Comments on: Domino/Lotus Database Replication

By: jatinvs

jatinvs — Tue, 24 Aug 2004 00:59:36 +0000

Hi,
We have put ur server in DMZ and remote users are getting conneted through VPN client.This provides two level of security. But option of putting passthrough server in DMZ and accessign Server through Secure ID is also good.

Select the solution based on resources available to you. It is recomnded that you should not use separate server for this.

By: jatinvs

jatinvs — Tue, 24 Aug 2004 00:59:12 +0000

Select the solution based on resources available to you. It is recomnded that you should not use separate server for this.

By: mgaines

mgaines — Fri, 20 Aug 2004 11:27:41 +0000

Rather than go a strict VPN route, we have a pass through server in our DMZ and permit remote Notes users to access this server using Secure ID cards. The remote users can then replicate to their local computers.

Another, less secure, way that you could try is to have a pass through server connecting to the internet where you control the replication on your end and enable Domino encryption. It all depends on the level of security that you need. Then there is always the old modem on the POTS line.

By: volkermueller

volkermueller — Thu, 19 Aug 2004 15:32:33 +0000

right

By: loudsinger

loudsinger — Thu, 19 Aug 2004 15:23:30 +0000

The smartest thing to do with security in mind is a VPN to the network. If that is not an option, a domino server in the dmz that the user replicates with should be fine. I think people are way to cautious about Domino on the internet. If you do not allow HTTP access, and only allow replication via 1352, you probably have a higher chance of getting struck by lightning 2x in a day and winning th lottery then getting hacked. You would have to get both a Notes ID and password to even access the server, and to hack it, you would need to somehow get a admins ID and password.
HTH. -LS

By: volkermueller

volkermueller — Thu, 19 Aug 2004 14:13:38 +0000

The second way, discribes by JimmyBob Toy, would be one of the most secure ways. Another easy way could be, depending on your security needs, to open port 1352 (notes) in your firewall and use port encryption to secure the transportation. But if your domino server behind your firewall hosts very secure data, this would be perhaps not safe enough if you are audited. on the other hand side: port 1352 is secure if you are up to date.

Volker

By: andrewyoung

andrewyoung — Thu, 19 Aug 2004 14:12:24 +0000

That is exactly what we have done…opened a port on the firewall and assigned external IP addresses and created connection documents on the client pc’s accordingly. Very reliable, and very secure.

By: jimmybobtoy

jimmybobtoy — Thu, 19 Aug 2004 10:40:47 +0000

We have many dial-in users that either need to directly access a variety of databases or need to update local replicas. They establish an internet connection through a local ISP and then launch a secure VPN client enabling them to link to our internal network as a regular client. They then replicate/access databases from our production Notes servers within the firewall. No external servers are needed outside of the firewall for dial-in access.