Traveler

Abstract

ShowTable of Contents

HideTable of Contents

1 Device Management
2 Designing Access Topology
3 Traveler Security Features
- 3.1 Encrypted Mails
- 3.2 Wipe options
4 Additional Information

Table of Contents | Previous Page | Next Page

Lotus Domino 8.5 introduced new type of client - mobile devices. Now users can access their mail, calendar, Journal, ToDo, and Address book from their mobile phones. Mail, calendar, todo, address book are now accessible whereever you are. You can connect to the Traveler server via Wireless or GPRS. Lotus Traveler push mail notifies device that it should gather new information from the server, via two protocols; TCP and SMS. In the TCP case, the server keeps the connection alive and the client polls the server for new mail or calendar events.

In the case of SMS, when a message arrives at the Domino server, Traveler sends a regular email to the email associated with this phone number. Majority of mobile operators provide this service. This email arrives on the phone as a silent SMS message, that indicates to the locally installed Lotus Traveler that it needs to gather new information from the server.

Device Management

Domino 8.5 introduced a new database “lotustraveler.nsf”.
This database has a list of all users and devices that connect to the server. Lotus Traveler users are managed with the help of Lotus Traveler settings and policies in this database.

The database has three (3) views, Device Security, Devices, Users.

The Users view lists Users who use Traveler and their status:

View Users

View “Device Settings” is new in 8.5.1 and provides defaults for connecting devices.

View “Devices” shows every user devices and indicates the synchronization protocol; TCP or SMS.
View devices

From this view you may see also model, last sync time, OS type, and Lotus Traveler version. If you open a Selected document, you see more details, such as the Username, Device Name, IMEI, Last sync time, AutoSync Type = TCP/SMS, OS, Traveler client version. You may check this view and notify users, if they are running out of date clients.
View Detail

Some devices based on Windows Mobile and iPhone also report security information, such as PIN protection of phone, security timeouts, encryption of memory card and so on. You may configure security requirements for your organization, for example, that devices should require PIN after time-out, or that MemoryCards should be encrypted. In case the device does not comply with security requirements you may report the violation, or deny access from the device. You should consult your security officer, about this. Traveler Settings in Domino Directory are used to control defaults for synchronization as well device security requirements.

You may allow only devices that comply with your security policy to connect to Traveler server. There are different options. Please refer to Traveler policy/setting help or information in the Infocenter.

Device security is the only view which has action items.
It allows you to wipe the device in case it was stolen. Or you may want to erase only the Traveler client.

You can select multiple options holding the CTRL key.
Wipe Options

Hard reset device – Will reset the device to factory defaults
Lotus Traveler application and data – Will uninstall windows mobile from the device and delete locally stored mails
Storage card – Will erase the contents of the Memory Card

The next time the device synchronizes with the server, the server will perform the wipe operation.
If clients have not yet connected to server, and there is no need to wipe it (for example, it was found), the administrator may the recall wipe request by selecting the “Clear Wipe” Action.

If a user is using SMS for synchronization, the administrator may use “Update SMS address” for this particular user.

There is also one more database, ntsclcache.nsf that provides failover in a clustered environment for Traveler users. It lists all databases on a mailserver from which the Traveler is looking up data. In case one server is down, Traveler will look up the mail file from another cluster node.

Designing Access Topology

There are several configuration options for setting up Traveler.
Depending on your security configuration you may use of of the following configurations.
Configuration options.

If your Domino Mail server is accessible from the Internet then you can install Lotus Traveler on it. If you have the hardware resources, it is advised to install
Traveler on a separate server. You can install Traveler on any Microsoft Windows based Lotus Domino 8.5.1 server that has a valid Lotus Domino license. The Lotus Traveler license is included in the Lotus Domino 8.5.1 server license, so you don't need to pay for an additional license for Traveler.

You may put Lotus Traveler in a DMZ zone. In this case, it may not contain any replicas, it will look up mail files from the mail servers or mail cluster. It will work like a proxy; clients will connect to Traveler, but actual data (mail files) will be accessed from the Mail server.

The third and most secure way to access Lotus Traveler is to locate Traveler behind a firewall, so users will access Traveler server via a VPN client. Some phones provide built-in VPN client software, but others need additional software to be installed. In this case additional software could cause additional costs. Also, additional software means you need to manage it, so your Help Desk and IT departments will need to understand these considerations.

The following figure displays those who have access to Traveler Server.
Traveler Access

Traveler Security Features

The following sections summarize some of the security features available with Traveler.

Encrypted Mails

Lotus Traveler supports reading of encrypted mails. Starting in Version 8.5 Traveler supports encrypted mails. For this to work, you need to embed your user.id file in MailFile, the same way as you do if you want to read encrypted mails in Lotus iNotes (formerly WebAccess).

Wipe options

As mentioned above, Lotus Traveler 8.5 has new feature to remotely wipe a device if it was compromised. So far this feature is supported on Windows Mobile and Apple iPhone/iPod.
To check whether the device supports remote Wipe, please check the wipeSupported field.
Enabling Wipe

If the device supports a remote wipe you can remotely erase needed information, for example, Memory Card, uninstall Lotus Notes Traveler, or even reset device to factory defaults. Use this function if the device is lost or stolen. When you click “Wipe Device” option and check what you want to do, you are actually issuing a console command. The next time device connects to the server, the selected actions will be carried out.

Additional Information

For information on gathering data to troubleshoot Lotus Traveler, see
http://www-01.ibm.com/support/docview.wss?uid=swg21297416

Lotus traveler Requirements

Lotus Domino 8.x design of Domino Directory
Lotus Domino 8.5 server (Lotus Domino 8 minimum)
Mail server – at least 7.0.2 and users mailfiles should be based on version 6.5 newer template.
Ports: 80/443, and AutoSync port: 8642 should be opened on firewall

Port Usage

For more information on the ports used by Lotus notes traveler see:
http://www-01.ibm.com/support/docview.wss?uid=swg21298475

Supported Devices

Windows Mobile 6.x
Apple OS 3 (iPod Touch/iPhone)
Symbian S60 (Nokia/Samsung)

Table of Contents | Previous Page | Next Page

Article information

Category:

IBM Redbooks: Lotus Notes and Domino version 8.5 Deployment Guide

Tags:

This Version:

Version 4

September 30, 2010

9:32:30 PM

by Bill Wimer IBMer

Attachments (8)

Versions (4)

Comments (0)

Copy and paste this wiki markup to link to this article from another article in this wiki.

Link:

Version ComparisonCompare version with version
	Version	Date	Changed by	Summary of changes
	This version (4)	Sep 30, 2010 9:32:30 PM	Bill Wimer
	3	Dec 17, 2009 9:21:12 AM	Bart Jacob
	2	Dec 15, 2009 11:52:34 AM	Bart Jacob
	1	Nov 1, 2009 4:28:12 PM	Bart Jacob