Best Practices in Rolling Out Lotus Traveler Alan Forbes

Transcription

Best Practices in Rolling Out Lotus Traveler Alan Forbes
Best Practices in
Rolling Out
Lotus Traveler
Alan Forbes
RPR Wyatt, Inc.
About Me
•
•
•
•
•
VP Product Development @ RPR Wyatt
Product Manager / Developer “VitalSigns”
IBM Certified Professional R8 Administrator
IBM Certified Professional Developer
IBM Certified e-Business Solution Advisor
17 years?
Why the Urgency?
Lotus Traveler is very cool
Lotus Traveler tends to explode with usage
The Lotus Traveler license is included in the
Lotus Domino 8.5.1+ server license
Lotus Traveler is the savior of Lotus Notes
What is Lotus Traveler?
Officially, it is called "IBM® Lotus® Notes®
Traveler software” aka “Traveler”
Traveler provides mobile support for Lotus
Notes and Web Access users
Automatic, real-time replication of email,
calendar, address book, journal, and to-do
Agenda
What you need
Basic Architecture – How it works
Device Management Options
LotusTraveler.nsf
Traveler Companion
Tuning, Maintenance, and Commands
What do you need?
Traveler 8.5.3 must be installed on Domino
8.5.3
32 bit is OK for testing, not really for production
Mail servers can be Domino 7.0.2 or higher,
any ODS
Mail templates can be 6.5 or higher
ACL Requirements
The Traveler server must be able to find
Person Documents for all Traveler users
The Traveler server must be able to connect
to all possible cluster mail servers and mail
files
The Traveler server must have reader
access as a minimum to cldbdir.nsf on each
clustered mail server
Derby Database
/data/traveler/ntsdb directory
The derby database is accessed by a JDBC
driver from the Traveler task. Contains a
wealth of information including
when was the last sync completed from a device
folder ids to match between the mobile device
and Domino
document unids to match between the mobile
device and Domino
Not for human consumption
Derby Database
Derby database is local to the Traveler
server and specific to that server, it does not
replicate (no failover!)
What's inside? lotustraveler.nsf is a
“interpreter” for the ntsdb (more on that
later…)
Notice Traveler always asks you to refresh...
it is re-reading ntsdb
Possible Configuration # 1
If your Domino Mail server is accessible from
the Internet then you can install Lotus
Traveler on it.
If you have the hardware resources, it is advised
to install Traveler on a separate server.
Possible Configuration # 2
Put Lotus Traveler in a DMZ zone. In this case, it
will not contain any replicas, it will look up mail
files from the mail servers or mail cluster.
It will work like a proxy; clients will connect to Traveler,
but actual data (mail files) will be accessed from the
Mail server.
Possible Configuration # 3
The most secure way to access Lotus
Traveler is to locate Traveler behind a
firewall, so users will access Traveler server
via a VPN client.
Some phones provide built-in VPN client
software, but others need additional software
to be installed.
VPN/Firewall Configuration
In scenario # 3, additional software
(obviously) can cause additional costs.
Also, additional software means you need to
manage it, (MDM slide later) so your Help
Desk and IT departments will need to
understand these considerations.
Possible Configurations
How to deploy Lotus Traveler to
device
Device visits special URL on server such as
https://traveler.lotus.com/servlet/traveler
LotusTraveler.nsf
This database has a list of all users and
devices that connect to that server
The source data is the derby database
Deleting documents does nothing
Lotus Traveler users are managed with the
help of Lotus Traveler settings and policies in
this database.
The database has three (3) views, Device
Security, Devices, Users.
LotusTraveler.nsf – User View
User view lists users who use Traveler and
their status
LotusTraveler.nsf – Devices View
Devices view lists users who use Traveler and
their devices
Many users will have more than one device!
LotusTraveler.nsf – Device Settings
Devices Settings is new in 8.5.1 and provides
defaults for connecting devices
LotusTraveler.nsf – Device Settings
Devices Settings provides basic security
settings
LotusTraveler.nsf – Policy Settings
• You use the Device settings to implement
your coporporate security policy
• You may allow only devices that comply with your
security policy to connect to Traveler server.
• Best Practice: At the very least… require a device
password!
• There are different options.
• Please refer to Traveler policy/setting help or
information in the Infocenter.
Mobile Device Management
Mobile Device Management (MDM) software
secures, monitors, manages and supports
mobile devices deployed across multiple
operators, service providers and enterprises.
MDM functionality typically includes overthe-air distribution of applications, data and
configuration settings
Mobile Device Management
Different devices offer management
capabilities
Apple does it well
Not so much on Android
LotusTraveler.NSF does not really provide
MDM.
LotusTraveler.nsf does provides security
http://support.apple.com/kb/dl1466
Apple MDM
The Apple tool doesn’t push the Profiles to
the device (you have to figure that part out)
If you don’t want to do it by hand..
iOS.Profiler puts a Lotus Notes front-end to
native Apple MDM capabilities
Creates and distributes these Profiles
LotusTraveler.NSF – Device
Security
Device Security is the only view with actions
LotusTraveler.NSF – Actions
Deny Access prohibits any future syncing
Update SMS for users using SMS for
synchronization
Change Approval if you require approval
prior to providing access
Wipe offers multiple options depending on
the device
LotusTraveler.NSF – Wipe
Wipe options depend on the device
Hard reset device –reset device to factory
default
Lotus Traveler application and data –uninstall
Traveler from the device and delete locally stored
data
Storage card – Will erase the contents of the
Memory Card
LotusTraveler.NSF – Wipe
The next time the device synchronizes with the
server, the server will perform the wipe
operation.
