Lotus Notes Interview Questions forL1 _ L2 Level

Document Sample
Lotus Notes Interview Questions forL1 _ L2 Level Powered By Docstoc
					Lotus Notes Interview Questions for L1 Level

1) What is ACL ?
Access Control List
2) What are the diff types of ACL access?
Manager, Designer, Editor, Authour,Reader,Depositor,No accses
3) Diff between Manager access and Designer access?
Manager : He can create the Database with manager access,delete,encrypt and compact
the documents
Designer : He can access designer elements like view ,forms…
           He can create the FT index , he can delete the documents with manger access
4) Diff between Editor access and Author access?
Editor : He can create , read and modify the document, he can delete the document with
Manger access
Author : He can read the document and delete the document if authour is the owner of the
document
5) What is clustering?
Group of two or more server provides the users with constant access.
Domino cluster continually communicate with each other to keep updated on the status of
each server and to keep database replicas synchronized.
5) Transaction Log problems - Troubleshooting?
Invalid transaction log path : Check the log path – path is correct – restart the server
Not solved, edit TRANSLOG - PATH setting in notes.ini to point to different log path –
restart the server
Transaction log damaged or corrupted : We can see the error message “Transaction log
damaged or corrupted “ on the console promt- restart the server
If continues – delete the transaction log file – restart the server- server create the new log
file- load fixup – perform the database backup.
6) Resource and Reservation databases, busytime databases.
Resource reservation database : Users can schedule and manage meeting resources. User
can select the resource and reserve the time for it ( RESRC60.NTF )
Busytime databases : When not in a cluster, each server contains a database that includes
scheduling information for all users who use that server as their mail server.
6) Components or tasks involved in Domino Clustering?
Components : Server : Domino 6.5 or Domino 6 enterprise server or Domino 6 utility
server
 Cluster with LAN or WAN - TcpIP, It should be with same domain and share a
common domino directory, Server shud have adequate CPU and Memory capacity.
Client : Notes client must run notes release 4.5 or later.
Tasks involved in Domino Clustering : ?


7) Port used by Notes?
NRPC – Notes remote process call ( 1352
8) What is ECL?
Execution control list
9) What is replication?
Replication is the process of synchronizing documents from the same databases on
different workstations or servers
9a) Different types of replication?
   1. server – to – server replication
   2. workstation – to – server replication


Pull – pull
Pull – push
Pull – only
Push only
In pull – push, the initiating server replicator pulls changes from the called server and the
pushes data to the called server, only the initiating servers does te work writing in both
servers.
10) If replication between 2 databases does not work, then what are the troubleshooting
steps taken?
Check replication history and log,
Replicate with server ……not responding : check network communication
Check cross certification for the database
Mislenious event log


11) If users recieve error "Unable to find path to server" - what would be the problem ? –
DNS issue or host entry or connection document problem


12) smtp routing ?
To sending mail to internet users
13) Mail routing ?
A server base task that allows users to exchange mail via a LAN, WAN , Gateways
14) Difference between replica and new copy?
New replica have same replica ID, New copy will not the same
15) To have console access what do you require in Server Document ?




16) Transactional Logging?
Transaction logging captures all the changes made to a database and writes them to a
transaction log.
Transactions are recordered sequentially in the log files,which is much quicker than
database updates to random.


17) difference between refresh desing and replace?
Refresh : Refresh page contain up to date information
Replace : Change the existing one to new one
18) Compact tasks and types.
Tasks : ?
Types : In-place compacting with space recovery
            In-place compacting with space recovery and reduction in file size
            Copy-style compacting
19) difference updall and update
Update : Update is loaded at server by default and runs continually . It will update view
index.
Updall : Updall dosen’t continually or work from qeue, run updall when it is needed, It
will update view index.
20) Fixup details and it's syntax
?
21) R5 and R6 differences, new in R6?
?
22) Can external LDAP directory be used in Domino ?
No
23) What is directory Assitance? what is the benefit using this?
Directory assistance : Directory assistance is a feature a server can use to look up
information in a directory other than a local primary Domino Directory (NAMES.NSF)
Benefit : ?
24) What is the step to recover from a Server Crash?


25) What is the steps to recreate a corrupt log.nsf?
26) Domino upgrade steps from 5 to 6 or 6.5 ?




Lotus Notes Interview Questions for L2 Level



1) Difference between Adjacent Domain Document and Non Adjacent Domain
    Document?
2) What is the Foreign Domain Document?
3) What is the Foreign SMTP Domain Document?
4) What is the Global Domain Document?
5) Difference between Domino and Domain?
6) How many ways to open Notes.ini?
7) Difference between ACL and ECL?
8) Difference between R5 and R6?
9) What is the NRPC? What is Port number?
10) What are the port numbers for SMTP, POP3, IMAP, HTTP, LDAP and SSL?
11) Difference between Replace and Refresh?
12) Difference between Updall and Update?
13) Difference between compact and fixup?
14) What is the transaction logging? How many types are there for Transaction logging?
How do you disable transaction logging?
15) What are the features in R6?
16) What is Minimum configuration and Maximum configuration for Domino?
17) How do you monitor the server?
18) How do you replicate the address book from location to another location?
19) What are the necessary files for backup?
20) How many partitions can support domino?
21) How many cluster servers can support domino?
22) What do you know about pass-through server?
23) What is the CA?
24) Difference between connection document and Program document?
25) Difference between server document and configuration document?
26) What are the tasks run server when clustering is started?
27) Difference between Newcopy and replication?
28) Difference between NNN and DNN?
29) What is the information is contain id file?
30) What is ISPY?
31) Difference between Public key and private key?
32) What are the Topologies for the Domino?
33) How many Organizations we can create?
34) How many Organizations Units we can create?
35) How many ways are there to create / Register user?
36) How can you identify whether it is a main server or additional server?
37) How many ACL levels are there?
38) Can you describe ACL level (Manager, Editor, Author, Designer, Depositor, Reader
and Unassigned)?
39) What is the ICL?
40) What is CRL?




Lotus Notes Interview Questions.

10) Difference between Adjacent Domain Document and Non Adjacent Domain
    Document?

http://www.codestore.net/help/help6_admin.nsf/f4b82fbb75e942a6852566ac0037f284/91
8e6b784b0fb52d85256c1d0039527e?OpenDocument


                                                                                MAIL


Creating an Adjacent domain document
You create an Adjacent domain document when you need to restrict the transfer of mail
from one adjacent domain to another. For example, if you are in domain B and want to
prevent mail from an adjacent domain A from traversing your domain to reach another
adjacent domain C, create an Adjacent domain document that names C as the adjacent
domain and denies mail from A.
The restrictions you define in the Adjacent domain document apply to the domain of the
previous hop only. That is, in the Adjacent domain document created in the previous
example, adding A to the Deny list prevents mail originating in A from routing to C. This
includes mail that domain A may receive from domain Z for eventual transfer to C.

But suppose you want to allow mail from A, but deny mail from domain Z, which uses A
and B as intermediate domains to reach C. If the administrator in domain B removes
domain A from the deny list of the Adjacent domain document for domain C, and adds
domain Z, domain Z is allowed to route mail to C. This is because once the message
arrives in domain B the domain of origin appears to be A, rather than Z. In the absence of
restrictions on transferring mail from A to C, Domino allows the message to route.
You also use Adjacent domain documents to allow Free Time searches across domains.
For more information, see Setting up scheduling.

Note Restrictions set in an Adjacent domain document work in conjunction with those in
the Configuration Settings document. Domino always defaults to the most restrictive
entry.

Adjacent Domain documents do not provide connectivity to adjacent domains, and are
not required to enable connections between adjacent domains. To define routes between
adjacent domains, create a Connection document.

Using Adjacent domain documents to restrict mail

By default, a domain that can route mail to your domain can also route mail through your
domain to another adjacent domain. When mail routes from one domain to another
through your domain, it ties up your resources. To prevent your servers from being used
to transfer mail between other domains, you can selectively allow and deny mail routing
through your domain to the domain named in the Adjacent domain document.

The Allow and Deny fields on the Restrictions tab of the Adjacent domain document let
you control the flow of messages from other domains to the adjacent domain. Entries in
these fields must be the names of adjacent domains; the Router ignores entries for non-
adjacent domains beyond the previous hop. If you deny a domain from sending mail
through your domain, the Router denies all mail received from that domain, including
messages the domain may have passed on from another, non-adjacent domain. There is
no way to restrict specific users from routing to a Notes domain. Restrictions apply to all
users in specified domain.

The settings in the Allow and Deny fields work in conjunction with the Allow and Deny
fields on the Router/SMTP - Restrictions and Controls - Restrictions tab of the
Configuration Settings document. In the event of any conflict between settings, Domino
applies the most restrictive entry.

Messages may be further restricted by Adjacent Domain documents, Non-adjacent
Domain documents, and Configuration Settings documents set up between domains along
the routing path.

To create a Adjacent domain document

1. From the Domino Administrator, click the Configuration tab and then expand the
Messaging section.

2. Choose Domains.

3. Click Add Domain to create a new Domain document.
4. On the Basics tab, complete these fields:

Field                Enter
Domain type          Choose Adjacent domain
Adjacent domain      The name of the adjacent Domino domain. The current domain must
name                 have a Connection document to this domain.
Domain description Optional description of the domain

5. To restrict other domains from routing mail through the current domain to the adjacent
domain, click the Restrictions tab, complete the following fields, and then click Save and
Close:

Field                Enter
Allow mail only      Enter the names of adjacent Domino domains that are allowed to
from domains         route mail to this adjacent domain.

                     To allow any domain to route mail through the local domain to this
                     adjacent domain, leave this field blank.
Deny mail from       Enter the names of adjacent Domino domains that are not allowed to
domains              route mail to this adjacent domain.

                    To allow any domain to route mail through the local domain to this
                    adjacent domain leave this field blank.
        Note You cannot use wildcards in the Restrictions fields. You must enter explicit
        domain names.

6. Create a Connection document to specify how servers in the current domain connect to
the adjacent domain.

                                                                                   MAIL


Setting up routing to non-adjacent Domino domains
Non-adjacent domains are Domino domains that are not directly connected, but have an
intermediary domain, adjacent to both of them in common. For example, domain A and
domain B are adjacent and have Connection documents defining the route between them.
Similarly, domain B, in turn, is adjacent to domain C and mutual Connection documents
exist between them; and domains C and D are likewise adjacent to each other and linked
by Connection documents. Domain B is thus adjacent to domain A on one side, and
domain C on the other; and domain C is adjacent to B and D, respectively. If no direct
connection exists between A and C, these two domains are considered to be non-adjacent
domains. Similarly if there is no direct connection between B and D, these two domains
are also non-adjacent.
Because there is no direct connection between two non-adjacent domains, you cannot
define the routing path between them in a Connection document. Connection documents
can only be used between two directly-connected, adjacent domains. However, users in
non-adjacent domains can send mail to each other by routing it through the intermediary
domain.

