Lotus Notes 8 Lotus Notes 8 5 Installing Domino

Document Sample
Lotus Notes 8 Lotus Notes 8 5 Installing Domino Powered By Docstoc
					        Lotus Notes 8.5
Installing Domino Servers and Notes Clients
Chapter 1.                                                            Chapter 6.
Deploying Domino                                                3     Upgrading Notes clients                148
            Installation                                        3     Before you upgrade the Notes client    149
            Functions of the domino servers                     3     Backing up Notes client files          150
            Hierarchical naming for servers and users           3     Creating a Lotus Notes Smart Upgrade
            Domino domains                                      4     database                               153
            Partition servers                                   5     Adding update kits to the              155
            Certifier IDs and certif icates                     7     Lotus Notes Smart Upgrade database
            Domino server servic es                             8
            Table of Domino naming requirements                 9     Chapter 7.
            Building the Domino environment                     9     Uninstalling Notes                     164
Chapter 2.                                                            Uninstalling notes silently            165
Setting Up the Domino Netw ork                                  9     Cleaning preview notes                 166
            Lotus Domino and netw orks                          10
            Resolving server names to network                   11
            addresses in NRPC
            Netw ork security                                   12
            NRPC and Internet connection security               13
            TCP/IP security considerations                      14
            Mapped directory links and Domino                   14
            data security
            Planning the TCP/IP netw ork                        15    Chapter 8.
            NRPC name-to-address resolution                     15    Setting up Domino and DB2              167
            over TCP/IP                                               Accounts                               167
            Ensuring DNS resolves in TCP protocols              17    Requirements                           168
            Changing a server’s IP address                      19    what is supported for DB2              166
            IPv6 and Lotus Domino                               21    Installing DB2 on a Domino server      168
            Advanced Domino TCP/IP configurations               27    Testing the DB2                        171
            Planning the NetBIOS netw ork                       34    Manual DB2                             174
            How to tell if NetBIOS is active on a system        35    Mapping DB2                            185
            Setting up Domino servers on the network            36
            Server setup tasks specif ic to TCP/IP              42    Lotus Notes 8.5.1                      187
Chapter 3.
Installing and Setting Up Domino Servers                        46
            To install and set up a server                      46
            Installing Domino on Windows systems                47
            Using Domino Off -Line Services (DOLS)              54
            and Domino Web Access
            Setting up Domino Web Access with IBM               56
            Lotus Sametime
            Using the Domino Server Setup program               61
            Using a server setup profile                        65
            Registering a server                                69
Chapter 4.
Setting Up and Using Domino Administration Tools                84
            Selecting a server to administer in the             85
            Domino Administrator
            Starting and stopping the Domino Console            102
Chapter 5.
Planning for Notes client installation and upgrade              116
            Lotus install                                       116
            Lotus Notes installation documentation roadmap      117
            Lotus Notes pre-installation checklist              117
            Considerations before installing Lotus Notes        118
            on Windows
            Lotus Notes pre-installation checklist              119
            Before you install Lotus Notes clients              120
            Creating a transform file                           121
            Using transform files for end-user installations    124
            Customizing Notes installation using the            125
            install manifest
            Using notes client single logon to synchronize      132
            Notes and OS passwords
            Using Language Pack Installer w ith Domino          113
            Installing Lotus Notes in a multi-user              138
            environment
            Using the Multi-user Interface pack                 141
            Running a silent installation                       143
            Providing command line utilities for installation   145
            Installing the Domino clients in a shared           149
            network directory
            Creating and using an NSF-based update site         133




                                                                                                                   2
        Chapter 1. Deploying Domino
This chapter outlines the steps required to deploy IBM ® Lotus ® Domino(TM) successfully and
introduces important concepts that you need to know before y ou install Domino servers.

Installation
 Planning to deploy Domino
 Installing and setting up Domino servers

Guidepost for deploying Domino
Whether you’re setting up IBM(R) Lot us(R) Domino(TM) and IBM(R) Lotus(R) Notes(R) for the first
time or adding to an established Domino environment, planning is vit al. Along with determining your
company’s needs, you need to plan how to integrat e Domino into your existing network. After planning
is complete, you can begin to install and set up Domino servers and the Domino Administrator and
build the Domino environment. The following list describes, in order, the process to use to deploy
Domino.

Functions of Domino servers
Before you install and set up the first IBM(R) Lotus (R) Domino(TM) server, consider the function and
physical location of the servers that your company needs and det ermine how to connect the servers to
each other. The current configuration of local and wide-area networks affects many of thes e decisions.
Consider your company’s need for:
 Servers that provide IBM(R) Lotus(R) Notes(R) and/or browser users wit h access to applications
 Hub servers that handle communication bet ween servers that are geographic ally distant
 Web servers that provide browser users with access to Web applications
 Servers that manage messaging services
 Directory servers that provide users and servers with information about how to communicate with
other users and servers
 Passthru servers that provide us ers and servers with access to a single server that provi des access
to other servers
 Domain Search servers that provide users with the ability to perform searches across all servers in a
Domino domain
 Clustered servers that provide users wit h constant access to data and provide load-balancing and
failover
 Partitioned servers that run multiple instances of the Domino server on a single computer
 Firewall servers that provide Not es users with access to internal Domino services and protect
internal servers from outside us ers
 xSP servers that provide users with Internet access to a specific set of Domino applications

Your decisions help determine which types of Domino servers your require. When you install each
server, you must select one of the following installation options:
 Domino Utility Server -- Installs a Domino server that provides application services only, with support
for Domino clusters. The Domino Utility Server is an installation type for Lotus Domino that removes
client access license requirements. Note that it does NOT include support for messaging services. See
full licensing text for details.
 Domino Messaging Server -- Installs a Domino server that provides messaging services. Note that it
does NOT include support for application services or Domino clusters.
 Domino Enterprise Server -- Installs a Domino server that provides both messaging and application
services, with support for Domino clusters.

Note: All three types of installations support Domino partitioned servers. Only the Domino Enterprise
Server supports a service provider (xSP) environment.

Hierarchical naming for servers and users
Hierarchical naming is the cornerstone of IBM(R) Lotus(R) Domino(TM) security; therefore planning it
is a critical task. Hierarchical names provide unique identifiers for servers and users in a company.
When you register new servers and users, the hierarchical names drive their certification, or their level
of access to the system, and control whether users and servers in different organizations and
organizational units can communicate with each another.



                                                                                                        3
Before you install Domino servers, create a diagram of your company and use the diagram to plan a
meaningful name scheme. Then create certifier IDs to implement the name scheme and ensure a
secure system.

A hierarchical name scheme us es a tree structure that reflects the actual structure of a company. At
the top of the tree is the organization name, which is usually the company name. Below the
organization name are organizational units, which you create to suit the structure of the company; yo u
can organize the structure geographically, departmentally, or both.




Looking at Acme’s diagram, you can see where they located their servers in the tree. Acme decided to
split the company geographically at the first level and create certifier IDs for the East and West
organizational units. At the next level down, Acme made its division according to department. For
more information on certifier IDs, see the topic ″Certifier IDs and certificates″ in this chapter.

Components of a hierarchical name:
A hierarchical name reflects a user’s or server’s plac e in the hierarchy and controls whether users and
servers in different organizations and organizational units can communic ate with each another. A
hierarchical name may include thes e components:
 Common name (CN) -- Corresponds to a user’s name or a server’s name. All names must include a
common name component.
 Organizational unit (OU) -- Identifies the location of the user or server in the organization. Domino
allows for a maximum of four organizational units in a hierarchical name. Organizational units are
optional.
 Organization (O) -- Identifies the organization to which a user or server belongs. E very name must
include an organization component.
 Country (C) --Identifies the country in which the organization exists. The country is optional.

An example of a hierarchical name that uses all of the components is: Julia
Herlihy/Sales/East/Acme/US Typically a name is entered and displayed in this abbreviated format, but
it is stored internally in canonical format, which contains the name and its associated components, as
shown below:

CN= Julia Herlihy/OU=S ales/OU=East/O=Acme/C= US.

Note: You can use hierarchical naming with wildc ards as a way to isolate a group of servers that need
to connect to a given Domino server in order to route mail. For more information, see the chapter
″Setting Up Mail Routing.″

Domino domains
A Domino domain is a group of IBM(R) Lotus(R) Domino(TM) servers that share the same Domino
Directory. As the control and administration center for Domino servers in a domain, the Domino
Directory contains, among other documents, a Server document for each server and a Person
document for each Notes user.

Planning for Domino domains:
There are four basic scenarios for setting up Domino domains. The first scenario, which many small-
and medium -size companies use, involves creating only one Domino domain and registering all




                                                                                                         4
servers and users in one Domino Directory. This scenario is the most common and the easiest to
manage.

The second scenario is common when a large company has multiple independent business units. In
this case, one organization spread across multiple domains may be the best scenario. Then all servers
and users are members of the same organization, and each bus iness unit administers its own Domino
Directory. For more information on administering multiple Domino directories, see t he chapter
″Planning Directory Services.″ A third scenario is common when multiple companies work closely
together yet want to retain individual corporate identities. Then one domain and multiple organizations
may work best.

Finally, the fourth scenario i nvolves maintaining multiple domains and multiple organizations. This
scenario often occurs when one company acquires another. Sometimes the decision to create multiple
Domino domains is not based on organizational structure at all. For example, you may want to create
multiple Domino domains if you have slow or unreliable network connections that prohibit frequent
replication of a single, large directory. Keep in mind that working wit h multiple domains requires
additional administrative work and requires you to set up a system for managing them.

Domains can be used as a broad security measure. For example, you can grant or deny a user access
to servers and databases, based on the domain in which the user is registered. Using an extended
ACL is an alternative to creating multiple domains, because you can use the extended ACL to specify
different levels of access to a single Domino Directory, based on organiz ation name hierarchy. For
more information on extended ACLs, see the chapter ″Setting Up Extended ACLs.″


Partitioned servers
Using IBM(R) Lotus(R) Domino(TM) server partitioning, you can run multiple instances of the Domino
server on a single computer. By doing so, you reduce hardware expenses and minimize the number of
computers to administer because, instead of purchasing multiple small computers to run Domino
servers that might not take advantage of the resources available to them, you can purchase a single,
more powerful computer and run multiple instances of the Domino server on that single machine.

On a Domino partitioned server, all partitions share the same Domino program directory, and thus
share one set of Domino ex ecutable files. However, each partition has its own Domino data directory
and NOTES.INI file; thus each has its own copy of the Domino Directory and other administrative
databases. If one partition shuts down, the others continue to run. If a partition encounters a fatal
error, Domino’s fault recovery feature restarts only that partition, not the entire computer. For
information on setting up fault recovery, see the chapter ″ Transaction Logging and Recovery.″

Partitioned servers can provide the scalability you need while als o providing security. As your system
grows, you can migrate users from a partition to a separate server. A partitioned server can also be a
member of a cluster if you require high availability of databases. Security for a partitioned server is the
same as for a single server. When you set up a partitioned server, you must run the same version of
Domino on each partition. However, if the server runs on UNIX®, there is an alternative means to run
multiple instances of Domino on the server: on UNIX, you can run different versions of Domino on a
single computer, eac h version with its own program directory. You can even run multiple instances of
each version by installing it as a Domino partitioned server.

For more information on installing Domino on UNIX, see the chapter ″Installing and Setting Up Domino
Servers.″

Deciding whether to use partitioned servers:
Whether or not to use partitioned servers depends, in part, on how you set up Domino domains. A
partitioned server is most useful when the partitions are in different Domino domains. For example,
using a partitioned server, you can dedicate different Domino domains to different customers or set up
multiple Web sites. A partitioned server with partitions all in the same Domino domain often uses more
computer resources and disk space than a single server that runs multiple ser vices.

To give Notes users access to a Domino server where they can create and run Domino applications,
use a partitioned server. However, to provide customers with Internet access to a specific set of



                                                                                                          5
Domino applications, set up an xSP server environment. For more information about using Domino in
an xSP environment, see the chapter ″Planning the Service Provider Environment.″

Deciding how many partitions to have:
How many partitions you can install wit hout noticeably diminishing performance depends on the power
of the computer and the operating system the computer uses. For optimal performance, partition
multiproc essor comput ers that have at least one, and preferably two, processors for each partition that
you install on the computer.

Certifier IDs and certificates
Certifier IDs and certificates form the basis of IBM(R) Lotus(R) Domino(TM) security. To place servers
and users correctly within your organization’s hierarchical name scheme, you create a certifier ID for
each branch on the name tree. You use the certifiers during server and user registration to ″stamp″
each server ID and user ID with a certificate that defines where each belongs in the organization.
Servers and users who belong to the same name tree can communicat e with each other; servers and
users who belong to different name trees need a cross -certificate to communicate with each ot her.

Note: You can register servers and us ers without stamping each server ID and user ID if you have
migrated the certifier to a Domino server-based certification aut hority (CA). For more information about
server-based CAs, see the chapter ″Setting Up a Domino Server-based Certification Authority.″ Each
time you create a certifier ID, Domino creates a certifier ID file and a Certifier document. The ID file
contains the ID that you use to register servers and users. The Certifier doc ument serves as a record
of the certifier ID and stores, among other things, its hierarchical name, the name of the certifier ID
that issued it, and the names of certificates assoc iated with it.

Note: During server setup, you can us e an existing certifier ID instead of creating a new one. The
certifier ID that you specify cannot have multiple passwords assigned to it. Attempting to user a
certifier ID with multiple passwords generates an error message and causes server setup to halt.
There are two types of certifier IDs: organization and organizational unit.

Organization certifier ID:
The organization certifier appears at the top of the name tree and is usually the name of the co mpany
-- for example, Acme. During first server setup, the Server Setup program creates the organization
certifier and stores the organization certifier ID file in the Domino data directory, giving it the name
CERT. ID. During first server setup, this organization certifier ID automatically certifies the first Domino
server ID and the administrator’s user ID.

If your company is large and decentralized, you might want to use the Domino Administrat or after
server setup to create a second organization certifie r ID to allow for further name differentiation -- for
example, to differentiate between company subsidiaries. For more in formation on working with multiple
organizations, see the topic ″Domino domains″ earlier in this chapter.

Organizational unit certifier IDs:
The organizational unit certifiers are at all the branches of the tree and usually represent geographical
or departmental names -- for example, East/Acme or Sales/East/Acme. If you choose to, you can
create a first-level organizational unit certifier ID during server setup, with the result that the server ID
and administrat or’s user ID are stamped with the organizational unit certifier rather than with the
organization certifier. If you choose not to create this organizational unit certifier during server setup,
you can always use the Domino Administrator to do it later -- just remember to recertify the server ID
and administrat or’s user ID. For information on recertifying user IDs, see the chapter ″Setting Up and
Managing Notes Us ers.″ For information on recertifying server IDs, see the chapter ″Maintaining
Domino Servers.″ You can create up to four levels of organizational unit certifiers. To create first-level
organizational unit certifier IDs, you use the organization certifier ID. To create second -level
organizational unit certifier IDs, you use the first-level organizational unit certifier IDs, and so on.

Using organizational unit certifier IDs, you can decent ralize certification by distributing individual
certifier IDs to administrators who manage users and servers in specific branches of the company. For
example, the Acme company has two administrators. One admi nisters servers and users in
West/Acme and has access to only the West/Acme certifier ID, and the other administers servers and
users in East/Acme and has access to only the East/Acme certifier ID.


                                                                                                                6
Certifier securi ty:
By default, the Server Setup program stores the certifier ID file in the directory you specify as the
Domino data directory. When you use the Domino Administrator to create an additional organization
certifier ID or organizational unit certifier ID, you specify where you want the ID stored. To ensure
security, store certifiers in a secure location -- such as a disk locked in a secure area.

User ID recovery:
To provide ID and password recovery for Notes users, you need to set up recovery information for
each certifier ID. Before you can reco ver user ID files, you need access to the certifier ID file to specify
the recovery information, and the user ID files themselves must be made recoverable. There are three
ways to do this:
 At user registration, create the ID file with a certifier ID that contains recovery information.
 Export recovery information from the certifier ID file and have the user accept it.
 (Only for servers using the server-based certification authority) Add recovery information to the
certifier. Then, when existing users authenticate to their home server, their IDs are aut omatically
updated. For more information, see the chapter ″Protecting and Managing Notes IDs.″

Example of how certifier IDs mirror the hierarchical name scheme:
To implement their hierarchical name scheme, the Acme company created a certifier ID at each
branch of the hierarchical name tree:




To register each server and user, Acme does the following:
 Creates /Acme as the organization certifier ID during first server setup.
 Uses the /Acme certifier ID to create the /East/Acme and /West/Acme certifier IDs.
 Uses the /East/Acme certifier ID to register servers and us ers in the East coast offic es and uses the
/West/Acme certifier ID to register servers and users in the West coast offices.
 Uses the /East/Acme certifier ID to create the /Sales/East/Acme, /Marketing/East/Acme, and
/Development/East/Acme certifier IDs.
 Uses the /West/Acme certifier ID to create the /HR/West/Acme, /Accounting/West/Acme, and
IS/West/Acme certifier IDs.
 Uses the /Sales/East/Acme, /Sales/Marketing/Acme, and Development/East/Acme certifier IDs to
register users and servers in the East coast division.
 Uses the /HR/West/Acme, /Accounting/West/Acme, and IS/West/Acme certifier IDs to register users
and servers in the West coast division.

For more information on hierarchical name schemes, see the topic ″Hierarchical naming for users and
servers″ earlier in this chapt er.




                                                                                                            7
Domino server services
Before you start the Server Set up program, decide which services and tasks to set up on the server. If
you don’t select the services during the setup program, you can later enable them by editing the
ServerTasks setting in the NOTES.INI file or by starting the server task from the server console.

Internet service s:
The IBM(R) Lot us(R) Domino(TM) Server Setup program presents these selections for Internet
services:
 Web Browsers (HTTP Web services)
 Internet Mail Clients (SMTP, POP3, and IMAP mail services)
 Directory services (LDAP)

Advanced Domino service s:
These Domino services, which are nec essary for the proper operation of the Domino infrastructure,
are enabled by default when you set up a Domino server:
 Database Replicator
 Mail Rout er
 Agent Manager
 Administration Process
 Calendar Connector
 Schedule Manager
 DOLS (Domino Off-Line Services)

These are optional advanced Domino server services that you can enable:
 DIIOP CORBA Services
 DECS (Domino Enterpris e Connection Services)
 Billing
 HTTP Server
 IMAP Server
 ISpy
 LDAP Server
 POP3 Server
 Remot e Debug Server
 SMTP Server
 Stats
 Statistic Collector
 Web Retriever

Note: It is best to use activity logging instead of the billing service.

Table of Domino naming require ments
Consider these guidelines when naming parts of the IBM(R) Lot us(R) Domino(TM) system.

Name                  Characters         Tips

Domino domain         31 maximum     This is usually the same as the organization name.
                                     Use a single word, made up of only alpha (A-Z) or numeric (0-
                                    9) characters.
Notes named           31 maximum     By default, the Server Setup program assigns names in the
network                             format port name network -- for example, TCP/IP network.
                                     Edit Notes named net work names to use an identifier such as
                                    the location of the IBM Lotus Notes named network and the
                                    network protocol -- for example, TCP IP-Boston.
Organization          3-64 maximum*  This name is typically the same as the Domino domain name.
                                     The organization name is the name of the certifier ID and is
                                    appended to all user and server names.




                                                                                                      8
Server              255 maximum        Choose a name you want to keep. If you change a server
                                      name, you must recertify the server ID.
                                       Choose a name that meets your net work’s requirements for
                                      unique naming. On TCP/ IP, use only the characters 0 through 9,
                                      A through Z, and - (dash). On NetBIOS, the first 15 characters
                                      must be unique. On SP X, the first 47 characters must be unique.
User                79 maximum*        Use a first and last name. A middle name is allowed, but
                                      usually not needed. User names may contain the ’ (apostrophe).
Alternate user      No minimum         Can have only one alternate name
Group               62 maximum         Use any of these characters: A - Z, 0 - 9, & - . _ ’ / (ampersand,
                                      dash, period, space, underscore, apostrophe, forward slash).
                                      The only characters that are expressly prohibited are @ and / /.

                                      Note: You can creat e groups with hierarchical distinguished
                                      names (DN). However, you must surround the forward slash (/)
                                      in a component value of a DN by surrounding it with double
                                      quotes. For example, 24″/″7 Support.

                                      Note: Do not create group names containing a / (slash) unless
                                      you are working in a hosted environment. Using the / in group
                                      names in a non-hosted environment causes confusion with
                                      hierarchical naming schemes. Hierarc hical names are required
                                      in a hosted environment.
                                       For mail routing, you can nest up to five levels of groups. For
                                      all other purposes, you can nest up to six levels of groups.
Port                No maximum         Do not include spaces
Country             code 0 or 2        Optional

* This name may include alpha characters (A - Z), numbers (0 - 9), and the ampersand (&), dash (-),
period (.), space ( ) , and underscore (_). For more information on network name requirements and the
effect that server name format has on net work name -to-address resolution, see the chapter ″Setting
Up the Domino Network.″


Building the Domino environment
After installing the first IBM(R) Lotus(R) Domino(TM) server and any additional servers, you configure
the servers and build the environment. This overview lists the features that you may want to include in
your Domino environment.
1. Create Connection documents for server communication.
2. If you have mobile users, set up modems, dialup support, and RAS.
3. Set up mail routing
4. Establish a replication schedule.
5. Configure incoming and out going Internet mail (SMTP ).
6. Customize the Administration P rocess for your organization.
7. Plan and create policies before you register users and groups.
8. Register users and groups.
9. Determine backup and maintenance plans and consider transaction logging.
10. Consider remot e server administration from the Domino console or Web Administrator console.
    Also consider the us e of an extended administration server.
11. Set up a mobile directory catalog on Notes clients to give Notes users local access to a corporate -
    wide directory.
12. Consider implementing clustering on servers.


Chapter 2. Setting Up the Domino Network
This chapter describes planning concepts and presents protocol -specific procedures required to run
IBM(R) Lotus(R) Domino(TM) on a network. The chapter describes using network prot ocols from a
Domino perspective and does not provide general network information.




                                                                                                          9
Setting Up the Domino Network
This section presents the planning concepts and setup procedures necessary for a successful IBM(R)
Lotus(R) Domino(TM) deployment over a network. It provides information on network prot ocols from a
Domino perspective but does not attempt to provide general net work information.

Lotus Domino and networks
A variety of client systems can use wireless technology or modems to communicate with IBM(R)
Lotus(R) Domino(TM) servers over local area networks (LA Ns), wide area networks (WANs), and
metropolitan area net works (MANs). Computers use one or more protocols to govern how they share
information over a net work. For example, IBM(R) Lotus(R) Notes(R) workstations and Domino servers
use the Notes remot e procedure call (NRP C) prot ocol running over the LAN’s network prot ocol to
communicate with other Domino servers. Other client systems, such as Web browsers, Internet mail
clients, wireless application protocol (WAP) devices, and personal information management (P IM)
devic es, can also communicate with Domino servers.

Isolated LANs can be connected by WANs. A WAN is either a continuous connection -- such as a
frame-relay, leased telephone line, or digital subscriber line (DS L) -- or a dialup connection over a
modem or Integrated Services Digital Net work (ISDN) line. Dialup connections are either to an
individual server or to a LA N (through a provider network or your company’s own communications
server). Buildings or sites that are geographically close to each other can use a MA N, which is a
continuous, high-speed connection that can connect corporate LANs or connect a LAN to the WAN.
Like a WAN, a MAN is usually shared by multiple organizations.

Wireless technology that works with Domino ranges from localized transmission systems (802.11a or
802.11b) to national or international satellite transmission systems that are geostationary, mid -orbit, or
tracked orbit. If you are planning a net work for geographic ally dispersed locations, consider how to
achieve a cost-effective infrastructure. Placing servers in one location requires that users in other
locations access the Domino server across WAN connections, which can be slow and expensive.
Placing servers in every location and replicating databases to make the same information availa ble on
several LA Ns requires attention to administration at each location. One effective way to set up a
network is to use a hub server at each location to handle communication wit h hub servers in other
locations. Then, only the hub servers, not every server in the network, use WAN connections. The
functionality of Notes workstations and Domino servers depends on the effectiveness and capacity of
networks. To plan a Domino network with sufficient capacity, you must consider not only the traffic to
and from Domino servers but also any other traffic on the net work.

NRP C communication
IBM(R) Lotus(R) Domino(TM) servers offer many different services. The foundation for communication
between IBM(R) Lotus(R) Notes(R) workstations and Domino servers or bet ween two Domino servers
is the Notes remote procedure call (NRPC) servic e.

Network protocol s for NRPC communi cation:
To communicat e, two computers must run the same net work protoc ol and software driver. For dialup
connections, Lotus Domino uses its own X.P C protocol natively; Not es and Domino also support PPP
using either Microsoft Dialup Networking (DUN) or Remote Access Service (RAS) for network dialup.
In addition, you can use any IE TF-compliant PPP communications server to dial into the network on
which the Domino server resides or though which the server can be accessed.

For more information on dialup connections, see the chapter ″Setting Up Server-to-Server
Connections.″ On LA Ns, Lotus Domino is compatible with the TCP/IP and NetBIOS over the lower
transport IP For NetB IOS connections to work, both Notes workstations and Domino servers must use
the same lower transport. For detailed information on which protocols are compatible with Lotus
Domino for each supported operating system, see the Release Notes.

Note s network ports:
During the Server Setup program, Domino provi des a list of Notes network ports based on the current
operating system configuration. If these ports are not the ones you want to enable for us e with the
Domino server, you can edit the list during setup.




                                                                                                         10
Because eac h network protocol consumes memory and proc essing resources, you might want to
exclude one or more ports and later remove the associated prot ocol soft ware from the system. In
TCP/IP and NetBIOS, you can install multiple net work interface cards (NICs) and enable additional
Notes net work ports for eac h protocol, using the NOTES.INI file to bind each port to a separate IP
address or NetBIOS LA NA number. For more information, see the topic ″Adding a network port on a
server″ later in this chapter.

Note s named networks:
Consider Notes named networks in your planning. A Not es named net work (NNN) is a group of
servers that can connect to each other directly through a common LAN prot ocol and network pathway
-- for example,

servers running on TCP/IP in one location. Servers on the same NNN route mail to each another
automatically, whereas you need a Connection document to route mail between servers on different
NNNs. When you set up Server documents, be sure to assign each server to the correct NNN. Lotus
Domino expects a continuous connection between se rvers that are in the same NNN, and serious
delays in routing can occur if a server must dial up a remote LA N because the remote server is
inadvertently placed within the NNN. Also bear in mind that the Notes Net work field for each port can
contain only one NNN name, and no two NNN names can be the same.

NNNs affect Notes users when they use the Open Application dialog box. When a user selects Other
to display a list of servers, the servers displayed are thos e on the NNN of the user’s home server for
the port on which the Notes workstation communicat es with the home server. Also, when users click
on a databas e link or document link, if a server in their home server’s NNN has a replica of that
database, they can connect to the replica.

Note: If a server is assigned to two NNNs in the same protocol, as in the case where the server has
two Notes network ports for TCP/IP, a Notes workstation or Domino server connecting to that server
uses the NNN for the port listed first in the Server document.

Resolving server names to network addresses in NRPC
Communications between IBM(R) Lotus(R) Notes(R) and IBM(R) Lotus(R) Domino(TM) run over the
NRP C protocol on top of each supported LA N protocol. When a Notes workstation or Domino server
attempts to connect to a Domi no server over a LAN, it uses a combination of the built-in Notes Name
Service and the net work protocol’s name-resolver service to convert the name of the Domino server to
a physical address on the network.

The Notes Name Service resolves Domino common na mes to their respective protocol-specific
names. Because the Notes Name Service resolves common names by making calls to the Domino
Directory, the service becomes available to the Notes workstation only after the workstation has
successfully connected to its home (messaging) server for the first time. (The prot ocol name-resolver
service normally makes the first connection possible.) When the Not es workstation makes a
subsequent attempt to connect to a Domino server, the Notes Name Service supplies it with t he
Domino server’s protoc ol-specific name -- that is, the name that the server is known by in the
protocol’s name service -- whic h is stored in the protocol’s Net Address field in the Server document.
The protocol’s name-resolver service then resolves the protocol-specific name to its protocol -specific
address, and the workstation is able to connect to the server.

Note: When resolving names of Domino servers that offer Internet services, Lotus Notes uses the
protocol’s name-res olver service directly.

How name resolution works in NRPC:
A Notes workstation or Domino server follows these steps to res olve the name of the Domino server to
which it is trying to connect over NRP C.

Note: If the Net Address field in the Server document contains a physical addres s -- a practice that is
not recommended in a production environment-- the Notes Name Service performs the resolve
directly, thus placing the burden of maintaining physical address changes on the Domino
administrator.




                                                                                                       11
1.   If the workstation/server has a Connection document for the destination server that contains the
     protocol-specific name, the workstation/server passes the protocol-specific name to the protocol’s
     name-resolver service. If the Connection document contains a physical address, the Notes Name
     Service performs the resolve directly. Normal -priority Connection documents are checked first,
     and then low-priority Connection documents.

Note: Unlike in Server doc uments, adding physical addresses in Connection documents is not
discouraged, since only the local workstation/server uses the Connection document.

2. To determine if the destination server’s protocol-specific name is cached, the workstation checks
the Location document and the server checks its own Server document. If the name is cached, the
workstation/server uses the last-used Notes net work port to determine the protocol and passes this
value to the protocol’s name-resolver service.

3. If the protocol-specific name is not cached, one of the following occurs, based on the list order of
enabled Notes network ports:

 For a Notes workstation connected to the home (messaging) server, Not es gives the common name
of the destination Domino server to the home server, which looks in the Domino Directory for the
Server document of the destination server. The home server locates the contents of the Net Address
field for the Notes named network that the Not es workstation has in common with the destination
server and passes this name to the protocol’s name -resolver service. If the workstation and the
destination server are in the same Domino domain but not in the same Notes named network, the
home server locates the names of eac h protocol that the workstation has in common with the
destination server and passes each to the appropriate protocol until a resolve is made. If the Notes
workstation can’t access its home server, it connects to its secondary Notes name server, which
carries out the same actions as the home server.

 For a Domino server, Domino checks the Server document for the destination server, locates the
contents of the Net Address field for the Notes named network that the Domino server has in common
with the destination server, and passes this name to the protocol’s name -res olver service. If the
destination server is in the same Domino domain as the Domino server, but not in the same Notes
named net work, the Domino server locates the protocol name of eac h protocol that it has in common
with the destination server and passes eac h to the appropriate protocol until a resolve is made.

4. If Steps 1 through 3 do not produce the server’s net work address, the workstation/server offers the
Domino common name of the destination server to the name -res olver service of each prot ocol, based
on the order of the enabled network ports in the Server document.

Network security
Physical network security is beyond the scope of this book, but you must set it up before you set up
connection security. Physical network security prevents unauthorized users from breaking through the
network and using one of the operating system’s native services -- for example, file sharing -- to
access the server. Physical network security also comes into play when any data is exposed, as the
potential exists for malicious or unauthorized users to eavesdrop both on the net work where the
IBM(R) Lotus(R) Domino(TM) system resides and on the system you are using to set up the server.

Network access is typically controlled using net work hardware -- such as filtering rout ers, firewalls, and
proxy servers. Be sure to enable rules and connection pat hways for the services that you and others
will access. Newer firewall systems offer virtual -private-network (VPN) services, which encapsulate the
TCP/IP packet into another IP wrapper where the inner TCP/IP packet and its data are encrypted. Th is
is a popular way to create virtual tunnels through the Internet between remot e sites. If you want to
have the Domino server access both a private VP N and the Internet for SMTP mail, make sure your
solution is able to handle full TCP data packets and that it allows dual connections. If not, the Domino
server system may require a second NIC to work around limitations of the VPN solution. For more
information, see the chapter ″Controlling Access to Domino Servers.″




                                                                                                         12
NRPC and Internet connection security
To control connection access, you typically use a network hardware configuration, such as a firewall,
reverse proxy, or IB M(R) Lotus(R) Domino(TM) passthru server, to which you can authorize
connections and define access to network resources.

In addition, you can encrypt all connections by service type. Encrypting connections protects data from
access by malicious or unauthorized users. To prevent data from being compromised, encrypt all
Domino and IBM(R) Lot us(R) Not es(R) services that connect to public networks or to net works over
which you have no direct control. Encrypting the connection channel prevents unauthorized users from
using a network prot ocol analyzer to read data.

To encrypt NRP C network traffic, use the Notes port encryption feature. For t raffic over Int ernet
protocols, use SSL. For both NRP C and Internet prot ocols, you can enforce encryption at the server
for all inbound and outbound connections. In the case of the Notes client, you can also enforce
encryption on all outbound connections, even if the server to which you are connecting allows
unencrypted connections.

Because enc ryption adds additional load to the server, you may want to limit the servic es for which the
server uses enc ryption. Other ways to minimize the load that encryption puts on the system include:
 Using an additional Domino server acting as a passthru server for NRPC connections
 Using a reverse proxy to manage authentication and encryption outside of Domino servers when
using SSL
 Removing unnecessary or unused protocols or services on the server system as well as Domino
server services For more information, see the chapters ″Installing and Setting Up Domino Servers″
and ″Setting Up SSL on a Domino Server.″

Using a Domino passthru server as a proxy
A proxy is a system that understands the type of information transmitted -- for example, NRPC or
HTTP-format information -- and controls the information flow between trusted and untrusted clients
and servers. A proxy communicates on behalf of the requester and also comm unicates information
back to the requester. A proxy can provide detailed logging information about the client requesting the
information and the information that was transmitted. It can also cache information so requesters can
quickly retrieve information again.

A proxy stops direct access from an untrusted net work to services on a trusted net work. If an
application proxy is in use, then application-specific heuristics can be applied to look at the
connections from the unt rusted networks and determine if what is being requested is legal or safe. An
application proxy resides in the actual server application and acts as an intermediary that
communicates on behalf of the requester. An application proxy works the same as a packet filter,
except the application proxy delivers the packet to the destination. An application proxy can be used
with any protocol, but it is designed to work with one application. For example, an SMTP proxy
understands only SMTP.

A circuit-level proxy is similar to an application proxy, except that it does not need to understand the
type of information being transmitted. For example, a SOCKS server can act as a circuit -level proxy.
You can use a circuit-level proxy to communicate using Internet prot ocols with TCP/ IP -- that is, IMAP,
LDAP, POP3, SMTP, IIOP, and HTTP, as well as Int ernet protocols secured with SSL. HTTP is a
special case. In IBM(R) Lot us(R) Domino(TM), when the HTTP Connect method is used by an HTTP
proxy, applications using other protocols can also use the HTTP proxy, but they use it as a circuit-level
proxy, not as an application proxy. SSL uses the HTTP Connect method to get through an application
proxy because the data is encrypted and the applic ation proxy cannot read the data. HTTPS (HTTP
and SSL) use bot h the HTTP proxy and the Connect method, which implies that the HTTP proxy is a
circuit-level proxy for HTTPS. The same method is used to get NRPC, IMAP, and other protocols
through the HTTP proxy.

You can set up a Domino passthru server as an application proxy for NRP C. A passthru server
provides all levels of IBM(R) Lotus(R) Notes(R) and Domino security while allowing clients who use
dissimilar protocols to communicate through a single Domino server. The application proxy does not
allow Internet protoc ols -- for example, HTTP, IMAP, and LDAP -- to use a Domino passthru server to
communicate, however. For Int ernet protocols, you can use an HTTP proxy with the HTTP Connect


                                                                                                        13
method to act as a circuit-level proxy. A Notes client or Domino server can also be a proxy client and
interoperate with either passthru (NRP C protocol only) or as a SOCKS or HTTP tunnel client (for
NRP C, POP3, LDAP, IMAP, and SMTP protocols). You set this up in the Proxy setting in the client
Location document.

To set up a Domino passthru server as an application proxy:
When you set up an application proxy, make sure the following Domain Name System (DNS) services
are correctly configured:
 The databases db.DOMA IN and db.ADDR, which DNS uses to map host names to IP addresses,
must contain the correct host names and addresses.
 Hosts files must contain the fully qualified domain name of the servers.

If you are using the Net work Information Service (NIS ), you must use the fully qualified domain name
and mak e sure NIS can coexist with DNS.

For information on configuring thes e settings, see the documentation for your network operating
system.

You must first connect the server to the untrusted network -- for example, the Internet -- and then set
up Notes workstations and Domino servers to use the passthru server as a proxy when accessing
services outside the trusted network.

To set up a workstation or server to use the passthru server, you must specify the passthru server in
the Location document for a workstation and in the Server document for a server. For more
information on connecting a server to the Internet and passthru servers, see the chapter ″Setting Up
Server-to-S erver Connections.″

TCP/IP security considerations
In a TCP/IP net work, configure all IBM(R) Lotus(R) Domino(TM) servers to reject Telnet and FTP
connections. Furthermore, do not allow file system access to the Domino server or the operating
system on which it runs, unless you are sure you can properly maint ain user access lists and
passwords and you can guarant ee a secure environm ent. If you use the Net work File System (NFS )
without maintaining the password file, users can breach security by accessing files through NFS
instead of through the Domino server. If this ″back door″ access method is needed, isolate the net work
pathway on a LA N NIC and segment, and mak e sure that the ability to access files through NFS is
exclusive to this isolated secure network.

Mapped directory links and Domino data security
To ensure data security, do not create a mapped directory link to a file server or shared Network
Attached Storage (NAS) server for an IBM(R) Lotus(R) Domino(TM) server. Thes e links can cause
both databas e corruption and security problems.

Database corruption:
If the net work connection fails while the Domino server is writing to a dat abase on the file server or
shared NAS server, the database can become corrupted. In addition, the interdependence of the file
sharing protocols -- Server Message Block (SMB), Common Internet File System (CIFS ), and Network
File System (NFS) -- and the rem ote file system can affect the Domino server’s performance. Domino
sometimes needs to open large numbers of remote files, and low latency for read/ write operations to
these files is desirable.

To avoid thes e problems on Domino servers, consider doing one or more of the following:
 Create an isolated network and use cut-through (non-buffering) layer-2 switches to interconnect the
Domino server to the NAS system.
 Limit access to the NAS system to the Domino server.
 Reduce the number of hops and the distance between hops in the connection pathways between the
Domino server and the storage system.
 Use a block protocol instead of a file protocol.
 Use a private storage area network (SAN) instead of a shared NAS system.
 Avoid creating any file-access contention between Domino and ot her applications.



                                                                                                        14
To avoid problems with IBM(R) Lotus(R) Notes(R) workstations, consider doing the following:
 Locate Notes workstations so that they are not accessing a remote file server or NAS system over a
WAN.
 To minimize the risk of database corruption because of server failure when a Not es client’s Domino
data directory is on a file server or NAS server, evaluate the reliability of the entire net work pathway as
well as the remote system’s ability to maintain uninterrupt ed sessions to the Notes client over the file
sharing protocols it is using (SMB, CIFS, NFS, NetWare Core Protocol, or AppleS hare).
 If a Notes client’s Domino data directory is on a file server or NAS server, remember that only one
user (user session) can have the user data directory files open a time. Lotus Notes does not support
concurrent access to the same ″local″ database by two clients.

Security problems:
When ″Encrypt network dat a″ is enabled, all Domino server and Notes workstation traffic is encrypted.
However, the file I/O bet ween the Domino server and the file server or shared NAS server is not
encrypted, leaving it vulnerable to access by unauthorized users.

Planning the TCP/IP network
The default TCP/ IP configuration for an IBM(R) Lotus(R) Domino(TM) server is one IP address that is
globally bound, meaning that the server listens for connections at the IP addresses of all NICs on the
computer. Global binding works as long as the computer does not have more than one IP address
offering a servic e over the same assigned TCP port. For operating system requirements, see the
Release Notes.

The default configuration
Use these topics to plan how to integrate Lotus Domino with the TCP/IP network when the Domino
server has one IP address and is not partitioned:
 NRP C name-to-address resolution over TCP/IP
 NRP C name-to-address resolution over TCP/IP
 Ensuring DNS resolves in TCP protocols

Advanced configurations
Use these topics to plan how to integrate Lotus Domino with the TCP/IP network when the Domino
server has more than one IP address or is partitioned:
 Advanced Domino TCP/ IP configurations
 Partitioned servers and IP addresses v Ensuring DNS resolves in advanced TCP/IP configurations

Changing a server’ s IP address
Use this topic to change a server’s IP address:
 Changing a server’s IP address

Moving to IPv6
This topic provides the information you need if your company is migrating to the IP v6 standard:

 IP v6 and Lotus Domino

NRPC name-to-address resolution over TCP/IP
In the TCP/IP protocol, the met hod most commonly used to resolve server names to network
addresses is the Domain Name System (DNS), an Internet directory service developed both to allow
local administrators to creat e and manage the records that resolve server names to IP addresses and
to make those records available globally. While the POP3, IMAP, LDAP, and HTTP services use DNS
directly, the NRP C service uses a combination of the Notes Name Service and DNS to resolve server
names to net work addresses.

For background information on how the Notes Name Service works with name -res olver services such
DNS, see the topic ″Resolving server names to network addresses in NRP C″ earlier in this chapter.
Within DNS, ″domain″ refers to a name space at a given level of the hierarchy. For example, the .com
or .org in a Web URL represents a top-level domain. In a domain such as acme.com, a DNS server --
that is, a server running DNS software -- in the Acme company stores the records for all Acme
servers, and an administrator at Acme maintains those records.



                                                                                                         15
When you set up an IBM(R) Lotus(R) Notes(R) workstation on the TCP/IP network, you normally rely
on DNS to resolve the name of the workstation’s IBM(R) Lotus(R) Domino(TM) home server the first
time the workstation tries to connect to it. As long as the Notes workstation and Domino home server
are in the same DNS domain level, DNS can accomplish the res olve.

When to edit the Net Addre ss field in the Server document:
The default format for a server’s TCP/IP net work address in Lotus Domino is its fully qualified domain
name (FQDN) -- for example, app01.acme.com -- based on the DNS record and the IP address
references in the system’s TCP/ IP stack. When a Notes workstation or Domino server requests this
name, the TCP/IP resolver passes it to DNS, and DNS resolves the name directly to the IP address of
the destination server, regardless of the DNS domain level of the requesting system.

If you do not want to enter the FQDN in the Net Address field, you can change it to the simple IP host
name -- for example, app01 -- either during server setup or later by editing the Server document. For
example, you might use the simple IP host name if you are setting up multiple TCP ports for NRP C, a
configuration in which using the FQDN for eac h network address can cause connection failures if the
Notes Name Service returns the FQDN for the wrong TCP port. In this case, using the simple IP host
name ensures that DNS does a lookup in all domain levels within the scope of the domains defined in
the requesting system’s TCP/IP stack settings.

CAUTION: In a production environment, do not use I P addresse s in Net Addre ss fields. Doing
so can result in serious administrative complications if IP addresses change or if Network
Addre ss Translation (NAT) connections are used, as the values returned by the Note s Name
Service will not be correct.

Secondary name servers:
To ensure that the Notes Name Service is always available over TCP/IP, when you set up a Notes
user, you can designate a Domino secondary name server that stands in for the home server in these
situations:
 The user’s home server is down.
 The user’s home server is not running TCP/ IP.
 The user’s home server cannot be resolved over TCP/IP.

Note: In companies using multiple DNS domains, a Domino secondary name server ensures that a
Notes workstation can connect with its home server even when the home server is in a different DNS
domain. You can use policies to automate the setup of secondary name servers. For more
information, see the topic ″Ensuring DNS resolves in NRP C -- Best practices″ later in this chapter. For
information on policies, see the chapter ″Using Policies.″

Special case: The passthru server:
By connecting to a passthru server, Notes users can access servers that do not share a net work
protocol with their systems. If both the Notes workstation and destination server are in a different
Domino domain from the passthru server, it may not be possible for the passthru server to resolve the
name of the destination server. In this case, do one of the following:
 On the Notes workstation, create a Connection document that includes the IP address of the
destination server.
 On the passthru server, create a Connection document to the destination server. For more
information on passthru servers, see the chapter ″Setting Up Server-to-Server Connections.″

Internal alternatives to DNS :
If you don’t use DNS at your site or if a Domino server is not registered with DNS (as is sometimes the
case if the server offers Int ernet servic es), use one of these methods to enable each Notes
workstation and Domino server to perform name resolution locally. Keep in mind that the upkeep
required for both of these approaches is considerable.
 Place a hosts file, which is a table that pairs eac h system name with its IP address, on every system
that needs private access. Set up each system so that it accesses the hosts file before accessing
DNS.
 Create a Connection document that contains the destination server’s IP address on every Notes
workstation and Domino server that needs to access that server.




                                                                                                      16
Tip:
Use policies to automate the setup of Connection documents for Notes users. E ven if you use DNS,
you should set up Connection documents for Notes users in locations from whic h they have difficulty
accessing the DNS server. For more information on policies, see the chapter ″Using Policies.″

Alternative IP name services: Microsoft networking services offers four additional methods of IP
address resolution. These methods are not as reliable as traditional DNS and hosts files and can
cause name and address confusion. For best results, do not use these methods when also using the
Notes net work port for TCP/IP.
 Direct NetB IOS broadcast -- The system sends out a name broadcast message so that all of the
systems on the local network segment can register the name and IP address in their name cache. If
you must use NetBIOS over IP and use Domino with bot h the NetBIOS and TCP/IP port drivers, avoid
name-resolution problems by giving the Domino server and the system different names.

Master Browser cache (for NT domains or SAMBA servers) -- Collects broadc asted names and IP
addresses and publishes them across the NT domain to other Master Browser systems for
Microsoft (R) Windows(R) systems to access in their name lookups.
 Windows Internet Name Service (WINS ) -- Uses NetB IOS broadcasts. Unlike DNS, which is static in
nature, WINS is dynamic. Note that the TCP/IP stacks of Macintosh and UNIX(R) client systems may
not be able to access the WINS server.
 LAN Manager Hosts (LMHosts) -- A static hosts file method.

CAUTION: On a Windows system, the combination of the system’ s native NetBIOS over IP
name-resolver service and DNS can cause name resolution failure for the Domino server name.

For information on avoiding this problem, see the topic ″Server name-to-address resolution over
NetBIOS″ later in this chapter.

Ensuring DNS resolves in TCP protocols
When you register a new IBM(R) Lotus(R) Domino(TM) server, you specify a common name for it.
Within a Domino hierarchical name, the common name is the portion before the l eftmost slash. For
example, in the name App01/East/Acme, the common name is App01. The common name, not the
hierarchical name, is the name that the Domino server is known by in DNS.

Note: When you choos e a common name for a Domino server that uses DNS, use only the characters
0 through 9, A through Z, and the dash ( -). Do not use spaces or underscores.

Note: The DNS names held in IBM(R) Lotus(R) Notes(R) and IBM Lotus Domino are not case
sensitive; Notes workstations and Domino servers always pass DNS names to DNS in lowerc ase.

You can avoid problems and extra work if you consider the DNS configuration, as well as the effect of
other prot ocol name-resolver services, when you choose the format for the common name of the
Domino server.

To avoid name-resolution problems that affect all TCP services on Microsoft(R) Windows (R) systems,
see the topic ″Ensuring DNS resolves on Windows systems -- All TCP prot ocols.″

For naming requirements when using Domino Off-Line Services (DOLs ) or Domino Web Access, see
the chapter ″Installing and Setting Up Domino Servers.″

Ensuring DNS resolve s on Windows system s -- All TCP protocol s:
If an IBM(R) Lot us(R) Domino(TM) server is a Microsoft(R) Windows(R) system, often two name
services exist on the system -- NetBIOS over IP and DNS. If you assign the same name to both the
Domino server and the system, client applications that use either the Notes Name Service or DNS can
encounter name-space ghosting between the two names. In other words, because the NetBIOS record
for a system’s host name has already been found, the name resolving process ends and the DNS
record for the Domino server on that system is never found.

Note: For a Domino server on Windows 2000, problems occur only if you enable name services for
NetBIOS over IP in order to join an NT domain using Server Message Blocks (SMB).



                                                                                                       17
To prevent this problem:

1.   Add a preface such as W2K- to the system name, using the Net work Identification tab on the
     System Properties dialog box.
2.   Create an A record (or, for IP v6, AAAA record) in DNS for the system name. The IP address is the
     same as the one for the Domino server.
3.   Create a CNAME record in DNS for the Domino server’s name, linking it to the system name.

For example, for the Domino server BosMail02/Acme, the common name is BosMail02. You name the
system NT-BosMail02. You create an A record in DNS for NT-B osMail02.acme.com and a CNAME
record for BosMail02.acme.com, linking it with NT-B osMail02.acme.com.

Ensuring DNS resolve s in NRP C -- Best practice s: The following procedures provide the best
name-resolution practices for an IBM(R) Lotus(R) Domi no(TM) server using the default NRPC
configuration on a TCP/IP net work (one IBM(R) Lotus(R) Notes(R) network port for TCP/ IP). These
procedures address the following DNS configurations:
 One DNS domain
 Multiple DNS domain levels

If your TCP/IP configuration has multiple Notes network ports for TCP/IP, see the topic ″Ensuring DNS
resolves in advanced TCP/IP configurations″ later in this chapter.

When you have one DNS domain: If your company uses only one DNS domain, doing the following
eliminates the need for CNAME records in DNS:

1.   Assign the same name as both the Domino server common name and the simple IP host name
     registered with DNS.
2.   Make sure the Net Address field on the Server document contains the server’s FQDN.
3.   Create an A record (or, for IP v6, AAAA record) in DNS.

For example, you set up the Domino server App01/Engr/Acme. Thus, you register the server with DNS
as app01, the server’s common name. The Net Address field in the Server document contains
app01.acme.com (t he server’s FQDN), and the A rec ord is: app01.acme.com IN A 192.168.10.17.

When you have multiple DNS domain levels: If your company uses multiple DNS domain levels -- for
example, when each country in which a multinational company has offices is a subdomain in DNS --
doing the following eliminat es the need for multiple CNAME records in DNS and ensures that DNS
lookups always work, regardless of the DNS domain level of the user’s system:

1.   Assign the same name as both the Domino server common name and the simple IP host name.
2.   Make sure the Net Address field on the Server document contains the server’s FQDN.
3.   Create an A record (or, for IP v6, AAAA record) in DNS.
4.   If users’ systems are in a different DNS domain than that of their home server or in a DNS
     subdomain of their home server’s domain, set up a secondary name server. Place this secondary
     name server on the same physical network as the users’ systems or on a net work that the users
     can access.

Note: Register the secondary name server in the root of the company’s DNS domain.

For more information on setting up groups of users, see the chapter ″Using Policies.″ For more
information on setting up an individual Notes user, see the topic ″Setting up a secondary name server″
later in this chapter. For example, you register the Domino server ParisMail01/Sales/Acme with DNS
as parismail01.france.acme.com. Parismail01 is the home server for some users in the DNS
subdomain spain.acme.com. You set up a secondary name server, Nameserver/Acme, register it with
DNS as nameserver.acme.com, and ensure that the Location documents of users who need a
secondary name server point to this server. When a user in spain.acme.com attempts a first
connection with the home server (parismail01. france.acme.com), the connection fails because the
DNS subdom ain for spain.acme.com has no records for the subdomain france. acme.com. Notes then
connects successfully with the secondary name server (nameserver.acme.com), since the DNS
subdomain for spain.acme.com does include the records for acme.com. When the secondary name



                                                                                                    18
server supplies the Notes workstation with the FQDN from the Net Address field in the Server
document for ParisMail01, DNS resolves the FQDN to an IP address, and the user can access mail.

As long as all Server documents in the Domino domain have the TCP/IP network address in FQDN
format, this approach allows any Notes workstation or Domino server to locate any Domino server,
regardless of its DNS domain level.

Ensuring DNS resolve s in NRP C -- Alternative practices:
The following procedures provide alternative name-resolution practices for an IBM(R) Lotus(R)
Domino(TM) server using the default NRP C configuration on a TCP/ IP network (one Notes net work
port for TCP/IP). Domino server names that differ from their DNS names: When your name scheme for
Domino servers is different than that for DNS, use one of the following methods to translat e the
Domino server’s name to the host name:
 Create a local Connection document on each IBM(R) Lotus (R) Notes (R) client and Domino server
that needs to connect to the Domino server, and enter the FQDN for the system that hosts the Domino
server in the Net Address field. For example, for the Domino server named App01/Sales/Acme on the
system registered with DNS as redflier, enter redflier.acme.com in the Net Address fields of the
Connection documents.

 Use an alias (CNAME) record in DNS to link the Domino server common name to the simple IP host
name. For example, for the Domino server App01/Sales/Acme on the system registered with DNS as
redflier, use a CNAME record to link the name App01 to the name redflier. When a Notes workstation
first accesses this server, it obtains the host name from the Net Address field of the Server document
and caches it, thereby making future connections faster.

IP addresses in Connection documents: In situations in which you don’t want to use any name-
resolver service -- such as bringing up a new server system that you don’t want known yet, or having a
server on the Internet that you want accessible but for which you can’t use DNS -- create Connection
documents that directly tell Notes workstations or Domino servers how to access this Domino server
by using the server’s IP address in the documents’ Net Address fields.

Net work Address Translation (NAT): NA T is a method of translating an IP address between two
address spaces: a public space and a private space.

Public addresses are assigned to companies by the Internet Corporation of Assigned Names and
Numbers (ICANN) or leased from the company’s ISP/NSP. Public addresses are access ible through
the Int ernet (routable) unless firewalls and isolated networks make them inaccessible. Private
addresses are IP address spaces that have been reserved for internal us e. These addresses are not
accessible over the Internet (non-routable) because net work routers within the Internet will not allow
access to them. The following address spaces have been res erved for internal use. It is best to use
these IP addresses and not make up your own.
 Class A: 10.0.0.0 to 10.255.255.255
 Class B: 127.16.0.0 to 172.31.255.255
 Class C: 192.168.0.0 to 192.168.255.255

For example, users inside a company access the Domino server based on its assigned IP address,
which is a private address (192.168.1.1). Internet users must access the Domino server through a
NA T router, which converts the private address to one of its static public addresses (130.20.2. 2).
Therefore, a Not es client accessing the server from the Internet uses the public address.

Ensuring DNS resolve s in NRP C -- A practice to use with caution:
The following practice, if followed precisely, should ensure good DNS resolves in NRP C for companies
with multiple DNS domain levels, but might result in extra work if the infrastructure changes. Using this
practice has the following disadvantages:

 You can never assign more than one IP address in DNS to the IBM(R) Lotus(R) Domino(TM) server.
 If the FQDN changes, the Domino server name will not match the FQDN, thus invalidating the DNS
resolve. You will then need to create a new server and migrate users to it.
 If you use net work address translation (NA T), the server’s FQDN must be identical in both instances
of DNS (internal and external shadow DNS).



                                                                                                          19
 You cannot use other net work protocols, as many of them use flat net work name services, and th ose
that use hierarchical name systems will not function unless the name hierarchy is exactly the same.
 Diagnosing connectivity issues can be much harder.

domain levels -- for example, when each country in which a multinational company has offices is a
subdomain in DNS -- do the following:

1. Use the server’s FQDN as the Domino server common name.
2. Create an A record (or, for IP v6, AAAA record) in DNS. For example, if you register a server with
DNS as app01.germany.acme.com, you can also assign the Domino server’s common name as
app01.germany.acme.com. In this case, the server’s Domino hierarchical name might be
app01.germany.acme.com/Sales/Acme.

Changing a server’ s IP address
Before changing a server’s IP address, consider the following pot ential p roblems:

 Problem 1: If the server’s previous IP address is stored in any Server Connection documents or
Server documents, when that server’s IP address is changed in DNS and on the server itself, these
old Server Connection documents or Server documents will cause connection failures. Solution:

Use the DNS fully-qualified domain name, not the IP address, as the network address stored in the
Server Connection documents and Server documents. You can then change the server’s IP address in
DNS without having to change the Server Connection doc uments or Server documents. Changing the
network address from the IP address to the DNS name can be done at any time. To modify the Server
Connection document, open the Server Connection document. On the Basics tab, i f Local Area
Network is chosen in the Connection Type field, click the Advanced tab and check the entry in the
Destination server address field. If the field contains the server’s IP address, delete the IP address and
enter the fully -qualified domain name. Remember, bot h the server-based Domino Directory and the
client-bas ed Address Book can have this problem. To modify the Server document, click the Ports tab
for the Net Address for TCP ports. If the field cont ains the IP address, change the entry to the p roper
fully-qualified domain name.

 Problem 2: The algorithm that all IBM(R) Lotus(R) Notes(R) clients and IBM(R) Lot us(R)
Domino(TM) servers use to connect to a Domino server can cache the IP address that was used to
successfully connect to a server. If this cache entry exists, when the server’s IP address is changed,
the old cached address may be used causing the connection to fail.

It is important to understand why this caching is performed. Notes supports a wide range of net working
technologies implement ed as Notes ports. If Notes attempts to connect to a server that is down, and
tries every possible technology (Notes port ) using every possible Name to Address resolution tool until
each one fails, the connection attempt takes a long time. To prevent the long delay that would occur in
reporting the error when the server goes down, Notes has implemented two server connection
algorithms. One algorithm is fast, using cached addresses, and the other is slower, using the complet e
algorithm which bypasses the cache when it fails.
The following solutions can resolve this problem. Solutions are listed in the order in which they should
be used.

Solution 1: The fast connection algorithm is only used if the client or server had successfully
connected to the same server earlier in the day. If a successful connection has not yet occurred today,
the slower algorithm is used and the cache is bypassed. To avoid this problem, change a server’s IP
address late in the evening, but before midnight. This is the easiest solution bec ause it is transparent
to the user and involves no help desk calls or any action on the user’s part.

Solution 2: The cache is rewritten following successful connection to the server. The cached address
is the address entered by the user, not the res olved IP address. Therefore, if users have the habit of
connecting to servera/acme by entering servera.acme.com, the cached address will be
servera. acme.com, not 1.2.3.4 and the problem will not occur.

Solution 3: The cache is rewritten following any successful connection to the server. If a user tries to
connect to the server by its Notes name, for example, servera/acme, the stale cache entry is used. If



                                                                                                           20
the user tries to connect using the server’s fully-qualified domain name, for example,
servera. acme.com, then the cache will not be used, the new address will be fetched from DNS and the
correct new address entered in the cache. To make this successful connection using the fully -qualified
domain name of the server, use the File - Application - Open menu command or the File - Preferences
- User Preferences - Ports - Trace menu selections.

Solution 4: The cache is stored in the following Notes fields in the Location documents for the client
and in the Server document for the server:

–$Saved Addresses
– $SavedDat e
– $SavedP orts
– $SavedS ervers
– $SavedTriedDate

If these fields are deleted from the Location or Server document, for example, using a formula agent,
the old IP addresses in the cache cannot be used. This method can be confusing because t he Notes
items are rewritten when the client or server exists from an in-memory copy. Therefore, to use this
method to clear the cache for the client, create the agent in the Local Address Book, and then switch
to the Island Location document and exit the client. Restart the client, and then run the agent to clear
the cache for all other locations. Switch to your normal location. Sample agent formula language code
to clear the cache:

– FIELD $SavedAddresses:=@Delet eField;
– FIELD $SavedDate:=@DeleteField;
– FIELD $SavedPorts:=@Delet eField;
– FIELD $SavedTriedDate:=@DeleteField;
– FIELD $SavedServers:=@DeleteField;
– SELECT @All

Solution 5: Disable the use of the cached addresses by using the following NOTES.INI setting:

DONT_USE_REMEMBERE D_A DDRESSES=1

If the client uses multiple or slow port technologies, we discourage the use of this technique because it
can cause a long delay in reporting that a server is down.

IPv6 and Lotus Domino
Because support for IP v6 by hardware and operating system suppliers and the Internet is still in the
early stages, moving to the IP v6 standard will be a gradual process for most organizations. In IBM(R)
Lotus(R) Domino(TM), you can enable IP v6 support for SMTP, POP3, IMAP, LDAP, and HTTP
services on IBM(R) A IX®, Solaris®, and Linux(R) systems.

Domino supports bot h IP v6 and IP v4. Thus, if an IP v6 -enabled Domino server encounters an IP
address in IP v4 format, the Domino server can still make the connection to that address. When
attempting to connect to a server, Domino tries to resolve all IP addresses for a server until one works.
This allows a server to have both an IP v4 address and an IP v6 address. Domino caches the last
successful address for a server and uses only the cached address to quickly search for a serve r. If you
do not want to use only the cached address, enter the NOTES.INI setting
DONT_USE_REMEMBERE D_A DDRESSES=1.

In DNS, records that store IP v6 addresses are called AAAA records. After you enable IP v6 on a
Domino server and add the server’s AAAA record to DNS, another IP v6-enabled Domino server can
connect to it only over IP v6. Servers that don’t support IP v6 can run Domino with IP v6 support
disabled, which is the default. These servers can successfully connect to IP v6-enabled Domino
servers only if the DNS for the IP v6 servers contain A records.

Using IPv6 in a Domino network:
For best results when using IP v6 with Domino servers, set up net work devices in the network pat hway
to connect directly with native IP v6, rather than tunnel through the IP v4 network.



                                                                                                         21
Enabling IPv6 on Note s and Domino, post relase 6:
To enable IP v6 on IBM(R) Lotus(R) Notes(R) and Domino, add the setting TCP _ENABLE IPV6=1 to
the NOTES. INI file on both the Notes client and the Domino server.

How Lotus Domino decides whether to connect over IPv6 or IPv4:
A Domino server evaluates the address format and then, based on that information, makes an IP v4 or
an IP v6 connection.

Address format.                                          Server response
IPv4                                                     Makes an IPv4 connection
IPv4 address mapped to IPv6                              Attempts to make an IPv6 connection and waits for the
                                                         TCP/IP software to make either an IPv6 or IPv4
                                                         connection, depending on the remote system’s TCP/IP
                                                         stack.
IPv6                                                     Makes an IPv6 connection
Server name                                              Uses DNS to resolve the name:
                                                          If only an A record is found, connects over IPv4.
                                                          If only an AAAA record is found, connects over IPv6
                                                         or waits for the TCP/IP software to make the
                                                         connection.
                                                          If both an A record and AAAA record are found, uses
                                                         the AAAA record.

Using IPv6 addre ss formats with Domino and Note s: You can use an IP v6 address as a string
anywhere that an IP v4 address as a string can be used; however, IP v4 addresses with port numbers
are supported by the IBM(R) Lotus(R) Notes(R) client and the Web server in the following format:
1.2.3.4:1352

IP v6 addresses contain a varying number of colons; therefore, the syntax shown above can not be
used with IP v6 addresses. To be consistent with a proposed format for Web servers, if the port
number is included with an IP v6 address, the address must be enclosed in square brackets.

The following address formats can be used wherever address strings are supported, for example, in
Server documents, in the Open Application dialog box, or in the Port Trace dialog box.

9.95.77.78
9.95.77.78:1352
[9.95.77.78] [9.95.77.78]:1352
fe80::290:27ff:fe43:16ac
[fe80::290:27ff:fe43:16ac]
[fe80::290:27ff:fe43:16ac]:1352

Installing the IPv6 stack:
Install the IP v6 stack before IP v6 will work for any soft ware. To install the IP v6 stack, follow the
instructions provided for by your platform’s vendor.

The instructions in this section contain general guidelines for many platforms, but you need to follow
the instructions provided by the manufacturer of your platform. Prior to installing the IP v6 stack, check
to see if IP v6 is configured on your system by using the following commands according to platform:

Platform                                                 Commands
Microsoft(R) Windows(R) platforms                        ipconfig /all
All other platforms                                      ifconfig -a

After installing IP v6, use that same command to verify that IP v6 is available.

Microsoft Windows 2003 server platform: To enable IP v6 on the Microsoft(R) Windows (R) 2003 server
platform, use

netsh interface ipv6 install

Link local address automatically assigned



                                                                                                            22
Microsoft Windows XP client: To enable IP v6 on the Microsoft Windows XP client, use

netsh interface ipv6 install

Link local address automatically assigned

AIX platform:       To enable IP v6 on the IBM(R) AIX(R) platform, enter

ifconfig le0 inet6 plumb up

Link local address automatically assigned

Solaris platform:       To enable IP v6 on the Solaris plat form, enter

ifconfig le0 inet6 plumb up

Link local address automatically assigned

United Linux platform:         IPv6 is enabled by default on the United Linux(R) plat form.

Zones: In the IP v6 standard, when link local address and site local address are used, an additional
parameter is required to specify the interface on which the address is valid. In the API, this additional
parameter is called the scope_id; in user documentation, the parameter is called the zone. In IBM(R)
Lotus(R) Notes(R) and IBM(R) Lotus(R) Domino(TM), use the format address string followed by the
percent sign (%) followed by the zone.

On Microsoft Windows, the zone is an integer index into the interface list with the first interface being
zone one.

Note the following information regarding zones:
 Zones are mandat ory on Windows for link local addresses.
 Zones are mandat ory on Linux(R) for link local addresses.
 Zones are not required on A IX and Solaris.

 A zone is NOT a characteristic of the target system, but rather a characteristic of the source system;
therefore, never attempt to put a zone into DNS, in a hosts file, or in a global data store such as the
Domino Directory.
 If a computer has only a single net work interface, you can use the NOTES. INI variable
TCP_DEFAULTZONE to provide a default zone for all link local addresses.

Receiving incoming connections on IPv6 sockets or IPv4 sockets:
UNIX(R) platforms receive both IP v4 and IP v6 incoming connections on the same socket. Microsoft(R)
Windows (R) is not capable of receiving both incoming IP v4 and IP v6 connections on the same socket.
If IP v6 is disabled, Microsoft Windows only receives IP v4 connections. If IP v6 is enabled and the port
is not bound to an address, only IP v6 connections are received. To receive both IP v4 and IP v6
connections, define two ports -- one bound to an IP v4 address and one bound to an IP v6 address.
This is easily done for NRP C, but until now, Internet servers only provided support for a single IBM( R)
Lotus(R) Notes(R) port.

IBM(R) Lotus(R) Domino(TM) supports two IBM Lotus Notes ports for Internet servers. The user
interface specifies two Notes port names in the NOTES. INI variable SMTP NotesPort. For example,
SMTPNotesPort=TCPIP,TCPIP6

There is one restriction. If either of the ports is shut down (stop port tcpip) the Internet servers
moment arily shut down both ports and restart listening on the one remaining port. Also, outbound
connections for any address will succeed on any TCP port. For outbou nd connections, IBM Lotus
Domino creates the proper socket to handle the attempted target address.

