For the original or accessible version of this article, see
Lotus
Foundations Start Administration Guide - All available languages (1.1).
Lotus Foundations scalable services
Overview
Lotus(R) Foundations scalable services are not
intended to replace the functionality provided by Microsoft(R)
Windows(R) domains. They are designed with the intention of
making Lotus Foundations more scalable by centralizing the administration
of a group of Lotus Foundations servers.
Scalable services employ a master-slave network model,
enabling a single master server to centrally manage all users and licensing
for multiple slave servers.
Lotus Foundations scalable services introduction
The needs and concerns of small to medium businesses can
be best met with a single easy-to-use and easy-to-manage device. As organizations
grow, they are generally required to expand their network services as additional
load is placed on the single server. Scalable services are designed to
facilitate the needs of growing organizations while still maintaining ease-of-use
and capitalize on Lotus Foundations' ease-of-deployment. They introduce
the ability for multiple Lotus Foundations servers to be deployed across
an organization yet still provide centrally managed user and licensing.
The hierarchical model allows for an organization to design their infrastructure
to most efficiently deliver services based on the following:
- Number of employees
- Geographic expanse
- Actual usage of services and resources of the IT infrastructure
Lotus Foundations scalable services terminology
Table 8. Lotus Foundations scalable services terminology
| Term
| Definition
|
| Login access
| The Lotus Foundations server to which each team/user is
assigned
|
| Scalable services region
| A group of Lotus Foundations servers configured to share
scalable services-related information, such as master server, slave servers,
teams, team members, and users; a Lotus Foundations server may be a member
of one region at most
|
| Scalable services master server
| The sole administration point for a scalable services
region
|
| Scalable services slave server
| Any Lotus Foundations server with the scalable services
feature enabled and not acting as the scalable services master server
|
| Scalable services node
| Any Lotus Foundations server that is either a scalable
services master or scalable services slave
|
| Standalone server
| Any Lotus Foundations server without scalable services
enabled |
Features of Lotus Foundations scalable
services
There are three main features of Lotus Foundations scalable
services:
- User synchronization
- Domain Name Service (DNS) synchronization
- Scalable services licensing and user licenses
User
synchronization
Lotus Foundations scalable services helps you centrally
manage user and team information from the Lotus F oundations scalable services
master server. The synchronization of users and team includes ALL user
configuration information, including the following information:
- Username
- Password
- Full Name
- Team membership
- Administrative rights
- Point-to-Point Tunneling Protocol (PPTP) setting
- File Transfer Protocol (FTP) setting
- Drive mounting
- Disk quota
Synchronization occurs
in a uni-directional manner. This means that all user configuration changes
must be done on the master node. Any changes made to a synchronized user
in the slave node is overwritten on the next synchronization. Any changes
made to a user on the master replicates to the slave node on which the
user has node access. If a previously existing user shares a name with
a synchronized user, then the existing user's settings are overwritten.
All team and user accounts exist on the master node. This enables all users
to authenticate against the master.
The synchronization of a team automatically synchronizes
all members of the team without having to specify the individual users.
This includes teams that were members of the team transferred, as well
as all of their users.
DNS Synchronization
This feature includes the ability to propagate workstation
host names to the other nodes so that workstations and servers may be addressed
by name across an Internet Protocol Security (IPSec) virtual private network
(VPN) rather than just by Internet Protocol (IP) address.
The master accumulates lists of all host names from each
slave, combines these lists with its own list of local host names, and
distributes it to each of the slaves that has DNS Sync enabled. To resolve
situations in which there are identical host names on different servers,
DNS Sync sorts the list of host names such that hosts that are local to
the current server are resolved first. That is, on a slave, local host
names take priority over host names local to the master which, in turn,
take priority over those on other slaves.
In the event that DNS records conflict (in other words,
the same DNS name resolves to two different IP addresses that are on different
nodes in the region), an entry from the local node preempts the remote
node. An entry on the master preempts an entry from a remote slave. If
two slaves have conflicting names, each one selects its own local name
for itself, and the master selects one of the names to distribute to all
the other machines. The name the master selects does not depend on the
order in which the slaves have most recently synchronized, though it may
depend on which slaves have supplied the conflicting names (for example,
the original implementation resolves conflicts by selecting the slave with
the host name that is first alphabetically). In order to guarantee that
DNS entries are known and are consistent between scalable services servers,
any DNS entry that has been explicitly set on the master takes precedence
over any on a slave. This can only be overridden on a slave by explicitly
setting a DNS entry that slave.
DNS Synchronization allows a scalable services region with
multiple locations to use a single domain name across the entire region.
