One of Notes' major advantages is its integrated ability to support remote and dial-up users. The typical mobile user is a salesman or executive traveling around the globe on a regular basis. Notes is designed to support the needs of this user with no
extra software required. Notes is being used increasingly to connect organizations, telecommuters, and virtual companies into powerful workgroups and teams.
Supporting disconnected remote sites poses special challenges to a Notes administrator. Because running a completely hands-off remote server is impossible, every geographic site must have at least a minimal level of talent available to help support a
Notes installation. In addition, a number of challenges face you when configuring Notes remote support, including:
This chapter shows you how to handle these issues, configuring your remote servers and clients to minimize the number of problems. For a complete discussion of network design, see Chapter 9, "Designing Your Notes Network."
The first step in desinging your remote network is determining the needs of your users. You should use interviews and questionnaires, and review any logs of current activity, to help you determine their needs.
The next step is to decide which type of connections to support for each class of user. After the connection type is known, assigning servers to tasks is straightforward.
Dial-up users face several issues requiring special attention by Notes administrators and trainers. Poor performance is a problem. Dial-up users with a 14.4 or 28.8 modem will have noticeably slower performance when connecting with a remote server.
Dial-up users should avoid replicating large attachments whenever possible.
Each dial-up user has two ways of accessing data: Replicating databases to the laptop, or connecting to a server every time she needs to access a database. This decision is made by the mobile user for each database access.
Each approach has advantages and disadvantages:
The Notes administrator needs to consider all these factors when deciding what connection type to support for each server or user.
In most cases, the increased flexibility and performance mobile users get from working from local replicas justifies replicating data to laptops. At a minimum, mobile users should have local replicas for frequently used or critical databases.
Online access is appropriate for large databases, such as reference databases or databases with large attachments, that don't lend themselves to replication.
The first consideration when designing remote network topology is what type of physical connection to support between your remote offices, mobile users, and headquarters site. If you're just installing Notes for the first time, your remote offices
likely are already connected using some networking software. You need to evaluate whether Notes can ride on top of that software. In addition, different remote users may have different communication needs. For each remote location or type of user (mobile
user, telecommuter), you need to decide which of these physical connection types to support:
Notes administrators can support dial-in users by using Notes XPC with passthru or with a networking package that allows users to dial into a network rather than to a single server. When using a network-based dial-in, a network appears to users as it
would connected locally on a LAN. All network resources are available, including printers, file servers, and Notes servers. TCP/IP (via PPP or SLIP) is a common protocol used when providing network-based dial-in. Microsoft RAS is another popular remote
access service. When selecting remote LAN servers, you need to balance ease of administration, ease of use, and security concerns.
Allowing PPP access to your TCP/IP network can open several security breaches. A variety of ways to break into TCP/IP servers are known. Check with your telecommunications group or security consultant if you're concerned about security issues involved
with allowing TCP/IP dial-in.
Remote LAN connections appear to applications as normal network applications after a connection has been established. Making that connection requires a few extra steps. Notes can automate these extra steps (user ID, password, and so on) for some remote
LAN packages.
Once you've decided to use remote LAN software, the major issue left to decide is exactly what protocol and package to use. The protocol you should use is whatever protocol you are currently using on your network. For example, if you are currently
running an SPX network, use a remote LAN software package that supports SPX over dial-up. The most common dial-up support today is PPP supporting either SPX or TCP/IP. Windows NT's remote access software is also a popular choice for remote access to
serversmaybe more popular than any other remote software program.
The hardest part about configuring Notes to use remote LAN software is installing and testing the remote LAN software. Troubleshooting Notes connections becomes a matter of deciding whether you have a third-party software problem, a Notes configuration
problem, or a Notes bug.
Passthru allows a Notes server to serve as a conduit for Notes clients. Clients can dial in to a single server and access other servers on the network. Passthru makes available only Notes resources. The Public Address Book allows you to create a secure
environment using passthru. The Name and Address Book enables you to specify, for each passthru server, which servers can be accessed using passthru, as well as the servers that can be reached using a passthru connection (no matter which passthru server is
used).