One way to do this is to use explicit addressing -- telling the Router how to reach the
destination domain through the intermediary domain by placing the entire routing path in
the address field. For example, if Kathy Burke in domain A wants to send a message to
Robin Rutherford in the non-adjacent domain C, she addresses the message by way of
domain B, as follows:


       Robin Rutherford@C@B

In processing the message, the Router on the domain A mail server looks only at the last
part of the address, and uses the Connection document to determine the route to domain
B. The domain B server then uses the Connection document in its Domino Directory to
transfer the message to domain C.

Although the use of explicit addressing is an effective method for directing mail to non-
adjacent domains, because it relies on a complete knowledge of the inter-domain routing
topology, it's also not a very practical solution. This information is not readily available
to a typical user. To simplify routing and addressing to non-adjacent domains, you can
create a Non-adjacent domain document in the Domino Directory to define the path
between the non-adjacent domains.

Using a Non-adjacent domain document

Administrators can create a Non-adjacent domain document to control message routing to
a non-adjacent domain. A Non-adjacent Domain documents serves three functions:
      Specifies a routing path to the non-adjacent domain by supplying next-hop
       domain information
      Restricts mail from other domains from routing to the non-adjacent domain
      Defines the Calendar server used to enable free time lookups between two non-
       adjacent domains.


Non-adjacent domain documents are only required to specify routing restrictions to a
non-adjacent domain. However, to simplify addressing on messages destined for a non-
adjacent domain, it's useful to have a Non-adjacent domain document for that domain.
Without a Non-adjacent domain document in the Directory, the Router has no defined
routing path to the non-adjacent domain. The Router can transfer a message to the non-
adjacent domain if the recipient address uses explicit path routing
(User@AdjacentDomain@NonAdjacentDomain), but cannot transfer a message with a
simple domain address (User@NonAdjacentDomain). When explicit addressing is used
the Router uses the Connection documents between domains to calculate the path to the
next-hop domain.

But when a Non-adjacent domain document is available, the Router obtains intermediary
domain information from that document. This eliminates the need for users sending mail
to a non-adjacent domain to use complex, explicit addressing. Thus, if domain A has a
Non-adjacent domain document for domain C, when Kathy Burke in domain A sends
mail to Robin Rutherford in domain C, she uses the address Robin Rutherford@C (rather
than Robin Rutherford@C@B). Because the Router finds the intermediate domain
information in the Non-adjacent domain document, the message is transferred
successfully to domain C by way of domain B.

Using Non-Adjacent domain documents to restrict mail

Using Non-adjacent domain documents to simplify addressing makes them valuable
enough. But Non-adjacent domain documents play another equally significant role.
Although they are not strictly required to enable routing between non-adjacent domains,
they are needed if you want to restrict routing of messages from certain domains.

By default, any domains that can route mail to your domain can also route mail to the
destination domains named in a Non-adjacent domain document. Mail routed from one
domain to another through your domain consumes your network resources. To prevent
your servers from being used to transfer mail between other domains, you can selectively
allow and deny mail routing through your domain.

The Allow and Deny fields on the Restrictions tab of the Non-adjacent domain document
let you control the flow of messages from other domains to the non-adjacent domain.
Entries in these fields must be the names of adjacent domains; the Router ignores entries
for non-adjacent domains beyond the previous hop. If you deny a domain from sending
mail through your domain, the Router denies all mail received from that domain,
including messages the domain may have passed on from another, non-adjacent domain.
The "Deny mail from domains field" in a Non-adjacent domain document does not block
messages that use explicit domain addressing, that is, addresses that explicitly name
every domain on the routing path. A Non-adjacent domain document can only block mail
that relies on information in the Non-adjacent domain document to supply the name of a
a missing intermediate domain. If the entire routing path is contained in the recipient
address, the Router doesn't need to check the document to determine where to route the
message, and thus cannot block it. For example, if in the previous example, the
administrator in domain B creates a a Non-adjacent domain document for domain D and
adds domain A to the Deny mail from domains field. Kathy Burke in domain A can still
send mail to Judy Kaplan in domain D by specifying the following explicit domain
address: Judy Kaplan@D@C@B.

To prevent Kathy Burke from sending this message, the administrator in Domain B
would have to create an Adjacent domain document for domain C that names domain A
in the Deny mail from domains field.

The settings in the Allow and Deny fields work in conjunction with the Allow and Deny
fields on the Router/SMTP - Restrictions and Controls - Restrictions tab of the
Configuration Settings document. In the event of any conflict between settings, Domino
applies the most restrictive entry.

Messages may be further restricted by Adjacent Domain documents, Non-adjacent
Domain documents, and Configuration Settings documents set up between domains along
the routing path.

To create a Non-adjacent domain document
1. From the Domino Administrator, click the Configuration tab and then expand the
Messaging section.

2. Choose Domains.

3. Click Add Domain to create a new Domain document.

4. On the Basics tab, complete these fields:

Field                Enter
Domain type          Choose Non-adjacent domain
Mail sent to domain The name of the non-adjacent Domino domain you want to route
                    mail to.
Route through        The name of the intermediary Domino domain through which you
domain               want to route mail for the destination domain. The current domain
                     must have a Connection document to this domain.

                     Also, the Domino Directory in the intermediary domain must have a
                     Connection document to the destination domain.
Domain description An optional description of the domain

5. Click the Restrictions tab, complete one or both of these fields, and then save the
document:

Field                Enter
Allow mail only      Enter the names of Domino domains adjacent to the current domain
from domains         that are allowed to route mail to this non-adjacent domain.

                     Leave this field blank to allow any domain to route mail through the
                     local domain to the non-adjacent domain.
Deny mail from       Enter the names of Domino domains adjacent to the current domain
domains              that are not allowed to route mail to this non-adjacent domain.

                   Leave this field blank to allow any domain to route mail through the
                   local domain to the non-adjacent domain.
       Note You cannot use wildcards in the Restrictions fields. You must enter explicit
       domain names.

6. Create a Connection document to specify how servers in the current domain connect to
the intermediary adjacent domain.

Note Since, by definition, all servers in a domain use the same Domino Directory, only
one Non-adjacent domain document is required for each non-adjacent domain. You do
not have to create a separate document for each server.



11) What is the Foreign Domain Document?

http://www.codestore.net/help/help6_admin.nsf/0/d9e9410025f7d41f85256c1d0039531a
?OpenDocument


                                                                                     MAIL


Setting up routing to external application gateways
Domino treats external messaging applications, such as fax or pager gateways, as foreign
domains. To route mail from a Domino domain to an external application, create a
Foreign domain document.

Creating a Foreign domain document
A Foreign domain document defines the path between a Domino domain and an external
application, such as a fax or pager gateway. A Foreign domain document identifies the
Domino server that acts as the gateway to the external application.

Applications such as X.400 and cc:Mail use their own specialized versions of the Foreign
domain document to direct the messages through a message transfer agent (MTA). For
more information about MTAs, see the documentation for the specific MTA.

Although Foreign domains are mostly used for third party applications, you can also use
them to transfer messages between a Release 5.0 or later server and a Release 3.x SMTP
server.

Restrictions that you set on this Foreign domain document apply only to the From
domain of the previous hop. These restrictions work in conjunction with those in the
Configuration Settings document. Domino always defaults to the most restrictive entry.

To create a Foreign domain document

1. From the Domino Administrator, click the Configuration tab and then expand the
Messaging section.

2. Choose Domains.

3. Click Add Domain to create a new Domain document.

4. Click the Basics tab, and complete these fields:

Field                     Enter
Domain type               Choose Foreign domain.
Foreign Domain Name       The domain name of the foreign mail system. This name was
                          chosen when the MTA or gateway was installed.
Domain description        An optional description of the gateway or MTA.

5. Click the Restrictions tab, and then complete these fields:

Field                     Enter
Allow mail only from      The names of Domino domains that are allowed to route
domains                   messages to this foreign domain. Leave this field blank to allow
                          any domain to route mail through the local domain to the
                          foreign domain.
Deny mail from            The names of Domino domains that are not allowed to route
domains                   messages to this foreign domain. Leave this field blank to allow
                          any domain to route mail through the local domain to the
                          foreign domain.
6. Click the Mail Information tab and complete these fields, and then save the document:

Field                    Enter
Gateway server name      The name of the Domino server running the gateway software.
Gateway mail filename The gateway's mail file name. See the documentation that came
                      with the gateway for the proper file name.

7. Create a Connection document to specify how servers in the current domain connect to
the foreign domain.



12) What is the Foreign SMTP Domain Document?

http://www.etf.europa.eu/help/help65_admin.nsf/f4b82fbb75e942a6852566ac0037f284/8
f4313d03868fddc85256dff004b1a57?OpenDocument


                                                                                   MAIL

Overview of routing mail using SMTP
By default, Domino uses the Notes routing protocol to transfer mail between servers. You
can configure Domino to use SMTP to route mail instead of or in addition to using Notes
routing.

Message transfer over SMTP routing is performed as a point-to-point exchange between
two servers. The sending SMTP server contacts the receiving SMTP server directly and
establishes a two-way transmission channel with it. To send a message over SMTP:

1. The sending server checks the recipient's address, which is in the format
localpart@domain, and looks up the domain in the Domain Name System (DNS).

2. DNS returns the Mail Exchanger (MX) record for the domain, indicating the IP address
of the servers in the domain that accept mail over SMTP.

3. The sending server connects to the destination server over TCP/IP, establishes an
SMTP connection on port 25, transfers the message, and closes the connection.

Enabling SMTP on the Domino server

Domino supports sending and receiving mail over SMTP by means of the SMTP listener
task and SMTP Router, respectively, each of which you enable separately. The SMTP
listener task handles incoming SMTP connections and delivers messages received over
those connections to MAIL.BOX. It does not handle subsequent delivery or transfer of
those messages. You configure the SMTP listener task for receiving mail on the Basics
tab of the Server document. For more information about configuring Domino to receive
SMTP mail from other servers in your organization and/or from the Internet over SMTP,
see the chapter, "Setting Up Mail Routing."

The Router task for SMTP is the same Router task that handles Notes routing. When a
message in MAIL.BOX requires transfer to another server, the Router determines where
to send it and whether to send it over Notes routing or SMTP.

By default, SMTP is disabled. To configure Domino to use SMTP to send mail, you must
change settings on the Router/SMTP-Basics tab of the Configuration Settings document.
You can configure Domino to use SMTP when sending mail to destinations:

      Outside the local Internet domain
      Within the local Internet domain


How the Router determines when to use SMTP

On servers that support both SMTP and Notes routing, each time the Router detects a
new message in MAIL.BOX, it chooses the protocol by which to transfer the message.
The routing decision is based on the message's address and format, and whether the
server is configured to send SMTP within the local Domino domain, outside the local
Internet domain, or both.

