Traveler HTTPS Only

Daniel Nashed  23 January 2012 09:40:22

We ran into issues with double password dialog when accessing the Traveler homepage (servlet) in a pure HTTPS environment with only authenticated users. So this is mainly a issue with disabled anonymous access.
The server has HTTP disabled and only HTTPS running for security reasons.
Because basic authentication is required in order for mobile devices to detect wrong passwords (they cannot read the forms based login return code used by SSO configurations) no HTTPs cookie is present.

By default the realm used by the server is set to the servlet and the image on the Traveler homepage comes from the /traveler/images directory.
That's why sometimes devices prompt for another authentication.

To avoid this issue you can set a "WEB_REALM_STRING" "/" in TrueSyncServer section of NTSConfig.xml

Example:

<COMPONENT COMPONENT_TYPE="TrueSyncServer"> 
<PROPERTY NAME="WEB_REALM_STRING" VALUE="/"/> 

This will set the realm to the root instead of a sub-directory.

In our configuration this solved the double authentication issue.

-- Daniel

• Comments [2]

Lotus Traveler email Antivirus

Daniel Nashed  23 January 2012 08:29:01

The Mail-Routing Configuration for a Traveler Server uses the home-mail server of the user to send outgoing mail.
But in some customer scenarios the home-mail server does not run antivirus software to scan emails.

If you have separate gateway servers scanning your inbound and outbound mail traffic there is a new Traveler setting that can help.
You can configure servers used for outbound mail instead of using the mail-server.
This setting will send outbound mail directly to the configured servers.


The settings OUTBOX_MAIL_SERVERS in TrueSyncServer section of NTSConfig.xml. It is a comma delimited list of servers. 

Example Configuration:

NTSConfig.xml

<COMPONENT COMPONENT_TYPE="TrueSyncServer"> 
<PROPERTY NAME="OUTBOX_MAIL_SERVERS" VALUE="gateway-server1/Srv/Acme, gateway-server2/Srv/Acme"/>

All mail will be routed thru those servers.

There is still one gap for sent messages. The messages will be saved to the end-user mailfile without any way of active anti-virus scan.
Currently you can only periodically scan all mail databases for viruses.

There is no current plan for integrating Anti-virus support for Lotus Traveler.
But development is thinking about a new option to save "sent" messages without the attachment.
This way no anti-virus scanning is needed for "sent" messages.

In most of the cases there are no attachments being send from a mobile device. So I don't see it as a high risk right now. But it is still a gap.

From my point of view this new setting and the planned new option to not save the attachment in "sent" messages does fit most customer environments.
What do you think?

-- Daniel

• Comments [0]

IBM Lotus Symphony Viewer

Daniel Nashed  9 January 2012 06:49:54

In case you missed it... IBM released a Symphony Viewer that allows to view ODF files on your iOS device.
It's a first version but you see from the growing list below that IBM is taking their mobile strategy quite serious.


-- Daniel

• Comments [1]

Important Lotus Traveler Fixpack 8.5.3.1 Released

Daniel Nashed  16 November 2011 16:34:19

This fixpack should solve the iOS issues I mentioned in my previous post.
You should update your Traveler Server ASAP.

Here is a link to the Fixcentral Download

http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Lotus&product=ibm/Lotus/Lotus+Notes+Traveler&release=All&platform=All&function=all

And here is a list to the complete fixlist

http://www.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_APAR_listing#8531

The issue for activities has been fixed and the two new iOS5 features are supported.

• Support Folder Management Features on Apple iOS 5 and Later Devices
• Support for Follow Up Flags on Apple Devices

A big THANK YOU to the Traveler team for this quick fix and also adding those new features.

-- Daniel

• Comments [6]

Traveler Performance Issue iOS 5

Daniel Nashed  10 November 2011 09:14:10

Traveler with the latest fixpacks installed supports iOS5. Only the new functionality introduced with iOS5 are currently not supported and does not work yet.
After the first larger customers migrated it turned out that this new functionality causes performance (high CPU on Traveler server, shorter battery life for the Apple device) issues with Traveler when enabled.

IBM is working on a fix for this issue and we can expect a fix delivered soon.

In the meantime you should avoid the following new functionality:

1. Mail flagged (known as Domino Follow up).
2. Creating, renaming, moving and deleting folders on the Apple device.
3. Reminders (known as Domino To Do).

IBM will update the TN https://www.ibm.com/support/docview.wss?uid=swg21512456 with information about the fix once it has been released.

