Your Development & Design Resource
Want to deploy Traveler 8.5.2 but can't upgrade your IBM Lotus Domino environment? Your iPhone, iPad, and Droid will thank you...
09/08/2010 09:49 PM by Chris Toohey
... did I tell you that I have an iPhone now? An iPhone 4, actually. And prior to that, I was testing an iPad. This on the heels of purchasing two iPod Touch devices for my children (oldest girl and boy birthdays are only a few calendar weeks apart).
And I can say that I'm becoming more and more of a fan of iOS. In fact, I'm currently downloading 4.1 while I write this post. My poor Zune 30 is sitting here on my desk, it's last charge well-past spent, and I'm almost completely used to the clunkiness of iTunes.
Why the sudden jump? Well, I have customers that wanted the iPhone... after a C-level employee was given an iPad as a gift.
Funny how that works, huh?
... the problem that this particular customer ran into was that they were unable to upgrade their Domino infrastructure. They are currently mid-upgrade of their environment, and for some reason are upgrading the Lotus Notes Clients before they upgrade their Domino environment. Cart before the horse, I know... but it's the reality that they're steadily working through.
So, how do you implement IBM Lotus Traveler 8.5.2 in a Domino environment that you can't upgrade?! Simple really... but let's first look at a standard Traveler implementation.
The thing about Lotus Traveler is that -- unless your VPN'ing from the device itself (which is certainly possible...) -- you really need to have your Lotus Traveler server externally-accessible. For most enterprises, this means putting a server in your DMZ and only allowing specific port traffic to communicate (preferably over a secured and encrypted connection).
... but you don't need to put your mail files on the Lotus Traveler server. You just need to make sure that the Traveler server can communicate with the Domino server where your mail actually exists.
Your device (in this case, an iPhone) connects to a Lotus Traveler server that's externally accessible and currently residing in your DMZ. Traveler proxies the requests back to your secured Domino infrastructure and delivers email, calendaring, contacts, and journal/notes services.
Pretty standard stuff really... provided you can upgrade your entire environment to 8.5.2!
Since we absolutely couldn't upgrade the environment, and there were concerns with upgraded design elements and NotesDocumet-level upgrade-driven changes replicating through-out the Domino environment even if we upgraded a single server and disabled replication... I had to come up with a solution.
And it was a simple one:
- Create a new Domino Domain for the Lotus Traveler server. (ACME_EXT)
- Cross-certify /ACME and /ACME_EXT.
- Create a replica of the /ACME Domino Directory (making sure to disable Design Inheritance) on the /ACME_EXT Domino server (as acme.nsf).
- Configure Directory Assistance to recognize acme.nsf as a secondary Domino Directory (with Group Authentication) for /ACME_EXT.
- Setup Lotus Traveler on /ACME_EXT and connect the iPhones, iPads, and other devices at will!
The user still authenticates to Traveler via their /ACME credentials (which are now supported via Directory Assistance), and Traveler proxies the requests back to your secured Domino infrastructure and delivers email, calendaring, contacts, and journal/notes services!
The beauty of this technique is that you can quickly and easily ramp-up a Domino environment with the latest release without needing to upgrade your existing infrastructure. You can test away without fear of impacting your production network. You can lock down that environment if needed without impacting any additional services, and if you are hacked in any way, they'll be hitting a box that ultimately has nothing on it!
Another benefit to this technique is that you're not limited to simply putting a server in your DMZ within your own infrastructure, but you can additionally leverage Domino hosting services like LotusLive or Domino via Amazon Web Services to quickly (and painlessly) get a Traveler environment up and running.
I have to admit... I'm quite happy with this administration and infrastructure solution, but I'm no admin. To my admin-minded friends out there, what'cha think? Any blindspots in my plan? Could this be a best practice for such situations?
Does this solution make LotusLive or Domino AWS even more of a value-added offering?