We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
2 days, 2 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
DOMINO MAIL ACCESS from outside company
Posted on 2006-10-19
Hello.
I will implement the new Domino server.
Our company users want to access Domino server from their home.
Is it possible to access as follows ?
Domino 7 server ( DWA or Notes client ) <---- reverse proxy ---- Web server ( WebSphere Edge server ? ) on DMZ <-- Access from home ( web browser or Notes client )
Many IBM documents says possible to access Domino mail server by using " reverse proxy " .
I also setup WebSphere Edge server, but I cannot find which URL should be pointed from Web server to Domino 7 .
If I create "test0000" account on Domino7 , I have to point URL as "http:// server name /mail/test0000.nsf" to access mailbox ?
We have 50 employee, I have to setup 50 reverse proxy for everyone ?
Or other ONE URL which 50 employee can access and access each mailbox or other good method ?
Domino7 userA mailbox <-- Domino7 some URL <----- reverse proxy --- Web server on DMZ <---- access from home
userB mailbox <---
Appreciate your help.
Thank you so much!
I will implement the new Domino server.
Our company users want to access Domino server from their home.
Is it possible to access as follows ?
Domino 7 server ( DWA or Notes client ) <---- reverse proxy ---- Web server ( WebSphere Edge server ? ) on DMZ <-- Access from home ( web browser or Notes client )
Many IBM documents says possible to access Domino mail server by using " reverse proxy " .
I also setup WebSphere Edge server, but I cannot find which URL should be pointed from Web server to Domino 7 .
If I create "test0000" account on Domino7 , I have to point URL as "http:// server name /mail/test0000.nsf" to access mailbox ?
We have 50 employee, I have to setup 50 reverse proxy for everyone ?
Or other ONE URL which 50 employee can access and access each mailbox or other good method ?
Domino7 userA mailbox <-- Domino7 some URL <----- reverse proxy --- Web server on DMZ <---- access from home
userB mailbox <---
Appreciate your help.
Thank you so much!
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
7
-
4
15 Comments
Sorry for delay reply.
I also read this solution before.
So I thought "reverse proxy" is the best , but there is no detail information when I actually configure server environment.
Now I contact several Notes support vendors.
They also told " Notes client can access Domino if configure passthru server. But need some additional config change on Firewall" .
Other vendor approach is " Web browser access to replica copy on DMZ Domino server " .
I want some more detail advices.
1. If "reverse proxy" is the best , is it possible to setup 1 common logon screen for everyone ?
2. What is usual remote access configuration for Domino users ? Replica copy on DMZ Domino ? or Passthru ?
Appreciate your advice.
I also read this solution before.
So I thought "reverse proxy" is the best , but there is no detail information when I actually configure server environment.
Now I contact several Notes support vendors.
They also told " Notes client can access Domino if configure passthru server. But need some additional config change on Firewall" .
Other vendor approach is " Web browser access to replica copy on DMZ Domino server " .
I want some more detail advices.
1. If "reverse proxy" is the best , is it possible to setup 1 common logon screen for everyone ?
2. What is usual remote access configuration for Domino users ? Replica copy on DMZ Domino ? or Passthru ?
Appreciate your advice.
There is no additional reply .
I installed WebSphere Edge Component v5.0 and set reverse proxy to Domino 7.0.2.
I confirmed I have to input /mail/mail file on my desktop to read my mail.
http:// WebSphere server/mail/YASSIE.nsf
Am I right ?
I also have to input user ID and password twice.
At first, http:// WebSphere server / mail/YASSIE.nsf browser authentication window.
And next http:// Domino server / mail/ YASSIE.nsf browser authentication window.
I have to input ID and password twice if I use reverse proxy ?
Thanks
I installed WebSphere Edge Component v5.0 and set reverse proxy to Domino 7.0.2.
I confirmed I have to input /mail/mail file on my desktop to read my mail.
http:// WebSphere server/mail/YASSIE.nsf
Am I right ?
I also have to input user ID and password twice.
At first, http:// WebSphere server / mail/YASSIE.nsf browser authentication window.
And next http:// Domino server / mail/ YASSIE.nsf browser authentication window.
I have to input ID and password twice if I use reverse proxy ?
Thanks
Your question falls into 3 parts :
- redirection to the mailfiles from your reverse proxy
- connect every authenticated user to his/her mailfile
- Single Sign on between Websphere and Domino
What you do, is create a "rule" to point everything that looks like
http(s)://edgeserver/mail/
to your Domino server.
You can further refine this (I think in Websphere Edge too) by creating a regular expression rule
eg. if your mailfiles all have 6 characters, all uppercase, you can have this (I'm not very good with reg expressions, so change where needed :-) )
https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][
You could create a separate rule per mailfile, but that's probably too much work and not really worth the hassle.
Now to have every user connect to his mailfile, you can use the redirect database that comes with Domino 7 (create a new database from template Domino Web Access Redirection database, see the help for details).
Create a rule in your reverse proxy too, to access this database (for instance http://edge/accessmymail -> (your domino server)/redirect.nsf)
Single Sign on between your Edge server and your Domino server, is done by importing the ltpa token from the websphere server into your Domino directory. You probably already have the same authentication source ? (you use Domino as authenication directory in your Websphere server ?)
cheers,
Tom
- redirection to the mailfiles from your reverse proxy
- connect every authenticated user to his/her mailfile
- Single Sign on between Websphere and Domino
What you do, is create a "rule" to point everything that looks like
http(s)://edgeserver/mail/
to your Domino server.
You can further refine this (I think in Websphere Edge too) by creating a regular expression rule
eg. if your mailfiles all have 6 characters, all uppercase, you can have this (I'm not very good with reg expressions, so change where needed :-) )
https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][
You could create a separate rule per mailfile, but that's probably too much work and not really worth the hassle.