Mak ing outbound connections with a TCP port bound to an IP address: When a client or a server
making outbound connections has a TCP port bound to a specific IP address, using the NOTES. INI
setting SMTP NotesPorts= <TCP IPAddress>, the bound port can only make outbound connections of



                                                                                                        23
the type of the bound IP Address. For example, if a server binds the Not es Port TCPIP to an IPV4
address and the Not es Port TCPIP 6 to an IPV6 address, then port TCPIP can only make outbound
connections to IPV4 addresses and port TCP IP6 can only make outbound connections to IPV6
addresses.
In a configuration that includes IPV 4 and IPV6 Notes ports bound to IP addresses, the ports lis ted in
the Connection documents must include all TCP ports over which the connection can possibly be
made. For example, if you create a Server Connection document from serverA to serverB, and
serverB’s DNS name can resolve to both an IPV4 address and an IP V6 address, and you want the
connection to work over IPV 4 or IPV 6, you must include both ports in the Connection document.

When an IPv4 or an IPv6 sock et is created and used: Use the following set of rules to determine
whet her to us e an IP v4 or IP v6 socket:
 When connecting or listening, if IP v6 is not enabled, always create an IP v4 socket.
 If connecting or listening with a bound address, use a socket that matches the address type.
 If listening and no address is bound, and if IP v6 is enabled, use an IP v6 socket.
 If listening and no address is bound, and if IP v6 is disabled, use an IP v4 socket.

Note: The address 0 indicates that a listener is willing to listen to any address. Applying the above set
of rules, note the following:
 To create an IP v6 socket that listens to any IP v6 address, do not bind to an address.
 To create an IP v4 socket that listens to any IP v4 address, bind it to address ::ffff: 0.0.0.0

On UNIX(R) servers, an IP v6 socket bound to any address accepts all incoming connections, but on
Windows the same socket only listens to incoming IP v6 connections. On Linux(R), if one port binds to
the ″any″ address and IP v6 is enabled, a second port cannot bind to a specific IP v4 or IP v6 address. If
this is attempted, an ″Address is already in use″ error is returned.

Examples of using NOTES.INI variables with IPv6:
This section contains examples of how to set NOTES. INI variables to support various plat forms and
configurations when using IP v6. In thes e examples, support for NRP C and SMTP is configured. The
other Internet servers are configured similarly to SMTP.

Example 1-- No IPv6 support (Applies to all platforms):
No change required. IP v6 is off by default.

Example 2 -- UNIX platform supporting all valid IPv4 and IPv6 addresses:
TCP_EnableIP v6= 1

Example 2 assumes that no ports are bound to any addresses. By default, on UNIX(R), the single
unbound listening socket is IPv6. The IP v6 socket can rec eive connections from any IP v4 or IP v6
address.

Example 3 -- Mic rosoft Windows platform supporting all valid IPv4 and IPv6 addresses:
TCP_EnableIP v6= 1

TCPIP= TCP, 0, 15, 0

TCPIP 6= TCP, 0, 15, 0

PORTS= TCPIP, TCPIP6 TCP IP_TCPIPA DDRESS=0,[::ffff: 0.0.0.0]:1352

SMTP NotesPort=TCP IP,TCP IP6

Example 3 assumes that no ports are bound to any addresses. On Microsoft (R) Windows(R), by
default, the TCP IP6 port is an IP v6 socket because IP v6 is enabled. The TCPIP port is an IP v4 socket,
because its bound address has the IP v4 format. Both listen to all addresses because the bound
address is 0. The SMTP NotesPort variable is required to force the SMTP listener to listen on two
sockets -- one for IP v4 and one for IP v6.




                                                                                                          24
Example 4 -- UNIX (but not Linux 2.4) partitioned servers. Each server listens to its assigned IPv4 and
IPv6 addresses only: Each Server:

TCP_EnableIP v6= 1

TCPIP= TCP, 0, 15, 0

TCPIP 6= TCP, 0, 15, 0

PORTS= TCPIP, TCPIP6

TCPIP _TCP IPA DDRESS=0,9.33.162.84:1352

TCPIP 6_TCP IPADDRESS=0,[fe80::209:6bff: fecd:5b93]:1352

SMTP NotesPort=TCP IP,TCP IP6

Example 5 -- Mic rosoft Windows (and Linux 2. 4) partitioned servers. Each server listens to its
assigned IPv4 and IPv6 addresses only: Each Server:

TCP_EnableIP v6= 1

TCPIP= TCP, 0, 15, 0

TCPIP 6= TCP, 0, 15, 0

PORTS= TCPIP, TCPIP6

TCPIP _TCP IPA DDRESS=0,9.33.162.84:1352

TCPIP 6_TCP IPADDRESS=0,[fe80::209:6bff: fecd:5b93% 4]:1352

SMTP NotesPort=TCP IP,TCP IP6

The difference here is that Microsoft Windows and Linux(R) 2.4 require the use of the zone in the
address even for addresses bound to listeners if the address is a link local address. The same effect
can also be achieved as shown in Example 5A.

Examle 5A -- Microsoft Windows and Linux 2. 4 partitioned servers. Each server listens to its assigned
IPv4 and IPv6 addresses only: For eac h server:

TCP_EnableIP v6= 1

TCP_Default Zone=4

TCPIP= TCP, 0, 15, 0

TCPIP 6= TCP, 0, 15, 0

PORTS= TCPIP, TCPIP6

TCPIP _TCP IPA DDRESS=0,9.33.162.84:1352

TCPIP 6_TCP IPADDRESS=0,[fe80::209:6bff: fecd:5b93]:1352

SMTP NotesPort=TCP IP,TCP IP6

Example 6 -- Any client wants to mak e outbound IPv4 connections: No change required




                                                                                                     25
Example 6A -- A UNIX client (not Linux 2.4) wants to mak e an outbound IPv6 connection:
TCP_EnableIP v6= 1

Connect to an IP v6 address, or to a DNS or hosts file resident name that resolves to an IP v6 address.

Example 7 -- Mic rosoft Windows/Linux 2.4 client wants to mak e outbound connection via IPv6:
TCP_EnableIP v6= 1

Connect to an IP v6 address, or to a DNS or hosts file resident name that resolves to an IP v6 address.
If the address is a link local address, it must include the zone, such as fe80:: 209:6bff:fecd: 5b93%4, or
the local NOTES. INI file must contain a default zone, or the zone must be included in the local bound
address. Such addresses must NEVER be stored in DNS, in Server doc uments, or Connection
documents. If an IP v6-c apable computer running Windows XP enables IP v6 and it is DHCP, it will
automatically have its QUA D A record stored in DNS and it is stored wit hout a zone, because the zone
is a local construct. Therefore, the ONLY way to use such a DNS entry is to have a default zone in
NOTES.INI.

Example 7A -- Microsoft Windows / Linux 2.4 client wants to mak e outbound connection via IPv6:
TCP_EnableIP v6= 1

TCP_Default Zone=4

Connect to an IP v6 address, or to a DNS or hosts file resident name that resolves to an IP v6 address.
If the address is a link local address, it need not include the zone, such as fe80::209:6bff:fecd: 5b93
because the zone is defaulted by the NOTES.INI variable.

Example 7B -- Microsoft Windows / Linux 2.4 client wants to mak e outbound connection via IPv6:
TCP_EnableIPV 6=1

TCPIP= TCP, 0, 15, 0

PORTS= TCPIP

TCPIP _TCP IPA DDRESS=0,[fe80::209:6bff:fecd:5b93%4]:1352

Connect to an IP v6 address, or to a DNS or hosts file resident name that resolves to an IP v6 address.
If the address is a link local address, it need not include the zone, such as fe80::209:6bff:fecd: 5b93
because it is defaulted by the bound address’s zone.

Enabling Internet protocols on both TCP/IP and TCP/IPV6 ports: Add the following settings to the file,
NOTES.INI:

   ldapnotesport=tcpip,tcpipv6
   imapnotesport=tcpip,tcpipv6
   smtpnotesport=tcpip,tcpipv6
   pop3notes port=tcpip,tcpipv6

Connecting a Note s client to a Domino server via IPv6:
1. Install the IBM(R) Lotus(R) Domino(TM) server and IBM(R) Lotus(R) Notes(R) client.
2. Enable IP v6 on both the client and the server by adding the NOTES.INI setting,
   TCP_E NABLEIP 6=1, to the NOTES.INI files on the Notes client and Domino server:
3. Configure a zone on both the Notes client and the Domino server.

4.    On the Domino server, configure the port for IP v4 and th e port for IP v6.

5.    Launch the Notes client.

6.    Connect from the Notes client using IP v6 address -NRPC. Optionally, you can enter the zone if you
      want to. 7. A low priority Connection document is added to the local Domino Directory




                                                                                                       26
    (NAMES.NSF). This Connection document and IP v6 are used during fut ure connection attempts
    initiated with File -- Application -- Open.

Connecting from a Notes client using IPv6 address -NRP C: Use this procedure to connect from the
Notes client to a server using an IP v6 address.
1. Choose File -- Application -- Open.
2. In the Server field, enter the IP v6 address. Optionally, you can enter a server name that resolves
    to an IP v6 address instead of entering the IP v6 address in the Server field.
A low-priority Connection document is added to your local Domino Directory (NAMES.NSF).

Adv anced Domino TCP/IP configurations
A single IBM(R) Lotus(R) Domino(TM) server can have multiple IP addresses if you use multiple NICs,
each offering an address, or if one NIC offers multiple addresses. Having multiple IP addresses allows
the server to listen for connections at more than one instance of the TCP port assigned to NRP C
(1352) or at TCP ports that are assigned to other services such as LDAP or HTTP. Both individual
Domino servers and partitioned Domino servers can have multiple NICs, each with its own IP address.

Multiple IP addresses and NI Cs on a Domino server:
Set up a Domino server wit h multiple IP addresses, each wit h its own NIC, if you want to:
 Split the client load for better performanc e
 Split client-to-server access from server-to-server communication
 Set up mail routing, replication, or cluster replication on an alternate path (privat e net work)
 Partition a Domino server so that more than one partition offers the same Int ernet s ervic e (SMTP,
POP3, IMAP, LDAP, or HTTP).
 Allow access to the Domino server via a TCP/IP firewall system over a different net work segment, a
configuration known as a demilitarized zone (DMZ)
 Use a Domino passthru server as an application proxy
 Provide network/server failover, used in mission -critical resource access
 Set up alternate window and/or maximum transmission unit (MTU) settings for satellite uplink and
downlink connections isolated from local access connections.

For a configuration with multiple IP addresses, you must bind each listening port to the appropriat e IP
address to ensure that each TCP service receives the network connections intended for it. For more
information, see the topics ″Binding an NRP C port to an IP address″ and ″Binding an Internet service
to an IP address″ later in this chapter. For more information on private net works for cluster replication,
see the book Administering Domino Clusters.

Note: A configuration with multiple NICs does not increase the number of Domino sessions you can
have on a server. In TCP/ IP, machine capacity depends on proc essors and memory.

Multiple IP addresses with one NIC:
Reas ons to use one NIC to serve multiple IP addresses include:
 Isolating local versus WAN Notes named networks so local users can see only local Domino servers
 Preventing independent remote access dialup connections (IS DN dialup router) from being arbit rarily
accessed
 When setting up redundant WAN pat h connections for server to server access
 When the use of a different TCP/IP port map is needed for firewall connections
 When offering HTTP services to a different group than NRP C connections
 As a service provider when offering Domino server access for either IBM Lotus Notes or Web clients
to different groups/companies.

For a configuration with multiple addresses and one NIC, you must configure the TCP/IP stack and
bind each listening port to an IP address.




                                                                                                         27
Partitioned servers and IP addresse s:
When you set up an IBM(R) Lotus(R) Domino(TM) partitioned server, it is usually best to assign a
separate IP address to each partition and use a separate NIC for eac h. Using a separate NIC for each
address can make the computer’s I/O much faster.

Lotus Domino is designed to listen for TCP/IP connections on all NICs in a computer system. If more
than one partition is hosting the same service (NRP C, SMTP, POP3, IMAP, LDAP, or HTTP ), fine -tune
which partitions listen for which connections by associating each service’s TCP port with a specific IP
address.

For more information on associating services with IP addresses, see the topics ″Binding an NRPC port
to an IP address″ and ″Binding an Internet service to an IP address″ later in this chapter.

As an alternative to using a separat e NIC for each IP address, you can us e a single NIC and still
assign a separate IP address to each partition.

For more information, see the topic ″Assigning separate IP addresses to partitions on a system with a
single NIC″ later in this chapter.

If you are unable to assign a separate IP address to each partition, you can use port mapping. For
more information on port mapping, see the topic ″Configuring a partitioned server for one IP address
and port mapping″ later in this chapt er.

Note: As an alternative to port mapping, you can use port address translation (PA T), in which a
firewall redirects the TCP port connection to a different TCP port. Both port mapping and PA T require
advanced skills to implement correctly.

Ensuring DNS resolve s in advanced TCP/IP configurations:
When you have IBM(R) Lotus(R) Domino(TM) servers with multiple IBM(R) Lotus (R) Not es(R) net work
ports for TCP/ IP, follow these proc edures to ensure server name -to-address resolution by DNS. This
topic covers the following configurations:

 Users in different DNS subdomains accessing one Domino server
 User-t o-server access and server-t o-server access via different DNS subdomains

For information on servers accessing a privat e LAN in a Domino cluster, see the book Administering
Domino Clusters.

Users in different DNS subdomains accessing one Domino server: If users are on two isolated
networks and the Domino server has a NIC for each network, use DNS to direct the users to the NIC
the server shares with them.

1. Assign an IP address to each NIC by creating A records (or, for IP v6, AAAA records) in DNS. Use
the ping command and the IP address to test the responsiveness of the NIC.

Note: If the Domino server is running Microsoft(R) Windows(R) and there is a route bet ween the two
networks, prevent the NetB IOS broadcasts from exiting from bot h adapters by using the Windows
Cont rol Panel to disable one instance of the WINS client. Use the Bindings tab of the Network dialog
box, select All Adapters, and select the name of the NIC for which you want to disable WINS.

2. Create two CNAME records in DNS for the Domino server, linking the server’s common name to
each NIC name in the A records. (Using CNAME records for the Domino server provides diagnostic
fidelity to test the network pathway independently of the server’s name resolve.)

3.   In the Server document’s Net Address field for each TCP/IP port, use the server’s common name
     only, not its FQDN.




                                                                                                        28
4.   On each Notes workstation, set the user’s DNS name lookup scope to the correct DNS
     subdomain.

Example: At the Acme company, some users connect to the Domino server Chicago/Sales/Acme over
an Ethernet network, others over a Token Ring network. Register the Domino server with DNS as
chicago.east.acme.com for the users on the Ethernet net work and as chicago.west.acme.com for
users on the Token Ring network.

1.   Create start of authority (SOA) table entries in DNS for the subdomain east.acme.com, as follows:

chi-ethernet                       A                                  10.20.20.2
chicago                            CNAME                              chi-ethernet

2.   Create SOA table entries in DNS for the subdomain west.acme.com, as follows:

chi-tokenring                      A                                  10.10.10.1
chicago                            CNAME                              chi-tokenring

3.   Change the name of the original Notes network port for TCP/ IP to TCPIP 1, and name the second
     port TCP IP2.
4.   Use the NOTES.INI file to bind TCP IP1 to the IP address for the Ethernet network and to bind
     TCPIP 2 to the IP address for the Token Ring net work.
5.   In the Server document’s Net Address field for each TCP/IP port, enter chicago.

6.   On the Ethernet users’ workstations, set the DNS name lookup scope to east.acme.com, and on
     the Token Ring users’ workstations, set it to west.acme.com.

User-to-server access and server-to-server access via different DNS subdomains: If users need to
access a Domino server over the LA N and other Domino servers need to access the same server over
the WAN, add a second NIC to the server. Then use DNS to direct the users to the NIC for the LA N
and to direct other servers to the NIC for the WAN.

1.   Assign an IP address to each NIC by creating an A record (or, for IP v6, AAAA record) in DNS.
     Use the ping command and the IP address to test the responsiveness of the NIC.

Note: If the Domino server is running Microsoft(R) Windows(R) and there is a route bet ween the two
networks, prevent the NetB IOS broadcasts from exiting from bot h adapters by using the Windows
Cont rol Panel to disable one instance of the WINS client. Use the Bindings tab of the Network dialog
box, select All Adapters, and select the name of the NIC for which you want to disable WINS.

2. Create two CNAME records in DNS for the Domino server, linking the server’s common name to
each NIC name in the A records. (Using CNAME records for the Domino server provides diagnostic
fidelity to test the network pathway independently of the server’s name resolve.)

3. Add a second Notes network port for TCP/IP in Domino. For more information, see the topic
″Adding a network port on a server″ later in this chapt er

4. Bind each TCP/ IP port to the IP address of the appropriate NIC. On the server console, verify that
both TCP/ IP ports are active and linked to the correct IP address. For more information on binding
ports to IP addresses, see the topic ″Binding an NRPC port to an IP address″ later in this chapter.
5. To direct the Domino server’s first outbound connection to the server-to-server net work, edit the
    PORT setting in the NOTES.INI file to read as follows:
PORT=serverportname, userportname

Where serverportname is the name of the Notes net work port for TCP/IP that other Domino servers
will use to connect to this server, and userportname is the name of the Notes network port for TCP/IP
that users will use to connect to this server.




                                                                                                        29
6. In the Server document’s Net Address field for the first TCP/IP port (the port that users will use),
enter the FQDN, using the server’s common name and the users’ DNS subdomain.

Note: Listing the port that users will use first is important, as the Not es Name Service cannot
distinguish which NIC a user is accessing and makes the connection based on the content of the Net
Address field for the first TCP/ IP port listed in the Server document.

7. In the Server doc ument’s Net Address field for the second TCP/IP port (the port that servers will
use), enter the FQDN, using the server’s common name and the servers’ DNS subdomain. An
initiating server uses its local Domino Directory to detect t he Not es named net work it has in common
with this server.

8. Set each user’s DNS name lookup scope to the correct DNS subdomain.

9. In each server’s TCP/ IP stack, set the DNS name look up scope to the correct DNS subdomain.

Example: At the Acme company, users connect to the Domino server BostonApp04/Sales/Acme over
the LAN, and other Domino servers access it privately over the WAN. You register the server with
DNS as bostonapp04.boston.acme.com for the LA N users and as bostonapp04.domino. acme.com for
the server-to-server network over the WAN.

1.   Create the following SOA table entries in DNS for the subdomain boston.acme.com, as follows:

usr-bostonapp04                     A                                    103.210.20.2
bostonapp04                         CNAME                                usr-bostonapp04

2.   Create the following SOA table entries in DNS for the subdomain domino.acme.com, as follows:

srv-bostonapp04                     A                                    103.210.41.1
bostonapp04                         CNAME                                srv-bostonapp04

3.   Change the name of the original Notes network port for TCP/ IP to TCPIP 1, and name the second
     port TCP IP2.
4.   Use the NOTES.INI file to bind TCP IP1 to the IP address for the user network, to bind TCP IP2 to
     the IP address for the server-to-server network, and to add the setting PORT= TCPIP 2, TCP IP1.
5.   In the Server document’s Net Address field for port TCP IP1, enter
     bostonapp04.boston.acme.com. For port TCPIP 2, enter bostonapp04.domino.acme.com.
6.   On each user’s workstation, set the DNS name lookup scope to boston.acme.com. In the TCP/IP
     stacks of the servers that need to connect to this server, set the name lookup scope to
     domino.acme.com.



Planning the NetBIOS network
The IBM(R) Lot us(R) Domino(TM) network is compatible with NetBIOS, a set of IBM session-layer
LAN services that has evolved into a standard int erface that applications use to access transport -layer
network protocols. Domino supports the NetBIOS int erface on Microsoft(R) Windows(R) systems over
the following transport prot ocols: TCP/IP (on systems running TCP/IP ) and NetBE UI (supplied wit h all
Microsoft network products).

Note: Although you can add some NetBIOS services to Linux(R) and UNIX(R) systems, NRPC
communication does not use them. For detailed system requirements for using NetBIOS with Lotus
Domino, see the Release Notes.

Deciding whether to use NetBIOS services
Including NetBIOS in the Domino net work has both benefits and risks. The benefits are as follows: v
NetBIOS has low overhead relative to other protocol suites. NetBIOS over NetBEUI has the least
overhead; and NetBIOS over TCP/IP has the most.
 Because it is not directly routable, NetBIOS over NetBEUI can provide a secure means to access
your server for administration within a flat network. To access the server over a routed IP network, you




                                                                                                          30
can create a data-link switching (DLS w) tunnel to limit the administration access with NetBIOS over
NetBEUI.
 Because NetBIOS name-to-address resolution services offer dynamic registration by name
broadcasts, you can use NetB IOS to build a mobile Domino network for temporary or emergency use.

The risks of using NetB IOS involve the security of the file system on Domino servers. Dependi ng on
the access permissions of the operating system and on the trans port protocol being used, NetBIOS
name and file services might allow users to see or access the server’s file system. When a server
provides NRP C services, mitigate this risk by disabling the NetBIOS name and file services
(SMB/CIFS) on the system so that the system’s name cannot be seen over the network. Other IBM(R)
Lotus(R) Notes(R) and Domino systems can still find the Domino server because Lotus Domino has its
own NetB IOS name service to propagate and register the Domino server’s NetBIOS name, but access
is secure becaus e it is controlled by the authentication and certification features in NRPC.

If the system on which you run Domino requires NetBIOS name or authentication services, m itigate
the security risk by isolating the NetBIOS services. Install an additional NIC on the system for NetB IOS
over a private administration network, and disable NetB IOS on the NIC that the Domino server uses.

How to tell if NetBIOS is active on a system
The following are indications that NetBIOS is active:
 On Windows systems, you can see or access another Windows system’s file system through the
Network Neighborhood (indicat es Server Message Block/NetBIOS).
 You can register with an NT domain (indicates Server Message Block/NetBIOS ).
 On Windows 2000 or XP systems, ″NetBIOS over IP″ is selected in the system’s TCP/IP protoc ol
settings.

Note: On Linux(R) and UNIX systems, the SAMBA server service (Windows file server) can offer
Server Message Block/NetB IOS or Common Internet File System/IP access, or both.

Server name-to-address resolution over NetBIOS
When an IBM(R) Lotus(R) Notes(R) workstation or IBM(R) Lot us(R) Domino(TM) server running
NetBIOS tries to connect to a Domino server, the initiating system offers the destination serve r’s
common name to the NetBIOS name service, which then broadcasts that name and its associated
network address over the NetBIOS network.

For background information on how the Notes Name Service works with name -res olver services such
as the NetBIOS name service, see the topic ″Resolving server names to network addresses in NRPC″
earlier in this chapter.

When you use the Notes Name Servic e with the NetBIOS name service, only a Not es or Domino
system using the same NetBIOS trans port protocol as the destination Domino server can see the
destination server’s NetBIOS name. If the Notes or Domino system has more than one NIC for which
the NetB IOS transport protocol is enabled, only the NetBIOS port wit h the same LA NA binding as that
of the destination server can see the destination server’s name.

Which physical address is registered for a Domino server depends on the transport protoc ol:

 For NetBIOS over NetBEUI, the NIC’s 32 -bit MAC address is used.
 For NetBIOS over TCP/ IP, the system’s IP address is us ed.

Ways to ensure succe ssful NetBIOS re solve s:
Because NetBIOS broadcasting has a limited range, you may need to creat e a Connection doc ument
that includes the physical address of the destination server. This process works as long as the net work
pathway can carry the given lower transport protocol. For NetB IOS over TCP/IP, you can also do one
of the following:
 Use a WINS server with a static entry.
 In the initiating system’s TCP/IP stack settings, enable NetBIOS name lookup by DNS. This works
even if you are not using any NRPC services; however, the destination server must be registered with
DNS.



                                                                                                      31
Note: NetBIOS name space is flat, even with TCP/IP. If the client is not within the same DNS domain
level, access by name may not be possible.

Naming Domino servers on NetBIOS :
NetBIOS names are limited to 15 characters. If the common name of the Domino server is longer than
15 characters, NetB IOS truncates the name.

CAUTION: The resolution of a Domino server name can be adversely affected if the server
name is the same as the NetBIOS name for a Microsoft(R) Windows(R) system.

To prevent this problem wit hout making it difficult to manage system files remotely, do the following:
v On Windows 2000, add a prefac e such as W2K- to the system name, using the Network
Identification tab on the System Properties dialog box. For more information on the NetBIOS name
service, see Micros oft’s resource kit documentation for the Windows 2000 operating systems.

Setting up Domino servers on the network
Before installing an IBM(R) Lotus(R) Domino(TM) server, make sure you have done the following:
 Installed one or more NICs on the system.
 Installed protocol soft ware if necessary.
 Installed all network drivers in the correct directories.
 Installed any net work software required for the prot ocols. For more information, see the vendor’s
documentation. After you install the server, you use the Domino Server Setup program to accept
network defaults or customize network settings. For more information, see the chapt er ″Installing and
Setting Up Domino Servers.″ After you run the setup program, you may need to complete one or more
of these tasks to finish setting up Lotus Domino on the network:
 Change the default names assigned to Notes named networks to make them consistent with actual
network topography.
Fine-tune network port setup by adding, enabling, renaming, reordering, disabling, or deleting ports
or by enabling net work encryption or compression on a port.
 Complete tasks specific to the TCP/IP, or NetBIOS, protocol. For information on connecting IBM(R)
Lotus(R) Notes(R) workstations to the network, see Lotus Notes Help.

Setting up Notes name d networks
The IBM(R) Lot us(R) Domino(TM) Server Setup program automatically places all servers that are in a
Domino domain and that run the same net work protoc ol in the same IBM(R) Lotus(R) Notes(R) named
network (NNN). In the Server document, the setup program assigns eac h NNN a default name in the
format portname net work.

After you complete the Server Set up program, rename the NNN for each net work port in the Server
document. It is useful if the name reflects both the loc ation of the network and its protocol. For
example, if your company has a TCP/IP network and has LANs in Boston and San Francisco, change
the name of the NNN in Boston to ″TCPIP Boston network,″ and change the name of the NNN in San
Francisco to ″TCPIP SF network.″

CAUTION: Domino assumes that all servers in a NNN have a continuous LAN or WAN
connection. If thi s i s not the case, serious delays in mail routing between servers can occur.
Be careful not to include servers with only dialup connections in an NNN.To change the name
of a Notes named network:

1.   From the Domino Administrator, select the server you just set up.
2.   Click the Configuration tab.
3.   Expand the S erver section in the view pane.
4.   Click Current Server Document.
5.   Click Edit Server, and then click the Ports - Notes Network Ports tab.
6.   In the Notes Network field for each port, enter a new name for the server’s Notes named network.
     The name can include spac e characters.
7.   Click Save and Close.




                                                                                                          32
Fine-tuning network port setup on a server
After you install and set up an IBM(R) Lotus(R) Domino(TM) server, review the list of network ports
that were enabled by the Server Setup program. Unless you customize network settings during setup,
Domino enables ports based on the current operating system configuration. To conserve system
resources, disable the ports for protocols that you don’t need.

For information on configuring a communication port for a dialup modem, see the chapter ″Setting Up
Server-to-S erver Connections.″

Disabling a network port on a server
E ven after you disable a port, it still appears in the list of available ports so that you can later enable it.
1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, click the server on
    which you want to disable a port.
2. Click the Configuration tab.
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Select the port you want to disable, and then deselect ″Port enabled.″
5. Click OK.
6. Click the Server - Status tab.
7. Do one of these so that the change takes effect:
 From the Domino Administrator’s Tools pane, choose Restart Port. (If you can’t see t he Tools pane,
make sure you are in the Server Tasks view. )
 From the Web Administrator’s Ports tool, choose Restart.
8. In the Server document, on the Ports - Notes Net work Ports tab, specify Disabled next to the
    name of the port you are dis abling.
9. Save the Server document.

Enabling a network port on a server
If the server port you want to enable will be the IBM(R) Lotus (R) Not es(R) workstation’s only means of
connecting with the server, do not use this procedure. Instead, use the Ports setting in the server’s
NOTES.INI file. For more information, see the appendix ″NOTES.INI File.″ For information on creating
a Connection document on a Notes workstation, see Lotus Notes Help.

To enable a network port:
1. From the IBM(R) Lotus(R) Domino(TM) Administrator o r Web Administrator, click the server on
     which you want to enable a port.
2. Click the Configuration tab.
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Select the port you want to enable, and then select ″Port enabled.″
5. Click TCP/ IP Options, LANx Options, or COMx Options, and specify information as appropriate. For
more information on TCP/IP and LA Nx options, see the topics ″Changing the TCP/ IP connection time-
out interval,″ ″Defining a NetBIOS LANA number for a Notes network port,″ and ″ Defining a server’s
NetWare name service in Lotus Domino″ later in this chapter. For more information on COM x options,
see the chapt er ″Setting Up Server-to-Server Connections.″
6. Click OK
7. Click the Server - Status tab.
8. Do one of these so that the change takes effect:
 From the Domino Administrator’s Tools pane, choose Restart Port. (If you can’t see the Tools pane,
make sure you are in the Server Tasks view. )
From the Web Administrator’s Ports tool, choose Restart.
9. In the Server document, click the Ports - Notes Network Ports tab, and edit these fields as
     necessary:

Field                        Action
Port                         Enter the port name. Lotus Domino assigns a default port name to each network
                             protocol detected on the system.
Notes Network                Enter the name of the Notes named network for the group of Domino servers that



                                                                                                              33
                           are in this location and run on a particular protocol -- for example, Boston TCPIP.
                           Space characters are allowed in a Notes network name.
Net Address                Enter the protocol-specific name of the server -- for example, sales.acme.com. The
                           name you use depends on the convention of the network protocol. This field is used
                           to determine the address that other servers use to access this server.
Disabled/Enabled           Choose Enabled so that other servers will know the port is enabled.

10. Save the Server document.
11. Make sure that this server is set up to replicate its Domino Directory to other servers, or enter the
preceding changes into the Server document on a server that is set up to do the replication, or other
servers will not know that they can connect to this server over the newly enabled port.

Adding a network port on a server
If the server port you want to add will be the IBM(R) Lotus(R) Notes(R) workstation’s only means of
connecting with the server, do not use this procedure. Instead, use the Ports setting in the server’s
NOTES.INI file. For more information, see the appendix ″NOTES.INI File.″ For information on creating
a Connection document on a Notes workstation, see Lotus Notes Help.

To add a network port:
1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, click the server on
    which you want to add a port.
2. Click the Configuration tab.
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Click New.
5. Specify the port name and driver, and click OK.
6. Click TCP/ IP Options, LANx Options, or COMx Options, and specify information as appropriate.
    For more information on TCP/IP and LA Nx options, see the topics ″Changing the TCP/IP
    connection time-out interval,″ ″Defining a NetBIOS LANA number for a Notes net work port,″ and
    ″Defining a server’s NetWare name servic e in Lotus Domino″ later in this chapter. For more
    information on COM x options, see the chapter ″Setting Up Server-to-Server Connections.″
7. Click OK.
8. Click the Server - Status tab.
9. Do one of these so that the change takes effect:
 From the Domino Administrator’s Tools pane, choose Restart Port. (If you can’t see the Tools pane,
make sure you are in the Server Tasks view. )
 From the Web Administrator’s Ports tool, choose Restart.
10. In the Server document, click the Ports - Notes Network Ports tab, and edit these fields as
    necessary:

Field                   Action
Port                    Enter the port name
Lotus Domino            assigns a default port name to each network protocol detected on the system.
Notes Network           Enter the name of the Notes named network for the group of Domino servers that are in
                        this location and run on a particular protocol -- for example, Boston TCPIP. Space
                        characters are allowed in a Notes network name.
Net Address             Enter the protocol-specific name of the server -- for example, sales.acme.com. The
                        name you use depends on the convention of the network protocol. This field is used to
                        determine the address that other servers use to access this server.
Disabled/Enabled        Choose Enabled so that other servers will know the port is enabled.

Save the Server document.
11. Make sure that this server is set up to replicate its Domino Directory to other servers , or enter the
    preceding changes to the Server document on a server that is set up to do the replic ation, or ot her
    servers will not know that they can connect to this server over the newly enabled port.
12. If you are adding an additional TCP/ IP port on a computer wit h multiple NICs, see these topics:
 Binding an NRPC port to an IP address
 Binding an Internet service to an IP address.
13. If you are adding an additional NetB IOS port on a computer with multiple NICs, see the topic
    Creating additional network ports for NetBIOS.



                                                                                                            34
Renaming a network port on a server
You might want to rename a port to reflect its function. For ex ample, suppose you add a second
TCP/IP port named SRV -TCP so that clustered servers can communicate over a private network.
Then you might want to might want to rename the original TCP/IP port through which users will
communicate with the server US R-TCP.

1.  From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, click the server on
    which you want to rename a port.
2. Click the Configuration tab.
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Select the port you want to rename.
5. Click Rename, and then enter the new name. Do not use spaces in the port name.
6. Click OK.
7. Click the Server - Status tab.
8. Do one of these so that the change takes effect:
 From the Domino Administrator’s Tools pane, choose Restart Port. (If you can’t see the Tools pane,
make sure you are in the Server Tasks view. )
 From the Web Administrator’s Ports tool, choose Restart.
9. In the server document, on the Ports - Notes Net work Ports tab, change the name of the port to
    the new name and save the doc ument.
10. If this server is the source server for any Con nection documents in the Domino Directory, click
    Server - Connections.
11. Select a Connection document and click Edit Connection.
12. On the Basics tab, enter the new port name in the ″Use the port(s)″ field.
13. Save and close the Connection document.
14. Repeat steps 10 to 13 for each Connection document for which this server is the sourc e.

Reordering network ports on a server
Changing the order in which ports are listed in the Setup Ports dialog box also changes the Ports
setting in the NOTES. INI file. List the ports in the order in which you want them to be used -- for
example, list nearest or fastest connections first. Then when a server us es a Notes named network or
a Connection document to locate another server, the port with a close or fast connection will be used
as the preferred path. If the IBM(R) Lot us(R) Domino(TM) server has multiple TCP/IP ports, see the
topic ″Reordering multiple server ports for TCP/IP″ later in this chapter.

To reorder network ports:
1. From the Domino Administrator or Web Administrator, click the server on which you want to
    reorder ports.
2. Click the Configuration tab.
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Select the port that you want to relocate in the list.
5. Click the up and down arrows, as necessary to relocate the port.
6. Click OK.
7. Click the Server - Status tab.
8. Do one of these so that the change takes effect:
 From the Domino Administrator’s Tools pane, choose Restart Port. (If you can’t see the Tools pane,
make sure you are in the Server Tasks view. )
 From the Web Administrator’s Ports tool, choose Restart.
9. In the Server document, on the Ports - Notes Net work Ports tab, change the port order to the new
    order by cutting and pasting all the nec essary fields.
10. Save the Server document.

Note: When you create a Connection doc ument on a server, the Connection document takes the port
order from the order in the Setup Ports dialog box. Then, whenever the server connects with the
destination server, the server obtains the port order directly from the Connection document. If you
change the port order aft er you create Connection documents, you must save each Connection


                                                                                                   35
document again. To have different Connection documents reflect different port orders, change the port
order, save a Connection document, change the port order again, save another Con nection document,
and so on.

Encrypting NRPC communication on a server port
You can enc rypt network data on a server’s Notes network ports to prevent the network
eavesdropping that’s possible with a network protocol analyzer. Net work encryption occurs at the
application layer of a given protocol and is independent of other forms of encryption. Network data is
encrypted only while it is in transit. After the data is received and stored, network encryption is no
longer in effect. Network dat a encryption occurs if you enable network data encryption on either side of
a network connection. For example, if you enable encryption on a server’s IBM(R) Lot us(R) Notes(R)
network port for TCP/IP, you don’t need to enable enc ryption on the TCP/ IP ports of workstations or
servers that connect to the server.

If you want the server to have one TCP/ IP port for Not es traffic over the Internet and another TCP/IP
port for internal traffic over NRPC, you can encrypt the port for Internet traffic and leave the port for
internal traffic unenc rypted. Be aware that multiple high-speed encrypted connections to a server can
affect server performance adversely. Encrypting network data has little effect on client performance.
For protocols other than NRPC, you use SSL for encryption. For more information, see the chapter
″Setting Up SSL on a Domino Server.″

To encrypt NRP C communication:
1. From the IBM(R) Lotus(R) Domino(TM) Administrator or Web Administrator, choose the server for
    which you want to encrypt network dat a.
2. Click the Configuration tab.
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Select the port you want to enc rypt.
5. Select ″Encrypt network data.″
6. Click OK.
7. Click the Server - Status tab.
8. Do one of these so that the change takes effect:
 From the Domino Administrator’s Tools pane, choose Restart Port. (If you can’t see the Tools pane,
make sure you are in the Server Tasks view. )
 From the Web Administrator’s Ports tool, choose Restart.

Compressing network data on a server port
To reduce the amount of data transmitted bet ween an IBM(R) Lotus(R) Notes(R) workstation and
IBM(R) Lotus(R) Domino(TM) server or between two Domino servers, enable network compression for
each enabled network port. Whether you should enable compression on a network port depends on
the type of network connection and the type of dat a being transmitted.

For compression to work, enable it on both sides of a net work connection. To enable compression for
a network port on a server, use the Server tab in the Domino Administrator. To enable compression on
network ports on Notes workstations, from the Domino Administrator, use a setup or desktop policy
settings document or from a workstation, use the User Preferenc es dialog box.

For information on policy settings, see the chapter ″Using Policies.″

WAN connections: Enabling network compression on X.PC ports can significantly reduce the time it
takes to send and receive data over a remote connection bet ween a Notes workstation and a Domino
server or bet ween two Domino servers.

You benefit from using network compression only if the data being transmitted is not already
compressed. In the case of a network dialup service such as Microsoft’s Remot e Access Service
(RAS) which includes built-in compression, enabling compression on Notes network ports does not
provide any additional benefit. The same is true of tasks involving data that was compressed using the
Lempel-Ziv algorithm (LZ1 compression) -- such as replicating a mail file with a large number of
compressed attachments.


                                                                                                        36
LAN connections:
While compression decreases bandwidth use on a LA N, you must weigh this gain against increased
memory and processor use, since network compression works by buffering dat a before compressing
it. The cost of compression might be wort h it only for a heavily loaded network.

To compre ss data on a server port:
1. From the Domino Administrator or Web Administrator, click the server for which you want to turn
    on net work compression.
2. Click the Configuration tab.
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Select the port for which you want to turn on compression.

Note: Make sure ″Port enabled″ is selected for that port.

5. Select ″Compress network data.″
6. Click OK.
7. Click the Server - Status tab.
8. Do one of these so that the change takes effect:
 From the Domino Administrator’s Tools pane, choose Restart Port. (If you c an’t see the Tools pane,
make sure you are in the Server Tasks view. )
 From the Web Administrator’s Ports tool, choose Restart.

Server setup tasks specific to TCP/IP
After you run the IBM(R) Lotus(R) Domino(TM) Server Setup program, complete these proc edures:
1. Set up a secondary name server for IBM(R) Lotus(R) Notes(R) clients.
2. Change the server’s connection-time-out interval.
3. For servers that provide services to Internet clients, enable Domino support for IP v6.
4. For configurations involving multiple NICs on a server or partitioned server:
 Reorder multiple Not es network ports for TCP/IP.
 Bind an NRP C port to an IP address.
 Bind an Internet service to an IP address.
5. For a partitioned server with a single NIC for the entire computer, assign an IP address to each
    server partition
6. Change a default TCP or SSL port number.
7. Confirm that TCP/IP is configured properly.

Setting up a secondary name server
To ensure that the Notes Name Service is always available to IBM(R) Lotus(R) Notes(R) works tations,
assign a secondary name server in users’ Location documents. You can specify a different secondary
name server for each LA N location defined. The secondary name server is used when:
 The user’s home server is down.
The user’s home server is not running TCP/IP.
 The name of the user’s home server cannot be resolved over TCP/IP.
For examples of situations in which the name of a home server cannot be resolved, see the topic
″Ensuring DNS resolves in advanced TCP/IP configurations″ earlier in this chapt er.

Note: You can use setup or desktop policy settings to assign secondary name servers to groups of
users. For more information, see the chapter ″Using Policies.″

To set up a secondary name server:
1. On the Notes workstation, choose File - Mobile - Locations, and open the location for which you
    want to designat e a secondary name server.
2. Click ″Edit Location.″
3. Click the Advanced - Secondary Servers tab. (The Advanced tab appears only if you have a
    location defined as ″Local Area Net work″ or ″Both Dialup and Local Area Network.″)
4. In the ″Secondary TCP/IP Notes server name″ field, enter one of the following:
 The common name of the IBM(R) Lotus (R) Domino(TM) server -- for example, Notesserver1



                                                                                                      37
 The hierarchical name of the Domino server -- for example, Notesserver1/Acme

5. In the ″Secondary TCP/IP host name or address″ field, enter one of the following:
 IP address -- for example, 197.114.33.22
 The fully qualified domain name -- for example, not esserver1.acme.com
 The simple host name -- for example, notesserver1 If you specify only the host name in this field, the
workstation must use the Domain Name System (DNS) or local hosts file to locate the secondary
name server. When you specify the IP address in this field, Lotus Domino resolves the host’s IP
address without having to perform a DNS or hosts file lookup.
6. Click ″Save and Clos e.″

Changing the TCP/IP connection-time -out interval
You might want to increase the number of seconds that IBM(R) Lotus(R) Domino(TM) waits before
terminating a connection attempt. For example, increasing the time-out interval is often nec essary on a
server that dials up other Domino servers. The default time-out interval is 5 seconds.

1.  From the Domino Administrator or Web Administrator, click the server for which you want to
    change the time-out interval.
2. Click the Configuration tab.
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Select the TCP/IP port.
5. Click ″TCP IP Options,″ and enter a number.

Note: Unless the connection is over a dial-on-demand IS DN modem, remote bridge, or router, it is
best to enter a number no greater than 10, as the IBM(R) Lotus(R) Notes(R) client or Domino server
won’t retry the connection until the timer has expired.

6. Click OK.

Enabling support for IPv6 on a Domino server
You can enable support for IP v6 on an IBM(R) Lotus(R) Domino(TM) server that runs the IMAP,
POP3, SMTP, LDAP, or HTTP service.

To enable IP v6, add this NOTES.INI setting to the server’s NOTES.INI file:
TCP_EnableIPV6=1

Reordering multiple server ports for TCP/IP
If an IBM(R) Lot us(R) Domino(TM) server has multiple IBM(R) Lotus(R) Notes(R) network ports for
TCP/IP, the order in which these ports are listed in the NOTES. INI file and the Server doc ument
affects how other servers and workstations connect to this server. The Ports setting in the NOTES.INI
file determines which port a workstation or server tries first. In the absence of other settings that bind
an NRPC, POP3, IMAP, SMTP, or LDAP service to an IP address, all of these services will try to use
the port listed first in the NOTES. INI file.

Server-to-server communication:
If you add a second Notes network port for TCP/IP in order to isolate s erver-to-server communication -
- for example, a private network for cluster replication -- list this port first in the NOTES.INI file so that
server-to-server traffic will tend to occur over this connection, thus decreasing the data flow on the port
for the user network. To change the port order in the NOTES. INI file, use the Port Setup dialog box.

For more information, see the topic ″Reordering network ports on a server″ earlier in this chapter.

Note: If you are setting up a private cluster net work and do not list the server port first, you must add
the setting Server_Cluster_Default_P ort to the N OTES.INI file. The disadvantage of adding this setting
is that if the server encount ers a problem connecting over this port, it will not try another port, and
replication will not occur.




                                                                                                           38
Workstation-to-server communication:
If a Domino server has a port for workstations to connect on -- for example, over a LAN -- and another
port for servers to connect on -- for ex ample, over a WAN -- list the workstation port first in the Server
document so that users see only servers on the LA N when they choose File - Application - Open.

To reorder the ports in the Server document, click the Ports - Notes Net work Ports tab, and edit the
fields in the table.

Binding an NRPC port to an IP address
By default, all TCP/IP-based servic es on an IBM(R) Lotus(R) Domino(TM) server listen for net work
connections on all NICs and on all configured IP addresses on the server. If you have enabled more
than one Notes network port for TCP/ IP (TCP port for NRP C) on either a single Domino server or a
Domino partitioned server, you must associate the NRPC ports and IP addresses by binding each port
to an address.

For background information on Domino server setups wit h multiple IP addresses, see the topic
″Advanced Domino TCP/ IP configurations″ earlier in this chapter.

To bind an NRPC port to an IP address:
When setting the NOTES.INI variables for port mapping, do not include a zone in a port mapped
address. The zone is only valid locally.

1.  For each IP address, make sure you have added a Notes port for TCP/IP. Also make sure that
    each port has a unique name.
For information on adding a Notes port, see the topic ″Adding a network port on a server″ earlier in this
chapter.
2. In the NOTES.INI file, confirm that these lines appear for each port that you added:
Ports=TCPIPportname
TCPIPportname=TCP, 0, 15, 0

Where TCPIPportname is the port name you defined.

3.   For each port that you want to bind to an IP address, add this line to the NOTES. INI file:
     TCPIPportname_TCPIPAddress=0,Ipaddress
Where IPaddress is the IP address of the specific NIC.

For example:
TCPIP_TCPIPAddress=0,130.123.45.1

Note: For IP v6, enclose the address in square brackets, as it contains colons. For example:

TCPIP_TCPIPAddress=0,[fe80::290:27ff:fe43:16ac]

4.   (Optional) To help you later remember the function of each port, add the default TCP port number
     for NRPC to the end of the line you ent ered in Step 3, as follows:
:1352

CAUTION: Do not change the assigned TCP port number unless you have a way to redirect the
inbound connection with Domino port mapping or a firewall that has port addr e ss translation
(PAT).

In a situation where you must change the default NRPC port number, see the topic ″Changing a TCP
or SSL port number″ later in this chapter.

Binding an Internet service to an IP address
If the IBM(R) Lotus(R) Domino(TM) server has multiple Notes network ports for TCP/IP (NRPC ports)
and the server is also hosting the SMTP, POP3, IMAP, LDAP, or Internet Cluster Manager (ICM)
service, you must specify the NRP C port that you want the service to use in the NOTES.INI file. If you
do not specify an NRPC port for an Internet service, by default the service will use the port listed first
in the Ports setting in the NOTES.INI file. You can specify the same NRP C port for multiple Internet




                                                                                                         39
services. For the Domino Web server (HTTP service), you use the Server doc ument to bind HTTP to a
host name IP address.

To bind the SMTP, POP3, IMAP, LDAP, or ICM service:
1. Bind each NRP C port to an IP address.
2. In the NOTES.INI file, specify the appropriate NRPC port for each Internet service as follows:

Note:
If you don’t know the port name to enter for an NRPC port, open the Server document, click the Ports -
Notes Network Ports tab, and look at the ports associated with the TCP prot ocol.

Service                     Action
POP3                        Enter POP3NotesPort=port namewhere port name is the name of the NRPC port
                            that you want to link the service to.
IMAP                        Enter IMAPNotesPort=port namewhere port name is the name of the NRPC port
                            that you want to link the service to.
SMTP                        Enter SMTPNotesPort=port namewhere port name is the name of the NRPC port
                            that you want to link the service to.
LDAP                        Enter LDAPNotesPort=port namewhere port name is the name of the NRPC port
                            that you want to link the service to.
ICM                         Enter ICMNotesPort=port namewhere port name is the name of the NRPC port
                            that you want to link the service to

Example:
The following example shows the lines (in bold) to add to the Ports section of the NOTES.INI file to
bind two NRPC ports to their IP addresses and to specify the second NRPC port for the SMTP
service. Ports=TCPIP, TCP1P2 TCPIP=TCP, 0, 15, 0
TCPIP_TCPIPAddress=0,10.33.52.1
TCPIP2=TCP, 0, 15, 0
TCPIP2_TCPIPAddress=0, 209.98.76.10
SMTPNotesPort=TCPIP2

Note: Domino adds the lines that are not bold when you use either the Domino Server Setup program
or the Domino Administrator’s Setup Ports dialog box to enable a port.

To bind the HTTP service:
1. On the Internet Prot ocols - HTTP tab of the Server document, enter one or more IP addresses or
    FQDNs for the server in the ″Host name(s )″ field.
2. Select Enabled in the ″Bind to host name″ field.

Note: If the server is a partitioned server and has Web sites configured with separate IP addresses, or
has virtual servers (Domino 5) configured for one or more partitions, enter the partition’s IP address,
and each Web site or virtual server’s IP address in the ″Host name(s)″ field, separated by semicolons.
Alternatively, you can use FQDNs in this field. Do not list additional Web sites and virt ual hosts that
have IP addresses that are already listed in this field.

Example 1 -- Server partition with Web sites:
The partition’s host name is app01 and there are two Web sites configured for it: sales.acme.com and
accounting.acme.com. The Web site sales.acme.com uses the same IP address as the partition, and
the Web site accounting.acme.com has its own IP address. Enter t he following in the ″Host name(s )″
field: 9.88.43.113;9.88.46.110 where 9.88. 43.113 is the IP address for both the partition and the Web
site sales.acme.com and 9.88. 46.110 is the IP address for the Web site accounting. acme.com
Example 2 -- Server partition with virtual servers:
The partition’s host name is app01 and there are two virtual servers (9.88.46.114 and 9.88. 46.115)
and one virtual host configured for it. Enter the following in the ″Host name(s)″ field:
9.88.43.113;9.88.46.114;9.88.46.115 where 9.88.43.113 is the IP address for both the partition and the
virtual host sales.acme.com, 9.88.46.114 is the IP address for virtual server 1 (accounting.acme.com),
and 9. 88.46. 115 is the IP address for virtual server 2 (nort heastsales.acme.com). For information on
Web sites and Internet Site documents, see the chapter ″ Installing and Setting Up Domino Servers.″




                                                                                                       40
Assigning separate IP addresses to partitions on a syste m with a single NIC
If you use a single NIC with multiple IP addresses, you must complete additional configuration
instructions, which are based on your operating system, for each server partition.

Note: Using separat e IP addresses with a single NIC can have a negative impact on the computer’s
I/O performance. For background information on partitioned servers and the TCP/IP net work, see the
topic ″Partitioned servers and IP addresses″ earlier in this chapter.

IBM AIX or Linux: You must be logged on as root.

To enable an IP address in IBM AIX:
1. Add one entry in the loc al host names file /etc/hosts for each server partition. The entry for the
    partition that uses the computer host name should already exist.
2. To enable an IP address, enter this command under the heading ″Part 2 -Traditional
    Configuration″ in the startup file (etc/rc.net). Do not enter this command for the partition that uses
    the computer host name. /usr/sbin/ifconfig interface alias server_name where interface is the name of
    the network interface, and server_name is the name of the partitioned server -- for example:
     /usr/sbin/ifconfig en0 alias server2
3.   Restart the system if necessary, and test the configuration. From another computer, use the ping
     command with the server names. To show the net work status, use the netstat command.

To disable an IP address in IBM AIX or Linux:
Do not remove the IP address of a server partition that uses the computer host name as its server
name.

1.   Enter this command at the console: /usr/sbin/ifconfig interface delete server_name where interface is
     the name of the net work interface, and server_name is the name of the partitioned server.
2.   Remove the partition’s name entry from the local host names /etc/hosts file.
3.   Remove the corresponding ifconfig command from the system startup /etc/rc.net file.

Sun Solaris: This procedure is for Sun Solaris 2.6. You must have superuser privileges to configure
the NIC.

To enable an IP address in Sun Solaris:
1. Add one entry in the loc al host names /etc/hosts file for each server partition. The entry for the
    partition that uses the computer host name should already exist.
2. For each partition, create a file named: /etc/hostname.device:n where device is the device name of
    the NIC, and n is a number that increments for each file name. The /etc/hostname.hme0 file
    should already exist and contain the computer host name. For example, if /etc/hostname.hme0
    contains the name Server1, create: /etc/hostname.hme0:1 which contains the name Server2. and
    /etc/hostname.hme0:2 which contains the name Server3.
3. Create the alias for each IP address that goes to the NIC which is hme0. At the console, enter:
/sbin/ifconfig hme0 plumb
/sbin/ifconfig hme0:
n IP_address

where n is the number you created in Step 2 for each file name, and IP_address is the address
assigned to the corresponding server in Step 1.

For example:
/sbin/ifconfig hme0 plumb
/sbin/ifconfig hme0:1 111.123.11.96
/sbin/ifconfig hme0:2 111.123.11.22

4.   To verify the IP addresses that you configured, ent er:
/sbin/ifconfig -a 5.

To enable each IP address that you configured in Step 3, enter:
/sbin/ifconfig hme0:n up

where n is the number assigned to the file that contains the server name.



                                                                                                             41
For example:
/sbin/ifconfig hme0:1 up
/sbin/ifconfig hme0:2 up

To disable an IP address, enter:
/sbin/ifconfig hme0:n down 6.

To configure the NIC to support multiple IP addresses at system startup, add this ifconfig command to
the startup file (probably /etc/rc2.d/S30sysident ):
/sbin/ifconfig hme0 plumb
/sbin/ifconfig hme0:n IP_address
/sbin/ifconfig hme0:n up where n
corresponds to the number you created in Step 2 for each file name, and IP_address is the address
assigned to the corresponding server in Step 1. 7. Test the configuration. From another computer, use
the ping command with the server names. To show the network status, use the netstat command.

To disable an IP address in Sun Solaris:
Do not remove the IP address of the server partition that uses the computer host name as its server
name. 1. To disable the IP address, type:
/sbin/ifconfig hme0:n down

where n is the number assigned to the file that contains the server name.
For example:
/sbin/ifconfig hme0:1 down

2. Remove the corresponding /etc/hostname. hme0:n file. For example, to remove Server2, remove the
/etc/hostname.hme0:1 file, which cont ains the name Server2.

3. Remove the partition’s server name entry from the loc al host names /etc/hosts file.

Windows:
To configure a single NIC for multiple IP addresses on Microsoft(R) Windows(R) systems, do the
following:
 For Windows 2000, use the Network and Dial-up Connections icon on the Control Panel, and then
the Local Area Connection icon. Click the Properties button. For more information, see the Windows
2000 documentation.

Configuring a partitioned server for one IP address and port mapping
To configure server partitions to share the same IP address and the same NIC, you use port mapping .
With port mapping, you assign a unique TCP port number to each server partition and designate one
partition to perform port mapping. The port-mapping partition listens on port 1352 and redirects IBM(R)
Lotus(R) Notes(R) and IBM(R) Lotus(R) Domino(TM) connection requests to the other partitions. If the
port-mapping partition fails, existing sessions on the other partitions remain connected. In most cases,
Notes clients will not be able to open new sessions on any of the partitions. However, because eac h
Notes client maintains information in memory about recent connections, including those redirected by
the port-mapping partition, a client may be able to connect to a partition even when the port -mapping
partition is not running. A client or remote server that has a Connection document containing both the
IP address and the assigned port can always access the port -mapping partition. Because the port-
mapping partition requires extra system resources, consider dedicating the partition to this task only.
To do this, remove all other server tasks, such as mail routing and replication, from the partition’s
NOTES.INI file. Port mapping works for NRP C communication only. However, you can us e the Server
document in the Domino Directory to configure IMAP, LDAP, and POP 3 servic es and Domino Web
servers to use unique ports for communication. When you do, you must make the port number
available to users when they try to connect to the servers.

Note: Because Internet protocols carry a large amount of data, you may encounte r I/O bottlenecks if
you use a single NIC wit h too many server partitions. Consider adding additional NICs and isolating
the data by protocol.




                                                                                                      42
To configure for one IP address and port mapping:
When you set up port mapping, the port-mapping partition automatically routes NRP C communication
requests to the other server partitions.
Note: When setting the NOTES.INI variables for port mapping, do not include a zone in a port mapped
address. The zone is only valid locally. 1. Decide whic h server partition wi ll perform port mapping.

2. Choos e a unique TCP/IP port number for each server partition on the computer. The port -mapping
partition uses the assigned port, 1352. It is best to use port numbers 13520, 13521, 13522, 13523, or
13524 for the additional server partitions.

3. In the NOTES.INI file of the port -mapping partition, include one line for the port-mapping partition
and one line for each of the other partitions. For the port-mapping partition, enter:
TCPIP_TcpIpAddress=0,IPAddress:1352 where TCPIP is the port name, and IPAddress is the IP address
of the port -mapping partition. For each of the other partitions, enter:
TCPIP_PortMappingNN=CN=server_name/O=org,IPaddress:TCP/IP port number where TCPIP is the port
name, NN is a number between 00 and 04 assigned in ascending sequence, server_name is the
server name of the partition, org is the organiz ation name, IPAddress is the shared IP address, and
TCP/IP port number is the unique port number you chose for the partition.

Note: You must assign the numbers for NN in ascending order beginning with 00 and ending with a
maximum of 04. If there is a break in the sequenc e, Domino ignores the subsequent entries.

4. In the NOTES. INI file of each of the ot her partitions, include this line:
TCPIP_TcpIpAddress=0, IPAddress:IPport_numb er where TCPIP is the port name, IPAddress is the
shared IP address, and IPport_number is the unique port number you chose for the partitioned server.

5.   In the Net Address field on the Ports - Notes Network Ports tab in the Server document for each
     partition, enter the fully qualified domain name -- for example, sales.acme.com -- or enter the
     common server name -- for example, Sales.

6.   Create an IP address entry for the port-mapping partition in the DNS, NIS, or the local hosts file.

7.   Include each partition name as a separate CNAME entry in the DNS, NIS, or the local hosts file.

8.   If you also plan to set up the partitions for IMAP, LDAP, and POP 3 services and Web server
     communication, assign to each protocol a unique port number in t he ″ TCP/ IP port number″ field on
     the appropriate subtabs (Web, Directory, and Mail) on the Ports - Int ernet Ports tab of the Server
     document.

Note: You must make these port numbers available to us ers when they try to connect to these
servers. For example, if you assign port 12080 to the Web server acme.com, users must include
acme.com:12080 in the URL in order to connect to the server, unless they have a means to redirect
the connection to this port assignment.

Example: This example shows the lines you add to the NOTES. INI files of the server partitions to set
up port mapping for six partitions.

Partition 1 (the port-mapping partition):
TCPIP_TcpIpAddress=0,192.94.222.169:1352
TCPIP_PortMapping00=CN=Server2/O=Org2,192.94.222.169:13520
TCPIP_PortMapping01=CN=Server3/O=Org3,192.94.222.169:13521
TCPIP_PortMapping02=CN=Server4/O=Org4,192.94.222.169:13522
TCPIP_PortMapping03=CN=Server5/O=Org5,192.94.222.169:13523
TCPIP_PortMapping04=CN=Server6/O=Org6,192.94.222.169:13524

Partition   2: TCPIP_TcpIpAddress=0,192.94.222.169:13520
Partition   3: TCPIP_TcpIpAddress=0,192.94.222.169:13521
Partition   4: TCPIP_TcpIpAddress=0,192.94.222.169:13522
Partition   5: TCPIP_TcpIpAddress=0,192.94.222.169:13523
Partition   6: TCPIP_TcpIpAddress=0,192.94.222.169:13524




                                                                                                           43
Changing a TCP or SSL port number
The following sections describe the TCP ports that IBM(R) Lotus(R) Domino(TM) services use and
provide guidelines should you ever need to change these ports.

Default port for NRP C:
By default, all NRP C connections use TCP port 13 52. Because the Internet Assigned Number
Authority (IA NA) assigned Lotus Domino this port number, non -Domino applications do not usually
compete for this port. Do not change the default NRPC port unless:

 You can use a NA T or PA T firewall system to redirect a remote system’s connection attempt.
 You are using Domino port mapping.
 You create a Connection document that contains the reassigned port number. To change the default
NRP C port number, use the NOTES. INI setting TCPIPportname_TCPIPAddress and enter a value
available on the system that runs the Domino server. TCP ports with numbers less than 5000 are
reserved for application vendors. You may use any number from 1024 through 5000, as long as you
don’t install a new application that requires that number.

Note: When setting the NOTES.INI variables for port mapping, do not include a zone in a port mapped
address. The zone is only valid locally.

Default ports for Internet services:
You may occasionally need to change the number of the TCP or SSL po rt assigned to an Internet
service. Lotus Domino uses these default ports for Int ernet services:

Service                           Default TCP port                  Default SSL port
 80 443 63148 63149
POP3                              110                               995
IMAP                              143                               993
LDAP                              389                               636
SMTP inbound                      25                                465
SMTP outbound                     25                                465
HTTP                              80                                443
IIOP                              63148                             63149
Server Controller                 N/A                               2050


Server setup tasks specific to NetBIOS
After you run the IBM(R) Lotus(R) Domino(TM) Server Setup program, complete these procedures:
1. Use the Domino Administrator to define a NetBIOS LA NA number for the NetBIOS port.
2. If you want the server to connect to different segments of a NetBIOS network, create one or more
    additional Notes net work ports for NetB IOS.

Defining a NetBIOS LAN A number for a Notes network port
To run NetB IOS on a server, after you complete the Server Setup program, you must determine the
NetBIOS LANA number to which the Notes network port will be bound. The NetB IOS LA NA number is
a logical number that represents a NetB IOS transport protoc ol stack on a NIC. You must know which
transport protocol IBM(R) Lotus (R) Notes (R) workstations and other IBM(R) Lotus(R) Domino(TM)
servers are using for NetB IOS within your workgroup or company.

If the comput er running the Domino server has more than one NIC running the same protocol stack,
you must define a different NetBIOS LANA number for each Notes network port for NetBIOS.

NetBIOS systems using the same transport protocol should be in the same Notes named network. If
you create Connection documents on the server, the LA N port you select must al so be for the same
transport protocol.

To define a LANA number in Lotus Domino:
1. From the Domino Administrator or Web Administrator, click the server for which you want to define
    a LANA number.
2. Click the Configuration tab.



                                                                                                     44
3. Do one of these:
 From the Domino Administrator’s Tools pane, choose Server - Setup Ports.
 From the Web Administrator’s Port tool, choose Setup.
4. Select the Portname port, where Portname is the name of the NetB IOS port for which you are
    defining a LA NA number.
5. Click ″Portname Options,″ and choose Manual.
6. Enter the correct LANA number.
7. Click OK.

To find the LANA number for a NetBIOS protocol on a Windows XP or 2000 system:
A Microsoft(R) Windows(R) XP or 2000 system does not have a direct means to see the LA NA
associations. For Windows XP or 2000 systems you can either review the system’s registry bindings
or use a Microsoft tool called LANA CFG to see and change the LA NA number assignments.

The following is an example of the tool’s output from a Windows 2000 server.
lanacfg [options]
showlanapaths - Show bind paths and component descriptions for each exported lana
setlananumber - Change the lana number of a bind path
rewritelanainfo - Verify and write out lana info to the registry

showlanadiag - Show lana diagnostic info

From the DOS prompt, enter
C:\>lanacfg showlanapaths

You see the following:
Lana: 4
-->NetBEUI Protocol-->3Com EtherLink III ISA (3C509/3C509b) in Legacy mode

Lana: 7
-->NetBEUI Protocol-->WAN Miniport (NetBEUI, Dial Out)

Lana: 3
-->NWLink NetBIOS
Lana: 0

-->WINS Client(TCP/IP) Protocol-->Internet Protocol TCP/IP)-->3Com EtherLink III ISA (3C509/3C509b) in
Legacy mode

Creating additional network ports for NetBIOS
After you run the IBM(R) Lotus(R) Domino(TM) Server Setup program, you can create network
segments for multiple NetBIOS interfaces on the same computer by adding a IBM(R) Lotus (R)
Notes(R) s net work port for NetBIOS for each additional NIC.

In addition to adding each port for NetBIOS, do the following:
 Associate each Notes net work port for NetBIOS with a specific NetBIOS interfac e by defining a
LANA identifier for each port.
 Make sure that all Domino servers that will access each other have an interface that uses a common
transport protocol. It is best if they are also in the same IBM Lotus Notes named net work.
 Make sure that the network segments to which the server system’s NICs are attached do not have a
pathway in common. The NetBIOS name service (NetBIOS over IP ) can fail if it detects the same
system name or Domino name echoing back between the pathways. If you are using both the
NetBIOS name service and DNS or a hosts file for name res olution, make sure that the server name in
DNS or the hosts file is different from the system name.




                                                                                                         45
Chapter 3. Installing and Setting Up Domino Servers
This chapter describes how to plan a hierarchical name tree and how to install, set up, and register
IBM(R) Lotus(R) Domino(TM) servers.

Installing and setting up Domino servers
Before you install and set up the first IBM(R) Lotus (R) Domino(TM) server, you must plan server and
organizational naming and security. In addition, you must understand your existing net work
configuration and know how Domino will fit into the net work. If you are adding an additional server to
an existing Domino infrastructure, you must have already registered the server and its server ID and
password must be available.

Note: If you plan to run multiple language versions of Domino with Web browsers, install the
International English version of the Domino server as the base Domino installation. Next, install other
language packs. Installing the Domino server in English first prevents error messages from displaying
in other languages, even when you have selected English as the language preferenc e in your Browser
options. For information on system requirements, see the Release Notes.

Domino server evaluation software license
You also have the option of installing an evaluation copy of the Domino server instead of the
traditional production copy. The evaluation copy can be us ed for a limited number of days. For more
information about installing and using the Domino server evaluation software, see the topic Using the
Domino server with a trial evaluation license.

To install and set up a server
Installing a Domino server -- that is, copying the server program files onto the designated mac hine -- is
the first part of deploying a server. The second part is using the Domino Server Setup program to
configure the server.

Note: Do not unpack installation kit files to the same directory to which you install the installation files
from the CD. Specify a unique directory path for each set of installation files.
1. Choose a name for the server. Refer to the hierarchic al name scheme that you created based on
    your company’s structure.
2. Identify the function of the server -- for example, will it be a mail server or an application server?
    The function of the server determines which tasks to enable during configuration.
3. Decide where to locate the server physically and decide who administers it.
4. Decide whether the server is part of an existing Domino domain or is the first server in a new
    Domino domain. For more information on Steps 1 through 4, see the chapter ″Deploying Domino.″
5. If this is the first server in a Domino domain, do the following:

a. Install the server program files.
b. Use the Domino Server Setup program to set up the server.
c. Complete network-related setup.
d. Create organization certifier IDs and organizational unit certifier IDs, as required by the hierarchical
name scheme.
d. Distribute certifier IDs to administrators.
e. Implement Domino security.

6.   If this server is part of an existing Domino domain, do the following:
a.   Use the Domino Administrator to register the server.
b.   Install the server program files on each additional server.
c.   Use the Domino Server Setup program to set up each additional server. For more information on
     Steps 5 and 6, see the proc edures that follow and the chapters ″Setting Up the Domino Net work″
     and ″Planning Security.″
7.   Perform additional configuration procedures, based on the type of services, tasks, and programs
     that you want to run on this server.




                                                                                                          46
Entering system commands
Some of the procedures that follow include instructions for entering commands at the system
command prompt. The instructions tell you to enter the command from the ″ Domino program directory″
or ″Notes program directory,″ depending on whether you are performing the proc edure on an IBM(R)
Lotus(R) Domino(TM) server or an IBM(R) Lotus (R) Not es(R) workstation. Before entering commands,
make sure you understand the following definitions of these terms as they apply to your operating
system.

