I would like to set up a secure internet access to our Domino mail server, so when users are on the road they could access their emails from anywhere without a requirement of VPN or a dial up connection
I am not sure where to start or what is required to do this? Can any one help or point me in the right direction.
Subject: How to setup a secure Internet access to Domino mails
There are 3rd party tools to allow access to this content without exposing your notes server.
Have you thought about running an apache2.2 proxy with mod_security installed. You can then proxy all that juicy web content via the IDS where you specify and tweak the ruleset that will prtect your notes servers from attack while still allowing the data to flow. Of course it works not just for mail files but for applications too.
You will have complete control over the domino I/O and can add more and more applications as you have time to specify the ruleset that will protect them.
Subject: RE: How to setup a secure Internet access to Domino mails
Or you could go for the “old fashioned” Notes Client to Domino Server using replication. You require a firewall in front of a Domino server in your DMZ to allow port 1352. You can encrypt network data between remote client and server. Set up a very regular replication schedule between DMZ Domino server and local Domino Server to ensure mailfiles are fairly updated.
Obviusly, the downside is you need the Notes client so can’t use Internet cafés but it works and it’s solid.
Cheers,
Steven.
Subject: How to setup a secure Internet access to Domino mails
Is your domino server accessible from outside your firewall? If so, they can already gain access by http://mydominoserver.mycompany.com/mail/myfile.nsf
Subject: How to setup a secure Internet access to Domino mails
Your requirement for “secure” is too vague for me to answer. Do you mean an encrypted connection using SSL? As a best practice, if you are using email, I would consider SSL a minimal requirement. That said, you can create your own Domino SSL certificate or purchase one one from a reliable source such as Verisign. The advantage of a local certificate is that is “no cost” to your company. the disadvantage is that if you were going for something related to ecommerce, it is not “trusted” and generally may not be accepted by your target customers. One provided by a reputable certifier service requires licensing and renewal fees.
john
Subject: RE: How to setup a secure Internet access to Domino mails
Yes, I do mean SSL and we are not going or have a plan for ecommerce in near future. I just want users to be able to access their emails from anywhere in world from a browser.Bying SSL is a one option for us and as you point out it may be that we create our own SSL.
However, I am still not clear on where you would start and what do I need to modify to give that access to the users, how to create your OWN SSL in Domino? Currently, user who need an access over internet have a Web access via VPN only. We would like to move away from this, if we can.