Using SMTP to send mail to local domain addresses

Enabling SMTP within the local Domino domain allows the Router to consider SMTP as
an alternative routing protocol when transferring mail to another Domino server in the
same Domino domain. When configuring servers to send SMTP within the local Domino
domain, you have the following options:

      SMTP allowed for MIME messages only - If the destination is a Domino server
       running the SMTP listener and the message deposited in MAIL.BOX is already in
       MIME format, the Router sends it using SMTP. Messages in Notes rich text
       format are sent over Notes routing.
      SMTP allowed for all messages - If the destination is a Domino server running the
       SMTP listener, the Router always uses SMTP when transferring a message to
       another Domino SMTP host, regardless of the message's current format. If a
       message deposited in MAIL.BOX is in Notes format, the Router converts the
       messages to MIME before sending.


When the Router picks up a message in MAIL.BOX, it reads the address to determine
whether the recipient is in the local domain. If the recipient is local, the Router looks in
the ($Users) view of the Domino Directory for a Person document containing that
address. If SMTP is allowed within the domain and the message format matches the
format specified in this setting, the Router uses TCP/IP to connect to the destination
server, establishes an SMTP connection, and transfers the message.

By default, enabling SMTP within the local Domino domain allows the Router to use
SMTP to transfer mail to any other Domino SMTP host in the same Domino domain.
You can restrict the use of SMTP within the local domain so that SMTP is allowed only
for message transfers that take place between servers in the same Domino named network.
To set this restriction, use the field "Servers within the local Domino domain are
reachable via SMTP over TCPIP" on the Router/SMTP - Basics tab of the Configuration
Settings document.

If the receiving server is running the SMTP listener, servers configured to send SMTP
within the local Domino domain always use SMTP to send MIME messages to
destinations within the same Domino named network. For messages in Notes format, the
Router sends SMTP only if the server is configured to send all messages over SMTP.

Sending SMTP outside the local Internet domain

Enabling Domino to send SMTP to external Internet domains allows the server to transfer
outbound Internet mail either directly to a host in the receiving domain or indirectly to an
Internet host.

If a message in MAIL.BOX has a recipient address that contains an @ sign and a domain
part (the part of the address to the right of the @ sign) that does not resolve to the local
Domino domain, the Router identifies the message destination as non-local. A non-local
address can be an RFC 821 Internet address (where the domain part contains a period and
is in the form localpart@org.domain) or an address in another Domino domain (including
Foreign domains such as a pager or fax gateway).

To determine whether an Internet address is local, the Router checks whether the domain
part of the address matches any of the local Internet domains defined in the Global
Domain document in the Domino Directory. Local Internet domains include any domains
listed in the Local primary Internet domain and Alternate Internet domain aliases fields in
the Global Domain document. If there is no Global Domain document, the Router
compares the domain in the recipient's address to the server's host name. For example, if
the message is addressed to jdoe@mailhost3.acme.com and the Router is on the server
mailhub.acme.com, the Router knows that the recipient is in the local Internet domain.

Connecting the Domino mail system to the Internet

Because Domino routes mail using the Internet-standard SMTP routing protocol, it's easy
to configure the Domino system to send and receive mail from external Internet domains.
For outgoing mail you can use a gateway routing architecture in which only designated
servers use SMTP to route mail to external domains, or you can enable all mail servers to
use SMTP to route mail to external domains. For inbound mail, you need to decide how
to route mail coming in to your Internet domain from a firewall to Domino servers. How
you set up inbound mail depends on whether your organization uses a single Internet
domain name or multiple names and on the distribution of your servers.

For information on connecting Domino to the Internet, see the topics Preparing to send
and receive mail to the Internet and Routing mail to external Internet domains.

Using a relay host

A relay host is an SMTP server or firewall that connects to the Internet and forwards, or
relays, inbound or outbound Internet mail. A relay host can also be a DNS name that
maps to multiple MX records. To configure Domino to use a relay host, you use two
fields on the Configuration Settings document of the sending server. Add the relay's DNS
or host name to the "Relay host for messages leaving the local Internet domain" field and
enable "SMTP used when sending messages outside of the local Internet domain."

Note R4 SMTP MTA servers use the relay host specified in the SMTP Connection
document.

Using Notes routing to transfer outbound Internet mail to an SMTP server

On internal Domino servers that do not use SMTP to route mail, Domino uses Notes
routing to transfer outbound Internet messages to a Domino SMTP server, which then
transfers the messages to the Internet, either directly or through a relay host. To configure
servers that use Notes routing to transfer Internet mail to a Domino SMTP server requires
use of a Foreign SMTP Domain document and an SMTP Connection document.


                                                                                      MAIL

Enabling a server to receive mail sent over SMTP routing
To set up a server to receive SMTP-routed messages, you must enable the SMTP
Listener. Then the server can "listen" for SMTP traffic over the TCP/IP port (usually port
25) and receive SMTP messages in the MAIL.BOX database(s).

Enabling the SMTP listener causes the server SMTP task to start up automatically every
time the server starts. Disabling the SMTP listener prevents the SMTP task from starting
up when the server starts.

Note Do not add SMTP as a task to the task list in the NOTES.INI file or this feature will
not work.

To enable or disable the SMTP Listener

1. From the Domino Administrator, click the Configuration tab and then expand the
Server section.
2. Select the Server document to be edited it and then click Edit Server.

3. On the Basics tab, complete these fields:

Field                  Enter
Fully qualified        The server's complete combined host name and domain name,
Internet host name     including the top-level domain. For example, smtp.acme.com; smtp
                       is the host name; acme is the second-level domain; and .com is the
                       top level domain.

                       In the absence of a Global Domain document, the Router uses the
                       entry in this field to determine the local Internet domain. Typically,
                       the fully qualified host name is added to the Server document
                       during server setup or by the Administration process (AdminP). A
                       routing loop can result if this field does not contain a valid entry.
SMTP listener task     Choose one:

                              Enabled to turn on the Listener so that the server can
                               receive messages routed via SMTP routing
                              Disabled (default) to prevent the server from receiving
                               messages routed via SMTP routing


4. Click the Ports - Internet Ports - Mail tab.

5. In the Mail (SMTP Inbound) column, ensure that the TCP/IP port status is set to
Enabled, and then click Save and Close.




13) What is the Global Domain Document?

                                                                                      MAIL


How Domino uses Global domain documents during inbound and outbound SMTP
routing
When Domino receives an inbound SMTP message, it attempts to determine whether the
message is for a local recipient. When the Domino Directory does not include a Global
Domain document, Domino accepts only messages addressed to users in the same
Internet domain as the server, as indicated in the Fully-qualified Internet host name that
appears in the Server document.
But if the Domino Directory includes a Global domain document, Domino can receive
mail for multiple Internet domains. To determine whether to accept a message, Domino
compares the domain part to the local primary Internet domain listed in the Global
domain document. If it does not find a match in this field, it examines the secondary
Internet domains -- the "alternate Internet domain aliases" -- listed in that document.

The role of Global domain documents in determining whether to accept inbound
SMTP mail

If the Domino Directory contains multiple Global domain documents, Domino uses a
similar process to determine whether a recipient is local: it first checks the primary
Internet domain in each Global Domain document, and then, if it still hasn't found a
match, it continues by checking the alternate Internet domains. If the domain in the
address does not match any of the domain entries in any Global domain document, the
message is considered an attempt to relay, and Domino rejects the message.

Inbound address lookup when the Domino Directory contains multiple Global
Domain documents

After Domino accepts a message, the Router attempts to match the recipient's Internet
address to an entry in the Domino Directory. When looking up the recipient in the
Domino Directory, if the domain suffix in the address matches an alternate Internet
domain aliases defined in a Global Domain document, and no Person document includes
this address, the Router performs a secondary lookup. In this secondary lookup, the
Router pairs the local part of the address with the domain suffix of the primary Internet
domain specified in the Global domain document.

For example, a server receives a message for craig_bowker@acmewest.com. The Router
searches all of the Person documents in the Domino Directory for this Internet address,
but cannot find a match. However, in the Domino Directory, there is a Global domain
document that includes the domain suffix acmewest.com as an alternate Internet domain
alias. In this same Global Domain document, the primary Internet domain is acme.com.
After the primary lookup fails, Domino performs a secondary lookup, using the address
craig_bowker@acme.com. Domino performs secondary lookups only if the Router is
configured to perform fullname, or fullname, then local part lookups.

In cases where the Domino Directory contains multiple Global domain documents, and a
secondary lookup is required, when replacing the domain suffix in the original address
with the domain suffix of the primary Internet domain, the Router only considers Global
domain documents that list the alternate Internet domain alias. That is, Domino always
replaces the domain suffix from within a given document; it never replaces an alternate
domain listed in one document with a primary domain from another document.

To prevent the Router from using domain aliases when looking up addresses, do not
include alternate Internet domain aliases in a Global domain document. Instead, create
multiple Global Domain documents, each specifying a different primary Internet domain.
Controlling outbound addresses construction with multiple Global domain
documents

When the Domino Directory contains a single Global Domain document, the address
construction rules in that document determine how a server forms the sender's address in
an outbound SMTP message. However, if the Domino Directory contains multiple Global
Domain documents, when constructing the sender's address, Domino uses the Internet
domain specified in the Server document and the address construction rules defined in the
Global Domain document listed last, alphabetically, in the directory. If you want Domino
to form the sender's outbound address from the primary Internet domain and the address
construction rules contained in a particular Global domain document, designate that
document as the default Global Domain document.

Designating a default Global domain document

When there are multiple Global Domain documents in the Domino Directory, designate
one as the default so that when a servers construct a sender's outbound Internet address,
the addresses created are based on the primary Internet domain and address construction
rules specified in the designated document.

1. From the Domino Administrator, click the Configuration tab and then expand the
Messaging section.

2. Choose Domains, and click Global Domain

3. Select the Global Domain document you want to designate as the default and click Edit
Domain.

4. On the Basics tab, complete following field, and then click Save & Close:

Field                          Enter
Use as default Global          Select Yes to designate this Global Domain document as
Domain (for use with all       the default Global domain for this Domino Directory.
Internet protocols except
HTTP)



14) Difference between Domino and Domain?
15) How many ways to open Notes.ini?
16) Difference between ACL and ECL?
17) Difference between R5 and R6?


