Domino/Lotus Database Replication

pts.
Tags:
Address book
Corporate portal applications
E-mail applications
iNotes
Lotus Domino
Microsoft Exchange
Web access
We have the need to host domino databases outside our network. Remote users running the lotus notes client need to replicate databases from the local client over the internet with security in mind. I am looking for current practices that may fit our needs. Options may be to secure a server externally or host this service through a secure appliance. Any thoughs or practices are welcome.

Answer Wiki

Thanks. We'll let you know when a new response is added.

We already do that – our web site is hosted externally by an ISP and we replicate documents from our internal LAN.

To do this, we simply created connection documents from the internal pointing to the ‘external’ IP address of the external server, and opened up the firewall to port 1352 for just the two servers’ ip address.

We then configured the internal server as a pass-thru server to the external one.

HTH

Discuss This Question: 8  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • JimmyBobToy
    We have many dial-in users that either need to directly access a variety of databases or need to update local replicas. They establish an internet connection through a local ISP and then launch a secure VPN client enabling them to link to our internal network as a regular client. They then replicate/access databases from our production Notes servers within the firewall. No external servers are needed outside of the firewall for dial-in access.
    0 pointsBadges:
    report
  • AndrewYoung
    That is exactly what we have done...opened a port on the firewall and assigned external IP addresses and created connection documents on the client pc's accordingly. Very reliable, and very secure.
    0 pointsBadges:
    report
  • VolkerMueller
    The second way, discribes by JimmyBob Toy, would be one of the most secure ways. Another easy way could be, depending on your security needs, to open port 1352 (notes) in your firewall and use port encryption to secure the transportation. But if your domino server behind your firewall hosts very secure data, this would be perhaps not safe enough if you are audited. on the other hand side: port 1352 is secure if you are up to date. Volker
    0 pointsBadges:
    report
  • LoudSinger
    The smartest thing to do with security in mind is a VPN to the network. If that is not an option, a domino server in the dmz that the user replicates with should be fine. I think people are way to cautious about Domino on the internet. If you do not allow HTTP access, and only allow replication via 1352, you probably have a higher chance of getting struck by lightning 2x in a day and winning th lottery then getting hacked. You would have to get both a Notes ID and password to even access the server, and to hack it, you would need to somehow get a admins ID and password. HTH. -LS
    0 pointsBadges:
    report
  • VolkerMueller
    right
    0 pointsBadges:
    report
  • MGaines
    Rather than go a strict VPN route, we have a pass through server in our DMZ and permit remote Notes users to access this server using Secure ID cards. The remote users can then replicate to their local computers. Another, less secure, way that you could try is to have a pass through server connecting to the internet where you control the replication on your end and enable Domino encryption. It all depends on the level of security that you need. Then there is always the old modem on the POTS line.
    0 pointsBadges:
    report
  • JatinVS
    Hi, We have put ur server in DMZ and remote users are getting conneted through VPN client.This provides two level of security. But option of putting passthrough server in DMZ and accessign Server through Secure ID is also good. Select the solution based on resources available to you. It is recomnded that you should not use separate server for this.
    0 pointsBadges:
    report
  • JatinVS
    Hi, We have put ur server in DMZ and remote users are getting conneted through VPN client.This provides two level of security. But option of putting passthrough server in DMZ and accessign Server through Secure ID is also good. Select the solution based on resources available to you. It is recomnded that you should not use separate server for this.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following