The diagram in this topic shows a network topology that uses a Virtual Private Network (VPN) server as the secure access point to the company intranet from mobile devices.
The first diagram in this topic shows a network topology that uses a Virtual Private Network (VPN) server as the secure access point to the a standalone Lotus Notes
® Traveler server on the company intranet from mobile devices.
The second diagram shows the same network topology with an HA pool of Lotus Notes
Traveler servers. In this case, the function of spraying or load balancing the device requests is provided by a separate server in the trusted domain.
This solution allows for the most flexibility in terms of what applications can be connected by mobile devices and what protocols they are allowed to use. When you use a secure VPN tunnel between the mobile device and the company intranet, any applications that are running on the device can connect to any company server just as if it were running inside the company network. For example, you can use the device browser to open pages on an internal website or use instant messaging on the device that connects to internal messaging servers.
You might want to consider running the mobile device client connection with the HTTP protocol rather than the HTTPS protocol when you are using a VPN. The VPN typically provides a secure data channel. There is some performance gain using HTTP rather than SSL, because the mobile device and the IBM
® Lotus Notes
Traveler server do not need to encrypt all data. However, this leaves the connection unencrypted between the VPN connection point and the Lotus Notes
The type of VPN server that must be installed depends on the mobile device. Most of the mobile devices support some form of IPSec or PPTP protocol, so network VPN appliances can be used by the mobile devices. IBM Lotus
® Mobile Connect provides mobile clients that support Windows
™ Mobile and Nokia devices. It also offers a secure HTTP access solution for devices such as the Apple iPhone. For more information about the capabilities of Lotus
Mobile Connect, see the IBM Lotus Mobile Connect page
, which includes a link to Lotus
Mobile Connect documentation.
For Apple iOS devices, a VPN connection must be manually started by the device user. This connection may disconnect after it is started and will not restart automatically. Therefore, using a VPN connection as the primary method for connecting Mail, Calendar and Contacts applications on iOS devices to the Lotus Notes
Traveler server is not recommended. You should consider an SSL connection directly to the Lotus
Traveler server or an intermediate proxy.
In addition, pushed messages may not flow over an Apple VPN connection. As a result, it is suggested you not use a VPN solution if you intend to push messages.
Parent topic: Planning your network topology