Best Practices in Rolling Out Lotus Traveler Alan Forbes
Transcription
Best Practices in Rolling Out Lotus Traveler Alan Forbes
Best Practices in Rolling Out Lotus Traveler Alan Forbes RPR Wyatt, Inc. About Me • • • • • VP Product Development @ RPR Wyatt Product Manager / Developer “VitalSigns” IBM Certified Professional R8 Administrator IBM Certified Professional Developer IBM Certified e-Business Solution Advisor 17 years? Why the Urgency? Lotus Traveler is very cool Lotus Traveler tends to explode with usage The Lotus Traveler license is included in the Lotus Domino 8.5.1+ server license Lotus Traveler is the savior of Lotus Notes What is Lotus Traveler? Officially, it is called "IBM® Lotus® Notes® Traveler software” aka “Traveler” Traveler provides mobile support for Lotus Notes and Web Access users Automatic, real-time replication of email, calendar, address book, journal, and to-do Agenda What you need Basic Architecture – How it works Device Management Options LotusTraveler.nsf Traveler Companion Tuning, Maintenance, and Commands What do you need? Traveler 8.5.3 must be installed on Domino 8.5.3 32 bit is OK for testing, not really for production Mail servers can be Domino 7.0.2 or higher, any ODS Mail templates can be 6.5 or higher ACL Requirements The Traveler server must be able to find Person Documents for all Traveler users The Traveler server must be able to connect to all possible cluster mail servers and mail files The Traveler server must have reader access as a minimum to cldbdir.nsf on each clustered mail server Derby Database /data/traveler/ntsdb directory The derby database is accessed by a JDBC driver from the Traveler task. Contains a wealth of information including when was the last sync completed from a device folder ids to match between the mobile device and Domino document unids to match between the mobile device and Domino Not for human consumption Derby Database Derby database is local to the Traveler server and specific to that server, it does not replicate (no failover!) What's inside? lotustraveler.nsf is a “interpreter” for the ntsdb (more on that later…) Notice Traveler always asks you to refresh... it is re-reading ntsdb Possible Configuration # 1 If your Domino Mail server is accessible from the Internet then you can install Lotus Traveler on it. If you have the hardware resources, it is advised to install Traveler on a separate server. Possible Configuration # 2 Put Lotus Traveler in a DMZ zone. In this case, it will not contain any replicas, it will look up mail files from the mail servers or mail cluster. It will work like a proxy; clients will connect to Traveler, but actual data (mail files) will be accessed from the Mail server. Possible Configuration # 3 The most secure way to access Lotus Traveler is to locate Traveler behind a firewall, so users will access Traveler server via a VPN client. Some phones provide built-in VPN client software, but others need additional software to be installed. VPN/Firewall Configuration In scenario # 3, additional software (obviously) can cause additional costs. Also, additional software means you need to manage it, (MDM slide later) so your Help Desk and IT departments will need to understand these considerations. Possible Configurations How to deploy Lotus Traveler to device Device visits special URL on server such as https://traveler.lotus.com/servlet/traveler LotusTraveler.nsf This database has a list of all users and devices that connect to that server The source data is the derby database Deleting documents does nothing Lotus Traveler users are managed with the help of Lotus Traveler settings and policies in this database. The database has three (3) views, Device Security, Devices, Users. LotusTraveler.nsf – User View User view lists users who use Traveler and their status LotusTraveler.nsf – Devices View Devices view lists users who use Traveler and their devices Many users will have more than one device! LotusTraveler.nsf – Device Settings Devices Settings is new in 8.5.1 and provides defaults for connecting devices LotusTraveler.nsf – Device Settings Devices Settings provides basic security settings LotusTraveler.nsf – Policy Settings • You use the Device settings to implement your coporporate security policy • You may allow only devices that comply with your security policy to connect to Traveler server. • Best Practice: At the very least… require a device password! • There are different options. • Please refer to Traveler policy/setting help or information in the Infocenter. Mobile Device Management Mobile Device Management (MDM) software secures, monitors, manages and supports mobile devices deployed across multiple operators, service providers and enterprises. MDM functionality typically includes overthe-air distribution of applications, data and configuration settings Mobile Device Management Different devices offer management capabilities Apple does it well Not so much on Android LotusTraveler.NSF does not really provide MDM. LotusTraveler.nsf does provides security http://support.apple.com/kb/dl1466 Apple MDM The Apple tool doesn’t push the Profiles to the device (you have to figure that part out) If you don’t want to do it by hand.. iOS.Profiler puts a Lotus Notes front-end to native Apple MDM capabilities Creates and distributes these Profiles LotusTraveler.NSF – Device Security Device Security is the only view with actions LotusTraveler.NSF – Actions Deny Access prohibits any future syncing Update SMS for users using SMS for synchronization