Solved

Installing Lotus Notes in BYOD environment

Posted on 2014-02-13
5
414 Views
Last Modified: 2014-02-14
We are in the early planning stages of implementing a BYOD (Bring Your Own Device) solution and are fleshing out some potential issues.

We currently use Lotus Notes and one question presented was "How are we going to install Notes on these devices)?". We aren't worried about email on tablets or phones, but if a user decides to use a MacBook or a Windows laptop, is it even possible to install Notes without the user actually being on the network to communicate to the Domino server?

We don't have SCCM or anything like that yet, but other than giving every single user VPN (which is not an option) I am unaware of any other method out there.

I figured I would run it by you guys anyways.

Thanks in advance.
0
Comment
Question by:ErikDorr
5 Comments
 
LVL 1

Accepted Solution

by:
Hans Holt, Ph.D. earned 500 total points
ID: 39858411
Notes clients on the internet can access your Domino server if your port 1352 is open in the firewall.
The Domino server must be set up to use encryption on the network connection to gain best security.
The installation of the Notes client should use local encryption on all databases.
When a user is no longer wanted on the server - put his name in a Deny Access group.

Only people with Notes ID files from your company can access your Domino server.


I think the biggest problem is when someone leaves the company - how do you secure that all data on the local device is destroyed?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39858504
I would do as above with 1352 open depending upon the specifics of the situation, or look at a simple for the users SSL VPN, and/or remote desktop solution where their device is only used as access into your own provided virtual desktop with company apps on.

Also you could consider using iNotes for the emails, and/or the Notes browser plugin to provide access to notes apps.

Will all be "fun" dealing with the random client machines, lack of rights, and on the other hand users running everything with full admin rights on unprotected machines directlt on the net.  Unknown quanitity on virus checkers, their kids playing games and downloading dodgy stuff on the same machine your business is advertised from ...

Can work well or not depends on the users!

Steve
0
 
LVL 30

Expert Comment

by:captain
ID: 39858961
It depends whether you are using a web facing Domino server for this or not.

Traditionally you have business owned machines using VPN tunnels to connect to internal mail servers. I would not do this on BYOD devices as it requires again more local config that when the employe leaves gives cause for concern about how to restrict or remove this.

A web facing Domino server in a DMZ was the simplest solution for us. Either for iNotes or for clients. The latter requires a client to be installed but this is fine.

I have done this on the BYODs for a few staff, we just used the policy that replication to local copies for any laptops (Mac or PC) was disabled, so they could only use our DMZ mail server to connect to with their client live rather than having a local copy. They have a local ID file but as it has been said, you simply Deny access via Names.nsf once they leave.

You will never be able to completely mitigate security with any mobile users, but for our tablets and phones Lotus Traveler works fine (we only have Apple mobile users) and the BYOD laptops have to live with no local replica as the price but with broadband being everywhere this has yet to be an issue.
0
 
LVL 1

Expert Comment

by:Hans Holt, Ph.D.
ID: 39859006
Well - To me - Lotus Notes/Domino on the internet is much simpler than any VPN.

With Notes you use ID files which is your encryption key to secure communication between the client and the server.
You do not depend on any other security software.
0
 

Author Comment

by:ErikDorr
ID: 39859076
These have all been fantastic responses. I appreciate the time.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
Let’s list some of the technologies that enable smooth teleworking. 
This video demonstrates how to use each tool, their shortcuts, where and when to use them, and how to use the keyboard to improve workflow.
Video by: Tony
This video teaches viewers how to export a project from Adobe Premiere Pro and the various file types involved.

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now