DOMINO MAIL ACCESS from outside company

Hello.

I will implement the new Domino server.
Our company users want to access Domino server from their home.
Is it possible to access as follows ?

Domino 7 server ( DWA or Notes client )  <---- reverse proxy ----  Web server ( WebSphere Edge server ? ) on DMZ <-- Access from home ( web browser or Notes client )

Many IBM documents says possible to access Domino mail server by using " reverse proxy "  .
I also setup WebSphere Edge server, but I cannot find which URL should be pointed from Web server to Domino 7 .
If I create "test0000" account on Domino7 ,  I have to point URL as  "http:// server name /mail/test0000.nsf" to access mailbox ?

We have 50 employee, I have to setup 50 reverse proxy for everyone ?
Or other ONE URL which 50 employee can access and  access each mailbox or other good method ?

Domino7 userA mailbox <--  Domino7 some URL <----- reverse proxy --- Web server on DMZ <----  access from home
             userB mailbox  <---


Appreciate your help.
Thank you so much!


YASSIEAsked:
Who is Participating?
Advertise Here
 
Bozzie4Connect With a Mentor Commented:
Your question falls into 3 parts :
- redirection to the mailfiles from your reverse proxy
- connect every authenticated user to his/her mailfile
- Single Sign on between Websphere and Domino

What you do, is create a "rule" to point everything that looks like

http(s)://edgeserver/mail/*.nsf

to your Domino server.

You can further refine this (I think in Websphere Edge too) by creating a regular expression rule

eg. if your mailfiles all have 6 characters, all uppercase, you can have this (I'm not very good with reg expressions, so change where needed :-) )

https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z].nsf

You could create a separate rule per mailfile, but that's probably too much work and not really worth the hassle.

Now to have every user connect to his mailfile, you can use the redirect database that comes with Domino 7 (create a new database from template Domino Web Access Redirection database, see the help for details).
Create a rule in your reverse proxy too, to access this database (for instance http://edge/accessmymail -> (your domino server)/redirect.nsf)

Single Sign on between your Edge server and your Domino server, is done by importing the ltpa token from the websphere server into your Domino directory.  You probably already have the same authentication source ? (you use Domino as authenication directory in your Websphere server ?)

cheers,

Tom
0
 
Sjef BosmanGroupware ConsultantCommented:
Could this be of help to you?
    http:Q_20683571.html "Remote users accessing Lotus Domino"
0
 
YASSIEAuthor Commented:
Sorry for delay reply.

I also read this solution before.
So I thought "reverse proxy" is the best , but there is no detail information when I actually configure server environment.

Now I contact several Notes support vendors.
They also told " Notes client can access Domino if configure passthru server.  But need some additional config change on Firewall" .
Other vendor approach is " Web browser access to replica copy on DMZ Domino server " .

I want some more detail advices.
1. If "reverse proxy" is the best ,  is it possible to setup 1 common logon screen for everyone ?  
2. What is usual remote access configuration for Domino users ?   Replica copy on DMZ Domino ?  or Passthru ?


Appreciate your advice.


0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Access It Instantly
 
YASSIEAuthor Commented:
There is no additional reply .

I installed WebSphere Edge Component v5.0 and set reverse proxy to Domino 7.0.2.

I confirmed  I have to input  /mail/mail file   on my desktop to read my mail.

http:// WebSphere server/mail/YASSIE.nsf

Am I right ?

I also have to input user ID and password twice.
At first,  http:// WebSphere server / mail/YASSIE.nsf  browser authentication window.
And next http:// Domino server / mail/ YASSIE.nsf browser authentication window.

I have to input ID and password twice if I use reverse proxy ?


Thanks




0
 
YASSIEAuthor Commented:
Tom

Thank you very much for great help !

- redirection to the mailfiles from your reverse proxy
WebSphere Edge server can set reverse proxy to Domino like this
and every user can get authentication screen ?
>https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z].nsf


- connect every authenticated user to his/her mailfile
> Domino Web Access Redirection database

Both  "https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z].nsf"  and "DWA redirection database"
should be setup ?  ( I do not check DWA redirection database yet )


- Single Sign on between Websphere and Domino
>importing the ltpa token from the websphere server into your Domino directory
>You probably already have the same authentication source ?
>(you use Domino as authenication directory in your Websphere server ?)

I did not check detail WebSphere server setting yet.  I will check.


I will test and reply again.

Thanks
0
 
Bozzie4Commented:
Hi Yassie,

I'm not sure about the exact syntax in Websphere Edge , but you should have at least 2 rules :
- 1 to the redirect database, to have a single point of entry
- 1 with a wildcard of some sort  (eg. /mail/*.nsf should work too), or a regular expression to point to your mailfiles.

1 thing I forgot , if you authenticate to the Websphere Edge server, you probably don't need this, but if you authenticate on the Domino server , you may need a redirection to names.nsf too.

Easiest is to split the setup tasks, first set it up without authentication on the Edge server, if that works, add authentication to the Edge server, so only authenticated users can enter the system.

cheers,

Tom
0
 
YASSIEAuthor Commented:
Hi Tom

I created DWA redirect database  iwaredir.nsf and set  reverse proxy  /DWA => http:// Websphere Edge  /iwaredir.nsf .
I also set reverse proxy  /names.nsf => http:// WES / names.nsf    &    /mail/* => http://WES/mail/*

Works Fine!!!!!  Every test account can logon each mailbox by contacting /DWA ( i.e. /iwaredir.nsf ) !
I also found doc to setup DWAloginForm on domcfg.nsf.  Good !

Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...

I will reply again if I complete SSO.

Thanks  
0
 
Bozzie4Commented:
No comment in 21 days ?  You must be joking :-)

It's quite a current question I think

Tom
0
 
YASSIEAuthor Commented:
Still need to confirm SSO on WebSphere Edge server.

Please wait  ...

>Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...

>I will reply again if I complete SSO.

0
 
YASSIEAuthor Commented:
Now, I checking how to create LTPA KEY on WebSphere Edge server .
LTPA KEY can be created by using " administrative console " .
Look for how I can get " administrative console" ...
I cannot find that on WebSphere Edge server menu .

 
 
0
 
Bozzie4Commented:
0
 
YASSIEAuthor Commented:
Sorry to be late.

I could not find the solution about Webshere edge server.
IBM also assert IBM do not support Websphere edge server if our company do not buy WAS license.
( though our company had license with DOMINO/WORKPLACE and can download Websphere edge server with them....)

But I could get very very useful information from Tom.
I WOULD LIKE TO PASS POINT TO HIM.

THANK YOU TOM!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.