By synchronizing with the master server on specified intervals, the slave
servers also acquire the ability to recognize the region's domain and propagate
it throughout the region. This makes it even easier to recognize all the
servers by name, such as master.domain.com, slave1.domain.com,
and slave2.domain.com, rather than having each node using their
own domain name.
Scalable services licensing and user licensing
User license management is simplified with scalable services.
One user license is automatically synchronized to each slave for each user
(or team that has its own password) synchronized to that slave. This means
that in a typical setup, the master server is purchased with su fficient
user license so that each user/team has one and slave servers do not need
to be purchased with any. The master scalable services node requires user
licenses for each user in the region.
User accounts that are no longer being synchronized to
the slaves are not automatically deleted (and hence may use a user license
on the slave). This is not of great consequence because the number of user
licenses a slave has allocated to it depends on the accounts that are being
actively synchronized. That is, extra (old) accounts on the slave are locked
out.
By using scalable services, you can convert the Lotus Foundations
user licenses on the master server into network user licenses. You no longer
need to worry about user licenses for any of the slave servers, as they
will automatically inherit any required user licenses from the master server
for all users controlled by the master server.
Lotus Foundations scalable services regions
With Lotus Foundations scalable services, a hierarchical
structure is used to centralize the management of the Lotus Foundations
servers. This is best understood as a single master-to-multiple slaves
configuration. Each scalable services hierarchy is known as a region.
At the top of each scalable services region is the master
server. The master server is responsible for the configuration and account
synchronization throughout the scalable services region.
Each node in the region is a complete Lotus Foundations
server within itself, capable of providing all the normal Lotus Foundations
services. Scalable services augment the Lotus Foundations abilities by
providing the capability to configure user data between all nodes of the
region. This synchronization is possible across the local area network
(Internet Protocol Security - IPSec) and across the virtual private network
(TunnelVision) to address geographically diverse environments.
The following diagram shows a sample Lotus Foundations
scalable services region.
Figure 19. Sample scalable services region
Centralized Management and Administration
While Lotus Foundations already provides Web-based administration
through WebConfig that is accessible remotely, the administration of users
and teams across the entire network is not cohesive when deployed with
standalone servers. User additions and modifications need to be manually
replicated across the different Lotus Foundations servers to keep all the
configurations synchronized.
Scalable services simplify this by centralizing the administration
of the users and teams on the master server. Modifications to a user's
configuration, such as a password change, are automatically synchronized
to the slave servers.
Before enabling scalable services, an architectural plan
should be constructed as to the layout of the IT network and the distribution
of the users.
Setting up a scalable services region
If a Lotus Foundations server possesses a scalable services
master or scalable services slave license, a link labeled Scalable Services
is displayed in the left side menu of WebConfig.
On a standalone Lotus Foundations server that has a scalable
services license, clicking Scalable Services in the left side menu
of WebConfig opens a page containing the following table.
Figure 20. Scalable services Local Node Setup page
Table 9. Fields for the Local Node Setup page
| Local Node Setup Page Fields
| Definition
|
| Mode
| Identifies the server as a standalone, master, or slave
server
|
| Scalable Services Region Name
| Name of the scalable services region in which this server
participates
|
| Scalable Services Password/Re-enter Password
| Password for the scalable services region
|
| Sync Frequency
| Frequency with which the master synchronizes user data
and DNS data with the scalable services slaves; this field can only be
configured on the master server
|
| Master Node
| IP address or (internal) host name for the master server;
this field can only be configured on slave servers |
Configuring a master server
Selecting the Mode for the server as Master
and clicking Save Changes refreshes the page to show the Basic
Setup tab of the scalable services configuration page.
Figure 21. Basic Setup tab of the scalable services master
server
The Scalable Services Configuration section of the Basic
Setup tab displays the status of all slave servers in the region. As
there are presently no slaves configured, this table is empty.
The Local Node tab displays the scalable services
page described at the beginning of the Setting up the scalable services
region section.
The User Node Access tab displays team node access
and user node access. This page leads to configuration pages for user/team
access and e-mail home servers.
Configuring a slave server
To configure a server as a slave server, follow these steps:
1. Click
Scalable Services in the left side menu of WebConfig. A page is
displayed that is similar to the page used when configuring the master
server.
2. Select
Slave for the Mode if it is not already selected. Fields
not editable in standalone mode are now editable.
Figure 22. Slave server setup screen
3. For
Scalable Services Region Name, type the name of the region you created
when setting up the master server.
4. For
the Scalable Services Password and Re-enter Password fields,
type the password you created with the master server.
5. For
Master Node, type the host name or IP address of the master server.
6. Click
Save Changes.
7. Once
you have clicked to save the slave server settings, two error messages
are displayed in the Slave Node Status section of the Scalable Services
page. The first message states the slaver server is not authorized to join
the scalable services region. The second message states that DNS Sync requires
the node to join the scalable services region. To remove the messages,
return to the master server and authorize the slave server.
