Suggestions for server planning

HCL Domino Domino Forum
1

I am considering the architecture of our domino setup, and would appreciate some guidance or opinions.

We have a main office and a branch office.

Everyone has a local replica of their mail.

Our mail server also runs a CRM application, mNotes for 5 users, and gives iNotes access too.

We have another server which has replicas of our mail files and runs community sametime.

I want to serve iNotes from our DMZ not our LAN for security reasons, and also want to run Traveller to see whether it can replace mNotes.

I had originally thought of housing our second server in our branch office for offsite redundancy - the branch users getting their mail from the local server and our main office continuing to get mail from the main mail server.

Now, I want to run the second server in a DMZ instead, with iNotes access and traveller.

Cost wise, I can’t run another server.

I would like to keep running sametime - at the moment it is barely being used, but that is because it is just being tested at the mo, users have not been encouraged to use it, but I want them to.

Both servers have been upgraded from 6.5.4 to 8.5.

They are running on Windows 2003.

We have 50 - 60 users.

Does anyone have some suggestions for me please?

I am concerned about which solutions will run with eachother, or won’t, i.e. iNotes and sametime together, what about Traveller?

regards, Tom

2

Subject: My thoughts…

Lot’s of ways to skin this cat, and lot’s of unknowns from my end, but one simple approach would be…

  1. Notes Mail and mNotes on one box on LAN (not DMZ) at main office. I wouldn’t put Mail servers in a DMZ as most users hit them from within. And I don’t know of any installs where duplicate mail servers are thrown in DMZ just for iNotes access (too costly).

  2. Notes Mail replicas on second server at branch office with Traveller, again, not in DMZ. Run Traveller on both servers after your initial testing.

  3. Home user’s on their local mail server.

  4. If connection between offices is dedicated and connection speed is sufficient then clustering should be ok. If via Internet, enable port encryption between servers.

  5. Keep in mind that users on home server would would need to hit iNotes via different URL if their site is down, unless you invest in heavy hardware to handle balancing, redirects, etc. Last time I checked, F5’s BigIP was still a little pricey.

  6. Sametime should go on dedicated server (IBM recommendation and mine too) at main office. Use slowest box for now due to low usage.

  7. Firewalls need to allow Notes traffic between each office for replication, and port 443 inbound for iNotes (yes invest in and set up SSL).

  8. All SMTP will naturally come in to main office by default before routing to branch office. Although, Domain MX records should be set up to try main office first and then branch office 2nd.

Email me if you have any questions (tomharrison08@gmail.com)

3

Subject: thanks

Hey Tom,

Thanks for your thoughts.

I was under the impression that traveller needed its own server, glad to see you recommend it could run on a mail server. I’m hoping traveller will replace mnotes as we have an old install and I don’t particularly want to pay for new licenses if traveller will do the trick.

Our offices are connected via VPN between the firewalls and the bandwidth should be fine.

cheers, T

4

Subject: Traveler on Mail Server

Tom, I am not all that familiar with Traveler, but from what I have read it runs as an additional Server Task. And according to IBM docs, it can run on the mail server:

The Lotus Notes Traveler server is installed and runs on a Domino® server that must have access to the mobile user’s mail file. These mail files could be located on the same server as the Lotus Notes Traveler server or they could be hosted on remote Domino servers. In either case, Lotus Notes Traveler uses the local Domino directory names.nsf to find the home mail server for a mobile user.

With the number of users you have (50-60) you should be fine running it on same server. Now if your mail servers hosted 500+ mail files then I might think differently.

5

Subject: installed fine

Thanks for your input.

I installed in on our mail server and just altered our firewall to allow that specific traveler port through, all works fine.

Can anyone confirm that you cannot use the company address book for addressing though?

I’ve read what docs and blogs I can find on this and my fears seem to be confirmed.

But I find it difficult to beleive that an enterprise product does not allow you to use the server names.nsf or condensed dir cat.

Surely not???