When supporting remote or mobile Notes users, Notes passthru is the best option. Setting up Notes passthru is considerably easier than other types of connections and allows complete access to all Notes resources on the network. In addition, the
integrated security features are easy to manage and require no special training.
Remote or mobile users who are already set up to use a network dial-in should continue to do so. Users who need access to non-Notes resources also need to use a network dial-in package.
Once you've weighed the various advantages and disadvantages of different connection types and decided that passthru is the appropriate type of connection to support your dial-up users, you still need to decide how to implement passthru for your
organization. Are you going to allow all your Notes servers to be accessed using passthru, or restrict access to only a few servers? It's easier to manage security in an environment where you limit the number of servers that can be accessed using passthru,
but you run the risk of users being unable to access databases they need.
After you've identified the servers that are accessible using passthru, you need to designate one or more servers as the passthru server. All the servers that dial-up modem users can access by using passthru should have a network connection to at least
one passthru server. For a higher degree of reliability, you should have at least two passthru servers set up for each network. You can designate a current server to do double duty as a passthru server. The only server that shouldn't also be used as a
passthru server is your hub server. Hub servers never should be accessible to end users. For more details on hub servers, see Chapter 9, "Designing Your Notes Network."
After you've designed your network topology for passthru, decide whether to restrict passthru to a certain set of users. Restricting users who can use passthru provides some limited increase in security, because it prevents people who have a forged copy
of an ID from accessing your Notes network if that ID isn't enabled for passthru. Your passthru servers contain access control lists that allow you to control the users who can use passthru.
Every bit as important as the protocols and software you choose to support remote access for dial-up users are the policies and procedures you put in place. You can greatly simplify the task of administering and troubleshooting remote access problems by
following a few simple guidelines:
These two techniques will greatly simplify your life as an administrator without burdening your users. They are highly recommended.
Now it's time to get down to the nitty-grittythe step-by-step instructions for setting up remote access. Whether you are going to use passthru servers, remote LAN software, set up remote servers, or mix-and-match these strategies, you need to
decide how many modems you will place on every server that is directly accessed by mobile users.
For each server providing remote access in your Notes network, you need to determine how many modems are required. Too few modems means that your users can't get access to the network, and too many modems mean you have wasted money. To estimate the
number of modems you need, estimate the number of minutes that users need to be connected in a given day, week, or month. Chart out the expected demand over the course of a day, so you know what your peak usage is likely to be. These are the factors that
determine the number of minutes users are connected and your peak usage:
You should plan to provide a high level of servers to mobile users. The cost of a busy line can be quite high. If your mobile users use Notes for serious applications, they need assurance that they will be able to connect to the network as needed. A few
busy numbers doesn't sound all that bad from an administrator's point of view, but it can quickly lead to frustration among users. If this situation eventually leads to an underused Notes platform, any money saved on phone lines and modems has been far
more than offset by lost productivity.
All passthru servers must be Release 4 hierarchically named servers. After you have laid out your network by deciding which servers can be accessed as passthru servers, and which servers will be passthru servers, actually setting up passthru is
extremely easy. There are three steps in configuring passthru servers:
To allow a user to access a server by using passthru, follow these steps:
For a destination server to be accessible, both the destination server and the passthru server must be configured properly. The user or server attempting to access must be listed explicitly in the Access This Server field for the destination server. In
addition, a passthru server must be set up to allow access to this server for the server or client calling.
If a passthru server lists this server as a legal destination but the destination server itself isn't set up to accept passthru connection, all passthru connections are denied. The server document for the destination server takes precedence over the
server document in the passthru server.
Before setting up passthru servers, compile a list of all destination servers that can be reached from this passthru server. Consider allowing access to all servers on the same network as the passthru server, but be more critical about allowing servers
that can only be reached by modem from this server. To set up a passthru server, follow these steps:
The passthru restrictions that you set up in the Restrictions section don't affect general access to the server. For a user to use a passthru server, he must be listed in the Access Server field of the server document. The passthru restrictions also in
no way affect access over a network to a server.
