Learn the top ten threats that are present in modern web-application development and how to protect your business from them.
DOMINO MAIL ACCESS from outside company
Hello.
I will implement the new Domino server.
Our company users want to access Domino server from their home.
Is it possible to access as follows ?
Domino 7 server ( DWA or Notes client ) <---- reverse proxy ---- Web server ( WebSphere Edge server ? ) on DMZ <-- Access from home ( web browser or Notes client )
Many IBM documents says possible to access Domino mail server by using " reverse proxy " .
I also setup WebSphere Edge server, but I cannot find which URL should be pointed from Web server to Domino 7 .
If I create "test0000" account on Domino7 , I have to point URL as "http:// server name /mail/test0000.nsf" to access mailbox ?
We have 50 employee, I have to setup 50 reverse proxy for everyone ?
Or other ONE URL which 50 employee can access and access each mailbox or other good method ?
Domino7 userA mailbox <-- Domino7 some URL <----- reverse proxy --- Web server on DMZ <---- access from home
userB mailbox <---
Appreciate your help.
Thank you so much!
I will implement the new Domino server.
Our company users want to access Domino server from their home.
Is it possible to access as follows ?
Domino 7 server ( DWA or Notes client ) <---- reverse proxy ---- Web server ( WebSphere Edge server ? ) on DMZ <-- Access from home ( web browser or Notes client )
Many IBM documents says possible to access Domino mail server by using " reverse proxy " .
I also setup WebSphere Edge server, but I cannot find which URL should be pointed from Web server to Domino 7 .
If I create "test0000" account on Domino7 , I have to point URL as "http:// server name /mail/test0000.nsf" to access mailbox ?
We have 50 employee, I have to setup 50 reverse proxy for everyone ?
Or other ONE URL which 50 employee can access and access each mailbox or other good method ?
Domino7 userA mailbox <-- Domino7 some URL <----- reverse proxy --- Web server on DMZ <---- access from home
userB mailbox <---
Appreciate your help.
Thank you so much!
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sorry for delay reply.
I also read this solution before.
So I thought "reverse proxy" is the best , but there is no detail information when I actually configure server environment.
Now I contact several Notes support vendors.
They also told " Notes client can access Domino if configure passthru server. But need some additional config change on Firewall" .
Other vendor approach is " Web browser access to replica copy on DMZ Domino server " .
I want some more detail advices.
1. If "reverse proxy" is the best , is it possible to setup 1 common logon screen for everyone ?
2. What is usual remote access configuration for Domino users ? Replica copy on DMZ Domino ? or Passthru ?
Appreciate your advice.
I also read this solution before.
So I thought "reverse proxy" is the best , but there is no detail information when I actually configure server environment.
Now I contact several Notes support vendors.
They also told " Notes client can access Domino if configure passthru server. But need some additional config change on Firewall" .
Other vendor approach is " Web browser access to replica copy on DMZ Domino server " .
I want some more detail advices.
1. If "reverse proxy" is the best , is it possible to setup 1 common logon screen for everyone ?
2. What is usual remote access configuration for Domino users ? Replica copy on DMZ Domino ? or Passthru ?
Appreciate your advice.
There is no additional reply .
I installed WebSphere Edge Component v5.0 and set reverse proxy to Domino 7.0.2.
I confirmed I have to input /mail/mail file on my desktop to read my mail.
http:// WebSphere server/mail/YASSIE.nsf
Am I right ?
I also have to input user ID and password twice.
At first, http:// WebSphere server / mail/YASSIE.nsf browser authentication window.
And next http:// Domino server / mail/ YASSIE.nsf browser authentication window.
I have to input ID and password twice if I use reverse proxy ?
Thanks
I installed WebSphere Edge Component v5.0 and set reverse proxy to Domino 7.0.2.
I confirmed I have to input /mail/mail file on my desktop to read my mail.
http:// WebSphere server/mail/YASSIE.nsf
Am I right ?
I also have to input user ID and password twice.
At first, http:// WebSphere server / mail/YASSIE.nsf browser authentication window.
And next http:// Domino server / mail/ YASSIE.nsf browser authentication window.
I have to input ID and password twice if I use reverse proxy ?
Thanks
Your question falls into 3 parts :
- redirection to the mailfiles from your reverse proxy
- connect every authenticated user to his/her mailfile
- Single Sign on between Websphere and Domino
What you do, is create a "rule" to point everything that looks like
http(s)://edgeserver/mail/
to your Domino server.
You can further refine this (I think in Websphere Edge too) by creating a regular expression rule
eg. if your mailfiles all have 6 characters, all uppercase, you can have this (I'm not very good with reg expressions, so change where needed :-) )
https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][
You could create a separate rule per mailfile, but that's probably too much work and not really worth the hassle.
Now to have every user connect to his mailfile, you can use the redirect database that comes with Domino 7 (create a new database from template Domino Web Access Redirection database, see the help for details).
Create a rule in your reverse proxy too, to access this database (for instance http://edge/accessmymail -> (your domino server)/redirect.nsf)
Single Sign on between your Edge server and your Domino server, is done by importing the ltpa token from the websphere server into your Domino directory. You probably already have the same authentication source ? (you use Domino as authenication directory in your Websphere server ?)
cheers,
Tom
- redirection to the mailfiles from your reverse proxy
- connect every authenticated user to his/her mailfile
- Single Sign on between Websphere and Domino
What you do, is create a "rule" to point everything that looks like
http(s)://edgeserver/mail/
to your Domino server.
You can further refine this (I think in Websphere Edge too) by creating a regular expression rule
eg. if your mailfiles all have 6 characters, all uppercase, you can have this (I'm not very good with reg expressions, so change where needed :-) )
https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][
You could create a separate rule per mailfile, but that's probably too much work and not really worth the hassle.