-- Daniel

• Comments [0]

Traveler Documentation 8.5.3

Daniel Nashed  2 November 2011 15:29:21

Since 8.5.2 the documentation for Traveler moved from the IBM Info center to the Domino Wiki which IMHO was a good move.
Most product documentation for all "Lotus" product are available in a central place and there is a mobilized version available.

But this did not solve the problem that we can take the documentation offline or print it if needed.

The Traveler team did a great job documenting all the details. This even includes troubleshooting tips.

Beside the documentation referenced when you install Traveler which points to the Domino Wiki there is a HTML version of the complete documentation.
In case you did not see it, you should check it out. The HTML based documentation is available since 8.5.2 and here is the link to the 8.5.3 version

http://infolib.lotus.com/resources/domino/traveler/8.5.3/doc/ta853abd002/en_us/NotesTraveler.html 

-- Daniel

• Comments [0]

KVM Support for Domino 8.5.3

Daniel Nashed  20 October 2011 20:25:18

Since 8.5.3 KVM is officially supported. But there have been some confusion about which version is supported.
You really need to make sure that you have at least the version mentioned in the following statement.
Before those versions there are performance issues.

-- Daniel

-- snip --

KVM support is based on KVM/Kernel level. We support level 2.6.32 x86_64 as our baseline on either RHEL or SLES. We automatically support patch releases beyond this level as well (but not feature releases). For example, RHEL 6 x86_64 KVM is 2.6.32-71 and is supported. As noted, we only support 64 Bit KVM RHEL and SLES releases. '

-- snip --

• Comments [0]

Agent Manager Retry on Compact

Daniel Nashed  10 October 2011 16:12:59

There is a new setting starting with 8.5.3 and 8.5.2 FP3 to retry to run an agent after the agent has been blocked out thru a compact previously.
I would have expected that this behavior would be the new default and a notes.ini setting would switch back to the previous behavior.
But IBM decided to not make it the current default -- this might change in future after a discussion we had with IBM.
For now you have to enable it via notes.ini DEBUG_AMGR_ENABLE_RETRY_ON_COMPACT.

-- Daniel

-- snip --
SPR# KMUR63DF3V - Fix introduces an ini DEBUG_AMGR_ENABLE_RETRY_ON_COMPACT to allow an agent to run on a time interval once database compact is complete. Previously when a database was being compacted and an attempt was made to load a scheduled agent it would fail and the agent would be marked to not run again unless the user restarted the agent manager or the agent cache refreshed. This fix introduces a notes.ini variable to allow the agent in question to be retried on it's subsequent time interval.
-- snip --

• Comments [3]

Full Text Index on separate Drive

Daniel Nashed  4 October 2011 10:32:17

Since 8.5.3 (available as of today) we have the option to put the Full Text Index on another drive. We have asked about it many times for many years and finally got this functionality.
The notes.ini parameter e.g. FTBasePath=d:\full_text can be used to switch the starting directory for the full text index from data directory to a different directory or drive.

It makes a lot of sense to separate the FT Index from the NSF data in larger environments.
There are a couple of reasons

- FT Index causes a lot of file-system fragmentation
- At some point even with DAOS on larger environments the file-system for NSF data can be quite big and separating FT and NSF would make sense.
- When using snap-shot backup reducing the size of the file-system containing NSF would make a lot of sense
- From I/O point of view on larger servers with a lot of FT data this can also improve performance

This setting does only make sense for larger environments

To migrate your FT index to a separate drive you need the following steps:

- Set the notes.ini FTBasePath=d:\full_text
- Run updall -f to rebuild all FT indexes.

This will automatically delete the old FT index and re-create it on the new drive.

-- Daniel

• Comments [8]

Sametime Features allowed with the Notes 8 Client License

Daniel Nashed  2 September 2011 13:09:31

Even if you are only installing a Sametime entry server you might run into license issues if you only have Notes 8 Client licenses.
The default Sametime policy that comes with Sametime 8.5.1 Entry contains some features which need a full Sametime Client license.

For example multiple chat communities, pasting screen prints.

So if you don't disable those features for users without a full Sametime license you are potentially running into trouble during your next IBM license audit.

Here are some details about which features belong to which license type ...

-- Daniel

https://www.ibm.com/support/docview.wss?uid=swg21269153

http://www.lotus.com/ldd/stwiki.nsf/dx/Sametime_offering_features_by_client_type_st852

• Comments [1]