Microsoft Windows operating system s
On a Domino server, the Domino program directory is c:\Program Files\IBM\Lotus\Domino, unless you
installed the program files to a different location. On a Notes workstation, the Notes program directory
is c:\Program Files\IBM\Lot us\notes, unless you installed the program files to a different location.

UNIX operating systems
For Domino on a UNIX® server, the actual location of the server p rogram files is different from the
directory you us e for ent ering commands. Always use the following path for entering commands:

lotus/bin/server

The ″server’″ portion of the path is a script that initializes a UNIX shell so that Domino programs can
run on UNIX.

The default location of the lotus directory is /opt/ibm/lotus, but you can change it to any location, for
example, /local/lotus or /usr/lot us.

Server installation
The first step in deploying an IBM(R) Lotus(R) Domino(TM) server is installat ion, or copying the
program files to the system’s hard drive. To install Domino, see the following procedures:
 Installing Domino on Windows systems
 Installing Domino on UNIX systems
 Using silent server installation to install Domino on Windows or U NIX systems
 Installing Domino on Linux on zSeries systems
 Using Silent Server Install on Linux on zSeries systems.

Installing Domino on Windows systems
You can install IBM(R) Lotus(R) Domino(TM) on a Microsoft(R) Windows(R) system by following this
procedure, or you can perform a silent installation of a local server.

1. Before you install the Domino server program files on a Windows system, do the following:
 Make sure that the required hardware and software components are in place and working.
 Read the Release Not es for operating system and net work protocol requirements and for any last -
minute changes or additions to the doc umentation.
 Temporarily disable any screen savers and turn off any virus -detection software.
 Before running any Domi no setup command, be sure to complete any pending reboot actions you
may have from installing other applications.
 Make sure that all other applications are closed. Otherwise, you may corrupt any shared files, and
the Install program may not run properly.
 If you are upgrading to Domino from a previous release, see the upgrade information available at
http://www.redbooks.ibm.com.

2.  Run the install program (SE TUP.E XE), which is on the installation CD.
3.  Read the Welcome screen, and click Next. Then read the License Agreement and click I accept
    the terms in the license agreement, and then click Next.
4. Choose the program directory, and choose whether you are installing partitioned servers. Click
    Next.
5. Specify the data directory in which to copy the software. If you are installing a partitioned server,
specify a data directory for each partition.




                                                                                                            47
Note: For partitions, use the Add button to add each of the data directories to the list. If they are not
added to the list they will not be installed.

6. Select the server type you acquired:
 Domino Utility Server -- Installs a Domino server that provides application services only, with support
for Domino clusters. The Domino Utility Server removes client access license requirements. Note that
it does NOT include support for messaging services. See full licensing text for details.
 Domino Messaging Server -- Installs a Domino server that provides messaging services. Note that it
does NOT include support for application services or Domino clusters.
 Domino Enterprise Server -- Installs a Domino server that provides both messaging and application
services, with support for Domino clusters.
 Customize - Allows you to select the features you want to install.

Note: All installation types support Domino partitioned servers. Only the Domino Enterpris e Server
supports a service provider (xSP) environment.

7.    If you are installing partitioned servers, specify a data directory for each partition.
8.    Review the summary information, and then select Next to begin installing files.
9.    Click Finish to complete the install program.
10.   Choose Start - Programs - Lotus Applications - Lotus Domino Server, or use the icons on your
      Desktop to start the Server Setup program.

Using silent server installation to install Domino on Windows or UNIX syste ms
Use IBM(R) Lotus(R) Domino’s(TM) silent server installation to install servers without any intervention
during the installation process. The silent server installation suppresses the wizard and the user
interface. There is no need to monitor the installation or to provide additional input through the typical
installation dialog boxes. Before running Domino’s silent server install on a Microsoft(R) Windows (R)
or UNIX(R) system, do the following:
 Make sure that the required hardwa re and software components are in place and working.
 Read the Lotus Domino Release Not es for operating system and net work protocol requirements.
Check the Release Not es for last-minute changes or additions that may impact the silent server install.
 Temporarily disable screen savers and turn off virus -detection software.
 Before running any Domino setup command, complete any pending reboot actions you may have
from installing ot her applications.
 Make sure that all other applications are closed; otherwise, you may corrupt shared files, and the
Install program may not run properly.

Customized silent server install on Microsoft Windows and UNIX systems:
There are three methods of customizing silent server installs. Create or rec ord the response fil e, whic h
contains the installation configuration information, or modify the sample response file provided in the
install kits.

Creating the response file for silent server installation:
A typical (non-silent) install uses dialog boxes to receive input from you during installation. The silent
(automated) server install does not prompt you for input. Instead, response files are used to provide
the detail information for the install process. There are two methods of generating response files, the
template and record methods.

A response file created using the template met hod contains the literal values that are used during the
install process. It is generated prior to the execution of the installation and contains all of the default
installation options and paths. You can manually customize this file by editing options. The benefit of
using a template file is that you do not need to install a server in order to create the file.

A response file created using the record method is generated after the server i nstall completes, at the
time the wizard exits and stores the values of the applicable wizard properties in the file. The recorded
response file is useful for saving a record of a specific wizard execution session which can later be
reused in a silent or m odified installation. When you install a server, your customizations are saved to
the resulting response file, eliminating the need to edit the response file. This is the ″safer″ method
because you do not create issues caused by typos or incorrect entries and values.



                                                                                                             48
Creating a response file by modifying a sample response file: Use this procedure to create a response
file by modifying one of the response file templates that are provided in the install kit. Response files
contain installation configuration information. The sample response files, sample_response.txt or
unix_response.dat., are located on the CD with the other installation files.

1. To modify the sample response file, do one of these:
 Open the templat e file, modify the file as necessary, and then save the file to a new name.
 Save the file to a new file name, modify the file, and then save the file again.

2.   Run the silent install referencing the response file. Creating a new res ponse file template: Use this
     procedure to create a new respons e file. It takes several minutes for the response file to be
     created. When the SE TUP.E XE or ./install file and the JAVA.E XE file have finished running, the
     new response file is ready for use. To determine whether SE TUP.E XE or ./install and JAVA.E XE
     have finished running, check the Task Manager on Microsoft(R) Windows(R), or the UNIX(R)
     system processes.

1. Do one of these:
 On Microsoft Windows, run setup.ex e -options-tempate c:\temp\file.txt
 On UNIX, run ./install -options-template /local/response.dat

2.   Modify the resulting response file with your specific install options.
3.   Run the silent install referencing the response file.

Creating a new response file template: Use this procedure to record a new respons e file. It takes
several minutes for the respons e file to be created as you must complete the server installation on the
system.

1. Do one of these:
 On Microsoft Windows, run setup.ex e -options-record c:\temp\file.txt
 On UNIX, run ./install -options-record /local/response.dat
2. Run through the installation dialogs making the selections you want specified in you response file.
    Your response file will be complete at the end of the installation.
3. Run the silent install (on ot her systems) referencing the response fileUsing a response file:

To use a res ponse file, specify the -options parameter and the ex act path to the response file on the
command line. Enter the command in the format shown in the ex ample according to plat form:

For Microsoft(R) Windows (R) plat forms
setup.exe -silent -options c:\temp\file.txt

For UNIX(R) platforms
./install -silent -options /local/response. dat

For additional examples for Windows and UNIX platforms, see the table.

Installation activity                                        Example
Running silent install with default selections and options   On Windows: setup.exe - silent On UNIX: ./install -
                                                             silent
Creating a Response File:                                    On Windows: setup -options-template c:\temp\file.txt On
                                                             UNIX: ./install -options-template /local/response.dat
Recording a response file                                    On Windows: setup -options-record c:\temp\file.txt On
                                                             UNIX: ./install -options-record /local/response.dat
Running silent install using response files                  On Windows: setup.exe -silent -options c:\temp\file.txt
                                                             On UNIX: ./install -silent -options /local/response.dat

Running the Silent Server Install on Microsoft Windows or UNIX Syste ms
You can run silent server install either with a respons e file or without a respons e file. When you run
silent server install with a response file, custom install options are applied to the install while it is
running. When you run silent server install without a response file, the install uses all of the default
options. To create a res ponse file for automating the IBM(R) Lotus(R) Domino(TM) installation, see the



                                                                                                                 49
topic Using silent server installation to install Domino on Windows or UNIX systems. Complete these
steps to run a silent server install for the Domino server:
1. Launch the server install with any of the command line parameters shown in the table below

Parameter                                                Description and example
-silent Runs the basic silent server install using the    On Microsoft(R) Windows(R), setup.exe -silent
default options                                           On UNIX(R), ./install -silent
Runs the silent server install with customized options    On Windows, setup -silent -option C:\temp\file.txt
                                                          On UNIX, ./install -silent -option /local/response.dat

2.   Log in to the root account for Domino S erver installation.
3.   Change to the directory containing the ″install″ script.
4.   Enter the following at the root command prompt to run the script: ./install
5.   Follow the on-screen instructions and specify these options:

Option                                                   Action
Add data directories only                                Choose one:
                                                          Yes to change a single Domino server into a
                                                         partitioned server or add data directories to an existing
                                                         partitioned server
                                                          No to keep a single Domino server
Domino Server                                            installation type Choose the server type that you
                                                         acquired. For an xSP server, you must have the
                                                         Domino Enterprise Server.
Install template files                                   Choose one:
                                                          Yes to install new templates
                                                          No to retain templates from a previous releas e
Install xSP server (for Domino Enterprise Server only)   Choose one:
                                                          Yes if this is an xSP server
                                                          No if this is not an xSP server
Program directory                                        Specify the directory in which Domino will store
                                                         program files.
Create /opt/ibm/lotus soft link                          Choose one:
                                                          Yes if this system will have only one Domino
                                                         installation (program directory)
                                                          No if this system will have multiple Domino
                                                         installations (multiple program directories)
Data directory                                           Specify the directory in which Domino will store data
                                                         files. If you are installing a partitioned server, indicate
                                                         that and specify multiple data directories.
UNIX User name                                           Specify the person who will own the server
                                                         configuration data. If you are installing a partitioned
                                                         server, you may specify a different person for each data
                                                         directory.
UNIX Group name                                          Specify the group to which the UNIX User belongs. If
                                                         you are installing a partitioned server, you may specify
                                                         a different group for each data directory

To use script mode
Script mode installation provides silent install functionality for UNIX plat forms and allows you to install
saved installation settings to a local server or remote servers.
SCRIP T.DA T, the default sample script file, contains information you need to install the Domino server
program files, including descriptions of eac h paramet er and instructions for using the -script option to
install partitioned servers.

Note: Existing SCRIP T.DA T files from previous Domino versions cannot be used with the new ISMP
installer. Modify a local copy of the file sample unix_response.dat provided with the install kits. More
options are now available than in the previous installation’s script.dat file.

1.   Change the directory to the kit’s install directory on either the CD -ROM or network drive.




                                                                                                                    50
2.   Copy SCRIP T.DA T from the kit’s install directory to your local system as filename.dat Where
     filename is the name you want to give to the local script file that will contain the installation
     settings.
3. Open the local script file, filename.dat, and set the parameters as needed. It is usually best to use
     the default settings, as follows:
 Install target host name -- parameter = target_hosts
 Domino server installation type -- Choos e the server type that you acquired.
 Install templat e files -- template_install_option = 1
 Add data directories only -- add_dat a_directories_only = 0
 Install xSP server -- asp_install_option = 0
 Program directory -- Use the directory where Domino stores program files.
 Create /opt/ibm/lotus soft link -- opt_lot us_softlink = 0
 Data directory -- Use the directory where Domino stores data files.
 UNIX User name -- Person who will own the server configuration dat a
 UNIX Group name -- The group to which the UNIX Us er belongs

4.   Save the local file, filename. dat.
5.   Log in to the root account from your local system.
6.   Switch back to the kit’s install directory (CD-ROM or network).
7.   To install using the local script file, enter this command at the UNIX console prompt: install -script
     filename.dat

Using Silent Server Install on Linux on zSeries syste ms
These instructions apply to Linux(R) on zSeries systems. Before running a silent server install, read all
of the installation information in this chapter.

Running a silent server install on Linus on zSeries:
1. Make a local copy of the file SCRIP T. DA T. The SCRIP T.DA T file is located in the install directory.
2. Edit the new copy of SCRIP T.DA T. The step-by-step instructions for editing the file are in the
   SCRIP T.DA T file.
3. Run the install program by entering this command: ./install -script /tmp/script.dat

Note: The command shown above us es the directory name ″tmp″ but you may name this directory
according to your own naming conventions.

Using the express install
Note: Before running any IBM(R) Lotus(R) Domino(TM) setup command, be sure to com plete any
pending reboot actions you may have from installing other applications. Express install is similar to a
regular server install except that you have the additional option of launching the server from the last
window displayed during ex press install. During the express install, you are presented with various
dialog boxes and informational messages, as you would be during the standard Domino server install;
however, during express install, many of the options present ed on the dialog boxes are selecte d for
you, resulting in a faster install proc ess. To run Domino’s Express Install, from the Installer command
line, enter the following command: setup -express

Note: Run Domino express server install from the full installation kit. It is not available for installation
from a Web kit.

Disabling Concurrent I/O and Direct I/O on Domino servers on AIX
Conc urrent I/O (CIO) and Direct I/O (DIO) are not supported with IBM(R) Lotus (R) Domino(TM)
servers. CIO is a file system feature int roduced in IBM(R) A IX(R) 5.2.0. 10, also known as maintenance
level 01, in the Enhanced Journaling File system (JFS 2). This feature improves performance for many
environments, particularly for relational databases. Because the CIO feature is not supported for use
with Domino servers, do not enable this option on file systems that Domino accesses. If this option is
enabled, Domino dat a might become corrupted, which can cause server crashes or performance
issues. Certain core file system items, such as file buffer cache, per -file lock or inode lock, and sync
daemon, are managed differently by the operating system with the CIO option enabled. Domino is not
coded to address these changes in behavior. The CIO option is typically enabled as a flag when a file
system is mounted. Use these steps to disable the mount option:



                                                                                                           51
1.  Run this command for each file system mounted with CIO: chfs -a options=rw /FS_NAME Where
    /FS_NAME is the name of the mount point.
2. Unmount and remount each file system, or reboot, which has the same effect when done afte r
    running the chfs commands.
3. To verify that the change was applied, run ’mount’ and verify that you do not see ″cio″ in the mount
options column, as shown in the examples.

Example of output with CIO disabled
/dev/test05lv   /test05 jfs2     Oct 04 23:13     rw,log=INLINE

Example of output with CIO enabled:
/dev/test03lv   /test03   jfs2   Sep 19 19:25     rw,cio,log=INLINE

For more information on the CIO feature, see the A IX whitepaper ″Improving Database Performance
With AIX Concurrent I/O″ at http://www-1.ibm.com/servers/aix/whitepapers/db_perf_aix.pdf

The Domino Server Setup program
 The IBM(R) Lotus(R) Domino(TM) Server Setup program guides you through the choices you make
to configure a Domino server. Setting up the first Domino server in a domain establishes a framework
that consists of the Domino Directory, ID files, and documents. When you set up additional servers,
you build upon this framework.

Note: Domino first server setup creates IDs with a default public key width of 1024 bits. If a different
key width is required, run SE TUP.E XE to install the Domino files but before starting the server, open
the server’s NOTES.INI file, and then set SE TUP _FIRS T_SERVER_PUB LIC_KEY _WIDTH to the
desired key width. For example, for Domino R5-c ompatible keys, install the files for the Domino server
by running SE TUP.E XE, but before starting the server, open the NOTES.INI file and then set
SETUP_FIRS T_SERVE R_P UBLIC_KEY_WIDTH=630. The public key width can be set to either 630
or 1024 when using the NOTES. INI variable.

Setting up the first Domino server does the following:
 Creates a Domino domain.
 Creates the certification log file, names it CERTLOG. NSF, and saves it in the Domino data directory.
 Uses the PUBNAMES.NTF templat e to create the Domino Directory for the domain, names the
directory NA MES.NSF, and places it in the Domino data directory.
 Creates an organization certifier ID, names it CERT.ID, and saves it in the Domino data directory.
 Optionally creates an organizational unit certifier ID, names it OUCERT. ID, and stores it in the
Domino Directory.
 Creates a Certifier document, which describes the organization certifier ID, in the Domino Directory.
 Creates a server ID, names it SERVER.ID, and saves it in the Domino data directory.
 Uses the organization certifier ID to certify the server ID.
 Creates a Server document in the Domino Directory and includes in it information that you specified
during the setup program.
 Creates a Person document in the Domino Directory for the Domino Administrator that you specified
during the setup program.
 Creates a user ID and password for the Domino Administrator and attaches it as a file named
USER.ID to the administrat or’s Person document in the Domino Directory.
 Uses the organization certifier ID to certify the administrator’s user ID.
 Gives the administrat or and the server Manager access in the ACL of the Domino Directory.
 Adds the server name to the LocalDomainServers group in the Domino Directory.
 Creates the log file, names it LOG.NSF, and saves it in the Domino data directory.
 Enables the appropriate network and serial ports.

 Creates a mail directory in the Domino data directory and creates a mail file in that directory for the
Domino Administrator.
 Creates the Reports file, names it REPORTS.NSF, and saves it in the Domino data directory.
 Updates network settings in the Server document of the Domino Directory.
 Configures SMTP, if selected during the setup program.


                                                                                                            52
 If ″DOLS Domino Off Line Services″ was selected during the setup program, creates the Off -Line
Services file, names it DOLADMIN.NSF, and saves it in the Domino dat a directory,.
 Updates the Access Control List in all databases and templates in the Domin o data directory tree to
remove A nonymous access and/or add LocalDomainAdmin access, depending on the selections
made during the setup program.
 Configures xSP Service Provider information, if selected during the install program.

Setting up an additional Domino server does the following:
 Copies the Domino Directory, if a file loc ation was specified during the setup program, names it
NAMES.NSF, and saves it in the Domino data directory.
 Dials the existing Domino server if the connection is made thro ugh a modem (possible only on
Microsoft (R) Windows(R) systems).
 Copies the server’s ID from the location specified during the setup program, either from a file, a copy
of the directory, or the existing Domino server’s directory; names it SERVER.ID; and saves it in the
Domino data directory.
 Retrieves the Domain name and Administrator name from the Server document in the Domino
Directory.
 Creates the log file, names it LOG.NSF, and saves it in the Domino data directory.
 Copies or replicates the Administration Requests file, names it ADMIN4.NSF, and saves it in the
Domino data directory.
 Copies or replicates the Monitoring Configuration file, names it EVENTS4.NSF, and saves it in the
Domino data directory.
 Replicates the Domino Directory, if it doesn’t already exist, names it NAMES.NSF, and saves it in
the Domino data directory.
 Creates a Connection doc ument to the existing Domino server in the Domino Directory.
 Creates the Reports file, names it REPORTS.NSF, and saves it in the Domino d ata directory.
 Updates network settings in the Server document of the Domino Directory.
 Configures SMTP, if selected during the setup program.
 If ″DOLS Domino Off-Line Services″ was selected during the setup program, creates the Off-Line
Services file, names it DOLADMIN.NSF, and saves it in the Domino dat a directory.
 Updates the Access Control List in all databases and templates in the Domino data directory tree to
remove A nonymous access and/or add LocalDomainAdmin access, depending on the selections
made during the setup program.
 Configures xSP Service Provider information, if selected during the install program.
 Replicates changes made to the Server document with the existing server, if any.

Using Domino Off-Line Services (DOLS) and Domino Web Access
To provide IBM(R) Lotus(R) Domino(TM) Web Access users with the ability to work off line, you must
enable IBM Lotus Domino Off-Line Services (DOLS) when you set up the server. DOLS enables users
to work off line, disconnected from the net work, and provides many replication features that IBM Lotus
Notes(R) us ers expect when working in the Notes client.

Users require a Notes ID so that DOLS can synchronize the offline mail file wit h the server. The
default DOLS configuration will prompt the user for a Notes ID the first time they go offline with
Domino Web Access.

If you rename a user, the us er must reinstall the DOLS offline subscription in order for the offline mail
file to synchronize with the server. After a name change, the user must wait for the old Notes ID and
password to stop working, accept the name change using a Notes client, then log on to Domino Web
Access with the new Notes ID and password.
Setting up DOLS on a server IBM(R) Lotus(R) Domino(TM) Off-Line Servic es (DOLS) must be
configured on the Domino server for users to be able to take applications off-line and use only a
browser to work wit h them. You can enable any application for DOLS. The following templates are
enabled for DOLS by default:
 IBM(R) Lotus(R) Domino(TM) Web Access (MAIL8. NTF, DWA7.NTF, and iNOTES6. NTF)
 Discussion - IBM(R) Lotus(R) Notes(R) and Web (R7) database (DIS CSW7.NTF)To configure DOLS
during Domino Server Setup
1. Under ″Setup Int ernet servic es for,″ select ″Web Browsers (HTTP servic es),″ and then click
      Customize.


                                                                                                        53
2.  In the ″Domino tasks″ list, select ″DOLS Domino Off-Line Services.″
3.  At the end of setup, when you have the option to create an access control list entry , add the group
    LocalDomainAdmins to all databases and templates.
4. Accept the default option ″Prohibit Anonymous access to all databases and templates.″ If you
    deselect this option, you must open the A CL for each DOLS application and assign No Access to
    Anonymous.
5. Make sure the following names are identical:
 The TCP/ IP DNS host name -- In Microsoft(R) Windows(R), choose Start - Programs - Windows
Explorer. Then choose Network Neighborhood properties - TCP/IP properties. On the DNS
Configuration tab, look at the Host field.
 The server name -- Open the Server document and look at the Server name field.
 The Internet host name -- Open the Server doc ument and look at the ″Fully qualified Internet host
name″ field. Note: DOLS runs on Domino servers configured to work through a Microsoft IIS server.

To configure DOLS manually
If you do not configure DOLS during Domino S erver S etup, you can configure DOLS manually by
editing the Server document.

1. Open the Server doc ument.
2. Click Internet Protocols - HTTP.
3. In the ″DSAP I filter file names″ field, ent er the DSAPI filter file name that corresponds to the
     operating system that the server is running, and then restart the server:
 Microsoft Windows - ndolextn
 Linux(R) - libdolextn
 IBM(R) AIX(R) - libdolextn
 Solaris/Sparc - libdolextn
 S390(R) - libdolextn
 iSeries(R) - libdolextn

Note: On the iSeries platform, the Server document is updated when a new server is configured or an
existing server is modified using the CFGDOMSV R or CHGDOMSVR CL command with DOLS(*YES)
specified.

For more information on configuring an iSeries server wit h DOLS, see t he Lotus Domino for iSeries
Release Notes.
4. Create a DOLA DMIN.NSF database from the templat e DOLADMIN.NTF.
5. After the database is created, restart the Domino administrator and click the Configuration tab. The
name of the DOLADMIN.NSF is an option in the Navigation pane.

To set up DOLS on clustered servers
Before using DOLS on a clustered Domino server, make sure that:
 The Domino server is either a Domino Utility Server or Domino Enterpris e Server.
 All servers in the cluster run the same release of Domino with DOLS
 Clustered server management is running to handle both failover of replication and HTTP
 Internet Cluster Manager is running
 Subscription directories must have the same name on every clustered server. For example, if a
subscription is under \data\Webmail us er\7CD5957CB669AE2285256BDF00567A D8\, this name
cannot be different on a different server in the cluster.

To configure DOLS on a server that uses Web Site documents
If you create a Web Site Document (a type of Internet Site document ) on the Domino server, you must
add the appropriate DOLS DSAPI filter filename to the DSAPI field in the Web Site document for
DOLS to be enabled. If there are several Web Site documents, you must add the DSAP I filter filename
to each one. To add the DOLS DSAP I filter filename to a Web Site document:
1. Open the Web Site document.
2. Click the Configuration tab.
3. In the ″DSAP I filter″ field, enter the DSAPI filter file name that corresponds to the operating system
     that the server is running, and then restart the server:
 Win32 - ndolextn


                                                                                                        54
 Linux - libdolextn
 IBM(R) AIX(R) - libdolextn
 Solaris/Sparc - libdolextn
 S390 - libdolextn
 iSeries - libdolextn For more information on Internet Site documents, see the topic ″Configuring
Internet sites with Web Site and Int ernet Site documents.″
Setting up Domino Web Access on a server
IBM(R) Lotus(R) Domino(TM) Web Access provides IBM Lotus Not es(R) users with browser-based
access to Notes mail, and Not es calendar and scheduling features. Using Domino Web Access, a user
can send and receive mail, view the calendar, invite people to meetings, create to do lists, k eep a
notebook, and work off line. To set up Domino Web Access, choose ″Web Browsers (HTTP Web
services)″ during Server Setup. If you want to give us ers the ability to work off line, also choose
IBM(R) Lotus(R) Domino(TM) Off-Line Services (DOLS). DOLS is not required to run Domino Web
Access.

Note: When providing a Domino domain name, do not use a period. For example, use
AcmeProduction as a domain name instead of Acme.Production. In the Domino Administrator, make
sure that the Fully Qualified Domain name (FQDN) (such as acme.lotus.com) is specified on the
Basics tab of the Server document.

Setting up Domino Web Access with IBM Lotus Sametime
IBM(R) Lotus(R) Domino(TM) Web Access (DWA) integrates an instant messaging (IM) capability so
that users can chat with their co-workers online and maintain an instant messaging list that shows the
online status of other users. The instant messaging awareness feature also displays online status next
to the names of people in mail messages, views and folders. In addition, Web conferencing
capabilities are available if your organization purchased IBM Lotus Sametime(R). Use these
installation instructions to install and set up Sametime for Domino Web Access. For complete
information on installing IBM Lotus Sametime, see the IBM Lotus Sametime 7. 5 Installation Guide for
your operating system, and the IB M Lotus Sametime 7.5 Administrator’s Guide. To view or download
the Sametime documentation, go to http://www.lotus.com/LDD/doc.

Note: New in Domino 8.5, Domino Web Access has its own Contact List client that replac es Sametime
Connect for browsers, which was used in 7.x.

Configuration Notes
 For Mozilla, you must have at least Sametime 3.1 to run instant messaging integration. Previous
versions of Lotus Sametime are not supported in Domino Web Access on Mozilla.
 When you install Domino 8.5, the stlinks files that are installed in the stlinks directory (for example,
C:\st\domino\Data\domino\html\sametime\stlinks), are overwritten. If you have modified stlinks files (for
example, if the Sametime server is configured for tunneling) thes e files will be replaced. When you are
upgrade to 8.5, these files are backed up in a file called stlinks.sav. For additional information, see the
topic Customizing S TLinks files for tunneling or reverse proxy servers.
 To access the Sametime server using a protocol that is different from the current Web page’s
protocol, use the NOTES. INI configuration setting iNotes_WA_SametimeProtocol.
 Sametime integration with Domino Web Access is not supported with JRE 1.4.1.

Part 1 - Set up Domino Web Access on a Domino server
1. Set up Domino Web Access on a server by making the appropriate selections during server setup.
Bovenstaande pagina.
2. Register users with the Mail (R8) (MAIL8.NTF) mail tem plate.

Part 2 - Set up the Sametime server
If possible, the Sametime server should be in the same Domino domain as the Domino Web Access
server. Follow the instructions in the IBM Lotus Sametime 7. 5 Installation Guide to install and
configure instant messaging on a dedicated Domino server in the same Domino domain as the
Domino Web Access server.




                                                                                                        55
If the Sametime server is in a different domain than your Domino Web Access server, follow the
instructions in Setting up Sametime and Domino Web Access in diff erent domains.
Make sure the Sametime server is functioning properly before proceeding. If you have multiple
Sametime servers in a single community, also make sure that Domino single sign-on (SSO) is
functioning properly between the servers. For complet e information on working with multiple Sametime
servers, see the IBM Lotus Sametime 7.5 Administrat or’s Guide, available on
http:\\www.lotus.com/ldd/doc.
Part 3 - Create Connection documents
You need Connection documents for the Domino Web Access and the S ametime server if the
Sametime server is not in the same domain as the Domino Web Access server. Also, if the Sametime
server is in the same domain as the Domino Web Access server, but is not clustered with the
registration server, you need a Connection document in order to replicat e the Domino Directory.

Create Connection documents using the standard procedure, and include the information below:

On the Domino Web Access server:
 Enter the Sametime server’s name in the ″Destination server″ field. For example: Sametime/Acme.
 Enter the Domino Web Access server’s name in the ″Source domain″ field.
 Enter the Sametime server’s name in the ″Destination domain″ field.

On the Sametime server:
 Enter the Domino Web Access server’s name in the ″Destination server″ field.
 Enter the Sametime server’s name in the ″Source domain″ field.
 Enter the Domino Web Access server’s name in the ″Destination domain″ field.

Part 4 - Specify the Sametime server for Domino Web Access users
There are two ways to specify a Sametime server for Domino Web Access users. You can edit the
Configuration Settings document for the Domino Web Access server, or you can edit the person
document for each user who us es instant messaging.

Method 1
To enable instant messaging and set the Sametime server for all Domino Web Access users at one
time, use the Instant Messaging settings in the Configuration Settings document, Domino Web Access
tab. After you have done this, individual users can enable or disable instant messaging on their local
Domino Web Access clients by setting a User Preference.

Method 2 If you choose not to enable instant messaging for all users, then you must edit the person
document for each user who will use instant messaging:
1. From the Domino Administrator, click the People & Groups tab.
2. Select the Domino Web Access Domino directory, then click People.
3. Double-click a name to open the us er’s Person document.
4. Click Edit.
5. Enter the name of the Sametime server in the ″Sametime server″ field. For example,
    Sametime/Sales/Acme/UK.
6. Click ″Save & Close.″
7. Repeat Steps 3 though 6 for each person.

Part 5 - Set up the Instant Contact List in Domino Web Access
Domino Web Access 8.5 has its own Contact List client that replaces Sametime Connect for browsers,
which was used in 7. 0. Follow the steps below to set up the new Domino Web Access Contact List.

Configure Java servlet support
1. From the Domino Administrator client, open server document for the Dom ino Web Access server
     in edit mode.
2. Click the Internet Protocols - Domino Web Engine tab.
3. In the Java(TM) Servlets section, for the field Java servlet support, select ″Domino Servlet
Manager″ from the list. 4. Save and close the document, and then restart the server.




                                                                                                      56
Edit the Sametime Configuration file
1. Open the Sametime Configuration application (stconfig.ns f) on the Sametime server.
2. From the ″By Form″ view, open the ComunityConnectivity document.
3. Add the IP address of the Domino Web Access server to Community Trusted IPs field.
4. Save and close the document, and then restart the Sametime server.

Enable the Domino Web Acce ss Contact Li st client for Mozilla Firefox
1. Add the NOTES.INI setting iNotes_WA_DisableFirefoxAwareness=0 to the NOTES.INI file on the
   Domino Web Access server.
2. Add the signed version of the stlinks.jar file into the stlinks directory wherever you have an stlinks
   directory (on the Sametime server and on the Domino Web Access server).
3. Create a text file in the data directory on the Domino Web Access server called servlets.properties
   that includes the following line:
servlet.DWABuddyList.code=com.lotus.dwa.stbuddy.DWABuddyList

Part 6 - (for mixed environments only) Install Sametime 7.0 Connect for brow sers
For users whose mail file is based on the DWA7.NTF template on a Domino 8.5 server, you can
disable Domino Web Access Contact List and use the Sametime 7.0 Connect for browsers. Sametime
7.0 Connect for browsers is not installed by default when you install the Sametime 7.5.x server.

Di sable the Domino Web Access Contact Li st
1. From the Domino Administrator, click the Configuration tab.
2. Click the Configuration Settings document for the Domino Web Access server, and then click Edit
     Configuration.
3. Click the Domino Web Access tab.
4. In the Instant Messaging section, for the field Prefer DWA 8 Contact List, select Disabled.
5. Save and close the document, and then restart the server.

Deploy Sametime 7.0 Connect for brow sers on a Sametime 7.5 server
Extract the file javaconnect.zip to the <server>\data\domino\html\sametime\javaconnect directory on
the Sametime 7. 5 server.

Enable the Sametime 7.0 Connect for brow sers link for Sametime 7.5
1. Open the Sametime Configuration application (stconfig.ns f) on the Sametime server.
2. From the ″By Form″ view, open the ComunityClient document.
3. Set the Launch Connect link field to True.
4. Save and close the document, and then restart the Sametime server.

Part 7 - Set up Domino Web SSO authentication between the Domino Web
Access server and IM server
Domino single sign-on (SSO) authentication allows Web users to log in once to a Domino or
WebSphere server, and then access any other Domino or WebS phere server in the same DNS
domain that is enabled for single sign -on (SSO) without having to log in again. In a multiple server
environment, it is possible that one or more servers in y our Domino domain are already configured for
Domino SSO, and the Domino Directory already contains a Domino Web SSO configuration
document. When you install Sametime, it creates a Web SSO configuration document called
LtpaToken unless one already exists in the Domino directory. If an LtpaToken configuration document
already exists, Sametime does not attempt to alter it. For more information about Domino Web SSO
authentication, see the topic Multi-s erver session-based name-and-password authentication for Web
users (single sign-on).

Configure the Domino Web Access server for Web SSO
Complete the steps in this section if your Domino Web Access server is not configured for Web SSO,
and you want to use the Web SSO document that Sametime created to configure it.
1. Ensure that the Domino Directory has replicated throughout the Domino domain since you installed
Sametime.
2. Update the Web SSO Configuration document that was created when you installed Sametime
    (LtpaToken):
a. Open the Domino Directory and select the Configurations - Web - Web Configurations view.
b. From within this view, expand the list of Web SSO Configurations.



                                                                                                       57
c. Open the ″Web SSO Configuration for LtpaToken″ document in edit mode. (If you are unable to edit
the document, record the settings in the document, and then delete it and create a new one. )
d. Update these fields if necessary: Domino Server Names -- make sure this field contains the name
    of all of the Domino Web Access servers and Sametime servers that should participat e in Single
    Sign-on. DNS Domain -- make sure this is the fully-qualified domain name of the Domino Web
    Access and Sametime server.
e. e. Click Save & Close.
3. Enable single sign-on and basic authentication in the S erver document for the Domino Web
    Access server as described in Enabling single sign-on and basic authentication. When you update
    the Web SSO Configuration field, select LtpaToken from the list.
4. Ensure that the updates replicat e to all of the servers in the domain.

Update Domino Web Access server Web SSO configura tion
Complete the steps in this section if your Domino Web Access server is already configured for Domino
Web SSO. You must add the Sametime server to your configuration:
1. Update your existing Domino Web SSO Configuration document.
a. Open the Domino Directory and select the Configurations - Web - Web Configurations view.
b. From wit hin this view, expand the list of Web SSO Configurations.
c. Open the Domino Web SSO document that you are using for your Domino Web Access server in
   edit mode.
d. Update these fields if necessary: Domino Server Names -- make sure this field contains the name
   of all of the Domino Web Access servers and Sametime servers that should participat e in Single
   Sign-on. DNS Domain -- make sure this is the fully-qualified domain name of the Sametime
   server.
e. Click save & Close.

2.   Update the Server document for the Sametime server.
a.   Open the server document.
b.   Click Internet Protoc ols - Domino Web Engine, and select the Web SSO Configuration field.
c.   From the drop-down list, select the Web SSO Configu ration that you are using for the Domino
     Web Access server.
d.   Click Save & Close.

3. Ensure that the updates replicat e to all of the servers in the domain. Although Domino SSO is the
preferred authentication method, you can continue to use secrets and tokens authentication
databases, if you are already using them. For example, if any of the servers in your domain is
configured for something other than multiple server SSO, (single server SSO for example) you must
use secrets and tokens authentication. For in formation on setting up Secrets and Tokens
authentication, see the topic Setting up Secrets and Tokens authentication for instant messaging in
Domino Web Access.

Part 8 - Verify that instant messaging works with Domino Web Access
1.   Make sure that replication is complete, the Person documents exist on the Sametime server, and
     that the updated Web SSO document exists on all of the servers that will participate in single sign -
     on..
2.   If you have not already done so, follow the instructions in the IB M Lot us Sametime 7.5 Installation
     Guide to verify that instant messaging is working properly before you test whether it is working
     with Domino Web Access clients.
3.   Launch Domino Web Access in a browser. In any view or document in whic h online awareness
     appears, click the Active status icon of the person you want to chat with to test the instant
     messaging connection.

Note: If the instant messaging status does not appear next to the Welcome username text in Domino
Web Access, check the user’s Person doc ument in the Domi no directory. If you configured the
Sametime server by populating this document, make sure the ″Sametime server″ field is correct
(Basics tab, under Real-Time Collaboration).
Setting up Secrets and Tokens authentication for instant messaging in Domino
Web Access
If you want to use Secrets and Tokens aut hentication databases for your instant messaging security
instead of IBM(R) Lotus (R) Domino(TM) Single Sign-On (SSO) Authentication, you must Create a


                                                                                                        58
one-time replica of the Tokens database on the IBM(R) Lotus (R) Domino(TM) Web Access server.
When you do this, remember that file names are case sensitive on UNIX(R), so the Secrets database
name must be entered exactly as STAuthS.nsf. To replicate S TAuthS.ns f from the IBM(R)
Sametime(R) server to the Domino server directory:
1. Using an IBM(R) Lotus(R) Notes(R) client, choose File - Application - Open.
2. Enter the name of the Sametime server (for example, Sametime/Acme).
3. Enter the Secrets database filename: STA uthS.nsf
4. Click Open.
5. Choose File - Replication - New Replica.
6. Enter the name of the IBM(R) Lotus(R) Domino(TM) Web Access server (for example,
    iNotes/Acme)
7. Ensure that the database is replicat ed to the data directory: ... \domino\data\stauths.nsf.
8. Click OK to create the replica.

Note: Aft er you have replicated stauths.ns f from your Sametime server to your Domino server, open
the Replication Settings dialog box for the database, click Other, and check the ″Temporarily disable
replication for this replica″ box. This will prevent anot her version of the database from a Microsoft (R)
Windows (R) system from overwriting your name change (using uppercase and lowercase letters) for
the UNIX(R) server.

Setting up Sametime and Domino Web Access in different domains
If you prefer to use Web single sign on (SSO) authentication, see the topic Setting up the Web SSO
Configuration document for more than one Domino Domain. To set up a cross -domain configuration
when the IBM(R) Lotus(R) Sametime(R) server and the IBM(R) Lotus(R) Domino(TM) Web Access
server are located in different domains:
1. Cross certify both domains with each other. This step may be necessary only if the Sametime
     server uses Domino authentication instead of LDAP.
2. Configure Directory Assistance on the Sametime server as needed:
 If Sametime uses native Domino aut hentication, then Directory Assistance must point to the Domino
Web Access server, using the Notes protocol instead of LDAP.
 If Sametime was installed to use LDAP, then Directory Assistance is configured automatically, and
nothing further is necessary.
3. If you have set up single sign on (SSO), go to Step 4. If you do not have SSO set up, replicate
     STAuthS. nsf to the Domino Web Access Server (file name is case sensitive on UNIX(R) servers).
4. Create a server doc ument for the Sametime server in the Domino Directory of the Domino Web
     Access server, completing the fields below:
 Server name
 Domain name
 Fully qualified Internet host name
 Is this a Sametime server?

Another way to do this is to edit Configuration Settings document, Domi no Web Access tab, and enter
the Sametime server name in the in the field ″Set an instant messaging server hostname for all
Domino Web Access users.″ If you use this setting, you do not need to complete Step 5.

5. Enter the Sametime server name in the Sametime Server field of each Domino Web Access user’s
Person document.

Note: If the Sametime server is configured using a port other than the default port, then the ″Fully
Qualified Hostname″ field must contain hostname:port. For complete information on working with
multiple Sametime servers, see the IB M Lotus Sametime 7.5 Administrator’s Guide, available on
http://www.lotus.com/LDD/ doc.

Troubleshooting Sametime in Domino Web Access
If instant messaging icons do not display in IBM(R) Lotus(R) Domino(TM) Web Access mail and the
Cont act List, check the following:
 The IBM Lotus Sametime(R) server is up running. To make sure stlinks is running normally, you can
check the Sametime server directory \trace\stlinks.txt log file.




                                                                                                             59
 All the ST**** services are up running. Check the control panel - services; all ST**** services should
be running when the Sametime server has fully started. If there are S T**** services not running, start
STCommunity server first. If this service cannot be started, check the network connections and the
Sametime server log file.
 Make sure the \stlinks directory and the files are on both the Sametime server and application server
directories.
 When you update the level of Sametime by installing a newer release of S ametime or apply ing a fix
pack, it is possible that you will also need to updat e the stlinks files on your Domino Web Access
server. Make sure you check the documentation that accompanies the Sametime update.
 If you had previously customized the S TLinks files and have recently upgraded either your
Sametime server or your Domino Web Access server to a new version of Domino, the customized files
may have been replaced. See the topic Customizing S TLinks files for tunneling or Reverse Proxy
servers.
 Make sure the user has enabled Instant Messaging in Preferences.
 Make sure the user’s Person document has been set up with the Sametime server names.
 Use the http:// protocol only for the Sametime server.

To identify the current Sametime server version:
1. Type the following URL: http://<Sametime server hostname>/stcenter.nsf if the Sametime server is
    running on a Micros oft(R) Windows(R) plat form. To avoid case sensitive issues on other
    platforms, search for the file under <Sametime server directory>/stcenter.nsf and use t he file
    name case as it shown there.
2. At the bottom of the page, click Administer the Server.
3. Login to Instant Messaging, and then click Help - About Sametime.

Brow ser Addre ss:
The instant messaging integration feat ures rely on the ability of the bro wser to directly communicate
with the Sametime server. This means that the fully -qualified Int ernet hostname of the Sametime
server must be resolvable from the browser (for example, the fully qualified Internet hostname for a
Domino server named IM/Acme might be im.acme.com). Therefore, either DNS must be able to
resolve this address or it must be resolved to the proper IP address by some other mechanism (such
as editing of the local operating system’s hosts file).

Using the Domino Server Setup program
The following procedures describe the ways you can use the Server Set up program.
 Use the Server Setup program on the server you are setting up
 Use the Server Setup program from a client system or from another server
 Create a setup profile by recording your choices during the Server Setup program
 Use a setup profile to set up multiple servers with the same requirements
 Use a setup profile without viewing the setup screens (″silent″ setup)
 Using aut omatic server setup on Linux on zSeries and on UNIX


Indic language support in the Domino Server Setup program
You can change both the font and the alphabet that displays when you enter text in a field on a Server
Setup program screen. Normally, the alphabet that displays is that of the default lan guage. The
Domino Server Setup program supports the following alphabets:
-   Bengali
-   Devanagari
-   Gujarati
-   Gurmukhi
-   Kannada
-   Malayalam
-   Oriya
-   Tamil
- Telugu



                                                                                                      60
To change the font
Note: Changing the font is required for the Devanagari alphabet, as the default font does not work with
it.
1. Start the setup program by starting the Domino server.
2. On the Welcome screen, click Font.
3. Select a font that will work with the alphabet you plan to use.
4. To select an alphabet different from that of the default language, see t he following procedure.

To change the alphabet
Changing the alphabet is supported for the Micros oft(R) Windows(R), IBM(R) A IX(R), and Linux(R)
operating systems only.
1. Start the setup program by starting the Domino server.
2. Right -mouse click on the title bar of the screen in which you want to enter text that uses an
    alphabet different than that of the default language.
3. Select ″Select Input Method.″
4. Select the alphabet that you want to use.
5. Enter text in one or more fields on the screen.

Note: Clicking Next to go to the next screen restores the alphabet to that of the default language.
Repeat the preceding procedure for each screen on which you want to use a different alphabet.

Using the Domino Server Setup program locally
After installing the IBM (R) Lotus(R) Domino(TM) server program files on a server, you can run the
Domino Server Setup program locally by starting the server. The Server Setup program asks a series
of questions and guides you through the setup process. Online Help is available during the process.

Note: During server setup, you can us e an existing certifier ID instead of creating a new one. The
certifier ID that you specify cannot have multiple passwords assigned to it. Attempting to use a certifier
ID with multiple passwords generates an error message and causes server setup to halt. If you are
using Linux(R) on zSeries, you cannot use the Domino Server Setup program locally. You must use
the Domino Server Setup program remotely, as described in the next section.

To run the Server Setup program from a Windows client with Domino
Administrator
Note: Before running any Domino setup command, be sure to complete any pending reboot actions
you may have from installing other applications.
1. Make sure that you:
 Selected ″Remote Server Setup″ when you installed Domino Administrator on the client system (on
the Windows desktop, choose Start - Programs - Lot us Applications and see if Remote Server Setup
appears in the list)
 Know the host name or network address of the remote system
2. Install the Domino server program files on a server system, but do not run the Domino Server
    Setup program.
3. At the command prompt on the server system, from the Domino program directory, do one of the
    following:
 On a Microsoft(R) Windows(R) server, ent er nserver -listen v On a UNIX(R) server, enter server -listen
4. On the client system, choose Start - Programs - Lotus Applications - Remot e Server Setup.
5. In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to
    the remote server.
6. Enter the host name or net work address of the remot e server.
7. Click OK to start the Domino Server Setup program.

To run the Server Setup program from a Windows client without Domino
Administrator, or from a UNIX workstation
Note: Before running any Domino setup command, be sure to complete any pending reboot actions
you may have from installing other applications.


                                                                                                        61
1. Make sure that you know the host name or net work address of the remote system.
2. Install the Domino server program files on a server system, but do not run the Domino Server Setup
program.
3. At the command prompt on the server, from the Domino program directory, do one of the
     following:
 On a UNIX server, enter
/lotus/bin/server -listen

 On a Windows server, enter
nserver -listen

4.   On the client system, install the Java(TM) runtime environment.
5.   Create a temporary directory on the client system. For example, enter the following at the
     command prompt:

 On a Windows client:
mkdir c:\temp

 On a UNIX workstation:
mkdir /temp

6. Do one of the following:
 From a Windows client, copy the remote setup files CFGDOMSERVER. JAR, JHALL.JA R, and
REMOTESE TUP.CMD from the server to the directory you created on the client system. These files
are in C:\Domino program directory on the server. v From a UNIX workstation, copy the remote setup
files CFGDOMSERVE R.JAR, JHA LL.JA R, and REMOTESE TUP from the server to the directory you
created on the workstation. These files are in / Domino program directory/lotus/not es/latest/ibmpow/ on
an IBM(R) AIX(R) server, /Domino program directory/lotus/notes/latest/zlinux/ on a Linux(R) on
zSeries server, /Domino program directory/lotus/notes/latest/linux/ on a Linux server, and /Domino
program directory/lotus/notes/latest/sunspa/ on a Solaris server.

Note: Linux on zSeries and z/OS ship tar files on the cd which contain all the files needed for remote
server setup.
 On Linux on zSeries -- ZLINUX_CLIENT. TA R
 On z/OS -- ZOS_CLIENT. TA R

7.  At the command prompt on the client system, from the directory you created, do one of the
    following:
 On a Windows client, enter remotes etup.cmd
 On a UNIX workstation, enter remot esetup
8. In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to
    the remote server.
9. Enter the host name or net work address of the remot e server.
10. Click OK to start the Domino Server Setup program.

To run the Server Setup program from another server system
1.  Install the IBM(R) Lotus(R) Domino(TM) server program files on bot h server systems, but do not
    run the Domino Server Setup program.
2. Make sure that you know the host name or network address of the remote system.
3. At the command prompt on the local server system, from the Domino program directory, do one of
    the following:
 On a Microsoft(R) Windows(R) server, ent er
nserver -listen
 On a UNIX(R) server, enter server -listen

4. Do one of the following:
 On a Windows server, enter nserver -remote
 On a UNIX server, enter
server -remote


                                                                                                     62
Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so that the setup
program is directed to a workstation supporting X-Window.

Tip: Entering nserver -help or server -help displays all parameters available for working with remote
server setups.
5. In the Connect to Remote Domino Ser ver dialog box, click Ping to ensure that you can connect to
the remote server.
6. Enter the host name or network address of the remote server.
7. Click OK to start the Domino Server Setup program.


Creating a server setup profile
A server setup profile is a file that you use to quickly configure servers. To create a server setup
profile, you run the S erver S etup program in record mode, either at the server you are setting up or
from a Microsoft(R) Windows(R) client. Creating a server setup profile from a Windows client is easier
if the client has the IBM(R) Lotus(R) Domino(TM) Administrator installed -- to create a profile from a
client without Domino Administrator, you need the Java(R) runtime environment plus some files from
the program directory of an installed Domino server. For more information, see the topic ″Entering
system commands correctly″ earlier in this chapter.

To create a setup profile at a server
1.   Install the Domino server program files on the server system, but do not run the Domino Ser ver
     Setup program.
2.   At the command prompt on the server, from the Domino program directory, do one of the
     following: v On a Microsoft Windows(R) server, enter nserver -record v On a UNIX(R) server, enter
     server –record

Note: For Linux(R) on zSeries and z/OS, set the DISPLAY environment variable so that the setup
program is directed to a workstation supporting X-Window.

Tip: Entering nserver -help or server -help displays the parameters available for working with server
setup profiles.3. Enter a name and description for the profile.

4. Continue through the setup program. Domino saves your selections in a file with the name you
specified in Step 3. By default this file is created in the Domino program directory.

To create a setup profile from a Windows client with Domino Administrator
1.  Make sure that you selected ″Remote Server Setup″ when you installed Domino Administrator on
    the client system.
2. Install the Domino server program files on the server system, but do not run the Domino Server
    Setup program.
3. At the command prompt on the client system, from the IBM(R) Lotus(R) Notes(R) program
    directory, ent er serversetup -record
4. Enter a name and description for the profile.
5. Continue through the setup program. Domino saves your selections in a file with the name you
specified in Step 4 and stores the file in the Notes program directory on the client system.

To create a setup profile from a Windows client without Domino Administrator
or from a UNIX workstation
1.   Install the Domino server program files on the server system, but do not run t he Domino Server
     Setup program.
2.   On the client system, install the Java(TM) runtime environment.
3.   Create a temporary directory on the client system.

For example, ent er the following at the command prompt:
 On a Microsoft(R) Windows(R) client: mkdir c:\temp
 On a UNIX(R) workstation: mkdir /temp

4. Do one of the following:


                                                                                                        63
 From a Windows client, copy the remote setup files CFGDOMSERVER. JAR, JHALL.JA R, and
REMOTESE TUP.CMD from the server to the directory you created on the client system. These file s
are in C:\Domino program directory on the server.
 From a UNIX workstation, copy the remote setup files CFGDOMSERVE R.JAR, JHALL.JA R, and
REMOTESE TUP from the server to the directory you created on the workstation. These files are in
/Domino program di rectory/lotus/notes/latest/ibmpow/ on an IBM(R) AIX(R) server,
/Domino program directory/lotus/notes/latest/zlinux/ on a Linux on zSeries server,
/Domino program directory/lotus/notes/latest/linux/ on a Linux server, and
/Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server.

Note: Linux on zSeries and z/OS ship tar files on the CD that contains the files needed for remote
server setup.
 On Linux on zSeries -- ZLINUX_CLIENT. TA R
 On z/OS -- ZOS_CLIENT. TA R

5. At the command prompt on the client system, from the directory you created, enter: remotesetup -
record

Note: For Linux on zSeries and z/OS, Set the DISPLAY environment variable so that the setup
program is directed to a workstation supporting X-Window.

6. Enter a name and description for the profile.
7. Continue through the setup program.

Domino saves your selections in a file with the name you specified in Step 6 and stores the file in the
client-system directory that you created in Step 3.


Using a server setup profile
You can use a server setup profile at the server you are setting up or from a client system. Using a
server setup profile from a Microsoft(R) Windows (R) client is easier if the client has the IBM(R)
Lotus(R) Domino(TM) Administrator installed -- to us e a profile from a Windows or UNIX(R) client
without Domino Administrator, you need the Java(TM) runtime environment plus some files from the
program directory of an installed Domino server. When you use a setup profile, you choose whether or
not to view the setup screens as you run the profile. Running a profile without viewing the screens is
sometimes referred to as a ″silent″ setup. For more information, see the topic ″Entering system
commands correctly″ earlier in this chapter.

To use a setup profile at the server
1.  Install the Domino server program files on a server system, but do not run the Domino Server
    Setup program.
2. At the command prompt on the server, from the Domino program directory, do one of the
    following:
 On a Microsoft(R) Windows(R) server, ent er nserver -playback
 On a UNIX(R) server, enter server -playback

Tip: Entering nserver -help or server -help displays the parameters available for working with server
setup profiles.

3.  Choose the profile to use. If you don’t see the profile you want in the list, click Browse to locate the
    directory that contains the profile.
4. To change the existing profile, select ″Modify selected profile.″ Click OK to start the server setup.

To use a setup profile from a Windows client with Domino Administrator
1.   Make sure that you selected ″Remote Server Setup″ when you installed Domino Administrator on
     the client system.
2.   Install the Domino server program files on a server system, but do not run the Domino Server
     Setup program.
3.   At the command prompt on the server system, from the Domino program directory, do one of the
     following:


                                                                                                         64
 On a Microsoft(R) Windows(R) server, ent er nserver -listen
 On a UNIX(R) server, enter server -listen

4. At the command prompt on the Windows client, from the Notes program directory, enter:
serversetup -playback

5. In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to
the server.
6. Enter the host name or network address of the server.
7. Click OK.
8. Choose the profile to use. If you don’t see the profile you want in the list, click Browse to locate the
    directory that contains the profile.
9. To change the existing profile instead of running it to set up a new server, select ″Modify selected
    profile.″
10. Click OK to start the server setup.

To use a setup profile from a Windows client without Domino Administrator or
from a UNIX workstation
1.  Install the Domino server program files on a server system, but do not run the Domino Server
    Setup program.
2. At the command prompt on the server system, from the Domino program directory, do one of the
    following:
 On a Windows server, enter nserver -listen
 On a UNIX(R) server, enter server -listen
3. On the client system, install the Java runtime environment.
4. Create a temporary directory on the client system. For example, enter the following at the
    command prompt:
 On a Windows client: mkdir c:\temp
 On a UNIX workstation: mkdir /temp

5. Do one of the following:
 From a Windows client, copy the remote setup files CFGDOMSERVER. JAR, JHALL.JA R, and
REMOTESE TUP.CMD from the server to the directory you created on the client system. These files
are in C:\Domino program directory on the server.

 From a UNIX workstation, copy the remote setup files CFGDOMSERVE R.JAR, JHALL.JA R, and
REMOTESE TUP from the server to the directory you created on the workstation. These files are in
/Domino program directory/lotus/notes/latest/ibmpow/
on an IBM(R) A IX(R) server,
/Domino program directory/lotus/notes/latest/zlinux/ on a Linux(R) on zSeries server,
/Domino program directory/lotus/notes/latest/linux/ on a Linux server, and
/Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server.

Note: Linux on zSeries and z/OS ship tar files on the CD that contains the files needed for remote
server setup.
 On Linux on zSeries -- ZLINUX_CLIENT. TA R
 On z/OS -- ZOS_CLIENT. TA R

6. At the command prompt on the client system, from the directory you created, enter:
remotesetup -playback

Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so t hat the setup
program is directed to a workstation supporting X-Window.
7. In the Connect to Remote Domino Server dialog box, click Ping to ensure that you can connect to
the server.

8. Enter the host name or network address of the server.
9. Click OK.




                                                                                                        65
10. Choose the profile to use. If you don’t see the profile you want in the list, click Browse to locate the
    directory that contains the profile. To change the existing profile, select ″Modify selected profile.″
11. Click OK to start the server setup.


Using silent server setup
A ″silent″ setup is one in which you do not view the setup screens as you run the server setup profile.
You can do a silent setup at the server you are setting up or from a client system. Doing a silent setup
from a Microsoft(R) Windows(R) client is easier if the client has the IBM(R) Lotus(R) Domino(TM)
Administrator installed -- to do a silent setup from a Windows(R) or UNIX(R) client without Domino
Administrator, you need the Java(TM) runtime environment plus some files from the program directory
of an installed Domino server.

Tip: When doing a silent setup, display a progress bar (Windows) or have percent -complete written to
the command line (UNIX) by adding the -pb paramet er to the end of the command.

For more information, see the topic ″Entering system commands correctly″ earlier in this chapter.

To do a silent setup at the server
Note: Before running any Domino setup command, be sure to complete any pending reboot actions
you may have from installing other applications.
1. Install the Domino server program files on a server system, but do not run the Domino Server
    Setup program.
2. At the command prompt on the server, from the Domino program directory, do one of the following:
v On a Windows server, enter nserver -silent c:\myprofile.pds v On a UNIX server, ent er server -silent
/myprofile.pds where myprofile is the name you gave to the profile file.

Note: If the profile file is not in the root directory, use the profile’s full path in the command.

Tip: Entering nserver -help or server -help displays the parameters available for working with server
setup profiles.

3. If the profile uses existing server, certifier, or administrator IDs that require passwords, do the
following: a. Create a text file that contains the passwor ds for the existing IDs.
The keywords in this are:
Server=
AddServer=
Certifier=
OUCertifier=
Administrator=

b. Add a parameter in the command line for the name of the password file. For example, on Windows
enter:
nserver -silent c:\myprofile.pds c:\passwd.txt

4.   If this is a partitioned server setup, add the = parameter to the command line to specify the
     NOTES.INI file in this partition’s Domino data directory.

For example, on Windows enter:
nserver -silent c:\myprofile.pds =c:\lotus\domino\data2\notes.ini

5. Check the ERRORLOG. TXT file in the Domino data directory to confirm that the setup is complete,
or to view any error messages that were generat ed during setup.

To do a silent setup from a Windows client with Domino Administrator
1.   Make sure that you selected ″Remote Server Setup″ when you installed Domino Administrator on
     the client system.
2.   Install the Domino server program files on a server system, but do not run the Domino Server
     Setup program.




                                                                                                         66
3.  At the command prompt on the server system, from the Domino program directory, do one of the
    following:
 On a Windows server, enter
nserver -listen
 On a UNIX server, enter
server -listen

4.   At the command prompt on the client system, from the IBM Lotus Notes program directory, enter:
     serversetup -silent c:\myprofile.pds -remote serveraddress

Where myprofile is the name you gave the setup profile and serveraddress is the host name or
network address of the server you are setting up.

Note: If the profile file is not in the root directory, use the profile’s full path in the command.

5.   If the profile uses existing server, certifier, or administrator IDs that require passwords, do the
     following: a. Create a text file that contains the passwords for the existing IDs.

The keywords in this are:
Server=
AddServer=
Certifier=
OUCertifier=
Administrator=

b. Add a parameter in the command line for the name of the password file.

For example, on Windows enter:
serversetup -silent c:\myprofile.pds c:\passwd.txt -remote serveraddress

If this is a partitioned server setup, add the = parameter to the command line to specify the NOTES. INI
file in this partition’s Domino data directory.

For example, on Windows enter:
serversetup -silent c:\myprofile.pds -remote serveraddress =c:\lotus\domino\data2\notes.ini

6.   Check the ERRORLOG. TXT file in the Notes data directory to confirm that the setup is complete,
     or to view any error messages that were generat ed during setup.

To do a silent setup from a Windows client without Domino Administrator or
from a UNIX workstation
1.  Install the IBM(R) Lotus(R) Domino(TM) server program files on a server system, but do not run
    the Domino Server Setup program.
2. At the command prompt on the server system, from the Domino program directory, do one of the
    following:
 On a Windows server, enter
nserver -listen
 On a UNIX server, enter
server -listen

Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so that the setup
program is directed to a workstation supporting X-Window.

3. On the client system, install the Java runtime environment.
4. Create a temporary directory on the client system.
For example, ent er the following at the command prompt:
 On a Windows client:
mkdir c:\temp
 On a UNIX workstation:
mkdir /temp



                                                                                                           67
5. Do one of the following:
 From a Windows client, copy the remote setup files CFGDOMSERVER. JAR, JHALL.JA R, and
REMOTESE TUP.CMD from the server to the directory you created on the client system. These files
are in C:\Domino program directory on the server.
 From a UNIX workstation, copy the remote setup files CFGDOMSERVE R.JAR, JHALL.JA R, and
REMOTESE TUP from the server to the directory you created on the workstation.

These files are in
/Domino program directory/lotus/notes/latest/ibmpow/ on an IBM(R) AIX(R) server,
 /Domino program directory/lotus/notes/latest/zlinux/ on a Linux on zSeries server,
/Domino program directory/lotus/notes/latest/linux/ on a Linux server, and
/Domino program directory/lotus/notes/latest/sunspa/ on a Solaris server.

Note: Linux on zSeries and z/OS ship tar files on the CD that contains the files needed for remote
server setup.
 On Linux on zSeries -- ZLINUX_CLIENT. TA R
 On z/OS -- ZOS_CLIENT. TA R

6. At the command prompt on the client system, from the IBM Lotus Notes program directory, enter:
remotesetup -silent c:\myprofile.pds-remote serveraddress

Note: For Linux on zSeries and z/OS, set the DISPLAY environment variable so that the setup
program is directed to a workstation supporting X-Window. Where myprofile is the name you gave the
setup profile and serveraddress is the host name or network address of the server you are setting up.

Note: If the profile file is not in the root directory, use the profile’s full path in the command.

7. If the profile uses existing server, certifier, or administrator IDs that require passwords, do the
following: a. Create a text file that contains the passwords for the existing IDs.

The keywords in this are:
Server=
AddServer=
Certifier=
OUCertifier=
Administrator= b.

Add a parameter in the command line for the name of the password file.

For example, on Windows enter:
remot esetup -silent c:\myprofile.pds c:\passwd.txt -remote serveraddress

7.   If this is a partitioned server setup, add the = parameter to the command line to specify the
     NOTES.INI file in this partition’s Domino data directory.

For example, on Windows enter:
remotesetup -silent c:\myprofile.pds -remote serveraddress =c:\lotus\domino\data2\notes.ini

9. Check the ERRORLOG. TXT file to confirm that the setup is complet e, or to view any error
messages that were generated during setup.




                                                                                                         68
Server registration
Before you install and set up additional servers, you must register them. In effect, registering a server
adds the server to the system. The server registration process creates a Server document for the
server in the IBM(R) Lotus(R) Domino(TM) Directory and creates a server ID. Aft er registering and
installing a server, you use the Server Setup program to obtain a copy of the Domino Directory for the
new server and to set up the server to run particular services and tasks -- for example, the HTTP
service, the Mail Router, and so on.

The server registration user interface automatically removes leading spaces and trailing spaces from
passwords. Passwords cannot begin or end with a space. This also applies to certifier registration and
user registration.

Note: When setting up an additional server, obtaining the Domino Directory from the registration
server via dialup over a modem is possible for Microsoft (R) Windows(R) systems only. For other
operating systems, the additional server must be on the net work in order to communicate with the
registration server.

Before you register servers, plan and understand your company’s hierarchical name scheme. The
name scheme defines which certifie r ID to use when you register each new server. In addition, make
sure that you have access to each certifier ID, know its password, and have created ID rec overy
information for it.

If you have decided to use the IBM(R) Lot us(R) Domino(TM) server -based certification authority (CA),
you can register servers without access to the certifier ID file and its password.

For more information on the hierarchic al name scheme, see the chapter ″Deploying Domino.″ For
information on ID recovery, see the chapter ″Protecting and Managing Notes IDs.″ For more
information on using the Domino server-based CA, see the chapter ″Setting Up a Domino Server-
based Certification A uthority.″

The registration server, which is the server that initially stores changes to documents in the Domino
Directory until the Domino Directory replicates with other servers, must be up and running on the
network. To register servers from your workstation, you must have access to the registration server
and have at least Author access with the Ser ver Creator and Group Modifier roles in the ACL of the
Domino Directory.

When you register a server, Domino does the following:
 Creates a server ID for the new server and certifies it with the certifier ID
 Creates a Server document for the new server in the Domino Directory v Encrypts and attaches the
server ID to the Server document and saves the ID on a disk or in a file on the server
 Adds the server name to the LocalDomainServers group in the Domino Directory
 Creates an entry for the new server in the Certification Log (CE RTLOG.NSF) If you have a Domino
server-based CA for issuing Int ernet certificates, you can choose to configure the new server to
support SSL connections by providing a server key ring password and the server’s host name. Th en,
Domino does the following:
 The registration process creates a certificate request in the Administration Requests database
(ADMIN4.NSF) to be processed by the server’s Internet CA
 The registration process creates a ″create SSL key ring″ request in ADMIN4. NSF
 Once you set up and start the new server and the ″creat e SSL keying″ request has replicated to it,
the ″create SSL key ring″ request creates the server key ring file and an ″enable SSL ports″ request
for the administration server of the Domi no Directory
 The ″enable SSL ports″ request enables all the SSL ports on the new server and creates a ″monitor
SSL status″ request for the new server
 The ″monitor SSL status″ request restarts all of the Internet tasks currently running on the new
server so that the tasks will accept SSL connections

Note: You must use the Domino Administrator if you want to use this server registration process to
configure a new server for SSL.




                                                                                                        69
For more information on these requests, see the appendix ″Administration Process Requests.″


Registering a server
Note: If you have not specified a registration server in Administration Preferenc es, this server is by
default:
 The server specified in the NewUserServer setting in the NOTES. INI file
 The Administration server

1.    If you are supplying the certifier ID, make sure that you have access to it and that you know its
      password.
2. If you are using the IBM(R) Lotus(R) Domino(TM) Administrator and would like the new server to
support SSL, make sure that you have an Inte rnet CA configured.
1. From the Domino Administrator or Web Administrator, click the Configuration tab.
2. From the Tools pane, click Registration - Server.
3. If you are using the Domino Administrator, do the following:
a. If you are using the CA process, click Server and select a server that includes the Domino Directory
that contains the Certific ate Authority records, and the copy of the Administration Requests database

(ADMIN4.NSF) that will be updated with the request for the new certificate. Then click ″ Use the CA
Process,″ select a CA-configured certifier from the list, and click OK.
b. If you are supplying the certifier ID, select the registration server. Then click ″Certifier ID″ and locate
the certifier ID file. Click OK, enter the password for the c ertifier ID, and click OK.
c. In the Register Servers dialog box, click Continue if you want to apply the current settings to all
servers registered in this registration session; otherwise, complete these fields:

Field                                                   Action
Registration Server                                     Click Registration to specify the registration
                                                        server.
Certifier                                               If the certifier ID displayed is NOT the one you
                                                        want to use for all servers registered in this
                                                        session, or if you want to use the Domino server-
                                                        based CA instead of a certifier ID, click Certifier
                                                        and you return to Step 4.
Public key specification                                The public key specification that you us e impacts
                                                        when key rollover is triggered.

                                                        Key rollover is the process used to update the set
                                                        of Notes public and private keys that is stored in
                                                        user and server ID files. Choos e one:
                                                         Compatible with all releases (630 bits)
                                                         Compatible with Release 6 and later (1024 bits)

                                                        Note: For information about the significance of the
                                                        public key specification and key rollover, see the
                                                        topic User and server key rollover.
License type                                            Choose either North American (default) or
                                                        International. In practice, there is no difference
                                                        between a North Americ an and an International ID
                                                        type.
Expiration date                                         (Optional) To change the expiration date of the
                                                        Server Certificate, enter the date in mm-dd-yyyy
                                                        format in the Certificate Expiration Date box. The
                                                        default date is 100 years from the current date,
                                                        minus allowances for leap years.
Certificate Authority                                   If you want the server to support SSL, select an
                                                        Internet CA from the list.




