote locations with connections over IP at 128k, for an average of 6 users per remote location, if the dummies in marketing and the gods (ceo's) decide to send a 4 Mb email message to all users in the same day all network traffic gets jammed (yes, bandwidth is expensive in Portugal). To be honest things got a little better since we upgraded all our lines from Frame Relay to IP, but we're far from having good speed.
qwaletee : We don't have static ip's in those LAN's and we can't change that, because ceo's "on the move" like to connect their laptops anywhere without changing ip's. That agent you mentioned seems like a good idea could you help with that?
Bozzie4 : what is a network traffic shaper? you mean something like a Peribit?
HemanthaKumar : We have all remote locations with connections over IP at 128k, for an average of 6 users per remote location, if the dummies in marketing and the gods (ceo's) decide to send a 4 Mb email message to all users in the same day all network traffic gets jammed (yes, bandwidth is expensive in Portugal). To be honest things got a little better since we upgraded all our lines from Frame Relay to IP, but we're far from having good speed.
qwaletee : We don't have static ip's in those LAN's and we can't change that, because ceo's "on the move" like to connect their laptops anywhere without changing ip's. That agent you mentioned seems like a good idea could you help with that?
ASKER
qwaletee : ah i forgot... and ... the internal network traffic doesent pass by the firewall.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yeah, I can help with the agent, but it will either have to be...
* You write it, I'll give hints, which won't take too much of my time
or
* You've got to get a consultant who is already handy with Notes admin and dev to write it
* You write it, I'll give hints, which won't take too much of my time
or
* You've got to get a consultant who is already handy with Notes admin and dev to write it
Or you can contact Lotus support for any tips on controlling the bandwidth usage !
ASKER
Perhaps both?
qwaletee : could you give me any tips to start with? per ex. how to put a user in a deny list (what command to the server so the user cant replicate)
hemanthakumar : the only time i contacted lotus tech support was by phone (some urgent issue about db's getting corrupt), how do i contact them by mail?
qwaletee : could you give me any tips to start with? per ex. how to put a user in a deny list (what command to the server so the user cant replicate)
hemanthakumar : the only time i contacted lotus tech support was by phone (some urgent issue about db's getting corrupt), how do i contact them by mail?
ASKER
What about hiding menus in the client? I heard kiosk mode doesen't work so well... any toughts?
This is the best you can get to...http://www.ibm.com/planetwide/us/
There is a email on top for general queries.. see if they respond to you by mail
There is a email on top for general queries.. see if they respond to you by mail
Kiosk mode sucks.
The way to deal with Deny Access Groups is to
1) create a deny access group for this purpose
2) Include that group in your server deny access list (server doc) -- then reboot the server, or
3) Put the new deny access group in an existing group (subgroup) that is already in the server doc deny access (no reboot)
To lock a user out, just add the user to the new group created in step 1... you shoud add the user's unabbrevaited canonical name. If you change the group on the same server as you are trying to prevent access, the lockout should occur within 2 minutes of the change, and removal of lockout shoudl also be less than two minutes.
The way to deal with Deny Access Groups is to
1) create a deny access group for this purpose
2) Include that group in your server deny access list (server doc) -- then reboot the server, or
3) Put the new deny access group in an existing group (subgroup) that is already in the server doc deny access (no reboot)
To lock a user out, just add the user to the new group created in step 1... you shoud add the user's unabbrevaited canonical name. If you change the group on the same server as you are trying to prevent access, the lockout should occur within 2 minutes of the change, and removal of lockout shoudl also be less than two minutes.
ASKER
Thanks everyone.
At this time our network engineer is testing a solution with an iptables fw in a linux box. Domino server will only route mail in this box.
The destinations for quotas regarding notes traffic will be based on remote location router's ip (if one of the users screws up all of the other users in the same lan will suffer, but hey , who said life's fair?)
I just wonder why cant we have an ADM for active directory like most of the mainstream software (it would be useful to find some menus from some users).
Any comments on this?
At this time our network engineer is testing a solution with an iptables fw in a linux box. Domino server will only route mail in this box.
The destinations for quotas regarding notes traffic will be based on remote location router's ip (if one of the users screws up all of the other users in the same lan will suffer, but hey , who said life's fair?)
I just wonder why cant we have an ADM for active directory like most of the mainstream software (it would be useful to find some menus from some users).
Any comments on this?
It doesn't really work that way. Policies are not magic... for ever feature you want to lock down, in, say, Windows 2000, Microsoft has to program a UI to set that policy, has to put code on the client to accept that policy, has to put code in teh client settings UI to prevent users from overriding that policy, and has to put code in the software that uses the settings to restrict to that policy. Microsoft has done that with a lot of settings, but not all... and in fact, there are some things that have no settings at all, so neither user nor administrator can control them.
The same is tru for Notes and Domino. In R6, there are a huge number of settings you can lock down... but there are also many that you can't. Nobody pushed IBM hard enough to make a policy for "limitating" connection frequency/traffic level.
The same is tru for Notes and Domino. In R6, there are a huge number of settings you can lock down... but there are also many that you can't. Nobody pushed IBM hard enough to make a policy for "limitating" connection frequency/traffic level.
ASKER
Just wondering why we can restrict almost everything in Client Access ( or the latest "Iseries Access" ) wich is an IBM product and with Notes... nothing at all.
Nothing to wonder at... Notes is actually more complex, and has more features that could potentially be controlled. Dev team has to allocate resources for each feature they add that someone wants to control, and this didn't make the cut.
On top of that, the Notes communication strategy leads this to be a complex area to regulate.
On top of that, the Notes communication strategy leads this to be a complex area to regulate.
A new TA has been added to EE: Lotus Domino Admin (https://www.experts-exchange.com/Web/Lotus_Domino_Admin/).
Since it's still rather empty we're looking for content for this TA. This should offer visitors a better chanche of finding answers to their questions.
This question, though not posted in a wrong TA, was a typical Lotus Domino Admin question. Therefore I'm moving it from Lotus Notes/Domino TA to Lotus Domino Admin TA.
CRAK
Page Editor
Since it's still rather empty we're looking for content for this TA. This should offer visitors a better chanche of finding answers to their questions.
This question, though not posted in a wrong TA, was a typical Lotus Domino Admin question. Therefore I'm moving it from Lotus Notes/Domino TA to Lotus Domino Admin TA.
CRAK
Page Editor
Moved from Notes/Domino to Domino Admin TA.
CRAK
Page Editor
CRAK
Page Editor
Long answer : you may try and restrict the Notes trafic (using a network trafic shaper ) per remote connection (well, you'll need to actually restrict it per individual user per remote connection) That's probably not easy ...
cheers,
tom