If clients have not yet connected to server, and
there is no need to wipe it (for example, it was
found), the administrator may the recall wipe
request by selecting the “Clear Wipe”
Action….right away!
LotusTraveler.nsf
LotusTraveler.nsf does not replicate
• If you have 5 Traveler servers, you may need
to search 5 places
• Best Practice- Establish an easy-tounderstand “scheme” for assigning users to
servers
OR
• Use my gift to you “Traveler Users Catalog”
Traveler Users Catalog
Tuning HTTP
Open Domino Administrator
Select Configuration > Server > Current
Server Document.
1.
2.
Basics Tab > Load Internet Configurations from
Server/Internet Sites documents set to enabled.
Internet protocols tab > Domino Web Engine tab
> Java servlet support set to Domino Servlet
Manager.
Tuning HTTP
1.
2.
3.
Internet protocols tab > Class path Make sure
this path is an existing directory. This step is
optional, but the HTTP server will display an
error message if this directory does not exist.
Internet protocols tab > HTTP > Maximum
requests per persistent connection set to at least
100. (1.2 times the number of devices)
Internet protocols tab > HTTP > Input Timeout
set to at least 75 seconds.
Save the Server Document.
How many HTTP threads?
How many do I need?
Traveler.Push.Devices.Total =225
This indicates that 225 devices are registered for
synchronization with the Notes Traveler server and
that at least 270 HTTP threads are needed
(1.2 x 225 = 270).
How many HTTP threads?
Q: How many do I have?
A: Show stat http.workers
Q: How many have I used?
A: show stat http.PeakConnections
Shameless Plug
32 –bit Memory Tuning (not really)
• You may need to take steps to reduce the memory
usage by the core Domino server.
• Do this by reducing the amount of memory that
Domino pre-allocates to the shared memory
buffer pool by adding the following line to the
Notes.ini in your Domino server program
directory:
NSF_BUFFER_POOL_SIZE_MB=256
64–bit Memory Tuning
• On Windows 64 bit servers, increase the HTTP
Maximum Cached users parameter to match the
number of expected syncing devices.
• This value is present in the Domino server
document and can be changed using the Domino
Administrator client.
Co-locating Lotus Notes Traveler
with other applications
• While it is possible to run the Lotus Notes Traveler
server on the same physical server as other
Domino services (such as mail, iNotes, Sametime
and BES), this is not recommended
•
UNLESS….the deployment of users on the server
is very small, typically less than 100 users.
• BECAUSE…once additional users are added, all of
the applications will be vying for the same
resources and the service will degrade
Lotus Traveler
TIPS & TRICKS
How to deploy company logo in
traveler website home page
1. Go to traveler server data directory
(\domino\html\traveler\Images)
2. Rename banner.jpg to Ibmbanner.jpg
3. Copy your company logo and rename to
banner.jpg
4. Restart HTTP task or restart traveler server
Traveler Histogram Stats
Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.000-001=4210
Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.001-002=7
Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.002-005=14
Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.005-010=11
Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.010-030=1
Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom2/O=RPRWyatt.000-001=2761
Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom2/O=RPRWyatt.010-030=1
Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom2/O=RPRWyatt.060-120=1
Traveler.DCA.DB_OPEN.Time.Histogram..000-001=4
Lotus Traveler Commands
Tell Traveler…
…status
The Lotus Notes Traveler task has been
running since Thu Jun 17 21:52:29 EDT
2010.
The last successful device sync was on
Friday Mar 23 03:23:41 EDT 2012
The overall status of Lotus Notes
Traveler is Green.
Lotus Traveler Commands
Tell Traveler…
….Delete, Reset, Dump, Log collect, Mem Show,
Show, ShowActive, ShowUsers, Stat Show,
Status, and SystemDump.
Lotus Traveler Database
Defragmentation
It is recommended that customers run the defrag
command approximately once a month as part of
continued system health.
1. Shutdown the Lotus Traveler and the Domino
HTTP tasks on the server
2. Start Traveler using the defrag parameter
load traveler -defrag
Note: The defrag operation may take more than
30 minutes to complete.
Lotus Traveler Database
Defragmentation
Note: New as of 8.5.2.4 it is now possible to
schedule the defrag operation by adding to
Notes.INI
NTS_DEFRAG_INTERVAL_DAYS=30
(IBM recommends 30)
When does it run?
Conclusions
Cost ----->
None
End User Satisfaction -----> High
Adoption Rate ----->
Fast
Performance -----> Awesome
Ease of Management -----> High
Security -----> Robust
For More Information
For more information–
Alan.Forbes@ Rprwyatt.com
For a free (as in beer) copy of this presentation or a
copy of Lotus Traveler Catalog database
My BLOG @ http://servervitalsigns.com/vs/
Traveler Monitoring @
http://www.rprwyatt.com/vstraveler.html