                                                                                                            70
d. Click Continue.

4.   If you are using the Web Administrator, do the following:

a.   Select a registration server that includes the Domino Directory that contains the Certificat e
     Authority records, and the copy of the Administration Requests database (ADMIN4. NS F) that will
     be updated with the request for the new certificate.
b.   Select a CA-configured certifier from the list, and click OK.

7. In the Register New Server(s ) dialog box, complet e these fields for each server that you want to
register:

Field                                                 Action
Server name                                           Enter the name of the new server
Server title                                          Enter the server title, which appears on the
                                                      Configuration tab in the All Server Documents
                                                      view and in the Server Title field of the Server
                                                      document.
Domino domain name                                    The default domain name is usually the same as
                                                      the name of the organization certifier ID.
Server administrator name                             Enter the name of the person who administers the
                                                      server.
ID file password                                      Required if you are going to store the server ID in
                                                      the Domino Directory. Optional if you store the
                                                      server ID in a file. The password is case-sensitive
                                                      and characters you use will depend on the level
                                                      you set in the Password quality scale.
Password Options                                      Click Password Options. Specify a password
                                                      quality scale by choosing the level of complexity
                                                      for the password. By default, the level is 0, where
                                                      16 is the highest. Click OK.
Location for storing server ID                         Select ″In Domino Directory″ to store the server
                                                      ID in the Domino Directory.
                                                       Select ″In File″ to store the server ID file in a file.
                                                      Then click ″Set ID File,″ select the name and path
                                                      for the file, and click Save.

                                                      Note: You don’t see this field from the Web
                                                      Administrator, as the server ID is stored in the
                                                      Domino Directory.

8. (Domino Administrator only ) If you chose an Internet CA in the Register Servers dialog box and
you want the server to support SSL connections, click Advanced, select ″Enable S SL ports,″ and
complete the following fields:
 Server key ring password -- Enter a password for the server key ring
 Server host name -- Enter the fully qualified domain name of the server, for example,
app01.acme.com

9. Do one:
 Click the green check box to add the server to the registration queue.
 Click the red X to clear the fields.

10. The server registration queue displays the servers ready to be registered. To display the settings
for a server, select the server name in the queue.

11. Click one:
 New Server -- To clear fields in the Register New Server(s ) dialog box
 Register All -- To register all servers in the registration queue
 Register -- To register the highlighted server in the registration queue



                                                                                                            71
 Remove -- To remove the highlighted server from the registration queue
 Done -- To close the Register Server(s) dialog box. Any servers remaining in the registration queue
will not be registered.

12. After you register a server, install it and then run the S erver Set up program to configure it.

Optional tasks to perform after server setup
After running the Server Setup program, you may want to perform one or more of the following tasks,
depending on the needs of your company:
 Create an additional organization certifier ID.
 Create an organizational unit certifier ID.
 Use Int ernet Site documents to configure Int ernet protocol server tasks:

–    Enable the Internet Sites view
–    Create an Int ernet Site document
–    Set up security for Internet Site documents


Creating an additional organization certifier ID
When you set up the first server in a domain, you create an organization certifier. If your hierarchical
name scheme calls for having multiple organizations but only one Domino Directory, you must create
an additional organiz ation certifier ID. For more information on organization certifier IDs, see the
chapter ″ Deploying Domino.″

1.  From the IBM(R) Lotus(R) Domino(TM) Administrator, click the Configuration tab.
2.  From the Tools pane, choos e Registration - Organization.
3.  (Optional) To change the registration server, whic h is the server that initially stores the Certifier
    document until the Domino Directory replicates, click Registration Server, select the correct
    server, and then click OK. If you have not specified a registration s erver in Administration
    Preferences, the registration server is by default:
 The local server, if there is one and it contains a Domino Directory
 The server specified in the NewUserServer setting in the NOTES. INI file
 The Administration server

4.   (Optional) Click Set ID file to change the location where Domino stores the certifier ID. Be sure to
     keep the certifier ID file in a secure place so that it is readily accessible to register new servers
     and users, but safe from misuse. By default, the certifier ID is stored in C:\.
5.   Complete these fields:

Field                                                   Action
Organization name                                       Enter the name of the organization. Enter a name
                                                        different from the one used on the organization
                                                        certifier ID creat ed when you set up the first
                                                        Domino server.

Country code                                            (Optional) Adding an organizational country or
                                                        region code for the country or region where the
                                                        organization’s corporate headquart ers are located
                                                        minimizes the chance that another organization
                                                        has the same organization name as yours. Enter
                                                        the country or region code only if you have
                                                        registered your organization name with a national
                                                        or international standards body. For multinational
                                                        companies, you can enter a country or region in
                                                        which the company has offices, as long as the
                                                        organization name is registered there.
Certifier password                                      Enter a case-sensitive password for the certifier.
                                                        The characters you use for this password depend
                                                        on the level set in the ″Password quality scale″



                                                                                                             72
                                                          field.
Password quality scale                                    Choose the level of complexity for the password.
                                                          By default, the level is 8, where 16 is the highest.
Security type                                             Choose either North American (default) or
                                                          International. In practice, there is no difference
                                                          between a North Americ an and an International ID
                                                          type.
Mail certification requests to (Administrat or)           Enter the name of the administrator who handles
                                                          recertification requests. The name specified here
                                                          appears in the Certifier doc ument in the Domino
                                                          Directory. If you are creating a certifier ID for an
                                                          off-site administrator, enter that administrator’s
                                                          name in this field.
Location                                                  (Optional) Enter text that appears in the Location
                                                          field of the Certifier doc ument.
Comment                                                   (Optional ) Enter text that appears in the
                                                          Comment field of the Certifier document.

6. Click Register.


Creating an organizational unit certifier ID
You can create up to four levels of organizational unit (OU) certifiers. To create first -level OU certifier
IDs, you use the organization certifier ID. To create second-level OU certifier IDs, you use the first-
level OU certifier IDs, and so on. For background information on OU certifier IDs, see the chapter
″Deploying Domino.″ For background information on OU certifier IDs, see the topic ″Certifier IDs and
certificates.″ on page 12

Note: The registration server is the server that initially stores the Certifier document until the Domino
Directory replicates. If you have not specified a registration server in Administration Preferences, the
registration server is by default:
 The local server if there is one and it contains a Domino Directory
 The server specified in NewUserServer setting of NOTES. INI
 The Administration server

To create an organizational unit certifier ID
1.   From the IBM(R) Lotus(R) Domino(TM) Administrator, click the Configuration tab.
2.   From the Tools pane, select Registration - Organizational Unit.
3.   (Optional) To change the registration server, click Registration Server, select the correct server,
     and then click OK.
4. Do one:
 Select ″Supply certifier ID and password.″ Click Certifier ID, select the certifier ID, click Open, and
click OK. Enter the ID password, and click OK.
 Select ″Use the CA Process″ and then choos e a CA certifier from the list.

5.     Click OK. If you are supplying the certifier ID, enter its password and click OK.
6.     (Optional) To change the registration server, click Registration Server, select the correct server,
       and then click OK.
7.   (Optional) To change which certifier ID to use to register the new certifier ID:
a.     Click Certifier ID.
b.     Select the certifier ID, click Open, and click OK.
c.     Enter the ID password and click OK.

8.    (Optional) Click ″Set ID File″ if you want to change the location where Domino stores the certifier
      ID. Be sure to keep the certifier ID file in a secure place so that it is readily accessible to register
      new servers and users, but safe from misuse. By default the ID is stored in C:\.


9. Complete these fields:



                                                                                                                 73
Field                                                Action
Organizational Unit                                  Enter a name for the new organizational unit.
Certifier password                                   Enter a case-sensitive password for the certifier. The
                                                     characters you use for this password depend on the
                                                     level set in the ″Password quality scale″ field.
Password quality scale                               Choose the level of complexity for the password. By
                                                     default, the level is 8, where 16 is the highest.
Security type                                        Choose either North American (default) or International.
                                                     In practice, there is no difference between a North
                                                     American and an International ID type.
Mail certification requests to (Administrator)       Enter the name of the administrator who handles
                                                     recertification requests. The name specified here
                                                     appears in the Certifier document in the Domino
                                                     Directory. If you are creating a certifier ID for an off-site
                                                     administrator, enter that administrator’s name in this
                                                     field.
Location                                             (Optional) Enter text that appears in the Location field of
                                                     the Certifier document.
Comment                                              (Optional) Enter text that appears in the Comment field
                                                     of the Certifier document.

10. Click Register.

Internet Site documents
Internet Site documents are used to configure the Internet protocols support ed by IBM(R) Lotus (R)
Domino(TM) servers. A separate Internet Site document is created for each protocol -- Web (HTTP),
IMAP, POP3, SMTP Inbound, LDAP, and IIOP -- which is then used to provide protocol configuration
information for a single server, or for multiple servers in a Domino organization. Specifically, you can
create:
 Web Site documents. You create a Web site document for each Web site hosted on the Domino
server.
 LDAP Site documents. You create an LDAP site document for LDAP protocol access to an
organization in a directory.
 IMAP, POP3, and SMTP Site documents. You create an individual Internet Site document for each
mail prot ocol for which you ent er an IP address.
 IIOP Site documents. You create an IIOP Site document to enable the Domino IIOP (DIIOP) task
on the server. This task allows Domino and the browser client to use the Domino Object Request
Broker (ORB ) server program.

Internet Site documents make it easier for administrators to configure and manage Internet protocols
in their organizations. For example, prior to Domino 6, if you wanted to set up a Web site in your
organization, it was necessary to configure each Domino server in the domain with Mapping
documents, Web realms, and File Protection documents. If you had virtual servers and virtual hosts,
you had to do the same thing for them. In Domino 6, you can configure a Web Site document so that
all servers and hosts use it to get configuration information for a Web site, including mapping
information, file prot ection information, and Web realm authentication information.

You must use Int ernet Site documents if you:
 Want to use Web-bas ed Distributed Aut horing and Versioning (WebDAV) on a Domino Web server.
 Have enabled SSL on your server and want to use Certificate Revoc ation Lists to check the validity
of Internet certificates used to authenticate with the server.
 Are using a service provider configuration on your server (see ″For service providers only″ below).
The Domino server is configured to use Internet Site documents if the option ″Load Internet
configurations from Server\ Internet Sites documents″ is enabled on the Basics tab on Server
document. If the option is not enabled, the server defaults to Server document settings to obtain
configuration information for Internet protocols.

Internet Site documents are designed to be used as follows:
 For any incoming connection, Internet Site documents, Certifier documents and Global Domain
documents are used to determine whic h organization (certifier) is associated with the target IP
address. In a Domino configuration, all incoming IP addresses usually map to the top level certifier.



                                                                                                              74
 For a specific organization and a specific protocol and a specific server, the Internet Site document
is used to determine which aut hentication controls are to be applied.

When you enter a Host name or IP address in an Internet Site document, you do not gain control over
which authentication controls are applied according to the IP address the user connects to. Instead,
the first Internet Site document located for the server and the organization is used. As a result, except
for Web Site documents, you should have only one Internet Site document for each organization,
protocol, and server combination.

For example, do not do the following: Server A has two IP addresses and you creat e the following two
Internet Site documents for POP3:
 One Internet Site document for one IP address with no SSL allowed
 One Internet Site document for another IP address, with SSL allowed.

The IP address is used to determine the organization and bot h Int ernet Site documents apply to the
same organization. The first Int ernet Site document that matches the server and the organization is
used, in this case, the Internet Site document that does not allow SSL.

Modifications to Internet Site documents (including the creation of new Site documents) are dynamic.
The server or protoc ol does not need to be restarted after you create a new Site doc ument, or after
you modify or delete an existing one. Changes generally take effect minutes after the change is made.

Internet Site documents are created in the Internet Sites view, which is used to help manage Internet
protocol configuration information by listing the configured Internet Site documents for each
organization in the domain.

While most protocol settings are configured in Internet Site documents, there are some settings that
need to be configured in the Server document to support Internet protocol configurations.

These include settings for:
 Enabling and configuring the TCP/ IP port.
 Enabling and configuring the SSL port (including redirecting TCP to SSL).
 Accessing the server -- such as who can access the server and how. For more information on server
access settings, see the chapter ″Cont rolling Access to Domino Servers.″

Setting up Internet Site documents on a Domino server
Do the following to set up basic Int ernet Site functionality on a Domino server.
1. Create Internet Sites document for the Internet protocols you want to use.
2. Set up security for each Internet Site document.
3. Enable Internet Site documents on the server.

For service providers only
Internet Site documents are required for hosted organizations. These documents control each hosted
organization’s use of Internet protoc ols. A hosted organization can only use an Internet protocol if the
hosted organization has an Internet site document for that protocol. A shared IP address may be used
for all hosted organizations, or unique IP addresses may be set up for each hosted organization.
Internet Site documents link IP addresses to the individual hosted organizations for each Internet
protocol. When registering hosted organizations, you have the option to create Internet Site
documents during hosted organization registration, or you can choose to create them later. Service
providers need to consider the following when using Internet Site doc uments:

 Each hosted organization has one Web Site document that can be created during hosted
organization registration. You must create this initial Web Site document to activate the HTTP
protocol. If you have multiple Web sites, you need one individual Web Site document for each
additional Web site for each organization. If the hosted organization supports DOLS, the Web Site
document must contain the name of the DSAPI filt er file name. For more information, see the topic To
configure DOLS on a server that uses Web Site documents in this chapter.
 You must create one mail protocol Site document (IMAP, POP3, or SMTP) for each prot ocol used by
each organization.



                                                                                                          75
 In a hosted environment, Domino IIOP (DIIOP ) can use the information in the IIOP Internet site
document to define the scope of the Domino Directory used to validate users. With DIIOP, you can
use any Java(TM) code running on any server on the net work.
 If your configuration has one IP address that is shared by multiple hosted organiz ations, HTTP,
IMAP, LDAP, POP3, and SMTP are the available protocols. For IMAP, LDAP, POP3, and SMTP
users, the name provided during authentication must be the user’s Internet e-mail address, so that the
server knows the organization of which each user is a member. Anonymous access to LDAP is not
supported in this configuration.
 To enable SSL for a hosted organization, you must enter the server IP address in the field ″Host
names or addresses mapped to this site″ on the Basics tab of the Internet Site document.

Creating an Internet Site document
You can create Internet Site documents for Web, IMAP, POP3, LDAP, SMTP Inbound, and II OP
Internet protocols. You create one document at a time.

To create an Internet Site document:
1. From the IBM(R) Lotus(R) Domino(TM) Administrator, click Configuration - Web - Internet Sites.
2. Click Add Internet Site, and select the type of Internet Site document to create.
3. Click the Basics tab, and complete these fields:

Field                                                  Action
Descriptive name for this site                         (Optional) Enter a name that differentiates this site from
                                                       all others that you create. This name appears in the
                                                       Internet Sites view in this format: the type of Internet
                                                       Site, the descriptive name, and the host name or
                                                       address. For example: Web Site: MyWebSite
                                                       (www.acme.com) If you do not enter a name, the
                                                       default name is the type of In ternet Site document with
                                                       the host name or address appended. For
                                                       example: POP3 Site: (www.acme.com )
                                                        For hosted environments -- The default descriptive
                                                       name is a combination of the hosted organization name
                                                       with the type of site document appended. For example,
                                                       a Domino IIOP site with a hosted organization name of
                                                       Acme would Acme IIOP Site.
Organization                                           (Required for all Internet Site documents) Enter the
                                                       name of the registered organization that hosts the
                                                       Internet Site document. The name must correspond to
                                                       the organization’s certifier.
                                                       Note : For Web Sites set up in a non-service provider
                                                       configuration, this name can be any suitable word or
                                                       phrase
Use this Web site to handle requests which cannot be   (Web Site documents only) Choose one:
mapped to any other Web sites                           Yes -- This Web site processes incoming HTTP
                                                       requests if Domino cannot locate the Web sites
                                                       that were ent ered in the ″Host names or
                                                       addresses mapped to this site″ field.
                                                        No (default ) -- This Web site does not process
                                                       incoming HTTP requests for which Domino cannot
                                                       locate a Web site.
Host names or addresses mapped to this site            (Required for all Internet Site documents) Enter the
                                                       target host names or IP addresses that trigger a
                                                       connection’s use of this Internet Site document. If the
                                                       site is set up for SSL, you m ust specify IP addresses.
                                                       For hosted environments -- When creating Domino
                                                       IIOP Site documents, the first host name IP address
                                                       that is on this list will be used to advertise DIIOP’s
                                                       service creating diiop_ior.txt. Therefore, it is
                                                       recommended that each Domino server have its own
                                                       Internet Site document.
Domino servers that host this site                     (Required for all Internet Site documents) Enter the
                                                       name of one or more Domino servers that host this site.
                                                       You can use any variation of distinguished name (for



                                                                                                              76
                                                      example, Server1/Sales/Acme) as well as wildcards (for
                                                      example, */Acme). The default is (*), which means that
                                                      all servers in the domain can host this site. If you leave
                                                      the field blank, the Internet Site will not be loaded on
                                                      any Domino server.

4. For all Internet Site documents, complete the settings on the Security tab.
5. Some Internet Sites require additional configuration. The table below indicates the Internet Site
documents that require additional configuration, and the locations for settings in those docume nts for
enabling additional configuration information unique to those protocols.

Document                                              Complete
Web Site                                               Configuration tab v Domino Web Engine tab
IMAP Site                                              Public Folder tab
IIOP Site                                              Configuration tab

6.   Save and close the document.

Setting up security for Internet Site documents
To set up security for Int ernet Site documents, you can enable SSL server and client authentication,
name-and-password authentication, or anonymous access for Internet and intranet clients.

In order to enable SSL for Internet Sites, you must configure the SSL port on the Server document and
set up SSL on the server by obtaining a server certificate and key ring from an Internet certificate
authority.

To set up SSL authentication, you must creat e a server key ring file for each Int ernet Site document.
However, if the Internet site documents are for the same organization, but are created for different
protocols, a single server key ring file can be used. Be sure to enter the server key ring file name in
the appropriate field on the Security tab of each site document.

If you want to use Certificate Revocation Lists (CRL) for Internet certificate authentication, the server
must be using a IBM(R) Lotus(R) Domino(TM) server-based certification authority for issuing Internet
certificates.

Note: For Web sites, the common name on the server key ring must match the DNS name to which
the IP address in the Web Site document is mapped. The IP address must be stored in the field ″Host
name or addresses to map to this site,″ which is located on the Web Site document. If you enable
Redirect TCP to SSL in a Web Site document, bot h the host name and the IP address must be stored
in this field.

You should be familiar with SSL authentication, name and password authentication, and anonymous
access before completing these steps.

For more information about SSL authentication, see the chapt er ″Setting Up SSL on a Domino
Server.″ in the pages just above this one.

For more information about name-and-password authentication and anonymous access, see the
chapter ″Setting Up Name-and-Password Authentication and Anonymous Access on a Domino
Server.″ in the pages just above this one.

To set up security for Internet Site documents:
Note: In IBM(R) Lot us(R) Domino(TM), it is possible to effectively prohibit access to an Internet Site by
selecting ″no″ for all authentication options in an Internet Site Doc ument. These options include TCP
authentication, SSL authentication, and TCP anonymous access.
1. From the Domino Administrator, click Configuration - Web - Internet Sites.
2. Choose the Internet Site document to modify, and click Edit Document.
3. Click Security, and complete these fields:




                                                                                                             77
Field                          Enter
TCP Authentication Anonymous   (Applies to all Internet sites, except IMAP and
                               POP3) Choose one:
                                Yes -- To allow anonymous access to this site
                                No -- To prohibit anonymous access
Name & password                Choose one:
                                Yes -- To require a user to authenticate with the
                               user’s name and Int ernet password to access the
                               site
                                No -- To not require name and password
                               authentication
Redirect TCP to SSL            (Applies to Web Site only) Choose one:
                                Yes -- To require clients and servers to use the
                               SSL protocol to access the Web site
                                No -- To allow clients and servers to use SSL or
                               TCP/IP to access the Web site
SSL Authentication
Anonymous                      (Applies to all Internet sites, except IMAP and
                               POP3) Choose one:
                                Yes -- To allow users access over the SSL port
                               without authenticating with a name and password
                                No -- To deny users anonymous access
Name & password                Choose one:
                                Yes -- To require a user to authenticate with
                               user name and Internet password in order to
                               access this site using SSL
                                No --To not require a name and password
Client name                    certificate (A pplies to Web Site, IMAP, POP3, and
                               LDAP) Choose one:
                                Yes -- To require a client certificate for access to
                               this site
                                No -- To not require a client certificate
SSL Options
Key file                       Enter the name of the server key ring file.
Protocol version               Choose one:
                                V2.0 only -- Allows only SSL 2.0 connections.
                                V3.0 handshake -- Attempts an SSL 3.0 connection. If
                               this fails and the requester detects SSL 2.0, attempts to
                               connect using SSL 2.0.
                                V3.0 only -- Allows only SSL 3.0 connections.
                                V3.0 with V2.0 handshake -- Attempts an SSL
                               handshake, which displays relevant error messages.
                               Makes an SSL 3.0 connection if possible.
                                Negotiated (default) -- Attempts an SSL 3.0
                               connection. If this fails, attempts to use SSL 2.0. Use
                               this setting unless you are having connection problems
                               caused by incompatible protocol versions.
Accept SSL site certificates   Choose one:
                                Yes -- To accept the certificate and use SSL , even if
                               the server does not have a certificate in common with
                               the protocol server
                                No (default) -- To prohibit the acceptance of SSL site
                               certificates for access
Check for CRLs                 Choose one:
                                Yes -- To check the certifier’s Certificate Revocation
                               List (CRL) for the user certificate you are attempting to
                               validate. If a valid CRL is found and the user certificate
                               is on the list, the user certificate is rejected.
                                No -- To not use Certificate Revocation Lists
Trust expired CRLs             Choose one:



                                                                                      78
                                                       Yes -- To use expired but otherwise valid Certificate
                                                      Revocation Lists when attempting to validate user
                                                      certificates
                                                       No -- To reject expired Certificate Revocation Lists
Allow CRL search to                                   Choose one:
                                                       Yes -- If the attempt to locate a valid Certificate
                                                      Revocation List fails, proceed as if ″Check for CRLs″ is
                                                      set to No.
                                                       No -- If a valid Certificate Revocation List for the user
                                                      certificate is not found, reject the certificate. If ″Trust
                                                      expired CRLs″ is set to Yes, an expired CRL is valid. If
                                                      ″Trust expired CRLs″ is set to No, the authentication will
                                                      fail for every user certificate for which a matching valid
                                                      CRL is not located.
SSL Security
SSL ciphers                                           Click Modify to change the SSL cipher settings for this
                                                      site document. These settings apply only to SSL v3.
                                                      SSL v2 ciphers cannot be changed.
Enable SSL V2                                         fail Choose Yes to enable SSL v2 for this site
                                                      document.

4. Save the document.

Enabling Internet Sites on a server
If you enable the use of Internet Sites on an IB M(R) Lotus(R) Domino(TM) server, the server obtains
Internet protocol configuration information from site documents. Comparable configuration settings in
the Server document are not used. If the use of Internet Sites is not enabled, comparable Server
document settings are used to obtain protocol configuration information. You can only use the Internet
Sites view for Domino servers.

Note: Each time you start or restart HTTP, a console message indicat es whet her the HTTP task is
using Internet Sites or the Server document (Web Server Configurations view) to obtain Internet
protocol configuration information.

To  enable Internet Sites on a server:
1.   Open the Server doc ument you want to edit, and click Edit Server.
2.   Click the Basics tab.
3.   In the Basics section, enable ″Loads Int ernet configurations from Server/Internet Sites
     documents.″
4. Save the document.
5. Restart the server.

Note: The HTTP task is backward-compatible with the Web Server Configurations view.


Starting and shutting down the Domino server
Start the IBM(R) Lotus(R) Domino(TM) server so users can access shared dat abases and obtain other
server services. Do not enter keystrokes or click the mouse while the Domino server is starting or
shutting down.

Note: If the server program is running, do not use CTRL+S to stop scrolling the console, because no
server services take place until you press a key to continue.


To start the server
Operating system                                      Action
Microsoft(R) Windows(R)                               Choose Start - Programs - Lotus Applications - Lotus
                                                      Domino Server.
UNIX(R)                                               Enter the path for the Domino program directory. For
                                                      example, if you installed Domino in the /opt directory,
                                                      enter: /opt/ibm/lotus/bin/server



                                                                                                                79
To shut down the server
Enter either exit or quit at the console. It may take ten seconds or more for the server to shut down


Starting Domino as an application or a Windows service
If you have installed IBM(R) Lot us(R) Domino(TM) as a Microsoft(R) Windows(R) service, when you
start the Domino server, a dialog box appears prompting you to specify whet her to start Domino as an
application or a Windows service.

1. On the Lotus Domino Server dialog box, choose one:
 Start Domino as a Windows service -- Starts the Domino server as a Windows service. Domino then
runs like any Windows service.
         – If you choose this option without selecting eit her of the check boxes, the next time you start
         Domino, this message displays ″Lotus Domino is installed as a Windows service.″ The dialog
         box does not display again.
         – If you choose this option and you select the ″Always start Domino as a service at system
startup,″ `       Domino always starts as a Windows service and this dialog box no longer appears at
start up.
          The ″Don’t ask me again″ check box does not apply to the ″Start Domino as a Windows
         service″ due to the way that Windows services work.
 Start Domino as a regular application -- Starts the Domino server as any application would be
started. This is the traditional method for starting and running the Domino server.
         – If you choose this option without selecting eit her of the check boxes on the dialog box, the
         next time Domino starts, you are prompted wit h this dialog box again.
         – If you choose this option and you select the ″Don’t ask me again″ check box, you are not
         prompted with this dialog box again and Domino always starts as an application.
         – If you choose this option and select the check box ″Always start Domino as a service at
         system startup″ Domino runs as an application during the current session. The next time you
         start the server, Domino runs as a Windows service.

2. Optionally, you can also choose neither of the following, one of the following, or both:
 Always start Domino as a service at system startup -- Select this check box if you want Domino to
always start as a Windows service. Once you select this option and click OK, you can not change your
selection using this dialog box.
 Don’t ask me again -- Select this check box if you do not want to be prompted again when the
Domino server starts. After you select this check box and click OK, you will not be able to res et your
selections using this dialog box.

3. Click OK.

When run as a Windows servic e, Domino runs as any other Windows services runs. Some of the
benefits associated with running Domino as a Windows service are listed below.
 If you select ″Automatic″ for starting services, Windows services are started when the system starts.
 Windows services can be controlled via the Windows service manager. The Windows service
manager can be used remotely.
 Services continue to run even when you log off the system.

Using instant me ssaging in the Domino Directory
The IBM(R) Lot us(R) Domino(TM) Directory is now ena bled for instant messaging, meaning that you
can conduct an online chat directly from the Domino Directory. The instant messaging Chat feature is
available only if you have a Sametime server, and only for Microsoft(R) Windows(R) versions of
IBM(R) Lotus(R) Domino(TM)/Notes. Chats are interactive, real-time text convers ations. From the
People document, Group document, and from the Domino Directory itself there is a Chat option in the
menu bar. You can perform these instant messaging activities:
 Click Chat and you can choose from the following options:
 Chat with -- Open a chat with the person whose name is currently selected in the open document or
directory.
 Add to Instant Contact List -- Add the selected person’s name to an instant messaging contact list
that you choose.




                                                                                                        80
 Show/ Hide Contact List -- Toggles between displaying the names in the contact list and hiding the
list.

Chapter 4. Setting Up and Using Domino Administration
Tools
This chapter explains how to install and navigate the IBM(R) Lot us(R) Domino(TM) Administrator. It
also includes information on setting up and using the IBM(R) Lotus(R) Domino(TM) Web
Administrator, which allows you to administer a Domino server using a browser.

Installing the Domino Administrator
When you install and set up an IBM(R) Lotus(R) Domino(TM) server, the Server Setup program does
not install the Domino Administrator, which is the administration client. You must run the Domino
Administrator client setup to install the Domino Administrator client. There are many ways to set up
your Administrator client installation. Do not install the Domino Administrator on the same system on
which you installed the Domino server. Doing so compromises Domino’s security and impairs server
performance. For more information on installing the Domino clients, including the Domino
Administrator, see the chapt er, ″Setting Up and Managing Not es Users.″

The Domino Administrator
The IBM(R) Lot us(R) Domino(TM) Administrator is the administration client for IBM(R) Lotus(R)
Notes(R) and Domino. You can us e the Domino Administrator to perform most administration tasks.
You can administer the Domino system using the local Domino Administrat or or using the IBM(R)
Lotus(R) Domino(TM) Web Administrator. Information about the Domino Administ rator in this section
includes:
 Domino Administrator installation
 Setting up and starting the Domino Administrator
 Selecting a server to administer in the Domino Administrat or
 Setting Domino Administrator preferences
 Navigating Domino Administrator
 How administrative tasks are organized on the Domino Administrator tabs

Note: The Domino Administrator client also offers Domino domain monitoring (DDM) which you can
use to view the overall status of multiple servers across one or more domains , and then us e the
information provided by DDM to quickly resolve problems. For more info rmation about Domino domain
monitoring, see the chapter ″Domino Domain Monitoring.″

Setting up the Domino Administrator
1. Make sure the IBM(R) Lotus(R) Domino(TM) server is running.
2. Start the Domino Administrator.
3. The first time you start the Domino Administrat or, a setup wizard starts. After you answer the
questions displayed by the setup wizard, the Domino Administrator client opens automatically.

Starting the Domino Administrator
There are several ways to start the IBM(R) Lotus(R) Domino(TM) Administrator.
1. Make sure the Domino server is running.
2. Do one:
 From the Microsoft(R) Windows ® control panel, click Start - Programs - Lotus Applications - Lotus
Domino Administrator.
 Click the Domino Administrat or icon on the desktop.
 From the IBM(R) Lotus(R) Notes(R) client, click the Domino Administrator bookmark button or
choose
File - Tools - Server Administration.

Navigating Domino Administrator
The user interfac e for the IBM(R) Lotus(R) Domino(TM) Administrator is divided into four panes.
Clicking in one pane dynamically updates information in other panes.



                                                                                                       81
Server pane
The server pane displays the servers in the domain, grouped in different views. For ex ample, you can
view all servers in the domain or view them by clusters or networks. To ″pin″ the server pane open,
click the pin icon at the top of the server pane.

Task pane
The tasks pane provides a logical grouping of administration tasks organized by tabs. Each tab
includes all the tasks associated with a specific area of administration. For example, to manage the
files located on a particular server, select a server and click the Files tab.

Results pane
The appearance of the results pane changes, based on the task you are performing. For example, the
results pane may display a list of files, as on the Files tab, or an active display of real -time processes
and statistics, as on the Server - Monitoring tab.


Tools pane
The tools pane provides additional functions associated with a selected tab. For example, from the
Files tab you can check disk space and perform tasks associated with files.

Window tabs
Use window tabs to switch from one open window to another in the Domino Administrator. E very time
you open a database or a document, a new window tab appears beneath the main menu bar.

Domains
You can access the servers in eac h domain that you administer. Click a domain to open the server
pane.

Bookmark bar
The Bookmark bar organizes bookmarks. Each icon on the Bookmark bar (running down the left edge
of the Domino Administrator window) opens a bookmark or a list of bookmarks, which can include
Web browser bookmarks.

Selecting a server to administer in the Domino Administrator
To administer a server, you select the server from a server list. You can have multiple server lists,
each of which is represented by a button. After you select a server, information a bout that server
appears in all the tabs.

Button                                                 Description
Favorites                                              Lists your ″favorite″ servers -- that is, those you
                                                       administer most frequently. To add a server to
                                                       Favorites, choose Administration - Add Server to
                                                       Favorites, and then specify the name of the server
                                                       to add.
Domain                                                 Lists all servers in a domain. You can also view
                                                       servers by hierarchy or by network.


To update a server list
The first time you start the IBM(R) Lotus(R) Domino(TM) Administrator, the system automatically
creates a server list, based on the domains listed in Administration P references. If you add new
servers to the list, choose Administration - Refresh Server List.

Preference                                             Description
Basics                                                  Select domains to administer
                                                        Add, edit, or delete domains
                                                        Set domain loc ation setting



                                                                                                         82
                                                      Select domain directory server
                                                      Specify Domino Administrator startup settings
                                                      Show Administrator home page
                                                      Refres h Server Bookmarks
Files                                                 Customize which columns appear on the Files
                                                     tab
                                                      Change the order in which columns appear
                                                      Limit the types of files that the Domino
                                                     Administrator retrieves
Monitoring                                            Configure global settings used to monitor the
                                                     server
                                                      Enable server health statistics and reports
Registration                                          Select global settings to use to register users,
                                                     servers, and certifiers
Statistics                                            Select global settings for statistic reporting and
                                                     charting
                                                      Enable statistic alarms while monitoring
                                                     statistics


Setting Basics preferences
To manage IBM(R) Lotus(R) Domino(TM) domains, set Basics preferences.
1. From the Domino Administrator, choose File - Preferences - Administration Preferences.
2. In the Basics section, under ″Manage these Domino Domains″ do one:
 Click New to add a domain, and then continue with Step 3.
 Click Edit to edit an existing domain, and then continue wit h Step 3.
 Click Delete to delete an existing domain3. Complete these fields:

Field                                                Action
Domain name                                          Enter the name of the domain to add, or edit an existing
                                                     name.
Domino directory servers for this domain             Enter one or more directory servers, separated by
                                                     commas, or edit the list. For example: Mail-
                                                     E/East/Acme Mail-W/West/Acme
What location settings do you want to use for this   Choose one:
domain?                                               Do not change location
                                                      Change to this location. Specify the location from
                                                     which you want to manage this domain.

4. Under Domino Administrator Startup Settings, complete these fields:

Field                                                Action
On startup                                           Do one:
                                                      Choose ″Don’t connect to any server″.
                                                      Choose ″Connect to last used server″.
                                                      Choose ″Connect to specific server″ and then specify
                                                     the startup domain and startup server.
Automatically run in live console mode:              Choose this option to open the Domino Administrator
                                                     client with a live server console window. Enter Domino
                                                     commands from this live console.
Open specific database(s):                           Click to open databases that you specify on a server
                                                     you specify when the Domino Administrator client is
                                                     started, and then complete these fields:
                                                      Database(s): -- By default, this field contains the
                                                     database file name for the Domino Domain Monitoring
                                                     database (DDM.NSF). To add additional databases,
                                                     enter the database file names, separated by commas
                                                      Server -- Specify the name of the server on which the
                                                     specified databases are stored.
Show Administrator Welcome Page                      Do one:



                                                                                                          83
                                                      Check this box to see the Welcome page each time
                                                     you start the Domino Administrator.
                                                      Uncheck this box if you do not want to see the
                                                     Welcome page.
Refresh Server Bookmarks on Startup                    Do one:
                                                        Check this box to update the server’s
                                                       bookmarks each time you start the Domino
                                                       Administrator. If you are using Domino and
                                                       IBM(R) DB2 Universal Database(TM) Enterprise
                                                       Server Edition, you check this box because server
                                                       bookmarks must be up-t o-date to allow all of the
                                                       Domino and DB 2 features to work correctly.
                                                        Uncheck this box if you do not want to refresh
                                                       the server’s bookmarks each time you start the
                                                       Domino Administrator.
5.   Click OK, or click Files to continue setting Administration Preferences.

Setting Files preferences
Setting Files preferences, you can customize which columns appear on the Files tab, change the order
in which columns display, and limit the types files the IBM(R) Lotus(R) Domino(TM) Administrator
retrieves. By default, the Files tab displays columns in this order:
 Title
 File Name
 Physical Path
 Files Format
 Size
 Out of Office
 Max Size
 Quota
 Warning
 Created
 Last Fixup
 Is Logged
 Template
 Out of Office
 Space Used

To set Files preferences
1. From the Domino Administrator, choose File - Preferences - Administration Preferences.
2. Click the Files section.
3. Do one:
 To add a column, select a column from the A vailable Columns list and click the right arrow to add it
to the ″Use these Columns″ list.
 To remove a column, select a column from the ″Use these Columns″ list and click the left arrow to
remove it from the list.
4. Click the up or down arrows to change the order of the columns in the ″Use these Columns″ list.
5. Check ″Retrieve only (NSF, NTF, BOX) Domino file types (faster)″ to limit the types of files
     retrieved. Uncheck this box to retrieve all file types.
6. Click OK or click Monitoring to continue setting Administration Preferences. For more information
     on setting Files preferences in the Web Administrator, see the topic ″Setting Files Preferences for
     the Web Administrat or″ later in this chapter.

Setting Monitoring preferences
You can use the default Monitoring preferences or customize them.
1. Choose File - Preferences - Administration Preferences.
2. Click Monitoring, and then complete the Global settings for Monitoring:




                                                                                                        84
Field                                                  Action
Do not keep more than <n> MB of monitoring data in     Enter the maximum amount of virtual memory, in MB,
memory (4 - 99MB)                                      used to store monitoring data. Default is 4.
Not responding status displayed after <n> minutes of   Enter the amount of time after which the ″not
inactivity                                             responding″ status displays. The default is 10 minutes.
Generate server health statistics and reporting        Select this option to include health statistics in charts
                                                       and reports.
                                                       Note : You must enable this option to use the Server
                                                       Health Monitor.

3. In the Location section, complete these fields:

Field                                                  Action
When using this location                               Choose the Location document.
Monitor servers                                        Do one:
                                                        Choose ″From this computer″ to monitor servers from
                                                       the local IBM(R) Lotus(R) Domino(TM) administration
                                                       client.
                                                        Choose ″From server″ and then click Collection
                                                       Server. Select the Domino server running the Collector
                                                       task for the servers being monitored by the location you
                                                       selected.
Poll server every <n> minutes (1-60 minutes)           Enter the server’s polling interval, in minutes.
                                                        If ″From this computer″ is selected, the default is 1
                                                       minute.
                                                        If ″From server″ is selected, the default is 5 minutes.
Automatically monitor servers at startup               Select this option to start the Domino Server Monitor
                                                       when you start the Domino Administrator.


Setting Registration preferences
Within the IBM(R) Lotus(R) Domino(TM) Administrator, you can set default registration preferences
that apply whenever you register new certifiers, servers, and users.
1. From the Domino Administrator, choose File - Preferences - Administration Preferences.
2. Click Registration.
3. Complete any of these fields:

Field                                                  Action
Registration Domain                                    Select a domain from the list. The registration
                                                       domain is the domain into which users and
                                                       servers are registered.
Create Notes IDs for new users                         Click to create a Not es ID for each new us er
                                                       during the registration process.
Certifier name list                                    Choose a certifier ID to use when creating the
                                                       user name during user registration when a Notes
                                                       user ID is not being created for the user. This field
                                                       appears if the check box ″Create a Notes ID for
                                                       this person″ is not selected. If you are working in a
                                                       hosted environment and are registering a user to
                                                       a hosted organization, be sure to register that
                                                       user with a certifier created for that hosted
                                                       organization.
Certifier ID                                           Do one:
                                                        Choose ″Certifier ID″ to use the certifier ID and
                                                       password. Then click Certifier ID, select the
                                                       certifier ID file, and click OK to select the certifier
                                                       ID us ed to register new certifiers, servers, and
                                                       users.
                                                        Choose ″Use CA Process″ to use the Domino
                                                       server-based certific ation authority.
Registration Server                                    Click Registration Server to change the



                                                                                                              85
                           registration server, which is the server that initially
                           stores the Person document until the Domino
                           Directory replicates. Select the server that
                           registers all new users, and then click OK. If you
                           do not explicitly define a registration server, it is,
                           by default:
                            The local server if it contains a Domino Directory
                            The server specified in NewUserServer setting
                           in the NOTES. INI file
                            The administration server
Explicit policy            If you already created explicit policies, select the
                           policy from the list. If you have not created explicit
                           policies, this field displays ″None A vailable.″
User Setup Profile         Select a profile. The default is none. You can
                           assign either a policy or a user setup profile, but
                           you cannot assign both to the same users.
Mail Options               Click Mail Options to display the Mail Registration
                           Options dialog box. Choose one of the following
                           and complete any required associated fields:
                            Lotus Notes (default) -- The Internet address is
                           automatically generated.
                            Other Internet -- The Internet password is set by
                           default during registration. Enter a forwarding e -
                           mail address.
                            POP -- The Internet address is automatically
                           generated during registration, and the Internet
                           password is set by default during registration.
                            IMAP -- The Internet address is automatically
                           generated during registration, and the Internet
                           password is set by default during registration.
                            Domino Web Access -- When you choose this
                           option, you are prompted as to whether you want
                           to set additional Domino Web Access settings.
                            Other -- Enter a forwarding e-mail address.
                            None

                           Note: If you select Other or Other Internet, you
                           will need to enter a forwarding address for the
                           user during user registration. The forwarding
                           address is the e-mail address to which the user
                           wants their mail sent.
User ID/Password Options   Click User ID/Password Options Settings to open
                           the Person ID File Settings dialog box. Do any of
                           these:
                            Person ID folder -- Choos e a folder or enter a
                           directory path in which to store the ID files
                           generated for this user during registration.
                            Person password quality -- Set a new password
                           quality for the ID files that are generated for this
                           user during registration. The default for a user ID
                           is 8.
                            Public key specification -- The public key
                           specification that you use impacts when key
                           rollover is triggered. Key rollover is the process
                           used to update the set of Notes public and privat e
                           keys that is stored in user and server ID files.
                           Choose one: Compatible with all releases (630
                           bits), Compatible wit h Release 6 and later (1024
                           bits).



                                                                               86
                                                      Note: For information about the significance of the
                                                      public key specification and key rollover, see the
                                                      topic User and server key rollover.
                                                       License type -- Choose either North American
                                                      (default) or International. In practice, there is no
                                                      differenc e between a North American and an
                                                      International ID type.
Advanced Options                                      Click Advanc ed Options to open the Advanced
                                                      Person Registration Options dialog box on which
                                                      you can specify the following:
                                                       Whether to keep registered users in the
                                                      registration queue
                                                       Whether to attempt to register us ers with an
                                                      error status from a previous registration attempt
                                                       Whether to prompt for duplicate files
                                                       Whether to search all directories for duplicat e
                                                      names
                                                       Other registration settings
Server/ Certifier                                     Registration Click to open the Server Certifier ID
                                                      File Settings dialog box on which you can define
                                                      the directories in which to store certifier IDs and
                                                      server IDs and specify the default password
                                                      quality setting for each.

4.   Click OK. For more information a bout explicit policies, see the topic Organizational and explicit
     policies and for more information on Advanced Options, see the topic Using Advanced Not es user
     registration with the Domino Administrator.
Setting Statistics preferences
You set statistics preferenc es to enable statistics reporting and statistics charting. The Statistics
section in Administration preferences is also where you specify the polling and reporting time interval
used for gathering and reporting statistics. You also enable statistic alarms for use with statistic event
generators. If you creat e statistics event generators to report alarms, you must enable statistics
alarms.

To set statistics preferences
1.   From the IBM(R) Lotus(R) Domino(TM) Administrator, choose File - Preferences - Administration
     Preferences.
2.   Click Statistics.
3.   Complete these fields:

Field                                                Action
Generat e statistic reports while monitoring or      Do one:
charting statistics                                   Enable the field and then specify, in minutes,
                                                     how often to create statistics reports in the
                                                     Monitoring Results database (S TA TREP.NSF).
                                                     Default is 45 minutes. The value must be greater
                                                     than the monitoring poll interval specified in the
                                                     Monitoring preferences.
                                                      Disable the field if you do not want to create
                                                     statistics reports or charts.
Check statistic alarms while monit oring or charting Do one:
statistics                                            Enable the field to report an alarm when a
                                                     statistic exceeds a threshold. You must enable
                                                     this field to generate a statistic events. Alarms are
                                                     reported to the Monit oring Results databas e
                                                     (STA TREP.NSF).
                                                      Disable the field if you do not want to generate
                                                     alarms.
Chart statistic using same poll interval as          Do one:



                                                                                                         87
monitoring                                           Enable the field to use the poll interval specified
                                                    in the Monitoring preferences.
                                                     Disable the field to set a charting int erval that is
                                                    different than the poll interval. Then specify a time
                                                    interval in which to chart statistics. The default is
                                                    20 seconds.

4. Click OK.

Tools and preferences for debugging in the Domino Administrator
The IBM(R) Lot us(R) Domino(TM) Administrator client offers several tools and one set of preferences
for debugging errors. From the Domino Administrator, choose Files - Tools and then choose one of
these:
 Debug LotusScript -- Enables LotusScript(R) debugging. When a check mark appears to the left of
the Debug LotusScript option, LotusScript debugging is enabled. For more information about
LotusScript debugging, see the IBM(R) Lot us(R) Domino(TM) Designer documentation, topic Using
the LotusScript Debugger.
 Remot e LotusScript Debugger -- Opens the Domino Debugger. The remote debugger allows
debugging of LotusScript agents running on remote servers. For more information about remote
debugging, see the Domino Designer documentation, topic Using the Remot e Debugger.
 Show Java Debug Console -- Opens the Java(TM) Debug Console window. For information about
the Java Debug Console, see the Domino Designer documentation, topics Writing Java in an agent,
Running a Java program, and other related topics.
 Java Debugging Preferences -- Opens the Java Debugging Preferences dialog box. For information,
see the topic Enabling Java Debugging.

Enabling Java Debugging
The Domino Administrat or supports Java debugging in the following contexts. Each context has its
own JVM. Only one user can debug at a time in each context.
 Foreground -- Java code that runs in the Domino Administrator client interactively, for example, an
agent triggered from the Actions menu.
 Background -- Java code that runs in the Domino Administrat or client under cont rol of the task
loader, for example, a locally scheduled agent.
 Web preview -- Java code being previewed in a browser through Domino Designer, for example, an
applet on a form. Java code from a script library runs in the context of the calling code.

To enable and disable Java debugging on the Domino Administrator
Java debugging is disabled by default.
1. From the Domino Administrator, choose Files - Tools - Java Debugging Preferences. The Java
    Debugging Preferences dialog box appears.
2. Do one or more of these:
 To enable foreground debugging, click Client Agents/Applets, and then specify a port number to
connect the IBM(R) Lot us(R) Notes(R) and debugger computers. Deselect to disable.
 To enable background debugging, click Locally Scheduled Agents, and then specify a port number
to connect the Notes and debugger computers. Deselect to disable.
 To enable Web preview debugging, click HTTP Preview, and then specify a port number to connect
the Domino Administrator client and debugger computers. Deselect to disable.

Note: Specifying a port number may require several attempts before you locate a free port.

If you change the foreground or background preference, the Domino Administrat or must be restarted.
If you change the Web preview preference, the pr eview must be restarted.




                                                                                                        88
Domino Administrator tabs
General administration tasks are organized by the tabs described in the following table. Click a tab to
display its contents, or use the Administration menu to navigate among the tabs. For example, to
move from the Files tab to the Replication tab, choose Administration - Replication.

Tab                                                     Use to administer

People & Groups                                         People-related IBM(R) Lotus(R) Domino(TM) Directory
                                                        items -- such as, Person documents, groups, mail-in
                                                        databases, and policies
Files                                                   Databases, templates, database links, and all other files
                                                        in the server’s data directory
Server tabs                                             Current server activity and tasks. This tab has five sub-
                                                        tabs: Status, Analysis, Monitoring, Statistics, and
                                                        Performance.
Messaging                                               Mail-related information. This tab has two sub-tabs: Mail
                                                        and Tracking Center.
Replication                                             Replication schedule, topology, and events
Configuration                                           All server configuration documents -- such as, the
                                                        Server, Messaging Settings, Configuration Settings,
                                                        and Server Connections documents.


People and Groups tab in the Domino Administrator
From the People and Groups tab, you perform these tasks to manage the IBM(R) Lotus(R)
Domino(TM) Directory:
 Register new users and groups
 Manage existing users, groups, mail-in databases, and other resources
 Assign policies to users and groups
 Assign roaming options and Internet settings to users
 Access the Tools panel from which you can access numerous features for managing users and
groups

Files tab in the Domino Administrator
From the Files tab, you perform these tasks to manage database folders and links:
 Access a folder and one or more files inside the folder
 Select the type of files to display -- for example, display only databases or only templates
 Move or copy a database by dragging it onto an IBM(R) Lotus(R) Domino(TM) server on the
bookmark bar
 View out of office status, that is, who is using the out of office service and is currently out of the
office. the Out of Office column contains a Yes for those users.
 Manage databases -- for example, compact databases and manage A CLs
 View disk size and free spac e on the C drive

Server tabs in the Domino Administrator
There are five Server tabs: Status, Analysis, Monitoring, Statistics, and Performa nce.

Status
From the Status tab, you can:
 See which server tasks are running, stop or restart them, or start new tasks
 See who is connected to the server, including IBM(R) Lotus(R) Notes(R) users, browser and e -mail
clients
 See which Notes dat abas es are currently in use
 Access the live remote console of the server
 Monitor the schedule of programs, agents, mail routing and replication
 Access the Tools panel from which you can access server status related tools.

Analysis
From the Analysis tab, you can:



                                                                                                              89
 View, search, and analyze the log file (LOG. NSF)
 Access the database catalog on the server
 Access the Monitoring Results database (S TA TREP.NSF)
 Manage Administration Process requests
 Access the Tools panel from which you can find a specific server, review activity data and access
other server analysis related tools.

Monitoring
From the Monitoring tab, you can:
 Check the status of IBM(R) Lotus(R) Domino(TM) servers
 Check server availability and sort servers by state or timeline
 View the current status of tasks running on eac h server and view selected statistics
 Monitor server health status and access server health reports

Statistics
From the Statistics tab, you can see the real -time statistics for the current status of the Domino
system.

Performance
From the Performance tab, you can:
 View statistic charts for server performance in real time
 Chart historical server performance over a selected period of time
 Manage server activity trends
 Perform resource load-balancing among servers

Messaging tabs in the Domino Admini strator
There are two messaging tabs.

Mail
From the Mail tab, you can:
 Manage the mailboxes on the server
 Check mail
 Manage shared mail
 View mail routing status
 Monitor the log file for routing-related events
 Run reports on messaging us e
 Access the Tools panel from which you can access additional Messaging features such as stopping
and starting the router

Tracking Center
From the Tracking Cent er tab, you can issue tracking requests to track messages. You must enable
the Tracking Center tab in the IBM(R) Lotus(R) Domino(TM) Web A dministrator. For more information
on enabling the Tracking Center for the Web A dministration, see the topic ″Message-tracking in the
Web Administrator″ later in this chapter.

Replication tab in the Domino Administrator
From the Replication tab, you can:
 View the server replication schedule
 Check the log file for replication events
 View replication topology maps related to the server

Configuration tab in the Domino Administrator
From the Configuration tab, you can configure all server options, settings, and configurations for
various subsystems including:
 Security
 Monitoring
 Messaging



                                                                                                      90
 Policies
 Replication
 Directory services
 Off-line services You can also access a Tools panel from whic h you can access numerous server-
related features such as server registration, setting up ports, secuting the console and numerous other
features.
Domino Admini strator tool s
Most tabs on the IBM(R) Lotus(R) Domino(TM) Administrator include a set of tools that change based
on the selected tab. For example, the People and Groups tab includes two tools: one for managing
people and one for managing groups. To hide or show the Tools panel, click the triangle. To choose a
specific tool, click the triangle to expand or collapse the tools options. Hiding tools on one tab does not
hide tools on other tabs. You can also access tools using:
 Right click -- Select an object that has an associated tool and right click. For example, on the People
& Groups tab, right-click a Person document to access the People tools.
 Menus -- For each tab that has tools, the appropriate tools menu appears in the menu bar. For
example, when you click the Files tab, the Files menu appears.

The following table describes the tools that are on each tab.

Tab                                                   Tool s
People & Groups                                       People
                                                       Groups
Files                                                  Disk Space
                                                       Folder
                                                       Database
                                                       DB2 Groups
Server - Status                                        Task
                                                       User
                                                       Ports
                                                       Server
Server - Analysis                                      Analyze
Messaging                                              Messaging
Configuration                                          Certification
                                                       Registration
                                                       Policies
                                                       Hosted Org
                                                       Server
                                                       DB2 Server

Web browser requirement
The IBM Lotus Domino 8 Web Administrat or works with the following brows ers:
 Microsoft Internet Explorer 6.x and 7.x (on Microsoft(R) Windows(R) plat forms only)
 Mozilla Navigator 1.4x and higher
 Mozilla Firefox 1.0x, 1.5x and 2. 0x For the most current information about supported browsers, see
the Release Notes.

Domino server tasks required
You must have the following Domino server tasks running:
 The Administration Process (AdminP) server task must be running on the Web A dministrator server.
 The Certificat e Authority (CA) process must be running on the Domino server that has the Issued
Certificate List database on it to register users or servers.
 The HTTP task must be running on the Web server so that you can use a browser to access it.

To set up the Web Administrator
1.   Make sure that the server you want to administer is set up as a Domino Web server and that it is
     running the HTTP task. The Domino Web server does not have to be a dedicat ed server, you can




                                                                                                        91
     use it for other server tasks, such as mail routing and directory services. You can adminis ter only
     the servers you set up as Domino Web servers.
2.   Set up administrator access to the Web Administrator database (WEBADMIN. NSF). For more
     information on setting up the Domino Web server, see the chapter ″Setting Up the Domino Web
     Server.″


Setting up access to the Web Administrator database
IBM(R) Lotus(R) Domino(TM) aut omatically sets up default dat abas e security when the IBM(R)
Lotus(R) Domino(TM) Web Administrator database (WEBADMIN.NSF) is created for the first time. At
that time, all names listed in either the Full Access Administrators or Administrators fields of the Server
document are given Manager access with all roles to the Web Administrator database. In addition, the
HTTP server task periodically (about every 20 minutes) updates the Web Administrator database ACL
with names that have been added to the Server document in either the Full Access Administrators or
Administrators fields, but only if the names are not already on the ACL list. For more information on
how the HTTP server task synchronizes names in the Server document wit h those on the Web
Administrator database ACL, see ″Giving additional administrators access to the Web Administrator,″
later in this chapter.

Default database security
The default ACL settings for the Web Administrat or database are listed below. You do not need to
change these settings if the administrator’s name appears in the Administrators field of the Server
document.

Access control list

Default name                                          Acce ss level
User and group names listed in either of these        Manager with all roles
fields on the Server doc ument:
 Full Access Administrators
 Administrators
The name of the server Manager                        Manager
-Default-                                             No access
Anonymous                                             No access
OtherDomainS ervers                                   No access

Authenticating administrators
You can use either an Internet password or an SSL client certificate to access the Web Administrator.
The Web Administrator uses either name -and-password or SSL authentication to verify your identity.
The method the Web Administrator uses depends on whether you set up the server or the Domino
Web Administrator database (WEBADMIN.NSF), or bot h to require name-and-password or SSL
authentication.

To access the Web Administrator database, you must have name -and-password authentication or
SSL client authentication set up on the server. Name -and-password authentication is enabled for the
HTTP protocol by default.

To use name-and-password authentication, you must have an Int ernet password in your Person
document. To use SSL client authentication, you must have a client certificate, and SSL must be set
up on the server.

For more information, see the chapters ″Setting up Name-and-Password and Anonymous Access to
Domino Servers,″ ″Setting up Clients for S/MIME and SSL,″ and ″Setting up SSL on a Domino S erver.″


Giving additional administrators access to the Web Administrator
You can use the Server document as a convenient way to give additional administrators access to the
IBM(R) Lotus(R) Domino(TM) Web Administrator. To add an administrator to the Web Administrator
database (WEBADMIN. NSF) ACL, simply add the name to either the ″Full Access Administrators″ or



                                                                                                        92
″Administrators″ field of the Server doc ument. The HTTP server task routinely synchronizes the names
listed in those fields of the Web Server document with those listed on the Web Administration
database ACL. Names that are not already listed in the ACL are added with Manager access and all
roles. Names that are already listed in the ACL, keep the access granted to them in the ACL. This
preserves custom ACL settings, such as limiting the ACL roles of a particular administrator, from being
overwritten. It also allows you to restrict administrators from using the Web Administrator, even though
they are listed as administrator in the server document. If you delete an administrator’s name from the
Server document, the name is also deleted from the Web Administrator database ACL aut omatically at
the next synchronization.

You can also give administrators access to the Web Administrator manually by adding them directly to
the Domino Web Administrator database ACL. You can give an administrator full or partial access by
restricting the roles assigned. The role assigned to an administrator determines which commands are
available to the administrator, and which tabs appear in the Web Administrat or client. You cannot
restrict roles when you add administrator access to the Web Administrat or using the Server document.
If you add a name using the server document, you must manually restrict access to the web
Administrator through the Domino Web Administrator dat abase A CL. To prevent an administrator from
access, assign No access in the ACL.

For more information on Web A dministrator roles, see the topic ″Administrator Roles in the Web
Administrator″ later in this chapter.

To update access to the Web Administrator database automatically
1.  From the IBM(R) Lotus(R) Domino(TM) Administrator, click the Configuration tab.
2. Select the Server view, and open the Current Server Document for the Web Administration server.
3. Select the Security tab.
4. In one of these fields, enter the name of the administrator to whom you want to give access to the
    Web Administrator:
 Full Access Administrators
 Administrators
5. Click Save & Close

To update the Web Administrator database ACL list manually
You can manually add an administrator to the Web Administrator dat abase A CL list.
1. From the browser using the Web Administrator, click the Files tab.
2. Select the Web Administrator database (WEBADMIN.NSF).
3. From the Tools menu, select Database - Manage ACL.
4. Click Add and add the administrator or group name to the ACL of the Web Administrat or
   database.
5. In the Access field, select Manager.
6. Assign the roles. Assigned roles determine which commands and tabs appear in the Web
   Administrator.

Tip: To select more than one role, hold down the Shift or Control key while selecting roles. Selected
roles appear highlighted.

7. Do one of the following:
 If the server requires name-and-password authentication, edit each administrator’s Person document
and enter an Internet password.
 If the server requires SSL client authentication, set up the browser for SSL. For more information on
Managing ACL roles, see the chapter ″Controlling User Access to Domino Databases.″ For more
information on SSL authentication, see the chapter ″Setting Up Clients for S/MIME and SSL.

Administrator roles in the Web Administrator
By default, the ACL gives Manager access and all roles to users named in the Administrators and Full
Access Administrators fields on the Server document. However, you can restrict a Web administrator’s
access to parts of the IBM(R) Lotus (R) Domino(TM) Administrator by limiting the assigned roles. Each
role has a corresponding tab and associated commands. When you restrict access, you also restrict
which tabs appear in the IBM(R) Lotus(R) Domino(TM) Web Administrator. For example, if you assign



                                                                                                        93
only the People&Groups role to a Web Administrator, the People & Groups tab is the only tab that
appears when that administrator uses the Web Administrator. The following table shows the roles that
have been predefined for the Domino Web Administrator.

Role                                                  Tab
Files                                                 Files
People&Groups                                         People & Groups
Replication                                           Replication
Configuration                                         Configuration
Mail                                                  Messaging - Mail
MsgTracking                                           Messaging - Tracking Center
ServerStatus                                          Server - Status
ServerA nalysis                                       Server - Analysis
ServerStatistic                                       Server - Statistic

To restrict a Web administrator’s access, use the Manage A CL tool on the Files tab. For more
information on managing ACL roles, see the chapter ″ Cont rolling User Access to Domino Databas es.″

Starting the Web Administrator
When you start the IBM(R) Lot us(R) Domino(TM) Web Administrat or, it displays the server’s
administration homepage (information about the server and the administrat or using the server). It does
not automatically open to a tab, you must choose a tab to begin using the Web A dministrator. To
return to the server administration homepage at any time, click the top left server icon in the Web
Administrator bookmark bar.

To start the Web Administrator
1.   Start the HTTP task on the server if it is not already running.
2.   From the browser, enter the URL for the Web Administrator dat abas e on the server you want to
     administer. For example, enter: http://yourserver.domain.com /webadmin.nsf Or for SSL, enter:
     https://yourserver.domain.com /webadmin.nsf
3.   Enter your hierarchical, common name, or short name and your Internet password.
4.   Click one of the tabs to being using the Web Administrator.

Using the Web Administrator
The IBM(R) Lot us(R) Domino(TM) Web Administrat or is almost identical to the IBM(R) Lotus(R)
Domino(TM) Administrator with very few exceptions. The user interface looks the sam e, and most
menu options, dialog and information boxes are identical, although the Web Administrat or may
occasionally display additional information. For example, the Mail tab in the Web Administrator offers
additional mail specific statistics -- for example, Mail Routing Schedule, Mail Routing Statistics, and
Mail Retrieval Statistics. This information is available in the Domino Administrator; however, it is not
displayed the same way.

In addition, there is a new Task tool on the Replication and Mail - Messaging tabs. You can use this
tool to issue Tell commands, and to stop, start, and restart replication, rout er, and messaging tasks.

The Web Administrator includes most of the Domino Administrator functionality. However, the Domino
Server Monitor and performance charting are not available in the Web Administrator. And you can
restrict further which commands and tabs are available by restricting the roles assigned to an
administrator. Information on the availability of specific Web Administrator features and minor changes
to how you access a feature are documented throughout the Domino Administrator help
documentation.

Accessing online help
To access online documentation, use the Help button.




                                                                                                           94
Additional buttons
The Domino Web Administrator includes these buttons that appear at to the right of the tabs. These do
not appear in the Domino Administrator:
 Sign out -- Use this to log out when you cannot or do not want to close the browser.
 Preferences -- Use this to set Administration preferences.
 Help -- Use this to access on-line help documents for the Domino Administrator. The mail bookmark
displays in the bookmark area only if you have browsed to your home mail server.

Setting Files preferences for the Web Administrator
You can use the IBM(R) Lotus(R) Domino(TM) Web Administrator to set Files preferences.

Files preferences
By default, the Files tab in the IBM(R) Lotus(R) Domino(TM) Administrator displays information about
database files in the following order; however, you can customize which columns display in the Web
Administrator. The fewer columns you display, the faster the Files panel performs.
 Title
 File Name
 Physical Path
 File Format
 Size
 Space Used
 Max Size
 Quota
 Warning
 Created
 Last Fixup
 Is Logged
 Template Name
 Inherit From
 Type
 Replica ID
 Out of Office

To set Files preferences
By default, the Web Administrator displays all columns. You can add or delete columns from the
display. Select a column name from the ″Use these Columns″ list and then click Add or Remove.

Registering users and servers with the Web Administrator
To use the IBM(R) Lotus(R) Domino(TM) Web Administrator to register new IBM(R) Lotus(R) Notes(R)
users, you must use the IBM(R) Lotus(R) Domino(TM) server-based certification authority. Any
request or task that requires a certifier ID file -- for ex ample, migrate or modify ID -- is not available.

To use the Web Administrator to register users or servers, you must have Registration Authority (RA)
access in the server-based certification authority (CA ). The server that is running the Web
Administrator should also be listed as an RA but that role is not required for the server. If, however, the
server is not listed as an RA, the administrator that is an RA must open the Administration Requests
database and approve the administration request to register the user. You must assign the RA role in
the Domino Administrator, not in the Web Administrator. To assign the RA role, use the Modify
Certifier tool on the Configuration panel.

You cannot set registration preferences in the Web Administrator. You must use the registration
settings in the CA and in the Registration policy settings document.

In the Web Administrator, you cannot configure a server for SSL during the server registration
process.




                                                                                                         95
For more information about modifying certifiers, see the chapter ″Setting up a Domino Server -Based
Certification Aut hority.″ For more information about user registration in the W eb Administrator, and
about creating and modifying groups, see the chapter ″Setting Up and Managing Notes Users.″ For
more information about registering a server, see the chapter ″ Installing and Setting Up Domino
Servers.″

Managing policies with the Web Administrator
The Policy tools on the Configuration and People & Groups tabs in the IBM(R) Lotus(R) Domino(TM)
Administrator are not available in the IBM(R) Lotus(R) Domino(TM) Web Administrator. Therefore,
from the Web Administrator, you cannot use the P olicy Assign tool or the Policy Synopsis tool. If you
create policies before you register users, you can assign them to users and groups during user
registration. You can als o edit a IBM(R) Lotus (R) Not es(R) user’s Pers on document and manually
assign an explicit policy by specifying the name of the policy.

Working with policy documents
From the Web Administrator, you can use the Policies view in either the People & Groups or the
Configuration tab to add, edit, or delete policy documents. To add or delete policy documents, use the
buttons that display in the Results pane. In this view, the names of policy documents are links. To edit
one of these documents, click the link for the document you want to edit.

Using the Web A dministrator to delete policy documents is not recommended because doing so does
not initiate the Administration Process requests required to remove all references to the deleted
document from other policy documents.

If you use the Web Administrator to create a desktop policy settings document, you cannot add the
database links used to set up bookmarks or custom Welcome pages.

For more information about managing policies and policy documents, see the chapter ″ Using Policies.″

Using the Web Administrator consoles
The IBM(R) Lot us(R) Domino(TM) Web Administrat or includes two consoles, the Quick Cons ole and
the Live Console, which you access from the Server - Status tab. These consoles mirror the server
console on the Server Status tab of the IBM(R) Lotus(R) Domino(TM) Administrator.

Use the Live Console to send commands to a Web server running under a Server Cont roller. You can
send Controller and shell commands, as well as Domino server commands. To use the Live Console,
you must install Java(TM) Plug-in 1.4 or higher and enable it in your Web browser.
Use the Quick Console to send commands to a Web server that does not run under a Server
Cont roller. Or use it if you are unable to install or use the Java(TM) Plug -in in your browser.

For more information on using the console in the Web Administrator to send commands, see the topic
″The Server Controller and the Domino Console,″ later in this chapter and the appendix ″Server
Commands.″

Message tracking in the Web Administrator
To use the IBM(R) Lotus(R) Domino(TM) Web Administrator to trace messages, you must first enable
message tracking.

To enable message tracking
1.   From the Web Administrator, click the Configuration tab.
2.   Open the Messaging view, and select Settings.
3.   Click Edit Message Settings.
4.   Select the Message Tracking tab.
5.   Under Basics, in the Message tracking field, select Enabled. The default is Disabled.
6.   Under Access Settings, complete these fields:




                                                                                                         96
Field                                                Action
Allowed to track messages                            Select both of these:
                                                      Your name
                                                      LocalDomainServers
Allowed to track subjects                            Select your name from the list

7.   Click Save & Close.

Editing the NOTES.INI file and cleanup script in the Web
Administrator
You must be a Full Access Administrator to edit the NOTES. INI file. You must have Administrator
access or higher to view the NOTES.INI file, or to edit or view the cleanup script. For more information
on editing the NOTES.INI file, see the appendix ″NOTES.INI File.″

Signing out of the Web Administrator
When you finish using the IBM(R) Lotus(R) Domino(TM) Web Administrator, close the browser to end
the session or click Sign out to end the session and clear your user nam e and password credentials so
that unauthorized users cannot access the browser while the Web Administrator is still running.

