Solved

Installing Lotus Notes in BYOD environment

Posted on 2014-02-13
5
416 Views
Last Modified: 2014-02-14
We are in the early planning stages of implementing a BYOD (Bring Your Own Device) solution and are fleshing out some potential issues.

We currently use Lotus Notes and one question presented was "How are we going to install Notes on these devices)?". We aren't worried about email on tablets or phones, but if a user decides to use a MacBook or a Windows laptop, is it even possible to install Notes without the user actually being on the network to communicate to the Domino server?

We don't have SCCM or anything like that yet, but other than giving every single user VPN (which is not an option) I am unaware of any other method out there.

I figured I would run it by you guys anyways.

Thanks in advance.
0
Comment
Question by:ErikDorr
5 Comments
 
LVL 1

Accepted Solution

by:
Hans Holt, Ph.D. earned 500 total points
ID: 39858411
Notes clients on the internet can access your Domino server if your port 1352 is open in the firewall.
The Domino server must be set up to use encryption on the network connection to gain best security.
The installation of the Notes client should use local encryption on all databases.
When a user is no longer wanted on the server - put his name in a Deny Access group.

Only people with Notes ID files from your company can access your Domino server.


I think the biggest problem is when someone leaves the company - how do you secure that all data on the local device is destroyed?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39858504
I would do as above with 1352 open depending upon the specifics of the situation, or look at a simple for the users SSL VPN, and/or remote desktop solution where their device is only used as access into your own provided virtual desktop with company apps on.

Also you could consider using iNotes for the emails, and/or the Notes browser plugin to provide access to notes apps.

Will all be "fun" dealing with the random client machines, lack of rights, and on the other hand users running everything with full admin rights on unprotected machines directlt on the net.  Unknown quanitity on virus checkers, their kids playing games and downloading dodgy stuff on the same machine your business is advertised from ...

Can work well or not depends on the users!

Steve
0
 
LVL 30

Expert Comment

by:captain
ID: 39858961
It depends whether you are using a web facing Domino server for this or not.

Traditionally you have business owned machines using VPN tunnels to connect to internal mail servers. I would not do this on BYOD devices as it requires again more local config that when the employe leaves gives cause for concern about how to restrict or remove this.

A web facing Domino server in a DMZ was the simplest solution for us. Either for iNotes or for clients. The latter requires a client to be installed but this is fine.

I have done this on the BYODs for a few staff, we just used the policy that replication to local copies for any laptops (Mac or PC) was disabled, so they could only use our DMZ mail server to connect to with their client live rather than having a local copy. They have a local ID file but as it has been said, you simply Deny access via Names.nsf once they leave.

You will never be able to completely mitigate security with any mobile users, but for our tablets and phones Lotus Traveler works fine (we only have Apple mobile users) and the BYOD laptops have to live with no local replica as the price but with broadband being everywhere this has yet to be an issue.
0
 
LVL 1

Expert Comment

by:Hans Holt, Ph.D.
ID: 39859006
Well - To me - Lotus Notes/Domino on the internet is much simpler than any VPN.

With Notes you use ID files which is your encryption key to secure communication between the client and the server.
You do not depend on any other security software.
0
 

Author Comment

by:ErikDorr
ID: 39859076
These have all been fantastic responses. I appreciate the time.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
The viewer will learn how to set up a document for the web and print and the recommended PPI for printing.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question