Now to have every user connect to his mailfile, you can use the redirect database that comes with Domino 7 (create a new database from template Domino Web Access Redirection database, see the help for details).
Create a rule in your reverse proxy too, to access this database (for instance http://edge/accessmymail -> (your domino server)/redirect.nsf)
Single Sign on between your Edge server and your Domino server, is done by importing the ltpa token from the websphere server into your Domino directory. You probably already have the same authentication source ? (you use Domino as authenication directory in your Websphere server ?)
cheers,
Tom
Tom
Thank you very much for great help !
- redirection to the mailfiles from your reverse proxy
WebSphere Edge server can set reverse proxy to Domino like this
and every user can get authentication screen ?
>https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z]
- connect every authenticated user to his/her mailfile
> Domino Web Access Redirection database
Both "https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z]
should be setup ? ( I do not check DWA redirection database yet )
- Single Sign on between Websphere and Domino
>importing the ltpa token from the websphere server into your Domino directory
>You probably already have the same authentication source ?
>(you use Domino as authenication directory in your Websphere server ?)
I did not check detail WebSphere server setting yet. I will check.
I will test and reply again.
Thanks
Thank you very much for great help !
- redirection to the mailfiles from your reverse proxy
WebSphere Edge server can set reverse proxy to Domino like this
and every user can get authentication screen ?
>https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z]
- connect every authenticated user to his/her mailfile
> Domino Web Access Redirection database
Both "https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z]
should be setup ? ( I do not check DWA redirection database yet )
- Single Sign on between Websphere and Domino
>importing the ltpa token from the websphere server into your Domino directory
>You probably already have the same authentication source ?
>(you use Domino as authenication directory in your Websphere server ?)
I did not check detail WebSphere server setting yet. I will check.
I will test and reply again.
Thanks
Hi Yassie,
I'm not sure about the exact syntax in Websphere Edge , but you should have at least 2 rules :
- 1 to the redirect database, to have a single point of entry
- 1 with a wildcard of some sort (eg. /mail/*.nsf should work too), or a regular expression to point to your mailfiles.
1 thing I forgot , if you authenticate to the Websphere Edge server, you probably don't need this, but if you authenticate on the Domino server , you may need a redirection to names.nsf too.
Easiest is to split the setup tasks, first set it up without authentication on the Edge server, if that works, add authentication to the Edge server, so only authenticated users can enter the system.
cheers,
Tom
I'm not sure about the exact syntax in Websphere Edge , but you should have at least 2 rules :
- 1 to the redirect database, to have a single point of entry
- 1 with a wildcard of some sort (eg. /mail/*.nsf should work too), or a regular expression to point to your mailfiles.
1 thing I forgot , if you authenticate to the Websphere Edge server, you probably don't need this, but if you authenticate on the Domino server , you may need a redirection to names.nsf too.
Easiest is to split the setup tasks, first set it up without authentication on the Edge server, if that works, add authentication to the Edge server, so only authenticated users can enter the system.
cheers,
Tom
Hi Tom
I created DWA redirect database iwaredir.nsf and set reverse proxy /DWA => http:// Websphere Edge /iwaredir.nsf .
I also set reverse proxy /names.nsf => http:// WES / names.nsf & /mail/* => http://WES/mail/*
Works Fine!!!!! Every test account can logon each mailbox by contacting /DWA ( i.e. /iwaredir.nsf ) !
I also found doc to setup DWAloginForm on domcfg.nsf. Good !
Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...
I will reply again if I complete SSO.
Thanks
I created DWA redirect database iwaredir.nsf and set reverse proxy /DWA => http:// Websphere Edge /iwaredir.nsf .
I also set reverse proxy /names.nsf => http:// WES / names.nsf & /mail/* => http://WES/mail/*
Works Fine!!!!! Every test account can logon each mailbox by contacting /DWA ( i.e. /iwaredir.nsf ) !
I also found doc to setup DWAloginForm on domcfg.nsf. Good !
Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...
I will reply again if I complete SSO.
Thanks
Still need to confirm SSO on WebSphere Edge server.
Please wait ...
>Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...
>I will reply again if I complete SSO.
Please wait ...
>Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...
>I will reply again if I complete SSO.
Now, I checking how to create LTPA KEY on WebSphere Edge server .
LTPA KEY can be created by using " administrative console " .
Look for how I can get " administrative console" ...
I cannot find that on WebSphere Edge server menu .
LTPA KEY can be created by using " administrative console " .
Look for how I can get " administrative console" ...
I cannot find that on WebSphere Edge server menu .
This may help you :
http://www-128.ibm.com/developerworks/lotus/library/ls-Configuring_IWA_Edge_ReverseProxy/index.html
cheers,
Tom
http://www-128.ibm.com/developerworks/lotus/library/ls-Configuring_IWA_Edge_ReverseProxy/index.html
cheers,
Tom
Sorry to be late.
I could not find the solution about Webshere edge server.
IBM also assert IBM do not support Websphere edge server if our company do not buy WAS license.
( though our company had license with DOMINO/WORKPLACE and can download Websphere edge server with them....)
But I could get very very useful information from Tom.
I WOULD LIKE TO PASS POINT TO HIM.
THANK YOU TOM!
I could not find the solution about Webshere edge server.
IBM also assert IBM do not support Websphere edge server if our company do not buy WAS license.
( though our company had license with DOMINO/WORKPLACE and can download Websphere edge server with them....)
But I could get very very useful information from Tom.
I WOULD LIKE TO PASS POINT TO HIM.
THANK YOU TOM!
Featured Post
June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster. I've had to exercise t…
  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month2 days, 2 hours left to enroll
717 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.