Use either the virtual private network or the reverse proxy solution to ensure the best overall security. However, it is also possible to use SSL from the mobile device to connect directly to the IBM® Lotus Notes® Traveler server inside the DMZ.
When using this configuration, take steps to ensure that the Lotus
® server has been secured and does not contain unnecessary data. For example, it is not recommended to host user mail files on the Lotus Domino
server in this configuration. Consider installing this Lotus Domino
server in a Domino
domain different from your production mail domain. This configuration has the advantage that no personal records for users are present in the local names.nsf, and directory assistance will be configured to remotely access the actual directory inside the production domain. For more information, see Supporting multiple Lotus Domino domains
The Lotus Notes Traveler server sits inside your DMZ and should not contain any user mail files. You must open port 443 on the Internet-facing firewall to the Lotus Notes Traveler server for data syncing. Also, if you are using a Windows® Mobile or Nokia device client earlier than 8.5.2, you must open port 8642 to the Lotus Notes Traveler server for auto sync. Then, on the intranet firewall, you must open up Notes® RPC port 1352 to each IBM Lotus® Domino® mail server that contains user mail files.
This configuration is shown using only HTTPS (SSL) connections between the device and the Lotus Notes Traveler server. While it is technically possible to connect the device to the server using HTTP (port 80), do not use this configuration.
Parent topic: Planning your network topology