Solved

domino web access(iNotes).

Posted on 2012-03-09
19
1,454 Views
Last Modified: 2013-12-18
I need to provide web mail access to my users through internet. I have two domino serves configured as cluster in my LAN network. How can I provide web access to my users. I have CISCO ASA  firewall. I am using web redirection data base locally to access the web mail. How can I provide redundancy for the web mail access if one server fails. I am using domino 8.5.3.
0
Comment
Question by:jobby1
  • 6
  • 5
  • 5
  • +1
19 Comments
 
LVL 15

Expert Comment

by:akhafaf
ID: 37704738
Hi there,,,

Actually, In my  Environment I've done it and I got the other part done by the Networking and Security Department  ....

- A New Lotus Domino server has been added and Located at the DMZ
- Port 1352 has been opened between this new server and the HUB Administration Server .
- A web redirection database has been created and configured to redirect users to their databases .
- Some new Connection Documents have been created between the HUB administration server & the other servers from one side and this new Server on the other side . Moreover, the replication schdule and the other replication related issues have been confiured in these connections documents .
-  For the users we desired to provide them with an access to their emails from the Internet a new replica have been created from their Mail Servers to this new DMZ server  and a new Internet password have been created on "Person Documents" of these users ...

******************** And over Here the Roll of Lotus Notes Admins Ends**********

Now In order, to have the users access this server from the Internet a VPN have been configured by the Networking and Security Adminstrator and each user has been provided with a VPN token so they just have to access the site then put the code provided by the VPN Token  ( The corresponding ports have been opened on the firewall )

- A new DNS  record has been created by the DNS Admin on  (Http://www.sitename.com) on our external DNS and a public IP has been provided to this site .....

Note: I really dont have much experince about the Networking and Security and what can be done in this case

I really hope this helps
0
 

Author Comment

by:jobby1
ID: 37704878
I do not want to keep their mail files in the DMZ servers. Is there a solution for this.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 37705247
Set up a VPN to the internal network.
0
 
LVL 15

Expert Comment

by:akhafaf
ID: 37706875
In refrence to my previous comment # 37704738 this server has been located at the DMZ becuase it is required by the Security Department and the Aduitors . However, in this case as @sjef_bosman mentioned you have to set a VPN connection to the internal network , but you have in this case to review the security measure of your company .
0
 

Author Comment

by:jobby1
ID: 37707325
we can not set up VPN for public access.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 37707341
VPN is meant to block public access: only people with the right credentials can safely access (part of) your internal network.

How else do you intend to let your users access your internal server from the Internet using ports 80 or 443 ?
0
 
LVL 15

Expert Comment

by:akhafaf
ID: 37707508
Ok ,,, if you have a  CISCO ASA  firewall Admin check if he can suggest any thing for this particular case or refer for some documentations on the Internet ....

Or

The only alternative solution which comes to my mind is to have a domino traveler ( it is free of charge the only thing is you have to have a dedicated server ) server for the users to be able to access their emails through mobile phones
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Getting_started_Lotus_Notes_Traveler_8.5.3

I hope this really helps
0
 
LVL 10

Expert Comment

by:doninja
ID: 37718470
As another alternative for clustering and fail over I have used, you could use an IIS server as a front end web server and install the Websphere IIS plugin.

The IIS can be placed in the DMZ and Websphere config setup to try server1 and failover to server2 if http access is not available and fail back if available after a set time.

following link describes some of the config settings for clustering or failover
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21219567

The WASIISplugin is included as part of domino and is easy to install in IIS.
The iis connects to the domino servers so external clients have no need to go through firewall at all, the firewall just needs to allow IIS to contact domino servers.
0
 

Author Comment

by:jobby1
ID: 37732550
Is there any solution avaialble with Domino alone? Microsoft exchange has got clinet accesss role which allow this function. Something similar available in Domino.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 15

Expert Comment

by:akhafaf
ID: 37732927
AFAIK, there is no such an identical solution , the solutions provided by IBM Lotus Notes are mentioned above by the experts
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 37732974
What exactly does the MS solution do that iNotes can't do?
0
 

Author Comment

by:jobby1
ID: 37734258
sjef_bosman:

In MS exchange we can keep our mailbox in LAN only client access we need to publish in DMZ. Client access will take care of connectivity to mail boxes whether is a cluster or no cluster.

Can we have a similar setup using domino without using any third party software/hw
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 37734330
Maybe this:
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/3.14_Setting_up_a_Redirection_Application_for_Lotus_iNotes_users
with a redirection type of Mail Server. There should be an additional Domino server installed in the DMZ, but the mail databases stay on their current server.

I must say I never tried this.

Here's some more info: http://slemfisk.blogspot.fr/2009/09/reverse-proxy-4-mail-servers-anyone.html
0
 
LVL 15

Expert Comment

by:akhafaf
ID: 37734691
sjef_bosman & jobby1 the mentioned idea in comment# 37734330 Is the one I tried to explain in my first comment #37704738 and I've implemented this in the real life the databases are on the mail servers and there must be a replication to the Internet mail access server at the DMZ .
0
 

Author Comment

by:jobby1
ID: 37736348
sjef_bosman:

Even IBM says to keep the mail file replica in DMZ. This is not accepable.

Also if we use reverse proxy we need some load balancer in LAN to maintain single URL using the redirect.nsf. Pls connect me if I am wrong.


"Multiple Servers running iNotes, but all mail files have been replicated on one server located in a DMZ. All users should be redirected to the copy of the mail file on the DMZ server located in a folder called iNotes."
0
 
LVL 10

Expert Comment

by:doninja
ID: 37736981
The IBM suggestion you listed is just one of the possible scenarios suggested and not the one you should be using, agree no replicas in the DMZ.

The redirection app should work for you if you have a suitable domino compatible proxy accessible via the DMZ.
Do you want users to access mail on their home mail servers or a central point as this would only change the url users would be given from the redirection app.

For mailserver access only then.
You can have a single URL that everyone goes to such as inotes.yourdomain.com this just redirects to the redirection app which is set to use mailserver with fixed domain.
This would result in a redirection to example server1.yourdomain.com

Your reverseproxy can be set to push requests for this URL to the lan server via  secure port on your firewall. Clients would not be accessing the lan server directly it is all via reverse proxy, firewall only allows revers proxy ip access etc.
For a reverse proxy you could use Apache or IIS as both have reverse proxy capability that will work with Domino.

For IIS look at using the IISWAS plugin and in the config file you can have list of server connections and redirect by incoming url.

If you have clustered servers with all mail files available on all servers then the IISWAS plugin can load balance and provide fail over between servers. Or you can have redirretion app contact an internal ICM server which will redirect clients to the servers host name, but not tried this in reverse proxy config if internal server hostname is different to public hostname.

The exchange system is effectively using IIS as a reverse proxy similar to using IISWAS setup.
0
 

Author Comment

by:jobby1
ID: 37745849
Can Domino http server provide the reverse proxy feature!!!
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 500 total points
ID: 37746043
NO!
0
 
LVL 10

Expert Comment

by:doninja
ID: 37747498
Can use IIS or Apache for reverse proxy, some others possibly but these have information on how to setup etc.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now