Both workstations and servers can be configured to reach a destination server by using a passthru server. Configuring workstations to use passthru is covered in the section "Configuring Dial-Up Clients," later in this chapter. To have a server
use passthru when connecting to a destination server, you need to create a passthru connection document for these two servers in the Public Address Book. If the server can't directly access the passthru server on its local network, you need to create a
connection document connecting this server to its passthru server as well.
You can set up a default passthru server that a server will use whenever it can't find another way to connect to a server, or you can define passthru servers to be used and/or indicate specific passthru servers to reach specific destination servers. To
set up a default passthru server, perform the following steps:
To configure a specific passthru server for a specific destination server, you need to create a connection document that specifies the proper passthru server. See Figure 19.1 for an example of a passthru server connection document linking two servers.
Figure 19.1.
A passthru server connection document linking two servers.
To create a passthru server connection document linking two servers, follow these steps:
If the source server can't directly connect the passthru server on the same Notes named network, you must create a connection document linking the source server to the passthru server. In addition, there must be a connection linking the passthru server
to the destination server.
A remote server is any Notes server dedicated to serving dial-up users. Remote servers differ from passthru servers in that remote servers host the databases themselves. The major disadvantage to remote servers is that you must create a replica of every
database needed by any dial-up user.
If you already have remote servers set up, you can continue to use them for some time. The major issue facing you in this case is when to migrate to a passthru server.
Passthru servers are generally a better choice than setting up remote servers to serve dial-up users. The one exception to this rule is servers that are accessed by external organizations. To control security and limit the databases accessed by external
organizations, use a remote server and create replicas of databases they are allowed to access. Servers available to the outside world that also allow anonymous access should be set up as remote servers rather than passthru servers.
Remote LAN software must be obtained from a third party; it isn't shipped as part of Notes. Follow the instructions on your package. Make sure that your remote LAN connections are working before attempting to make a connection via Notes.
Dial-up clients should use at least a 14.4 modem (28.8 is better, of course). Setting up a dial-in client involves:
Dial-up clients can be set up to
The client must be configured slightly differently for each of these options.
The first thing you need to do is to install a modem on the laptop. Make sure you use a modem that is supported by Notes. You can contact the Lotus Web site (www.LOTUS.COM) for a current list of supported modems. Make
sure that the modem is working before proceeding with the Notes configuration. After installing and testing the modem, enable a Notes asynchronous COM port by following these steps:
When you have completed configuring the Notes asynchronous communication port, you need to set up a dial-up server connection.
Mobile users must have a location document for each geographical location where they work. For each location, you need to tell Notes how to connect to the Notes servers in your network. You also need to specify from each location exactly which tasks
should be accomplished. You can specify mail routing, replication, or both. You also can customize your replication based on location. You can specify, for each location, which databases to replicate, when to replicate, and whether you want to replicate
only partial documents.
Dial-up modem connections include any connection that uses the modem on a laptop. This includes directly connecting to a Notes server, as well as connecting to a remote LAN service. The configuration of the location document is identical in either case.
The server connection documents specified for a location differentiate between a direct connection, a passthru connection, or a remote LAN service connection.
The Personal Address Book for mobile users must contain a location document for every geographic location from which the user works. A location document contains information about default servers to use from that location, connection information such as
phone numbers or the network to use, and schedules for connecting to a server.
Notes automatically creates four location documents in the Personal Address Book when the workstation is installed. Most mobile users can get by with just personalizing these four documents. The following list describes the four default locations.
You can optimize each location document for the type of connection available. For example, you could set up your mail file in the office location document to be server based, while the home and travel location documents specify workstation-based mail.
Location documents also let you specify information, such as calling cards, that can be used only from certain locations. For example, you probably will use calling card information only when traveling and calling in from hotels.
Location documents contain information that is configurable using the replication page from a Release 4 workspace. See the later section "Configuring a Replication Page" for more information on configuring replication for mobile users.