Now to have every user connect to his mailfile, you can use the redirect database that comes with Domino 7 (create a new database from template Domino Web Access Redirection database, see the help for details).
Create a rule in your reverse proxy too, to access this database (for instance http://edge/accessmymail -> (your domino server)/redirect.nsf)
Single Sign on between your Edge server and your Domino server, is done by importing the ltpa token from the websphere server into your Domino directory. You probably already have the same authentication source ? (you use Domino as authenication directory in your Websphere server ?)
cheers,
Tom
Tom
Thank you very much for great help !
- redirection to the mailfiles from your reverse proxy
WebSphere Edge server can set reverse proxy to Domino like this
and every user can get authentication screen ?
>https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z]
- connect every authenticated user to his/her mailfile
> Domino Web Access Redirection database
Both "https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z]
should be setup ? ( I do not check DWA redirection database yet )
- Single Sign on between Websphere and Domino
>importing the ltpa token from the websphere server into your Domino directory
>You probably already have the same authentication source ?
>(you use Domino as authenication directory in your Websphere server ?)
I did not check detail WebSphere server setting yet. I will check.
I will test and reply again.
Thanks
Thank you very much for great help !
- redirection to the mailfiles from your reverse proxy
WebSphere Edge server can set reverse proxy to Domino like this
and every user can get authentication screen ?
>https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z]
- connect every authenticated user to his/her mailfile
> Domino Web Access Redirection database
Both "https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z]
should be setup ? ( I do not check DWA redirection database yet )
- Single Sign on between Websphere and Domino
>importing the ltpa token from the websphere server into your Domino directory
>You probably already have the same authentication source ?
>(you use Domino as authenication directory in your Websphere server ?)
I did not check detail WebSphere server setting yet. I will check.
I will test and reply again.
Thanks
Hi Yassie,
I'm not sure about the exact syntax in Websphere Edge , but you should have at least 2 rules :
- 1 to the redirect database, to have a single point of entry
- 1 with a wildcard of some sort (eg. /mail/*.nsf should work too), or a regular expression to point to your mailfiles.
1 thing I forgot , if you authenticate to the Websphere Edge server, you probably don't need this, but if you authenticate on the Domino server , you may need a redirection to names.nsf too.
Easiest is to split the setup tasks, first set it up without authentication on the Edge server, if that works, add authentication to the Edge server, so only authenticated users can enter the system.
cheers,
Tom
I'm not sure about the exact syntax in Websphere Edge , but you should have at least 2 rules :
- 1 to the redirect database, to have a single point of entry
- 1 with a wildcard of some sort (eg. /mail/*.nsf should work too), or a regular expression to point to your mailfiles.
1 thing I forgot , if you authenticate to the Websphere Edge server, you probably don't need this, but if you authenticate on the Domino server , you may need a redirection to names.nsf too.
Easiest is to split the setup tasks, first set it up without authentication on the Edge server, if that works, add authentication to the Edge server, so only authenticated users can enter the system.
cheers,
Tom
Hi Tom
I created DWA redirect database iwaredir.nsf and set reverse proxy /DWA => http:// Websphere Edge /iwaredir.nsf .
I also set reverse proxy /names.nsf => http:// WES / names.nsf & /mail/* => http://WES/mail/*
Works Fine!!!!! Every test account can logon each mailbox by contacting /DWA ( i.e. /iwaredir.nsf ) !
I also found doc to setup DWAloginForm on domcfg.nsf. Good !
Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...
I will reply again if I complete SSO.
Thanks
I created DWA redirect database iwaredir.nsf and set reverse proxy /DWA => http:// Websphere Edge /iwaredir.nsf .
I also set reverse proxy /names.nsf => http:// WES / names.nsf & /mail/* => http://WES/mail/*
Works Fine!!!!! Every test account can logon each mailbox by contacting /DWA ( i.e. /iwaredir.nsf ) !
I also found doc to setup DWAloginForm on domcfg.nsf. Good !
Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...
I will reply again if I complete SSO.
Thanks
Still need to confirm SSO on WebSphere Edge server.
Please wait ...
>Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...
>I will reply again if I complete SSO.
Please wait ...
>Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...
>I will reply again if I complete SSO.
Now, I checking how to create LTPA KEY on WebSphere Edge server .
LTPA KEY can be created by using " administrative console " .
Look for how I can get " administrative console" ...
I cannot find that on WebSphere Edge server menu .
LTPA KEY can be created by using " administrative console " .
Look for how I can get " administrative console" ...
I cannot find that on WebSphere Edge server menu .
This may help you :
http://www-128.ibm.com/developerworks/lotus/library/ls-Configuring_IWA_Edge_ReverseProxy/index.html
cheers,
Tom
http://www-128.ibm.com/developerworks/lotus/library/ls-Configuring_IWA_Edge_ReverseProxy/index.html
cheers,
Tom
Sorry to be late.
I could not find the solution about Webshere edge server.
IBM also assert IBM do not support Websphere edge server if our company do not buy WAS license.
( though our company had license with DOMINO/WORKPLACE and can download Websphere edge server with them....)
But I could get very very useful information from Tom.
I WOULD LIKE TO PASS POINT TO HIM.
THANK YOU TOM!
I could not find the solution about Webshere edge server.
IBM also assert IBM do not support Websphere edge server if our company do not buy WAS license.
( though our company had license with DOMINO/WORKPLACE and can download Websphere edge server with them....)
But I could get very very useful information from Tom.
I WOULD LIKE TO PASS POINT TO HIM.
THANK YOU TOM!
Premium Content
You need an Expert Office subscription to comment.Start Free Trial