The Server Controller and the Domino Console
The Server Controller is a Java(TM) based program that controls an IBM(R) Lotus(R) Domino(TM)
server. Starting the Server Controller starts the Domino server it controls. When a server runs under a
Server Cont roller, you can send operating system commands (shell commands), Controller
commands, and Domino server commands to the Server Co ntroller. For ex ample, from a remote
console, you can use Controller commands to kill Domino processes on a server that is hung or to
start a Domino server that is down.

You can use the Domino Console, a Java -based cons ole, to communicate with a Server C ontroller.
You can run the Domino Console on any platform except Apple Macintosh. Using the Domino
Cons ole, you can send commands to multiple servers. The Domino Console doesn’t require a Notes
ID, only a Domino Internet name and password, so you can connect to servers certified by different
certifiers without having multiple Notes IDs or cross -certificates. You can customize output to the
Domino Console -- for example, use local event filters to specify the types of events the Console
displays. You can also log server output to log files and customize the appearance of the Console.

The Domino Console functions strictly as a server console. Consequently, the Domino Console
doesn’t include the full set of Domino administration features that are available through the Domino
Administrator and the IBM(R) Lotus (R) Domino(TM) Web Administrator, and you can’t use it to open
and manage IBM(R) Lotus(R) Notes(R) databases.

The files needed to run the Server Controller and to run the Domino Console are provided with
Domino and Notes.

You can also use remot e consoles in the Domino Administrator and Web Administrator to
communicate with a Server Controller.

For information on the available Controller commands and on using the Domino Administrator or Web
Administrator to communicate with a Controller, see the appendix ″Server Commands.″

Starting and stopping the Server Controller
Do the following to start the Server Controller, the IBM(R) Lotus(R) Domino(TM) server, and the
Domino Console:
1. Shut down the Domino server, if it is running.
2. Start the Server Controller using the same command you normally use to start the Domino server
    but append the argument -jc. For example, if you run a server on Micros oft(R) Windows(R) XP
    from the directory c:\lotus\domino using a shortcut icon on the Desktop, use the following target for
    the shortcut: c:\lotus\domin\nserver.exe -jc




                                                                                                       97
The Server Controller runs in its own window. You can minimize a S erver Controller window, but do
not close or kill the window to stop the Server Controller. Instead, use the Controller Quit command
from a console to stop a Server Controller and the server it controls.

When you run a Server Controller, you no longer have access to the traditional console at the server.
You can communicate only through the Domino Console or a console in the Domino Administrator or
Web Administrator.

Optional arguments to use when running the Server Controller
Starting the Server Cont roller using only the argument -jc starts the Domino Server and the Domino
Cons ole along with the Server Controller. There are two optional arguments you can specify to change
this default behavior: -c and -s.

Use -c to prevent the Domino Console from running when you start the Server Controller. You might
prevent the Console from running on a slow machine or a machine that is low on memory. If you use
this argument and the Domino server ID requires a password, the Domino server starts without
running its server tasks. To run the server tasks, you must connect to the Server Controller from a
console and specify the server password when prompted.

Use -s to prevent the server from running when you start the Server Controller. Us e this argument
along with -c so that someone who is directly at the server can start only the Server Controller, and
then a remote administrator can start the server and specify a required server password remotely from
a console.

Example                                              Result
nserver -jc                                          Runs the Server Controller, the server, and the Domino
                                                     Console
nserver -jc -c                                       Runs the Server Controller and the server
nserver -jc -s                                       Runs the Server Controller and the Domino Console
nserver -jc -c -s                                    Runs only the Server Controller


Starting and stopping the Domino Console
You can run the IBM(R) Lotus(R) Domino(TM) Console from any machine on whic h a Dom ino server
or the Domino Administrator is installed. To use the Domino Console to communicate with a Domino
server, the server must be running under a Server Controller.

To start the Domino Console
1.   Make sure that the Domino server or the Domino Administ rator is installed on the machine.
2.   Run the following command directly from the program directory, or from a directory path that
     points to the program directory:
jconsole
Note: The Domino Console also starts by default when you start a Server Controller. For information
on using the Domino Console, choose Help - Help Topics from the Domino Console menu.

To stop the Domino Console
1.  From the Domino Console, choose File - Exit.
2.  If the Console is currently connected to a Server Controller, when you see the prompt ″Exiting the
    Cons ole by disconnecting all active connections. Do you want to continue?″ do the following:
a. (Optional) To also stop a Domino server and Domino Server Controller running locally, select the
    option ″Also, bring down Domino (if running) and quit the local Server Controller - local server
    name.
b. Click Yes.


Chapter 5. Planning for Notes client installation and
upgrade
This section describes how to plan for, install, upgrade to, and configure the IBM(R) Lotus(R) Notes(R)
client, including the Lotus Notes pre-installation checklist and installation documentation roadmap.




                                                                                                        98
Products to install and order of installation
The following information lists the servers and products you need to install to use IBM(R) Lotus (R)
Notes(R).

Servers to install
1.   IBM(R) Lotus(R) Domino(TM) server.
2.   (Optional) IBM(R) DB2(R) running with a Domino 8 server. Required if you want to create and use
     DB2 enabled Lotus Notes databases.
3.   (Optional) IBM(R) Lotus(R) Sametime(R) server. Required if you want awarenes s and chat in the
     Lotus Not es client.
4.   (Optional) Lotus Connections Server. Required if you want to use Activities from within the Lotus
     Notes client. For information, see the Lotus Connections documentation.
5.   (Optional) IBM(R) WebSphere(R) Portal server. Required if you want to use composite
     applications that contain portlets. (Optional configuration) To use the Portal administrative user
     interface on the Port al server to administer both Domino and WebSphere Portal, configure
     Domino and Port al server federated administration. For information, see the topics ″Running the
     Domino-P ortal integration wizard″ and ″Configuring Domino and P ortal Server federated
     administration.″

Note: (Optional) Install WebSphere Portal composite application support for Lotus Notes, previously
named ″Notes server client installer″ on the WebSphere Port al server. This is required in order to work
with composite applications that contain portlets or to edit portlets using the Composite Application
Editor.

Clients to install
1.   Lotus notes 8.5. This provides Mail, Calendar, Contacts, and options including IBM(R) Lotus(R)
     Productivity Tools, Composite Application Edit or, Activities, and IBM(R) Lotus(R) Sametime(R)
     (integrated).

Note: For Microsoft(R) Windows(R) users, if Lot us Notes version 6.5.x or 7.x is detected on the client,
the installation program will upgrade it to Lotus notes 8.5.

Note: For Linux(R) users, upgrade from Lotus Notes version 7.x is not supported. Linux users should
uninstall their existing Lotus Notes version a nd then install Lotus not es 8.5. For Windows multi-us er
installation, the Lotus Notes client-only is available in the Not es.msi.w32 installation media kit. For
Windows single user installation, the Lotus Notes, IBM(R) Lotus(R) Domino(TM) Administrator and
IBM(R) Lotus(R) Domino(TM) Designer clients are available in the AllClient.msi.w32 installation media
kit.

For Linux, the Lotus Notes client-only is available in the Notes.ismp.linux installation media kit.
2. (Optional) Domino Administrator and Domino Designer. For Windows single user installation, the
Domino Administrator client and Domino Designer client are available, along wit h the Lotus Notes
client, in the AllClient.msi.w32 installation media kit.

Lotus Notes installation documentation roadmap
You can find information and instructions for IBM(R) Lotus(R) Notes(R) administration, installation, and
configuration using the following pointers. v For suggested hardware and software requirements, see
the self-titled sections of the current release notes. v For IBM(R) Lotus(R) Domino(TM) server
installation and setup, see this Domino Administrator help.

Note: This Domino Administrat or doc umentation cont ains information regarding setting up and using
Domino and IBM(R) DB 2(R). Information about the DB2 server is located in the DB2 Information
Cent er at http://publib.boulder.ibm.com/infocenter/db2luw/ v8/index.jsp.

 For IBM(R) Lotus(R) Domino(TM) Designer and LotusScript requirements, especially relative to
composite applications, see the Lotus Domino Designer help at http://www.lotus.com/doc. In addition,
see the following information on developing application components on supported platforms:



                                                                                                       99
–   Lotus Not es component and application development -- See the ″Application Design″ section of
    the Domino Designer help.
–   Eclipse component and application development -- See the Eclipse Integrat ed Developer
    Environment (IDE ) help system as well as document ation supplied with IBM(R) WebSphere(R)
    Portal and the Lotus Expeditor toolkit.
–   Composite applications developed and used with WebS phere Portal -- See the ″Composite
    applications″ section of the documentation supplied with IBM WebSphere Portal.
–   Composite applications developed with IBM Lotus Component Designer -- See the ″Composite
    applications″ section in the Lotus Component Designer User Guide, available in the product help.
–   Composite Application Editor -- See the help supplied with the Composite Application Editor. The
    Composite Applications Editor can be installed during Lotus Notes installation.
–   Portal Application Template Editor -- See the documentation supplied with WebSphere Portal.
–   Wiring Properties Editor -- This composite applications wiring properties editor is installed with
    Domino Designer and is documented in the Domino Designer help. It is also available in IBM(R)
    Lotus(R) Component Designer help.

 For information about the IBM(R) Lotus (R) Expeditor runtime environment, as well as feature install
and upgrade, see the Lotus Expeditor information cent er at
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r1/topic/com.ibm.help.ic.doc/wed_welcome_ic.html.
Look for updates to this content as future Expeditor information centers become available.
 For IBM WebS phere Portal server and IBM WebS phere Application server installation and setup,
see the information center at
http://publib.boulder.ibm.com/infocenter/wpdoc/ v6r0/topic/com.ibm.wp.ent.doc/wpf/ welcome.html.
Look for updates to this content as future Expeditor information centers become available.
 For Sametime server setup, see the Sametime server installation documentation.

Lotus Notes pre-installation checklist
This IBM(R) Lotus(R) Notes(R) releas e includes both new and familiar functionality for mail, calendar,
and cont acts, with a new user interface capable of operating within a combination IBM(R) Lotus (R)
Domino(TM) server and IBM(R) WebSphere(R) Portal server deployment. It includes the optional
installation of the Composite Applications Editor, IBM(R) Lotus(R) Productivity Tools, Activities, IBM(R)
Lotus(R) Sametime(R) (integrated), and any custom or third-party Eclipse features that you choose to
add. This checklist lists the main steps you need to complete, or at least consider, before installing or
upgrading to this Lotus Notes release.
1. Check the recommended software and hardware specifications for the systems on which you or
    your users will be installing. See the hardware and software requirements section of the releas e
    notes for det ails.
2. Read the topic Products to install and order of installation.
3. Read the topic Considerations before installing Notes on Windows or Considerations before
    installing Notes on Linux.
4. Determine how you want to install. For example, will users install the client themselves using an
    installation kit or a Smart Upgrade procedure, will you install a multi-user or single user
    environment, and if installing on Microsoft(R) Windows(R), will you use the Notes -only installer or
    the Allclient (Lotus Notes, Domino Administrator and Domino Designer clients) installer.
5. Familiarize yourself with installation and upgrad e basics as present ed in the ″Notes client
    installation and Smart Upgrade″ section of this guide.
6. Install or upgrade your Lotus Domino server.
7. (Optional) If you are installing IBM(R) DB2, see the release notes ″Domino and DB2 supported
    platforms and hardware and software requirements,″ ″Installing Domino and DB 2 on Micros oft
    Windows platforms″ and ″Installing Domino and DB 2 on IBM(R) A IX(R) and Linux(R) platforms.″
8. Set Domino administrator settings for your users.
9. (Optional) Install or upgrade your Acti vities server if you will be enabling users to creat e, edit, or
    view activity documents from Lotus Notes. For Activities server setup, see the IBM(R) Lotus(R)
    Connections documentation.
10. (Optional) Install or upgrade your IBM WebSphere Portal server if you will be enabling users to
    create, edit, or view composite applications that contain portlets. See the WebSphere Port al
    information center http://publib. boulder.ibm.com/infocent er/wpdoc/ v6r0/index.jsp.
11. (Optional) Create a Home Portal account for your Lotus Notes users that specifies information
    such as their default WebSphere Portal server name, port, and authentication information.




                                                                                                       100
12. (Optional) Install the WebSphere Portal composite application support for Lotus Notes on the
    WebSphere Portal server if you will be enabling users to create, edit, or view composite
    applications that contain portlets.
13. (Optional) Use policy settings, NOTES.INI file settings, and the Lotus Notes tuner to specify
    available user settings.
14. (Optional) Modify the Lotus Notes install media kit’s install manifest (deploy\install.xml) and zipped
    update site (deploy\updateSite.zip, including the site index file SITE. XML) to specify which Lot us
    Notes features users can install and optionally how and if those features will appear on the Lo tus
    Notes feature installation panel.
15. (Optional) If you have custom or third -party Eclipse components to install with Lotus Notes, modify
    the Lotus Notes install media kit’s install manifest (deploy \install.xml) and zipped updat e site
    (deploy\updateSite.zip, including the site index file SITE. XML) to add these feat ures to the install
    kit.
16. Determine how you will make HTTP (Eclipse, non-Domino) and NRPC (Domino server-based)
    component and application updates available to Lotus Notes client systems.
17. Place the Lotus Notes installation media kit in an accessible location.
18. Uninstall any existing instance of Notes 8 Beta 1 or Beta 2 from the systems on which you will
    install this Lotus notes 8.5 release.

Note: You should not need to uninstall Lotus notes 8.5 Beta 3 prior to installing/upgrading to this Lotus
notes 8.5 release.

19. Shut down all applications before installing or upgrading to this release of Lotus Notes.
20. Install Lot us Notes on the user client systems or communicate to users how they are to install (or
    upgrade) Lotus Not es.

Considerations before installing Lotus Notes on Windows
Before installing IBM(R) Lot us(R) Not es(R) on a Microsoft(R) Windows(R) client, you should be
familiar with the following information. Mail, calendar, and contact features are installed with Lotus
Notes, including traditional Lotus Notes functionality. Additional features such as the IBM(R) Lotus(R)
Productivity Tools, Activities, IBM(R) Lotus(R) Sametime(R) (integrated), and the Composite
Application Editor can also be installed.

You can install Lotus Notes using the Notes-only kit or the Allclient kit. The Allclient kit includes IBM(R)
Lotus(R) Domino(TM) Designer and IBM(R) Lotus(R) Domino(TM) Administrator and is available for
single user installations. Lotus Notes is available as an install media kit. You can install Lotus Notes in
graphical mode, silent mode, and by using Smart Upgrade. The install media kit consists of the
following items:
 Installation program executable file (SE TUP.E XE)
 Zipped update site directory UPDA TES ITE. ZIP (contains Eclipse features folder, plugins folder and
SITE. XML file)
 Deploy directory (contains the Eclipse install manifest INS TALL. XML and
PLUGIN_CUS TOMIZA TION.INI)
 SETUP. INI
 Lotus notes 8.5.msi

If a Lotus Notes release 6.5.x or 7.x is detected on the client, the installation program will upgrade it to
the current Lotus Notes release. If you are running a version of Lotus Notes that was released prior to
Notes 6.5, upgrade to at least Lotus Notes 6.5 before installing and upgrading to this Lotus Notes
release. If an existing version of IBM Lotus Domino Designer or IBM Lotus Domino Administrator is
resident, you can choose to upgrade them using the Allclient installation media kit. Note that multi -user
does not support the Allclient installation program. The following information is useful when installing
or upgrading to Lotus Notes on a Windows client.

Note: See the requirements section of the release not es for the latest information on supported
hardware and software.
 You must be logged in as an administrative user or user with elevated privileges when you install
Lotus Not es multi-user. Aft er the product is installed, users can open and use Lotus Not es.
 Lotus notes 8.5 installation on Windows supports Microsoft(R) Windows(R) XP and Micros oft(R)
Windows (R) Vista.


                                                                                                        101
 You can install Lotus Notes on Windows in a single or multi -user environment.
 When installing Lotus Not es using the Windows Allclient kit, feature panel installation options are
available for installing or upgrading the Domino Designer and Domino Administrator clients.
 While a minimum of 512MB of memory is required, 1GB or more of memory is recommended. See
the ″Software requirements″ section of the release notes for details. A summary panel displays the
disk space footprint for what is being installed. Install also needs additional temporary disk space. The
temporary disk space required is almost as large as the footprint. If you do not have enough space for
the footprint and temporary space, the installer will stop you from continuing.
 Shut down all applications before installing Lotus Notes. No applications should be running when
you install Lotus Not es.
 If you have installed a Beta 1 or Beta 2 version of Lotus not es 8.5, uninstall it before installing this
release of Lotus not es 8.5. Upgrade from a Beta 1 or Bet a 2 version is not supported. You should not
need to uninstall Lotus notes 8.5 Beta 3 prior to installing and upgrading to this Lotus not es 8.5
release.

 Shared net work install is not supported in Lotus notes 8.5. Shared network install of Lotus notes 8.5
basic configuration remains available.
 Roaming user is not supported in Lotus Notes 8.5 Roaming user in Lotus Notes 8.5 basic
configuration remains available.
 Lotus notes 8.5 supports the English US OS locale only.
 IBM Lotus Productivity Tools support the English US OS locale only.
 The installation path cannot contain special characters such as # or $.
 Only one instance of Lotus Notes 8.5 should be installed on a client workstation at any given time.
 Once you click ″Install″ on the Lotus Not es 8.5 installation panel, allow the installat ion to complete.
Ending the Notes installation process prematurely can leave files in an unstable state, and may also
leave empty folders and miscellaneous files on your system.

Considerations before installing Notes on Linux
Before installing IBM(R) Lot us(R) Not es(R) on a Linux(R) client, you should be familiar with the
following information. Mail, calendar, and contact features are installed with Lotus Notes, including
traditional Lot us Notes functionality. Additional features such as the IBM(R) Lotus( R) Productivity
Tools, Activities, IBM(R) Lotus(R) Sametime(R) (integrat ed), and the Composite Application Editor can
also be installed. Upgrading an existing Lotus Notes 7.x installation to this Lotus Notes release is not
supported for Linux. Instead, uninstall the existing Lot us Notes version prior to installing this Lotus
Notes release on Linux. Lotus Notes is available as an install media kit. You can install Lotus Notes in
graphical mode, silent mode, and by using Smart Upgrade. The install media kit c onsists of the
following items:
 installation program exec utable file (set up.sh)
 deploy directory (contains the Eclipse install manifest INS TALL. XML and
PLUGIN_CUS TOMIZA TION.INI files)
 UPDA TES ITE.ZIP zipped updat e site directory (contains Eclipse features folder, plugins folder and
SITE. XML file)
 media.inf file

The following information is helpful when installing Lot us Notes on a Linux client:

Note: See the requirements section of the release not es for the latest information on supported
hardware and software.
 You must be logged in as a root user or switch user to root before installing Lotus Notes. After the
product is installed, non-root users can open and use Lotus Notes.
 Lotus Notes 8.5 installation on Linux supports RHEL 5 (AIGLX an d SELinux disabled) and SLE D 10
(XGL enabled or disabled).
 Before installing Lotus Notes on a Linux client, you must have Mozilla Firefox, version 1.5+ GTK 2
build, Mozilla Seamonk ey, or the Mozilla Runtime Environment, version 1.8+ GTK2 build, installed on
your system.

Note: The Notes client does not support the earlier Beta requirement of Mozilla 1. 7.12. See the ″Linux:
Mozilla-based browser required″ release note for details.
 You can install Lotus Notes on Linux in a multi-user environment. Single user install is not supported.


                                                                                                        102
 While a minimum of 512MB of memory is required, 1GB or more of memory is recommended. See
the ″Software requirements″ section of the release notes for details.
 When running Lot us notes 8.5 on a RHE L 5 Linux client, inc rease the shared memory size setting to
64MB before starting Lotus notes 8.5. The default RHEL 5 shared memory segment is 32MB; Lotus
notes 8.5 requires more than that.
 A summary panel displays the disk space footprint for what is being installed. Install also needs
additional temporary disk space. The temporary disk space required is almost as large as the footprint.
If you do not have enough spac e for the footprint and temporary space, the installer will stop you from
continuing.
 If you have installed a Beta 1 or Beta 2 version of Lotus not es 8.5, uninstall it before installing this
release of Lotus not es 8.5. Upgrade from a Beta 1 or Bet a 2 version is not supported. You should not
need to uninstall Lotus notes 8.5 Beta 3 prior to installing and upgrading to this Lotus not es 8.5
release.
 Shared net work install is not supported in Lotus notes 8.5. Shared network install of Lotus notes 8.5
basic configuration remains available.
 Roaming user is not supported in Lotus Notes 8.5. Roaming user in Lotus Not es 8.5 basic
configuration remains available.
 Lotus Notes 8.5 supports the English US OS locale only.
 IBM Lotus Productivity Tools support the English US OS locale only.
 The installation path cannot contain special characters such as # or $.
 Only one instance of Lotus Notes 8.5 should be installed on a client workstation at any given time.
 Once you click ″Install″ on the Lotus Not es 8.5 installation panel, allow the installation to complete.
Ending the Notes installation process prematurely can leave files in an unstable state, and may also
leave empty folders and miscellaneous files on your system.

Before you install Lotus Notes clients
Before you begin installing Lotus Notes clients, make sure that you or your users do the following:
 Read the release notes for information about soft ware and hardware requirements.
 Read the considerations section of the installation topics in this guide.
 To successfully install, upgrade, and use Lotus Notes, users must be allowed both Write and Modify
permissions to the Program directory, Dat a directory, and all associated subdirectories. Assign
appropriate access rights to your Notes client users.
 You must be logged in as an administrative or root user with administrative rights to the system.
 Windows users should log onto their computers wit h administrative rights to install or upgrade Lotus
Notes. For cases in which administrative rights are not available, enable the setting ″Always install
with elevated privileges.″ The setting ″Always install with elevat ed privileges″ is a Microsoft Windows
setting that is part of Micros oft Window’s User Policies. Refer to your Microsoft Windows
documentation for details.
 Options for installing the Lot us Notes client on Restricted or Standard/Power user computers are
described in the Micros oft Windows Installer documentation. Review the Microsoft Windows Inst aller
documentation as necessary.
 If you are upgrading Lotus Notes on a Macintos h OS X client, turn off all options in the Applic ation
Sharing tab of the Shared System Preferences panel to avoid any errors.


Creating a transform file
Creating a trans form file requires a third-party tool such as InstallShield Tuner OEM Edition. IBM(R)
Lotus(R) Domino(TM) contains an InstallShield Tuner for IBM(R) Lotus(R) Notes(R), that you can us e
with Domino to create a transform file for customizing the installation p rocess to add resources,
change defaults, or hide features.

Note: The version of InstallShield Tuner for Lotus Notes that is included with Domino works only with
Lotus Domino, not with other products. You can use transform files to set up shared and cust omized
installations. Access this Web site http://www.installshield.com for further information.

How to install the InstallShield Tuner for Lotus Notes
From the Lotus Domino installation CD, in the Apps/InstallShield Tuner for Lotus Notes directory, run
the setup file, SETUP.E XE.




                                                                                                       103
How to create a transform file
Use this procedure to creat e a trans form file with InstallShield Tuner for Lotus Not es. Users can then
apply the transform file when installing clients. For more information on shared installati ons, see the
topic ″Installing the Domino clients in a shared network directory″ in this chapter.

1. Invoke the InstallShield Tuner program and browse to locate the configuration file that has a .itw file
name extension. The .itw configuration file is located in the same directory with the Notes installation
that you want to configure.
2. Click Create a new transform file.
3. In the Select an MSI file field for the Microsoft(R) Windows(R) Installer Package option, select the
     msi file (Lot us Notes 8.5.msi).
4. In the New project name and location field for the Microsoft Windows Installer Trans form option,
     enter the custom transform name. Save the file to the same path on which the install kit resides.
5. Click Create.
6. Make any other desired modifications to the default settings provided.
7. Click Save. For more information on trans form files, see the topics ″Installation options available
     using the transform file″ and ″Using transform files for end-user installations″ in this chapter. After
     creating the trans form fil e, you apply the transform file to the installation process. The installation
     process then uses the values that you set in the trans form file in place of default values.

Using installation options with the transform file
Using a transform file, you can customize traditional aspects of IBM(R) Lot us(R) Notes(R) installation
for the users in your ent erprise.

Customizing the location of the install directories
Use this procedure to specify a location other than the default location in which to store the i nstallation
directories. When specifying directory names, use names that contain eight or fewer characters.
1. From Application Configuration, select Setup Properties.
2. Click Add/Remove Program Settings.
3. Change the PROGDIR property to the location in which you are storing the program files.
4. Change the DA TA DIR property to the location in whic h you are storing the data files. This is the
    new default data directory.

Setting the installation to multi-user by default
In a multi-user installation, the administrat or installs the IBM(R) Lotus(R) Domino(TM) program files to
a central location on the local system. Each user has their own data directory located in the system’s
application data directory for the current user.

Note: End-users must have Administrator rights to choose a multi-user installation and must only
install the Lotus Not es client. End-users must also have Administrat or rights to upgrade an existing
multi-user installation.
1. From Application Configuration, select Setup Properties.
2. Change the value in the ApplicationUsers property to AllUsers. By default the installation is now a
    multi-user installation. For more information on multi-user installation, see the topic ″Multi-user
    installations″ in this chapter.

Adding custom files to a client installation
To add custom files to a client installation, create a transform file.

Note: This customization option replaces the COPYFILE. TXT feature that was available in previous
releases of Lotus Domino.

1.   Copy the custom files to the install directory or place them in a directory within the install directory
     -- for example, <PathToI nstallKit>\AllClient\CopyFiles\custom.mdm.
2.   Click Target System Configuration - Files.
3.   In the top pane, click Browse and locate the source directory, which is the directory fr om which
     you are copying the custom files.
4.   In the bottom pane, select the destination directory, for example,
     ProgramFiles\Lotus\notes\Data\modems.



                                                                                                           104
5.   Drag and drop the custom file from the source directory to the destination directory.

Adding third-party Eclipse features and plug-ins to a Notes installation
You can add new and third-party features to the IBM(R) Lotus (R) Notes (R) client installation by editing
the install manifest INS TALL. XML, update site directory contents (UPDA TES ITE. ZIP features and
plug-ins subdirectories) and SITE. XML registry.

Applying NOTES.INI settings during Notes client installation
1.   Open the InstallShield Tuner for Lotus Not es.
2.   From the System Configuration section, click the IniFiles item in the System Configuration section.
3.   In the center pane, right click Destination Computer and then choose Show Folder - Program Files
     Folder.
4. Expand the P rogram Files Folder directory to access the Lotus \Notes folder
5. Right click the Notes folder and then choose the option, New Inifile.
6. Locate the default notes.ini file, INIFILE1. INI, that was created in the Not es folder. Rename this
     file with the name NOTES.INI.
7. Locate the default section, NewSection1, that was created for the NOTES.INI file. Rename the
     default section with the name Notes.
8. Select the Notes section and then modify these values that are located in the right -most pane of
     the tuner:
 In the column titled Key, locate New Key and modify the name using an appropriate value such as
ConfigFile.
 In the column titled Value, locate New Value and modify the name using an appropriate value such
as n:\config\setup.txt.
 Verify that the Action value is set to the default value, Add Line.
9. Locate the Additional Tools section, and then click the Direct Editor item in the Additional Tools
     section.
10. In the center pane, select the Component table, and then scroll down the component list until you
     locate CS T_COMPONE NT.
11. Change the value in the Directory_ column from NOTES to the new value VDIR_INI.
12. In the center pane, select the table, IniFile, and then scroll down the component list until you
     locate CS T_INIFILE.
13. Change the value in the DirProperty column from NOTES to the new value VDIR_INI.
14. Make other modifications if necessary.
15. Click Save.

Examples -- Applying scriptable setup using a transform file during
Notes client installation
You can apply NOTES. INI settings during a client install by using a trans form file. You can use this
example when setting up a trans form file that applies NOTES. INI settings during IBM(R) Lotus(R)
Notes(R) client installations.

Example 1 -- Including instant messaging parameters in a scriptable setup
You can include instant messaging information during a scriptable setup of Not es client. The scriptable
setup includes a setting that provides information to the Notes client setup wizard. In this example, add
the NOTES. INI setting, CONFIGFILE=, to point to a text (.txt) file that contains the parameters for the
Notes client setup wizard. The SETUP. TXT file can be placed on shared network resource or
distributed to individual workstations.

Note: If you decide that you want to distribute new or modified NOTES.INI settings using a transform
file, use the same method and steps that are explained in this example. In this example, you need to
complete these proc edures:
1. Create a SE TUP. TXT file.
2. To allow the new SE TUP. TXT file to be referenced, open the file, NOTES. INI, and add this setting:
     ConfigFile=\\PathToFile\Setup.txt
3.   Use the InstallShield Tuner for Lotus Notes to set up a transform file to distribute t he new
     ConfigFile= setting in the NOTES.INI file.
4.   After completing Steps 1, 2 and 3 above, proceed to the subtopic Using transform files for end -
     user installations right down this page.



                                                                                                         105
Creating the SETUP.TXT file
Create a SE TUP. TXT file using the parameters shown below. Save your file using the filename
SETUP.TXT.
 IM.server=S erverName1.domain.com
 IM.port=1533
 IM.ConnectWhen=0
 IM.Protocol= 0

For information about the scriptable setup parameters that you can use in a SE TUP. TXT file, see the
topic ″Setting up Not es with a scriptable setup″ in this chapter.

To distribute the CONFIGFILE= parameter to the NOTES.INI file, use the InstallShield Tuner for Lotus
Notes application to create a transform file (.MS T). The tuner is located in the \Apps directory on the
Lotus Not es installation CD.

Setting up the transform file to apply the modified NOTES.INI file
To set up the transform file to distribute the NOTES. INI settings, use the procedure in the topic
″Installation options available using the tr ansform file.″

Example 2 -- Disabling instant messaging using a scriptable setup
You can disable instant messaging during a scriptable install of the Notes client. To do so, you need to
complete these steps
1. Create a file, SETUP. TXT, that contains the following parameters and values:
 IM.Server=fakeservername
 IM.Port=80
 IM.Protocol= 1
2. Store the file SE TUP. TXT, on a shared net work resource or distribute the file to individual
    workstations
3. Add this setting to NOTES.INI file, ConfigFile=\\PathtoFile\SE TUP. TXT, indicating the file is on a
    shared net work drive.
4. To protect against a user clicking the instant messaging buttons in the Notes client, implement a
    desktop policy that sets the Sametime Server field to empty (no server name entered). In the
    desktop policy settings document, be sure the Sametime Server field on the Basics tab is empty.
    This policy will overwrite the fake server name in the SE TUP.TXT file; therefore, Notes does not
    attempt to connect to a Sametime server.
5. To ease distribution of this new setting in the NOTES.INI file, use the InstallShield Tuner for Lotus
    Notes application to create a transform file. The application is in the directory \apps on the
    Notes/Domino install CD.
For more information about using the InstallShield Tuner for Lotus Notes application to create
transform files, see the topic ″Customizing client installations″ in this chapter.

Parameter and value                                      Explanation
IM.Server=fakeservername                                 If you do not enter a value for the IM.Server, the user
                                                         will be prompted to do so during the install process.
                                                         Specifying a ″fake″ server name prevents the user from
                                                         being forced to enter a server name or cancel the
                                                         install.
IM.Port=80                                               The IM port number. This can be any positive number.
IM.Protocol=1                                            Defines whether you connect directly to IM server.
                                                         IM.Protocol=1 connects directory to the IM server

For more information about the parameters in the table, see the topic ″Setting up Notes with a
scriptable setup″ in this chapter.

Using transform files for end-user installations
After creating a trans form file, you can use that file for end-us er client installations.




                                                                                                            106
To apply a transform
This section contains two sets of instructions. The first set explains how to apply a trans form file for a
user interface (UI) installation -- that is, an installation that presents a user interface. The second set
explains how to apply a trans form file for a silent install -- that is, an installation that does not present a
user interface and therefore does not require any user interaction. There is also a section on using a
batch file to launch the command.

For installations using the transform file (and for silent installations) using the msiexec commands, the
network installation should not be the first installation of IBM(R) Lotus(R) Notes(R) that you perform
unless you are certain that all of the client workstations contain the Microsoft (R) Windows(R) Installer
Service.

Note: The command line path is the default installation path or the path for the transform file.

User interface (UI) installation
In this example, the ″progdir″ parameter and the ″datadir″ parameter are used to overwrite the default
settings designat ed by the transform file.
1. Change to the install directory that contains both the Lotus Notes 8.5.msi and the trans form, *.mst,
     files.
2. Do one of these:
 To install to the default Program and Data directories, enter this command from the command line:
msiexec /i "Lotus Notes 8.5.msi" TRANSFOR MS="custom.mst"
 To overwrite the default Program and Data directories with the ones you specify, enter this command
from the command line:
msiexec /i "Lotus Notes 8.5.msi"
PROGDIR=C:\Test DATADIR=C:\Test\Data
TRANSFOR MS="custom.mst"

Applying a transform to a silent installation
1. Change directory to the install directory that contains both the Lotus Notes 8.5.msi and the
      transform, *.mst, files.
2. Do one of these:
 If you want to install to the default Program and Dat a directories, enter this command from the
command line: msiexec /i "Lotus Notes 8.5.msi" /qn TRANSFORMS="custom.mst"
 If you want to overwrite the default Program and Data directories with the ones you specify, enter
this command from the command line:
msiexec /i "Lotus Notes 8.5. msi" /qn PROGDIR=C:\Test DATADIR=C:\Test\Data TR ANSFOR MS="custom.mst"
For more information on silent installations, see the topic ″Automating client installation″ in this
chapter.

Using a batch file to deploy command line options when applying a transform file
You can also create a batch file that the us er launches to start the command. A sample batch file is
shown below:
Sample batch file
msiexec /i "Lotus Notes 8.5.msi" TRANSFOR MS="custom.mst"
Using the SETUP.INI file setting to apply one transform file to all client installs
Use a setting in the SE TUP. INI file in the install directory to apply one transform file to all installs.
Using this method prevents the end user from having to enter a command line parameter or from
using a batch file.
Modify the command line in the SETUP.INI to read as follows:
CmdLine+/l*v %TEMP%\notes.log TRANSFORMS=custom.mst

The transform file is applied when SE TUP.E XE is launched.
Customizing Notes installation using the install manifest
As an IBM(R) Lotus(R) Notes(R) administrator you continue to have the ability to customize Lotus
Notes installation using tuner capabilities. However, with the addition of Eclipse features and plug -ins,
Lotus Not es installation capabilities have broadened.

Standard Eclipse features such as the IBM(R) Lotus(R) P roductivity Tools and the Composite
Applications Editor, as well as custom or third -party features, can be requested for install from the



                                                                                                              107
features installation panel during Lotus Notes installation. This document describes the process for
customizing Lotus Notes installation of supplied or third-party Eclipse features.

When customizing Lotus Notes installation using the install manifest, you work primarily in two
directories -- deploy and updat eSite. These reside in the supplied Lot us Notes installation media kit.
The updateSite directory is supplied in zipped form.

The Lotus Notes installation program determines whic h Eclipse feat ures will appear on the features
installation panel, and which features will be installed, bas ed on the following main items.

 deploy directory
– INS TA LL. XML -- install manifest that lists the Eclipse features to install. You can customize the
    install manifest to specify which features to install. You can use the install manifest to allow the
    user to choos e installation of a given feature. You can also specify features to i nstall, updat e, or
    remove after the initial Lotus Notes installation. The install manifest resides in the deploy directory
    (deploy\install.xml).

The install manifest uses Eclipse standards, but it is a file unique to Lot us Notes install. An
″installfeature″ attribute reflects the feature name users see on the Notes feat ure installation panel.
Lower level ″ feat ure″ statements are grouped toget her as a feature block subordinate to a top level
″install feature.″

– PLUGIN_CUS TOMIZA TION.INI -- use this file to set some Eclipse preferences. The
PLUGIN_CUS TOMIZA TION.INI file resides in the deploy directory (deploy \plugin_customization.ini).

 UPDA TES ITE.ZIP (Eclipse updateSite directory zip file)
– SITE. XML -- registry of the features that you want to expose for install. This standard IBM(R)
    Lotus(R) Expeditor site registry lists the Eclipse features available for install. It uses a unique
    Document Type Definition (DTD) or set of XML file conventions, which are documented in the
    Expeditor help. General informatio n about the SITE. XML registry is also available at the
    eclipse.org Web site.
– features subdirectory -- contains the feature JA R files. Features are used to organize plug-ins.
– plugins subdirectory -- cont ains the plug-in JA R files. Plug-ins hold runtime code.

Eclipse features are specified for installation in the supplied install manifest. The install manifest, in
conjunction with the UPDA TES ITE.ZIP file contents, determine which features are available for Lotus
Notes install, update, and remove functions. By default, the following feat ures appear on the Lotus
Notes features installation panel. You can suppress that display using the install manifest.
 Composite Applications Editor
 IBM Lotus Productivity Tools
 Activities
 Sametime(integrated)
Note: In the install manifest supplied in the Lot us Notes install media kit, do not modify feat ures whose
″required″ attribute is set to ″true.″

Customizing the installer process
Use the following process to customize IBM(R) Lotus(R) Notes(R) installation.

1.   Customize traditional Lotus Notes capabilities for install using a transform file. This procedure is
     identical to the tuner tasks used in earlier releases of Lotus Notes.
2.   Customize the Lotus Notes installation media kit content. This task involves editing the inst all
     manifest (deploy\install.xml). If you are adding new features, it also involves adding any custom or
     third-party feature and plug-in JA R files to the correct features and plugins subdirectories in a
     customized update site and ensuring that the update s ite manifest (SITE. XML) correctly lists the
     contents of those subdirectories. If you are adding custom or third -party feat ures and plug-ins,
     sign them and also establish signing preferences in the deploy \plugin_customization.ini file).
3.   (Optional) If you added new features in step 2, run the addToKit command line tool to copy the
     contents of a customized update site (features subdirectory, plugins subdirectory and S ITE. XML
     file) to the update site in the Lot us Notes install kit structure (UP DA TESITE. ZIP).
4.   Distribute the customized Lotus Notes installation media kit.


                                                                                                           108
Understanding the Eclipse update site
An Eclipse updat e site is a repository for features and plug-ins and it follows a standard format. The
IBM(R) Lotus(R) Notes(R) installer uses the update s ite directory zip file UPDA TES ITE. ZIP, which
contains a features subdirectory and plugins subdirectory, as well as a SITE. XML registry. The
SITE. XML registry lists all features that are published from the update site.

For Lotus Notes install, Eclipse upd ate site content must adhere to these conventions:
 All features must be packaged in JAR files (one per feature) and placed in the ″features″
subdirectory (updat eSite.zip\features).
 All plug-ins must be packaged in JA R files (one per plug-in) and placed in the ″plugins″ subdirectory
(updateSite.zip\plugins).
 Published feature IDs must reside in the S ITE. XML registry (updateSite.zip\site.xml).

Customizing Notes install using tuner capabilities
This procedure is identical to the IBM(R) Lotus(R) Notes(R) tuner tasks used in earlier releases of
Lotus Not es.

Customizing the Notes install manifest to add or modify access to
Eclipse features
You can edit the install manifest INS TA LL. XML to specify how features, such as IBM(R) Lotus (R)
Productivity Tools, will appear on the IBM(R) Lotus(R) Notes(R) feature installation panel. For
example, a feature can appear selected for install by default or not. You can also edit the install
manifest to remove specific features from the installation panel, either to force installation or prevent
that feature from being selected during install. You can also optionally remove a feat ure from the
installation kit itself.

Finally, you can customize installation to add custom or third-party features by editing the install
manifest to add feat ures for Lotus Not es install, adding related feature and plug -in JA R files to the
correct features and plugins subdirectories in a customized update site, and updating the site manifest
to correctly list the features in a customized up date site.

Customizing Notes installation for supplied Eclipse features
You can edit the IBM(R) Lotus(R) Notes(R) install manifest INS TA LL. XML to control which features
are available for installation and what the user sees on the feature installation panel. For Lotus Notes
installation of supplied Eclipse features, you can do any of the following:
 Display a feature name and enable the user to select or deselect the option. The feature name
appears on the feature installation panel as selected, and the user can select or deselect it.
 Display a feature name and force its installation. The feature name appears on the feature
installation panel and us er cannot deselect it.
 Prevent a feature name from appearing on the features installation panel. Depending on how
attributes are set in the install manifest this can either force the feature to be installed or prevent the
feature from being installed.
 Remove a feature from install consideration. You can comment or even delete a feature block.

When customizing the INS TA LL. XML file for supplied features, focus only on the ″installfeature″
element, not the sub-level ″feature″ element. When you open the Lotus Notes INS TALL. XML file in a
Web browser or XML editor, it opens in expanded form and the hierarchy is apparent. To simplify
display, collapse the feat ure block hierarchy so that only the ″installfeature″ elements are visible. Each
″installfeature″ element represents an installable feature.
You can edit the install manifest using an XML editor or text editor but be sure to validat e the XML
before moving to the next step in the customization process.

A sample of INS TA LL. XML text is shown below. For supplied features such as the Composite
Application Editor and IBM(R) Lotus(R) Productivity Tools, the attributes you can edit are ″default,″
″required,″ and ″show.″
<installfeature default="false"
id="Editors" name="IBM Productivity Tools"
required="false" show="true" version=".20070312.0245">



                                                                                                         109
Note: Do not edit any ″installfeature″ element whose ″requir ed″ attribute is set to ″true.″
 default -- S pecifies whet her the ″installfeature″ name is shown selected for installation. If set to true,
the ″installfeature″ name is selected on the feature installation panel. If set to false, the ″installfeature″
name is not selected on the feat ure installation panel.

Note: The ″default″ attribute is ignored when re-running the installer and is ignored on upgrade unless
the ″installfeature″ did not exist in the previously installed offering. This allows the installer to display
the state (installed or not installed) of the ″installfeature″ that was available in the previously installer
offering.
 required -- Specifies whet her the ″installfeature″ must be installed. If set to true, the ″installfeature″ is
installed. If set to false, and show is set to true, the ″installfeature″ name appears on the Lotus Not es
feature installation panel and the user can select the option. The ″required″ attribute overrides the
″default″ attribute.
 show -- Specifies whether the ″installfeature″ appears on the Lotus Not es feat ure installation panel. If
set to true, the ″installfeature″ name is visible. If set to false, the ″installfeature″ name is not visible.

For other information about the install manifest, see the ″Install manifest″ section of ″Customizing
provisioned components″ in IBM(R) Lotus(R) Expeditor help at
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r1/topic/com.ibm.rcp.tools.doc.admin/optionalfeatures
.html. See the Expeditor release 6.1.1 help as it becomes available.

Example: Display a feature on the features installation panel and enable the
user to select or deselect the feature
To display an ″installfeat ure″ name and enable the user to select or deselect it during Lotus Not es
install, set the following values:
 default -- false
 required -- false
 show – true

Example: Display a feature on the features installation panel and force its
installation
To display an ″installfeat ure″ name and forc e its installation, set the following values:
 default -- true
 required -- true
 show – true

Example: Prevent a feature from appearing on the features installation panel
and install
To prevent an ″installfeat ure″ name from appearing on the features installation panel and force its
installation, set the following values:
 default -- true
 required -- true
 show -- false

Example: Prevent a feature from appearing on the features installation panel
and do not install
To prevent an ″installfeat ure″ name from appearing on the features installation panel and prevent its
installation, either delete that feature block, comment its ″installfeature″ element in the INS TALL. XML
file, or set the following values:
 default -- false
 required -- false
 show – false

Note: If you delete an unwanted ″installfeatur e″ block in the install manifest, you can also use a
supplied script to delete the associated feature and plug-in JA R entries in the zipped
updateSite.zip\features and updateSite.zip\plugins directories to minimize install media kit size.




                                                                                                            110
Removing a feature from the installer
You can remove an ″installfeature″ block by deleting it from the install manifest and then running a tool
to generate a update site zip file consisting of only the features and associated plug-ins represented in
the install manifest. This helps minimize the size of the Lotus Notes install media kit and conserves
disk space on the target Lotus Notes client.

Customizing Notes installation for new or third-party Eclipse
features
If you have created a custom Eclipse feature or are adding in a third-party feature to the IBM(R)
Lotus(R) Notes(R) installation, you need to create a feature block in an INS TALL. XML file using the
same convention as the other Eclipse features in the Lotus Notes install manifest.

Note: The Lotus Notes install manifest DTD differs somewhat from the standard Eclipse or IBM(R)
Lotus(R) Expeditor install or provisioning manifest DTD described in the Eclipse and Expeditor
documentation. Open and referenc e the Lot us Notes-supplied INS TALL. XML for correct file formatting
and cont ent information. For example, the Lot us Notes install manifest allows you to do partial installs;
the Expeditor manifest does not. The Notes install manifest contains at least four unique attributes that
the Expeditor manifest does not. They are ″required,″ ″default,″ ″show,″ and ″description.″

The Lotus Notes install manifest uses a unique DTD that adheres to Eclipse conventions but is non -
standard. The Expeditor install manifest adheres to the DTD conventions described in the Assembling
and Deploying Lotus Expeditor Applications help in ″Provisioning manifest DTD″ and the ″Install
manifest″ section of ″Customizing provisioned components″ in Lotus Expeditor help below:
 http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/com.ibm.rcp .tools.doc.admin/manifestDTD.htm
 http://publib.boulder.ibm.com/infocenter/ledoc/v6r11/topic/com.ibm.rcp.tools.doc.admin/optionalfeatures.html


installfeature element
The attributes that determine if the ″installfeature″ name appears on the Lotus Notes feature
installation panel are ″default,″ ″required,″ and ″show.″ The required attributes for each ″installfeature″
element are described below:

 default -- S pecifies whet her the ″installfeature″ name is shown selected for installation. If set to true,
the ″installfeature″ name is selected on the feature installation panel. If set to false, the ″installfeature″
name is not selected on the feat ure installation panel.

Note: The ″default″ attribute is ignored when re-running the installer and is ignored on upgrade unless
the ″installfeature″ did not exist in the previously installed offering. This allows the installer to display
the state (installed or not installed) of the ″installfeature″ that was available in the previously installer
offering.
 id -- Specifies a unique ID for the feature to be installed. There is currently no validation check for ID
field uniqueness; therefore, the developer must specify a unique valu e.
 name -- Specifies the ″installfeature″ name as it will appear on the Lotus Notes feature installation
panel.
 required -- Specifies whet her the ″installfeature″ must be installed. If set to true, the feature is
installed. If set to false, and show is set to true, the feature name appears on the Lot us Notes feature
installation panel and the user can select the option.
 show -- Specifies whether the ″installfeature″ name appears on the Lotus Not es feature installation
panel. If set to true, the ″installfeature″ name is visible. If set to false, the ″installfeature″ name is not
visible.
 version -- Specifies a numeric value suffix to the install version ″installfeature.″

feature element
The required attribut es for each ″feature″ element are described below:
 download size -- Specifies the temporary disk space required to install this feature.
 id -- Specifies the unique ID that identifies this specific feature and that matches the ID naming
convention used in feat ures.xml for that feature.
 match -- Specifies a feature action dependency on the version attribute value and is used to specify
a desired match rule.



                                                                                                             111
Note: A version value can consist of four parts -- major.minor.service.qualifier.
 The options are:
– GreaterOrEqual -- All parts of the version must be greater or equal. The dependent version must be
at least at the version specified, or at a higher service, minor or major level.
– compatible -- Major must match and others must be greater or equal. The dependent plug-in version
must be at least at the version specified, or at a higher service level or minor level (major version level
must equal the specified version).
– equivalent -- Major and minor must match and the last parts, for ex ample, service.qualifier, must be
greater or equal. The dependent version must be at least at the version specified, or at a higher
service level (major and minor version levels must equal the specified version).
– perfect -- All parts of the version must match. The dependent version must exactly match the
specified version. For example, the following attributes allow installation only if the version value in the
update site and S ITE. XML file is 3.0.0.
version=″ version=″3.0.0″ match=″perfect″

 size -- Specifies the disk space needed for the installed feature.

 url -- Specifies the loc ation from which to obtain the ″installfeat ure″ during install and initial
provisioning.
 version -- Specifies the version of the feature to be installed and provisioned. This is a three or four
part value associated with the feature to be installed. It has dependency with the ″match″ value in
determining whether to install the feature. It also has future dependency on the match value when
determining whether to update the installed feature. The version attribute holds these main values --
major.minor.service release.qualifier. The following example shows version 3.0.0 with the ″20070309 -
1700″ qualifier representing a named build or other qualifier value: version="3.0.0.20070300-1700"

Sample feature block of custom or third-party features
A sample custom feature block is shown below.
<installfeature default="false"
id="ISVExample1" name="YourToolA"
required="false" show="true"
 version "3.0.0.20070309-1700">
<requirements>
<feature download-size="72457" id="com.abx.yourtoolabxz.tools.feature"
match="perfect" size="227855"
url="${installer.root}/updateSite.zip"
 version="3.0.0.20070309-1700"/>


Adding new features to the Notes install kit using a command line
tool
If you added new features and plug -ins, you can run a command line tool to copy the contents of a
customized, zipped update site (features subdirectory, plugins subdirectory and SITE. XML file) and
updated INS TA LL. XML file to the IBM(R) Lotus(R) Notes(R) install kit structure. The addToKit tool is
available as both a Microsoft (R) Windows(R) executable (A DDTOK IT.E XE ) and Linux (R) perl script
(addToKit.pl). Aft er you update the content of the zipped update site directory and the deploy
directory, place them at the same level as the Lotus Notes install kit structure and use the addToKit
tool to copy your source files into the install kit’s structure. Before using this tool, perform the following
tasks:
 Create and sign any new Eclipse features that you want to add to the Lotus Notes install media kit.
 Place the new features and plug-ins JA R files in the features and plugins update site subdirectories
(updateSite.zip\features and updateSite.zip\plugins ).
 Create and validat e the new SITE. XML site manifest file (updateSite.zip\site.xml).
 Create and validat e the new INS TALL. XML install manifest in the deploy directory
(deploy\install.xml).

Considerations
The following information is helpful when using this tool:
 There is no validation capability with the addToKit tool so be sure that your XML is validated and
your ″installfeature″ ID attribute values are unique.



                                                                                                           112
 You can run the addToKit tool with or without arguments.

 The <addTok itPath> must contain a depl oy directory and zipped updat eSite directory that matches
the format of the Lotus Notes install media kit.
 The updatesSite.zip\site.xml and deploy\install.xml information is merged from the <addTok itPath>
to the <destKit> path and the plug-ins and features are copied over. The files in <addTok itPath> are
added to the existing kit; they are appended to the destination SITE. XML and INS TALL. XML files.
 Running the tool with no arguments copies files into a temporary directory. If you do not specify a
source path <.\addTok itPath> in the command line, the default sourc e path is .\addToKit. If you do not
specify a destination pat h <destKit>, the default destination path is the current working directory. The
.\addToKit value should be the default source path.
 Before running this tool, place your signed features and plug-ins correctly in the update site directory
and update the SITE. XML and INS TALL. XML files in their correct directories. Zip the update site
directory.

Command line options
Command line arguments are available. For example, when you run the following command,
information from <k itPath> is merged into the kit that is in the same directory as the ADDTOK IT.E XE
file. addToKit.exe [-dhnV] <kitPath> In the following example, the contents of C:\addToKit are copied into
the temp\not es8abx.w32 directory. addToKit.exe c:\addToKit c:\temp\notes8abx.w32 When using
addToKit.exe -h, tool usage is displayed as below: <k itPath> defaults to addToKit/. -d Turn debugging
on. -h Print command line option usage. -n Run the utility as a dry run. -V Print version information.


Procedure
1.   Extract the ADDTOK IT. ZIP file into the temporary directory in which your files reside, for example,
     c:\temp\notes8abx.w32. This zip file contains the directory addToKit, which contai ns your zipped
     update site directory (UPDA TES ITE. ZIP), and your deploy (deploy) directory.
2.   Copy the A DDTOKIT.E XE into the same temporary directory.
3.   Open a command window, change to the directory in which the addToKit tool resides, and run the
     tool, preferably with the source path and target path arguments, using the following format:

addToKit.exe [<addTokitPath>] [<destkit>]
In this format, <addTok itPath> is the source path containing the source UPDA TES ITE. ZIP file and
deploy directory and <destk it> is the target directory in which your Lotus Notes installation resides.

The source update site is an update site directory containing the feat ures subdirectory, plugins
subdirectory, and S ITE. XML file. The deploy directory contains the updated INS TA LL. XML file. The
format of the source update site

directory zip file and deploy directory must match the format of the target update site directory zip file
and deploy directory.


Installing and subscribing to preset feeds
The deploy\extras folder in the IBM(R) Lotus(R) Notes(R) install media kit contains a
PRESETFEEDS.OPML XML file in which preset feed subscriptions are supplied. Check the install
media kit’s PRESETFEE DS.OPML file for the lat est default preset feed subscriptions.

Controlling preset feeds prior to Notes install
To control which preset feeds are available to Notes users, you can modify the supplied
deploy\extras\preset feeds.opml file prior to installing Lotus Notes. You can also export feeds from an
existing feed reader into P RESETFEEDS.OPML.


Adding preset feeds
You can add preset feeds to the PRESE TFEE DS.OPML file by either exporting from another reader to
an .opml file and copying that content into PRESE TFEE DS.OPML or by editing
PRESETFEEDS.OPML using a text or XML editor. Alternatively, y ou can overwrite
PRESETFEEDS.OPML content with the OUTP UT.OPML file from another reader.



                                                                                                          113
Removing preset feeds
You can remove or comment out any supplied preset feeds from the PRESE TFEE DS.OPML file. If
you do not want any preset feeds, you can remove or rename the PRESE TFEEDS.OPML file.

Subscribing to preset feeds after Notes install
The ″Subscribe to preset feeds icon″ is available in Notes from the Feeds user interface. After
subscribing, or after toggling the icon off using the File - Preferences user interface sequence, you can
redisplay the ″Subscribe to preset feeds″ icon using the following procedure:
1. Click File - Preferences.
2. Click Feeds.
3. Enable Show ″Subscribe to preset feeds″ button on the toolbar and click OK.
4. Click the Feeds icon in the Notes side shelf to open the Feeds user interface. The ″Subscribe to
    preset feeds″ icon contains the round feeds graphic.
5. Click the ″Subscribe to preset feeds″ icon to subscribe to the feeds obtained from the Notes
    installer’s deploy\extras\presetfeeds.opml file.

Note: The ″Subscribe to preset feeds″ icon is removed when the ″Subscribe to preset feeds″ process
conpletes.

Note: If a feed cannot be read, a log file entry is created during the ″Subscribe to preset feeds″
process.


Customizing Notes using the plugin_customization.ini file
You can use the PLUGIN_CUS TOMIZA TION.INI file to c ontrol various aspects of IBM(R) Lot us(R)
Notes(R) 8. 5 installation and us age. It is supplied in the Lotus Notes installation media kit in the deploy
directory (deploy\plugin_customization.ini). Once installed, the file is located at
<install_dir>\framework\rcp\plugin_customization.ini.

Changing feed subscription after subscribing to preset feeds
You can subscribe to new feeds or unsubscribe from existing feeds by using the Feeds user interface
as described in Lotus Notes help.

Customizing notes using the plugin_customization.ini file
You can use the plugin_customization.ini file to control various aspects of IBM Lotus Notes 8.5
installation and usage. It is supplied in the lotus not es installation media kit in the deploy directory
(deploy\plugin_c ustomization.ini). Once installed, the file is located at
<install_dir>\framework\rcp\plugin_customization.ini.


Using notes client single logon to synchronize Notes and OS
passwords
If your IBM(R) Lotus(R) Notes(R) users’ Microsoft(R) Windows(R) passwords are s ynchronized with
their Notes passwords, allowing them to use the same password for both Notes and their operating
system you (or they) must have selected the custom feature ″Client Single Logon″ while installing
Notes.

The user’s computer’s name cannot b e the same as the operating system (OS) login name when
using Client single logon. The IBM(R) Lot us(R) Domino(TM)/Not es Client Single Logon feature does
not work when the OS login name is identical to the computer name, and the user logs in with the OS
name. If Client Single Logon is not working properly on a user’s system, change the OS login user
name or the user’s computer’s name.
When users install Lotus Notes they can choose the Notes option ″Client Single Logon Feat ure.″
When installation is complete, users must restart the client to allow single logon to take effect.

When the user restarts Notes:
 a Notes Single Logon Password Synchronization panel appears;
 the user should click Yes and, as prompt ed, enter their Notes password and click OK;



                                                                                                            114
 a Change Password panel then appears, prompting the user to enter the new password and re -enter
the new password for confirmation. In both password entry fields, the user should enter their Windows
system password, and then click OK.

The single logon feature is then fully operational.

Note: To dis able the Notes single login feature, click File - Security - User Security and disable the
″Login to Notes using your operating system login″ setting in the ″Your Login and Password Settings″
area of the Security panel. After disabling single sign-on, use your Windows password to log in to
Notes.

OS and Domino password policies must be aligned as closely as possible to allow password
synchronization to work. During OS password changes, the Notes Net work Provider must be able to
change the Notes ID to the new password provided by the OS. Notes is notified of the new OS
password only after the OS password has been changed. If the new OS password does not meet the
Notes password quality and history requirements, the Notes password change will fail.

During Notes password changes, the Notes client must be able to change the OS password to the
new Notes password. If the new Notes password does not meet the OS password quality and history
requirements, the OS password change will fail.

For bidirectional password synchronization, the Notes Net work Provider must be able to access a
user’s NOTES. INI file and Not es ID file. The table below shows the required location for the
NOTES.INI file according to type of installation:

Install type                                     Location
Single user                                      The NOTES.INI file must exist in the Notes directory as
                                                 specified in the HKEY_LOCAL_MACHINE registry key.
Multi user                                       The NOTES.INI file must be specified in the
                                                 HKEY_USE RS registry key:
                                                 (″<sid>\SOFTWARE\Lotus\Notes\8.0\NotesIniPath″)

Operating system (OS) password changes, that is, password changes that are initiated outside of
Lotus Not es, occur in the system access control environment; therefore, the NOTES.INI file and the
Notes ID file must reside on a local drive. To check whet her the single logon feature is already
installed, choose File - Security - User Security - Security Basics. If the client single logon feature is
installed, the option ″Login to Notes using your operating system login″ is enabled.

Keeping a pre-Notes 8.5 version on Windows
On Microsoft(R) Windows(R), you can make a copy of your IBM(R) Lotus(R) Notes(R) 6. 5.x or 7.x
installation and then install Lotus Notes 8.5. These instructions apply to single user installation only.
You must have local administrator privileges to complete this procedure.
1. Shut down the Notes client and all Not es-related tools, utilities and add-ins running on your
    computer.
2. Make a backup copy of your NOTES.ID and NOTES. INI file.
3. Rename the Not es 6.5.x or 7.x install directory. For example, rename the directory not es7.
4. Rename the entire Notes registry key HKEY_LOCAL_MACHINE \Software\Lotus\Notes. For
    example, rename it HKEY_LOCA L_MA CHINE\Soft ware\Lot us\Notes7.
5. Rename the entire Installer registry key HKEY_CURRE NT_USER\Software\Lotus\Notes\Installer.
    For example, rename it HKEY_CURRE NT_USER\Software\Lotus\Notes\Installer7.
6. Create a new desktop shortcut to run the Notes 6.5.x or 7.x version. Create a copy of your existing
    Notes desktop shortcut icon, then right click on it, click Properties and change the following
    settings:
a. Change the Shortcut tab - Target value to \notes7x\notes.exe =\notes\notes.ini.
b. Change the Start in value to \notes7x.
c. Change the Title (General tab) to Notes 7.
d. Click OK to close the properties dialog.

7.   Install Lot us Notes 8.5.
8.   When installation is complete, rename the 6.5.x or 7.x install directory back to its origin al name.



                                                                                                         115
Using Language Pack Installer with Domino
If you plan to install Language Pack Installer (LPI) to run with IBM(R) Lot us(R) Domino(TM), you need
to be aware of the following information before installing and setting up Domino and LPI. You also
need to read the Language Pack Installer file, README. TXT, that was provided wit h your copy of the
LPI software. To present a non-English language email interface to Domino users, the Domino
environment is required, as well as the following:
 The appropriate non-E nglish version of Microsoft(R) Windows(R) for the end user so that users can
open file attachments that contain non -English (multiple-byte) characters in the file name. Providing
the non-English version of Microsoft Windows, also ensures that non-E nglish fonts are present on the
system. Users can then read email subject lines and body text that are comprised of non -English
characters.
 The appropriate non-E nglish mail template that enables folder names, button labels, field labels and
column headers to display in the non-English language. This is not required for users running a POP
or IMAP client.
 A non-English IBM(R) Lot us(R) Not es(R) client to enable menu options and dialog boxes to display
in the non-English language. This is not required fo r users running a POP, IMAP, or browser client.
 Non-Englis h fonts for Lotus Notes to allow a us er’s workstation to display text encoded in the non -
English character set in case the user does not have the non -English version of Microsoft Windows.

To allow users to work in some languages other than English, you need to enable the setting ″Enable
Unicode display″ in Lotus Notes. Complete these steps:
1. From the Lotus Not es client, click File - Preferences - User P references.
2. On the Basics panel, in the Additional Options list, check the option, Enable Unicode display.
3. Click OK. Install the non-English Lotus Notes client and the non -English fonts for Lotus Notes on
    each workstation. You can download both from the Passport Advant age site or the Business
    Partner Zone.

Note: The non-E nglish mail template is installed when you the install the Language Pack Installer. You
can also obtain the non-E nglish mail template from Passport Advant age site or the Business Partner
Zone.

Prior to installing and setting up LP I in your Domino environment, review the following information:
 Review the LP I file, REA DME. TXT, to be aware of limitations and restrictions.
 Extract the language pack on a workstation and then run the appropriate SE TUP.E XE file. Running
the file, SE TUP.E XE, initiates a Java wizard on the workstation which pushes the language pack to
the server.
 While installing Language Pack Installer, choose the templates to whic h you are adding the non -
English design element. (Us e IBM(R) Lotus(R) Domino(TM) Designer to view the language of each
design element.) After installing the language pack, the selected templates have English and non -
English design elements. If you manually replace a mail file’s design using File - Application - Replace
Design, you can specify English, or a non-English language for the mail file when prompted to do so in
the dialog box.

 Before replacing the design of any mail files that contain custom folders, assign Manager access to
the mail file to LocalDomainAdmins (or to a comparable group of which you are a member).
 After assigning Manager access to the appropriate group, manually run the agent, Update Folder
Design, from the Actions menu in each mail file. When that is complete, run Fixup, Updall, and
Compact -c on each mail file and then replace the mail file’s design. Replacing the design before
upgrading the folders causes the design replace to fail and results in errors stating ’unable to find
referenced note.’
 Do not remove the flag, Prohibit design replace, from fold er design elements. Deleting the flag
causes the causes the folders to be deleted.
 If you modify the selected Multilingual options in the database properties’ design tab, the database
will open extremely slowly. Always leave the Multilingual database property unchecked. (Access the
database properties design tab in the Domino Administrator client by clicking the Files tab, selecting a
database, then choosing File - Application - Properties. Click the tab that has an icon of a hammer.)
 Add non-English languages to the IBM(R) Lotus(R) Domino(TM) Web Access template. Other
templates are optional.




                                                                                                     116
Instant messaging and client installation and setup
Instant messaging (IM) allows users to see their co -workers online and to send them instant
messages. Users can also start instant online meetings among three or more co-workers.

Instant messaging is included in the IBM(R) Lotus(R) Notes(R) client installation, and is installed when
you install the Notes client. During the Notes client configuration, the Lotus Not es Client Configuration
dialog box displays the check box ″Setup Instant Messaging″ that allows you to specify whether to set
up IM during Notes client setup. By default, the check box is selected to enable the setup of IM. You
can deselect that check box to prevent IM from being set up for users.

Enabling Single Sign-On for instant messaging
As an administrator, you can include IM in single sign -on with Lotus Notes and pus h this feature down
to users through dynamic configuration. To enable IM wit h single sign-on for users, use the
NOTES.INI variable, IM_ENAB LE_SSO=1. If this variable is set to 1, IM with single sign -on is enabled;
if this variable is set to 0 (zero), IM wit h single sign -on is disabled and the user must enter their instant
messaging password. There is also a setting on the User Preferences dialog box that users can set to
designate whether they want to use the single sign-on feat ure, allowing then to log on once and still
connect to multiple applications and servers.

Scriptable setup and instant messaging
If you are using scriptable setup to configure newly installed clients, IM can be included in the
scriptable setup. There are several variables that you use to define the IM settings for users.

For more information about using scriptable setup with IM, see the topic ″Setting up Notes with a
scriptable setup″ in this chapter.

Name awareness in view columns and names fields
When Notes displays the online status for a name, it passes that name as displayed, to the IBM(R)
Lotus(R) Sametime(R) server for lookup in the Sametime server’s directory. Usually this is the Notes
abbreviated format (for example, John Smith/Austin/Acme), although exceptions can be found in email
because email names can be received from the Internet. In order for the name to be found in the
directory that the Sametime server uses, the directory needs to support a lookup of a Notes
abbreviated name. If the directory that the Sametime server uses is an IBM(R) Lotus(R) Domino(TM)
directory, this occurs by default. However, if the directory that the Sametime server uses is an LDAP
directory, you may need to configure how the server performs a name lookup with the LDAP server.
You may also need to ensure that the LDAP directory has a Notes abbreviated name attribute for each
of its entries.

For more information about using LDAP with a Sametime server, see the topic ″Configuring the LDAP
Searching Setting″ in the Lotus Sametime Administrator’s Guide. You can download or view the Lotus
Sametime Administrator’s Guide from the Documentation Library of the Lot us Developer Domain at
http://www.lotus.com/ldd/doc.

Instant messaging and policies
Use the desktop policy settings document to specify a Sametime server for users.

Enter the server name in the Sametime server field. When pushed down to the users, this setting
populates the field ″Sametime server″ in the users’ Loc ation documents. The user can, however, enter
a different server name in that field on the Location document to override the setting from the policy
document. The server specified in the Sametime server field is the server that the user will access for
instant messaging. If no server name is entered in this field, the user is unable to log on to IM. The
user would then have to review the settings on the Instant Messaging tab of their Location document,
and mak e the necessary corrections.

For more information about using policies and the desktop policy settings document, see the chapter
″Using Policies.″




                                                                                                           117
Installing Notes in a single user environment
You can install IBM(R) Lotus(R) Notes (R) on Micros oft(R) Windows(R) in a single user environment.
You can use the Lotus Notes allclient installer to install Lotus Notes, IBM(R) Lotus(R) Domino(TM)
Designer and IBM(R) Lotus(R) Domino(TM) Administrator clients.