Creating a single location document is a relatively easy task. Mobile users need to be trained in creating location documents and can carry a great deal of the load. Administrators should provide users with as much information as possible.
Administrators supporting a number of mobile users are faced with the task of configuring several hundred location documents. The administrators can simplify the process of creating these location documents by using user setup profiles. Each profile
specifies a set of default servers for a user. For complete information on user setup profiles, see Chapter 18, "Administering Notes Security."
Location documents must be stored in the mobile user's Personal Address Book. To create a location document, follow these steps:
See the following sections for information on filling in location documents for each type of location supported.
Three types of location documents exist with which you should be familiar: Remote Locations, Office Locations, and Disconnected (Island) Locations. The Notes Install program creates a sample of each of these location documents when the workstation
program is installed. The following sections describe how to edit each of these documents for your organization.
Locations where you have a LAN connection to your Notes servers should have a network location document. You typically have only one network-based location document for your home office. To configure a network-based location document, follow these
steps:
When completed, your network location document should look similar to Figure 19.2.
Figure 19.2.
A network-based location document.
An island is any location with no connection to your Notes servers. From an island, users must work with local replicas. There is certainly less information to fill in when configuring an island location document. See Figure 19.3 for an example location
document.
Figure 19.3.
An island location document.
To create an island location document, follow these steps:
Each laptop user needs only a single island location document to support all locations from which no connection to a Notes server is desired.
Once you have set up your location documents, you are ready to specify the connection information for each server for each location. If you have a large number of locations from which you work and/or a large number of servers to which you connect
remotely, you may have a large number of connection documents. You need a connection document for each server for each location, so that you can specify on a server-by-server basis when to connect via modem and when to connect via a LAN-based protocol.
If mobile users are using passthru servers, you need only specify a connection document for a passthru server. Destination servers that can be reached from the passthru server don't need connection documents. Whenever a user attempts to access a server
for which no other connection document exists at the current location, Notes attempts to connect to the passthru server. The passthru server for a location is specified in the location document. You can specify multiple passthru servers for a location by
creating extra server connection documents for a location with a connection type of passthru.
Setting up a connection document that directly connects a mobile user to a server is a very simple process. You simply need to create a server connection document that specifies the server name and phone number and a dial-up modem connection type.
Figure 19.4 shows a typical dial-up modem connection document.
Figure 19.4.
A typical dial-up modem connection document.
To create a dial-up modem connection document, follow these steps:
Generally speaking, you need only a single dial-up modem connection for each server. You can use the same connection document from all remote locations, as the phone number for a server generally doesn't change based on the travels of a user.
You can set up a default passthru server for a location and/or a specific passthru server for each destination server. A destination server is any server hosting a database that you need to access. Connection documents that specify a specific passthru
server for a destination server take precedence over the default passthru server specified in the location document. The passthru server in the location document is used only when no other connection to a server is in the Personal Address Book. All
passthru servers must have a connection document that tells Notes how to connect to the passthru server. This is true whether the passthru server is specified in the location document or in a server connection document.
Notes attempts to use the server to which you are currently connected as a passthru server when:
If the attempt to use the current server as a passthru server fails, your attempt to access the destination server will fail.
To set a default passthru server for a location, enter the full hierarchical name of the passthru server in the location document. Typically, this field already will be filled in by the administrator, using a user setup profile. The profile causes the
correct location and connection documents to be created in a Personal Address Book.
To specify a different passthru server for a destination server, follow these steps:
When you are done, your server connection should resemble Figure 19.5.
Figure 19.5.
A typical passthru server connection document.
Don't forget to create another connection document that tells Notes how to contact the passthru server. The connection to the passthru server can be a LAN, a remote LAN, or a dial-up modem connection.