Differences between Domino R5 and Domino R6
The following options are different for Domino R5 and Domino R6:
Domino R5
The "Access Server", "Run restricted Java/Javascript/COM" and "Run unrestricted
Java/Javascript/COM" lists in the Security Section of the Server Document must contain
the name of the Internet user. Using the Lotus Domino Administrator 5 client you can
enable this option by clicking the "Configuration" tab, then "Server / Current Server
Document" and then the "Security" tab. On the "Security" tab in the "Server Access"
section there is the "Access Server" list, in the "Java/COM restrictions" section are the
"Run restricted Java/Javascript/COM" and "Run unrestricted Java/Javascript/COM" lists.
Add to these three lists the name of the Internet user.
Domino R6
The "Run unrestricted methods and operations" list on the Security tab of the Current
Server Document must contain the Internet user name. Using the Lotus Domino
Administrator 6 client you can enable this option by clicking the "Configuration" tab,
then "Server / Current Server Document" and then the "Security" tab. On the "Security"
tab in the "Programmability Restrictions" section there is the "Run unrestricted methods
and operations". Add to this list the name of the Internet user.



18) What is the NRPC? What is Port number?

Notes remote Procedure call … Port Number 1352

10) What are the port numbers for SMTP, POP3, IMAP, HTTP, LDAP and SSL?

11) Difference between Replace and Refresh?

http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21097253

Problem
What are the differences between Replace Design and Refresh
Design?

Note: This information applies to all versions of Notes R3, R4, and
R5 and 6.

Cause


Solution
There are a few key differences between Replace Design and
Refresh Design.

First, Replacing the Design of a database will remove all design
elements in a database and replace them with those from a new
template. This process also resets the Database properties
(specifically the Database properties you see on the Design tab in the
InfoBox (a.k.a. Properties Box) when you select File, Database,
Properties.) In contrast, Refresh Design will use this information to
do essentially the same job with the design elements, but the Design
properties of the database will not change. Refresh Design is the
process which runs every night on the server by default (Design
server task).

Second, Refresh Design will not give an option to select a new
template. You can only select a different server to use as a template
server for the Refresh process.

An important side note to this information involves the attribute, 'Do
not Allow Design Replace/Refresh To Modify.' This property of
specific design elements will prevent the Replace Design or Refresh
Design task from modifying the element. When the database as a
whole inherits its design from a template, all new design elements
will have this option selected by default. In contrast, if the database
as a whole does not inherit its design from a template, all new
design elements will have this option deselected. This is important
because if the database property is changed, the design element
property is not changed. It is also possible for a single design
element to inherit its design from a different template than the
database as a whole.

Supporting Information:

Design-Refresh details:

- Design Refresh locates the template the database is based on by the
template name (you can determine the template name by checking
the Design tab in the InfoBox for Database properties. Select File,
Database, Properties and switch to the Design tab, which is 4th tab
from the left).
- It scans both the database and the template for design elements.
Design elements are considered to be corresponding versions based
on the $TITLE field of the design note.
- If there are Design elements in the database that do not have a
corresponding element in the template, these design notes are
deleted in the database.
- If there are Design elements in the template that do not have a
corresponding element in the database, these design notes are added
to the database.

Additionally:
- If there is a Design element in the database which has a Design
element of the same name in the Template, first the sequence times
are compared to check the revisions.

In case there is no difference -> skip Design Element.
Given the Sequence time of the Template is different -> update
Design Element

Actually when updating the design element it checks whether there
really are changes to the Design element, for example, by looking in
the $AssistVersion field of an agent. In case there is no difference
the update is only logged but not done/executed. Whenever you
apply changes to an agent using the Notes Client, even changes of
the aliases in the Title, the $AssistVersion field is updated.

Notes:

- This does not apply to private views or folders that are stored in the
client's Desktop.dsk file.

- Design Refresh does not use the Universal IDs of the Design
elements, but only names and aliases to identify what to
update/add/remove.

- The Designer Task has an issue customers should be aware of; for
more information refer to the document "Load Design Server Task
Only Refreshes Databases the First Time" (#162622 ) .

Design-Replace details:

The only difference from Design-Refresh is that first the template
name the database is inherited from is changed to the new one. After
this a regular design refresh runs. This means:

- The existing Design notes are not swept from the database in the
first step. In case there are Design elements of the same name, these
are "updated" using the logic described above.

What if you have duplicate design elements in your database?
Does Designer remove one of these?

This might happen when replicating the templates and/or databases
containing design elements that do have the same Title but different
universal ID.

Unfortunately, neither the Design task nor Design - Replace or
Design - Refresh detect this. They update only the first design note
found having the same title in the template. The other design note is
left untouched. One must manually remove the obsolete design
element from the database or replace the design.

Additionally:

A design element may be inherited from a different template than
specified in the Database properties. You will find this on the Design
tab in the properties of the design element itself. When doing a
Design Refresh these are taken from the appropriate database.

Related Documents:

Load Design Server Task Only Refreshes Databases the First Time
Document #: 1093752 (162622)

Replacing R5 Design with Template Having Hidden Design Does
not Delete Existing Design Elements
Document #: 1087252 (171851)

"Inherit Design from Template" Option Unchecked After User Is
Renamed Using AdminP
Document #: 1092014 (164002)

Refresh Design Does not Replace Design Elements which Have
Been Modified in the Db
Document #: 1156429

Related Old Product Document:
Which Mail Template Is Used when Registering a New Notes User?
Document #: 148470



12) Difference between Updall and Update?


Database Indexing

       Indexing

View indexes are used to display the list of documents in a database. They are created
automatically, and are kept up to date by the system UPDATE task. This means that if
you create a new document, it will not appear on the index until the UPDATE task runs,
or you run an update manually.
Full-text indexes are used to speed up document searches. Full-text Indexes are created
manually, and are also maintained automatically by UPDATE, or by manually forcing an
update. Indexes are not replicated across servers, so each replicated copy of a database
needs a full-text index defined.

If you want to update a specific database full-text index, Select Files tab for the required
database, then
Tools - Database - Full Text Index - Update - OK
Indexes are updated automatically by the UPDATE task. You set the frequency of update
in the same panel. Options are

      Daily
      Hourly
      Immediate
      Scheduled (by UPDALL server task)

To create a full-text index, select the files tab, then select Tools - Database - Full-text
Index and follow the instructions on the screen.
If you index an encrypted field, other users may be able to read the encrypted text
without the encryption key.

Full-text indexes are stored in a subdirectory, which is in the same directory as the main
database. The subdirectory will be called databasename.ft If an index becomes corrupt
then do not delete the subdirectory manually, but use the Index tool described above to
delete it.

You can also search multiple databases using a Multiple database index for example
srchsite.ntf, define the search scope by specifying which databases to include then
Select Files - Tools - Database - Multi-database Index
Follow the instructions shown to create a full-text index for the Search-Site database

       UPDATE and UPDALL tasks

UPDATE is usually scheduled to run continuously on the server, UPDALL will be
scheduled to run overnight, and can also be run on demand. The main differences
between them are

      UPDALL will refresh the full-test indexes on all databases, UPDATE only
       refreshes those which are set to immediate or hourly
      UPDALL will purge deletion stubs
      UPDALL can be run manually with options
      UPDALL will delete unused view indexes

To run UPDALL (maybe to fix a corrupt index), enter the command
 LOAD UPDALL PATH OPTIONS

from the server console. PATH is the pathname to the database or databases you want
refreshed. Options include

      -F only update full-text indexes
      -V only update views
      -X only rebuild views
      -R rebuild both full-text indexes and view indexes. Use carefully, it will use loads
       of resource

There are loads of other options, which restrict the actions depending on database refresh
settings.



13) Difference between compact and fixup?


Problem
How can a Domino administrator view the UPDALL, FIXUP, and COMPACT
options from the Domino server console?

You do not have access to client Help files as the server is in a secure area and no
client is available, and you need to find information about the different options for
Updall, Fixup, and Compact.

Solution
To display online Help information for these commands, you enter the command
followed by a hypen and question mark (-?). Examples of the complete command to
enter and the output are below.

Issue the command "load updall -?" at the Domino server console to get following
output:
Similarly, the commands you issue to see the online help text for the other tasks are
as follows:
        load fixup -?
        load compact -?

For more information on the Load command, see the section titled "Load" in the
Domino Administrator Help.




14) What is the transaction logging? How many types are there for Transaction logging?
How do you disable transaction logging?

15) What are the features in R6?




  Microsoft Word
     Document




16) What is Minimum configuration and Maximum configuration for Domino?
17) How do you monitor the server?
18) How do you replicate the address book from location to another location?
19) What are the necessary files for backup?
20) How many partitions can support domino?


                                                                        INSTALLATION
Partitioned servers
Using Domino server partitioning, you can run multiple instances of the Domino server
on a single computer. By doing so, you reduce hardware expenses and minimize the
number of computers to administer because, instead of purchasing multiple small
computers to run Domino servers that might not take advantage of the resources available
to them, you can purchase a single, more powerful computer and run multiple instances
of the Domino server on that single machine.

On a Domino partitioned server, all partitions share the same Domino program directory,
and thus share one set of Domino executable files. However, each partition has its own
Domino data directory and NOTES.INI file; thus each has its own copy of the Domino
Directory and other administrative databases.

If one partition shuts down, the others continue to run. If a partition encounters a fatal
error, Domino's fault recovery feature restarts only that partition, not the entire computer.

For information on setting up fault recovery, see the topic Fault recovery.

Partitioned servers can provide the scalability you need while also providing security. As
your system grows, you can migrate users from a partition to a separate server. A
partitioned server can also be a member of a cluster if you require high availability of
databases. Security for a partitioned server is the same as for a single server.

When you set up a partitioned server, you must run the same version of Domino on each
partition. However, if the server runs on UNIX®, there is an alternative means to run
multiple instances of Domino on the server: on UNIX, you can run different versions of
Domino on a single computer, each version with its own program directory. You can
even run multiple instances of each version by installing it as a Domino partitioned server.

For more information, see the topic Installing Domino on UNIX systems.

Deciding whether to use partitioned servers

Whether or not to use partitioned servers depends, in part, on how you set up Domino
domains. A partitioned server is most useful when the partitions are in different Domino
domains. For example, using a partitioned server, you can dedicate different Domino
domains to different customers or set up multiple Web sites. A partitioned server with
partitions all in the same Domino domain often uses more computer resources and disk
space than a single server that runs multiple services.

When making the decision to use partitioned servers, remember that it is easier to
administer a single server than it is to administer multiple partitions. However, if your
goal is to isolate certain server functions on the network -- for example, to isolate the
messaging hub from the replication hub or isolate work groups for resource and activity
logging -- you might be willing to take on the additional administrative work. In addition,
               running a partitioned server on a multiprocessor computer may improve performance,
               even when the partitions are in the same domain, because the computer simultaneously
               runs certain processes.

               To give Notes users access to a Domino server where they can create and run Domino
               applications, use a partitioned server. However, to provide customers with Internet access
               to a specific set of Domino applications, set up an xSP server environment.

               Deciding how many partitions to have

               How many partitions you can install without noticeably diminishing performance
               depends on the power of the computer and the operating system the computer uses. For
               optimal performance, partition multiprocessor computers that have at least one, and
               preferably two, processors for each partition that you install on the computer.