Authorizing a slave server on the master
The master must grant permission to each slave attempting
to connect to the scalable services region.
After a slave has been configured and attempts to connect,
a message is displayed in the Scalable Services Configuration section of
the Basic Setup tab for Scalable Services with the machine
information for the slave server that attempted to join the scalable services
region.
Figure 23. Master server with unauthorized slave server
1. On
the master server, click Scalable Services in the left side menu
of WebConfig.
2. In
the Scalable Services Configuration section, click the edit icon 
in
the Action column.
3. In
the new page that opens, select Member for the Standing field.
Figure 24. Modify Node page of the master server
4. The
Hostname and IP Address fields display the name and the IP
address of the slave server requesting to join the scalable services region.
For the Standing entry, select Member to add the slave server
to the scalable services region.
5. For
the Enable DNS Synchronization entry, select Yes to enable
the slave server to synchronize DNS information with the master server.
6. In
the Users section, click to highlight all the users you wish to
assign to this node and click Add.
Figure 25. Adding users
7. Click
Save Changes to finish this configuration.
8. After
you have added the slave server to the scalable services region and authorized
it, the update of the new slave server is displayed in the Scalable Services
Configuration section of the Basic Setup tab of the Scalable
Services page.
Figure 26. Updated status page after authorizing a slave
server to the scalable services region
Administering Users and Teams
You can manage all of your users and teams across the entire
scalable services region from the master server with Lotus Foundations
scalable services.
1. While
logged into the master server, click Scalable Services in the left
side menu of WebConfig. Then click the User Node Access tab in the
Scalable Services page. The page lists the team nodes and user nodes for
the scalable services region.
2. The
Team ID and User ID list the teams and users in the scalable
services region. To configure a team or user, click the name of the team
or user you want to configure. The Full Name is a descriptive name
for a team or user, and Login Access specifies the slave (if any)
to which the account is synchronized. This setting can be configured in
the setup page specific to the team or user.
Figure 27. User Node Access page
3. Note
the team named NS3-region name . This is automatically created and
is known as the NS3 Team.
The scalable services team
Enabling Lotus Foundations scalable services prompts the
system to create a new team named after the scalable services region. This
team is password protected with the scalable services password and must
exist for scalable services to function properly. Modifying, renaming,
or deleting this team is not recommended while scalable services are enabled
as unexpected behavior may occur. If the team is deleted or renamed, it
is automatically recreated.
Lotus Foundations scalable services frequently
asked questions
Some frequently asked questions about Lotus Foundations
scalable services are listed below.
1. Are
administrator accounts on the master server synchronized to the slave server(s)?
Like normal teams and users, you must specify the accounts
that are synchronized. This includes administrator accounts.
2. What
happens to my pre-existing team/user accounts on a machine that I change
from a standalone machine to a scalable services slave server?
The team/user accounts still exist. If similarly named
accounts exist on the master (and the master has been configured to synchronize
them), their account information (such as the password, full name, and
so on) are overwritten, but none of the data on disk is lost.
3. I
have two Lotus Foundations servers that I have been using independently.
I wish to combine them into an scalable services region, but they each
have a number of unique team/user accounts. How can I easily merge their
team/user accounts and set up my scalable services region?
The Export/Import User feature is useful for this kind
of procedure. Unfortunately, it only exports/imports the username, full
name, and password. If you are willing to set up your scalable services
master with default values, use this feature.
Alternatively, you can follow a more thorough but time-consuming
approach by configuring one machine as the master and another as the slave.
Set up synchronization for users to synchronize everything to the slave,
then switch their roles after the initial synchronization (make them standalone
servers first) and repeat the process. As an example, if you have Server
A and Server B, set Server A to master, Server B to slave, and then synchronize
them. Next, change both servers to standalone mode. Finally, make Server
A the slave and Server B the master. Following the subsequent synchronization,
both servers contain an identical list of team/user accounts. This process
can be extended to build up a complete list of team/user accounts on a
server that you want to become an scalable services master server.
4. I
deleted a team/user on the master server (or stopped synchronizing a team/user
to a particular slave server), but that team/user still exists on the slave
server. Why is that?
This is intentional so that data stored in the team/user's
directory on the slave server is not automatically deleted.
5. Why
can't a scalable services slave server also be a domain member?
This is intentional so as to avoid a host of problems
related to conflicts arising between domains and scalable services regions.
Basically, allowing a server to be both a domain member and a scalable
services slave gives it two independent channels to create user accounts
(one through Samba Pass Thru Authentication and another through scalable
services).
Return to the Table
of Contents for the Lotus Foundations Start
V1.1 Administration Guide.