Remote LAN software fakes out the applications running on your machine so they believe that they are physically connected to a LANthough they are connected via modem. All network resources available on a LAN can be made available via modem, using
remote LAN software. Remote LAN software packages are available from third-party vendors and aren't part of Lotus Notes. Some remote LAN software packages can be controlled by Notes; Notes can initiate a connection or hangup. Other types of remote LAN
software can't be controlled by Notes; a user would have to start a connection manually, start Notes, and then manually disconnect when finished.
If you have a package that can't be controlled by Notes, set up normal network connection documents for your Notes workstation, as Notes will behave exactly as if it was connected on a network. If you are using a remote LAN software package that can be
controlled by Notes, set up a remote LAN service connection document. The few parameters needed by the remote LAN software can be entered into the connection document. Figure 19.6 shows an example of a remote LAN service connection document.
Figure 19.6.
A remote LAN service connection document.
To create a remote LAN service connection document, follow these steps:
Before attempting to test a remote LAN service, you should have installed and configured the remote LAN software and tested it to make sure that you can make a connection. After you have completely installed and tested your remote LAN software,
configure and test your Notes connection.
The Address Book is the heart and soul of Notes. So what do your laptop users do when they are on the road? Without access to the Public Address Book, they have to rely on their puny Personal Address Books. All your carefully crafted groups go right out
the window. You have seen what a user must do, just trying to configure location documents. The user also needs to be able to configure group documentsnot just for the users with whom he wants to communicate, but for servers, too.
Personal Address Books come with two empty default groups that mobile users need to maintain. The group OtherDomainServers is a list of all servers from other domains with which the laptop user needs to communicate. LocalDomainServers is the list of
servers within an organization with which the laptop user needs to communicate. Because these are documents in the user's Personal Address Book, they can't be replicated from the Public Address Book. A mobile user needs to edit these documents manually to
add and delete servers as needed.
This situation raises the question, "Why not just put a copy of the Public Address Book on all laptops? It already contains all the groups users will need for security and mail routing and it could be updated through replication." Notes has
built-in support that enables users to have both a copy of the Public Address Book and their own Personal Address Book on their laptops. So why not put a copy of the Public Address Book on all laptops? For one, users still would have to edit their own
location documents and the two server groups. The server groups are needed so that the design changes replicate properly to replicas on the laptop; even if you keep a copy of the Public Address Book on a laptop, your client won't check it when determining
access. The Public Address Book also can be quite large in many organizations, but with laptops nowadays typically ranging from 800 megabytes to 1 gigabyte, that's less of a concern than in the past.
The one advantage that you can get from keeping a replica of the Public Address Book on a laptop is that the user will know instantly if he has a typo in a mail recipient's name. The client can resolve groups and user names against the Public Address
Book without having to wait to connect to the headquarters location. In the absence of a copy of the Public Address Book, the client simply assumes that a mail message is addressed correctly and sends it off. The first server to receive the message checks
it against the Public Address Book, finds the typo, and sends back a nondelivery report. The user may not get the nondelivery report until the next time he is connected, and then may not be able to send the reply immediately. All in all, the time lost due
to a simple typo can be unacceptable. So, if you've got the disk space available on the laptop, add a copy of the Public Address Book and configure it as a cascaded address book.
To set up cascaded address books, you simply need to edit the Names setting in the NOTES.INI file. Add the file name of the Public Address Book after the file name for the Personal Address Book, separated by a comma.
Make sure that the replication schedule for the laptop includes the Public Address Book so that groups will be updated on a regular basis.
Laptop users who need to work while not connected to the home office must create replicas of all the databases they need. This fact implies that mobile users need a replication schedule to keep their databases updated. The goals you should have when
setting up a mobile user replication schedule are
The basic strategy you should follow is to replicate high-priority databases such as the mailbox with every connection, while limiting the replication of large databases or low-priority databases to network-based locations. You also can limit your phone
charges by setting up a maximum replication time or by replicating partial documents only. This strategy assumes that mobile users will be in the home office on a regular basis so that they can perform full replications.
