Solved

domino web access(iNotes).

Posted on 2012-03-09
19
1,503 Views
Last Modified: 2013-12-18
I need to provide web mail access to my users through internet. I have two domino serves configured as cluster in my LAN network. How can I provide web access to my users. I have CISCO ASA  firewall. I am using web redirection data base locally to access the web mail. How can I provide redundancy for the web mail access if one server fails. I am using domino 8.5.3.
0
Comment
Question by:jobby1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 5
  • +1
19 Comments
 
LVL 15

Expert Comment

by:akhafaf
ID: 37704738
Hi there,,,

Actually, In my  Environment I've done it and I got the other part done by the Networking and Security Department  ....

- A New Lotus Domino server has been added and Located at the DMZ
- Port 1352 has been opened between this new server and the HUB Administration Server .
- A web redirection database has been created and configured to redirect users to their databases .
- Some new Connection Documents have been created between the HUB administration server & the other servers from one side and this new Server on the other side . Moreover, the replication schdule and the other replication related issues have been confiured in these connections documents .
-  For the users we desired to provide them with an access to their emails from the Internet a new replica have been created from their Mail Servers to this new DMZ server  and a new Internet password have been created on "Person Documents" of these users ...

******************** And over Here the Roll of Lotus Notes Admins Ends**********

Now In order, to have the users access this server from the Internet a VPN have been configured by the Networking and Security Adminstrator and each user has been provided with a VPN token so they just have to access the site then put the code provided by the VPN Token  ( The corresponding ports have been opened on the firewall )

- A new DNS  record has been created by the DNS Admin on  (Http://www.sitename.com) on our external DNS and a public IP has been provided to this site .....

Note: I really dont have much experince about the Networking and Security and what can be done in this case

I really hope this helps
0
 

Author Comment

by:jobby1
ID: 37704878
I do not want to keep their mail files in the DMZ servers. Is there a solution for this.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 37705247
Set up a VPN to the internal network.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:akhafaf
ID: 37706875
In refrence to my previous comment # 37704738 this server has been located at the DMZ becuase it is required by the Security Department and the Aduitors . However, in this case as @sjef_bosman mentioned you have to set a VPN connection to the internal network , but you have in this case to review the security measure of your company .
0
 

Author Comment

by:jobby1
ID: 37707325
we can not set up VPN for public access.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 37707341
VPN is meant to block public access: only people with the right credentials can safely access (part of) your internal network.

How else do you intend to let your users access your internal server from the Internet using ports 80 or 443 ?
0
 
LVL 15

Expert Comment

by:akhafaf
ID: 37707508
Ok ,,, if you have a  CISCO ASA  firewall Admin check if he can suggest any thing for this particular case or refer for some documentations on the Internet ....

Or

The only alternative solution which comes to my mind is to have a domino traveler ( it is free of charge the only thing is you have to have a dedicated server ) server for the users to be able to access their emails through mobile phones
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Getting_started_Lotus_Notes_Traveler_8.5.3

I hope this really helps
0
 
LVL 10

Expert Comment

by:doninja
ID: 37718470
As another alternative for clustering and fail over I have used, you could use an IIS server as a front end web server and install the Websphere IIS plugin.

The IIS can be placed in the DMZ and Websphere config setup to try server1 and failover to server2 if http access is not available and fail back if available after a set time.

following link describes some of the config settings for clustering or failover
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21219567

The WASIISplugin is included as part of domino and is easy to install in IIS.
The iis connects to the domino servers so external clients have no need to go through firewall at all, the firewall just needs to allow IIS to contact domino servers.
0
 

Author Comment

by:jobby1
ID: 37732550
Is there any solution avaialble with Domino alone? Microsoft exchange has got clinet accesss role which allow this function. Something similar available in Domino.
0
 
LVL 15

Expert Comment

by:akhafaf
ID: 37732927
AFAIK, there is no such an identical solution , the solutions provided by IBM Lotus Notes are mentioned above by the experts
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 37732974
What exactly does the MS solution do that iNotes can't do?
0
 

Author Comment

by:jobby1
ID: 37734258
sjef_bosman:

In MS exchange we can keep our mailbox in LAN only client access we need to publish in DMZ. Client access will take care of connectivity to mail boxes whether is a cluster or no cluster.

Can we have a similar setup using domino without using any third party software/hw
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 37734330
Maybe this:
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/3.14_Setting_up_a_Redirection_Application_for_Lotus_iNotes_users
with a redirection type of Mail Server. There should be an additional Domino server installed in the DMZ, but the mail databases stay on their current server.

I must say I never tried this.

Here's some more info: http://slemfisk.blogspot.fr/2009/09/reverse-proxy-4-mail-servers-anyone.html
0
 
LVL 15

Expert Comment

by:akhafaf
ID: 37734691
sjef_bosman & jobby1 the mentioned idea in comment# 37734330 Is the one I tried to explain in my first comment #37704738 and I've implemented this in the real life the databases are on the mail servers and there must be a replication to the Internet mail access server at the DMZ .
0
 

Author Comment

by:jobby1
ID: 37736348
sjef_bosman:

Even IBM says to keep the mail file replica in DMZ. This is not accepable.

Also if we use reverse proxy we need some load balancer in LAN to maintain single URL using the redirect.nsf. Pls connect me if I am wrong.


"Multiple Servers running iNotes, but all mail files have been replicated on one server located in a DMZ. All users should be redirected to the copy of the mail file on the DMZ server located in a folder called iNotes."
0
 
LVL 10

Expert Comment

by:doninja
ID: 37736981
The IBM suggestion you listed is just one of the possible scenarios suggested and not the one you should be using, agree no replicas in the DMZ.

The redirection app should work for you if you have a suitable domino compatible proxy accessible via the DMZ.
Do you want users to access mail on their home mail servers or a central point as this would only change the url users would be given from the redirection app.

For mailserver access only then.
You can have a single URL that everyone goes to such as inotes.yourdomain.com this just redirects to the redirection app which is set to use mailserver with fixed domain.
This would result in a redirection to example server1.yourdomain.com

Your reverseproxy can be set to push requests for this URL to the lan server via  secure port on your firewall. Clients would not be accessing the lan server directly it is all via reverse proxy, firewall only allows revers proxy ip access etc.
For a reverse proxy you could use Apache or IIS as both have reverse proxy capability that will work with Domino.

For IIS look at using the IISWAS plugin and in the config file you can have list of server connections and redirect by incoming url.

If you have clustered servers with all mail files available on all servers then the IISWAS plugin can load balance and provide fail over between servers. Or you can have redirretion app contact an internal ICM server which will redirect clients to the servers host name, but not tried this in reverse proxy config if internal server hostname is different to public hostname.

The exchange system is effectively using IIS as a reverse proxy similar to using IISWAS setup.
0
 

Author Comment

by:jobby1
ID: 37745849
Can Domino http server provide the reverse proxy feature!!!
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 500 total points
ID: 37746043
NO!
0
 
LVL 10

Expert Comment

by:doninja
ID: 37747498
Can use IIS or Apache for reverse proxy, some others possibly but these have information on how to setup etc.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question