Note: You can install Lotus Notes on Windows as a single or multi-user installation. However, Lotus
Notes installation on Linux(R) supports multi-user only.
1. Before you install the client program files, do the following:
 Read the release notes for software and hardware requirements and for any last -minute changes or
additions to the documentation.
 Read the considerations section of the installation instructions in this guide.
 Temporarily disable any screen savers and turn off any virus -detection software.

 Make sure that all other applications are closed. Otherwise you may corrupt shared files and the
install program may not run properly.
 Uninstall any same-release Beta versions before installing. For example, if you are installing Lot us
Notes 8.5, uninstall any Lotus Notes 8.5 Beta versions before installing.

Note: If you have installed a Beta 1 or Beta 2 version of Lotus Notes 8.5, uninstall it before installing
this release of Lotus Notes 8.5. Upgrade from a Beta 1 or Beta 2 version is not supported. You should
not need to uninstall Lotus Notes 8.5 Beta 3 prior to installing and upgrading to this Lotus Notes 8.5
release.

2. If you are installing or upgrading a single Notes user on Windows, see Considerations before
installing Lot us Notes on Windows and Installing and upgrading to Notes on Windows -- single user.

Installing and upgrading to Notes on Windows for a single user
IBM(R) Lotus(R) Notes(R) 8.5 is available as an install media kit. Lotus Notes 8.5 can be installed in
graphical mode, silent mode, and by using Smart Upgrade. Installation of Notes on Micros oft(R)
Windows (R) is support ed for single user or multi-user. For Windows, the Lotus Notes client-only is
available in the Notes.msi.w32 installation media kit. The Lotus Not es, IBM(R) Lot us(R) Domino(TM)
Administrator, and IBM(R) Lotus(R) Domino(TM) Designer clients are available in the
AllClient.msi.w32 installation media kit. When installing Notes in a single user environment using the
Windows Allclient kit, you can install or upgrade the Domino Designer and Domino Administrat or
clients.
1. Shut down all applications.
2. If you have installed a Beta 1 or Beta 2 version of Lotus Notes 8.5, uninstall it before continuing.
     You should not need to uninstall Lot us Notes 8.5 Beta 3 prior to installing/upgrading to this Lotus
     Notes 8.5 releas e.
3. Obtain the Lotus Notes installation media kit. For example, obtain the installation media kit CD or
     open a brows er and navigate to the Lotus Notes/Domino Web site at which the installation media
     kit resides.
4. Save the installation media kit to a local folder, for example to your C: \temp folder.
5. Navigate to the folder in which you saved the installation media kit.
6. Locate and run the SE TUP.E XE installation executable.

Note: If a us er has the environment variables USERP ROFILE, HOME DRIVE, or HOMEPA TH set to a
network share, you must use special command line paramet ers to ensure t hat all data directories are
installed locally, thus eliminating issues with net work shares. You can check for these environment
variables by typing ″SET″ at a command prompt. If HOMEDRIVE is not set to C:, you must review this
instruction carefully. For example, if HOMEDRIVE=H: (where ″H″ may be a mapped network drive).
7. Read the Welcome screen and click Next.
8. Read and accept the license agreement terms and click Next.
9. Enter your user name and organization, choose the ″Single-user Install″ setting, and click Next.

10. Accept the default install directory or specify a different installation directory and click Next. The
default installation directories for a new single user install on Windows are as below:
 Lotus Notes 8.5 product and binary files installation directory -- C:\Program Files\IBM\Lotus\Not es
 Data directory -- C:\Program Files\IBM\Lotus\Notes\data



                                                                                                         118
 Workspace directory -- C:\Program Files\IBM\Lotus\Notes\data\workspace
 Lotus Notes 8.5 Java code installation directory -- C:\Program Files\IBM\Lotus\Notes\framework

If a Lotus Notes version is currently installed, the default path is the current Lotus Notes installation
path. When you install Lotus Notes single user on a system on which Lotus Not es 6.5 or 7.x is already
installed, the traditional Lotus Notes portion of the product is upgraded and installed to the same
directory in which the existing Lotus Notes install binaries currently reside, for example C: \Lotus\Notes.
The Lotus Notes dat a directory is assumed to be the directory whe re the existing Lotus Not es install
data files exist, for example C:\Lotus\Notes\data. Additional IBM(R) Lotus(R) Expeditor framework files
are installed to a \framework subdirectory, for example C:\Lotus\Notes\framework.

11. Select the features and sub-features to install and click Next.
These options include the following: Notes client -- The Lotus Notes client is installed automatically but
you can control which individual sub-features to install.
 Domino Administrator -- Select this to install or upgrade the Domino Administrat or client and specify
which subfeatures to install.
 Domino Designer -- S elect this to install or upgrade the Domino Designer client and specify which
subfeatures to install. Note that the Property Broker Editor is installed aut omatically with Domino
Designer.
 Activities --Select this to install the Activities feature. An activities server is required to use this
feature.
 Composite Applications Editor -- Select this to install the Composite Applications Editor for use with
composite applications.
 IBM Lotus Productivity Tools -- Select this to install IBM(R) Lotus(R) Productivity Tools including IBM
Lotus Documents, IBM Lot us Presentations, and IBM Lotus Spreadsheets.
 Sametime (int egrated) -- Select this to install basic IBM(R) Lotus(R) Sametime(R) capabilities such
as chat and live names. A Sametime server is required to use this feature.

12. Optionally specify Notes as your default email program and click Install.
13. Read the preview screen and click Install to continue or click Back to revise your feature
    selections.

Note: If errors occur and you are installing Lot us Notes 8.5 on a system in which an existing Beta
version of Lot us Notes 8.5 was installed, the existing version may not have been properly uninstalled.

14. When installation is complete, read the summary screen and click Finish to exit the installation
wizard.
The installation program creates new shortcut icons on your desktop, including those for the Lotus
Notes client itself and the productivity tools, Domino administrator client, and Domino Designer client,
if you chose to install those feat ures.

15. Use the new desktop icon to start Lotus Notes or click Start - Lotus Applications - Lotus Notes 8.5.
If this is a new install, respond to the configuration wiz ard prompts. Your administrator can supply the
Domino server and configuration information to you.
16. If this is the first time that you have installed or upgraded to this Lotus Notes release, you should
      update your Lotus Notes mail template and Contacts list now. Replace the design of your Mail and
      Cont acts templates and make sure that your location document points to the correct server. For
      mail, use the Mail (R8) (MAIL8.NTF) template. For contacts, use the Personal Address Book
      (PERNAMES.NTF) template.
a. Click Open - Mail or the Mail tab.
b. Click File - Application - Replace Design.
c. Select the Mail (R8) (MA IL8.NTF) template from the list.
d. Disable the Inherit future design option.
e. Click Replac e, and then click OK or Yes in response to any prompts.
f. Close the Mail tab. The new design will appear when you open Mail after client restart.
g. Click Open - Contacts or the Contacts tab.
h. Click File - Application - Replace Design.
i. Select the Personal Address Book (PERNAMES.NTF) template from the list.
j. Disable the Inherit future design option.
k. Click Replac e and then click OK or Yes in response to any prompts.



                                                                                                       119
l.   Close the Contacts tab. The new design will appear when you open Cont acts after restarting the
     Lotus Not es client.

17. Close and then restart Lotus Notes. You m ust restart Lotus Notes after replacing the mail and
    contacts template designs.


Installing Lotus Notes in a multi-user environment
You can install IBM(R) Lotus(R) Notes (R) in a multi-user user environment. This enables multiple
users to sequentially log in to the same machine and use the same Lotus Notes install directory with
their own Lotus Notes data directory. You must be logged in as an administrative user when you install
Lotus Not es multi-user.

Note: Multi-user installation is supported for Not es client-only install; it is not supported for installing
the IBM(R) Lotus(R) Domino(TM) Administrator or IBM(R) Lot us(R) Domino(TM) Designer clients. The
Notes Allclient installation kit is available for Microsoft (R) Windows(R) single user installation onl y. Use
the multi-user installation if your enterprise has multiple users who share a single workstation. Then
when users log onto the system, they run the Lotus Notes client setup and their own personal data
files, that is, BOOKMARK.NSF, NAMES.NSF, and other files are created. In a multi-user installation,
the installer installs the Notes program files to a central location on the local system. Each user has
their own data directory located in the system’s application data directory for the current user. Ea ch
user’s data files are created when that user logs in to the workstation, starts the Lotus Notes client,
and completes the client setup.

Note: With multi-user installation, the data path is based on the ″Doc uments and Settings″ for each
user. There is no need to specify the data directory for a multi-us er installation because it would not be
used by the installer; therefore, you are no longer prompted for that information.

The multi-user installation differs from a shared installation in that program files are located on the
local system in a multi-user install, which can be an advantage. This allows for access to the Notes
client regardless of which net work drives are available. In a shared installation, users are dependent
on the availability of shared net work drives.

Note: Shared net work install is not supported in Lotus Notes 8.5. Shared network install of Lotus
Notes 8.5 basic configuration remains available.


Installing Lotus Notes multi-user on a Windows client
To install IBM(R) Lotus(R) Notes(R) in a multi-user environment on a Windows client, see
Considerations before installing Lotus Notes on Windows and Installing and upgrading to Notes on
Windows -- multi-us er .

For information about Smart Upgrade, see Using IBM Lotus Notes Smart Upgrade.

For information about automated install, see Automating client installation.

Installing Lotus Notes multi-user on a Linux client
To install Lotus Not es in a multi-user environment on a Linux (R) client, see Considerations before
installing Notes on Linux and Installing Notes on Linux.

For Smart Upgrade, see Using IBM Lotus Not es Smart Upgrade.

For automated install, see Automating client installation.

Multi-user install with multiple language Notes clients
You can install multiple copies of the Notes client in multiple languages on one operating system. The
language files are installed in each Multi-us er install\language directory. For example, in a multi-us er
installation, if you first install a French Not es client and then install a Japanese Notes client, the user
interface (UI) files are installed in individual directories such as these:
\Program Files\IBM\Lotus\Notes\MUI\fr



                                                                                                          120
\Program Files\IBM\Lotus\Notes\MUI\ja

The templates and help files are installed in the next directory, as shown
\Document Setting\All Users\Application Data\Lotus\Data\Shared\mui\fr
\Document Setting\All Users\Application Data\Lotus\Data\Shared\mui\ja
When a user starts the Notes client the first time, the UI and dat abas e language are determined by the
user’s locale setting. If the locale language is not found in the directory \mui, the English user interface
is used and English databases are created to set up the Notes client.

Installing and upgrading to Notes on Windows for multi-user
The IBM(R) Lot us(R) Notes(R) 8.5 is available as an install media kit. Lotus Notes 8.5 can be installed
in graphical mode, silent mode, and by using Smart Upgrade. Installat ion of Notes on Microsoft (R)
Windows (R) is support ed for single user or multi-user. For Windows, the Lotus Notes client-only is
available in the Notes.msi.w32 installation media kit. The Allclient kit is not available for multi -user
installation. For installation considerations, see Considerations before installing Lotus Notes on
Windows.
1. Shut down all applications.
2. If you have installed a Beta 1 or Beta 2 version of Lotus Notes 8.5, uninstall it before continuing.
     You should not need to uninstall Lot us Notes 8.5 Beta 3 prior to installing/upgrading to this Lotus
     Notes 8.5 releas e.
3. Obtain the Lotus Notes installation media kit. For example, obtain the installation media kit CD or
     open a brows er and navigate to the Lotus Notes/Domino Web site at which the installation media
     kit resides.
4. Save the installation media kit to a local folder, for example to your C: \temp folder.
5. Navigate to the folder in which you saved the installation media kit.
6. Locate and run the SE TUP.E XE installation executable.

Note: If a us er has the environment variables USERP ROFILE, HOME DRIVE, or HOMEPA TH set to a
network share, you must use special command line paramet ers to ensure that all data directories are
installed locally, thus eliminating issues with net work shares. You can ch eck for these environment
variables by typing ″SET″ at a command prompt. If HOMEDRIVE is not set to C:, you must review this
instruction carefully. For example, if HOMEDRIVE=H: (where ″H″ may be a mapped network drive).

7.    Read the Welcome screen, and then click Next.
8.    Read and accept the license agreement terms, and then click Next.
9.    Enter your user name and organization, choose the ″Multi-user Install″ setting, and then click Next.
10.   Accept the default install directory or specify a different installation directory and click Next.

Note: You must install to a directory that is readable but not writeable by all users.
The default installation directories for a new multi-user install on Windows are listed below:
 Lotus Notes 8.5 product and binary files installation directory -- C:\Program Files\IBM\Lotus\Not es
 Data directory for each user -- C:\Documents and Settings\<user>\Local Settings\Application
Data\Lotus\Notes\data
 Workspace directory for each us er -- C:\Documents and Settings\<user>\Loc al Settings\Application
Data\Lotus\Notes\data\workspace
 Lotus Notes 8.5 Java code installation directory -- C:\Program Files\IBM\Lotus\Notes\framework

11. Select the features and subfeatures to install and click Next. These options include the following:
 Activities -- Select this to install the Activities feature. An activities server is required to use this
feature.
 Sametime (int egrated) -- Select this to install basic IBM(R) Lotus(R) Sametime(R) capabilities such
as chat and live names. A Sametime server is required to use this feature.
 IBM Lotus Productivity Tools -- Select this to install IBM(R) Lotus(R) Productivity Tools including IBM
Lotus Documents, IBM Lot us Presentations, and IBM Lotus Spreadsheets.
 Composite Application Editor -- Select this to install the Composite Application Editor for use with
composite applications.
12. Optionally specify Notes as your default email program, and then click Install.
13. Read the preview screen and click Install to continue or click Back to revise your feature
    selections. The installation proc ess takes several minutes. A security acceptance screen from any
    firewalls you have installed may appear asking for confirmation.



                                                                                                        121
Note: If errors occur and you are installing Lot us Notes 8.5 on a system in which an existing Beta
version of Lot us Notes 8.5 was installed, the existing version may not have been properly uninstalled.

14. When installation is complete, read the summary screen and click Finish to exit the installation
wizard.

Note: If installation is unsuccessful, this screen points you to the install log file. You can see
application icons on the desktop or by clicking Start - All Programs - Lot us Applications. Applications
reside in C:\Documents and Settings\All Users\Start Menu\Programs\Lotus Applications. If you
installed the IBM Lotus Productivity Tools, you can see application icons on the desktop and by
clicking Start - All Programs. Applications reside in: C:\Documents and Settings\All Users\Start
Menu\Programs.

Understanding what was installed
 After install, the Lotus Notes icon is visible by clicking Start - All Programs - Lotus Applications.
 After install, the IBM Lotus Productivity Tool icons, if installed, are visible by clicking Start - All
Programs.
 Desktop shortcuts are created for all use rs in C:\Documents and Settings\All Users\Desktop.
 A shared data directory is created in the following location:
– Microsoft (R) Windows(R) XP: C:\Documents and Settings\All Users\Local Settings\Application
     Data\Lotus\Notes\data
– Microsoft (R) Windows(R) Vista:
     C:\Windows\system32\config\systemprofile\AppData\Local\Lotus\Notes\data
 A data directory and workspace directory is created for each user in the following location:
– Microsoft (R) Windows(R) XP: C:\Documents and Settings\<user>\Local Settings\Application
     Data\Lotus\Notes\data
– C:\Documents and Settings\<user>\Local Settings\Application Data\Lotus\Notes\dat a\workspace

–   Microsoft (R) Windows(R) Vista: c:\users\<user>\AppData\Local\Lot us\Notes\data –
    C:\users\<user>\AppDat a\Local\Lotus\Notes\data\workspace

 Notes classic files are installed in <install_dir>.
 Core IBM(R) Lotus(R) Expeditor files are installed in <install_dir>\framework\rcp.
 Core Eclipse files are installed in <install_dir>\ framework\eclipse.

Running the Notes client on Windows as a user after administrative install
After you install the Notes client, users can log in and run Not es.
1. Log in as a non-administrative user.
2. Start Lotus Notes using the new desktop shortcut or click Start - Lotus Applications - Lotus Notes
    8.5.
3. Respond to Notes setup prompts as they appear.
4. If this is the first time that you have installed or updated to this Lotus Notes release, you should
    update your Lotus Notes mail template and contacts list now. This step is only necessary when
    you first update to this Lotus Notes release. If you uninstall and reinstall Lotus Notes you will not
    need to repeat this step. Replace the design of your Mail and Contacts templates and make sure
    that your location document points to the correct server. For mail, use the Mail (R8) (MA IL8.NTF)
    template. For contacts, use the Personal Address Book (PERNAMES. NTF) template.
a. Click Open - Mail or the Mail tab.
b. Click File - Application - Replace Design.
c. Select the Mail (R8) (MA IL8.NTF) template from the list.
d. Disable the Inherit future design option.
e. Click Replac e and then click OK or Yes in response to any prompts.
f. Close the Mail tab. The new design will appear when you open Mail after restarting the client.
g. Click Open - Contacts or the Contacts tab.
h. Click File - Application - Replace Design.
i. Select the Personal Address Book (PERNAMES.NTF) template from the list.
j. Disable the Inherit future design option.
k. Click Replac e and then click OK or Yes in response to any prompts.




                                                                                                       122
l.  Close the Contacts tab. The new design will appear when you open Cont acts after restarting the
    Lotus Not es client.
5. Close and then restart Lotus Notes. You must restart Lotus Notes after replacing the mail and
contacts template designs.

Using the Multi-user Interface pack
Use the Multi-user Interface Pack to install multiple languages according to the installation type of your
IBM(R) Lotus(R) Notes(R) client. You can us e the Multi-user Interface Pack with multi-user installs and
single user installs.

Notes multi-user installation with the Multi-user Interface Pack
If you have installed a Notes client as a Notes Multi-user installation, the Multi-user Interface Pack
adds language files in a subdirectory of the Multi-user Interface directoryFor ex ample, the UI files are
installed in the directory (*): . C:\Program Files\IBM\Lotus\Notes\MUI\language-iso (*)

Note: The template, modem, and help files are installed in the directory (*) as shown in this
example: C:\Document Setting\All Users\Application Data\Lotus\Data\Shared\mui\language-iso (*) (*)
″language-iso″ is a language identifier. e.g. German is ’de’, French is ’fr’ In a Notes Multi -user install,
when a user starts the Notes client for the first time, the UI and database language are determined by
the user’s OS locale setting. If the locale language files of the Notes client have not been installed, the
UI language of the Notes setup and local databases defaults to English.

Notes single-user installation with the Multi-user Interface Pack
If you have installed a Notes client as a Notes Single-user installation, the Multi-user Interface Pack
adds language files in the directory (*). The UI files are installed in (*) as shown in this example:
C:\Program Files\IBM\Lotus\Notes\MUI\language-iso (*)

Note: (*) ″language-iso″ is a language identifier. For example, German is ’de’, French is ’fr’ The
template, modem, and help files for the language are NOT installed. In a Notes Single-user install, the
UI language of the Notes setup and local databases is the language of the Notes client you have
installed. For more information about IBM Lotus Multi-user Interface Pack installer, see the IBM Lotus
Multi-user Int erface Pack Readme file.


Updating, adding, and removing installed Notes features
You can update, add, or remove existing installed IBM(R) Lotus(R) Notes(R) features using a Lotus
Notes install kit within the same Notes release, for example within Lotus Notes 8.5. You can also use
silent installation to perform this task.

Note: The procedure shown below is the default Lotus Notes installation process. You can customize
what appears on the Notes feature installation screen using the install manifest. You can also use a
silent install and specify options on the command line to cont rol install, update, and remove functions.
1. Start the Notes installation program.
2. When prompted, enter your name and company, and then click Next. If this is a multi -user install,
     ″Multi-user Install″ is shown selected and inactive. If it is a single user install, ″Single us er Install″
     is shown selected and inactive.
3. Choose the feat ures you want to add, upgrade, or remove and click Next.
 Add/Install -- Any feature that was not previously installed is shown selected. You can leave these
features as selected in order to install them.
 Update -- Any feat ure that was installed previously is shown selected. You can leave these features
as selected in order to upgrade them.

Note: For multi-user, the features being upgraded are not removed from disk; they remain but are not
used. For single user, the features being upgraded are removed from disk.
 Remove -- Any feature that was installed previously is shown selected. You can deselect these
features in order to remove them.

Note: For multi-user on Linux(R), features that are selected for removal are dis abled, not actually
removed from disk.




                                                                                                             123
4.   Optionally specify Notes as your default email program and then click Install. 5. Read t he
     installation summary screen and then click Finish.

Running the Notes client as a user after updating, adding, or
removing Notes features
The system processes the new install manifest, for example,
<install_dir>\framework\rcp\deploy\install.xml, for this user upon first launch.
1. Log in as a user.
2. Start Lotus Notes. Starting Lotus Notes now enables the feat ures that were selected for install or
    update and also removes or dis ables the features that were selected for removal.

Automating client installation using a silent install
Automated client installation, otherwise referred to as ″silent install,″ is available for installing IBM
(Lotus (R) Notes (R) on a Microsoft (R) Windows(R) or Linux(R) client. For single user installs on a
Windows client, silent install also supports the three IBM(R) Lotus(R) Domino(TM) clients -- (IBM(R)
Lotus(R) Notes, IBM(R) Lotus(R) Domino(TM) Designer, and Domino Administrator(R) -- Allclient
installation kit. Silent install simplifies end -user installation because it presents few or no installation
options. Read the considerations section of the installation instructions in this guide before installing
Lotus Not es. Silent installation uses a tuner program to create a transform file based on installation
options that you specify when you run the tuner. When a user subsequently runs the silent install, the
specified installation options are applied automatically. For information about using the tuner and
creating trans form files, see the following topics:
 Customizing client installations using the tuner
 Creating a transform file
 Installation options available using the trans form file

Running a silent installation
Silent install is useful for installing Lotus Notes, and optionally the Domino Administrator client and/or
Domino Designer client, without user intervention. The us er can execut e a script or batch file to
perform a complete installation without having to answer any questions or prompts. Command line
options are available and are described below. Running a silent install provides users with default
install options. To customize the silent install, you can use, individually or in combination, install
manifest customization and a tuner transform file.

Lotus Not es installation requires use of an install manifest file INS TA LL. XML, supplied in the Lotus
Notes installation media kit as deploy\install.xml. This file and its contents can be customized to
control which features are installed automatically, which features appear in the feature installation
panel for user selection, and whether features are presented as enabled or disabled by default.

Using a silent install, you can define which features in the install manifest are installed automatically,
by setting the .required. attribute to .true. for each .installfeature. ID you want installed. Features in the
install manifest that have their .required. attribute set to .true. are aut omatically installed.

Note: Also, when installing Lotus Notes using the single user Allclient installation kit on Windows,
Domino Designer and Domino Administrat or follow the settings in the Lotus Notes 8.5 MS I file. The
settings in the MSI file (which affect the feature installation panel) override the settings in the Lotus
Notes install manifest file (deploy\install.xml). To install Domino Designer and/or Domino
Administrator, you must either select them for install using the feature installation panel or specify
them for silent install using the tuner. They will not be installed, even if specified in the
SELECTINS TA LLFEA TURES property, if they are not selected for install as part of the MS I
installation.
Before you begin the silent installation process, perform the following tasks:
 Optionally use the tuner to create a trans form file.
 Determine which feat ures you want installed, open the install manifest INS TA LL. XML, locate the
.installfeature. ID, and set the .required. attribute to .true.. Alternatively, you can specify features for
install using command line arguments.
 Determine the desired installation directory and Not es data directory.
 Determine if the install will be for single or multi-user.



                                                                                                               124
 Ensure that the required hardware and software components are in place and working.
 Read the Release Not es for disk-space requirements and for last-minute changes or additions to the
documentation.
 Temporarily disable any screen savers and turn off any virus -detection software.
 Ensure that all other applications are closed. Otherwise, you may corrupt shared files, and the Install
program may not run properly.
 There is currently no Windows command line option for specifying a single user or multi -user
installation. Default installation occurs for a single user.

Installing to a non-default directory
You can specify a non-default installation directory and Notes dat a directory using PROGDIR and
DA TADIR properties on the command line. For example, for a new user on Windows, Lotus Notes is
installed to C:\Program Files\IBM\Lotus\Notes by default.

To select the desired destination directory, specify each property on the command line. For example, if
you want to install to C:\IBM\Lotus\Not es, use the following command line syntax:

setup /S /V"SELECTINSTALLFEATURES=Activities,Editors PROGDIR=C:\IBM\Lotus\Notes
DATADIR=C:\IBM\Lotus\Notes\ Data /qn"

To use Notes silent installation on Windows
You can specify command line options during silent Notes install on Windows. You must be logged in
as an administrative user or user with elevat ed privileges.

The Allclient installation method, which enables installation of Lotus Notes, Domino Designer, and the
Domno Administrator clients, is not available for multi-us er install; it is only available for single user
installation.

1.  Open a command window.
2.  Change to the directory in which the Lotus Notes installation media kit’s SETUP.E XE file is
    resident.
3. Type the silent installation command. Example commands are provided below. Note that these
    examples do not illustrate use of a trans form file.
 Use this format to run the install in silent mode, using default values, without a progress bar:
setup.exe /s /v"/qn"

Note: For example, this command installs Notes to the single user default C: \Program
Files\IBM\Lotus\Notes directory and Notes dat a folders and files to the C:\Program
Files\IBM\Lotus\Notes\data directory. When installation is complete, the shortcut icon(s) appears on
the desktop.
 Use this format to display a message when the installation is complete or it has failed. Use the +
parameter as follows:
setup.exe /s /v"/qn+"
 Use this format to display a progress bar during the installation, in addit ion to displaying the
message indicating that the installation is complete or it has failed:
setup.exe /s /v"/qb+"
 Use this format to specify the install manifest features to install using the command line. Obtain the
″installfeature″ ID syntax from the Lotus Notes install manifest (deploy \install.xml). To install any of
these features, include the feature ID value in the ″SELECTINS TA LLFEA TURES″ property on the
command line as shown below. Specify comma -separat ed feature names in quotes as follows. Note
the placement of the quote, equal sign, and space characters.
setup /s /v"SELECTINSTALLFEATURES=Activities,Sametime,
Editors,CAE /qn"
Note: Each feat ure in the Lotus Notes install manifest whose ″required’ attribute is set to ″true″ will be
installed, regardless of whether it is specified in the command line in the SELE CTINS TALLFEA TURES
statement.

To pass a parameter that contains intervening spaces, such as a directory path, enclose the
parameter in quotes using a backslash quote sequence as follows:
setup /s /V"SELECTINSTALLFEATURES=Activities,Editors



                                                                                                        125
PROGDIR=\"C:\Program Files\Lotus\Notes\"
DATADIR=\"C:\Program Files\Lotus\Notes\Data\" /qn"

Specify as few or as many feature IDs on the command line as desired.

To use Notes silent installation on Linux
You can specify these command line options when running a Lot us Notes silent install on Linux(R).
You must be logged in as a root user.
1. Open a command window or shell.
2. Change to the directory in which the Lotus Notes install kit’s setup.sh file is resident.
3. Type the silent installation command as shown in this example: The following entry specifies that
   the command will run in silent mode. - silent

The following entry sets the variable to accept the license agreement panel.
-V licenseAccepted="true|false"

The following entry sets the install location for Notes client. The value must not contain an ending
slash symbol (\).
-P installLocation="<location>"

The following entry sets the list of optional install features that can be installed.
-V selectInstallFeatures="<list of comma separated install feature ids>"

This argument overrides all install feature ″default″ attributes in the install manifest. If you use this
argument, only the install features listed in the argument and the ″required″ install features are
installed/selected.
-V removeInstallFeatures="<list of comma separated install feature ids>"

This sets the list of optional install features that can be removed on upgrade. In the following example,
the Lotus Notes installer is run silently so that all ″installfeature″ IDs in the install manifest whose
″required″ attributes are set to true are installed and the license agreement is accepted without
prompting. You must minimally use these command line parameters to run Not es silent install on
Linux.
setup.sh -silent -V licenseAccepted="true"


Providing a batch file for installing the Notes client
Creating and then providing a batch file that execut es the command to perform a silent install is
convenient for users. Users can easily install the IBM(R) Lotus(R) Notes(R) client by running the batch
file.

Create a batch file
To create a batch file, perform the following steps:
1. Open a text editor.
2. Type the desired silent install command syntax in the edit window: An example is shown below.
     setup /S /V"/qn"
3.   Save the file using a .bat file extension in the name, for example BA TCHINS TA LL.BA T. Save t he
     file in the same directory that contains the installation image (the directory in which the Lotus
     Notes install setup.exe or setup.sh resides). For information about command line syntax options,
     see Automating client installation.

Run the Notes silent install using a batch file
To run a Lotus Notes silent install using the batch file, perform the following steps.
1. Navigate to the installation image directory (the directory in which the Lotus Notes setup.ex e or
    setup.sh resides ).
2. Locate the batch file, for example BATCHINS TALL.BAT.
3. Run the batch file by double-clicking on the .bat file name, for example BA TCHINS TALL.BA T.

Sample batch file content containing a transform file
msiexec /i "Lotus Notes 8.5.msi" TRANSFOR MS="custom.mst"




                                                                                                            126
Providing command line utilities for installation
Provide command line utilities so that users can install one or more clients on their workstations. This
table presents sample command line utilities that you can modify to suit your needs.

Type of install                                        Sample command line utility
Transform                                              install msiexec /i ″Lotus Notes 8.5.msi″
                                                       TRANSFOR MS=″custom.mst″
Transform silent install                               msiexec /i ″Lotus Notes 8.5.msi″ /qn
                                                       TRANSFOR MS=″custom.mst″
Silent install with fail/success prompt                msiexec /i ″Lotus Notes 8.5.msi″ /qn+
Silent install                                         setup.exe /s /v″/qn″
Verbose logging                                        setup.exe /v″/L* v c:\temp\install.log


Setting up Notes with a scriptable setup
The scriptable setup option uses a setting in the NOTES. INI file to provide information to the client
setup wizard. During installation, the wizard displays only those panels that users need to set up the
IBM(R) Lotus(R) Notes(R) client. The NOTES.INI setting ConfigFile= points to a text (.TXT) file that
contains the parameters that the wizard needs. The wizard reads the text file and completes the se tup.
The user is able to bypass the wizard screens for which parameters have been provided by the text
file.

The settings and parameters that you can use in the text file are listed in this table:

Setting                                                Description
Username                                               User’s hierarchical name -- for example, John
                                                       Smith/Acme
KeyfileName                                            Directory path to the user’s ID file name --for example,
                                                       c:\program files\lotus\notes\data\jsmith.id
Domino.Name                                            Domino server in the same domain as the user name.
                                                       You do not need to enter a hierarchical name.
Domino.Address                                         An address for the IBM Lotus Domino server, such as
                                                       the IP address of the server, if needed, to connect to
                                                       the server. For example, server.acme.com or
                                                       123.124.xxx.xxx
Domino.Port                                            Port type, such as TCPIP
Domino.Server                                          1 to connect to the Domino server, 0 for no connection
AdditionalServices                                     1 forces display of the ″Additional Services″ panel even
                                                       if sufficient information is provided for these services;
                                                       the Additional Services panel lists Internet, proxy, and
                                                       replication settings.
AdditionalServices.NetworkDial                         To configure a network dialup connection to Internet
                                                       accounts created via Additional Services dialog box
Mail.Incoming.Name                                     Incoming mail account name, a friendly name used to
                                                       refer to these settings
Mail.Incoming.Server                                   Incoming mail (POP or IMAP) server name.
Mail.Incoming.Protocol                                 1 for POP; 2 for IMAP.
Mail.Incoming.Username                                 Mail account user name or login name.
Mail.Incoming.Password                                 Mail account password.
Mail.Incoming.SSL                                      0 to disable; 1 to enable the SSL protocol for incoming
                                                       Internet mail.
Mail.Outgoing.Name                                     Outgoing mail account name, a friendly name used to
                                                       refer to these settings.
Mail.Outgoing.Server                                   Outgoing mail (SMTP) server name
Mail.Outgoing.Address                                  User’s Internet mail address, such as user@isp.com
Mail.InternetDomain                                    Internet Mail domain name such as isp.com
Setting                                                Description
Directory.Name                                         Directory account name, a friendly name used to refer
                                                       to these settings
Directory.Server                                       Directory (LDAP) server name
News.Name                                              News account name, a friendly name used to refer to
                                                       these settings
News.Server                                            News (NNTP) server name
NetworkDial.EntryName                                  Name of remote network dialup phone book entry



                                                                                                            127
NetworkDial.Phonenumber   Dial-in number
NetworkDial.Username      Remote network user name
NetworkDial.Password      Remote network password
NetworkDial.Domain        Remote network domain
DirectDial.Phonenumber    Phone number of Domino server

DirectDial.Prefix         Dialup prefix, if required. For example, 9 to access an
                          outside line.
DirectDial.Port           COM port to which the modem is connected
DirectDial.Modem          File specification of modem file
Proxy.HTTP                HTTP proxy server and port -- for e xample,
                          proxy.isp.com:8080
Proxy.FTP                 FTP proxy server and port -- for example,
                          proxy.isp.com:8080
Proxy.Gopher              Gopher proxy server and port -- for e xample,
                          proxy.isp.com:8080
Proxy.SSL                 SSL proxy server and port -- for example,
                          proxy.isp.com:8080
Proxy.HTTP                Tunnel HTTP tunnel proxy server and port -- for
                          example, proxy.isp.com:8080
Proxy.SOCKS               Socks proxy server and port -- for example,
                          proxy.isp.com:8080
Proxy.None                No proxy for these hosts or domains
Proxy.UseHTTP             Use the HTTP proxy server for FTP, Gopher, and SSL
                          security proxies
Proxy.Username            User name if logon is required
Proxy.password            User password
Replication.Threshold     Transfer outgoing mail if this number of messages held
                          in local mailbox
Replication.Schedule      Enable replication schedule
IM.Server                 IBM Lotus Instant Messaging server name required
                          unless you have set the NOTES.INI variable
                          IM_NO_SETUP= 1. To use this NOTES.INI variable,
                          you must also use InstallShield Tuner which is included
                          on the Notes/Domino CD.

                           When this variable is set to 1, the IM Configuration
                          dialog box does not display during new client setup or
                          client upgrade, and all IM variables in a scriptable client
                          setup are ignored. If the user wants to configure IM,
                          they can leave the NOTES.INI variable out of their
                          NOTES.INI file or set it to 0 (IM_NO_SETUP=0).
IM.Port                   IBM Lotus Instant Messaging server port (any positive
                          number)
IM.ConnectWhen            (Optional setting) Defines when to connect to IBM Lotus
                          Instant Messaging:
                           0 -- At Notes login (default)
                           2 -- Manually
IM.Protocol               Use one of these:
                           0 -- Directly to IBM Lotus Instant Messaging server
                           1 -- Directly to IBM Lotus Instant Messaging server
                          using HTTP protocol
                           2 -- Directly to IBM Lotus Instant Messaging server
                          using IE HTTP settings
                           3 -- Use a proxy
Setting                   Description
IM.ProxyType
                          Required if IM.Protocol is set to 3. Use one of these:
                           0 -- SOCKS4 Proxy
                           1 -- SOCKS5 Proxy
                           2 -- HTTPS Pro xy
                           3 -- HTTP Pro xy
IM.ProxyServer            Required if IM.Protocol is set to 3. Name of IBM Lotus
                          Instant Messaging proxy server
IM.ProxyPort              Required if IM.Protocol is set to 3. Port of IBM Lotus



                                                                                128
                                                         Instant Messaging proxy server (an y positive number)
IM.ServerNameResolve                                     Only used if IM.Pro xyType is 1 (SOCKS5) but it is not
                                                         required. Use one of these values:
                                                          0 – Disable IM.ServerNameResolve
                                                          1 -- Enable IM.ServerNameResolve
IM.ProxyUsername                                         Required if IM.Protocol is set to 3 and IM.Pro xyType is
                                                         not SOCKS4


Sample scriptable setup file
This is a sample scriptable setup file for a LAN connection. All options are used in this sample file.
Username = Joe Employee
KeyFileName=G:\shareddrive\userid\jemployee.id
Domino.Server=1
Domino.Name=servername/domain (For example, server1/sales/enterprise)
Domino.Port=TCP/IP
IM.Server=servername.misc.domain.com
IM.Port=12345
IM.ConnectWhen=2
IM.Protocol=3
IM.ProxyType=2
IM.ProxyServer=sametimeproxy.domain.com
IM.Port=12345
IM.ConnectWhen=2
IM.Protocol=3
IM.ProxyType=2
IM.ProxyServer=sametimeproxy.domain.com
IM.ProxyPort=789
IM.ServerNameResolve=0
IM.ProxyUsername=joeemployee
AdditionalServices=0
Mail.Incoming.Protocol=2
Mail.Incoming.Name=INCOMING INET MAIL
Mail.Incoming.Server=servername.m isc.domain.com
Mail.Incoming.Username=jemployee
Mail.Incoming.Password=xyz123
Mail.Incoming.SSL=0
Mail.Outgoing.Name=OUTGOING INET MAIL
Mail.Outgoing.Server=servername.misc.domain.com
Mail.Outgoing.Address=joeemployee@domain.com
Mail.InternetDomain=misc.domain.com
AdditionalServices.NetworkDial=1
NetworkDial.EntryName=TEST 1 Dial-up Connection
NetworkDial.Username=jemployee
NetworkDial.Password=xyz123
NetworkDial.Phonenumber=area code-phone-number (For example, 508-123-4567)
NetworkDial.Domain=domainname
News.Name=NEWS SERVER ACCOUNT
News.Server=server.domain.com
Directory.Name=LDAP DIRECTORY SER VER ACCOUNT
Directory.Server=name.misc.domain.com
Proxy.UseHTTP=0
Proxy.HTTP=pro xy.domain.com:8080
Proxy.FTP=proxy.fake.com:8080
Proxy.Gopher=proxy.fake.com:8080
Proxy.SSL=proxy.fake.com:8080
Proxy.SOCKS=proxy.domain.com:1080
Proxy.HTTPTunnel=proxy.domain.com:8080
Proxy.None=domain.com
Replication.Threshold=3 Replication.Schedule=1


Installing the Domino clients in a shared network directory
As an administrator, you can offer a shared network installation to your users. In a shared network
installation, all program files are installed on a file server and the users’ dat a files reside on their local
workstations.




                                                                                                              129
Note: Shared net work install is not supported in IBM(R) Lotus(R) Notes (R) 8. Shared network install of
Lotus Not es 8.5 basic configuration remains available. During the installation of the net work image, all
program files for IBM(R) Lotus(R) Notes(R), IBM(R) Lot us(R) Domino(TM) Administrator, and IBM(R)
Lotus(R) Domino(TM) Designer are installed. To run Lotus Notes, Domino Administrator and Domino
Designer client installs from one set of program files on a file server, create multiple trans form files.

Note: To perform a shared installation and run the trans form file, end-users must have the
Microsoft (R) Windows(R) Installer service on their workstations. After you install the program files to a
directory on a server, users can run a shared version of the software, thereby saving on disk space
usage. However, if the server is unavailable, users cannot run Notes. When users install Notes from
this directory, only the data files (DESKTOP.DSK, BOOKMARK. NTF, and all local dat abases ) are
copied to their workstations. The program files remain on the server, where they are shared among all
users. As users run Notes, the program files are read into memory on their workstations. Assign to
those users who install Notes client software from the file server ″Read″ access to the directory
containing the files.

Note: Set the access to the administrator image on the network to ″Read Access″ -- that is the only
supported access. Multi-user installation is neither supported in a shared file configuration nor
available for use on Macintosh computers.

Upgrading shared installations
Do not attempt to upgrade over existing network image files. To upgrade an existing network image,
delete all files in the existing network image and install the new net work image files to the same
location.

To set up the shared network installation
1.   Before you begin this installation process, do the following:

Note: Shared net work install is not supported in Lotus Notes 8.5. Shared network install of Lotus
Notes 8.5 basic configuration remains available.
 Make sure that the required hardware and software components are in place and working.
 Read the Release Not es for disk-space requirements and for any last-minute changes or additions to
the documentation.
 Temporarily disable any screen savers and turn off any vir us-detection software.
 Make sure that all other applications are closed. Otherwise, you may corrupt shared files, and the
Install program may not run properly.

2.   Log on as administrator on the drive on which you are installing the program files.
3.   From the command line, use this syntax to run setup and create the administrator image on the
     network:
E:\path to install kit\setup /A

In this example, drive E repres ents the drive on which the client installation files are located, which is
usually the drive letter of the CDROM drive containing the Domino CD. The /A creates the
administrator image on the net work.

4.   Enter the name of the directory that will store the installed files. By default, this directory is the first
     network drive accessible from your wo rkstation. To specify a net work drive and directory other
     than the default, click Change.
5.   Click Install. Every client option is installed. A directory structure that is useable and
     understandable by the operating system is created. Users can run the install program directly from
     this directory structure that you provide using the Lotus Notes 8.5.msi file created in the root of the
     directory structure.
6.   Create a transform file for the installation of the end user’s local data files.

After successfully installing all client files to a shared directory on the net work, you can instruct users
to use the trans form file to install the client on their own workstations.

For information about creating a transform file, see the topic ″Creating a transform file″ in this chapter.



                                                                                                             130
Enabling and using third-party feature installation and update in
Notes
This release of IBM(R) Lotus(R) Notes(R) enables you to extend the Notes experience using custom
or third-party Eclipse features and plug-ins and composite applications. This section contains the
following topics:
 Creating custom or third-party features
 Signing custom or third-party features and plug-ins for install and update
 Installing and updating custom and third-party features and plug-ins – Installing a new feature using
the Notes install manifest – Enabling user-initiated update – Creating and using a traditional third-party
installer – Creating and using an NSF-based update sitev Configuring component update for
composite applications

Creating custom or third-party features
You can learn to create custom or third-party features for use with IBM(R) Lotus (R) Notes (R) using
these and other resources. For information about using the IBM(R) Lotus(R) Expeditor to creat e
applications and start Notes from the Expeditor int egrated development environment (IDE), see the
following res ourc es at http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/index.jsp:
 ″Welcome to Developing Applications for Lotus Expeditor″ at:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.help.ic.doc/wed_welcome_ic.html
 ″Using the Lot us Expeditor Toolkit environment with Lot us Notes 8.5″ at:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/intro_xpdtkenvl
otusnotes.html

For additional information and examples, see the IBM developerWorks site at
http://www.ibm.com/ developerworks/lotus/community/.

For general information about Eclipse features and plugin-ins, see http://www.eclips e.org.

Signing custom or third-party features and plug-ins for install and
update
Eclipse plug-ins can be created and us ed to extend IBM(R) Lotus(R) Notes(R) client functionality.
Plug-ins are provisioned wit h the client software. They are ordinarily signed with a certificate that is
trusted by Notes clients and which verifies that they contain secure data.

Plug-ins are typically signed by the developer or the build room depending on how the plug -ins are
built. JAR signing is a standard process and many tools exist to do this. You can sign features and
plug-ins either by using the JarSigner tool included in the Java(TM) Development Kit (JDK ) or by using
a third-party tool, such as the Plugin Development Environment (PDE ) in Eclipse. Certificates used in
jar signing can be obtained from many of the well known certificate authorities (CA).

When you install and deploy new custom or third-party features and plug-ins for Not es installation, you
can add your own certificates to a keystore so that the signed features are trusted during install and
update from the media kit.

Features are checked for trust during initial and update provisioning. If Lotus Notes is already installed,
features are checked during runtime provisioning -- either during traditional third-party install or user-
initiated update.
 Install time provisioning - The Notes installer installs and initially provisions new or updated feat ures
from the install kit’s update site UPDA TES ITE. ZIP. During this initial provisioning, trust is based on the
Java keystore file in the Lotus Not es install media kit’s ″deploy″ directory. This keystore contains the
IBM code signing certificate. By default, only features and plug-ins that are signed with this certificate
will be installed.
 Runtime provisioning - Notes is running and provisioning is initiated manually by the end user or
programmatically based on a scheduled criteria. During runtime provisioning, the Notes keystore
determines trust for the feat ures being downloaded. This keystore contains the IBM code signing
certificate, and by default only plug-ins that are signed with this certificat e are installed.




                                                                                                            131
The items in the Notes install media kit’s update site zip file must be signed, including custom or third -
party feature and plug-in JA R files. The provisioning process seeks to verify the signat ure. This allows
administrators and users to control and validate the signed code being downloaded to the client. If you
have digit ally signed the features to install or update, the provisioning system does the following:
 Displays errors about unt rusted cont ent as a post-install summary
 Provides a consistent user int erface for handling trusted and untrusted content during runtime
provisioning based on policy settings.

Note: There is no user interface for prompting during initial Notes install.
 Makes trust decisions based on managed policy settings so that you can override default settings
and manage policy settings from a server.

Signing and adding new features to the install kit
If you create new Eclipse features, you can sign them in prepar ation for install and update using a
code signing certificate obtained from a certification authority. When signed and properly resident in
the install media kit, the features can be installed if the code signing certificate is included in the media
kit keystore. If the code signing certificate is not a trusted file, you can modify the install signature
verification policy to allow for installing signed but untrusted content. Signing your custom or third -party
Eclipse features accomplishes the following:
 Allows you to dictate the policy settings to determine what kind of signed/unsigned content can be
downloaded from an allowed Eclipse update site
 Allows you to modify the default policy used by the signature verification code at install and update
time by using IBM(R) Lotus(R) Domino(TM) policy or by setting preferences in the
PLUGIN_CUS TOMIZA TION.INI file in the install media kit
 Based on administrat or settings, allows users to make trust decisions based on the certificate details
that were used to sign a feature on the update site
 Prevents corrupted signed content from being installed and provisioned A fter you have created and
signed new Eclipse feat ures and plug-ins, you can control the response to untrusted content during
feature install and update. To add new features to the Lot us Notes installer do the following:

1.   Build and create JAR files for new custom or third -party feat ures and plug-ins for use in an Eclipse
     update site. Use the JRE’s JarSigner tool, Eclipse, or other third-party tool.
2.   Sign the new custom or third-party feat ure and plug-in JA R files.
3.   Add the certificate to the Notes install media kit’s deploy \.keystore.JCEKS.IBM_J9_VM.install file
     using the Key Tool program included with the JVM or other third-party tool.

Note: Add the certificate(s) used to sign the JAR files to the file(s) beginning with ″.KEYSTORE″ in the
deploy directory of the Lotus Notes install media kit.

Note: The Notes Keystore, which is used for manual update, does not currently include a cross
certificate for the IBM code signing certificate. Only the .KEYSTORE file contains this certificate, and it
is only used for install and upgrade.

4.   Add the signed features and plug-ins JAR files to the Not es install kit’s update site
     (updateSite.zip\features and updateSite.zip\plugins ).
5. Modify the Notes install kit install manifest (deploy \install.xml) and the update site registry
     (updateSite.zip\site.xml) to include the new feature(s).
6. Use the Domino Administrator to set the default signature verification policies to be used by the
     Notes client using the Security Settings - Signed Plugin page.
Note: If you are updating using the install media kit, Domino policy takes precedent over settings that
reside in the Not es install media kit deploy\pluginc ustomization.ini fil e. Domino policy does not affect
the initial install.

7.   Test the installer by running the Lotus Notes installer setup.exe (Mic rosoft(R) Windows(R)) or
     setup.sh (Linux(R)).
8.   Deploy or make available to users, the install kit, including the keystore that you updated in the
     install kit’s deploy directory.

Note: If you are adding the new features to an update site, place the update site content and deploy
folder content wherever the update is to be made available. When performing a runtime update, the


                                                                                                          132
Notes keystore is used for determining trust. This requires an Internet cross -certificate for the code
signing certificate to exist in the personal address book. Based on the policy settings set by the
administrator, the user can be prompted if the code signing c ertificat e is not trusted by the Not es trust
store.

Using the plugin_customization.ini file to verify trust
You can use the IBM(R) Lotus(R) Notes(R) install media kit’s deploy \plugin_customization.ini file to
call a named keystore and instruct the installer how to respond to features and plug-ins that are
expired or not yet valid, unsigned, or signed by an unrecognized certificate authority. You can modify
the following settings in the Notes install media kit deploy \plugincustomization.ini file to establis h
responses during install and updat e:
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=PROMPT
com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=PROMPT
com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=PROMPT

Note: If you are updating using the install media kit, IBM(R) Lotus(R) Domino(TM) policy takes
precedent over settings that reside in the Notes install media kit deploy \plugincustomization.ini file.
Domino policy does not affect the initial install.

By default the Lotus Notes installer uses only the keystore in the deploy directory to make trust
decisions. If you want to trust any certificate issued by a well known certification authority, add the
following statement to the install media kit’s deploy \plugin_customization.ini file as below.

Note: This instructs the media kit installer to verify trust in code signing certificates using the JRE
CACE RTS file, which contains the certificates for all well known roots. Using this setting will
compromise the security of the installer, since any one with a valid certificate can modify the
code. com.ibm.rcp.security.update/TRUST_CERTIFICATE_ AUTHORITIES=true #(default is false) The three
settings that govern how the res ult of signature verification is interpreted are as below:
 ALLOW -- Install the feature.
 PROMP T -- P rompt the user and let them decide what to do. In the case of untrusted, the us er can
choose to start trusting the certificate by adding it to the keystore. Note that during Lotus Notes
installation, PROMP T = DE NY, because e installation program does not prompt the user for this
information.

 DENY -- Don’t ask the user and don’t install the feature.

EXPIRED_SIGNATURE_POLICY
The E XP IRED_SIGNA TURE_POLICY setting defines the default behavior when provisioning
encounters a JAR file that is signed but the certificate used to sign the jar file has expired. The
available values are PROMP T, ALLOW, and DENY. For the initial install, PROMP T= DENY because
there is no us er interface for this function. The P ROMP T function is recognized by Not es upgrade.

Note: For any install or upgrade performed using an install media kit, PROMPT= DENY. The following
example allows JAR files with expired signatures to be installed or updated:
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=ALLOW

UNSIGNED_PLUGIN_POLICY
The UNS IGNED_PLUGIN_POLICY setting defines the default behavior when provisioning encounters
an unsigned JA R file. The available values are P ROMP T, ALLOW, and DE NY. For the initial install,
PROMP T=DE NY bec ause there is no user interfac e for this function. The PROMP T function is
recognized by Notes install and upgrade. The following example allows unsigned JA R files to be
installed or updated: com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=ALLOW

UNTRUSTED_SIGNATURE_POLICY
The UNTRUS TE D_S IGNA TURE _POLICY setting defines default behavior when provisioning
encounters a JAR file that has been properly signed, but no matching certificate exists in the keystore.
The available values are PROMP T, ALLOW, and DE NY. For media kit install and upgrad e,
PROMP T=DE NY bec ause there is no user interfac e for this function. The following example does not
allow untrusted JA R files to be installed or updated. If the Not es installer enc ounters an untrusted




                                                                                                           133
signature during initial Notes install, it exits the install with an error.
com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=DENY


Using Domino policy to verify trust
Occasionally, during IBM(R) Lotus(R) Notes(R) install or update, a security problem is encountered for
a feature or plug-in. Either a JAR file is unsigned, not signed with a trusted certificate, or the certificate
has either expired or is not yet valid. You can establish a policy for never installing these plug -ins,
always installing them, or asking us ers to decide at the time the plug-in is installed on their
workstations.

Note: If you are updating using the install media kit, IBM(R) Lotus(R) Domino(TM) policy takes
precedent over settings that reside in the Notes install media kit deploy \plugincustomization.ini file.
Domino policy does not affect the initial install. To configure a policy for signed Eclipse plug-ins,
complete the following fields on the Domino Administrator client Signed Plugins tab. The options for
each of the following fields are to ask the user, never install, or always install.

 Installation of plug-ins that are expired or not yet valid
 Installation of unsigned plug-ins
 Installation of plug-ins signed by an unrecognized entity


Installing and updating custom and third-party features and plug-
ins
After you have created or obtained a new third-party or custom Eclipse-based feature and set of plug-
ins, you have four ways to install it for your IBM(R) Lotus(R) Notes(R) users.
 Using the supplied install manifest and update site during Notes installation and upd ate You can
customize the supplied Lotus Notes install media kit to add your own features and plug-ins to the
install manifest and update site folder. This is ideal if the new feature is available when you are ready
to install a Lotus Notes release and you want to install it when you install or upgrade to Lotus Notes.
This applies to installation only.
 Using a traditional third-party installer after Notes installation You create an install manifest and
update site folder containing the feature and plug -in JA R files for the new feature. You can distribut e
the installer to deployers or users so that they can perform their own installation, or you can install
Notes for them. This is ideal if you want to make a new feature available to users who already have
Lotus Not es installed.
 Enabling user-initiated update after Notes installation You can enable user -initiated update of certain
features or composite applications. This is ideal if you want to make a new or updated feature
available at an updat e site and allow users to fetch the feature from that site. This can be used in
conjunction with an Eclipse update site or NSF -based update site.
 Using a composite application and/or Notes update site database after Notes installation You can
use composite applications alone or wit h an NSF -based update site to install or update custom or
third-party features.

Creating features and plug-ins
Regardless of how you make third-party or custom Eclipse-based features and plug-ins available for
Notes installation or update, you must first create or obtain the feature, create an install manifest to
describe what is to be installed and place the new features and plug -in JAR files correctly in an update
site directory along with a site index. Tools such as the IBM(R) Lotus( R) Expeditor int egrated
development environment (IDE) help automat e the Eclipse feature development process for you. You
should also specify feature and plug-in security settings for signing, and can specify additional
information such as a list of valid sites from which to obt ain install and update information, and some
security settings, using a PLUGIN_CUS TOMIZA TION. INI file.

Signing features and plug-ins
Prior to making a new third-party or custom Eclipse-based feature available for Lotus Notes installation
or update, you must correctly sign the feature. Once signed, you must also include signing information
in the PLUGIN_CUS TOMIZA TION.INI file that accompanies the install manifest.




                                                                                                          134
Installing a new feature using the Notes install manifest Enabling
user-initiated update
To allow users to install or update custom or third-party Eclipse features and plug-ins into an existing
IBM(R) Lotus(R) Notes(R) installation, you can enable display of the Eclipse update manager user
interface. By default, the Eclipse update manager is not displayed. You can enable this user int erface
option using either an IBM(R) Lotus(R) Domino(TM) desktop policy or a
PLUGIN_CUS TOMIZA TION.INI file setting.

Enabling user-initiated update using a Domino desktop policy
You can enable users to manually install or update custom or third-party features from an update site
by setting a Domino desktop policy, as described below.
1. Using the IBM(R) Lotus(R) Domino(TM) Administrator client, open the Desktop policy settings
     document.
2. On the Basics tab, locate the Provisioning section at the bottom of the document.
3. In the Allow user to do user initiated updates field, click Enable to allow user-initiated updates or
Disable to prevent user-initiated updates. Once this setting is resident, users can access the Eclipse
update manager from within Lotus Not es by clicking File - Application - Install. Information about using
the update manager is available in the Notes help. This setting overrides the us er-initiated update
setting that may reside in the PLUGIN_CUS TOMIZA TION.INI file.

Enabling user-initiated update using a plugin_customization.ini setting
You can enable user-initiated update in the plugin_customization file either before or after Notes
install.

To expose the Eclipse update manager in Lotus Notes, add the following line to the user’s
PLUGIN_CUS TOMIZA TION.INI file (<install_dir>/ framework/rcp/plugin_customization.ini) and then
restart Notes.
com.ibm.notes.branding/enable.update.ui=true
Once this statement is resident, users can access the Updat e Manager from within Lotus Notes by
clicking File - Application - Install. Information about using the update manager is available in the
Notes help.

This setting is overridden by Domino desktop policy.

Note that if this setting is resident in the PLUGIN_CUS TOMIZA TION.INI file in the Lot us Notes install
media kit (deploy\plugin_customization.ini) when Lotus Notes is installed, the preferenc e will be
available automatically to the Lotus Not es user.

Creating and using a traditional third-party installer
Using the underlying Lotus(R) Expeditor platform, developers, assemblers, and deployers can create,
assemble, and then deploy custom and third-party features to the IBM(R) Lotus (R) Not es(R) runtime
to add new features after Lotus Notes has been installed.

While this process describes how to customize the install manifest and update site to prepare to install
Lotus Not es, the information can be useful as you create the third-party installer and install custom or
third-party features into an existing Not es runtime.

Assumptions and prerequisites
Assumptions and prerequisites are as follows:
 A team consisting of a developer, assembler, and deployer has created a new Eclipse feature or
feature set. The team is preparing to create a third-party installer that will deploy that feature or feature
set into an existing Notes 8.5 runtime.
 You have a working knowledge of Eclipse feature development and deployment practices, including
file and format conventions.
 You have a general knowl edge of Lot us Expeditor development and deployment practices.
 Lotus Notes 8.5 is already installed on the platform -supported clients to be provisioned.




                                                                                                         135
 The feature or feature set to be installed adheres to the standard Eclipse file and directory stru ctures
for the deploy directory whic h contains the install manifest INS TALL. XML and
PLUGIN_CUS TOMIZA TION.INI files.
 The feature or feature set to be installed adheres to the standard Eclipse file and directory structures
for the update site directory containing the features and plugins subdirectories and the site index
SITE. XML file.
 You have signed all JAR files in the Eclipse update site.
 The choice of single user or multi-us er install has been decided.

Process overview
This procedure uses a combination of existing Lotus Expeditor and Lotus Notes documentation to
describe the process for creating a third -party installer. Each step may contain one or more links to
topics in which you will find information about how to complete the step. The overview steps for
creating and deploying a traditional third-party installer within the context of Lot us Expeditor and Lotus
Notes 8.5 are:
1. Create the new feature using the Expeditor integrate development environment (IDE). This tool
    creates the Eclipse update site, including the updat eSite\features subdirectory contents,
    updateSite\plugins subdirectory contents, and updateSite\site.xml index file. Although you can
    create the feature or feat ure set using any Eclipse tools, the Expeditor IDE helps prepare the
    update site for you.
2. Sign the JA R files in the update site.
3. Create the install manifest file in the deploy directory, deploy \install.xml.
4. Determine where the Notes 8.5 <install_dir> \framework is located on the target system. For
    example, the Notes 8 <install_dir>framework directory may be Programs and
    Files\IBM\Lotus\Notes\data\ framework.
5. Create a new PLUGIN_CUS TOMIZA TION.INI file in the deploy directory,
    deploy\plugin_customization.ini. Read the existing PLUGIN_CUS TOMIZA TION. INI on the target
    system to help determine what preferences to add to your new installer’s
    PLUGIN_CUS TOMIZA TION.INI file.

6.   Merge your new PLUGIN_CUS TOMIZA TION.INI file with the installed
     PLUGIN_CUS TOMIZA TION.INI on the target client.

7.   Start Lotus Notes 8.5.

8.   Process your install manifest, deploy\install.xml, to install the new feature or feature set to the
     existing Notes 8.5 runtime on the target system. You can do this using the rcplaunc her tool or you
     can bundle the new installer in a media kit. The steps above are explained bel ow and, where
     possible, contain links to explanatory help.

The steps above are explained below and, where possible, contain links to explanat ory help.

1.   Create the feature, for example, using the Lotus(R) Expeditor integrated development
     environment (IDE). For more information, see the following resources:
 Developing applications:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.appdev/designingapp
s_main.html
 Using the Lotus Expeditor Toolkit environment with Lotus Notes 8.5:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.appdev/intro_xpdtken
vlotusnotes.html
 Packaging applications for deployment:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/ Deployingappli
cations.html
2. Create or confirm the features and plug -ins content in the update site. If you used the Expeditor
     IDE, the feat ures and plugins subdirectories and their JAR file contents should already exist.
3. Create or confirm the S ITE. XML ind ex in the update site. If you used the Expeditor IDE, the
     SITE. XML index should already exist.
4. Sign the feature and plug-in JA R files in the update site.




                                                                                                        136
5.   Create a PLUGIN_CUS TOMIZA TION. INI file and add any additional settings that you need. For
     example, you might specify the name of a default update server. Ensure that this file resides in
     your deploy directory, deploy\plugin_customization.ini.

Note: Your third-party installer should merge its PLUGIN_CUS TOMIZA TION. INI file with the
PLUGIN_CUS TOMIZA TION.INI file resident on the target client
(<install_dir\framework\plugin_customization.ini). You can use the site registry to determine where
Lotus Not es 8.5 is installed on the target client. To do so, click Start - Run - regedit and then click
Software - Lotus - Notes - 8.5. The Dat aPath value states where Lot us Notes 8.5 is installed.

6.   Create and validate the install manifest INS TALL. XML to be used during third -party install. Ensure
     that this file resides in your deploy directory, deploy \install.xml. The install manifest describes what
     to install, update, or remove. For more information, see the following resources:
 Assembling and Deploying Lotus Expeditor Applications:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/ cutlassassemb
linganddeploying.html
 Using the provisioning manifest:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/provisioningma
nifest_using.html
 Provisioning manifest DTD:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/manifestDTD.h
tml 7. Perform a Merge Manifest operation. For more information, see the following res ources:
 Deploying feat ures to the platform:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic /com.ibm.rcp.tools.doc.admin/Deployingfeatu
restotheplatform. html
 Understanding the merge processing for the provisioning manifest:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/provisioningma
nifest_understandingmerging.html

Note: Scenario 5 and 6 are the most applicable for Lotus Notes 8.5.

8. Determine where the Lotus Notes 8.5 runtime is located on the target system and start Lotus Notes
8.5.

Note: Before you can install, you must know where the Lotus Notes 8.5 platform resides on the target
system. Use the site registry to determine where Lotus Notes 8.5 is installed on the target client. Click
Start - Run - regedit and then click Software - Lot us - Notes - 8.5. The DataPath value states where
Lotus Not es 8.5 is installed.

9.   Deploy the new features to the Lot us Notes 8.5 runtime and launch provisioning. You can use the
     rcplauncher command to process the install manifest and initiate install. You can also optionally
     package the third-party installer in an installation media kit and initiate installation from that media
     kit. For more information, see the following resources:
 Using the Provisioning application:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/provisioning ap
psyntax.html

Note: Lotus Expeditor does not currently display a progress bar during install.
 Managing using another management system:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/managingusin
ganothermanagementsystem.html
 Using the Provisioning application when the plat form is already running:
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/provisioningap
pwithDCommands.html

10. Test and distribute the third-party installer as needed.

Lotus Expeditor documentation references
You may find the following Expeditor topics helpful as you begin to create third-party installers.



                                                                                                           137
 Using the provisioning manifest This describes how to find the Expeditor installation in the
registry/etc directory or home directory property files.
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com. ibm.rcp.tools.doc.admin/provisioningma
nifest_using.html
 Understanding the merge process for the provisioning manifest and provisioning manifest DTD

These describe how to create the appropriate manifests to install/remove/updat e features.
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/provisioningma
nifest_understandingmerging.html and
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/manifestDTD.h
tml
 Using the provisioning application This describes how to install and uninstall features in Expeditor.
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/provisioningap
psyntax.html
 Using the provisioning application with Dcommands This describes how to launch the platform
provisioning application using Dcommands regardless of whether the platform is currently running.
http://publib.boulder.ibm.com/infocenter/ledoc/ v6r11/topic/com.ibm.rcp.tools.doc.admin/provisioningap
pusingP rovisioninginterfaces_usingProappD.html

Creating and using an NSF-based update site
You can use an NSF -based update site to install and update custom or third-party Eclipse features
into an existing IBM(R) Lot us(R) Notes(R) 8.5 installation. The UPDA TES ITE.NTF template is part of
the Lotus Notes 8.5 and IBM(R) Lotus(R) Domino(TM) 8. 5 installation. Use this template to create an
NSF-based update site to act as an Eclipse update site hosted in a Lotus Notes application. The NSF -
based update site dynamically provides the SITE. XML, features, and plug-ins. You can use the
UPDA TES ITE.NTF template as the basis for your own NSF-based update site by creating an update
site application, for example UPDA TES ITE.NSF, as seen in the following menu sequence:
1. Click File - Application - New menu.
2. Click Show advanced Templates and specify the Eclipse Update Site (8) template
     (UP DA TESITE. NTF) as the template.

Note: You can name the NSF -based update site any name you choose; however, you must use
Eclipse Update Site (8) (UP DA TESITE. NTF) as the template. When you first open the NSF-based
update site, for example, UP DA TESITE.NSF, there are three main action buttons available. These
import actions are not mutually exclusive. For example, an administrator might initially import an entire
Eclipse updat e site and later choose to import specific additional or updated features. In the same
manner, the administrat or may later choose to import an additional NSF-based update site. Note that
once the NSF-based update site contains content, a fourth button is also available, enabling you to
specify the NSF-bas ed update site as the location from which to obtain feature updates.

Action                                                Buttons Description
Import Local Update Site                              Use this action to import the contents of a local Eclipse
                                                      update site, containing a complete features
                                                      subdirectory, plugins subdirectory, and SITE.XML file
                                                      into the active NSF-based update site. You can import
                                                      one or more Eclipse update sites into a single,
                                                      consolidated NSF-based update site. For example, if
                                                      you have three separate Eclipse update sites, you do
                                                      not need to create three individual NSF-based update
                                                      sites. While that is an option, organizationally it might
                                                      be easier to simply consolidate them into a single one.
Import Features                                       Use this action to import individual features into the
                                                      NSF-based update site instead of importing a complete
                                                      Eclipse update site. There are two typical scenarios for
                                                      using this action:
                                                       A de veloper creates new features. Instead of
                                                      exporting an entire update site, the developer exports
                                                      only the particular feature he’s working on and imports
                                                      those features into the NSF-based update site. In this
                                                      scenario case, the NSF-based update site would only
                                                      contain that particular feature (and whatever plug-ins
                                                      are associated with that particular feature).



                                                                                                           138
                                                      An administrator who previously imported a complete
                                                     Eclipse update site (using the ″Import Local Update
                                                     Site″ action), later receives updated features. The
                                                     administrator can then import these individual features
                                                     into his existing, and already populated, NSF-based
                                                     update site. If the features he imports already exist, the
                                                     features are either updated in the database (if the
                                                     feature name and version is the same) or added as a
                                                     new feature (if the feature name and version is different
                                                     or doesn’t yet e xist).
Import Database                                      Use this action to import an existing NSF-based update
                                                     site into the active NSF-based update site. This is
                                                     similar to importing Eclipse update sites, except that the
                                                     contents are imported from an existing NSF-based
                                                     update site. For example, an administrator may have an
                                                     existing NSF-based update site (for example,
                                                     UPDATESITE.NSF). A developer may provide him with
                                                     another (probably smaller) NSF-based update site (for
                                                     example, UPDATESITEABX.NSF). The administrator
                                                     can import the entire NSF-based update site into his
                                                     active NSF-based update site, effectivel y merging the
                                                     content of both into a single NSF-based update site.
Update URL references                                Note : This action is available in NSF-based update
                                                     sites that contain features and plug-ins. Use this action
                                                     to specify that Eclipse features and plug-ins are
                                                     updated from the active NSF-based update site.
                                                     Imported features and plug-ins may contain a specified
                                                     update site URL, from which updates are to be
                                                     obtained. As an administrator, you can determine that
                                                     updates come from your NSF-based update site, rather
                                                     than a source URL that may, for e xample, be outside
                                                     your organization’s control. You can specify an NSF-
                                                     based update site as the site from which to obtain
                                                     updates. Specify the URL of the Domino server hosting
                                                     the active NSF-based update site. Example syntax is
                                                     provided in the dialog box.