               21) How many cluster servers can support domino?



               Workload balancing with Domino clusters

Level: Advanced                                                                                            Document options
Michael Kistler, Senior Software Engineer , Software Solutions Division
01 Dec 1997
                                                                                                              Print this page
This article explores some of the common approaches to workload balancing available to Domino
                                                                                                              E-mail this page
administrators, with special emphasis on the server workload balancing capabilities of Domino
                                                                                                              Document
Advanced Services' clustering feature.
                                                                                                              options requiring
Many customers today are looking for ways to make their Domino servers highly available.
                                                                                                              JavaScript are not
Domino clustering satisfies this need by providing failover of databases and server facilities to
                                                                                                              displayed
other servers in the cluster. This is an important capability, but it has been covered by a number of
other articles, most notably the articles, "Lotus Domino Advanced Services: High Availability
Powered by Notes" and "Notes.Net exposed: Using Domino clusters for your Web site."                        Rate this page
Another key requirement for customers using Domino for enterprise-class, business-critical
applications is scalability. Basically, scalability is the ability to add computing power to an               Help us improve
existing system in a seamless fashion. A key aspect of scalability is workload balancing, which is            this content
the ability to distribute workload to the available computer resources in a way that maximizes the utilization of these
resources. Workload balancing is not new to Domino. There are a number of mechanisms a Domino administrator can use to
balance workload across a set of Domino servers. The clustering feature of Domino Advanced Services takes workload
balancing a giant step forward by enabling you to scale your Domino installation in a way that is relatively transparent to
end users.
Many of the platforms that support the Domino server also provide some form of built-in clustering support. In particular,
there has been considerable attention paid to the newly introduced Microsoft Cluster Server (code named "Wolfpack").
While these OS-level clustering solutions have some distinct benefits, most provide support only for application failover, no
workload balancing. In particular, the Microsoft Cluster Server will not support workload balancing until its "phase two"
release, which isn't expected until late 1998 at the earliest. Therefore, customers looking to build truly scaleable Domino
installations need to strongly consider Domino clustering.
This article will explore some of the common approaches for workload balancing available to Domino administrators, with
special emphasis on the server workload balancing capabilities in the clustering feature of Domino Advanced Services.
Workload balancing in Domino
Domino administrators can use a number of techniques for balancing workload across servers in a Domino domain. Two of
the most effective techniques are:

      Allocating users and applications to servers. The administrator can assign users to home servers in a way that spreads
       the load across this set of servers. Similarly, the administrator can spread applications (databases) across a set of
       servers, and create replicas when necessary, to spread the application load across a set of servers.
      Setting the maximum number of users for a server. Through a Notes.ini setting, Server_MaxUsers, the administrator
       can specify the maximum number of user sessions allowed on a server. When the server reaches this limit, it rejects
       requests for additional sessions until the number of sessions again falls below the Server_MaxUsers value.

These techniques work on any Domino server, whether or not it is part of a Domino cluster. While these techniques are
generally effective, they are somewhat static and coarse grained. The real advantages come when you use Domino clusters
for workload balancing.
In Domino clustering, server workload balancing allows heavily-used servers to pass requests to other cluster servers. This
form of workload balancing is dynamic, fine grained, and generally transparent to the user, which means that work can be
evenly distributed across the servers in the cluster. Clusters let you grow your system as the number of users you support
increases. You can distribute user accounts across clusters and balance additional workloads to optimize system
performance. You can create multiple database replicas to maximize data availability and move users to other servers or
clusters as you plan for future growth.


                                                                                                                      Back to top

Overview of workload balancing in Domino clusters
The Domino server and Notes client work together to provide workload balancing. When running as part of a cluster, the
Domino server constantly monitors its own workload. To measure the workload, the Cluster Manager process on the server
monitors the average response time of a representative set of server operations initiated by Notes clients (network time is no
considered). The Cluster Manager also polls all the other servers in the cluster to determine their workload. When the
workload on a server exceeds a certain level designated by the administrator, the server becomes "busy," and the Domino
server rejects subsequent database open requests until the workload falls back below the specified level.
When the cluster-aware client (Notes R4 or later) tries to access a database on a busy server, it receives an error code
indicating the server is busy. The client then contacts the Cluster Manager on one of the servers in the cluster. (Whenever
the client accesses a server that is a member of a cluster, it stores a list of servers in the cluster in a persistent cache.) The
Cluster Manager uses the Cluster Database Directory (CLDBDIR) to determine which other servers in the cluster have
replicas of the database being requested, and then selects the least heavily loaded of these servers to handle the client
request. The client then reissues the open request to this server. Note that this target server could be the same as the original
server. On this second request, the open will succeed even if the target server is busy.

Figure 4. Workload balancing animation
Similar to failover, an icon for the new database will appear in the workspace, either stacked on top of the original icon or in
a free area on the same workspace page as the original icon.
Workload balancing can be triggered in a wide variety of situations, such as:

      A user double-clicks on a database icon in the workspace.
      A user tries to launch a doclink, view link, or database link that is connected to a server that is busy.
      A user activates a field, action, or button that contains an @Command(FileOpenDatabase) formula and the specified
       server is busy.
      A LotusScript routine issues a DB.OPENWITHFAILOVER call to open a database on a server that is busy.
      An agent written in Java issues an openDatabase method with the failover parameter set to True for a database on a
       server that is busy.
      A C API program issues an NSFDbOpenExtended call to open a database on a server that is busy.



                                                                                                                       Back to top

Distribution of databases in the cluster
In a cluster, the distribution of users and databases takes on a new importance. When a server in the cluster fails, user
requests are automatically redirected to other servers in the cluster. Ideally, this load should be spread equally across all
other servers in the cluster. However, this can only happen when replicas of the databases on the failed server are spread
roughly equally across the other servers in the cluster.
An example can illustrate this best. Suppose you have 1200 mail users that you want to put on a cluster with four servers. To
start, you will probably allocate 300 users to each server. Now, to give these users high availability to their mail databases,
you want to create a replica of each user's mail file on another server in the cluster. You might take all users on Server 1 and
put a replica of their mail file on Server 2. This is not a good idea. If Server 1 fails, all 300 of its users will be redirected to
Server 2. Servers 3 and 4 will not absorb any of this failover load, because the necessary databases are only available on
Server 2.
Clearly, a better approach is to spread the replicas for Server 1's users across the other three servers. If these are spread
evenly -- that is, 100 of Server 1's users on Server 2, 100 on Server 3, and 100 on Server 4 -- a failure of Server 1 should
result in a roughly equal increase in workload for the other three servers in the cluster.

Figure 1. Mail user distribution across four servers




                                                                                                                    Back to top

The server availability index
As mentioned above, each server in a cluster periodically determines its own workload, based on the average response time
of requests recently processed by the server. The workload on the server is expressed as the server availability index, which
is a value between 0 and 100, where 100 indicates a lightly loaded server (fast response times), and 0 is a heavily loaded
server (slow response times). Despite the fact that the server availability index is a number between 0 and 100, it is not a
percentage. Some people think that a server availability index of, say 85, means that the server is 85% available. This is not
the case -- in fact, it is far from it.
The actual formula for determining the availability index is not described anywhere in the Notes publications. What I am
about to tell you is accurate for the Notes 4.5 and 4.6 releases, but may change in future releases. The server availability
index is closely related to a common performance metric called the expansion factor. The expansion factor is simply the
ratio of the response time for a function under the current load to the response time for this same function in an optimum
(light load) condition. So, for example, if the system currently takes 3 seconds to perform a database open, but could
perform the same database open in .3 seconds under optimum conditions, the expansion factor for this operation is 10. The
expansion factor for a set of operations can be computed as a simple weighted average. To compute the server availability
index, the Domino server computes the expansion factor for a representative set of Notes RPC transactions over a recent
time interval (roughly the last minute). The server availability index is then set to 100 minus this expansion factor.

Figure 2. Server availability index formula
Remember that the server availability index only considers the response time as measured at the server, which is typically
only a small portion of the overall response time as seen by clients. In particular, the network time between the client and
server often accounts for a significant portion of client response time. So a server availability index of 90 does not indicate
that the response time as seen by clients is ten times the optimal value -- only that the server processing of this request took
ten times longer than the optimal value.


                                                                                                                     Back to top

The server availability threshold
Now that you know how Domino measures server load, you are ready to configure the server to indicate when it is busy.
This is done with a Notes.ini setting called Server_Availability_Threshold. When Domino recalculates the server
availability index (approximately once a minute), it checks to see if the index is below the server availability threshold. If
the server availability index is less than the server availability threshold, the server is marked as busy. In other words, the
server availability threshold specifies the lowest value of the server availability index for which the server should be
considered to be available.
To set the server availability threshold, edit the Notes.ini file for the server and add the following:
Server_Availability_Threshold=<threshold value>
Or you can set the threshold from the Domino server console with the command:
Set Config Server_Availability_Threshold=<threshold value>
When set from the server console, the new threshold value takes effect immediately. When set by editing Notes.ini, the new
threshold value takes effect the next time the server is started.
The default value for the server availability threshold is 0, which means load balancing is effectively disabled. Specifying a
threshold value of 100 puts the server into the busy state regardless of its actual availability.


