All connections from hosted IBM SmartCloud Notes
servers to on-premises IBM
® servers are directed through an IBM Domino
Passthru server to ensure secure connections. Use this procedure to install and set up one or more Passthru servers.
In this exercise, you will:
- Complete First Server Setup by creating an IBM Domino Passthru server in the same certificate hierarchy as the hub and mail servers.
- Create a unique domain name for the Passthru server.
- Provide the new server ID file when prompted for server name.
- Set the network port and host name.
- Disable all unnecessary server tasks.
The Passthru Domain is the Domino domain in which the IBM Domino Passthru servers reside. The IBM Domino Passthru Server(s) must be in a separate Domino domain from the other SmartCloud Notes servers. The Passthru Domain acts as the intermediary point between incoming connections from the SmartCloud Notes servers and the on-premises Domino servers.
For security reasons, Passthru servers are set up in a unique on-premises domain that does not hold your directory synchronization servers or mail hub servers. For optimum security, configure your corporate firewalls so that connections to the passthru servers occur in your corporate demilitarized zone.
The Domino server used as the on-premises passthru server to allow SmartCloud Notes to connect to other servers. All connections from hosted SmartCloud Notes servers to on-premises servers are directed through an IBM Domino Passthru server to ensure secure connections. A SmartCloud Notes hybrid environment must have at least one Passthru server.
Connections between the hosted SmartCloud Notes servers and on-premises servers are directed through an IBM Domino Passthru server to ensure secure connections. If there will be a high volume of traffic between the two environments, set up at least two Passthru servers to minimize delays due to mail routing failover. The Passthru Server should be in a different Domino domain than the main on-premises domain. The Passthru Server Domain should be registered in the Domino Directory.
Parent topic: Configuring IBM Domino Environment
Previous topic: Exercise 1.1: Verifying Domino Systems
Next topic: Exercise 1.3: Verifying Access to Passthru Server
Need to Know
1. This exercise requires the use of a Domino
certifier from the same certificate hierarchy used by your Mail and Replication Hub servers. The certifier could be an Organization (O) or Organizational Unit (OU) certifier. The machine being used for this exercise should contain a copy of this certifier file. For additional information about certifier requirements in a hybrid environment, refer to: Certifier requirements in a hybrid environment
2. This exercise requires the use of the administrator ID used for your Mail and Replication Hub servers. The machine being used for this exercise should contain a copy of the administrator ID file.
The domain will function as a unique passthru server domain through which connections from SmartCloud Notes servers to your on-premises servers occur.
To minimize risk of network attacks from the Internet, configure inbound and outbound connections for your inner and outer firewalls. See links below for more information.
Please note that the service does not support the use of Domino clusters for passthru server failover.
Please note that although an existing administrator ID is used (step 6), because this is the first server in a new domain, a new mail file and person record for this user will be created on this Passthru server. The person record and mail file are not needed and will later be removed in the exercise Exercise 1.3: Verifying Access to Passthru Server.
1. On a machine with IBM Domino
server installed, but not yet configured, run nserver.exe
to start server setup. At the Welcome to Domino Server Setup!
, select Next
2. At the Server setup dialog, select Set up the first server or a stand-alone server
. Select Next
3. Provide a Server name
and Server title
using the worksheet you created in the previous exercise.
4. Provide the same organization name used for your mail and replication hub servers. Check the box I want to use an existing certifier ID file
and select Browse
to choose the appropriate certifier file (see prerequisite #1 above). Enter the password if prompted. Select Next
5. Provide a unique Domino
domain for this Passthru server. This domain name must be different than the one used for the on-premises Domino
Mail and Replication Hub servers. This is for security reasons. Select Next
6. Select I want to use an existing Administrator ID file
and select Browse
to choose the appropriate ID file (see prerequisite #2 above). Enter the password if prompted. Select Next
7. Leave the Directory Services
checkbox selected. Click Customize
8. On the Advanced Domino
Services screen, de-select all tasks except Mail Router
, Agent Manager
, and Administration Process
as shown in the diagram below. Select OK
If your configuration will contain two passthru servers then the replicator should be enabled to make sure configurations remain consistent across the two servers. You might also want to collect statistics on the passthru servers in which case you will need to enable the statistics collector task..
9. Once returned to the Server setup screen, select Next
10. On the Domino network settings
screen, select Customize
11. On the Advanced Network Settings
screen, de-select NetBIOS
. The TCP/IP Notes
port driver should be enabled and select Encrypt
to enable network encryption and compression. Confirm the fully qualified internet host name. Select OK
12. Confirm the Domino network settings
. Select Next
13. On the Secure your Domino Server
screen, leave the two settings checked (default). Select Next
14. Review the options you selected. When confident that you are ready to begin the server setup, select Setup
During Server setup, a Domino
Directory is created for this Domino
A new mail file is created for the user you selected in step 6.
16. View the Setup summary. Select Finish
17. Start the Domino