Change Approval if you require approval prior to providing access Wipe offers multiple options depending on the device LotusTraveler.NSF – Wipe Wipe options depend on the device Hard reset device –reset device to factory default Lotus Traveler application and data –uninstall Traveler from the device and delete locally stored data Storage card – Will erase the contents of the Memory Card LotusTraveler.NSF – Wipe The next time the device synchronizes with the server, the server will perform the wipe operation. If clients have not yet connected to server, and there is no need to wipe it (for example, it was found), the administrator may the recall wipe request by selecting the “Clear Wipe” Action….right away! LotusTraveler.nsf LotusTraveler.nsf does not replicate • If you have 5 Traveler servers, you may need to search 5 places • Best Practice- Establish an easy-tounderstand “scheme” for assigning users to servers OR • Use my gift to you “Traveler Users Catalog” Traveler Users Catalog Tuning HTTP Open Domino Administrator Select Configuration > Server > Current Server Document. 1. 2. Basics Tab > Load Internet Configurations from Server/Internet Sites documents set to enabled. Internet protocols tab > Domino Web Engine tab > Java servlet support set to Domino Servlet Manager. Tuning HTTP 1. 2. 3. Internet protocols tab > Class path Make sure this path is an existing directory. This step is optional, but the HTTP server will display an error message if this directory does not exist. Internet protocols tab > HTTP > Maximum requests per persistent connection set to at least 100. (1.2 times the number of devices) Internet protocols tab > HTTP > Input Timeout set to at least 75 seconds. Save the Server Document. How many HTTP threads? How many do I need? Traveler.Push.Devices.Total =225 This indicates that 225 devices are registered for synchronization with the Notes Traveler server and that at least 270 HTTP threads are needed (1.2 x 225 = 270). How many HTTP threads? Q: How many do I have? A: Show stat http.workers Q: How many have I used? A: show stat http.PeakConnections Shameless Plug 32 –bit Memory Tuning (not really) • You may need to take steps to reduce the memory usage by the core Domino server. • Do this by reducing the amount of memory that Domino pre-allocates to the shared memory buffer pool by adding the following line to the Notes.ini in your Domino server program directory: NSF_BUFFER_POOL_SIZE_MB=256 64–bit Memory Tuning • On Windows 64 bit servers, increase the HTTP Maximum Cached users parameter to match the number of expected syncing devices. • This value is present in the Domino server document and can be changed using the Domino Administrator client. Co-locating Lotus Notes Traveler with other applications • While it is possible to run the Lotus Notes Traveler server on the same physical server as other Domino services (such as mail, iNotes, Sametime and BES), this is not recommended • UNLESS….the deployment of users on the server is very small, typically less than 100 users. • BECAUSE…once additional users are added, all of the applications will be vying for the same resources and the service will degrade Lotus Traveler TIPS & TRICKS How to deploy company logo in traveler website home page 1. Go to traveler server data directory (\domino\html\traveler\Images) 2. Rename banner.jpg to Ibmbanner.jpg 3. Copy your company logo and rename to banner.jpg 4. Restart HTTP task or restart traveler server Traveler Histogram Stats Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.000-001=4210 Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.001-002=7 Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.002-005=14 Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.005-010=11 Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom1/O=RPRWyatt.010-030=1 Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom2/O=RPRWyatt.000-001=2761 Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom2/O=RPRWyatt.010-030=1 Traveler.DCA.DB_OPEN.Time.Histogram.CN=azphxdom2/O=RPRWyatt.060-120=1 Traveler.DCA.DB_OPEN.Time.Histogram..000-001=4 Lotus Traveler Commands Tell Traveler… …status The Lotus Notes Traveler task has been running since Thu Jun 17 21:52:29 EDT 2010. The last successful device sync was on Friday Mar 23 03:23:41 EDT 2012 The overall status of Lotus Notes Traveler is Green. Lotus Traveler Commands Tell Traveler… ….Delete, Reset, Dump, Log collect, Mem Show, Show, ShowActive, ShowUsers, Stat Show, Status, and SystemDump. Lotus Traveler Database Defragmentation It is recommended that customers run the defrag command approximately once a month as part of continued system health. 1. Shutdown the Lotus Traveler and the Domino HTTP tasks on the server 2. Start Traveler using the defrag parameter load traveler -defrag Note: The defrag operation may take more than 30 minutes to complete. Lotus Traveler Database Defragmentation Note: New as of 8.5.2.4 it is now possible to schedule the defrag operation by adding to Notes.INI NTS_DEFRAG_INTERVAL_DAYS=30 (IBM recommends 30) When does it run? Conclusions Cost -----> None End User Satisfaction -----> High Adoption Rate -----> Fast Performance -----> Awesome Ease of Management -----> High Security -----> Robust For More Information For more information– Alan.Forbes@ Rprwyatt.com For a free (as in beer) copy of this presentation or a copy of Lotus Traveler Catalog database My BLOG @ http://servervitalsigns.com/vs/ Traveler Monitoring @ http://www.rprwyatt.com/vstraveler.html