                                                                                                                     Back to top

Selecting the proper server availability threshold
As you have probably guessed, the server availability threshold is a key configuration setting for workload balancing.
Therefore, you should choose this parameter with some care. Setting the threshold too high can cause user requests to fail
unnecessarily. Setting the threshold too low can result in poor performance for some users that may have received better
service from another server.
One point I must stress is that workload balancing is not a solution for a general capacity problem. If your Domino servers
are struggling to keep up with the workload they have, and there aren't other available servers to handle the excess workload
enabling workload balancing will only exacerbate the problem. In other words, don't think that increasing the server
availability threshold will necessarily make your server more responsive. If there is nowhere else to send client requests,
they will continue to be handled by the busy server, and the process of looking for another available server for each request
will only worsen the workload on the server.
To determine the proper value for the server availability threshold, you should start by simply monitoring the server
availability index during periods of normal to heavy load. There are a number of ways to do this. One way is to use the built
in statistics monitoring of Domino (described in more detail later). If your server is running Windows NT, you can also use
the Windows NT Performance Monitor to monitor any of the Domino server statistics (see Maintaining the Domino System
for details on how to enable this feature). In particular, this gives you a way to graphically monitor the server availability
index (statistic Server.Cluster.AvailabilityIndex). I recommend you set the Update Time (under Chart/Options) to 60
seconds, since this is how often the Stats package (which is the source for this data) is updated.
It may seem natural to set the server availability threshold to the same value on all servers in the cluster. While this may be a
good rule of thumb, differences in hardware, operating systems, and levels of the Domino server can influence the server
availability index and thus the proper setting of the server availability threshold.
Once you have gathered some data on the range of typical values of the server availability index for a server, the next step is
to select an initial value for the server availability threshold. This should be a value toward the lower end of the range of
typical values. You should also consider how a server outage may impact server workload. If a server in the cluster fails, the
failover capability in Domino clustering will direct clients to other servers in the cluster. To allow for this case, you may
want to set the server availability threshold to allow some "extra" capacity to handle the failover workload. Note that the
extra capacity needed for failover depends on how many servers are in the cluster. For a cluster with just two servers, you
would need to allow for an almost 100% increase in workload in the event of a server failure. When there are six servers in
the cluster, each server would only need to handle roughly 20% increase in workload.
Once you've selected an initial value, configure this on the server and monitor its operations. Domino gathers a number of
statistics on cluster failover and workload balancing that you can use to monitor how well things are going. You can see
these statistics by using the Show Statistics server command at the server console. You can also report statistics to any
database designed for this purpose, although typically the database is the Statistics database (STATREP.NSF). The Collecto
or Reporter task creates the Statistics database automatically if you choose to report statistics to it and if it doesn't exist
already. Cluster statistics are available in the Statistics Report / Cluster view.
The statistics related to clustering all have the prefix "Server.Cluster". These are all documented in the Domino
Administration Help. Of particular interest when evaluating the workload balancing for a server are the following:




               22) What do you know about pass-through server?
               23) What is the CA?
               24) Difference between connection document and Program document?
               25) Difference between server document and configuration document?
               26) What are the tasks run server when clustering is started?
               27) Difference between Newcopy and replication?
               28) Difference between NNN and DNN?

               http://www.leadershipbynumbers.com/MS.nsf/d6plinks/BMMA-68MKMF


               29) What is the information is contain id file?

               Password
               Public KEY
               Private Key

               30) What is ISPY?
http://www.alise.lv/ALISE/technolog.nsf/0/e69349554888d8654225690600470d8c?Ope
nDocument

The Ispy Domino Server Task

Tēmas:Lotus Domino, Lotus Domino servera administrēšana


From "How You Can Use New Capabilities of Domino R5 and the
Administrator Client to Meet Administrative Service Level Agreements,"
by Dwight Morse, the Lotus product manager for Domino administration
and management, which originally appeared in the March/April 2000
edition of The View, http://www.eview.com.

In addition to Server probes, you can configure probes that monitor Mail
and Internet services in your network. The new Domino R5 server task,
Ispy, must be running in order for your Mail and Internet probes to work
(the Ispy task is not required for Server probes).

To enable the Ispy server task, add ISPY to the ServerTasks= line in the
server's NOTES.INI file. The ServerTasks parameter is not dynamic, so just
adding a task will not cause that task to start. To get Ispy to launch
immediately, start the task from the Administrator Client in the Server
Status tab, or type "Load ISPY" at the server console (or remote server
console). You'll still want to add Ispy to the NOTES.INI to ensure that it
launches every time the server does.

Configuring Mail Delivery Probes
You can set up a probe that monitors Mail delivery time in the same general
area of the Administration Client as you configure a Server probe, and in
much the same way. Mail probes are configured on the Configuration tab,
under Statistics & Events(alternatively, you can configure them right in the
Statistics & Events database). In the Administrator Client, click "Mail,"
then "New Mail Probe."

A mail probe measures the message delivery time from a specified server to
a particular user. This measurement allows you to keep tabs on how long it
takes new mail to get from point A to point B in your network, or to
monitor the delivery times of messages sent to important executives.

When configuring a Mail probe, it's a good idea to set up an event
notification if the response time goes beyond a desired threshold. You do
this the same way you did for the server response time. Notice that you can
set the probe interval for a Mail probe in the "Send interval" field. How
long you set this interval depends on how important it is to you and your
organization to get response time data. Keep in mind that Mail probes
initiate network traffic between servers. If bandwidth is a concern when
considering Mail response times, adding many probes will add to the
problem.

The statistics associated with Mail probes all start with the letters QOS,
which stand for "Quality Of Service." QOS is the first string in a group of
service level type statistics,
including the Internet services statistics that are created when you configure
TCP Server probes.



31) Difference between Public key and private key?

http://www.codestore.net/help/help6_admin.nsf/b3266a3c17f9bb7085256b870069c0a9/e
67d2b4b646d575985256c1d0039938a?OpenDocument


                                                                                 SECURITY


Encryption
Encryption protects data from unauthorized access. Using Notes and Domino, you can
encrypt:

      Messages sent to other users. Then an unauthorized user cannot read the message
       while it is in transit. You can also encrypt saved and incoming messages.
      Network ports. Encrypting information sent between a Notes workstation and a
       Domino server, or between two Domino servers, prevents unauthorized users
       from reading the data while it is in transit.
      SSL transactions. You can use SSL to encrypt information sent between an
       Internet client, such as a Notes client, and an Internet server, to prevent
       unauthorized users from reading the data while it is in transit.
      Fields, documents, and databases. Application developers can encrypt fields
       within a document, an entire document, and local databases. Then only the
       specified users can read the information.


For information on SSL encryption, see the topic Setting up SSL on a Domino Server.

For information on field, document, and database encryption, see Lotus Domino Designer
6 Help.

Public and private keys
For all types of encryption except network port encryption, Domino uses public and
private keys so that data encrypted by one of the keys can be decrypted only by the other.
The public and private keys are mathematically related and uniquely identify the user.
Both are stored in the ID file. Within the ID file, the public key is stored in a certificate,
but the private key is stored separately from the certificate. The certificate containing the
public key is also stored in the Domino Directory, where it is available to other users.

Domino uses two types of public and private keys -- Notes and Internet. You use the
Notes public key to encrypt fields, documents, databases, and messages sent to other
Notes users, while the Notes private key is used for decryption. Similarly, you use the
Internet public key for S/MIME encryption and the Internet private key for S/MIME
decryption. For both Notes and Internet key pairs, electronic signatures are created with
private keys and verified with public keys.

You can use one set of Internet public and private keys or you can set up Notes to use a
set of Internet keys for S/MIME signatures and SSL and another set for S/MIME
encryption.

For information on dual Internet certificates, see the topic Dual Internet certificates for
S/MIME encryption and signatures.

When you register a user, Domino automatically creates a Notes certificate, which
contains the user's public keys, and adds it to the ID file and the Domino Directory. The
private key is created and stored in the ID file. You can also create Internet public and
private keys after user registration. Domino stores Internet certificates, which contain
public keys, in the ID file and also in the Domino Directory. The Internet private key is
stored in the ID file, separately from the certificate.

To create Notes public and private keys, Domino uses the dual-key RSA Cryptosystem
and the RC2 and RC4 algorithms for encryption. To create the Internet public key,
Domino uses the x.509 certificate format, which is an industry-standard format that many
applications, including Domino, understand.

Both the Notes client and Domino server support 1024-bit RSA key and 128-bit
symmetric key for S/MIME and SSL. The Notes proprietary protocols use a 630-bit key
for key exchange, and a 64-bit symmetric key.

Encryption strength

All Notes IDs contain two public/private key pairs. Prior to 5.0.4, key lengths were
restricted for the purposes of encrypting data, but not for authentication or signing.
Anything over 512-bit RSA key and 56-bit symmetric key was considered strong
encryption and was not allowed for export by the U.S. Government. Customers were
required to order and choose among kits of different cryptographic strengths.
With the relaxation of US government regulations on the export of cryptography, the
Domino server and the Domino Administrator, Domino Designer, and Lotus Notes client
products have consolidated all previous encryption strengths -- North American,
International, and France -- into one strong encryption level resulting in a single "Global"
release of the products. The Global release adopts the encryption characteristics
previously known as North American. Strong encryption in Global products can be used
worldwide, except in countries whose import laws prohibit it, or except in those countries
to which the export of goods and services is prohibited by the U.S. government.
Customers are no longer required to order Notes software according to cryptographic
strength.

When you upgrade to a Global release of Domino and Notes, stronger cryptography will
be used without a requirement to reissue existing IDs. These changes are seamless to
users as well as administrators. When two different versions of software are
communicating, the encryption negotiation will result in a step-down to the weaker level.
Therefore, the full benefits of stronger encryption will only be realized when all software
has been upgraded to the Global (release 5.0.4 and later) level. However, any mixed
versions of the software will interoperate.

The "Register New User" dialog box still offers a choice between North American and
International Ids. It was left this way because administrators often use the North
American or International distinction for administration purposes, or there may be older
versions of the software still in use in some companies. In addition, countries have their
own import rules. Preserving this distinction will allow Lotus to respond to specific
country changes, if required.

Note These regulations pertain only to export from the United States. For other countries
with import regulations, customers need to check the requirements of the specific country.
While Lotus takes all steps to acquiesce with governmental encryption regulations
worldwide, Lotus recommends that customers familiarize themselves with local
encryption regulations to remain in compliance.

Interoperability issues

      Support for ID types. Both North American and International ID types continue
       to be supported for the Global release. This is for backward compatibility with
       pre-5.0.4 clients. Lotus Notes users can keep their existing International IDs if the
       Global version of the software is installed. The Global version will automatically
       allow the use of stronger encryption. Browser users can keep their existing key
       ring, but users must follow the manufacturer's recommendations for upgrading the
       browser to stronger encryption.
      Interoperability with post-5.0.4 releases. If your organization's clients and
       servers are all running release 5.0.4 or later, it makes no difference whether you
       create North American or International IDs. Both types of ID will work the same
       way.
      Interoperability with pre-5.0.4 releases. Lotus Notes users, as well as Domino
       servers which have been upgraded to release 5.0.4 and later, can authenticate and
       continue day-to-day operations securely with clients and servers running on
       earlier releases of software. However, if your organization has clients or servers
       running releases earlier than Notes and Domino 5.0.4, you should continue to
       create the same types of IDs you created with the earlier versions. International
       versions of releases prior to 5.0.4 do not allow users to switch to North American
       IDs, so when registering new international users, you shouldn't create only North
       American IDs. Similarly, North American versions of earlier releases use weaker
       cryptography when running with International IDs, so you shouldn't create only
       International IDs.


The best strategy for deciding between North American and International IDs is to
continue using the decision process that was in place for earlier releases of Notes and
Domino. Eventually, as you upgrade the Notes clients and Domino servers, the decision
will not matter.

32) What are the Topologies for the Domino?

Replication Topology
MailRouting Topology

33) How many Organizations we can create?
34) How many Organizations Units we can create?
35) How many ways are there to create / Register user?

http://www.codestore.net/help/help6_admin.nsf/0/39010a286bd5465285256c1d003919fa
?OpenDocument


                                             USER AND SERVER CONFIGURATION


Using Advanced Notes user registration with the Domino Administrator
Advanced registration offers all the settings included in Basic registration and also allows
you to change default settings and apply advanced settings to users.

