Secure iNotes infrastructure

hcl-bot · August 26, 2008, 2:10am

Hi !

We would like to implement iNotes to allow our users to access their mail from Internet. Unfortunately, it doesn’t seem to be easy if you want a little safety. The same solution should be used for the iNotes Ultralite for iPhone !!

Here are different scenario but none are really satisfying :

Put the mail server in the DMZ … no way !!
Replicate mailboxes to a server in the DMZ … no way too, the volume to replicate is too large.
Install a reverse proxy (apache) in the DMZ … the solution i prefer … but doesn’t seem really easy to implement as IBM doesn’t really help customers to implement such a solution. No whitepapers, no documents … What is iNotes for if there is no way to secure it correctly ?
Buy a third party product such as this F5 appliance ( http://www.f5.com/solutions/applications/ibm/lotus-domino/ ) but it’s quite too expensive and supports only Domino 6.5 …

What’s the way you used to implement iNotes over Internet ?

Regards

hcl-bot · August 26, 2008, 7:26am

Subject: Redbooks

Hi,

IBM Redbooks | iNotes Web Access Deployment and Administration

Not new but good documents

Configuring iNotes Web Access with a WebSphere Edge reverse proxy server

Running iNotes Web Access with reverse proxies and other security features

JYR

hcl-bot · August 26, 2008, 9:54pm

Subject: Websphere Reverse Proxy

We had implemented the Websphere Reverse proxy server. It was a fairly easy solution to implement. We were also able to create redirectors for access to Sametime Webmeetings, from the outside.

hcl-bot · August 28, 2008, 7:31am

Subject: Apache Reverse Proxy

We have deployed DWA through an apache reverse proxy (we also use it to SSL the traffic when its external). It was quite easy, using just a few rewrites, and then watching the logs to pick up a few odities such as the cab files.

Hope it this helps

hcl-bot · November 1, 2009, 7:20pm

Subject: Please post cleansed httpd.conf file

Hello,

Can you post your httpd.conf file? I am using IBM HTTP server 6.1 as a reverse proxy with DWA surfaced in Websphere Portal 6.1 and cant figure it out. Evidently I have yet to perfect (get the config right) of the httpd.conf file.

Thx

hcl-bot · August 26, 2008, 8:57pm

Subject: Some comments

Put the mail server in the DMZ … no way !!2. Replicate mailboxes to a server in the DMZ … no way too, the volume to replicate is too large.
Install a reverse proxy (apache) in the DMZ … the solution i prefer … but doesn’t seem really easy to implement as IBM doesn’t really help customers to implement such a solution. No whitepapers, no documents … What is iNotes for if there is no way to secure it correctly ?

As Jean-Yves points out there are redbooks on iNotes deployment scenarios.

Buy a third party product such as this F5 appliance ( http://www.f5.com/solutions/applications/ibm/lotus-domino/ ) but it’s quite too expensive and supports only Domino 6.5 …

F5 has a number of edge of network devices that can be used to secure traffic to (Domino) servers behind them. These are often used in conjunction with reverse proxies (the security / authentication / authorization layer) to load balance for highly available solutions.