For additional information about NSF-based update sites, see the composite applications blog at IBM
developerWorks, for ex ample, the NSF-based update site posting at http://www-
03.ibm.com/developerworks/blogs/page/CompA pps?entry=nsf_based_update_sites and the site index
at http://www.ibm.com/developerworks/blogs/page/ CompApps?entry=blog_sitemap.


Configuring component update for composite applications
Composite application update, supported by IBM(R) Lotus(R) Notes(R), IBM(R) Lotus (R) Domino(TM)
and IBM(R) WebS phere(R) Portal, is available in this Lotus Not es release. Composite applications and
associated Eclipse-based features can be updated when a user opens an application. Composite
applications can update composite application definitions. Certain Eclipse features can be updated by
provisioning. A composite application definition can reference one or more Eclipse feat ures as
application requirements. Each requirement can specify a particular update site from which it will be
provisioned. You can use composite applications to install or update custom or third -party feat ures in
Notes, as described here. You can also use the Eclipse updat e manager, if exposed in Notes, to install
or update custom or third-party features in Notes. When a us er opens a composite application or when
a composite application update operation occurs, if the application definition has changed, an update
operation is run to provision bot h newly specified features as well as existing features that have newer
available versions. The feature requirement update site setting can specify a Domino server (or local
NSF replica) or a Portal server (or any HTTP server). Updat e site URL examples for each server are
as follows:
 The Domino server supports feat ure provisioning over the NRP C protocol.
– Domino server NRPC://<server-hint -or-host>/<replica-id>/site.xml ->
    NRP C://updates.ibm.com/__85257258006000A1/site.xml
– Local replica ID
    NRP C:///__85257258006000A 1/site.xml




                                                                                                          139
Note: Note the use of the double underscore and replica ID in the NRP C protocol. v The Domino
server optionally supports feature provisioning over the HTTP/HTTPS protocols.
http://updates.ibm.com/updatesite.nsf/site.xml

Eclipse updat e sites in conjunction with Domino NSFs allow for such us age scenarios as the following:
– Host the NSF-bas ed update site, for example UP DA TESITE.NSF, on a Domino Web server.
– Supply an NSF-based update site, for example UPDA TES ITE.NSF, to others, in which ot hers can
    merge this NSF-based update site into their own.
– Supply individual features and plug-ins to others for their own use in their own composite
    applications.
– Create custom features and plug-ins with the additional capability to create a new NSF -bas ed
    update site, for example UPDA TES ITE.NSF, and import these features and plug-ins.
 The Eclipse update site server (HTTP server) supports feature provisioning over the HTTP/HTTPS
protocols.
http://updates.ibm.com/updatesite/site.xml


Domino Update Site NSFs
Domino provides the capability to put an Eclipse updat e site inside an NSF database. An update site
is typically a separat e database that doesn’t contain composite applications. However, since any Lotus
Notes application NSF can contain a composite application, an updat e si te NSF may contain a
composite application. For example, a third -party could deliver a composite application and an update
site, with the former pointing to the latter. Or an administrator could put the composite application in an
update site NSF and make it available to users that way. You can import Eclipse updat e sites into an
NF-based update site application as described below.

Creating and preparing the NSF-based update site
1.   Create an NSF-based update site, for example UP DA TESITE. NSF, using the File - Application -
     New menu sequence and the Eclipse Update Site (8) templat e (UP DA TESITE. NTF) installed with
     the Domino server.

Note: To see the Eclipse Update Site (8) template (UPDA TES ITE.NTF), click Show Advanced
Properties in the new Application dialo g box. The NSF-based update site acts as an Eclipse update
site hosted in a Lotus Notes application on a Domino server. It dynamically provides the SITE. XML,
features, and plug-ins.

2.   Open the NSF-based updat e site.
3.   Click the Import Local Update Site... action button.
4.   From the resultant explanatory panel, use the Browse button to navigate to the Eclipse update
     site.
5.   Select the SITE. XML file.
6.   Click Open.

An ″Importing update site″ progress bar appears.

Editing a Composite Application’s feature requirements update site
URL
There are two methods you can use to edit a composite application’s feature requirements update site
URL: A. Recommended method: Using the Composite Applications Editor to specify an updat e site for
feature requirements The preferred way to edit the update site URL for a feature requirement is
through the use of the Composite Application Editor (CAE) as described in the following steps:
1. In Lotus Notes, open the composite application.
2. Click Actions > Edit Application... . The Composite Applications Editor (CAE) opens in a new
    window.
3. From the resultant component list, right-click the desired component and select Edit Component
    Properties.
4. Click Advanc ed. A list of properties appears.
5. Select the property for the desired feature, for example url.Feature_ NN, and click Edit.
    Alternatively, click Add and enter the name and the value.
6. Click OK to exit Advanced.


                                                                                                       140
7.   Click OK to exit the Properties pane.
8.   Click Done to close and save the changes.
9.   The modified CA XML is re-read and proc essed.

B. Alternate method: Configuring a composite application to specify an update site Use this process to
define update sites for the contents of a particular composite application NSF.
1. The administrator obtains a composite application NSF, for example MyCompA ppabx.nsf.
2. Accompanying the composite application NSF, the administrator obt ains an update site folder,
    which contains a \features and \plugins subdirectory, as well as a SITE. XML file. The SITE. XML
    file lists features contained within the update site folder.
3. The administrator modifies the composite application’s XML to point to a specific Domino update
    site.
a. Open a composite application, for example MyCompAppabx.nsf, in Domino Designer on the
    Domino server. As the application is opening, do not click Cancel. Accept any security screen
    prompts.
b. Click Composite Application - A pplication in the left pane navigator.
c. Click the composite application name in the list and then click the Export tab. This action outputs
    to an xml file of the same name, for ex ample My CompAppabx.xml. Leave the composite
    application open.

d.   Open the XML file creat ed in the previous step.

e.   Modify each ″url. feat ure″ value to point to the needed Domino update site. For example, for each
     <preferenc e name=″url.feature″> entry, where url. feature is the placeholder for the update site
     URL and the specific feature name, point to the needed Domino update site. The following format
     uses an NRPC protocol: NRP C://<server>/__<replicationID>/site.xml The following format uses an
     HTTP protocol: http://<server>/updatesite.nsf/site.xml

4.   Save and close the XML file.
5.   In Domino Designer and within the open composite application, click the composite application
     name in the list, click the Refresh tab, and select the modified composite application XML file.
6.   Open the NSF-based updat e site application, for example UPDA TES ITE.NSF, and import the
     SITE. XML file from the local update site folder that accompanies this composite application.

Note: A user can open the composite application using a Lot us Notes database link, bookmark, or File
- Application - Open (or Ctrl-O) on the server to initiate update.

Retrieving composite application definitions (CA XML) from Domino
The NRPC URL format for retrieving composite application updates is as below: NRPC://<Server-hint-or-
host>/<replica-id>/composite.xml?<param>=<value>

Where:

Server-hint-or-host = DNS host name, IP address, or server name

replica-id of the database on the target server

param = <name|unid>

Name = String to be used to lookup CA design element in view -- Look up first as a name and if not
found, then as an alias.
UNID = UNID of the composite application design note

For example: NRPC://abx_tc.upcdev.ibm.com/__8525634000734621/composite.xml?name=Hannover

WebSphere Portal and Composite Applications
WebSphere Portal composite application update is made available to the Lotus Not es user through
the Home Portal Account setting in Lotus Not es, as determined by the Domino administrator.




                                                                                                        141
In addition, the administrator must also have installed the WebSphere Portal composite application
support for Lotus Notes on the same WebSphere Port al server to which the user’s Home Portal
Account points. WebSphere Portal composite application update pert ains most applicably to the Lotus
Notes user who is working with composite applications that contain Web projections.

Resources for learning more about composite applications
The following reference information is available for learning more about configuring and using
composite applications.
 For information and examples describing how to creat e and deploy c omposite applications in the
Notes context, such as composite applications tutorials, see IBM developerWorks at
http://www.ibm.com/ developerworks, including the composite applications blog at
http://www.ibm.com/ developerworks/blogs/page/ CompApps.

You can use the following site map to find information about a specific topic:
http://www.ibm.com/ developerworks/blogs/page/ CompApps?ent ry=blog_sitemap
 For overview information about composite applications, see About composite applications.
 For information about developing and deploying NSF-based composite applications, see Domino
Designer 8.5 Help at http://www.lotus.com/doc and the IBM developerWorks composite applications
blog at http://www.ibm.com/developerworks/blogs/page/ CompApps .
 For information about creating a composite application to run in the IBM(R) Websphere(R) Portal
environment, see the IBM WebSphere Portal Information Center at
http://www.ibm.com/ developerworks/websphere/zones/portal/proddoc.html.
 For information about NSF-based update sites, see Creating and using an NSF-based update site
and the ″NSF based Update Sites″ blog entry at http://www-
03.ibm.com/developerworks/blogs/page/CompA pps?entry=nsf_based_update_sites.
 For information about using composite applications, see the Notes help for these Help categories:
– Portal Applications Catalog
– Composite Applications Editor
– Portal Template Library
– Domino Designer Property Broker
 For information about the WebSphere Portal composite application support for Lotus Notes, see
Installing the WebSphere Portal composite application support for Lotus Notes.
 For information about configuring the home portal account to enable users to open and use
composite applications that contain portlets, see Specifying the home portal account using policy and
Specifying the home portal account using preferences.

Chapter 6. Upgrading Notes clients
For the most up-to-date information about upgrading IBM(R) Lotus(R) Notes(R) clients, see the
installation guide available with this release, the upgrade information available at
http://www.redbooks.ibm.com and the Release Notes, for topics pertaining to installing and upgrading
the Notes client. Lotus Notes supports the following options for upgrading Notes clients:
 Upgrade-by-mail
 Lotus Notes Smart Upgrade Run-As Wizard
 Lotus Notes Smart Upgrade
 Administrative installation

You also have the option of using third-party tools for upgrading the Notes client.

Upgrade-by-mail is an e-mail notification system that notifies users to upgrade their Notes clients and
mail file templates to the Notes/Domino design. Upgrade-by-mail requires that you copy all installation
files to a net work file server or a shared directory that users can access. In the upgrade notification,
you specify the path to SETUP.E XE. The notification message includes buttons that users click to
launch the Lotus Notes installation program and to replace the design of their Notes mail file. For
Microsoft (R) Windows(R) users, you can also upgrade an Lotus Notes 6.5.x and 7.x installation to
Lotus Not es using the Lotus Notes installation program in the install media kit. If the IBM(R) Lotus(R)
Domino(TM) Administrator client and/or IBM(R) Lotus(R) Domino(TM) Designer client are resident,
they can also be upgraded using the Lotus Notes Allclient installation media kit.




                                                                                                      142
Note: Upgrade-by-mail is not available for IBM(R) Lotus(R) Domino(TM) Web Access (iNotes Web
Access) users. Upgrade-by-mail applies only to Notes client users.

(http://www.lotus.com/ldd/smartupgrade).

The Smart Upgrade Run-As wizard (SUSE TRUNASWIZA RD.E XE) creates an ex ecutable file
(SURUNAS.E XE ) that Notes client users can then run to upgrade their Notes clients. Notes client
users can use the Smart Upgrade Run-As (SURunas) feature to upgrade to a newer Notes client
release. Smart Upgrade Run-As is designed for Notes client users who do not have administrator
privileges but who still need to periodically update their Notes client soft ware. Notes client users with
administrator privileges on their loc al computer can still use S mart Upgrade. Like Upgrade-by-mail,
Lotus Not es Smart Upgrade sends a notification to users to upgrade their Notes clients. Lotus Not es
Smart Upgrade lets you set a grace period during which users must upgrade their clients. When you
upgrade from Lotus Not es 6 to later releases, use Lot us Notes Smart Upgrade.

Lotus Not es Smart Upgrade works with the Lotus Notes update kits or incremental installers that you
download from the Lotus Developer Domain.

Administrative installation is a feature of the Microsoft Windows Installer that copies the installation kit
to a file server that users access through a network connection. Users launch the installation program
from the file server to install Lotus Notes locally on their client machines. You can use administrative
installation to copy the installation files to a network file server, then use Upgrade-by -mail or Lotus
Notes Smart Upgrade to notify users.
The following table compares the Upgrade-by -mail, Lotus Smart Upgrade Run-As wizard, Lotus Notes
Smart Upgrade, and administrative installation.

Option                               Advantages                             Disadvantages
Upgrade-by-mail                       Upgrades Notes 6 and Notes 7          Administrator cannot determine
                                     clients and mail file templates        when upgrades occur
IBM Lotus Smart Upgrade Run-As
Wizard
Lotus Notes Smart Upgrade             Establishes a grace period in         Can be used only with Lotus Notes
                                     which users must upgrade their         6 and later releases
                                     clients
Administrative installation           Uses the command line option /A       Can be customized with
                                     to create an administrative image of   transforms to create a silent,
                                     the Lotus Notes installation on a      automated installation, a shared
                                     network file server                    installation, and so on
                                                                             Requires the Microsoft(R)
                                                                            Windows(R) Installer service, which
                                                                            is part of the Windows operating
                                                                            systems.

All the upgrade options require users to have a network connection. For mobile users, users with low
bandwidth connection or no connection, these options may not apply. To upgrade these users, you
could send Lotus Notes CDs to them.

Before you upgrade the Notes client
Before you begin upgrading IBM(R) Lot us(R) Not es(R) clients, make sure that you or your users do
the following:
 If the computer on which you are upgrading runs anti-virus soft ware, close the application.
 To successfully install, upgrade, and use Lotus Notes, users must be allowed both Write and Modify
permissions to the Program directory, Dat a directory, and all associated subdirectories.
 If you are upgrading Lotus Notes on a Microsoft(R) Windows(R) system, you must have
administrator rights to the system. Log in as an administrator or set administrator -level privileges for All
Users. This can be done from the command line.
 You need administrative or root access rights to install Lotus Notes. For cases in which
administrative rights are not available, enable the setting ″Always install with elevat ed privileges.″ The
setting ″Always install with elevated privileges″ is a Windows setting that is part of Window’s User
Policies.




                                                                                                            143
Refer to your Micros oft Windows documentation for details. Refer to the Release Notes for the most
current information on permissions required when installing as a non -administrator.
 Options for installing the Lot us Notes client on Restricted or Standard/Power User computers are
described in the Micros oft Windows Installer documentation.
 Review options for customizing the Notes client installation and set up.
 (Optional) Use the People - by Client Version view in the Domino Directory to quickly determine the
Notes client version in use in your domains.

Using Upgrade-by-mail
Upgrade-by-mail is a feature that sends an e -mail notification to specified users to upgrade their
IBM(R) Lotus(R) Notes(R) clients and optionally, their mail file templates. You can also use Upgrade -
by-mail to notify users that their mail files have been migrated to Notes mail.

Note: Upgrade-by-mail is not available for IBM(R) Lotus(R) Domino(TM) Web Access (iNotes Web
Access) users. Upgrade-by-mail applies only to Notes client users.

The upgrade notification contains two buttons that users click to upgrade their clients and mail files.
The Install Notes button launches a Notes client installation program from a directory on a net work
drive to which users have access. The Upgrade Mail File button replaces the user’s current mail
template with a locally stored Notes/Domino mail templat e or another specified template, such as a
customized mail templat e. Users must upgrade their Not es clients to install the Notes/Domino mail file
template locally, before they upgrade their mail files.

Using the Upgrade Mail File button is optional. You must complete the Mail Template Information
section in the upgrade-by-mail notification to enable the Upgrade Mail File button. If you do not
complete this section, Upgrade-by-mail does not display the button on the e-mail notific ation.

Before you use Upgrade-by-mail
Before you begin, complete the following tasks:
 Back up Notes client files.
 Create an installation directory on an IBM(R) Lotus(R) Domino(TM) server or a file server to which all
users have network access, then copy all Notes installation directories and files to this folder.

Note: To us e Upgrade-by-mail to upgrade mail file templates, users must have at least Designer
access to their mail databases. If users do not have this level of access, use the mail conversion utility
to update mail file templates.

Backing up Notes client files
Back up important IBM(R) Lotus(R) Notes(R) client files in case an error occurs during the upgrade
process. If you experience problems, you can restore these files with the backed-up versions. Back up
the Notes data directory on your server (for ex ample, the data directory may be C: \Program
Files\IBM\Lotus\Notes\data). This directory includes ID files, LOG.NSF, NAMES.NSF, MA IL.BOX, and
any other Public Address Books or Domino Directories located on the server.

Note: Depending on how Lotus Notes was installed, the default directories will vary and are thus not
listed in the following table. For the Notes version of these listed files, s earc h the Notes <install
directory> hierarchy for the file names.

File                                                  Default Location
NOTES.INI                                             For Notes 5 users, Notes data directory. c:\notes\data.
                                                      For Notes 6 and 7 users, C:\Program
                                                      Files\lotus\notes\data.
BOOKMARK.NSF                                          Notes data directory. Contains saved bookmark and
                                                      Welcome page information. In Notes 5,
                                                      c:\notes\data\bookmark.nsf. In Notes 6 and 7,
                                                      C:\Program Files\lotus\notes\data\bookmark.nsf.
BUSYTIME.NSF                                          Notes data directory. Contains local free time
                                                      information. In Notes 5, c:\notes\data\busytime.nsf. In
                                                      Notes 6 and 7, C:\Program
                                                      Files\lotus\notes\data\busytime.nsf.
HEADLINE.NSF                                          Notes data directory. Contains database subscriptions



                                                                                                          144
                                                      information. In Notes 5, c:\notes\data\headline.nsf. In
                                                      Notes 6 and 7, C:\Program
                                                      Files\lotus\notes\data\busytime.nsf.
INSTALL.LOG                                           Notes Program directory User’s MyDocuments folder,
                                                      for example, C:\Documents and Settings \
LOTUSINSTALL.LOG                                      User\MyDocuments\LotusInstall.Log.
DESKTOP5.DSK (Notes 5)                                Notes data directory. In Notes 5, c:\notes\data. In Notes
DESKTOP6.NDK (Notes 6)                                6 and 7, C:\Program Files\lotus\notes\data.
Personal Address Book (NAMES.NSF b y default)         Notes data directory. In Notes 5, c:\notes\data. In Notes
                                                      6 and 7, C:\Program Files\lotus\notes\data.
PERWEB.NSF                                            Notes data directory. Pers onal Web Navigator database
                                                      that contains the user’s Web browser information, for
                                                      example, c:\notes\data\perweb.nsf
User ID files (for example, JSMITH.ID)                Notes data directory. In Notes 5 c:\notes\data. In Notes
                                                      6 and 7, C:\Program Files\lotus\notes\data.
Local databases (NSF)                                 Notes data directory. In Notes 5, c:\notes\data. In Notes
                                                      6 and 7, C:\Program Files\lotus\notes\data.
Local database directory links (DIR)                  Notes data directory. c:\notes\data. In Notes 6 and 7,
                                                      C:\Program Files\lotus\notes\data.
An y customized Notes database templates (NTF)        Notes data directory. In Notes 5, c:\notes\data. In Notes
                                                      6 and 7, C:\Program Files\lotus\notes\data.
USER.DIC (Personal dictionary entries for spelling    Notes data directory. In Notes 5, c:\notes\data. In Notes
checker)                                              6 and 7, C:\Program Files\lotus\notes\data.


Creating the upgrade notification for Upgrade-by-mail
The following procedure describes how to upgrade IBM(R) Lotus (R) Not es(R).
1. In the IBM(R) Lotus(R) Domino(TM) Administrator, select the server bookmarks, then select the
   server on which your users’ mail files reside.
2. Click the Messaging tab.
3. Open the ″Mail users″ view, select the users whom you want to upgrade, and then click ″Send
   Upgrade Notifications.″
4. On the Basics tab, select the ″Upgrade Notes Client & Mail Template to Not es 6 or higher″ option.
5. On the Client Versions tab, enter a buil d number to prevent upgrades of Not es clients running the
   specified build or a later build. By default, the build number is determined by the @V ersion
   function.
6. On the Software Distributions tab, in the Notes Install Kit Paths section, enter the directory pat h in
   the ″Root path for Install kits″ field using the following format:
   \\server_name\shared_drive_name\installation_folder_name
7. In the ″Path for Windows″ and ″Path for Macint osh PPC″ fields, enter the file path to the
   installation file following the format above, but include SE TUP.E XE in the path.
8. If you want users to upgrade their mail file templates, complete the Mail Template Information
   section. Enter the template name of the existing mail files. The default field value is a wild card
   character (*).

Note: Complete the Mail Templat e Information section to include an Upgrade Mail button in the
upgrade notification sent to users.

9.   By default the new mail template name appears in the New Mail templat e file name field. If you
     renamed the template or us ed a custom mail template, enter the new name. Note that the new
     template must exist in your users’ Notes data directory.
10. By default the ″Ignore 200 category limit″ check box is selected. This option overrides a default
     that limits the creation of folders in a database to 200 folders. If you want no more than 200 folders
     created, deselect the check box.
11. If you are upgrading IMAP clients, select the ″Mail file to be used by IMAP mail clients″ check box.
12. (Optional) If you want to automatically upgrade custom folders to the Inbox design, select the
     ″Upgrade custom folders″ check box.
13. (Optional) To prompt the user before upgrading custom folders, select the ″Prompt before
upgrading custom folders″ check box.
13. (Optional) If you want to provide additional information to your users, complete the Additional
     Information field.
14. (Optional) Select whether or not to be notified after users have upgraded their mail file templates.
16. Click Send when done.


                                                                                                          145
Installing the Lotus Notes software with Upgrade-by-mail
The upgrade notification includes two buttons. The Install Not es button runs the IBM(R) Lot us(R)
Notes(R) client installation program. The following procedure is intended for Not es client users.
1. Click the Install Not es button.
2. Follow the prompts on the Setup screens to properly install the software.

3.   Start Notes.

Notes sets up and upgrades the software automatically if you install Lotus Notes in the same directory
as the previous release of Lotus Notes. If you install the Lotus Notes software in a different directory,
Lotus Not es prompts you to complete the configuration process. If you install Lotus Notes in a different
directory, be aware that the Setup installation program places the NOTES.INI file in the Notes program
directory.

Upgrading the mail file template with Upgrade-by-mail
After users install IBM(R) Lotus(R) Notes(R), they must return to the upgrade notification to upgrade
the mail file template.
1. Click Upgrade Mail File.
2. When prompted for a password, enter your Notes password.
3. Lotus Not es upgrades the template automatically.
Using Notes Smart Upgrade
IBM(R) Lotus(R) Notes(R) Smart Upgrade notifies users to update their Not es 6 and later clients to
later releases. Lotus Notes Smart Upgrade uses policy and settings documents to hel p manage
updates. You create policy documents in the IBM(R) Lotus(R) Domino(TM) Directory to distribute
standard settings and configurations across groups, departments, or entire organizations. Microsoft(R)
Windows (R) users can upgrade Lot us Notes 6.5.x and 7.x to Lotus Notes 8 during install.

Prerequisites
To use Smart Upgrade as a means of upgrading Notes clients, you must meet the following
prerequisites:
 Notes Client already installed.
 Connectivity to a Domino server.
 Smart Upgrade database created, configured, deployed and enabled.
 The user’s Location documents must specify the correct home server on the Servers tab of the
document. If the wrong home server is specified, then Smart Upgrade does not begin the upgrade
process.

Procedure
To use Lotus Notes Smart Upgrade, follow this procedure:
1. Create a database using the Smart Upgrade Kits template to host Notes client update kits.
2. Update the Configurations Settings doc ument in the Domino Directory with a link to the Lotus
    Notes Smart Upgrade database. Domino’s intelligent locator uses the replica ID of the Smart
    Upgrade database in the database link and does the following in this order 1. ) looks for a local
    replica of that database, and if found, uses it. 2.) Looks for a replica of that database on any
    cluster mates if the server is in a cluster, and if found, uses it. 3) uses the database on the server
    specified in the databas e link in the Server Configuration document.
3. Download an update kit, also known as an increment al installer, from the Lotus Developer Domain
    Web site (http://www.lot us.com/ldd/smartupgrade).

4.   Create a Kit document in the Lotus Notes Smart Upgrade database and attach a Notes client kit or
     an All Client kit to the Kit document, or designate a shared network drive in t he Kit document.

5.   Create or modify a desktop policy settings document where you specify the updated release to
     deploy and the date on whic h the grace period for updating a Notes client ends.

6.   Create or modify a master policy to assign users or groups to the desktop policy settings
     document.




                                                                                                      146
7.   Depending on the master policy created, edit Person documents to assign users to the master
     policy and/or set the Lotus Not es Smart Upgrade desktop policy settings document for one or
     more groups.

Note: In IBM Lotus Not es Domino 7.0 and later, the Smart Upgrade kits are available in Englis h and
other languages (for language packs).

Smart Upgrade server failover to another clustered server
Smart Upgrade server failover is available with clustered servers. To us e this feature, paste the
database link for the Smart Upgrade database into a Configuration Settings document on a clustered
server. When the IBM(R) Lotus(R) Notes(R) client user logs on, the user’s home server’s
Configuration Settings document is checked to access the link to the Smart Upgrade database. Smart
Upgrade then checks that server for the database link to the Smart Upgrade dat abase. If the server
containing the Smart Upgrade database is available, it uses that Smart Upgrade database. If the
server containing the Smart Upgrade database is not available, Smart Upgrade searches, by database
replica ID and database name, for a replica server within the cluster and tries to open the database on
a replica server. If it locates and opens the database, that Smart Upgrade database on that replica
server is used.

When a Notes client user receives the Smart Upgrade prompt and clicks OK to initiate the upgrade,
the name of the server containing the Smart Upgrade database and its Replica ID are written to the
NOTES.INI settings SmartUpgradeDB path= {server name}!!{database file name} and
SmartUpgradeReplic ID=xxxxxxx. Smart Upgrade looks for the user’s home mail server. If the user’s
home mail server is not accessible, Smart Upgrade uses the previously -saved NOTES. INI variable
SmartUpgradeReplic ID= and pat h to search for the replicated Smart Upgrade database within the
clustered servers. If the user’s home mail server is accessible, the Smart Upgrade database on that
server is used.

If all attempts to run the Smart Upgrade fail, the user rec eives a message indicating that no Smart
Upgrade database is available.

Creating a Lotus Notes Smart Upgrade database
Use the Smart Upgrade Kits template (SMUPGRADE.NTF) to create the IBM(R) Lotus(R) Notes(R)
Smart Upgrade database that will store the upgrade kits. The database must reside on at least one
server in the domain. After the Smart Upgrade dat abase is added to the database catalog, other
servers can locate the database. If you replicate the Smart Upgrade database to other servers in the
domain, users will have more choices in the database catalog and possibly fewer network problems
accessing the update kits.
1. In the IBM(R) Lotus(R) Domino(TM) Administrator client, choos e File - Application - New.
2. In the New Application dialog box, enter the server name and database title.
3. Enter a file name in the File Name field.
4. Click Template Server, and then choose the server on which the dat abase will reside.
5. Select the ″Show advanced templat es″ check box.
6. Select ″Smart Upgrade Kits″ from the box of template names, then click OK.
7. After you create the Smart Upgrade database, create a database link in your Configuration
    Settings document in the Domino Directory.


Smart Upgrade Tracking Reports database
The Smart Upgrade Tracking Reports database is a repository for storing Smart Upgrade Tracking
Reports that contain detail information about the status of all attempts to run Smart Upgrade on
IBM(R) Lotus(R) Notes(R) clients in a domain. Use the Smart Upgrade Tracking Reports database to
determine whet her the Not es clients are upgrading successfully when using Smart Upgrade, or to
determine which users are experiencing problems. If there are instances where Smart Upgrade fails,
use the information in the report to assist in determining the problem without having to visit the user’s
desktop. You can also use the reports to determine whether there is a repeating problem on multiple
clients which could be related to the configuration of the Smart Upgrade database cont aining the kit
information.




                                                                                                       147
During the server setup of a domain’s first server, IBM(R) Lotus(R) Domino(TM) creates a mail -in
database named Lotus Not es/Domino Smart Upgrade Tracking Reports database (LNDSUTR.NS F)
using the database templat e LNDS UTR. NTF. Domino als o creates the corresponding mail -in database
document for the Smart Upgrade Tracking Reports database. Notes automatically creates Smart
Upgrade Tracking reports each time Smart Upgrade runs on a client in your domain. Reports of
successful upgrades are sent to the Smart Upgrade Tracking Reports database the first time the
Notes client is started after the successful upgrade. Reports of unsuccessful upgrades are sent
immediat ely after the upgrade fails or cancels.

If you prefer, you can manually set up the Smart Upgrade Tracking Reports database by using
LNDSUTR.NTF, and you can then create the corresponding mail-in database document. Enable
Smart Upgrade Tracking on the desktop policy settings document’s Smart Upgrade tab. The Notes
client then uses the information that you enter there to mail a Smart Upgrade Tracking Report eac h
time Smart Upgrade is run on Notes clients in your domain.

You can view reported information by Status, that is, sorted according to whether the Smart Upgrade
succeeded, failed, or was canceled. You can also view reports by date, by Notes/Domino version, by
operating system version, or by user.

Using Smart Upgrade Tracking after upgrading to this Domino release
If you upgrade to this Domino release and you have not set up or used Smart Upgrade Tracking in the
past, you need to manually create the Smart Upgrade Tracking Reports databas e and the mail -in
database doc ument. You then need to modify the desktop policy settings document to enable Smart
Upgrade Tracking for the users whose upgrades you want to track. For instructions about creating the
mail-in database doc ument, see the topic ″Creating a Mail -In Database document for a new database″
in the Domino Administrator documentation.

Creating a Smart Upgrade Tracking Reports database
Use this procedure to manually create the Smart Upgrade Tracking Reports database.
1. From the IBM(R) Lotus(R) Domino(TM) Administrator client, choos e File - Application - New.
2. In the New Application dialog box, specify the server name and database title.
3. Enter a file name in the File Name field.
4. Click Template Server, and then choose the server on which the dat abase will reside.
5. Select the Show advanc ed templates check box.
6. Select Lotus Notes/Domino Smart Upgrade Tracking Reports (LNDSUTR. NTF) from the list of
   template names, and then click OK.

Controlling the number of concurrent Smart Upgrade downloads
Use this procedure to enable or disable the Smart Upgrade Governor and to control the number of
concurrent Smart Upgrade attempts, that is, to control the number of times Smart Upgrade can be run
while the Smart Upgrade Governor is enabled. When Smart Upgrade Governor is enabled, specify the
maximum number of Smart Upgrade attempts by specifying a value in the field ″Maximum Concurrent
Downloads″ on the Server Configuration document.
1. From the IBM(R) Lotus(RM) Domino(TM) Administrator, click Configuration - Server -
    Configurations.
2. Select the Server Configuration document you want to open, and then click Edit Configuration.
3. Click the Smart Upgrade tab. In the field ″Limit Concurrent Smart Upgrade,″ enable the Smart
    Upgrade Governor.
4. In the field ″Maximum Concurrent Downloads,″ enter a value for the maximum concurrent number
    of Smart Upgrade attempts that can be made while the Smart Upgrade Governor is enabled. The
    default is 100.
5. Save and close the Configuration Settings document.

Creating a database link to the Smart Upgrade Database
In the Domino Directory, the Configuration Settings document contains a Smart Upgrade Database
Link field in whic h you paste the database link to the Smart Upgrade dat abas e. The IBM(R) Lot us(R)
Domino(TM) intelligent locator uses the replica ID of the Smart Upgrade database in the database link
and does the following in this order: 1) Looks for a local replica of that database, and if found, uses it.
2) Looks for a replica of that database on any cluster mates if the server is in a cluster, and if found,



                                                                                                        148
uses it. 3) Uses the database on the server specified in the database link in the Server Configuration
document. During this procedure, you enable the Smart Upgrade Governor feature that allows you to
limit the number of concurrent Smart Upgrade attempts.
1. In the Domino Administrator, open the Smart Upgrade dat abase that you created.
2. Choose Edit - Copy as link - Application link.
3. From the Domino Administrator, click Configuration - Server - Configurations.
4. Select the server, and then click ″Edit Configuration″ to edit an existing Configuration Settings
     document.
5. Click the Smart Upgrade tab.

Note: Lotus Notes Smart Upgrade first checks for the Smart Upgrade database link in the
Configuration Settings document of the home server specified in the IBM(R) Lotus(R) Notes(R) client
Location document. If that Configuration Settings document does not contain a Lotus Notes Smart
Upgrade database link, Lotus Notes Smart Upgrade next checks the * - [All Servers] Configuration
Settings document for the database link.

6. On the Smart Upgrade tab of the document, paste the dat abas e link in the ″Smart Upgrade
Database link″ field.
7. (Optional) In the field ″Limit Conc urrent Smart Upgrade,″ enable the Smart Upgrade Governor.
When Smart Upgrade Governor is enabled, you can limit the number of times that Smart Upgrade
attempts are made by specifying a value in the field ″Maximum Concurrent Downloads.″

Note: Smart Upgrade Governor requires Notes client and Domino server Release 6.0.5/6. 5.4 or
greater. Use this feature to prevent an excessive load on the server if Smart Upgrade is invoked
numerous times on the same server.

8.  In the field ″Maximum Concurrent Downloads,″ enter a value for the maximum concurrent number
    of Smart Upgrade attempts that can be made while the Smart Upgrade Governor is enabled.
9. Save and close the Configuration Settings document.
10. With the Lotus Notes Smart Upgrade databas e set up, you can begin adding update kits to the
    database.

Adding update kits to the Lotus Notes Smart Upgrade database
You can download update kits as they become available from IBM(R) Lotus(R) developerWorks
http://www.lotus.com/ldd/smartupgrade. After downloading a kit, make the kit available to users by
creating a Kit document in the Smart Upgrade database and then either attaching the kit to the Kit
document or storing the kit in a directory on a shared network drive that users can access. You specify
the location of the kit in the Smart Upgrade Kit document when setting up Smart Upgrade for users.
You can provide upgrade kits for upgrading just the IBM(R) Lotus (R) Not es(R) client or for upgrading
all clients. When you attach kits to a Smart Upgrade Kit document, attach only one kit per document.

Smart Upgrade kit recognition
Smart Upgrade contains the Smart Upgrade kit recognition feature. Smart Upgrade can determine
whet her to install a Notes client-only kit or an Allclients kit for each user. The installer sets the value of
the InstallType= setting in the NOTES.INI file each time a Not es client or All client installation or
upgrade is performed. Smart Upgrade compares the Install Type value in the Smart Upgrade Kit
document to the InstallType field in the NOTES.INI file and installs the update kit that matches the
Install Type specified in the NOTES.INI file. Smart Upgrade recognition makes it easy to upgrade
users who have more than one computer with different client install types, that is, a user can have one
computer running Notes client only and another computer running All clients. You can use Smart
Upgrade to upgrade both computers for this user.

Note: IB M(R) Lotus(R) Domino(TM) 6.5.5 clients and earlier can have only one Smart Upgrade kit per
user, per source version. If you attempt to configure

multiple source kits, that is Notes client only and All clients for a release of Domino that is pre -Domino
6.5.5, an error message appears indicating that duplicate kits have been found for that user in the
Smart Upgrade database and Smart Upgrade will fail.




                                                                                                           149
Smart Upgrade recognition upgrades one install type, for example, Notes client only to a newer
release of the same install type. You cannot use Smart Upgrade to install a Notes client only install
and then use it later to perform an All clients install for the same user on the same comput er. If you
want to change install types, you must manually upgrade the client to the desired install type.

If you are using a Macintosh operating system, the Install Ty pe field is not modifiable and is set to
Notes client only. The following values can be used with the NOTES.INI InstallType= setting:
 InstallType= 2 -- All client install
 InstallType= 6 -- Notes client only install

Note: In Domino 7.0 and later, the Smart Upgrade kits are available in English and other languages
(for language packs).

Adding the update kit
1.   In the Domino Administrator client, open the Lotus Notes Smart Upgrade database that you
     created.
2.   Click New Kit to create a Kit document.
3.   On the Basics tab, complete the following fields:

In this field                                         Do this
Kit description                                       Enter a brief description of the kit. After completing this
                                                      document, this kit description is used to identify the
                                                      Smart Upgrade Kit document.
Enable this kit for use                               Select the Enabled check box to make the kit available
                                                      to authorized users.
Configuration                                         Choose one:
                                                       Notes Standard -- You are running the ″standard″
                                                      configuration of Lotus Notes -- this means that you can
                                                      access applications on both Domino servers and IBM(R)
                                                      WebSphere(R) Portal servers.
                                                       Notes Basic -- You are running the ″basic″
                                                      configuration of Lotus Notes -- this means that all the
                                                      server-based applications you can access reside on a
                                                      Domino server.
Source versions                                       Enter your current Notes client release, or you can enter
                                                      a series of Notes clients releases. See the topic
                                                      Expression rules for use with the Smart Upgrade Kit
                                                      document for information on acceptable formats for
                                                      entering the source version.
                                                      Note : To find the current Notes client release number,
                                                      check the About Notes document. To open the
                                                      document, choose Help - About Notes.
Operating system                                      Enter or select the operating system for which the kit is
                                                      intended.
Localization                                          Enter or select the language of the Notes Client.
Release 6.5.4/6.0.5 or previous                       This field displays only if you are using Microsoft(R)
                                                      Windows(R). If you are using Notes Domino release
                                                      6.5.4, 6.0.5, or previous, click this check box. Smart
                                                      Upgrade does not recognize whether All client install or
                                                      Notes client install applies for these releases. Install
                                                      Type field only appears if this box is not selected.
Install Type                                          Choose one:
                                                       Notes client only -- Smart Upgrade will install only the
                                                      Notes client kit.
                                                       All client (Notes client, Administrator client, Designer) --
                                                      Smart Upgrade will install the All Client kit.
Destination version                                   Enter the release number of the update kit. The value of
                                                      this field must match the value in the Deploy Versions
                                                      field of the desktop policy settings document
Restart Notes after update                            Click the Restart check box to restart the user’s updated
                                                      Notes client when the upgrade is complete.
Location                                              Choose one of these to specify the location of the
                                                      upgrade kit:
                                                       Attached to this note -- Choose this option and then, in



                                                                                                              150
                                                      the ″Attach update kit here″ field, attach the update kit or
                                                      full installation kit.
                                                       On a shared network drive -- Choose this option and
                                                      then, in the ″Full path to update kit″ field, enter the file
                                                      path to the file SETUP.EXE. When you use the shared
                                                      network drive option, decompress the file, then copy all
                                                      files in the installation kit to the directory specified.
                                                      Follow this convention:
                                                      \\networkfileservername\shareddirectoryname\setup.exe

                                                       Shared network drive and attached kit with failover --
                                                      Choose this option and then select the file to attach that
                                                      contains the Smart Upgrade Kit and enter the full file
                                                      path name to the file, SETUP.EXE. The ″Shared network
                                                      drive and attached kit with failover″ option provides both
                                                      fields of information to users. The Smart Upgrade
                                                      process checks whether a ″Full Path Kit″ is available. If
                                                      the Full Path Kit is available, it is used; if it is not
                                                      available, the attachment kit is used.
Attach Update Kits here                               Attach the update kit or a full installation kit. Attach the
                                                      EXE file that you downloaded to the document without
                                                      decompressing the file. If you are using Domino 6.5.5 or
                                                      later, you can attach either a Notes client only kit or an
                                                      All clients kit.
Optional arguments for shared network drive kit       Enter optional arguments if you are specifying a shared
                                                      network kit. For information regarding optional
                                                      arguments, see the subtopic ″Using optional arguments
                                                      when running Smart Upgrade.″
Message text                                          Enter the message that will appear when Lotus Notes
                                                      Smart Upgrade prompts users to upgrade their Notes
                                                      clients.
Optional arguments for attached kit                   Enter optional arguments if you are using an attached
                                                      kit. For information regarding optional arguments, see
                                                      the subtopic ″Using optional arguments when running
                                                      Smart Upgrade.″

4. Complete these fields on the Administration tab:

In this field                                         Do this
Allowed Users & Servers                               Enter or select the users or servers allowed to upgrade
                                                      their Notes clients. To include all users in your
                                                      organization, enter a value using the following format:
                                                      */OrgUnit/Organization/CountryCode

                                                      Note : When you enter a value in this field, also add
                                                      LocalDomainServers to this field because this is a
                                                      ″Readers″ field. If LocalDomainServers is not included
                                                      in the entries in this field, the kit will not replicate to
                                                      other Domino servers in the domain.
Owners                                                Enter or select the persons who own this document.
Administrators                                        Enter or select the persons who administer the
                                                      document.
Comments (Optional)                                   Enter comments such as the update history for this
                                                      document.

5. Click Save and Close.
6. Create a desktop policy to deploy the update.

Expression rules for use with the Smart Upgrade Kit document
Domino compares the release number of the user’s Notes client to the release number specified in the
Source Version field of the Kit document in the Lotus Not es Smart Upgrade database. You can use
any of the expression rules shown in the table below, when entering the release number in the Source
Version field of the Kit document.




                                                                                                              151
Note: Us e the expression rules in this table only in the Source version field of the Smart Upgrade Kit
document.

Character                                                    Description
An y character, for e xample, C                              Matches any single non-special character. In this
                                                             example, it matches C
\C                                                           Matches the single character even if it is a special
                                                             character. In this example, it matches C
?                                                            Matches any single character
{ABN}                                                        Matches any character in the set (A,B,N)
{!ABN}                                                       Matches any character not in the set (A,B,N)
{A-FH-K}                                                     Matches any character in the set (A...F,H...K)
+C                                                           Matches any number of occurrences of the pattern
C*                                                           Matches any string (shorthand for ?)
!                                                            Complements logical meaning of this template
|                                                            Performs logical ″or″ of two templates
&                                                            Performs logical ″and″ of two templates


Examples
Domino compares the release number of the user’s Notes client to the release number specified in the
Source Version field of the Kit document in the Lotus Not es Smart Upgrade database. You can use
any of the expression rules shown in the table below when entering the release number in the Source
version field of the Kit document.

Each matching pattern in the following string matches the source version string:
″Build V604_10072003NP″

Pattern                                                      Explanation of match
Build V604_10072003NP                                        ″Build V604_10072003NP″
*                                                            wild card match
Build V604_1+072+03NP                                        ″+0″ matches ″00″
??????V604???????????                                        ? matches any character
+? V604_10072003NP                                           ″+?″ matches ″Build ″
Build V604_+{0-9N}NP                                         ″+{0-9N}″ matches tail ″10072003NP″
*V604_+{0-7}NP                                               ″_+{0-7}″ matches string ″10072003″
*V604_10072003+{N-P}                                         ″{N-P}″ matches ″NP″
+{A-Za-z} V604_+{0-7}NP                                      ″+{A-Za-z}″ matches ″Build″
Build V604_+{0-7}NP                                          ″0-7″ matches ″10072003″
Build V604_10072003+{!0-9 }                                  ″+{!0-9 }″ matches any string not containing a digit
Build V604_+{!A-Z}NP                                         ″_+{!A-Z}″ matches any string that does not contain any
                                                             letters A through Z, inclusive.


Running a silent upgrade using optional arguments
You can use optional arguments when launching Smart Upgrade. Smart Upgrade can launch any type
of execut able; therefore, the command line arguments in the Smart Upgrade Kit document are specific
to the executable file referenced in the document, not to the Smart Upgrade itself.

Use optional arguments with Smart Upgrade Kits on a shared network drive or with a Smart Upgrade
Kit attached to a Kit document. Optional arguments are commonly used to run a silent Smart Upgrade
requiring no user input during the upgrade, or to launc h an upgrade that is ″almost silent″ requiring
almost no input from users. See the examples that follow.

Samples of the optional command line arguments and their descriptions are shown in the table below.

Optional command line         Description and use            Attached kit example         Shared network drive
arguments                                                                                 example
-a                            Passes all arguments to        -a /v″/qb+″                  Does not apply
                              the file that is being
                              launched.

                              Note : For a Web kit, the -a
                              parameter passes all



                                                                                                                    152
                           command line arguments
                           to the embedded install kit.
                           For a CD kit (setup.exe or
                           setup.sh), the -a
                           parameter creates an
                           admin image.
/a                         Administrative installation. -a /a                   /a
/s                         For attached kit, does not    -a /s                  /s
Note : Always place a      display the dialog box that
blank space immediately    prompts the user to input
after the /s.              the location to which the
                           files are to be installed. By
                           default, the files are placed
                           in the user’s
                           <TempDir>\LotusNotesInst
                           all

                           For shared network drive,
                           does not display the Install
                           Shield initialization box.
/v.                        Passes arguments to            -a /v″xxxx″           Where xxxx = an y optional
                           MSIe xec. All arguments                              argument. /v″xxxx″
                           entered to the right of the
                           argument /v apply to                                 Where xxxx = an y optional
                           MSIe xec.                                            argument
/q                         Sets the interface level.      -a /v″qn″             /v″/qn″
                           For example, /qn indicates
                           no user interface displays
                           during the upgrade.
/qb+                       Displays the basic user        -a /v″qb+″            /v″qb+″
                           interface and a message
                           box at the end of the
                           upgrade.
/px                        Web Kit installations. Sets                          Web Kit installation -px -a
                           a path to the default                                /s /v″/qb+″
                           program directory and the
                           default data directory.
                           Hides the Location to Save
                           Files dialog box and the
                           Remove Installation Files
                           dialog box. Displays a
                           message box at the end of
                           the upgrade.
-d                         Specifies that files are       -d -a /s /v″/qn″      Does not apply.
                           extracted to a temporary
                           directory, from which they
                           are deleted when the
                           update is complete.

                           The argument -d must be
                           the first argument in the
                           series of arguments.

Example of a silent install when using a Smart Upgrade Kit on a shared
network drive
Shared network kits use arguments to initiate a silent install that bypasses the IBM(R) Lotus(R)
Notes(R) Install dialog boxes and uses installation options selected during the previous install. Enter
the arguments in the field Optional arguments for shared net work drive kit.
 Use this format to display a progress bar during the upgrade, in addition to displaying the message
indicating that the upgrade is complete or it has failed. Use the b parameter as follows:
/s /v"/qb+"
Note the following about this example:
– /s initiates a silent install. Always enter a space after the /s.




                                                                                                        153
– /v indicates that the ″/qb+″ parameters are passed to MsiExec. The /qb+ instructs MsiExec to run
     in silent mode but to display a progress bar during the upgrade, and then to display a message
     when the install is complete.

Example of a silent install when referencing Web kits in the Smart Upgrade Kit
document
This example applies to silent installs where you are referencing Web kits in the Smart Upgrade Kit
document. Enter the arguments in the field Optional arguments for attached kit.
 Use this format to run a silent upgrade from a Web kit:
-s -a /s /v"/qn"
Note the following about this example:
– Attached kits use the -s argument to make the unpackaging of the detached kit on the user’s
    computer silent.
– Attached kits use the -a argument to indicate that addition al arguments are to be passed to the
    Lotus Not es installer after the unpackaging is complete. A silent install requires no user input
    because it bypasses the Lotus Notes Install windows. Silent install use installation options
    selected during the previous install.
– Always enter a space after the /s.


Creating a Lotus Notes Smart Upgrade desktop policy settings
document
Use desktop policy settings document to enable IBM(R) Lotus(R) Notes(R) Smart Upgrade to function
automatically, to deploy different releases of the Notes client to different groups of users, to upgrade
Notes clients through several updat es at one time, to automatically create and use a Smart Upgrade
Tracking Reports database, and to control when updat es occur in order to preserve server
performance. The desktop policy settings document is applied continually during authentication and is
enforced by dynamic configuration. The policy settings document is applied to the users’ client
configuration whenever a change to the document occurs.

For more information about the desktop policy settings document, see the topic ″Creating a desktop
policy settings document″ in the IBM(R) Lotus(R) Domino(TM) Administrat or documentation.

If you have not already done so, create a master policy document.

Creating a master policy document for Lotus Notes Smart Upgrade
You creat e or modify a master policy document to determine which users and groups will be assigned
the IBM(R) Lotus(R) Notes(R) Smart Upgrade desktop policy settings document. There are two type s
of master policies: organizational and explicit. Organizational policies are based on your organizational
hierarchy and are assigned aut omatically to the users within an organization. If you want all users in
your organization to upgrade their Notes clients, create an organizational policy. Explicit policies are
assigned to specific users and groups. If you want only specific users and groups to upgrade their
Notes clients, create an explicit policy.

A user who is not assigned to the Lotus Notes Smart Upgrade desktop policy settings document may
still update the Notes client becaus e Smart Upgrade works as described here. When the Notes client
Smart Upgrade timer expires, the next time the user’s Notes client authenticates with their home
server or cluster mate of their home server, the server compares the Notes client release information
with the available update kit release information it has cached. If the server finds a match, it signals to
the Notes client that a possible match exists.

The Notes Client then directly checks the Smart Upgrade database for an available kit. If a user is
assigned a master policy where a specific Notes client version is specified, the Notes client only
proceeds with Smart Upgrade if a kit exists that will upgrade this particular Not es client to the version
specified in the policy. If no master policy exists and the Notes client finds a matching upgrade kit(s)
for their current version of Notes, Smart Upgrade also proceeds.

Note: You can limit which kits specific users can see by populating the Allowed Users and Servers
field on the Smart Upgrade Kit document. A server can signal to a Notes client that a kit is potentially



                                                                                                        154
available, but the Notes client may not locate an available kit because the user’s name has not been
entered in the Allowed Users and Servers field. In this scenario, the Smart Upgrade timer on the Notes
client is incremented by one day.

1.  For more information about policies, see the ″Using Policies″ topic.
2.  On the People and Groups tab of the IBM(R) Lotus(R) Domino(TM) Directory, open the Policies
    view.
3. If you are creating a master policy, click Add Policy. If you are modifying an existing master policy,
    select the policy to modify, and then click Edit Policy.
4. If you are modifying an existing policy, modify as many of the following fields as necessary. If you
    are creating a master policy, do the following:
 On the Basics tab, enter the policy name, then choose either Explicit or Organizational as the policy
type.
 Provide a description for the policy.
5. In the Desktop field, select the desktop policy settings document to associate with master policy
    you are creating or modifying.
6. Click Save and Close.
7. If you created an ex plicit policy, you can assign the master policy to users and groups. If you
    created an organizational policy, then the process is complete.

Assigning the Lotus Notes Smart Upgrade master policy to users and groups
If you created an ex plicit master policy, then you must assign the policy to users and/or groups. To
assign a master policy to a user, edit the Person document. To assign a master policy to a group, use
the Set Policy Options dialog box.

To assign a master policy to a user:
1. In the IBM(R) Lotus(R) Domino(TM) Administrator, open the Persons view on the People and
    Groups tab.
2. Select the person to whom you want to assign the IBM(R) Lotus(R) Notes(R) Smart Upgrade
    master policy.
3. Click Edit Person.
4. In the Person document, click the Administration tab.
5. In the Policy field, select the name of the Lotus Notes Smart Upgrade mast er policy.
6. Click Save and Close.

To   assign a master policy to a group:
1.    In the Domino Administrator, open the Groups view on the People and Groups tab.
2.    Select the group to which you want to assign the Lotus Notes Smart Upgrade master policy.
3.    On the Tools pane, select Groups - Set Policy.
4.    In the Set Policy Options dialog box, select the Lotus Notes Smart Upgrade master policy, and
      then click OK.

Note: You can assign only one master policy per group; however, you can assign several policy
settings documents to a master policy.

Using Smart Upgrade to run a series of client upgrades
You can use Smart Upgrade to ″chain″ upgrade kits, that is, to install them in a series from the earliest
release in the Kit document to the most recent IBM(R) Lotus(R) Notes(R) and IBM(R) Lot us(R)
Domino(TM) releas e listed in a Kit document. For example, you can create a Kit document to upgrade
the Notes client 6.5.5 to the Notes client 7.0. You can also create a second Kit document to upgrade
the Notes client 7.0 to the Notes client 7.0.2. When Smart Upgrade runs, it will recognize the
sequence and upgrade the Not es client 6.5.5 to Notes client 7.0, and will then upgrade the Notes
client to 7.0.2. When all of the upgrades are complete, the Notes client is restarted. This sequence is
followed regardless of whether Smart Upgrade is deployed manually or by a policy.

When you ″chain″ upgrade kits, be sure to use one method of installation, for example, install all kits
from a shared network drive, or perform all upgrades using attached kits. If you attempt to combine
upgrade methods, your upgrade may contain errors or fail completely.




                                                                                                      155
Notes users and Lotus Notes Smart Upgrade
The following is general information about IBM(R) Lot us(R) Not es(R) users and Smart Upgrade.
 Location documents must specify the correct home server on the Servers tab of the Location
document. If the wrong home server is specified, Smart Upgrade will not begin the upgrade process.
 The Microsoft(R) Windows(R) Installer allows you to specify administ rator-level privileges for Lotus
Notes. This allows single Windows users to install Lotus Notes without administrator access.
 At any time during the grace period, users can choose File - Tools - Notes Smart Upgrade to begin
the upgrade process.

Maintaining Lotus Notes Smart Upgrade
After you have completed the procedure for setting up the IBM(R) Lotus(R) Notes(R) Smart Upgrade
database and Smart Upgrade policies, perform the following tasks to maintain Smart Upgrade:
 Download new update kits as they become available at IBM(R) developerWorks
http://www.lotus.com/ldd/smartupgrade and add the new kits to the Smart Upgrade dat abase.
 Disable the previous update kits and enable the latest update kit. To disable a kit, clear the Enable
check box on the Basics tab of the Smart Upgrade document.
 Edit the Smart Upgrade desktop policy settings document with the new release number and grace
period.

Using the Smart Upgrade Run-As wizard
Run the Smart Upgrade Run-As wizard (S USE TRUNASWIZA RD.E XE) to create an exec utable file
(SURUNAS.E XE ) that Notes client users can then run to upgrade their IBM(R) Lotus(R) Notes(R)
clients. Lotus Notes users can use the Smart Upgrade Run-As (SURunas) feature to upgrade to a
newer Notes client release. Smart Upgrade Run -As is designed for Not es client users who do not have
administrator privileges but who still need to periodically update their Notes client soft ware. Notes
client users with administrator privileges on their local computer can still use Smart Upgrade.

As previously mentioned, you run SUSE TRUNASWIZA RD.E XE to create an exec utable file,
SURUNAS.E XE, that Notes client users can run to upgrade their Notes clients. This new exec utable
file runs within the standard Smart Upgrade program on the local workstation, as a user with
administrator privileges. You specify the administrator user name and password while completing the
Smart Upgrade Run-As wizard. While the wizard is running, you specify the file, usually a SE TUP.E XE
or similar file, that is to be run when the user runs SURUNAS.E XE. The SE TUP.E XE file that you
specify is either stored in SURUNAS.E XE or you can specify a Universal Naming Convention (UNC)
path to a shared network drive from which that setup file can be accessed. In addition to specifying the
setup file to be used, you also specify any other files to be included in the install kit. The Smart
Upgrade Run-As wizard creates the install kit that the Notes client end users run to upgrade their
Notes clients.

Note: If you have multiple domains, and if you do not have a user name and password that can be
used across multiple domains, run the Smart Upgrade Run-As wizard for each individual domain.

Running the Smart Upgrade Run-As wizard
While the running the wizard, you have the option to store the new executable in a self-contained
package in the SURUNAS.E XE file or as a file reference to a network share. Instructions for both
procedures are included here.

Running SUS ETRUNASWIZARD. EXE and storing the executable in a self-contained package in
the SURunAs executable file
1. Run the file, SUSE TRUNASWIZA RD.E XE.
2. Choose to save the new execut able in a self-c ontained package in the SURunAs executable file,
    and then click Next.
3. Choose the files to be stored in the SURUNAS.E XE file. If the files you need are not listed, click
    Add Files, and then browse to and select the files. When you have selected the files you need,
    click Next.
4. Specify any command line options that you are using, and then click Next.




                                                                                                     156
Note: For information about command line parameters, see the topic ″Running a silent upgrade using
optional arguments″ in the Domino Administrator help, as well as the installation guide and upgrade
guide for this release.

5.     Specify the path where SURUNAS.E XE is to be stored, and then click Next.
6.     Review the summary information that displays. Optionally, you can save the settings you entered,
       by clicking ″Save all settings on exit″, and then click Next.
7.     Click Finish, and then click Done.

Running SUS ETRUNASWIZARD. EXE and storing the executable as a file referen ce on a
network share
1. Run the file, SUSE TRUNASWIZA RD.E XE.
2. Choose to save the new execut able as a file reference on a net work share, and then click Next.
3. Enter the Universal Naming Convention (UNC) path to the executable file that SURUNAS.E XE will
   launch, and then click Next.
4. Specify any command line options that you are using, and then click Next.

Note: Be sure to use the /w command line argument whenever you use Smart Upgrade Run -As. For
more information, see the table below.

5.     Specify the path where SURUNAS.E XE is to be stored, and then click Next.
6.     Review the summary information that displays. Optionally, you can save the settings you entered,
       by clicking ″Save all settings on exit.″ Click Next.
7.     Click Finish, and then click Done.

Optional command        Description and           Attached kit         Shared network         Use with Smart
line arguments          use                       example              drive example          Upgrade Run-As
/s Note: Always         For attached kit,         -a                   /s /s                  Yes
place a blank space     does not display the
immediately after the   dialog box that
/s.                     prompts the user to
                        input the location to
                        which the files are to
                        be installed. By
                        default, the files are
                        placed in the user’s
                        <TempDir>\LotusNot
                        esInstall For shared
                        network drive, does
                        not display the Install
                        Shield initialization
                        box.
/v                      Passes arguments to       a /v″xxxx″           /v″xxxx″               Yes
                        MSIe xec. All
                        arguments entered         Where xxxx = an y    Where xxxx = an y
                        to the right of the       optional argument.   optional argument.
                        argument /v apply to
                        MSIe xec. -
/q                      Sets the interface        -a /v″qn″            /v″/qn″                Yes
                        level. For example,
                        /qn indicates no user
                        interface displays
                        during the upgrade.
/qb+                    Displays the basic        -a /v″qb+″           /v″qb+″                Yes
                        user interface and a
                        message box at the
                        end of the upgrade.
/px                     Web Kit installations.                         Web Kit installation   Yes
                        Sets a path to the
                        default program                                -px -a /s
                        directory and the                              /v″/qb+″
                        default data
                        directory. Hides the
                        Location to Save



                                                                                                           157
                      Files dialog box and
                      the Remove
                      Installation Files
                      dialog box. Displays
                      a message box at
                      the end of the
                      upgrade.
-d                    Specifies that files   -d -a /s /v″/qn″    Does not apply.       Yes
                      are extracted to a
                      temporary directory,
                      from which they are
                      deleted when the
                      update is complete.
                      The argument -d
                      must be the first
                      argument in the
                      series of arguments.


How Smart Upgrade performs an upgrade
If the Smart Upgrade Timer on the IBM(R) Lotus(R) Notes(R) client expires, the next time that users
log in to their IBM(R) Lotus(R) Domino(TM) home server or its cluster mate, Smart Upgrade does the
following:
1. Compares the release number of the user’s Notes client to the release number specified in the
     Source version field of the Kit document in the Lotus Notes Smart Upgrade database. The Notes
     client sends a match pattern to the server including the Notes client’s current version, the platform
     and the localization. With Domino/Notes release 6.5.5 and lat er, the Install Type is also sent. The
     server then looks for a matching kit.
2. If the server finds a match, it sends a flag back to the Notes client indicating an upgrade kit may
     exist.
3. The Notes client searches the Smart Upgrade database for a match for its current Notes client
     version, plat form and localization. With Domino/Notes release 6.5.5 or later, the Notes client also
     checks the Install Type.

Note: Smart Upgrade kits utilize a Readers field; therefore, the Notes client only sees kits for the user
specified in the Allowed Users and Servers field.

4.   If the user’s Deploy version field on the desktop policy settings document is populated with a
     version number, Not es compares that version number to the version number specified in the
     Destination version field of the Kit document.

Note: Specifying the upgrade kit release number in the Deploy version field of the desktop policy
settings document is optional. If that field is blank, but an update kit is available, Lotus Not es Sma rt
Upgrade skips Step 4 and uses the release number of the updat e kit to continue the upgrade process.

5.   If a match is found, and users are specified or are members of a specified group, Lotus Notes
     Smart Upgrade displays a Smart Upgrade dialog box that prompts the users to upgrade their
     Notes client.
6.   Users can updat e their clients when prompted or delay the upgrade for a specified period of time.
     If the user has a policy that specifies an Upgrade deadline and that date has expired, the Smart
     Upgrade dialog box displays an ″Updat e Now″ button that forces users to update their Notes client
     with no options for further delay. If the setting ″Remind me every hour aft er upgrade deadline has
     passed″ is set in the policy settings document, users can delay the Smart Upgrade in one hour
     increments before being prompted again.

Chapter 7. Uninstalling Notes
To uninstall IBM(R) Lotus(R) Notes(R), use any of the following procedures:
 Uninstall from Windows using Add Remove
 Uninstall from Linux using command line
 Cleaning a previous Notes 8 Beta from your client
 Uninstalling Notes silently




                                                                                                       158
Uninstalling Notes from a Windows client
Use the following procedure to uninstall IBM(R) Lotus (R) Not es(R) from the Microsoft (R) Windows(R)
client.

Note: If you installed Lotus Notes using multi-user, you must log in as an administrative us er to
uninstall. When uninstalling a multi-user install, each user’s Notes data directory and workspace are
left intact to preserve data.
1. Exit Lotus Notes before uninstalling the pro duct.
2. Click Add/Remove Programs from the Windows Control Panel.
3. Locate and select IBM Lotus Notes 8.5 in the application list. For example, if you are uninstalling a
      Beta version, the listed application might be ″IBM Lotus Notes 8.5 Beta 3.″
4. Click Remove.
5. Respond to all prompts.

Uninstall may take several minutes to complete.


Uninstalling Notes from a Linux client
Use this procedure to uninstall IBM(R) Lotus(R) Notes(R) from a Linux(R) client. Each user’s Notes
data directory and workspace are left intact to preserve data.
1. Exit Lotus Notes before uninstalling the product.
2. Log in as an administrative user.
3. Navigate to <install path>//uninstaller.bin using File Browser or a shell terminal.
4. Run the uninstaller.bin file by either double -clicking on the icon in File Browser or executing
    ./uninstaller.bin in a shell. Uninstall may take several minutes to complete.

Uninstalling Notes silently
You can uninstall IBM(R) Lotus(R) Notes(R) silently. Each user’s data directory and workspace will be
left to preserve data. If you are uninstalling a multi-user install, log in as an administrat or or root user.

Note: Shut down the Lotus Notes application before starting the uninstall procedure.

Microsoft Windows
You can uninstall Lotus Notes silently from Microsoft (R) Windows(R).
1. Ensure that Lotus Notes is not running.
2. Open a command prompt window.
3. Change to the directory in which the installation package uninstaller resides or specify the full path
   to the MSI file.
4. Run the uninstall command. A sample syntax is shown below: msiexec /x "Lotus Notes 8.5.msi" /qn

Linux
You can uninstall Lotus Notes silently from Linux(R).
1. Ensure that Lotus Notes is not running.
2. Open a Linux shell.
3. Change to the directory in which the uninstaller resides or specify the full pat h to the uninstaller.
4. As the root user, run the following command to silently uninstall Lotus Notes.
    <install_dir>/uninstaller.bin -silent


Cleaning a previous Notes 8.5 installation from your client
If you experience a problem installing Lotus Notes 8.5 on a system on which a previous beta has been
installed, or if you exited out of the Notes installation process prior to its completion, review the
troubleshooting suggestions provided below. Uninstall instructions are provided in the release notes
supplied with each beta. If, after uninstalling your Lotus Notes 8.5 beta or partial release, you continue
to experience problems installing Lotus Notes 8.5, use the manual cleanup instruction provided below.

Note: You should be able to upgrade from Lot us Notes 8.5 Beta 3 to the release version Lotus Notes
8.5. Upgrade to Lotus Notes 8.5 from a Beta 2 or earlier version is not supported. If you experienc e
trouble installing Lotus Not es 8.5, first use the cleanup instructions for Beta 3 or later, and then use the
cleanup instructions for Beta 2 or earlier (if applicable). Both sets of instructions are det ailed below.


                                                                                                           159
System on which a Lotus Notes 8.5 Beta 2 or earlier beta version
was installed
If after uninstalling a Bet a 2 or earlier beta version of Lotus Notes 8.5, you experience an issue
installing this Beta 3 version, review the troubleshooting suggestions provided below.

Cleanup instructions for Windows -- Lotus Notes 8.5 Beta 2 or
earlier To clean a Lotus Notes 8.5 Beta 2 or earlier beta version from your Microsoft(R)
Windows (R) client, complete the following procedure:
1. Delet e the Lotus Notes 8.5 Beta <install path>\ framework folder.
2. Remove C:\Program Files\Common Files\ InstallShield\Universal\ibm\notes.

Note: Subsequent installation may fail if you uninstalled the Lotus Notes 8.5 Beta, but temporary files
were left in Program Files\Common Files\InstallShield\Universal\ibm\notes. Symptoms are a relatively
quick install, or a ″null″ error in the installation panels. To prevent this problem, be sure to uninstall
Lotus Not es 8.5 and manually remove any files left in Program Files \Common
Files\Univers al\ibm\notes.

3. Remove the user workspace located in Doc uments and Settings\<user
name>\ IBM\RCP\<timestamp> if present.

Note: If multiple workspace folders are present, delete the most -recently created folder. You can
determine which folder was created most recently by clicking View - Details.

4. Delete the following two registry keys, if they exist, using the Start - Programs - Run - regedit
command sequence:
 HKEY_LOCAL_MACHINE\SOFTWA RE\Lotus\Notes
 HKEY_LOCAL_MACHINE\SOFTWA RE\IBM\Lotus\Expeditor

Note: If the only folder inside HKEY_LOCAL_MA CHINE\SOFTWARE\IBM\Lotus is Expeditor, delet e
the Lotus folder.