Note You can modify user settings at any time once you add the user to the User
Registration Queue by selecting the user from the queue and then making changes. You
can also modify certain settings for multiple users at once by selecting the users in the
queue and making changes. You can cancel user registration and clear all fields at any
time by clicking the red X.

Hosted Environments
If you are working in a hosted environment, when registering users, ensure that you are
using a certifier that was created for the hosted organization into which you are
registering the users. This applies regardless of whether you are using a certifier and
password or the server-based CA.

To use Advanced registration with the Domino Administrator

1. Make sure you have the following access before you begin registration:

                     Access to the certifier ID and its password, if you are not using the
                      Lotus Domino 6 server-based certification authority (CA).
                     Access to the Domino Directory from the machine you work on
                     Editor access or Author access with Create Documents role and the
                      UserCreator privilege in the Domino Directory on the registration
                      server
                     Create new databases access on the mail server if you plan to
                      create user mail files during registration
                     Create explicit policies and settings documents if you plan to use
                      policy-based system administration
                     Access to the certification log (CERTLOG.NSF) on the
                      registration server

2. From the Domino Administrator, click the People & Groups tab.

3. From the Servers pane, choose the server to work from.

4. Select Domino Directories, and then select People.

5. From the Tools pane, click People - Register.

6. Enter the certifier password and click OK.

Note The Certifier Information Recovery Warning dialog box appears. Review the
information in the dialog box, select the check box and click OK.

7. Click Advanced.

8. From the Basic tab, complete these fields:

Field                     Enter
Registration Server       Click Registration Server to change the registration server
                          (which is the server that initially stores the Person document
                          until the Domino Directory replicates), select the server that
                          registers all new users, and then click OK. If you have not
                          defined a registration server in Administration Preferences, this
                        server is by default one of these:

                              The local server if it contains a Domino Directory
                              The server specified in NewUserServer setting of the
                               NOTES.INI file
                              The administration server

First name, Middle      The user's first and last names and (if necessary) middle name.
name, Last name         The user's Short name and Internet address are automatically
                        generated. To change the Short name or Internet address, click
                        the appropriate space and enter the new text.
Short name              A short name in the format FirstInitialLastName is
                        automatically created as you enter the user's name. For
                        example, JSmith is the short name for John Smith. You can
                        modify this field.
Password                A password for the user ID.
Password options        Click Password options to set a level for the password in the
                        Password Quality Scale. The default level is 8. For more
                        information, see "Understanding the password quality scale."

                        Click the check box "Set Internet password" to give Internet
                        users name and password access to a Domino server and to set
                        an Internet password in the Person document. This field is
                        automatically selected if you select the Other Internet, POP,
                        iNotes, or IMAP mail types.

                        Click "Synch Internet password with Notes ID password" to
                        make the Internet password in the Person document the same
                        as the Notes password. This is a requirement for users who
                        want to use iNotes Web Access to read encrypted mail or work
                        offline.
Mail system             Click to change the user's mail system from the default of
                        Lotus Notes to an Internet-based system or iNotes Web
                        Access.
Explicit policy         Select the explicit policy to apply to this user. For more
                        information on policies, see "Policies."
Policy synopsis         Click to see a summary of this user's effective policies.
Let this person roam    Click to enable roaming capabilities for this user. Doing so
                        enables the Roaming tab.
Create a Notes ID for   Click to create a Notes ID for this person during the
this person             registration process.
9. Click the Mail tab and complete any of these fields. Domino uses default values (if
available) for any fields you do not modify.

Field                 Enter
Mail system           Choose one of the available mail types and complete the necessary
                      associated fields:

                            Lotus Notes (default)
                            Other Internet
                            POP
                            IMAP
                            iNotes
                            Other
                            None

                      If you select Lotus Notes, POP, or IMAP, the Internet address is
                      automatically generated.

                      If you select Other Internet, POP, or IMAP, the Internet password
                      is set by default.

                      If you select iNotes (iNotes Web Access), you can change other
                      user registration selections to iNotes Web Access defaults by
                      clicking Yes when prompted.

                      If you select Other or Other Internet, enter a forwarding address.
                      This address is the user's current address, where the user wants mail
                      to be sent. For example, if a user temporarily works at a different
                      location and/or uses a different mail system, the user can have her
                      mail forwarded to that new address. Or, a user may resign from the
                      company but leave a forwarding address so that mail addressed to
                      the old address is forwarded to the new location.
Mail server           The user's mail server. If you have not defined a mail server in
                      Administration Preferences, this server is (by default) the local
                      server if it contains a Domino Directory; otherwise, it is the
                      Administration server.
Mail file name        The file name of the mail file. By default, the path and file name
                      are mail\<firstinitial><first7charactersoflastname>.nsf.
Create file           Choose one:
now/Create file in
background                  Create file now (default)
                            Create file in background - Creating mail files in the
                             background forces the Administration Process to create the
                             files and saves time during the user registration process.
                      When you migrate users who have mail to convert, this field is
                      automatically set to Create file now.
Mail file template    A mail template from the list of available mail templates. For a
                      description of the template, select the template and click About.
                      The default is Mail(R6) (MAIL6.NTF).
Create full text      Click to generate a full-text index of the mail database.
index
Mail file replicas    Click to open the Mail Replica Creation Options dialog box on
                      which you can select the servers to which the mail file will
                      replicate. This option only applies to clustered servers.
Mail file owner       Select the level of access in the access control list to assign to the
access                user of the mail database from the Mail file owner access list. By
                      default, mail users have Editor with Delete documents access to
                      their own mail files; all other users have no access. This option can
                      be used to prevent mail users and/or owners from deleting their
                      own mail file. If the mail owner access is Designer or Editor, the
                      administrator ID currently being used is added to the mail file ACL
                      as Manager.
Set database quota    Click to enable, and then specify a size limit (maximum of 10GB)
                      for a user's mail database.
Set warning           Click to generate a warning when the user's mail database reaches a
threshold             certain size, and then enter the warning size (maximum of 10GB).

10. Click the Address tab, and enter values in any of these fields. Domino uses default
values (if available) for any fields you do not modify.

Field                Enter
Internet address     The Internet e-mail address assigned to this user.
Internet Domain      The domain to be used in the Internet address -- for example,
                     Acme.com.
Address name         The format of the Internet address. The default format is
format               FirstNameLastName@Internet domain without a separator -- for
                     example, RobinRutherford@Acme.com.
Separator            The character inserted between names and initials in the Internet
                     address. The default is None.

11. Click the ID Info tab, and enter values in any of these fields. Domino uses default
values (if available) for any fields you do not modify.

Field                  Enter
Create a Notes ID for Click to create a Notes ID for this user.
this person
Certifier Name list   Choose a certifier ID to use when creating the user name during
                      user registration when a Notes user ID is not being created for the
                      user.

                      This field appears if the check box "Create a Notes ID for this
                      person" is not selected.

                      If you are working in a hosted environment and are registering a
                      user to a hosted organization, be sure to register that user with a
                      certifier created for that hosted organization.
Use CA process        Click to use the Lotus Domino 6 server-based certification
                      authority (CA) to register this user. The certifier ID and password
                      will not be needed to complete the user registration process if you
                      use the Lotus Domino 6 CA.

                      If you are working in a hosted environment and are registering a
                      user to a hosted organization, be sure to register that user with a
                      certifier created for that hosted organization.

                      This field appears if the check box "Create a Notes ID for this
                      person" is selected.
Certifier ID          Click if you want to use a certifier ID and password instead of the
                      server-based CA. To change to a different certifier ID, click
                      Certifier ID, select the new ID, enter the password, and then click
                      OK.

                      If you are working in a hosted environment and are registering a
                      user to a hosted organization, be sure to register that user with a
                      certifier created for that hosted organization.

                      This field appears if the check box "Create a Notes ID for this
                      person" is selected.
Security type         Choose either North American or International. The security type
                      determines the type of ID file created and affects encryption when
                      sending and receiving mail and encrypting data. North American
                      is the stronger of the two types.

                      This field appears if the check box "Create a Notes ID for this
                      person" is selected.
Certification         The expiration date of the user ID in mm-dd-yy format. The default
expiration date       is two years from the current date.

                      This field appears if the check box "Create a Notes ID for this
                         person" is selected.
Location for storing     Choose one:
user ID
                                  In Domino Directory (default). The ID file is stored as an
                                   attachment to the user's Person document.
                                  In file (default location:
                                   <datadirectory>\ids\people\user.id). Click Set ID file to
                                   change path.
                                  In mail file. This option is only available with iNotes Web
                                   Access and allows Notes users to read their encrypted mail
                                   while using iNotes Web Access.

                         This field appears if the check box "Create a Notes ID for this
                         person" is selected.

12. (Optional) To add the user to an existing group:

                        Click the Groups tab with the user highlighted (you can highlight
                         multiple users also).
                        Select the group or groups to assign and click Add.

For more information on adding users to groups, see the topic Adding members to a
group.

13. (Optional) If you have enabled roaming capabilities for the user, click the Roaming
tab, and complete any of these fields. The fields do not appear if you did not click "Let
this person roam" on the Basic tab and "Create a Notes ID for this person." Domino uses
default values (if available) for fields you do not modify.

Field                  Enter
Put roaming user Click to store the user's roaming information on the same server used
files on mail server for mail.
Roaming Server         Click Roaming Server to open the Choose Roaming User Files
                       Server dialog box on which you specify the server that stores the
                       user's roaming information. If you select Put roaming user files on
                       mail server, the Roaming Server defaults to the user's mail server.
Personal roaming       The subdirectory that contains the user's roaming information. By
folder                 default, this is based on the sub-folder format you specify, but you
                       can customize it.
Sub-folder format The method used to name roaming subdirectories on the roaming
                  server. This determines the default Personal roaming folder for each
                  user.
Create roaming         Choose one of these:
files now/Create
roaming files in           Create file now - Default
background                 Create roaming files in background - Click to create the user's
                            roaming files the next time the Administration Process runs.
                            Creating roaming files in the background forces the
                            Administration Process to create the files and saves time
                            during the user registration process.

Clean-up option     Choose one of the following roaming user client clean-up options.
                    Clean-up will only occur on clients that have been installed and
                    configured for multiple users.

                           Do not clean-up (default). -- Roaming user data will never be
                            deleted from the Notes client workstation to which the user
                            roamed.
                           Clean-up periodically. -- Enables the "Clean up every N days"
                            field on which you specify the number of days that should
                            pass before roaming user data is deleted from the Notes client
                            workstation.
                           Clean-up at Notes shutdown. -- Roaming user data will be
                            deleted from the Notes client workstation immediately upon
                            Notes shutdown.
                           Prompt user -- The user is prompted on exiting the client as to
                            whether they want to clean up their personal files. If the user
                            chooses Yes, the data directory on that client workstation is
                            deleted. If the user chooses No, the user is prompted as to
                            whether they want to be asked again on that client. If the user
                            chooses No, the user is not prompted again. If the user
                            chooses Yes, the user is prompted again the next time the user
                            exits the client on that workstation.