You can limit replication time from either the client or server. You can set up your dial-up or passthru servers to limit replication time by editing the ReplicationTimeLimit setting in the NOTES.INI file. You also can edit a connection document on the
server and enter a number in the ReplicationTimeLimit field. The default when this field isn't filled in is to complete replication no matter how much time it takes.
One important part of replication for mobile users is the replication of design changes. You must give servers with which you replicate at least designer access to all replicas on your laptop. The easiest way to do this is to add all servers to the
LocalDomainServers group in the Personal Address Book. This assumes that your organization is using LocalDomainServers and OtherDomainServers in database access control lists, and that these groups are given manager or designer access to databases. If your
organization is using some other group name, create the appropriate group and enter servers into it.
Mobile users can develop a detailed replication plan for each location, using the Replicator page from the workspace. The Replicator page is always the last tab on a workspace, and changes depending on your location. To configure a Replicator page,
follow these steps:
The Replicator page is now customized for the selected location. All database replicas on your laptop are automatically listed in the Replicator page. You can choose to replicate a database by selecting it from the list. The Replicator page also lets
you initiate or hang up calls on demand as well as send mail.
Mail is the lifeline that connects mobile users to their organizations. Users need constant access to e-mail to create, send, or read the latest messages. Mobile users ideally should have access to their e-mail at all times. This system requires
maintaining a replica copy of the mailbox on the laptop. If the laptop was configured as a mobile station during the initial setup, a replica of the user's mailbox has already been created on the laptop. Otherwise, you need to create a replica manually on
the laptop. See Chapter 15, "Administering Replication," for details on creating replicas.
You can specify a different mail file for every location. For non-network-based locations, specify the local replica of your mailbox. This strategy enables you to create new messages offline and have them mailed the next time you connect. While in the
office, you should use server-based mail so you have access to the latest e-mail. The mail file is configured in the location document.
Users should copy commonly used groups from the Public Address Book to the Personal Address Book. This plan enables the Notes client to check for typos even while not connected to a network.
Mobile users have to perform several tasks that are normally performed by an administrator, including:
Training for mobile users thus overlaps somewhat with training for administrators. It's important that mobile users know how to perform these tasks. Users should know how to create replicas on their laptops, and so must understand the concept of
replication. Make sure that users enforce local security, so that they aren't confused when using local copies. For more detail on local security, see Chapter 18, "Administering Notes Security."
Mobile users maintaining local replicas of databases should check disk space on a regular basis. Some databases can grow quite large. You need to make sure that mobile users purge local copies on a regular basis so that they don't run out of disk space.
Mobile users also need to know how to maintain an address book so that they can address mail and connect to servers. Because mobile users don't have access to the Public Address Book while disconnected, they need to copy parts of the Public Address Book
to their Personal Address Books. Mobile users should copy all group documents for mail that they want to send, as well as server documents for servers to which they want to connect.
Supporting mobile users can be quite a challenge. Even in a perfect environment, mobile users don't receive the same level of service as LAN-based users. Mobile users have extra hurdles, including mail routing and replication. Dialing in over a 14.4 or
28.8 modem doesn't make life particularly easy when replicating large databases. Because mobile users don't have direct access to the Public Address Book, they often have to spend more time maintaining the Personal Address Book than network-based users.
There's no doubt about it, supporting mobile users is more time-intensive than supporting LAN-based users. Some planning can help you minimize the amount of effort required to support remote users. You should carefully analyze the needs of your
organization and mobile users when deciding how to support remote access to Notes resources. Your basic choices, which can be mixed and matched as desired, are
No matter which topology you choose, the extra cost involved in stringing phone lines and installing modems can be substantial. Some analysis of the number of connections needed should be done with an eye toward adequately supporting your peak usage
demands. One way to make the best use of your phone lines and modems is to use a hunt group, which can be supplied by your local telephone company.
One more word to the wise: Buy name-brand modems. Modems are one of the most trouble-prone areas in Notes. The amount of administrative effort required to set up and configure no-name modems will far more than offset the slight cost advantage. Buy the
fastest name-brand modems, and consider using multi-port modems for large installations.