Cleanup instructions for Linux -- Lotus Notes 8.5 Beta 2 or earlier
To clean a Lotus Not es 8.5 Beta 2 or earlier beta version from your Linux (R) client, complete the
following procedure:
1. Remove the Lot us Notes 8.5 Beta<install path>/framework folder.
2. Remove /home/<user name>/InstallShield unless you have installed other programs on your
     system with Macrovision InstallShield.
3. Remove /home/<user name>/IBM.
4. Remove /home/<user name>/install.log if pres ent.
5. Remove the contents of /tmp that are owned by <user name>.
6. Remove /home/<user name>/install.xml if present.
7. Remove /home/<user name>/tmp_notes_args.properties if present.
8. Remove /home/<user name>/notes.
9. Update the following hidden files:

Note: To view these hidden files in File Browser, click View - Show Hidden Files and scroll down the
list.
 Remove /home/<user name>/.notesrc.
 Restore /home/<user name>/.profile by removing Notes references from any variables.
 Restore /home/<user name>/.bash_profile by removing Notes references from any variables.

System on which a Lotus Notes 8.5 Beta 3 version, or partially
installed Lotus Notes 8.5 version, was installed:
If after uninstalling a Bet a 3 version of Lotus Notes 8.5, or exiting out of Lotus Notes 8.5 installation
before installation was complete, before you experience an issue re -installing, review the
troubleshooting suggestions provided below.




                                                                                                             160
Cleanup instructions for Windows -- Lotus Notes 8.5 Beta 3 or later:
To clean a Lotus Not es 8.5 Beta 3 or later Lot us Notes 8.5 version from your Windows client, complete
the following procedure:
1. Delet e the Lotus Notes <install path>\framework folder.
2. Delet e the following two registry keys, if they exist, using the Start - Programs - Run - regedit
     command sequence:
 HKEY_LOCAL_MACHINE\SOFTWA RE\Lotus\Notes
 HKEY_LOCAL_MACHINE\SOFTWA RE\IBM\Lotus\Expeditor

Note: If the only folder inside HKEY_LOCAL_MA CHINE\SOFTWARE\IBM\Lotus is Expeditor, delet e
the Lotus folder.

3. If Notes appears in your Add/Remove Program panel, run the Windows installer cleanup utility
located at http://support.microsoft.com/default.aspx?scid=kb;en -us;290301.

Cleanup instructions for Linux -- Lotus Notes 8.5 Beta 3 or later:
To clean a Lotus Not es 8.5 Beta 3 or later Lot us Notes 8.5 version from your Linux client, complete the
following procedure:

As   root user:
1.    Remove <install path>/install.log and any other log files left over in that directory.
2.    Remove<install path>/framework.
3.    Remove /root/InstallShield (unless you have installed other programs on your system with
      InstallShield).
4.    Remove /root/lotus.
5.    Remove /root/install.log if present.
6.    Remove /root/install.xml if present.
7.    Remove /etc/lotus/notes if pres ent.

As   non-root user:
1.    Remove /home/<install path>/lotus.
2.    Remove /home/<install path>/InternalProvisioning.log.
3.    Remove the contents of /tmp owned by <install path>.

Chapter 8. Setting up Domino and DB2
This chapter contains overview information about IBM(R) Lot us(R) Domino(TM) and IBM(R) DB2
Universal Database(TM) Enterprise Server Edition, and describes how to install and set up the
Domino and IBM(R) DB 2 Universal Database(TM) Enterprise Server Edition environment.

Domino and DB2 user accounts that are needed for Domino and
DB2
To install the IBM(R) DB2 Univers al Database(TM) E nterprise Server Edition software on Micros oft(R)
Windows (R) or on IBM(R) AIX(R) or UNIX(R), you need an installation account.
 An installation account is an OS user account created in Microsoft Windows or AIX/UNIX. You use
this account to install the IBM(R) DB 2(R) DB2 Universal Database(TM) software.
Accounts required with Microsoft Windows
Each account is fully explained later in the documentation, but here is a list of the user accounts that
you will need:
1. A DB2 administrator’s account which is an OS user account. This OS user account starts the DB2
    services.
2. A DB2 user account that the IBM(R) Lotus (R) Domino(TM) server uses to aut henticate with the
    DB2 server. This DB2 user account is created during DB2 server enablement and is called the
    Domino server user account.

Note: The DB2 server enablement tool enables a Domino server to communicate with a DB2 server.

3.   An IBM(R) Lotus(R) Notes(R) user account with Domino server access rights.



                                                                                                     161
4.   A DB2 account name which is an OS user account that you will map to the IBM(R) Lot us(R)
     Notes(R) us er account. This mapped account is needed for accessing the DB2 Access Views and
     Query Views.


Accounts required with AIX/UNIX/Linux
Each account is fully explained later in the documentation, but here is a list of the user accounts that
you will need:
1. A DB2 user account name that Domino us es to authenticate with the DB 2 server. This account
    can be the DB2 instance owner, in which case, it is created when the DB2 instance is creat ed
    during DB 2 server installation and configuration. If you are not using the DB2 instance account,
    this DB2 account is created during the DB2 server enablement process and is called the Domino
    server user account.
2. A Notes user account with Domino server access rights.
3. A DB2 account name which is an OS user account that you will map to the Notes user account.
    This mapped account is needed for accessing the DB2 Access Views and Query views.
Domino and DB2 supported platforms and configurations
Use the information in these topics to verify which plat forms and configurations are supported.
 Supported platforms and hardware and software requirements
 Supported configurations in Domino and DB 2

Supported platforms and hardware and software requirements
IBM(R) Lotus(R) Domino(TM) can use Query Views, as well as some IBM(R) Lot us(R) Domino(TM)
Designer features for DB2 Access Views. Any version of the IBM(R) Lotus(R) Notes(R) C-AP I program
that can access the DB2 enabled Domino server can also access IBM Lotus Notes databases stored
in IBM(R) DB2 Universal Database(TM) Enterprise Server Edition.

Supported platforms
Domino 8.5, 32-bit application is supported on the following platforms:
 Microsoft(R) Windows(R) 32-bit and MS Windows 64-bit
 IBM(R) AIX(R) 5.3, 64-bit
 Linux(R) (S LES10) 64-bit DB 2 9.1, 32-bit is certified on Microsoft Windows; DB2 9.1, 64 -bit is
certified on IBM AIX and Linux. DB2 9.1 can be installed on the following plat forms:
 MS Windows 32-bit and MS Windows 64-bit
 IBM AIX 5.3, 64-bit
 Linux (SLES10) 64-bit

Note: Shared mail is not supported for a DB 2 server. The recommended method of installation is to
create a new DB2-enabled Domino server and replicate to DB2. If an existing server is upgraded to a
DB2-enabled Domino server, the shared mail linked mail files need be unlinked prior to the upgrade.

Prerequisites for IBM AIX
 64-bit kernel
 POWER4 or more recent hardware

Software requirements
 IBM(R) Lotus(R) Domino(TM) server 8.5
 IBM Lotus Domino Administrator 8.5
 IBM(R) DB 2 Universal Database(TM) Enterprise S erver E dition, version 9.1.

Note: If your configuration includes DB2 on the Domino server and DB2 on a DB2 server, bot h servers
must be running DB2 9. 1.
 DB2(R) Run-Time Client is required for remote configurations

CAUTION: Do not confuse the DB2 Run-Time Client with the DB2 Run Time Client Lite (RTCL).
The DB2 Run Time Client Lite is NOT supported.

 IBM DB2 Access for Lotus Domino 8.5



                                                                                                      162
 IBM Lotus Notes Client 8.5

Memory requirements for a DB2 enabled Domino server, Microsoft Windows or
IBM AIX and Linux Microsoft Windows platform
 Computers require a minimum 1 GB RAM, 2GHz Processor.
 On a local configuration, that is, the IBM(R) Lot us(R) Domino(TM) server and the IBM(R) DB2
Universal Database(TM) Enterprise Server Edition server are installed and running on the same
Microsoft (R) Windows(R) computer, the computer should be dedicated to Domino and have no more
than one DB 2 instance and one DB 2 database for the Domino server.
 On a remote configuration, that is, the Domino server and the DB2 server are installed on and are
running on separate comput ers, the DB2 server must have one DB2 instance and one DB2 dat abase
for the Domino server.

IBM AIX and Linux platform
 The DB2 S erver can be configured with multiple DB2 instances but can only have one DB2 instance
and one DB2 dat abase per Domino Server.
 A minimum of 1GB memory per DB2 instance
 The Input Output Completion Protocol (IOCP) must be installed on IBM(R) A IX(R) systems on which
the DB2 Access server is installed. If Domino has not been installed on the computer where the DB 2
Access server is to be installed, you must manually verify that IOCP is installed and enabled prior to
installing the DB 2 Access server.

Other requirements
 Transaction logging must be enabled to run the DB2 enabled Domino server. When you enable
transaction logging on the Server document, set the log file size to at least 192 MB.
 UTF-8 is support ed for Domino and DB 2. New databases are created as UTF-8 databases. No other
database enc oding is supported.

What’s not supported in this release of Domino and DB2?
Domino and DB 2 does not support the use of the following:
 IMAP4
 ODS version 41
 Domino’s extended ACLs are not supported with DB 2 enabled Notes databases.
 SCOS (shared mail)
 System databases are not supported as DB2 enabled Notes databases (NAMES.NSF, LOG.NSF,
etc.)

Memory and hardware requirements
 2 GHz processor
 1 GB RAM

Supported configurations in Domino and DB2
The following IBM(R) Lotus(R) Domino(TM) and IBM(R) DB 2 Universal Database(TM) Enterpris e
Server Edition configurations are supported:
 Local Configuration -- Domino 8.5 and DB2 9.1 installed and running on one computer. (See Figure
1)
 Remot e Configurations -- See Remote Configuration, Figure 2 and Figure 3.

–   DB2 Run-Time Client is installed on the same servers as Domino, and the Domino server is
    pointing to one instance of DB2 9.1 installed on another computer. The DB2 Run -Time Client must
    be installed on the Domino server. (See Figure 2)

CAUTION: Do not confuse the DB2 Run-Time Client with the DB2 Run Time Client Lite (RTCL).
We do not support the DB2 Run Time Client Lite.

–   Multiple Domino servers are reinstalled on one partitioned server. DB2 is installed on another
    server. (See Figure 3) To use a DB2 server remotely, the computer on which the Domino server
    resides must also have one of the following DB 2 components installed:


                                                                                                   163
 DB2 Run-Time Client -- Must be installed on the Domino server in all configurations where DB2 is
installed on one computer and Domino is installed on another computer.
 DB2 Universal Database(TM) Enterprise Server Edition -- Includes all components of a DB2 server
and connects to a remot e DB2 server.
 DB2 Workgroup Edition -- We do not provide this but if a customer has purchased and is using this,
we will support it. Each Domino server manages its own dat abas e on the DB2 server.

A DB2 server can support multiple Domino servers, each connected to its own database. These can
be separate databases in the same DB2 instance or separat e DB2 instances -- eac h supporting a
single dat abase / Domino server (recommended). For information about DB2, go to the DB2
Information Center at http://publib.boulder.ibm.com/infocenter/db2help/index.jsp.

Example of a local Domino and DB2 configuration
In this configuration, the IBM(R) Lotus(R) Domino(TM) server and IBM(R) DB 2 Universal
Database(TM) Enterprise Server Edition server are installed and running on the same computer.




You can configure DB2 to support one or more Domino servers.

Example of a remote Domino and DB2 configuration that uses separate servers
In a remote configuration, IBM(R) Lotus(R) Domino(TM) runs on one or more servers and IBM(R) DB 2
Universal Database(TM) Enterprise Server Edition runs on one or more servers. This example applies
to DB2 on IBM(R) A IX(R) because the DB2 server contains multiple DB 2 Instances. You can configure
DB2 to support multiple Domino servers. In this configuration, the DB2 Run-Time Client is installed on
the Domino servers.

CAUTION: Do not confuse the DB2 Run-Time Client with the DB2 Run Time Client Lite (RTCL).
We do not support the DB2 Run Time Client Lite.




                                                                                                  164
Each Domino server must point to its own unique DB 2 database.

Example of a remote Domino and DB2 configuration that uses partitions
In this remote configuration, multiple IBM(R) Lotus(R) Domino(TM) servers reside on one partitioned
server that communicates with IBM(R) DB 2 Universal Database(TM) Enterpris e Server Edition, whic h
is installed on a separat e computer.




Mixed plat forms are supported for Domino and DB 2. For example, you can run a Domino server on
Microsoft (R) Windows(R) and also have a remote DB 2 server running on IBM(R) A IX(R).

Installation and setup procedures
Complete the installation procedures for Microsoft(R) Windows(R) or IBM(R) AIX(R) according to the
platform you are using, whether you are installing a DB2 Access server, and whether you are setting
up a local or remote configuration. You only need to install the DB2 Access server on an IBM(R) DB2
Universal Database(TM) Enterprise Server Edition server if you want to make IBM(R) Lot us(R)
Domino(TM) data available in DB2. If you only host NSF databases in DB2, you do not need to install
the DB2 Access server. The DB 2 Access server facilitates your use of the IBM(R) Lotus(R)
Domino(TM) Designer view functions for DB 2 by enabling Domino’s user security.
 Installing Domino and DB 2 on Microsoft Windows plat forms
 Installing Domino and DB 2 on IBM AIX and Linux platforms
 Upgrading Domino and DB 2

Installing Domino and DB2 on Microsoft Windows platforms
Complete this procedure to set up a new IBM(R) Lotus(R) Domino(TM) and IBM(R) DB 2 Universal
Database(TM) Enterprise Server Edition environment on Microsoft(R) Windows(R). This is not a
procedure for upgrading an existing Domino and DB2 configuration.

Setting up the Domino server environment for use with DB2
1.   (Domino administrator) Install and set up the Domino server and the Domino Administrator.

Installing and Setting up DB2
1.   (MS Windows administrator) Create an installation user account.
2.    ( DB2 Administrator logged on with Installation us er account) Install DB2 on Microsoft Windows.
3.   Restart the Domino server.




                                                                                                    165
Setting up the DB2 server environment
1.   (MS Windows administrator) Create a DB2 administrator account.
2.   Determine whether you have a SYSCTRL group
3.   If your DB 2 configuration has a SYSCTRL_GROUP, you can omit this step. If your DB2 does not
     have a SYSCTRL_GROUP, designate the DB 2DOM group a system control group and add the
     Domino super user to the system control group
Enabling the Domino server to communicate with the DB2 server
1.   (Domino administrator) Enable the Domino server to communicate with the DB 2 server.
2.   Grant the SETSESS IONUSE R pri vilege to the Domino server user.
3.   If you are using a remot e DB2 server, complet e the steps in the topic Using a remote DB2 server
     with server enablement.

(Optional) Setting up the DB2 Access server
Installing the DB 2 Access server is optional. Determine whether you need to install it. The DB 2 Access
server is required for SQL access to Domino data which includes Query Views of Domino data, as well
as any DB2-based application access to Domino data. Query Views of non -Domino dat a do NOT
require the DB2 Access server.

1. Create a server ID for the DB2 Access server.
2. (Domino administrator) Install the DB2 Access server on the server running DB2.
3. (Domino administrator) Enable the DB 2 Access server.
4. (Domino administrator) To verify that the DB2 Access ser ver is installed and configured properly,
    use the Test DB2 Access feature from the Domino Administrator client.
5. (Domino administrator) Restart the Domino server and the Domino Administrator.
6. (Domino administrator) Map the DB2 user name to a Notes user name. As a final validation,
    create a database, and then verify that the dat abas e exists in DB2.


Installing Domino and DB2 on IBM AIX and Linux platforms

Installing and setting up the DB2 server
1.   (IBM(R) AIX(R) or Linux(R) Admin) Create the DB 2 installation user account.
2.   (DB2 or IBM A IX or Linux admin logged on using installation user account) Install DB2 on IBM
     AIX.

Setting up the DB2 server environment
1.  Create a DB2 administrator account.
2.  (AIX or Linux Admin) From AIX or Linux OS or from the A IX or Linux administrator tool, create
    three primary groups.
3. (DB2 administrator) Det ermine whether your DB2 configuration already has a SYSCTRL_GROUP.
4. On the IBM(R) DB 2 Universal Database(TM) Enterprise Server Edition server, log in using the
    Instance owner user account name and password. In a remote configuration, the IBM(R) Lotus(R)
    Domino(TM) user account can be the same ID as the Instance owner’s user ID.
5. Add the Domino server user account to the DB2DOM group or to whatever group you have
    designated as the SYSCTRL_GROUP.
6. (Instance owner)Update the DB2 configuration by entering these commands from the CLP
    window: DB2STOP DB2START
7. From AIX or Linux OS or from the AIX or Linux administrator tool, creat e three user accounts and
    add them to groups you created in step 2.
8. (DB2 Administrator) If your configuration includes a DB2 Run-Time Client, install the DB2 Run -
    Time Client on the computer on which you installed the Domino server.
9. Restart the Domino server.
10. DB2 administrator) Install IOCP on the same server o n which you will install the DB2 Access
    server.
11. (Domino administrator) Restart the Domino server and the administrator client.

Enabling the Domino server to communicate with the DB2 server
1.   (Domino administrator)From the Domino Administrat or, run the DB 2 Server Enablement Tool to
     enable the Domino server to communicat e with DB 2.



                                                                                                     166
2. Grant the SETSESS IONUSE R privilege to the Domino server user
3. If you are using a remot e DB2 server, complet e the steps in the topic Using a remote DB2 server
     with server enablement.

(Optional) Installing the DB2 Access server
Installing the DB 2 Access server is optional. Determine whether you need to install it. The DB 2 Access
server is required for SQL access to Domino data which includes Query Views of Domino data, as well
as any DB2-based application access to Domino data. Query Views of non -Domino dat a do NOT
require the DB2 Access server.
1. (Domino administrator)Create a server ID for the DB2 Access server .
2. (Domino administrator)Install the DB2 Access server on the server running DB2
3. (Domino administrator) Enable the DB 2 Access server.
4. (Domino administrator) To verify that the DB2 Access server is installed and configured properly,
    use the Test DB2 Access feature from the Domino Administrator client.
5. (DB2 administrator) Map the DB2 user name to a Notes user name

Verify your installation
Complete the A IX or Linux post-installation validation procedure. As a final validation, create a
database, and then verify that the database exists in DB2.


Setting up the Domino server environment for use with Domino and
DB2
1.   (Domino administrator) Install and set up the IBM(R) Lotus(R) Domino(TM) server and the Domino
     Administrator. For instructions, see Chapters 1 - 3 of Administering the Domino System, or see the
     Domino Administrator Help.
2.   Start the Domino server. When you start the Domino server, you are prompted to specify whether
     to run Domino as an application or a Microsoft (R) Windows(R) service. Choose application.
3.   (Domino administrator)On the Domino server, permanently enable trans action logging. (Domino
     administrator)

Note: Enabling IBM(R) DB2 Universal Database(TM) Enterprise Server Edition functionality on the
Domino server requires that Domino transaction logging be enabled first. Linear, circular or archival
transaction logging can be used. Domino trans action log spac e will be us ed to store only data from
NSF databases that have logging enabled. All DB2 enabled IBM(R) Lotus(R) Notes(R) databases will
have logging enabled, but the DB 2 transaction log will be used to store data from DB2 enabled Not es
databases. Because DB 2 is handling this logging, if you are only using DB2 enabled Notes databases,
the Domino transaction log can safely be set to minimum size.
4. Stop the Domino server.
5. (Domino admin) If the DB2 server is not installed on the same computer with the Domino server,
    install the DB2 Run Time Client on the computer with the Domino server. The DB 2 server install
    includes DB 2 client libraries which

Domino requires access to. If the DB 2 server is on the same computer with the Domino server,
Domino can use those libraries.

6. (Domino administrat or)St art the Domino server.

Creating the DB2 installation account
You must have a DB 2 installation account and use that user account to log on to a local computer to
install the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition server. The DB2 Server
Enablement tool uses this user account during the DB 2 server setup. The DB 2 installation account can
be a local or domain user account that you create at the OS level in Microsoft(R) Windows(R) or
IBM(R) A IX(R) and it must belong to the Administrat ors group on the computer on which you are
performing the DB 2 installation. On IBM AIX platforms, the DB2 installation account is typically the root
account. For details about creating user or domain accounts and assigning Administrator rights, see
your Microsoft Windows or IBM AIX documentation. For example, in Microsoft Windows, create the
account from the Control Panel - Administrative Tools, and then assign the Administrat or rights listed



                                                                                                      167
below to the account from Control Panel - Local Security Policy. The installation account must be
granted the following rights:
 Act as part of the operating system
 Create a token object
 Increase quotas
 Replace a process level token If the Administrators group already has the administrator rights, there
is no need to specifically add the DB2 installation account because these rights will be inherited.

Note: If you want the DB2 Setup wizard to create a new DB 2 administration server user account,
which is a domain user account, the installation account that you use to perform the DB2 installation
must also be assigned the right to create domain user accounts and it must belong to the
Administrators group on the computer on whic h you are performing the DB2 installation.

For more information about the DB 2 installation account, go to the DB2 Information Center
http://publib.boulder.ibm.com/infocenter/db2help/index.jsp. After you create the DB 2 installation
account and assign the necessary rights, log in using the DB2 installation account to begin installing
DB2. If you are using an IBM AIX plat form, return to the roadmap topic Installing and setting up the
DB2 server.

Installing and Setting up DB2 on Microsoft Windows
Before you run the DB2 Set up wizard, set up one user account at the operating system level that you
will use to install IBM(R) DB2 Universal Database(TM) Enterprise Server Edition. This DB 2 installation
user account must have Administrator rights and must adhere to the DB 2 naming rules.

For information about the DB 2 installation account, see Creating the DB2 installation account. When
you install or reinstall DB2, be sure to establish or reestablish DB 2 environment variables and tuning
parameters by setting the paramet er DB 2_USE_ALTE RNA TE_PAGE_CLEA NING=. For information
about setting the environment variables and tuning parameters, see the topic Improving Domino and
DB2 Performance.

Transaction Logging
As previously mentioned, transaction logging must be enabled on t he IBM(R) Lotus (R) Domino(TM)
server before you install DB2. Ensure that you have enabled transaction logging. On the Server
document on which you enable transaction logging, set the Log file size to at least 192 MB.

Setting up DB2 on Microsoft Windows
Follow these steps to set up DB2 on Microsoft(R) Windows(R) systems.
1. Run SE TUP.E XE.
2. Click Install Product.
3. Choose DB 2 UDB Enterprise Server Edition.
4. Click Next. The DB2 Setup wizard runs.
5. Make these selections:
 Select the Typical installation optio n unless you wish to add additional DB2 features.
 Select the default DB 2 administrator name unless you are using other naming standards.
 Set up an Administration Contact List. Create a Loc al contact list on the system unless you are using
remot e notification.
 Enter the host name of your Domino server in the Notification SMTP Server field unless you have
another SMTP server that you are using. This assumes that your Domino server is running SMTP.
 Accept the default settings to configure DB2 insta nces. Keep a record of the instance name, as it is
required to configure Domino to work with DB2.
 You do not need to prepare the DB2 Tools Catalog.
 You are not required to specify a contact for Health Monitor Notification, but you may choos e to enter
the name and Int ernet e-mail address of your DB2 Administrator.
 Do not enable operating system security.

Return to the topic Setting up the Domino server environment for use wit h Domino and DB 2.




                                                                                                     168
Installing DB2 on IBM AIX and Linux platforms
Note: Only 64-bit Instances are supported on IBM(R) AIX(R) and on Linux(R).

Installing DB2
1.   Locate the file ese.dbcs.tar.Z.
2.   Uncompress ese.dbcs.tar.Z, and then tar -x vf ese.dbcs.tar.
3.   Log in as root.
4.   From the es e.dbcs directory, run db2setup.
5.   Install these options:

 DB2 UDB Enterprise Server Edition
 DB2 Application Development Client
 DB2 Administration Client

6.  Enter the name of the DAS user that you created. (Y ou created a DAS user account when you
    created users and groups when installing IBM(R) Lotus(R) Domino(TM) and DB 2 on IBM AIX.)
7. Create a DB2 instance on a 64-bit single partition server. Make the DB2 instance owner account
    the owner of the DB2 instance.
8. Enter the DB 2 Fenc ed user account name.
9. When you have complet ed ent ering the requested information, click Finish.
10. From the DB2 CLP, assign the proper privileges to the DB2DOM group by entering: Db2 update
     dbm cfg using SYSCTRL_GROUP db2dom

Verify that your DB2 setup on IBM AIX or Linux is correct
1.   Log in as db2inst1.
2.   Enter DB 2.
3.   At the command line processor (CLP), type this command to create a test database:
Db2 create db test
4.   Type these commands to display a list of DB 2 databases:
Db2 list db directory
Db2 connect to test
Db2 connect reset

Return to the roadmap topic Installing and setting up the DB2 server.

Creating the DB2 administrator and administration server account
You creat e the IBM(R) DB2 Universal Dat abase(TM) Enterprise Server Edition administrator account
during the DB2 installation process. The DB2 administrat or ac count is also called the DB2
Administration server (DAS) us er account. DAS is a DB2 administration service that supports the GUI
tools and assists with administration tasks on local and remot e DB2 servers. The DAS user account
logs the DAS service on to the computer when the DAS service is started. It can be a local user
account or a domain user account. It is recommended that the DAS user account have SYSADM
authority on each DB2 system in your environment so that it can start or stop other instances as
necessary.

Note: By default, any user that is part of the Administrat or group has SYSADM authority. The DB2
administrator account starts the DB2 services, such as DB2 DAS, DB2 Remote Command server,
DB2 Governor, and other DB 2 services. You can create the DAS account before you install DB 2 or
you can use the DB2 Setup wizard to create it. The DAS account must be granted these rights:
 Act as part of the operating system
 Create a token object
 Log on as a servic e
 Increase quotas
 Replace a process level token

The DB 2 administrator account must belong to the Administrator’s group on the machine on which you
perform the DB2 installation. If you are using an IBM(R) AIX(R) or Linux(R) platform,return to the
roadmap topic Setting up the DB2 server en vironment.




                                                                                                    169
Create the DB2 primary groups
1.   (IBM(R) AIX(R) or Linux(R) admin) From the AIX or Linux OS or from the A IX or Linux
     administrator tool, create these three primary groups:

Note: You are creating a group for eac h of the three users listed in St ep 10.
 DAS user group. For example, use group name db2asgrp.
 Fenced us er group for the us er who owns the DB2 Access server. For example, use the group name
db2fadm1.
 Instance owner account group. For example, use the group name db2iadm1. Return to the roadmap
topic Setting up the DB2 server environment.

Creating the DB2 user accounts and adding the users to groups
1.  (IBM(R) AIX(R) or Linux(R) admin) From the IBM(R) AIX(R) or Linux OS or from the AIX or Linux
    administrator tool, create these three user accounts and then add the user to the corresponding
    group you created in Step 6.
 DB2 instance owner -- When you create this account, it is automatically created in the home
directory.
 Fenced -- DB 2 Fenced User runs user-defined functions (DB2 Access) and stores proc edures
outside of the address space used by the DB2 dat abase.
 DAS account -- DAS account runs the DB2 server on your system.

Required user                      Example user name                 Example primary group name
Instance owner                     db2inst1                          db2iadm1
Fenced user                        db2fenc1                          db2fadm1
DB2 administration server user     db2as                             db2asgrp

User name                          Primary group                     Secondary groups
db2inst1                           db2iadm1                          Db2asgrp, db2dom
db2fenc1                           db2fadm1                          db2dom
db2as                              db2asgrp                          Db2iadm1, db2dom

Return to the roadmap topic Setting up the DB2 server environment.

Determining whether you have a SYSCTRL group
1. ( DB2 Administrator)Determine whether your IBM(R) DB 2 Universal Database(TM) Enterprise
Server Edition configuration has a SYSCTRL group by entering this command from the DB 2
Command Line P rocessor (CLP ):
2. ( DB2 Administrator) If your DB2 configuration has a SYSCTRL_GROUP, you can omit this step. If
     your DB 2 configuration does not have a SYSCTRL_GROUP, set up DB2DOM as the
     SYSCTRL_GROUP in DB 2 by entering this command from th e DB2 CLP: Update dbm cfg using
     SYSCTRL_GROUP DB2DOM
3.   ( DB2 Administrator)Update the DB 2 configuration by entering these commands from the CLP
     window: DB2STOP DB2START If you are working with a Micros oft(R) Windows(R) plat form, return
     to the roadmap topic Setting up the DB2 server environment. If you are working on an IBM(R)
     AIX(R) platform, return to the roadmap topic Setting up the DB2 server environment.

Manually creating the Domino server user account and the
DB2DOM group
1.   Use the IBM(R) DB 2 Universal Database(TM) Enterprise Server Edition naming conventions to
     create a Microsoft(R) Windows(R) user account.
2.   Specify a password for the new us er account, and then click Create to save the user name and
     password. Exit that dialog box.
3.   Create a new Windows group and name it DB2DOM.
4.   Add the new user to the DB 2DOM group. When you click Create, the DB2DOM group is added to
     the group list.




                                                                                                  170
If you are using a Microsoft Windows plat form, return to the roadmap topic Setting up the DB2 server
environment.

If you are using an IBM(R) AIX(R) or Linux plat form, return to the roadmap topic Setting up the DB 2
server environment.

Designating the DB2DOM group a system control group and adding
the Domino server user to the system control group
If you already have a SYSCTRL group that you want to use, you can add the IBM(R) Lotus(R)
Domino(TM) server user to the existing group instead of creating a new group.
1. From the Microsoft (R) Windows(R) desktop, choose Start - Programs - IBM DB 2 - Command Line
     Tools - Command Line Processor.
2. From the command line processor (CLP), enter this command to define DB2DOM as a system
     control group: Update dbm cfg using SYSCTRL_GROUP DB2DOM This message appears:
     ″Completed Successfully.″
3. From the CLP, enter this command to stop the IBM(R) DB2 Univers al Database(TM) Ent erprise
     Server Edition server: db2stop
4. From the CLP, enter this command to restart the DB2 server: db2start
5. Enter this command to exit the CLP:
Quit

6.     Enter this command to close the command window:
Exit If you are working with a Microsoft(R) Windows(R) plat form, return to the roadmap topic Setting up
the DB2 server environment. If you are working on an IBM(R) AIX(R) or Linux(R) platform, ret urn to
the roadmap topic Setting up the DB2 server environment.

Enabling the Domino server to communicate with the DB2 server
Use the DB 2 Server Enablement Tool, available from the IBM(R) Lotus (R) Domino(TM) Administrator
client, to automatically enable Domino to access an IBM(R) DB2 Universal Database(TM) Enterprise
Server Edition server. Or, you can manually enable Domino to access a DB2 server. When you enable
a Domino server for DB 2, Domino stores its IBM(R) Lotus(R) Notes(R) data in DB 2. When a Notes
database is enabled for DB2, Domino creat es a DB2 databas e schema for it, as well as a set of tables
in that schema to hold the Notes database dat a. The schema name is based on the NSF file name.
The DB 2 Server Enablement Tool is the recommended method of enabling Domino access to a DB2
server. The DB2 Server Enablement Tool does the following:
 Checks for a valid DB 2 library path and does one of these: – On Microsoft (R) Windows(R) -- If a
valid DB2 library path is located, the Enable Server for DB2 Based Data dialog box displays with the
focus in the field, DB 2 Library Path. If a valid DB2 library path is not located, Domino posts a message
stating you must install DB2 prior to enabling the Domino server. – On IBM(R) AIX(R) -- A dialog box
displays in which you can enter the default DB2 install path. If you have not installed DB2, you must do
so before proceeding.
 Inserts the DB 2 user name and password in the Domino server ID.
 Checks the accuracy of the DB2 information that you ent ered. (If any DB2 information is incorrect,
the Enable Server for DB 2-Bas ed Data dialog box displays with the focus in the field containing the
incorrect information.) If the DB2 information is accurate, Domino does the following: – Writes the
configuration information to the NOTES.INI file. – Populat es the fields on the DB 2 tab of the Server
document on the administration server and replicates the Server doc ument back to the originating
server. To allow the Server document to be updat ed, the administration process must by running on all
of your servers and a replication schedule must be enabled between the administration server and the
server you are enabling.
 Enables DB 2 as a data store for Domino, which enables Domino to use DB2. The fact that DB2 is
used as a dat a store is transparent to Notes client users. Only administrators are aware of this. Notes
users use Domino Notes as usual; Domino uses DB2.
 The DB2 database is created when the Domino server starts up after the DB2 -enablement process.
Domino uses the administration process to create that dat abase, and the administration process
requires that the administration server is running. Aft er the database is created, the default schemas,
domino.catalog, and other objects are created.




                                                                                                      171
The administration process posts an administration request in the local copy of the Administration
Requests database (A DMIN4.NSF). The replicator then replicates ADMIN4.NSF to the administration
server. The administration process on the administration server processes the administration request
and updates the Server document with the new information. The replicator then replicates the changes
to the Server document on the originating server.

The Domino server user
The Domino server user name and password are stored in the Domino server’s ID file. The Domino
server user account enables Domino to access a DB2 server. Create one Domino server user account
for each Domino server.

Note: If you are using Microsoft Windows and you have already created a system control group to
which you want to add the Domino server user, add the Domino server user to that group. After
creating the Domino server user account, create a Domino server us er group named DB2DOM and
add the Domino server user to that group. You must then manually define DB2DOM as a system
control group in DB 2. The system control group paramet er assigns system control (SYSCTRL)
authority to the group name. The Domino server user account is a member of the DB2DOM group that
has SYSCTRL authority; and as such, the Domino server us er account has the right to allow Domino
to access the DB2 server. The Domino server user has complet e authorization over the DB2 database
and its contents. This server user acts on behalf of all Notes users.

Note: If you have a Windows user account that you want to use as the Domino server user, begin this
process with Step 3 of the proc edure in the topic Manually creating the Domino server user account
and the DB2DOM group.

Activating the SYSCTRL_GROUP setting
This information applies regardless of whether you use the Server Enablement Tool or you manually
create the Domino server user and DB2DOM group. If the SYSCTRL_GROUP is set up for the first
time in DB2, stop and start the DB2 server by issuing the following commands from the DB2
Command Line P rocessor (CLP ): DB2STOP DB2START To successfully creat e the original DB2
database during the server enablement process, you must be logged on to the Domino server with a
user name that meets this criteria:
 You must be logged on to the Domin o server with the user name of the owner of the Domino server
 The user name must be in the SYSADM group
 The user name must meet DB2 naming conventions for the platform on which you are running the
Domino server. For information about the DB2 naming co nventions, go to the DB2 Information Center
http://publib.boulder.ibm.com/infocenter/db2help/index.jsp. In this procedure, all of the steps apply to
all supported platforms unless there is a notation at the beginning of the step that indicates it is for
IBM(R) A IX(R) only or Microsoft Windows only. If a step does not apply to your configuration, just omit
that step and proceed to the next step.

Prerequisites
1. From the Domino Administrator, point to the server you are enabling.
2. Have this information avail able before you begin the procedure:
 The name of the DB 2 instance that you created when you installed DB 2. If you are using Micros oft
Windows, the default instance name is DB2; on AIX, it is whatever you named it.
 The Domino server account name and password. This is a user name created at the OS level that
will be used by the Domino server to access the DB2 server. This user account must have at least
SYSCTRL_GROUP access in DB2 or it must be a member of the group, DB2DOM.
 The server ID that you creat ed for the DB2 Access server.
 The location where you installed the DB2 Access server. This path is used in the DB2 Access Path
field of the Server document and in the DB 2 Server Enablement tool.




                                                                                                     172
Procedure
1.   From the Domino Administrator, click Configuration.
2.   Click DB2 Server -- Enable Server for DB2.

Note: If the feature Enable Server for DB2 is not active, the Domino server is already enabled for DB2,
or you are using a pre-Domino 7 version of the Lotus Domino and Notes software, or you are us ing a
platform other than Microsoft(R) Windows (R) or IBM AIX.

Field                                               Action
DB2 and Domino are on different systems or DB2      If any of these conditions are true, click this check
is 64-bit on A IX server                            box: v DB2 and Domino are installed on different
                                                    computers. v 64-bit DB2 instance is used on the
                                                    DB2 AIX server. v You are using the DB2 Run -
                                                    Time Client on the Domino server.
DB2 Instance Name                                   Enter the DB 2 instance name that you created
                                                    when you installed the DB 2 server.
                                                    Note: This field only applies to local
                                                    configurations.
DB2 Datastore Directory                             (Optional) Enter the full path and name of the
                                                    directory where the DB2 group dat a will be stored
                                                    relative to the Domino server. For example, v In
                                                    Microsoft Windows(R), a sample path is:
                                                    c:\db2db\srvr\ v In IBM A IX, a sample path is:
                                                    /local1/db2inst1/db2dir/ Users must have
                                                    appropriate access rights for the directory that you
                                                    enter.
                                                    Note: If multiple Domino servers are connected to
                                                    different instances of the same DB2 server, the
                                                    directory that you specify must be unique for each
                                                    Domino server, or the Directory field must be
                                                    blank for each Domino server. This is an
                                                    advanced setting and in most cases, the default
                                                    can be used.
DB2 Database Name                                   Enter a database name, or accept DOMINO as
                                                    the default DB2 databas e. The DB 2 database
                                                    name is stored in the NOTES.INI variable
                                                    DB2DA TABASE. If you later delete or modify this
                                                    value, Domino’s DB 2 capabilities are effectively
                                                    disabled. The DB 2 database name is used as the
                                                    basis for the names of the database, buffer pool,
                                                    tablespac es, and schema.
Host Name                                           Enter the name of the remot e server that will store
                                                    data. This field applies only to remote
                                                    configurations.
Port Number/Service Name                            Enter the port number or service name for the
                                                    remot e instance of DB2. This field applies only to
                                                    remot e configurations.

                                                    Open the DB 2 Control Cent er to obtain this
                                                    information, and then right click the instance to
                                                    which you are connecting. Select ″Setup
                                                    Communications.″ Review the TCP/IP properties.
                                                    An example of a service name is db2c_DB 2. An
                                                    example of a port number is 50000. You can use
                                                    either in this field.
OS account name to be used by Domino to             This user name is an operating system user
access DB2                                          account name that Domino uses to access the
                                                    DB2 server. This is a Microsoft Windows(R) or
                                                    IBM(R) A IX(R) account. If you are using IBM A IX,
                                                    you can only ent er an existing user account name;



                                                                                                     173
                                                    you cannot create one from this dialog box. Do
                                                    one: v Enter a new name to create the new us er
                                                    account. This option applies only to Microsoft
                                                    Windows. v Enter an existing user account name
                                                    if you have created one that you want to use. It
                                                    must be an OS user account name.
DB2 Password                                        Enter the password for the new or existing user
                                                    account name that you entered in the field ″OS
                                                    account name to be used by Domino to access
                                                    DB2.″ that The Domino server uses this password
                                                    to access the DB2 server.
Verify DB 2 Password                                Reenter the password.
DB2 Password Expiration                             Number of days after which the DB2 password
                                                    expires. This is the OS account password that
                                                    Domino uses to access the DB2 server.
Update system account password                      Click this check box to update the OS system
                                                    account password that Domino uses to access the
                                                    DB2 server. When the check box is not checked,
                                                    the password is stored but the OS server account
                                                    password is not updated.
DB2 Node Name                                       This field applies if you have a remote
                                                    configuration or if you are using a 64-bit DB2
                                                    instance on a DB2 AIX server. Enter the DB2
                                                    node name, that is, the name assigned to the DB 2
                                                    server in the DB2 Node Directory. The node name
                                                    acts as a pointer to the DB 2 database, allowing
                                                    you to access the DB2 server. The node name
                                                    you enter cannot be a name that is assigned to
                                                    another entity in the DB2 configuration. For
                                                    example, the node name cannot be identical to
                                                    the DB2 instance name nor the Domino server
                                                    name. The DB2 server enablement tool uses the
                                                    DB2 node name to create the DB2 node.
By default, create databases as                     Choose one:
                                                     DB2 (default) -- Creates DB2 databases.
                                                     NSF -- Creates Domino NSF databases.
Immediately update the server’s Domino Directory    Click this check box to update the Domino
with DB2 information                                Directory immediat ely instead of waiting for the
                                                    administration process to initiate the update.
Automatically restart the                           Domino server upon successful enablement Click
                                                    this check box to restart the server after the DB2
                                                    Server Enablement Tool runs and the DB2
                                                    information is added to the Domino Directory.

3. Click Enable.
4. One of these occurs, according to platform:
 Microsoft(R) Windows(R) -- A status box displays. If there are no errors, click OK.
 IBM(R) AIX(R) or Linux(R) -- A series of messages appears. Review the messages, and then click
Stop or Continue according to what you want to do. If you are using a remote DB2 server, see the
topic Using a remote DB2 server with server enablement.

If you are using a Microsoft Windows plat form, return to the roadmap topic Enabling the Domino
server to communicate with the DB2 server If you are using an IBM AIX or Linux platform, ret urn to the
roadmap topic Enabling the Domino server to communicate with the DB2 server.




                                                                                                   174
Granting SETSESSIONUSER privilege to the Domino server user
Complete this procedure after you successfully complete the procedure to enable the IBM(R) Lotus(R)
Domino(TM) server to communicate with the IBM(R) DB2 Universal Data base(TM) Enterprise Server
Edition server. You must grant SETSESSIONUSER privilege to the Domino server us er in order to
execute Query views. For information about creating DB2 user accounts and granting privileges in
DB2, go to the DB2 Information Center http://publib.boulder.ibm.com/infocenter/ db2help/index.jsp.
1. Ensure that the Domino server user is a member of the group DB2DOM (SYS CTRL_GROUP ).
2. Ensure that you have at least one other DB 2 user account that has SYSADM authority.
3. Connect to the DB2 database using the User ID that has SYSADM authority.
4. Grant SECADM authority to the Domino server ID.
5. Connect to the DB2 database using the Domino server ID.
6. Grant SETSESSIONUSER privilege to the group, DB2DOM.

Example
Make the following assumptions:
 The local DB 2 Instance, DB2, runs as the OS User ID db2admin.
 db2admin has SYSADM authority because either db2admin is in the group specified by
SYSADM_GROUP=xxx in the DB2 Instance configuration, or SYSADM_GROUP= is blank and
db2admin is in the local Administrators group.
 The DB2 database is named DOMINO.
 The Domino server connects to the DB2 database as the OS User ID, DominoServerUserID.
 The DB2 Instance configuration specifies SYSCTRL_GROUP=DB 2DOM.
 DominoServerUserID is a member of the OS gr oup, DB2DOM. You can perform these steps to set
up the correct privileges:

1.   Type this command: db2 connect to DOMINO user db2admin
2.   When prompted, specify the password. db2admin now has SYSADM authority.
3.   Type this command: db2 grant secadm on database to user DominoServerUserID
4.   Type this command: db2 connect to DOMINO user DominoServerUserID
5.   When prompted, specify the password. DominoS erverUserID now has SECADM authority.
6.   Type this command: db2 grant SETSESSIONUSER on public to group DB2DOM

Domino now has the SETSESS IONUSE R privilege when needed. If you are using a Microsoft(R)
Windows (R) plat form, return to the roadmap topic Enabling the Domino server to communicate with
the DB2 server. If you are using an IBM(R) AIX(R) or Linux(R) platform, return t o the roadmap topic
Enabling the Domino server to communicate with the DB 2 server.

Using a remote DB2 server with server enablement
A new database is created in IBM(R) Lotus(R) Domino(TM) and IBM(R) DB2 Universal Database(TM)
Enterprise Server Edition configurations that include a remote DB2 server. The new database has this
format: A<database name> In keeping with the above format, an example of such a database name is
ADOMINO. If the DB2 server is remote, the computer on which the Domino server is inst alled must
have at least the DB 2 Run-Time Client installed on it.

Note: It could also have ESE installed.

Example of a remote configuration
In this example there are two computers:
 Computer A -- IBM(R) AIX(R) with the Domino server and the DB2 Run -Time Client installed.
ls05.notesdev.ibm.com On computer A we are using a db2instance named: db2inst2
 Computer B -- IBM AIX with the DB 2 server ESE ″the remote machine″ installed on it.
p5viper.notes dev.ibm.com On computer B we are using a db2instance named: db2inst5 (port 50003 )
The environment of the user who starts the Domino server must contain the s etting
DB2INS TA NCE=db2inst2. The Domino server is started with trans action logging enabled. During
server enablement, the Domino Administrator client creates a DB2 node on computer A, using the
information supplied to the Domino Administrator client.




                                                                                                   175
 DB2 nodename:                                        nodeaa
 Host name:                                           p5viper.notes dev.ibm.com
 Port number/ service name:                           50003.00

At server startup, using the information supplied to the Domino Administrator client, the following
occurs:
 The DB2 database is created on computer B as dat abase: ADOMINO
 The DB2 database is catalogued on computer A as database: DOMINO
 DB2 database name is assigned: Domino The name of the DB 2 database created on the DB2 server
is the database name the user entered pre -pended with the letter ″A.″ Using the same example as
above, the database name would be ADOMINO.

Manually cataloging the DB2 database that the Domino server will use
Complete these steps to ensure that the Domino server uses a db2node to get to the db2database.
1. To catalog a node, enter the following:
db2 catalog TCPIP node <node name> remote <machine name> server <port number>
db2 catalog tcpip node nodename remote machine.notesdev.ibm.com server 50003

Note: This <node name> is in the Domino server’s NOTES.INI setting DB2INS TA NCE= nodename.

2.   (Domino Administrator client ) Before restarting the DB2-enabled Domino server, run the DB2
     command:
db2 list node directory
In the DB2INS TA NCE db2inst2 on computer A, you will see the following information indicating that
the DB2 node has been created:
$ id
uid=5102(db2inst2) ...
$ db2 list node directory
Node Directory
Number of entries in the directory = 1
Node 1 entry:
Node name = NODEAA
Comment = nodeAA
Directory entry type = LOCAL
Protocol = TCPIP
Hostname = p5viper.notesdev.ibm.com
Service name = 50003

3.   To catalog a database, where the <database name> is in the Domino server’s NOTES.INI setting
     DB2DA TABASE=databasename, ent er the following:
db2 catalog database <database name> as <loop back db alias name> at node <loop b ack node name>
authentication server db2 catalog database adomino as Domino at node nodename authentication server.

The first time that you start the DB2-enabled Domino server, the following occurs:
 The database that is created on the remote DB 2 server B is named: ADOMINO
 The Domino startup process prepends the character A to the DB 2 database name supplied to the
Domino Administrator client.
 The database is cataloged as DOMINO.

1.   To verify that the DB2 database ADOMINO was created, enter the following command:
db2 list database directory

In the DB2INS TA NCE db2inst5 on computer B, that is, the DB2 server, you will see this output
indicating that the DB2 database ADOMINO was created:
$ id
uid=5105(db2inst5) ...
$ db2 list database directory
System Database Directory
Number of entries in the directory = 1




                                                                                                       176
Database 1 entry:
Database alias = ADOMINO
Database name = ADOMINO
Local database directory = /local1/db2inst5
Database release level = b.00
Comment =
Directory entry type = Indirect
Catalog database partition number = 0
Alternate server hostname =
Alternate server port number =

To verify that the DB2 database DOMINO was cataloged in the DB2INS TA NCE db2inst2 on computer
A, that is, the Domino server , enter this command:
db2 list database directory

You will see the following output:
$ id uid=5102(db2inst2) ...
$ db2 list database directory
System Database Directory Number of entries in the directory = 1
Database 1 entry:
Database alias =
DOMINO Database name = ADOMINO
Node name = NODEAA
Database release level = b.00
Comment =
Directory entry type = Remote
Authentication = SERVER
Catalog database partition number =
-1 Alternate server hostname =
Alternate server port number =


Creating a server ID for the DB2 Access server
Note: You only need to register a server and create a new server ID if you will be using the DB 2
Access server. If you will be using DB2 Access Views (DAVs) and enabling the IBM(R) Lotus (R)
Domino(TM) server to communicate with IBM(R) DB 2 Universal Database(TM) Enterpris e Server
Edition, you need to perform this procedure and you also need to install and use the DB2 Access
server. Before installing a DB2 Access server on the DB2 server, you need a server ID saved to a file.
Use this server ID when you install the DB 2 Access server. When you are registering a new server, be
sure to select the DB2 Server access check box to create a server ID specifically for the DB2 Access
server. Be sure to make note of the server ID path and file name, because you are required to enter
this information when installing the DB 2 Access server.
1. From the Domino Administrator, click the Configuration tab.
2. From the Tools pane, click Registration - Server.
3. From the Domino Administrator, do one of the following:

a.   To use the CA process, click Server, and then select a server that has the Domino Directory that
     contains the Certificate Authority records and the copy of the Administration Requests database
     (ADMIN4.NSF) that will be updated with the request for the new certificate. Then click ″Use the CA
     Process,″ select a CA-configured certifier from the list, and click OK.
b.   To provide the certifier ID, select the registration server. Then click ″Certifier ID″ and locate the
     certifier ID file. Click OK, enter the password for the certifier ID, and click OK.




                                                                                                      177
Field                                                Action
Registration Server                                  Click Registration to specify the registration server, and
                                                     then click OK.
Certifier                                            If the certifier ID displayed is NOT the one you want to
                                                     use for all servers registered in this session, or if you
                                                     want to use the Domino server-based CA instead of a
                                                     certifier ID, click Certifier and return to Step 4.
Certificate Authority                                Not applicable for DB2 Access server.
Public key specification                             Choose one:
                                                      Compatible with all releases (630 bits)
                                                      Compatible with Release 6 and later (1024 bits)
License type                                         Choose North American (default) or International. In
                                                     practice, there is no difference between a North
                                                     American and an International ID type.
Expiration date                                      (Optional) Enter a date in mm-dd-yyyy format in the
                                                     Certificate Expiration Date box. The default expiration
                                                     date is 100 years after the current date, minus
                                                     allowances for leap years.
Certificate Authority.                               Accept the default of None Available

4. On the Basics tab of the Register New Server(s ) dialog box, complet e these fields:

Field                                                Action
Server name                                          Enter the name of the new server.
Server title                                         Enter the server title. The Configuration tab in the All
                                                     Server Documents view and the Server Title field of the
                                                     Server document display this title.
Domino domain name                                   The default domain name is usually the same as the
                                                     name of the organization certifier ID.
Server administrator name                            Enter the name of the person who administers the
                                                     server.
ID file password                                     Do not assign a password.
Password Options                                     Password quality scale. Not applicable for DB2 Access
                                                     server.
Location for storing server                          ID Deselect the default setting ″In Domino Directory.″
                                                     Select ″In File,″ and then click ″Set ID File.″ Select the
                                                     name and path for the file, and click Save. Make note of
                                                     the full path because you will be required to enter it
                                                     later.
                                                     Note : You can also save the server ID to the default
                                                     path, Notes client\ data\ids\servers directory.

5. Click Advanced, and select the check box ″This server is a DB 2 Access server only.″

6. Click the green check box to add the server to the registration queue.

Note: The server registration queue displays the names of the servers that are ready to be registered.
To display the settings for a specific server, select the server’s name.

7.   Click Register All.
8.   Click Done.

If you are using a Microsoft (R) Windows(R) platform, return to the roadmap topic Setting up the DB2
Access Server.

If you are using an IBM(R) AIX(R) or Linux(R) platform, return to the topic Installing the DB2 Access
server.




                                                                                                           178
Installing the DB2 Access server on the DB2 server
Install the DB 2 Access server if you want to make IBM(R) Lotus (R) Domino(TM) data available in IBM
IBM(R) DB2 Universal Database(TM) Enterprise Server Edition. If you only host NSF databases in
DB2, you do not need to install the DB 2 Access server. The DB2 Access server facilitates your use of
the IBM(R) Lotus(R) Domino(TM) Designer view functions for DB 2 by enabling Domino’s user security.
Install the DB 2 Access server on the DB 2 server that hosts IBM(R) Lot us(R) Notes(R) dat a. This can
be the same computer on which Domino is installed for a local configuration, or it may be a different
computer in a remote configuration. The DB2 Access server enforces Dom ino database security, such
as ACLs and reader lists for DB2-enabled data. If the DB 2 Access server is not installed properly, the
DB2 Designer functions will not be available and you will not be able to access DB2 data. Install and
enable the DB2 Access server to allow DB2 to access Domino data. The DB2 Access server requires
a server ID. Copy the server ID file that you are using for the DB 2 Access server to the server on
which you are installing the DB2 Access server. If you have not completed the proced ure ″ Creating a
server ID for the DB2 Access server,″ do so before installing the DB 2 Access server on the DB 2
server.

Note: The DB2 Access server cannot cross-certify Domino servers from domains other than its own
domain. When you install the DB2 Access server, a DB2 Access Server Connection document is
created when the Domino server is started. This DB2 Access Server Connection document connects
the DB2 Access server and a Domino server that you designate using the Domino Administrator. The
DB2 Access Server Connection document contains a configuration-only Domino Directory. We
recommend that you perform the DB2 Access server installation prior to running the DB 2 Server
Enablement Tool from the Domino Administrator. If you perform the DB2 Access server i nstallation
after running the DB 2 Server Enablement Tool, you must complete Step 3 of this procedure. After you
install the DB2 Access server, Domino changes the name of the server ID file to USE R.ID and stores
the file in the data directory for the DB2 Access server.

Note: If your configuration includes the DB 2 Access Server, TCP IP is the only supported port setting.
Any other configured port settings are disabled.

Performing the DB2 Access server install
On Microsoft(R) Windows(R) systems, install the DB2 Access Server to the DB2 function directory, for
example, C:\program files\ibm\sqllib\ function. There is an alternative that is not recommended. The
alternative is to install the DB2 Access server to any location, and then enter the full path for that
location in the Path environment variable.

Note: If you have un-installed the DB2 Access server and you are installing it to a different directory,
you must restart the DB 2 server to allow the new path for the DB 2 Access server to take effect.

Prerequisites
1.  Gather the following information before running the setup program. While the InstallShield Wizard
    is running, you will be prompted to enter:
 The location where the local DB 2 server is installed. The subdirectory is always SQLLIB, but you
need the complete path.
 The name of the DB 2 Access server ID file and the location where the server ID file is stored. Enter
the complete server ID path with filename.
 For IBM(R) AIX(R) configurations, you must be logged on as the root user to perform the i nstallation.
The root user must be a member of the group SYSADMIN_GROUP.
 For AIX configuration, you need to know the DB2 Instance name.
 For AIX configurations, you need a temporary directory of approximately 150 megabytes.

2. Before beginning the installation process, you must have already creat ed (registered) a new server
and retained the server ID.




                                                                                                      179
Procedure
1.    Run the Domino DB2 Access setup file. The InstallShield Wizard for IBM DB2 Access for Lotus
      Domino runs.
2. If you are using Microsoft Windows, skip this step. On AIX only, review the log file,
      DB2SE TS TDOUT.LOG, to determine whether the install was successful. The log file is in the
      directory that contains the DB2 Access server files. For example, in AIX the log file is in this
      directory: /opt/IBM/ DALD/DB2SE TS TDOUT.LOG.
3. When the InstallShield Wizard completes the installation, do one of these:
 If you installed the DB2 Access server prior to running the DB2 Server Enablement tool, you are
done installing the DB2 Access server. You may now proceed to run the DB 2 Server Enablement
Tool. After running the DB 2 Server Enablement tool, run the Enable DB 2 Access tool. OR
 If you installed the DB2 Access server after running the DB2 Server Enablement tool, run the Enable
DB2 Access tool. For information about the information that is returned by the DB2 INFO command,
see the topic DB2 INFO. If you are using a Microsoft Windows(R) plat form, return to the roadmap topic
Setting up the DB2 Access server. If you are using an IBM AIX or Linux(R) plat form, return to the
roadmap topic Installing the DB 2 Access server.

Enabling the DB2 Access Server
1.   From the IBM(R) Lotus(R) Domino(TM) Administrator client, click Configuration - Tools - Enable
     DB2 Access.
2.   Specify the DB 2 Access Server name on the DB2 Acc ess Enable dialog box, and then click OK.

Note: The DB2 Access Server name was the ID created in ″Creating a server id for DB2 Access
Server″ and you specify the actual server name, not the file name, for example, udfserver/domain

3. Review the DB2 Access Enable Results information box that displays, and then click OK. If you are
using a Microsoft(R) Windows (R) plat form, return to the roadmap topic Setting up the DB2 Access
Server. If you are using an IBM(R) A IX(R) or Linux(R) plat form, return to the topic Installing the DB2
Access server.

Testing the DB2 Access server configuration
Use the DB 2 Access Test tool to test the configuration of the DB2 Access server. The DB2 Access
Test tool tests all DB2 Access server’s field parameters from the Server document and all DB 2 Access
server settings from the NOTES.INI file. If all fields and settings are correct, it tests the connection
between the DB2 Access server and the selected IBM(R) Lotus(R) Domino(TM) server, verifies
whet her the IBM(R) DB2 Universal Database(TM) Enterprise Server Edition functions an d properties
exist, determines whether the DB2 Access server Connection document is valid, and attempts to open
the Domino Directory on the DB 2 Access Server. If the DB2 Access Test tool locates any problems,
the information is returned to the Domino server console or to the Domino Administrator client.

1.   From the Domino Administrator, click the Configuration tab.
2.   From the Tools panel, click DB2 Server - Test DB 2 Access.

If you are using a Microsoft (R) Windows(R) platform, return to the roadmap topic Set ting up the DB2
Access server.
If you are using an IBM(R) AIX(R) or Linux(R) platform, return to the roadmap topic Installing the DB2
Access server.




                                                                                                     180
Mapping the DB2 ID to a Notes ID in the Domino server’s Domino
Directory
IBM(R) Lotus(R) Domino(TM) and DB 2 enables IBM(R) Lot us(R) Notes(R) applications to use query
views to access IBM(R) DB2 Universal Database(TM) Enterprise Server Edition data and enables DB2
users to view and manipulate Notes data using Structured Query Language (SQL). Domino manages
access to Notes data when the data is stored in an NSF file or in DB2, and also manages SQL access
to Notes data. DB 2 manages access to all other DB2 objects (tables).

Lotus Not es client users need a Notes ID and, if they require access to DB2 databases on a DB2
server, they also need a DB2 user ID. This DB2 ID, or us er name, is an OS user name. Domino and
DB2 use different methods for administering user accounts; therefore, users sometimes need to be
explicitly ″mapped″ from one system to the other. User mappings are required for ex ecuting query
views and for SQL access to Notes data stored in a Domino Access View (DAV). In the case of a
DAV, the user connects to DB2 using a DB2 user ID and the mapping is used to associate a Notes
user ID with the DB2 us er for the purpose of checking server and Notes dat abase permissions. No
explicit user mapping or default user mapping is required for normal use of the Domino server,
including access to DB2 enabled Notes databases.

Use the Domino Administrator to map an individual Notes user to a specific DB2 us er name. If an
explicit mapping of a DB2 user to a Notes user does not exist, you can set up a default DB2 user
name that can be used in place of an explicit DB2 user mapping.

This default DB 2 user mapping is sufficient when working wit h most query views, but cannot be used
with Domino Access Views. When querying a DAV, you must use an explicit user mapping. When
Domino executes a query view, Domino attempts to find a matching DB 2 user name. If an explicit
mapping is pres ent, that mapping is used. If an explicit mapping does not exist, and a default DB2
user name is defined, Domino exec utes the query as the default DB2 user.

If you are using Notes query views to query DB2 data which is not managed by the Domino server
(that is, data not in Notes databases), use explicit user mappings to associate a DB2 us er ID with a
Notes user ID for the purpose of checking DB2 privileges for these DB2 objects. If you are using Notes
query views to view Not es databases stored in DB2, you can create and use a default user mapping.
Notes security, that is ACLs and reader lists, is enforced in both cases.

When SQL is issued against DB2 tables, two security processes are used. First, standard DB2
security is used to check for access at the table level. The DB 2 user ID is compared to the
permissions granted to that user ID, and the request is approved or denied based on those
permissions. Second, Domino ACL security is enforced when the SQL statement references data in a
DAV -- data that originat ed in Notes Domino.

Applications using query views
If you have applications that use query views, create a default DB 2 user for the query views. Query
views are run using the users’s Notes ID. Notes security with ACLs and reader lists is enforced.

Query views and DB2 federated data
DB2 federat ed data is the data that DB 2 obtains from other relational databases such as Oracle.
Create explicit user mappings or us e a default user mapping. When you define a federated data
wrapper in DB2, DB2 creates a local nickname for the foreign table. Access to this proxy object from a
Notes query view is controlled by DB 2 and the mapped DB2 user name is used. The connection to the
federated database is accomplished using a special connection bet ween Domin o and the federated
database. There is no user level grant and deny capability in the foreign datasource. Access to the
foreign data is managed in the Domino database by controlling access to the nickname.

For more information about how to map user names , see the topic Mapping DB 2 user names to Notes
user names.

For more information about setting up and enabling a default DB2 user, see the topic Changing or
deleting the default DB2 user name for use with query views.




                                                                                                       181
Mapping DB2 user names to Notes user names
Use this procedure to map DB2 uses names to Notes user names.

1. From the Domino Administrator, click People and Groups.
2. Click People. Select the person for whom you are mapping a DB 2 account user name to a Notes
user name.
3. Click Tools - People - Set DB2 Us er Name.

Field                                               Action
Copy from shortname field, if available             Click this check box if there is an existing network
                                                    account name in the Person document and you want to
                                                    use the shortname.
Default format                                      Choose a default name format. For example, LastName
                                                    FirstName. If ″Enter Discrete Name″ is chosen here, the
                                                    Discrete Name field displays.
Separator                                           Choose a separator to separate the name components.
                                                    For example, an underscore character separates the
                                                    first name from the last name. If ″Enter Custom pattern″
                                                    is selected in the ″Default format″ field, the Separator
                                                    field does not display.
Format pattern                                      This field appears only if ″Enter Custom pattern″ is
                                                    selected in the ″Default format″ field. Enter the custom
                                                    pattern you want to use. For example, you could use
                                                    FirstInitialLastName. To view a list of the valid
                                                    characters you can use to create a custom pattern, see
                                                    the topic ″Using formulas to create custom patterns in
                                                    user names.″
Discrete name                                       This field displays if ″Enter Discrete Name″ is selected
                                                    in the Default Format field.

                                                    Enter the user’s discrete name, that is, a name you
                                                    enter individually -- not a name generated by specifying
                                                    a pattern.
Make resulting name uppercase                       Choose this option if you want to display the DB2 user
                                                    name in uppercase characters.

Using formulas to create custom patterns in user names
When defining a custom pattern for creating user names, you can use the characters and symbols
shown in the table below to create the custom patterns. Enter the custom patters in the Format Pattern
field of the Set DB2 User Name dialog box.

Example For example, you can create a formula for the custom pattern of LastName followed by the
underscore character followed by the OrganizationName:

L_O

Character or Symbol                                 Represents
F                                                   First name
L                                                   Last name
M                                                   Middle name
T                                                   Title
G                                                   Generation
O                                                   Organization name
I                                                   ID
C                                                   Location
D                                                   Department
V                                                   Server
S                                                   Short name
_                                                   Underscore
.                                                   Dot
=                                                   Equal
%                                                   Percent




                                                                                                        182
If you are using a Microsoft (R) Windows(R) platform, return to the roadmap topic Setting up the DB2
Access server. If you are using an IBM(R) AIX(R) plat form, return to the roadmap topic Installing the
DB2 Access server.

Setting and enabling a default DB2 user ID for use with query views
You can set up a common default DB2 user name and use it in place of an explicit DB2 user mapping.
This default DB 2 user mapping is sufficient when working wit h most query views. IBM(R) Lot us(R)
Domino(TM) uses this DB2 user ID to access query views in IBM(R) DB 2 Universal Database(TM)
Enterprise Server Edition databases.

When you specify a default DB2 user name, IBM(R) Lotus(R) Domino(TM) verifies that the default
DB2 user name is not the same as the Domino server us er name. If the name is the s ame, an error is
generated on server start up and the default method of explicit DB2 user mappings is required.

If you explicitly map more that one Notes user to a single DB 2 user name, an error is generated when
you try to access the DAV using either a query view or SQL.

For more information about mapping Notes user IDs to DB2 IDs, see the topic Mapping the DB 2 ID to
a Notes ID in the Domino server’s Domino Directory.

For information about IBM(R) DB2 Universal Dat abas e(TM) Enterprise Server Edition, see the DB2
Information Center http://publib.boulder.ibm.com/infocenter/db2help/index.jsp.

Enabling the default DB2 user for query views
After creating the DB2 user account, you must enable it. This tool updates the Default user for query
views field on the Server document - DB2 Tab.

Prerequisite
Create the DB2 user ID that will be used as the default by creating an OS account, and assigning at
least connect-only privileges in DB2. Complete these steps to enable the default DB2 user ID.

1.   From the Domino Administration, click Configuration - Server - All Server Documents.
2.   From the Tools panel, click DB2 Server - Edit DB 2 Default User.
3.   Enter the DB 2 user name to be used as the default DB2 user.
4.   Click to enable the check box Use default query view use r on this server.
5.   Click OK.
6.   To allow the default DB2 us er name to take effect, restart the Domino server or wait for the
     administration process to run.

IBM AIX and Linux post-installation validation procedure
After you install and set up IBM(R) Lotus(R) Domino(TM) and IBM(R) DB2 Universal Dat abase(TM)
Enterprise Server Edition on IBM(R) AIX(R) or on Linux(R), complete this procedure from the ksh or
csh command line interface.

1.   Log in as the Domino user, and then change to the data directory. Start the Domino server by
     typing: server At server startup, this message displays indicating that a number of connections are
     pre-alloc ated. The lowest possible number of connections is four, but the value may be greater
     depending on what is necessary. DB2 Connection pre-allocation complete, A vailable Count
     =<number>
2.   Logged in as the Domino us er, stop the Domino server by entering this command from the
     Domino server console: e xit
3.   Logged in as the Domino us er, start the Domino server. Ret urn to the roadmap procedur e
     Installing Domino and DB2 on IBM AIX or Linux platforms.




                                                                                                     183
Lotus Notes 8.5.1 features
IBM Lotus Notes 8.5.1
   1. Release Timetable
           1. Notes 8.5.1 Beta has been released to Design Partners
           2. A managed public beta will begin before the end of June
           3. Code has now reached string freeze
           4. Gold code likely by end of September
           5. There will not be a 8.0.3. The upgrade from 8.0.2 is to 8.5.1+.
   2. Developer Feat ures
           1. Xpages for Notes client
           2. New DDE LS Editor
           3. New DDE Java editor
           4. Performance improvements for Xpages
           5. Not yet confirmed for this release - New XPage controls for Outline, Menubar, Toolbar
               Tag cloud, Popup
           6. Application launch options for Notes client will include XP ages
           7. Opening database in Domino Designer will be much faster
           8. Improvements to DXL
   3. Client Features
           1. ActiveSync support for iPhone
           2. The client will support roaming profiles
           3. New toolbar icons ,including Insert Links
           4. Right Click Open In New Window, removed in 8.5.0, will return in 8.5.1
           5. The options to display unread mail in red will return as a preference
           6. The Rich Text Editor will have autocorrect
   4. Admin Features




                                                                                                184

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:812
posted:12/26/2010
language:English
pages:184