Solved

DOMINO MAIL ACCESS from  outside company

Posted on 2006-10-19
15
1,161 Views
Last Modified: 2013-12-18
Hello.

I will implement the new Domino server.
Our company users want to access Domino server from their home.
Is it possible to access as follows ?

Domino 7 server ( DWA or Notes client )  <---- reverse proxy ----  Web server ( WebSphere Edge server ? ) on DMZ <-- Access from home ( web browser or Notes client )

Many IBM documents says possible to access Domino mail server by using " reverse proxy "  .
I also setup WebSphere Edge server, but I cannot find which URL should be pointed from Web server to Domino 7 .
If I create "test0000" account on Domino7 ,  I have to point URL as  "http:// server name /mail/test0000.nsf" to access mailbox ?

We have 50 employee, I have to setup 50 reverse proxy for everyone ?
Or other ONE URL which 50 employee can access and  access each mailbox or other good method ?

Domino7 userA mailbox <--  Domino7 some URL <----- reverse proxy --- Web server on DMZ <----  access from home
             userB mailbox  <---


Appreciate your help.
Thank you so much!


0
Comment
Question by:YASSIE
  • 7
  • 4
15 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17764532
Could this be of help to you?
    http:Q_20683571.html "Remote users accessing Lotus Domino"
0
 

Author Comment

by:YASSIE
ID: 17832495
Sorry for delay reply.

I also read this solution before.
So I thought "reverse proxy" is the best , but there is no detail information when I actually configure server environment.

Now I contact several Notes support vendors.
They also told " Notes client can access Domino if configure passthru server.  But need some additional config change on Firewall" .
Other vendor approach is " Web browser access to replica copy on DMZ Domino server " .

I want some more detail advices.
1. If "reverse proxy" is the best ,  is it possible to setup 1 common logon screen for everyone ?  
2. What is usual remote access configuration for Domino users ?   Replica copy on DMZ Domino ?  or Passthru ?


Appreciate your advice.


0
 

Author Comment

by:YASSIE
ID: 17896767
There is no additional reply .

I installed WebSphere Edge Component v5.0 and set reverse proxy to Domino 7.0.2.

I confirmed  I have to input  /mail/mail file   on my desktop to read my mail.

http:// WebSphere server/mail/YASSIE.nsf

Am I right ?

I also have to input user ID and password twice.
At first,  http:// WebSphere server / mail/YASSIE.nsf  browser authentication window.
And next http:// Domino server / mail/ YASSIE.nsf browser authentication window.

I have to input ID and password twice if I use reverse proxy ?


Thanks




0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 250 total points
ID: 17897445
Your question falls into 3 parts :
- redirection to the mailfiles from your reverse proxy
- connect every authenticated user to his/her mailfile
- Single Sign on between Websphere and Domino

What you do, is create a "rule" to point everything that looks like

http(s)://edgeserver/mail/*.nsf

to your Domino server.

You can further refine this (I think in Websphere Edge too) by creating a regular expression rule

eg. if your mailfiles all have 6 characters, all uppercase, you can have this (I'm not very good with reg expressions, so change where needed :-) )

https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z].nsf

You could create a separate rule per mailfile, but that's probably too much work and not really worth the hassle.

Now to have every user connect to his mailfile, you can use the redirect database that comes with Domino 7 (create a new database from template Domino Web Access Redirection database, see the help for details).
Create a rule in your reverse proxy too, to access this database (for instance http://edge/accessmymail -> (your domino server)/redirect.nsf)

Single Sign on between your Edge server and your Domino server, is done by importing the ltpa token from the websphere server into your Domino directory.  You probably already have the same authentication source ? (you use Domino as authenication directory in your Websphere server ?)

cheers,

Tom
0
 

Author Comment

by:YASSIE
ID: 17897836
Tom

Thank you very much for great help !

- redirection to the mailfiles from your reverse proxy
WebSphere Edge server can set reverse proxy to Domino like this
and every user can get authentication screen ?
>https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z].nsf


- connect every authenticated user to his/her mailfile
> Domino Web Access Redirection database

Both  "https://edgeserver/mail/[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z].nsf"  and "DWA redirection database"
should be setup ?  ( I do not check DWA redirection database yet )


- Single Sign on between Websphere and Domino
>importing the ltpa token from the websphere server into your Domino directory
>You probably already have the same authentication source ?
>(you use Domino as authenication directory in your Websphere server ?)

I did not check detail WebSphere server setting yet.  I will check.


I will test and reply again.

Thanks
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 17897945
Hi Yassie,

I'm not sure about the exact syntax in Websphere Edge , but you should have at least 2 rules :
- 1 to the redirect database, to have a single point of entry
- 1 with a wildcard of some sort  (eg. /mail/*.nsf should work too), or a regular expression to point to your mailfiles.

1 thing I forgot , if you authenticate to the Websphere Edge server, you probably don't need this, but if you authenticate on the Domino server , you may need a redirection to names.nsf too.

Easiest is to split the setup tasks, first set it up without authentication on the Edge server, if that works, add authentication to the Edge server, so only authenticated users can enter the system.

cheers,

Tom
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:YASSIE
ID: 17905107
Hi Tom

I created DWA redirect database  iwaredir.nsf and set  reverse proxy  /DWA => http:// Websphere Edge  /iwaredir.nsf .
I also set reverse proxy  /names.nsf => http:// WES / names.nsf    &    /mail/* => http://WES/mail/*

Works Fine!!!!!  Every test account can logon each mailbox by contacting /DWA ( i.e. /iwaredir.nsf ) !
I also found doc to setup DWAloginForm on domcfg.nsf.  Good !

Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...

I will reply again if I complete SSO.

Thanks  
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 17926798
No comment in 21 days ?  You must be joking :-)

It's quite a current question I think

Tom
0
 

Author Comment

by:YASSIE
ID: 17928753
Still need to confirm SSO on WebSphere Edge server.

Please wait  ...

>Now, I try to setup SSO ,but I can not find how to create LTPA KEY on WebSphere Edge server ...

>I will reply again if I complete SSO.

0
 

Author Comment

by:YASSIE
ID: 17976957
Now, I checking how to create LTPA KEY on WebSphere Edge server .
LTPA KEY can be created by using " administrative console " .
Look for how I can get " administrative console" ...
I cannot find that on WebSphere Edge server menu .

 
 
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 17977590
0
 

Author Comment

by:YASSIE
ID: 18121178
Sorry to be late.

I could not find the solution about Webshere edge server.
IBM also assert IBM do not support Websphere edge server if our company do not buy WAS license.
( though our company had license with DOMINO/WORKPLACE and can download Websphere edge server with them....)

But I could get very very useful information from Tom.
I WOULD LIKE TO PASS POINT TO HIM.

THANK YOU TOM!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

For beginners of Lotus Notes user this is important to know about the types of files and their location supported by IBM Notes. Mostly users are unaware about how many file types are created and what their usages are. This Article is fully dedicated…
Notes Document Link used by IBM Notes is a link file which aids in the sharing of links to documents in email and webpages. The posts describe the importance and steps to create a Lotus Notes NDL file in brief.
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now