Roaming Replicas Click this button to open the "Roaming Files Replica Creations
                 Options" dialog box on which you can designate to which servers a
                 user's roaming files should replicate. This option only applies to
                 clustered servers.

14. Click the Other tab, and complete any of these fields. Domino uses default values (if
available) for fields you do not modify.

Field                   Enter
Setup profile           Name of an R5 User Setup profile to assign.

                        Note If you are using policies, you cannot use a user setup
                        profile.
Unique org unit         A word that distinguishes two users who have the same name
                        and are certified by the same certifier ID.
Location                Departmental or geographical location of the user.
Local administrator     The name of a user who has Author access to the Domino
                        Directory but who does not have the UserModifier role. This
                        setting allows the local administrator to edit Person documents.
Comment                 A comment about the user, regarding the user's registration.
Alternate name          Choice of alternate name language. The certifier ID used to
language                register this user must contain the alternate name language for it
                        to appear here.

                        For more information, see Adding an alternate name and
                        language.
Alternate name          The alternate name of the user. The certifier ID used to register
                        this user must contain the alternate name language for it to
                        appear here.
Alternate org unit      A word that distinguishes two users who have the same name
                        and are certified by the same certifier ID. The certifier ID used
                        to register this user must contain the alternate name language.
Preferred language      Choose a preferred language for the user, that is, the language
                        that the user prefers to use.
Windows User Options Click to set user options for Windows NT or Windows 2000.
                     Opens the "Add Person to Windows NT/2000" dialog box on
                     which you can specify whether to add the user to Windows NT
                     and/or the Windows 2000 Active Directory. Enter the Windows
                     account name for the user, and select the name of the Windows
                     NT or Windows 2000 group to which you are adding the user.

15. Click the green check mark. The user name appears in the Registration status view
(the user registration queue).

16. Click Register and then click Done.



36) How can you identify whether it is a main server or additional server?
37) How many ACL levels are there?


Access control lists

An access control list (ACL) determines access to a given database, and the type of
access allowed. The following table lists the access levels for Domino.
ACL levels
    Level                User Access                         Server Access
No Access      No access to the database          No access to the database (except,
                                                  optionally, for a special class of
                                                  documents called public documents)
Depositor      Can create documents in the        Cannot replicate
               database, but cannot read, edit,
               or delete documents, including     Note: This ACL level is not normally
               those they create                  assigned to servers.
Reader         Can read documents, but cannot           Can replicate to receive only
               create, edit, or delete them              (not send documents)
                                                        Minimum access for servers to
                                                         get data

Author         Can create and read documents,           Can replicate new documents,
               and edit own documents if                 but cannot modify documents
               Authors fields are used                  Minimum access for servers to
                                                         send data
               Note: Designers can modify a
               database to allow users to edit    Note: This ACL level is not normally
               their own documents.               assigned to servers
Editor         Can create, read, and edit all     Can replicate all new and changed
               documents                          documents
Designer       Can modify the database design, Can replicate all new and changed
               but cannot modify the ACL or    documents, and replicate design
               delete the database             elements
Manager        Can perform all operations on    Can replicate ACL changes as well as
               the database, including changing all document and design changes
               ACLs and deleting the database

38) Can you describe ACL level (Manager, Editor, Author, Designer, Depositor, Reader
and Unassigned)?


39) What is the ICL?

http://www.codestore.net/help/help6_admin.nsf/f4b82fbb75e942a6852566ac0037f284/94
6a94e42fc58f5b85256c1d00398b48?OpenDocument


                                                                           SECURITY
Domino server-based certification authority
You can set up a Domino certifier that uses a server task, the CA process, to manage and
process certificate requests. The CA process runs as an automated process on Domino
servers that are used to issue certificates. When you set up a Notes or Internet certifier,
you link it to the CA process on the server in order to take advantage of CA process
activities. Only one instance of the CA process can run on a server; however, the process
can be linked to multiple certifiers.

You can set up Notes and Internet certifiers to use the CA process.

Consider using the CA process because it:

      Provides a unified mechanism for issuing Notes and Internet certificates.
      Supports the registration authority (RA) role, which you use to delegate the
       certificate approval/denial process to lower-echelon administrators in the
       organization.
      Does not require access to the certifier ID and ID password. After you enable
       certifiers for the CA process, you can assign the registration authority role to
       administrators, who can then register users and manage certificate requests
       without having to provide the certifier ID and password.
      Simplifies the Internet certificate request process through a Web-based certificate
       request database.
      Issues certificate revocation lists, which contain information about revoked or
       expired Internet certificates.
      Creates and maintains the Issued Certificate List (ICL), a database that contains
       information about all certificates issued by the certifier.
      Is compliant with security industry standards for Internet certificates -- for
       example, X.509 and PKIX.


To manage the CA process from the Domino console, you use a set of server Tell
commands.

Issued Certificate List (ICL)

Each certifier has an Issued Certificate List (ICL) that is created when the certifier is
created or migrated to the CA process. The ICL is a database that stores a copy of each
unexpired certificate that it has issued, certificate revocation lists, and CA configuration
documents. Configuration documents are generated when you create the certifier and sign
it with the certifier's public key. After you create these documents, you cannot edit them.

CA configuration documents include:

      Certificate profiles, which contain information about certificates issued by the
       certifier.
      CA configuration document, which contains information about the certifier itself.
      RA/CA association documents, which contain information about the RAs who are
       authorized to approve and deny certificate requests. There is one document for
       each RA.
      ID file storage document, which contains information about the certifier ID.


Another CA configuration document, the Certifier document, is created in the Domino
Directory when you set up the a certifier. This document can be modified.

For more information, see the topic Modifying a certifier.

Certificate Revocation List (CRL)

A CRL is a time-stamped list identifying revoked Internet certificates -- for example,
certificates belonging to terminated employees. The CA process issues and maintains
CRLs for each Internet certifier. A CRL is associated with a certifier, is signed by that
certifier, and resides in the certifier's ICL database. A copy of the CRL is also stored in
the Domino Directory, where it is used to assert certificate validity by entities that require
certificate authentication.

You configure the CRL when you create a new Internet certifier. You can specify the
length of time for which a CRL is valid and the interval between publication of new
CRLs. After CRLs are configured, the certifier issues them on a regular basis and they
operate unattended.

Using CRLs, you can manage the certificates issued in your organization. You can easily
revoke a certificate if the subject of the certificate leaves the organization or if the key
has been compromised. HTTP servers and Web browsers check the CRLs to determine
whether a given certificate has been revoked, and is therefore no longer trusted by the
certifier. When you use Internet Site documents to configure Internet protocols on the
Domino, you can also enable CRL-checking for each protocol.

There are two kinds of CRLs: regular and non-regular. For regular CRLs, you configure a
duration interval -- the time period for which the CRL is valid -- and the interval at which
new CRLs are issued. Each certifier issues a CRL at the specified time, even if no
certificates have been revoked since the last CRL was issued. This means that if an
administrator revokes a certificate, it appears in the next scheduled CRL issued by the
certifier. The CRL duration period should be greater than the time period between each
CRL issuance. This ensures that the CRL remains valid. Otherwise, the CRL could expire
before a new one is issued.

However, in the event of a critical security break -- for example, if the administrator
needs to revoke a particularly powerful certificate or the certifier certificate is
compromised -- you can manually issue a non-regular CRL - that is, an unscheduled CRL
- to enforce the emergency revocation. This type of revocation does not affect either the
timing or the content of the next scheduled CRL. You use a Tell command to issue a non-
regular CRL.

For more information on revoking a certificate, see the topic Revoking a certificate.

For more information on enabling CRL-checking for Internet Site documents, see the
topic Setting up security for Internet Site documents.

For more information on configuring a regular CRL, see the topic Creating a certifier for
a server-based CA.

For more information on issuing a nonscheduled CRL, see the topic Certificate authority
process tell commands.




40) What is CRL?

http://www.codestore.net/help/help6_admin.nsf/f4b82fbb75e942a6852566ac0037f284/e4
3f8497effb917d85256c1d003a3457?OpenDocument


Certificate Authority process tell commands
This table describes additional Tell commands you can use with the Domino CA process.
Command            Result
tell ca quit       Stops CA process.
tell ca stat        Displays summary information for the certifiers using the CA process;
                    this includes the certifier's number, its hierarchical name, certifier type
                    (Notes or Internet), whether it is active, and name of the ICL database.
tell ca show        Display a list of pending certificate requests, revocation requests, and
queue certifier     configuration modification requests for a specific certifier, using its
number              number from the results of the "tell ca status" command. You can also
                    use * to show this information for all certifiers that are using the CA
                    process.
tell ca activate    Activate a certifier if the certifier is created with "Require password to
certifier number    activate certifier," or use this for any certifier that has been
password            deactivated. Activation is enabled during CA setup and creation.
                    Activate a specific certifier by entering its number from the results of
                    the 'tell ca status' command. Or you can actually unlock all server
                    ID/password-protected certifiers at one time with this command, if
                    you specify "*" for the certifier number. The CA process then prompts
                    you for the password for each certifier.
tell ca deactivate Deactivate a certifier. You will need to activate it again in order for it
certifier number    to process any request. Use * to deactivate everything, or deactivate a
                    specific certifier by entering its number from the results of the 'tell ca
                    status' command.
tell ca lock idfile Lock all certifiers that were set up with a lock ID, as specified during
                    CA setup.
tell ca unlock      Unlock all certifiers using the ID and password that comprise the lock
idfile password     ID. The lock ID is specified during CA setup.
tell ca CRL issue Issue a non-regular CRL for a specific certifier, where certifier
certifier number number is the number of the certifier specified in the results of the
                  "tell ca status" command.
tell ca CRL push Push a certifier's latest regularly scheduled CRL to the Domino
certifier number Directory, where certifier number is the number of the certifier
                 specified in the results of the "tell ca status" command.
tell ca CRL info    Display CRL information for a specified certifier, where certifier
certifier number    number is the number of the certifier specified by the 'tell ca status'
[s/S/n/N]           command. Use s or S for regularly scheduled CRLs, and n or N for
                    non-regularly scheduled CRLs.
tell ca refresh     Force the CA process to refresh its list of certifiers. As a result:

                           newly configured certifiers will be added to the CA process
                           previously unlocked certifiers will need to be unlocked again
                           previously activated certifiers may need to be activated again,
                            if the activation password has changed
                           the Notes certifier ID file in idstorage will be updated with the
                            latest certificate information

tell ca help        List tell ca options

				
DOCUMENT INFO
Shared By:
Tags:
Stats:
views:31696
posted:4/17/2010
language:English
pages:52