Installing Lotus Notes in BYOD environment

We are in the early planning stages of implementing a BYOD (Bring Your Own Device) solution and are fleshing out some potential issues.

We currently use Lotus Notes and one question presented was "How are we going to install Notes on these devices)?". We aren't worried about email on tablets or phones, but if a user decides to use a MacBook or a Windows laptop, is it even possible to install Notes without the user actually being on the network to communicate to the Domino server?

We don't have SCCM or anything like that yet, but other than giving every single user VPN (which is not an option) I am unaware of any other method out there.

I figured I would run it by you guys anyways.

Thanks in advance.
ErikDorrAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Hans Holt, Ph.D.Connect With a Mentor Senior System ConsultantCommented:
Notes clients on the internet can access your Domino server if your port 1352 is open in the firewall.
The Domino server must be set up to use encryption on the network connection to gain best security.
The installation of the Notes client should use local encryption on all databases.
When a user is no longer wanted on the server - put his name in a Deny Access group.

Only people with Notes ID files from your company can access your Domino server.


I think the biggest problem is when someone leaves the company - how do you secure that all data on the local device is destroyed?
0
 
Steve KnightIT ConsultancyCommented:
I would do as above with 1352 open depending upon the specifics of the situation, or look at a simple for the users SSL VPN, and/or remote desktop solution where their device is only used as access into your own provided virtual desktop with company apps on.

Also you could consider using iNotes for the emails, and/or the Notes browser plugin to provide access to notes apps.

Will all be "fun" dealing with the random client machines, lack of rights, and on the other hand users running everything with full admin rights on unprotected machines directlt on the net.  Unknown quanitity on virus checkers, their kids playing games and downloading dodgy stuff on the same machine your business is advertised from ...

Can work well or not depends on the users!

Steve
0
 
captainCommented:
It depends whether you are using a web facing Domino server for this or not.

Traditionally you have business owned machines using VPN tunnels to connect to internal mail servers. I would not do this on BYOD devices as it requires again more local config that when the employe leaves gives cause for concern about how to restrict or remove this.

A web facing Domino server in a DMZ was the simplest solution for us. Either for iNotes or for clients. The latter requires a client to be installed but this is fine.

I have done this on the BYODs for a few staff, we just used the policy that replication to local copies for any laptops (Mac or PC) was disabled, so they could only use our DMZ mail server to connect to with their client live rather than having a local copy. They have a local ID file but as it has been said, you simply Deny access via Names.nsf once they leave.

You will never be able to completely mitigate security with any mobile users, but for our tablets and phones Lotus Traveler works fine (we only have Apple mobile users) and the BYOD laptops have to live with no local replica as the price but with broadband being everywhere this has yet to be an issue.
0
 
Hans Holt, Ph.D.Senior System ConsultantCommented:
Well - To me - Lotus Notes/Domino on the internet is much simpler than any VPN.

With Notes you use ID files which is your encryption key to secure communication between the client and the server.
You do not depend on any other security software.
0
 
ErikDorrAuthor Commented:
These have all been fantastic responses. I appreciate the time.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.