Configure all Domino servers to reject Telnet and FTP connections
Don't allow file system access to the Domino server or tht operating system on which Domino runs.
Option for avoid database corruption
1) Create an isolated network and use cut-through (non-buffering) layer-2 switches to interconnect the Domino server to the NAS system
2)Limit access to the NAS system to the Domino server.
3)Reduce the number of hops ans the distance between hops in the connection pathways between the Domino server and the storage system.
3)User a block protocol instead of a file protocol.
4)Use a private storage area network (SAN) instead of a shared NAS system.
5)Avoid creating any file-access connection between Domino and other application
Net Field
You might use the simplw IP host name if you are setting up mutiple TCP ports for NRPC, a configuration in which using the FQDN for eachnetwork address can cause connection failures if the Notes Nmae Service returns the FQDN for the TCP port
Full name: app01.acme.com
Simple name: app01
CAUTIOn
In a production environment, do not use IP address in Net Address fields. Doing so can result in serious administrative complications if IP address change or if Network Address Translation (NAT) connections are used, as the values returned by the Notes Nmae Service will not be correct.
File security
Configure all Domino servers to reject Telnet and FTP connections
Don't allow file systemm access to the Domino server or tht operating system on which Domino runs.
Option for avoid database corruption
1) Create an isolated network and use cut-through (non-buffering) layer-2 switches to interconnect the Domino server to the NAS system
2)Limit access to the NAS system to the Domino server.
3)Reduce the number of hops ans the distance between hops in the connection pathways between the Domino server and the storage system.
3)User a block protocol instead of a file protocol.
4)Use a private storage area network (SAN) instead of a shared NAS system.
5)Avoid creating any file-access connection between Domino and other application
Net Field
You might use the simplw IP host name if you are setting up mutiple TCP ports for NRPC, a configuration in which using the FQDN for eachnetwork address can cause connection failures if the Notes Nmae Service returns the FQDN for the TCP port
Full name: app01.acme.com
Simple name: app01
CAUTION
In a production environment, do not use IP address in Net Address fields. Doing so can result in serious administrative complications if IP address change or if Network Address Translation (NAT) connections are used, as the values returned by the Notes Nmae Service will not be correct.
DNS
We should create a DNS record for Domino server or add Domino ip address to local hosts file.
Single Domain
Domino server name: tt/ttasia
Server name( which installs Domino server): mail (ip is 192.168.0.100)
We need add the following record on DNS server
mail<-> (192.168.0.100)
tt<->(192.168.0.100)
[Domain connection
We should add a new Domain if you want connect to cc/tteur. ( cc's IP is 192.168.2.10)
Create a new branch "tteur" under Forward Lookup zone.
Add a record cc<->192.168.2.10
]
About Change IP
We should input the FQDN (Full qualified Domain Name)
The Domino server can change ip address very easy. We shouldn't any changes about Domino server.
Otherwise
Solution 1)We should change a Domino server's ip address late in the evening,but before midnight
Solution 2)Input the FQDN when you try to open a Domino server.
Solution 3)Disable us e of the cache addresses.
add Dont_Use_Remembered_Addresses=1 on notes.ini
(0 - Domino server will use port and address from the cache.
1 - Domino server will try all ports and addresses for a given server)
Partition Server
We are best to assign a separate IP address to each partion and use a separate NIC for each.
We should map port for partition server if we only have one NIC on the partition server.
User-to-User access and server-to-server access via different DNS subdomain
If the Domino server is runing Windows and there is a route between the two networks. Prevent the NetBIOS broadcast from exiting from both adapters. We should disable WINS on one adapter.
To direct the Domino server's first outbound connection to the server -to-server network edit port setting in the Notes.ini file.
Port=serverportname, userportname
Severportname will be used to connect to other domino server.
Userportname will be used to connect to Lotus end user.
We shouldn't use the same name for Domino service name& server name which run Domino service.
Change the name of a notes named work
Configuration -> Current Server Document->edit server->Ports->Notes Network Ports
To conserve system resources, you should disable the ports for protocols that you don't need.
Disabling a network port on a server
Configure->tools->Server->Setup Ports
Or
Web Administrator's tool->Setup
Select the port you want to disable,and then deselect "Port enabled"
Click OK
Run
Restart Port portname.
Port mapping (If we want to use partitions server, we only have one NIC)
Please add the following information in NOTES.INI
TCPIP_TcpAddress=0,192.94.222.169:1352
TCPIP_PortMapping00=CN=Server2/0=Org2,192.94.222.169:13520 (Notice:Partion 2)
TCPIP_PortMapping01=CN=Server3/0=Org3,192.94.222.169:13521 (Notice:Partion 3)
TCPIP_PortMapping02=CN=Server4/0=Org4,192.94.222.169:13522 (Notice:Partion 4)
TCPIP_PortMapping03=CN=Server5/0=Org5,192.94.222.169:13523 (Notice:Partion 5)
TCPIP_PortMapping04=CN=Server6/0=Org6,192.94.222.169:13524 (Notice:Partion 6)
(The N of PortMapping0N is a number of 0 and 4 assigned in ascending sequence.
13520-13524 are the mapping port numbers. server2-server6 are the server name of partitions
org is the organization name. CN is the country coed. 192.94.222.160 is the share ip address.
Create some DNS record for partitions such as Partition1<->192.94.222.169
Partition1<->192.94.222.169 ......)
The NPRC default is 1352.
Default information
Define a LANA number in Lotus Domino
Domino Administrator->Configuration tab->tools->Server->Setup Ports
Select port,where portname is the name of the NetBIOS port for which you are defining aLANA number
Click "Portname options"->Manual->Enter the correct LANA number.
You can view or set LANA by lanacfg (http://kiddanger.com/download/lanacfg.zip)
没有评论:
发表评论