Solved

Installing Lotus Notes in BYOD environment

Posted on 2014-02-13
5
411 Views
Last Modified: 2014-02-14
We are in the early planning stages of implementing a BYOD (Bring Your Own Device) solution and are fleshing out some potential issues.

We currently use Lotus Notes and one question presented was "How are we going to install Notes on these devices)?". We aren't worried about email on tablets or phones, but if a user decides to use a MacBook or a Windows laptop, is it even possible to install Notes without the user actually being on the network to communicate to the Domino server?

We don't have SCCM or anything like that yet, but other than giving every single user VPN (which is not an option) I am unaware of any other method out there.

I figured I would run it by you guys anyways.

Thanks in advance.
0
Comment
Question by:ErikDorr
5 Comments
 
LVL 1

Accepted Solution

by:
Hans Holt, Ph.D. earned 500 total points
Comment Utility
Notes clients on the internet can access your Domino server if your port 1352 is open in the firewall.
The Domino server must be set up to use encryption on the network connection to gain best security.
The installation of the Notes client should use local encryption on all databases.
When a user is no longer wanted on the server - put his name in a Deny Access group.

Only people with Notes ID files from your company can access your Domino server.


I think the biggest problem is when someone leaves the company - how do you secure that all data on the local device is destroyed?
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
I would do as above with 1352 open depending upon the specifics of the situation, or look at a simple for the users SSL VPN, and/or remote desktop solution where their device is only used as access into your own provided virtual desktop with company apps on.

Also you could consider using iNotes for the emails, and/or the Notes browser plugin to provide access to notes apps.

Will all be "fun" dealing with the random client machines, lack of rights, and on the other hand users running everything with full admin rights on unprotected machines directlt on the net.  Unknown quanitity on virus checkers, their kids playing games and downloading dodgy stuff on the same machine your business is advertised from ...

Can work well or not depends on the users!

Steve
0
 
LVL 30

Expert Comment

by:captain
Comment Utility
It depends whether you are using a web facing Domino server for this or not.

Traditionally you have business owned machines using VPN tunnels to connect to internal mail servers. I would not do this on BYOD devices as it requires again more local config that when the employe leaves gives cause for concern about how to restrict or remove this.

A web facing Domino server in a DMZ was the simplest solution for us. Either for iNotes or for clients. The latter requires a client to be installed but this is fine.

I have done this on the BYODs for a few staff, we just used the policy that replication to local copies for any laptops (Mac or PC) was disabled, so they could only use our DMZ mail server to connect to with their client live rather than having a local copy. They have a local ID file but as it has been said, you simply Deny access via Names.nsf once they leave.

You will never be able to completely mitigate security with any mobile users, but for our tablets and phones Lotus Traveler works fine (we only have Apple mobile users) and the BYOD laptops have to live with no local replica as the price but with broadband being everywhere this has yet to be an issue.
0
 
LVL 1

Expert Comment

by:Hans Holt, Ph.D.
Comment Utility
Well - To me - Lotus Notes/Domino on the internet is much simpler than any VPN.

With Notes you use ID files which is your encryption key to secure communication between the client and the server.
You do not depend on any other security software.
0
 

Author Comment

by:ErikDorr
Comment Utility
These have all been fantastic responses. I appreciate the time.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

I previously wrote an article addressing the use of UBCD4WIN and SARDU. All are great, but I have always been an advocate of SARDU. Recently it was suggested that I go back and take a look at Easy2Boot in comparison.
In our personal lives, we have well-designed consumer apps to delight us and make even the most complex transactions simple. Many enterprise applications, however, are a bit behind the times. For an enterprise app to be successful in today's tech wo…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now