Lotus Domino 8.5 introduced new type of client - mobile devices. Now users can access their mail, calendar, Journal, ToDo, and Address book from their mobile phones. Mail, calendar, todo, address book are now accessible whereever you are. You can connect to the Traveler server via Wireless or GPRS. Lotus Traveler push mail notifies device that it should gather new information from the server, via two protocols; TCP and SMS. In the TCP case, the server keeps the connection alive and the client polls the server for new mail or calendar events.
In the case of SMS, when a message arrives at the Domino server, Traveler sends a regular email to the email associated with this phone number. Majority of mobile operators provide this service. This email arrives on the phone as a silent SMS message, that indicates to the locally installed Lotus Traveler that it needs to gather new information from the server.
Domino 8.5 introduced a new database “lotustraveler.nsf”.
This database has a list of all users and devices that connect to the server. Lotus Traveler users are managed with the help of Lotus Traveler settings and policies in this database.
The database has three (3) views, Device Security, Devices, Users.
The Users view lists Users who use Traveler and their status:
View “Device Settings” is new in 8.5.1 and provides defaults for connecting devices.
View “Devices” shows every user devices and indicates the synchronization protocol; TCP or SMS.
From this view you may see also model, last sync time, OS type, and Lotus Traveler version. If you open a Selected document, you see more details, such as the Username, Device Name, IMEI, Last sync time, AutoSync Type = TCP/SMS, OS, Traveler client version. You may check this view and notify users, if they are running out of date clients.
Some devices based on Windows Mobile and iPhone also report security information, such as PIN protection of phone, security timeouts, encryption of memory card and so on. You may configure security requirements for your organization, for example, that devices should require PIN after time-out, or that MemoryCards should be encrypted. In case the device does not comply with security requirements you may report the violation, or deny access from the device. You should consult your security officer, about this. Traveler Settings in Domino Directory are used to control defaults for synchronization as well device security requirements.
You may allow only devices that comply with your security policy to connect to Traveler server. There are different options. Please refer to Traveler policy/setting help or information in the Infocenter.
Device security is the only view which has action items.
It allows you to wipe the device in case it was stolen. Or you may want to erase only the Traveler client.
You can select multiple options holding the CTRL key.
- Hard reset device – Will reset the device to factory defaults
- Lotus Traveler application and data – Will uninstall windows mobile from the device and delete locally stored mails
- Storage card – Will erase the contents of the Memory Card
The next time the device synchronizes with the server, the server will perform the wipe operation.
If clients have not yet connected to server, and there is no need to wipe it (for example, it was found), the administrator may the recall wipe request by selecting the “Clear Wipe” Action.
If a user is using SMS for synchronization, the administrator may use “Update SMS address” for this particular user.
There is also one more database, ntsclcache.nsf that provides failover in a clustered environment for Traveler users. It lists all databases on a mailserver from which the Traveler is looking up data. In case one server is down, Traveler will look up the mail file from another cluster node.
Designing Access Topology
There are several configuration options for setting up Traveler.
Depending on your security configuration you may use of of the following configurations.
If your Domino Mail server is accessible from the Internet then you can install Lotus Traveler on it. If you have the hardware resources, it is advised to install
Traveler on a separate server. You can install Traveler on any Microsoft Windows based Lotus Domino 8.5.1 server that has a valid Lotus Domino license. The Lotus Traveler license is included in the Lotus Domino 8.5.1 server license, so you don't need to pay for an additional license for Traveler.
You may put Lotus Traveler in a DMZ zone. In this case, it may not contain any replicas, it will look up mail files from the mail servers or mail cluster. It will work like a proxy; clients will connect to Traveler, but actual data (mail files) will be accessed from the Mail server.
The third and most secure way to access Lotus Traveler is to locate Traveler behind a firewall, so users will access Traveler server via a VPN client. Some phones provide built-in VPN client software, but others need additional software to be installed. In this case additional software could cause additional costs. Also, additional software means you need to manage it, so your Help Desk and IT departments will need to understand these considerations.
The following figure displays those who have access to Traveler Server.
Traveler Security Features
The following sections summarize some of the security features available with Traveler.
Lotus Traveler supports reading of encrypted mails. Starting in Version 8.5 Traveler supports encrypted mails. For this to work, you need to embed your user.id file in MailFile, the same way as you do if you want to read encrypted mails in Lotus iNotes (formerly WebAccess).
As mentioned above, Lotus Traveler 8.5 has new feature to remotely wipe a device if it was compromised. So far this feature is supported on Windows Mobile and Apple iPhone/iPod.
To check whether the device supports remote Wipe, please check the wipeSupported field.
If the device supports a remote wipe you can remotely erase needed information, for example, Memory Card, uninstall Lotus Notes Traveler, or even reset device to factory defaults. Use this function if the device is lost or stolen. When you click “Wipe Device” option and check what you want to do, you are actually issuing a console command. The next time device connects to the server, the selected actions will be carried out.
For information on gathering data to troubleshoot Lotus Traveler, see
Lotus traveler Requirements
Lotus Domino 8.x design of Domino Directory
Lotus Domino 8.5 server (Lotus Domino 8 minimum)
Mail server – at least 7.0.2 and users mailfiles should be based on version 6.5 newer template.
Ports: 80/443, and AutoSync port: 8642 should be opened on firewall
For more information on the ports used by Lotus notes traveler see:
- Windows Mobile 6.x
- Apple OS 3 (iPod Touch/iPhone)
- Symbian S60 (Nokia/Samsung)